What is Microsoft Entra?

Microsoft launched Entra as the collective name for its IAM products in May 2022.

Since then, it’s evolved to become a core pillar in Microsoft’s unified ecosystem.

Today, Microsoft Entra boasts an expanding portfolio of products. Each designed to meet the significant operational and security challenges faced by modern identity and access management.

In this article, we explore how these products are helping organisations improve their productivity in increasingly diverse digital ecosystems.

And stay secure in the face of advanced threats that relentlessly target identities and access points.

OK, so why use Microsoft Entra?

With Entra, Microsoft has developed a comprehensive collection of identity and access technology equipped to meet the challenges of hybrid and multi-cloud environments.

It consolidates solutions into one portal, and allows you to retire complex legacy infrastructure that uses multiple technology solutions.

Which not only improves security, but reduces complexity and costs.

This can be a big deal for any modern workplace, where IAM ought to be the foundation for both a strong security posture and a productive workforce.

It’s certainly a reason why Microsoft’s gone big on their investment in Entra and their IAM offering.

Which has meant a sharp expansion in the products now under the Entra banner.

And, as we found out from Microsoft’s Rohit Gulati at our 2024 Identity Roadshow, there’s an awful lot more to come on the roadmap [watch his keynote presentation at the end of this article].

What does Microsoft Entra include?

Today, the family extends to six core identity and access products. Some are name-changed products that have been developed extensively. Others are new entities designed to add further functionality and value.

These are:

Plus, as part of a major update in 2023, Microsoft added two new network access products to the Entra suite.

Products that collectively make up Microsoft’s Security Service Edge (SSE) solution.  Access solutions providing organisations the capability of secure, frictionless access to online resources, from anywhere, on any device.

A modern, secure perimeter for remote access workers, without need for costly and complex VPNs.

These are:

Now, let’s look deeper into what each solution brings to your identity parade.

Microsoft Entra ID

Entra ID is Microsoft’s cloud-based, multi-tenant, core identity and access management solution. In a former life this was the well-established cloud-IAM solution, Azure AD.

But, true to Microsoft’s commitment of developing their IAM features, Entra ID has seen its features expand in line with modern requirements.

It provides the digital infrastructure needed for employees to sign in and access external resources held in the Office 365 stack.

Plus, it allows you to sign-in to an impressive number of software-as-a-service (SaaS) applications, on top of those held on your corporate network or intranet.

How it benefits your organisation

Entra ID is Microsoft’s flagship identity and access management technology. A versatile platform with an ever-expanding suite of value-adding products (as you’ll discover by downloading our e-guide).

And it offers particular value when it comes to:

Microsoft Entra Identity Governance

You need to be able to track the access you’ve given out and revoke that access promptly when it’s no longer needed. This should apply to internal and external users.

This is the purpose of Identity Governance. It allows you to ensure that the right people have the right access to the right resources.

Identity Governance gives organisations the ability to govern the identity lifecycle, govern the access lifecycle, and secure privileged access for administration.

And not just for your employees. But also for business partners and vendors, and across services and applications both on-premises and in the cloud.

What you get from Entra ID Governance

Now, it should be noted that there remains a raft of governance tools available for use within Entra ID P1 and P2 licences. These include (and not limited to):

However, Microsoft have extended their governance offering, bundling advanced tools into a stand-alone SKU.

It’s fair to say, given this initial separation, that future governance development, of which we predict to be plenty, will rest within this product.

Some of the new capabilities within Microsoft Entra ID Governance are:

Learn more about Identity Governance here.

Microsoft Entra Permissions Management

Permissions Management is a cloud infrastructure entitlement management (CIEM) service. A CIEM’s job is to automate the process of managing user entitlements and privileges in cloud environments.

Permissions management continuously monitors user permissions across the Cloud and gives you detailed visibility across your cloud infrastructure.

Additionally, this technology isn’t confined to the Azure Cloud. You can get detailed insights and responses from Amazon Web Services (AWS) and the Google Cloud Platform (GCP).

How it benefits your organisation

Part of the problem with organisations operating multi-cloud platforms is that it muddies the water around who has what permissions where. Here’s how permissions management tackles this problem:

Microsoft Entra Workload ID

As more organisations move towards cloud computing, they deploy software workloads (such as applications, services, or scripts) that access cloud resources.

Organisations have been provisioning these workloads with human identities. But this is not without its own problems.

For example, once a workload identity is created, there’s limited visibility into the activity of that identity.

This can make it difficult to measure the impact of removing that identity. And can potentially lead to your organisation retaining many redundant identities.

Workload Identities solves these problems for you, giving you visibility over the permissions, activity, and any security vulnerabilities of your workloads.

How it benefits your organisation

Entra Workload ID gives the same level of security for workload identities as you’d get for human users.

This enables:

Microsoft Entra Verified ID

Verified ID is Microsoft’s decentralised identity solution and works on the principle that people should be in control of their digital identity.

Verified ID works a little bit like a digital passport and is stored and managed by the individual – not on a company server.

Users have the freedom to approve or deny requests to share their identity credentials, receiving receipts of who those credentials have been shared with. This allows the user to revoke access at any time.

Every time the credential is used, it’s validated by the organisation that issued it.

How it benefits your organisation

Verified ID is a slightly newer technology that’s been making waves and changing how we do identity verification.

Here’s why you should be using Verified ID:

Learn more about Verified ID here.

Microsoft Entra External ID

Entra External ID is one of the areas of the Entra family continually evolving out of its former iterations.

It’s the catch-all name for all capabilities that help with the management, authentication, and security of partners, collaborators, and customers.

You may be familiar with the former External Identities offerings that comprised Azure AD B2B (for partner and collaborators) and Azure AD B2C (for customers).

From a B2B perspective, these capabilities have largely been absorbed into Microsoft Entra ID, via its B2B collaboration tool. This allows partners to securely sign into apps and resources from their own IAM solution.

The benefits of which are:

On the B2C side of things, Entra External ID for Customers is now in public preview. This represents Microsoft’s vision for the future of Customer Identity and Access Management (CIAM), with customer-centric tools such as full-brand customisations and security features.

If you’d like to learn more about our thoughts on the eventual transition from Azure AD B2C to Entra External ID for Customers, please have a read of our recent article.

Entra’s identity-based secure network access

In the summer of 2023, as part of a major update announcement of the Entra family, Microsoft revealed two new products aimed at redefining secure network access.

It’s a response to the dramatic changes organisations have seen to their working cultures, alongside the increasingly pervasive threat of advanced cyber attacks.

The products, collectively comprising a new Security Service Edge (SSE) offering are:

Cloud-based solutions, they align networks with identities and endpoints for secure access built upon the core principles of Zero Trust (always verify, use least privilege, assume breach).

And what they promise is the creation of network environments where users can have secure, frictionless access to public and private resources, from any device or location.

Microsoft Entra Internet Access

Microsoft Entra Internet Access is a Secure Web Gateway (SWG) solution.

By applying Conditional Access policies across the network and having full traffic visibility it allows frictionless access to internet resources. At the same time offering best-in-class protection for users, devices, and data.

Microsoft Entra Private Access

Microsoft Entra Private Access is a Zero Trust Network Access (ZTNA) solution that  applies Zero Trust to provide remote users seamless, secure access to private apps.

Regardless of their device, location, or network.

It means organisations can free themselves from legacy VPNs, while also cutting excessive access and preventing lateral movement of threats.

Operational and commercial benefits of Microsoft Entra

According to a study conducted by Forrester Consulting, adopting Microsoft Entra yields significant operational and financial benefits.

These include:

Getting started with Microsoft Entra

If you’re a Microsoft licence holder then getting started with Entra’s family of products is easy.

Microsoft Entra ID’s free version comes as standard with any Microsoft cloud subscription, such as Azure or Microsoft 365.

It also has two premium licences: P1 and P2.

You can access P1 as part of your Microsoft 365 E3 for enterprise or Microsoft 365 Business Premium subscription. Or you can subscribe to it as a standalone item.

Similarly, P2 is available to Microsoft 365 E5 for enterprise subscribers, or again, as a standalone item.

Also, if you are an active Entra ID subscriber, then you have automatic access to Entra Verified ID, currently at no extra cost.

As we’ve already mentioned, Entra ID also comes with a suite of governance tools within its P1 and P2 licences (somewhat weighted towards P2). However, to take advantage of the advanced tools with Entra ID Governance, you do require an additional subscription.

The same applies to the standalone products of Entra Permissions Management and Entra Workload ID.

That said, each of these items have options for free trials before commitment to subscribe.

Microsoft’s SSE network access products are currently in public preview. You can find out more about these products, as well as how to book our readiness review, in our on-demand webinar.

What’s next on the Microsoft Entra roadmap?

Conclusion

Identity and access still present the greatest challenge for organisations, especially as they move to hybrid and multi-cloud platforms. Legacy technologies simply aren’t able to keep up with the evolving digital landscape anymore.

By expanding its range of identity and access technologies and bringing them under one portal, Microsoft Entra solves these problems by going further than simply providing secure access to organisations.

Now, your organisation can provision decentralised ID under the full control of your employees. They can see what permissions those employees have, no matter where they operate

Not only that, your non-human workloads and users now have the same protection and visibility as your human users, plugging those potential security gaps.

And with identity governance, you’ll know what access you’ve given and where, and will be able to manage and revoke it as and when you need to.

Modern organisations have needed new ways to address the challenges of identity and access management in an evolving digital landscape for a while.

With Microsoft Entra, those challenges have finally been met head-on.

Key takeaways

Next steps

Like this? Don’t forget to share.