Knowledge base
November 21, 2022
What is Microsoft Entra?
Identity and access management remain the biggest challenges in today’s multi-platform digital landscape. How can you do this safely, securely and easily for your customers and employees? Enter Microsoft Entra.
Digital transformation and rapid cloud adoption have changed the way we work. It frees organizations from traditional on-premises servers and frees employees from their desks.
However, today’s connected landscape presents new challenges when it comes to identity and access management, including:
- Rapidly growing attack surfaces due to growing number of diverse access points
- The increasing volume and growing sophistication of attacks
- Overlap of identity and access tools/technology
In response to these challenges, Microsoft has expanded its portfolio of identity and access technologies and placed them under one umbrella and portal. That portal is Microsoft Entra.
Microsoft Entra explained
What is it?
Microsoft Entra is the new name for the family of identity and access technologies now brought together in one place and under one portal.
Entra goes beyond traditional identity and access management – it is Microsoft’s vision for the future of identity and access.
In addition to Azure AD, the Entra portal also includes Permissions Management, using CIEM (Cloud Infrastructure Entitlement Management) and Verified ID for decentralized identity management.
Why the new name?
Microsoft has renamed its family of IAM technologies to reflect its expansion into several new categories.
It needed a name that provides secure modern access to a wide range of products in today’s increasingly connected world.
The Entra portal is not about “keeping the wrong people out,” it is focused on “letting the right people in” as easily and as seamlessly as possible.
What it is not
Microsoft Entra is nota replacement or rebranding of Azure AD. Azure AD remains Microsoft’s premier identity solution and is now becoming a part of Microsoft Entra.
What does Microsoft Entra entail?
Let’s look at the technology in the Microsoft Entra family.
Microsoft Azure Active Directory (Azure AD)
Azure AD is Microsoft’s cloud-based, multitenant, core identity and access management solution.
It provides the digital infrastructure employees need to log on and access external resources in the Office 365 stack. It also allows you to subscribe to an impressive number of Software-as-a-Service (SaaS) applications, on top of those on your corporate network or intranet.
The key capabilities of Azure AD are:
- Single sign-on
- Multiple verification
- Conditional access
- External identities
- Identity Management
- Passwordless authentication
- Life Cycle Management
- Identity Protection
- Privileged identity management
- App integrations
Microsoft Entra verified ID
Verified ID is Microsoft’s decentralized identity solution and works on the principle that people should be in control of their digital identity.
Verified ID works somewhat like a digital passport and is stored and managed by the individual – not on a corporate server.
Users have the freedom to approve or deny requests to share their identity credentials, and receive receipts with whom those credentials have been shared. This allows the user to revoke access at any time.
Each time the reference is used, it is validated by the organization that issued it , in this case Microsoft.
Management of Microsoft Entra permissions
Permissions Management is a CIEM (Cloud Infrastructure Entitlement Management) service. The job of a CIEM is to automate the process of managing user rights and permissions in cloud environments.
Permission Management continuously monitors user permissions in the cloud and gives you detailed visibility into your cloud infrastructure.
Additionally, this technology isn’t confined to the Azure Cloud. You can get detailed insights and responses from Amazon Web Services (AWS) and the Google Cloud Platform (GCP).
Why Microsoft Entra?
Microsoft Entra addresses several identity and access management challenges, with each technology serving a specific purpose.
Azure AD
Let’s take a brief look at what Azure AD can do for you.
Secure, adaptive access
With Azure AD, you can protect access to resources and data with strong authentication and risk-based adaptive access policies, while providing a seamless user experience.
It does this by deploying user-friendly multi-factor authentication (MFA), including various forms of passwordless login methods.
It can also configure conditional access policies based on context and risk assessment. It uses user and entity behavior analysis (UEBA) to automatically protect against compromised identities.
Seamless user experiences
Because passwords remain a major security risk, Azure AD’s single sign-on (SSO) can eliminate the need for multiple passwords for your accounts and applications.
With SSO, only one identity and one login are needed to connect all of a user’s applications. This saves employees an average of 10 minutes per week – the equivalent of getting an entire day back at the end of a work year.
Although Azure AD is a Microsoft product, it is not limited to the Microsoft ecosystem. It can seamlessly connect to more than 3,000 pre-integrated, non-Microsoft SaaS applications (free with Azure AD) and to all your on-premises/custom apps for single sign-on and secure access.
Uniform identity management
With Azure AD, all your identities and access to all your applications reside in a central location, whether in the cloud or on-premises, significantly improving visibility and control.
You can provide your users with a common identity and manage your hybrid identity from the cloud. You can also connect to any app in any cloud or data center in your hybrid environment.
Unified identity management allows users to bring their own identity from outside your network to applications, enabling hassle-free authentication.
Simplified identity management
You must be able to track the access you have given and immediately revoke that access when it is no longer needed. This should apply to internal and external users.
You can do this with Azure AD Identity Governance. Allows you to protect, monitor and control access to critical data and assets.
Verified ID
And now let’s look at the solutions Verified ID will provide for you.
Fast remote onboarding
Verified ID lets you remotely issue, onboard and verify identity credentials for new employees. You can give your employees their own digital identity, an identity they manage.
Typically, workplace credentials can be created within minutes for new employees, giving them secure and easy access to your organization’s applications, data and other resources from anywhere in the world.
Safer access
You can quickly verify a person’s credentials and status. In turn, this allows you to grant access to data, assets or applications based on least privilege access principles. Users are given only sufficient authority or access to complete a specific task or job.
Simple account recovery
Verified ID reduces the need for support calls and security questions and replaces them with a secure and simple process to verify identity.
Self-service account recovery and password reset are a faster process. Since your employees are the ones who reset passwords and manage their accounts, your organization saves valuable time and money.
If you consider that 20-50% of all help desk calls are password resets, that’s a lot of potentially wasted time. It becomes even more eye-opening when you consider that the average password reset costs about $70.
Customized business solutions
Verified ID allows you to build custom solutions for a wide range of usage scenarios using the developer kit, APIs (Application Programming Interfaces) and documentation.
Permission management
And finally, let’s take a quick dive into Permissions Management.
Discover
According to internal Microsoft research conducted in 2021, 30% of IT decision makers claim that a lack of centralized visibility is the biggest challenge to managing access to cloud privileges.
With the Permission Management dashboard, you get detailed, detailed, detailed visibility and a comprehensive view of every action performed by every identity on every resource.
Everything of interest is reported in the Permission Creep Index, a single statistic that evaluates the gap between granted permissionsand used permissions.
The higher the number of unused, high-risk permissions, the higher the index score.
Restore
Permissions Management lets you grant appropriate permissions based on usage and activity and enforce permissions on demand at the cloud scale.
After identifying the most critical authorization risks in your infrastructure, you can automate enforcement of the policies with the least amount of authority. Allows you to allow access to resources only when needed with just a few clicks.
For one-time scenarios, you can request these permissions in a “just-in-time” manner for a limited period of time using the self-service workflow.
Once that specified time has passed, those permissions are automatically revoked.
Monitor
Permission Management lets you track usage patterns of permissions and set customizable alerts to detect anomalous usage.
Highly accurate, machine learning-based anomaly detection can also help you strengthen your security posture.
In addition, you can support rapid investigation and recovery by generating fully customizable, context-rich forensic reports around identities, actions and sources.
Getting started with Microsoft Entra
Although Microsoft Entra is a family of products, you can work with each of the technologies individually.
For example, Azure AD comes standard with Office 365, Microsoft 365, Azure, Dynamics 365, Intune and Power Platform. If you have one of these products, all you need to do is enable Azure AD.
Verified id needs an active Azure tenant and then additional configuration to use the Verified credentials service. You can configure your system for Entra Verified ID here.
Entra Permissions Management is less complicated to get started with , and you can give this technology a test drive with a free 90-day trial.
Coming soon to Entra
Two new products are currently being tested before going public.
Microsoft Entra Workload identities
As more organizations move to cloud computing, they are implementing software workloads (such as applications, services or scripts) that access cloud resources.
These workloads need identities in Azure AD. A “workload identity” is something you need for your software entity to authenticate with a system.
Entra Workload Identities provides the same level of security for these workload identities as for real users.
With Entra Workload Identities, you can:
- Detect and mitigate threats to compromised workloads
- Get detailed insight into workload privileges
- Create conditional access policies for workloads
Microsoft Entra Identity Management
All the governance capabilities available in Azure AD are still there, but more advanced utilities are now included that simplify identity management and governance.
New capabilities in Microsoft Entra Identity Governance include:
- Lifecycle workflows: Customize workflows and automate repetitive tasks, such as onboarding new employees.
- Separation of duties: automate controls so that identities are not given excessive access (e.g., requiring more than one person involved in a transaction to reduce fraud risk).
- Connecting back to on-premises: reconfigure your on-premises applications.
Entra Identity Governance is available for free trial via Azure AD.
Conclusion
Identity and access are still the biggest challenge for organizations, especially as they move to hybrid and multi-cloud platforms. Legacy technologies simply cannot keep up with the evolving digital landscape.
By expanding its offering of identity and access technologies and bringing them under one portal, Microsoft Entra solves these problems by going beyond secure access to organizations.
Now, with the addition of Verified ID, your organization can provide your employees and customers with identities exclusively under theircontrol.
And with Permissions Management, you have complete visibility into all employee permissions, even if your infrastructure is hybrid and multi-cloud.
For some time, the modern organization has needed new ways to address the challenges of identity and access management in an evolving digital landscape.
With Microsoft Entra, those challenges have finally been met head-on.
Main takeaways
- Identity and access management remain the most important security focus for any company of business size.
- The complexity of identity management increases when organizations operate on hybrid and multi-cloud platforms.
- Microsoft Entra solves the complex challenges of identity and access in a new, cloud-enabled digital landscape.
- Entra’s suite of products gives user identities back control and ownership of users and manages permissions across multiple clouds and environments.
- Entra is not a replacement for Azure AD, with Azure AD remaining the key technology in the Entra stack.
Source: kocho
Want to know more?
Related
blogs
Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.