How Microsoft Entra Suite is improving user experience and compliance

Usability versus security has always been a flashpoint, but modern identity continually proves you don’t have to sacrifice one for the other, even in always-on, remote working, hybrid environments.

It was this idea that prompted Microsoft to launch Entra Suite in 2024, pulling core governance, security, and access tools into one simplified, unified platform.

The challenge from the market was whether it was mature enough.

With the updates revealed at Microsoft Ignite 2025, the suite proves itself a fully grown platform ready to deliver. And benefitting from Microsoft integration and cost effectiveness.

Entra Suite at a glance

Entra Suite brings together:

• Verified ID Premium for remote onboarding, identity assurance and account recovery using Face Check
• Entra ID Protection for risk detection, suspicious sign-in analysis and automated response
• Entra ID Governance for lifecycle management, access reviews and entitlement visibility
• Entra Private Access for segmented access to private apps and on-premises resources
• Entra Internet Access for identity-driven web filtering, DLP and malware detection

These components work well on their own, but the benefit compounds when they’re combined.

Passwordless and just-in-time access can reach legacy servers, Face Check strengthens sensitive approval flows and Continuous Access Evaluation (CAE) keeps access aligned to real-time context.

What each Entra Suite component does, and what’s new

Let’s take a closer look at how the main Entra services behave today and the enhancements introduced at Ignite.

Verified ID and Face Check

Verified ID gives organisations a standard way to issue and verify credentials using decentralised identity. It supports onboarding, access decisions, service desk validation and privacy-conscious data sharing.

Face Check brings this to life by comparing a live selfie to a trusted corporate image, giving support teams a clean method for confirming identity. It also integrates with Entitlement Management for high-value access requests.

Previously, verifying against government-issued ID required a custom integration with a third-party verification service. The Ignite updates bring a significant improvement. Identity verification partners can now be subscribed to directly through the Entra portal and the Security Store.

This unlocks:

• A stronger identity assurance flow
• A native, self-service account recovery option
• Temporary Access Pass issuance after total device loss
• Government ID checks for high-value access if required

This closes one of the most challenging gaps in secure identity lifecycle management.

Entra ID Protection

Entra ID Protection remains central to Microsoft’s identity risk capability, identifying compromised credentials, unusual behaviour, and suspicious sign-ins. Adaptive policies and CAE help maintain protection without adding unnecessary friction.

Ignite introduces several useful additions:

• Passwordless remediation for risky users
• Token theft detection
• Leaked credential insight for on-prem identities via Defender for Identity
• A new Risk Management Agent to support larger estates

Together, these improvements offer clearer, more actionable signals that help teams make better identity decisions without adding friction for legitimate users.

Entra ID Governance

Entra ID Governance is a core pillar of Entra Suite. It provides the tools to manage and monitor access across hybrid environments, ensure the right users retain the right access and minimise risk through automation and regular reviews.

As we’ve discussed in a previous article there are two capability updates recently announced that really stand out:

• Group source of authority (SOA) conversion is now Generally Available
• User SOA is now available in Public Preview

These improvements allow on-premises identity objects to be governed with cloud-native controls.

In addition, the maturity of ID Governance was further enhanced by more updates announced at the 2025 Ignite event, including:

• User-centric access reviews
• Disconnected app reviews
• Inactivity triggers for Lifecycle Workflows
• Approval revocation
• New signals from Purview and ID Protection to guide reviewers

Entra Private Access

Another jewel in the Entra Suite crown, Entra Private Access is a secure remote access solution designed to enable seamless, granular connectivity to private applications and resources in a truly segmented manner, regardless of user location.

It removes the need for traditional VPNs, offering identity-aware access controls and continuous risk evaluation to protect sensitive assets from unauthorised access.

Where CAE is typically limited to Microsoft services, being at the network layer means even legacy apps are protected.

Aside from securing traffic to modern apps, real scenarios include:

• Enforcing passwordless authentication for SSH and SMB
• Extending just-in-time access to legacy systems
• Applying Face Check to sensitive approval flows
• Enabling MFA and Conditional Access on Kerberos via Domain Controller sensors

Also announced at Ignite was a long awaited feature, Intelligent Local Access. This enables the detection of a local network, preventing the unnecessary flow of traffic over the internet when a user is local to the target resource.

Entra Internet Access

The final piece of the puzzle is Entra Internet Access, a secure web gateway (SWG) solution, providing identity-driven protection for users accessing internet resources from any location whilst routing traffic over the secure Microsoft backbone.

It applies security policies, inspects outbound traffic for threats, and ensures compliance without the need for traditional network appliances, helping organisations safeguard users and data in a cloud-first world.

New and recent capabilities include:

• TLS inspection
• Branch network integration
• URL filtering
• Network DLP
• Prompt injection protection

Now, Microsoft themselves have conceded that this feature has remained less mature than specialist SWG products, these new features, integration with tools like CAE, and the growing list of signals in Microsoft services and M365 traffic optimisation that are the real differentiator.

How Entra Suite supports regulatory and Zero Trust requirements

Whether NIST, Cyber Assurance Framework (CAF), or almost any other regulatory framework, all tend to share the same common requirements based around Zero Trust principles.

So, how do Entra Suite’s capabilities match up?

Where organisations go from here

Entra Suite has been around for some time, and its component parts are well established. But as unified suite it’s now reached a level of maturity that makes it genuinely powerful.

The recent Ignite updates, and the promise of further updates to come, fill several long-standing gaps and create clearer paths for organisations wanting to improve user experience, assurance and compliance at the same time.

If any of this chimes with you but you’re not sure what comes next, speak to Kocho.

It doesn’t matter if you’re not fully Microsoft, the workshop allows for third-party tooling and ultimately provides a gap analysis and roadmap on how to best adopt the services.

Contact us today to find out more or arrange your workshop.

Entra Suite recap: Your questions answered

Don’t forget to share on your social feeds.