Microsoft Entra has firmly established itself as a major name in identity and access management (IAM). We explore how it’s matured, where it’s heading, and the benefits it can unlock in your organisation.
Microsoft launched Entra as the collective name for its IAM products in May 2022.
Since then, it’s evolved to become a core pillar in Microsoft’s unified ecosystem.
Today, Microsoft Entra boasts an expanding portfolio of products. Each designed to meet the significant operational and security challenges faced by modern identity and access management.
In this article, we explore how these products are helping organisations improve their productivity in increasingly diverse digital ecosystems.
And stay secure in the face of advanced threats that relentlessly target identities and access points.
OK, so why use Microsoft Entra?
With Entra, Microsoft has developed a comprehensive collection of identity and access technology equipped to meet the challenges of hybrid and multi-cloud environments.
It consolidates solutions into one portal, and allows you to retire complex legacy infrastructure that uses multiple technology solutions.
Which not only improves security, but reduces complexity and costs.
This can be a big deal for any modern workplace, where IAM ought to be the foundation for both a strong security posture and a productive workforce.
It’s certainly a reason why Microsoft’s gone big on their investment in Entra and their IAM offering.
Which has meant a sharp expansion in the products now under the Entra banner.
And, as we found out from Microsoft’s Rohit Gulati at our 2024 Identity Roadshow, there’s an awful lot more to come on the roadmap [watch his keynote presentation at the end of this article].
Free Guide
The Complete Guide to Microsoft Entra [New for 2024]
The most comprehensive guide to Microsoft Entra. Over 40 pages. Plus, Microsoft licensing simplified.
Discover how you can:
- Cut costs by removing 50% management effort
- Elevate security – reduce breach chances by 45%
- Automate provisioning to ensure compliance
What does Microsoft Entra include?
Today, the family extends to six core identity and access products. Some are name-changed products that have been developed extensively. Others are new entities designed to add further functionality and value.
These are:
Microsoft Entra ID (formerly Azure AD)
Microsoft Entra ID Governance
Microsoft Entra Permissions Management
Microsoft Entra Workload ID
Microsoft Entra Verified ID
Microsoft Entra External ID
Plus, as part of a major update in 2023, Microsoft added two new network access products to the Entra suite.
Products that collectively make up Microsoft’s Security Service Edge (SSE) solution. Access solutions providing organisations the capability of secure, frictionless access to online resources, from anywhere, on any device.
A modern, secure perimeter for remote access workers, without need for costly and complex VPNs.
These are:
Microsoft Entra Internet Access
Microsoft Entra Private Access
Now, let’s look deeper into what each solution brings to your identity parade.
Microsoft Entra ID
Entra ID is Microsoft’s cloud-based, multi-tenant, core identity and access management solution. In a former life this was the well-established cloud-IAM solution, Azure AD.
But, true to Microsoft’s commitment of developing their IAM features, Entra ID has seen its features expand in line with modern requirements.
It provides the digital infrastructure needed for employees to sign in and access external resources held in the Office 365 stack.
Plus, it allows you to sign-in to an impressive number of software-as-a-service (SaaS) applications, on top of those held on your corporate network or intranet.
How it benefits your organisation
Entra ID is Microsoft’s flagship identity and access management technology. A versatile platform with an ever-expanding suite of value-adding products (as you’ll discover by downloading our e-guide).
And it offers particular value when it comes to:
Microsoft Entra Identity Governance
You need to be able to track the access you’ve given out and revoke that access promptly when it’s no longer needed. This should apply to internal and external users.
This is the purpose of Identity Governance. It allows you to ensure that the right people have the right access to the right resources.
Identity Governance gives organisations the ability to govern the identity lifecycle, govern the access lifecycle, and secure privileged access for administration.
And not just for your employees. But also for business partners and vendors, and across services and applications both on-premises and in the cloud.
What you get from Entra ID Governance
Now, it should be noted that there remains a raft of governance tools available for use within Entra ID P1 and P2 licences. These include (and not limited to):
HR-driven provisioning
Automated user provisioning
Access certification and reviews
Entitlement management
Privileged Identity Management (PIM)
However, Microsoft have extended their governance offering, bundling advanced tools into a stand-alone SKU.
It’s fair to say, given this initial separation, that future governance development, of which we predict to be plenty, will rest within this product.
Some of the new capabilities within Microsoft Entra ID Governance are:
Lifecycle Workflows: Customise workflows and automate repetitive tasks, such as the onboarding of new employees.
Separation of duties: Automate controls so that identities don’t get excessive access (e.g., requiring more than one person involved in a transaction to reduce fraud risk).
Connection back to on-premises: Provision back to your on-premises applications.
AI-Driven access reviews: Allows users and guests to have the right access when they need it, based upon automated insight.
Microsoft Entra Permissions Management
Permissions Management is a cloud infrastructure entitlement management (CIEM) service. A CIEM’s job is to automate the process of managing user entitlements and privileges in cloud environments.
Permissions management continuously monitors user permissions across the Cloud and gives you detailed visibility across your cloud infrastructure.
Additionally, this technology isn’t confined to the Azure Cloud. You can get detailed insights and responses from Amazon Web Services (AWS) and the Google Cloud Platform (GCP).
How it benefits your organisation
Part of the problem with organisations operating multi-cloud platforms is that it muddies the water around who has what permissions where. Here’s how permissions management tackles this problem:
Discover: The Permissions Management dashboard gives you detailed visibility and a comprehensive view of every action performed by any identity on any resource. Anything of note gets reported in the ‘Permission Creep Index’, a single metric that evaluates the gap between permissions granted and permissions used.
Remediate: Permissions Management allows you to grant the right permissions based on usage and activity and enforce permissions on-demand at cloud scale. Once you’ve identified the most critical permissions risks in your infrastructure, you can automate least privilege policy enforcement. For one-off scenarios, you can request those permissions in a ‘just-in-time’ manner for a limited period, using the self-service workflow.
Monitor: You can track permissions usage patterns and set up customisable alerts to detect anomalous usage. Using machine learning-based anomaly detections, you can also strengthen your security posture. Additionally, you can support rapid investigation and remediation by generating fully customisable, context-rich forensic reports around identities, actions, and resources.
Microsoft Entra Workload ID
As more organisations move towards cloud computing, they deploy software workloads (such as applications, services, or scripts) that access cloud resources.
Organisations have been provisioning these workloads with human identities. But this is not without its own problems.
For example, once a workload identity is created, there’s limited visibility into the activity of that identity.
This can make it difficult to measure the impact of removing that identity. And can potentially lead to your organisation retaining many redundant identities.
Workload Identities solves these problems for you, giving you visibility over the permissions, activity, and any security vulnerabilities of your workloads.
How it benefits your organisation
Entra Workload ID gives the same level of security for workload identities as you’d get for human users.
This enables:
Microsoft Entra Verified ID
Verified ID is Microsoft’s decentralised identity solution and works on the principle that people should be in control of their digital identity.
Verified ID works a little bit like a digital passport and is stored and managed by the individual – not on a company server.
Users have the freedom to approve or deny requests to share their identity credentials, receiving receipts of who those credentials have been shared with. This allows the user to revoke access at any time.
Every time the credential is used, it’s validated by the organisation that issued it.
How it benefits your organisation
Verified ID is a slightly newer technology that’s been making waves and changing how we do identity verification.
Here’s why you should be using Verified ID:
Fast remote onboarding: Verified ID enables the remote issuance, onboarding, and verification of identity credentials for new hires. Typically, this process takes minutes. Employees now have with secure and convenient access to your organisation’s applications, data, and assets globally. With ID credentials that remain solely in their control.
More secure access: You’ll be able to quickly verify an individual’s credentials and status. This, in turn, will allow you to grant access to data, assets, or applications based on least privileged access principles.
Easy account recovery: Verified ID streamlines identity verification, and allows employees to reset their own passwords, reducing help desk calls.
Custom business solutions: Verified ID gives you the ability to build custom solutions for a wide range of use cases using the developer kit, application programming interfaces (APIs), and documentation.
Learn more about Verified ID here.
Microsoft Entra External ID
Entra External ID is one of the areas of the Entra family continually evolving out of its former iterations.
It’s the catch-all name for all capabilities that help with the management, authentication, and security of partners, collaborators, and customers.
You may be familiar with the former External Identities offerings that comprised Azure AD B2B (for partner and collaborators) and Azure AD B2C (for customers).
From a B2B perspective, these capabilities have largely been absorbed into Microsoft Entra ID, via its B2B collaboration tool. This allows partners to securely sign into apps and resources from their own IAM solution.
The benefits of which are:
Partners can retain their own credentials for access
No administrative burden managing external identities
On the B2C side of things, Entra External ID for Customers is now in public preview. This represents Microsoft’s vision for the future of Customer Identity and Access Management (CIAM), with customer-centric tools such as full-brand customisations and security features.
If you’d like to learn more about our thoughts on the eventual transition from Azure AD B2C to Entra External ID for Customers, please have a read of our recent article.
Entra’s identity-based secure network access
In the summer of 2023, as part of a major update announcement of the Entra family, Microsoft revealed two new products aimed at redefining secure network access.
It’s a response to the dramatic changes organisations have seen to their working cultures, alongside the increasingly pervasive threat of advanced cyber attacks.
The products, collectively comprising a new Security Service Edge (SSE) offering are:
Microsoft Entra Internet Access
Microsoft Entra Private Access
Cloud-based solutions, they align networks with identities and endpoints for secure access built upon the core principles of Zero Trust (always verify, use least privilege, assume breach).
And what they promise is the creation of network environments where users can have secure, frictionless access to public and private resources, from any device or location.
Microsoft Entra Internet Access
Microsoft Entra Internet Access is a Secure Web Gateway (SWG) solution.
By applying Conditional Access policies across the network and having full traffic visibility it allows frictionless access to internet resources. At the same time offering best-in-class protection for users, devices, and data.
Microsoft Entra Private Access
Microsoft Entra Private Access is a Zero Trust Network Access (ZTNA) solution that applies Zero Trust to provide remote users seamless, secure access to private apps.
Regardless of their device, location, or network.
It means organisations can free themselves from legacy VPNs, while also cutting excessive access and preventing lateral movement of threats.
Operational and commercial benefits of Microsoft Entra
According to a study conducted by Forrester Consulting, adopting Microsoft Entra yields significant operational and financial benefits.
These include:
240% ROI over three years
$2.08 million saved by modernising IAM and vendor consolidation.
$1.52 million saved through breach-reducing risk-based policies
90% reduction in development wait times.
13 hours saved per employee per year.
$4.05 million saved by productivity improvements.
75% reduction in help desk calls due to self-service password resets.
Getting started with Microsoft Entra
If you’re a Microsoft licence holder then getting started with Entra’s family of products is easy.
Microsoft Entra ID’s free version comes as standard with any Microsoft cloud subscription, such as Azure or Microsoft 365.
It also has two premium licences: P1 and P2.
You can access P1 as part of your Microsoft 365 E3 for enterprise or Microsoft 365 Business Premium subscription. Or you can subscribe to it as a standalone item.
Similarly, P2 is available to Microsoft 365 E5 for enterprise subscribers, or again, as a standalone item.
Also, if you are an active Entra ID subscriber, then you have automatic access to Entra Verified ID, currently at no extra cost.
As we’ve already mentioned, Entra ID also comes with a suite of governance tools within its P1 and P2 licences (somewhat weighted towards P2). However, to take advantage of the advanced tools with Entra ID Governance, you do require an additional subscription.
The same applies to the standalone products of Entra Permissions Management and Entra Workload ID.
That said, each of these items have options for free trials before commitment to subscribe.
Microsoft’s SSE network access products are currently in public preview. You can find out more about these products, as well as how to book our readiness review, in our on-demand webinar.
What’s next on the Microsoft Entra roadmap?
Conclusion
Identity and access still present the greatest challenge for organisations, especially as they move to hybrid and multi-cloud platforms. Legacy technologies simply aren’t able to keep up with the evolving digital landscape anymore.
By expanding its range of identity and access technologies and bringing them under one portal, Microsoft Entra solves these problems by going further than simply providing secure access to organisations.
Now, your organisation can provision decentralised ID under the full control of your employees. They can see what permissions those employees have, no matter where they operate
Not only that, your non-human workloads and users now have the same protection and visibility as your human users, plugging those potential security gaps.
And with identity governance, you’ll know what access you’ve given and where, and will be able to manage and revoke it as and when you need to.
Modern organisations have needed new ways to address the challenges of identity and access management in an evolving digital landscape for a while.
With Microsoft Entra, those challenges have finally been met head-on.
Key takeaways
Identity and access management remain the key security focus for any enterprise-sized business.
Identity management complexity increases when organisations operate across hybrid and multi-cloud platforms.
Microsoft Entra solves the complex challenges of identity and access in a new, cloud-enabled digital landscape.
Entra’s suite of products put user identities back in control and ownership of users and manages permissions across multiple clouds and environments.
Free Guide
The Complete Guide to Microsoft Entra [New for 2024]
The most comprehensive guide to Microsoft Entra. Over 40 pages. Plus, Microsoft licensing simplified.
Discover how you can:
- Cut costs by removing 50% management effort
- Elevate security – reduce breach chances by 45%
- Automate provisioning to ensure compliance
Next steps
Like this? Don’t forget to share.
Great emails start here
Sign up for free resources and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Got a question? Need more information?
Our expert team is here to help.