""

Blog | 10-minute Read

What is Microsoft Entra?

Marcus Idle profile headshot

Marcus Idle

Head of External Identity

Published: 21 November 2022

Identity and access management remain the biggest set of challenges in today’s multi-platform digital landscape. How can you do this safely, securely, and conveniently for your customers and employees? Enter Microsoft Entra.

Updated May 2023.

Digital transformation and rapid cloud adoption has changed the way we work. It’s freed organisations from traditional on-premises servers, and unshackled workers from their desks.

However, today’s connected landscape poses new challenges when it comes to identity and access management, including:

  • Rapidly expanding attack surfaces due to a growing number of diverse access points
  • The increasing volume and growing sophistication of attacks
  • Overlapping of identity and access tools/technology

In response to these challenges, Microsoft have expanded their portfolio of identity and access technologies and put them under a single umbrella and portal. That portal is Microsoft Entra.

tag icon

Free e-Guide

Entra ID: The IAM formerly known as Azure AD

New name, but still leading the way. Everything you need to know about the world’s most popular multi-cloud identity and access management platform.

Download your 34-page e-Guide and discover:

  • How organisations are achieving 123% ROI
  • How you can reduce data breaches by 45%
  • The tools to improve efficiency by 50%

Microsoft Entra Explained

Microsoft Entra is the name for the family of identity and access technologies brought into one place, and under one portal.

Entra goes beyond traditional identity and access management. It’s Microsoft’s vision for the future of identity and access.

What does Microsoft Entra include?

Microsoft Entra currently offers five identity and access management products:

  • Entra ID (formerly Azure AD)
  • Permissions Management
  • Verified ID
  • Workflow Identities
  • Identity Governance

Let’s dive a little deeper into each.

Microsoft Entra ID

Entra ID is Microsoft’s cloud-based, multi-tenant, core identity and access management solution.

It provides the digital infrastructure needed for employees to sign in and access external resources held in the Office 365 stack.

It also allows you to sign-in to an impressive number of software-as-a-service (SaaS) applications, on top of those held on your corporate network or intranet.

How it benefits your organisation

As the flagship Identity and access management technology, Entra ID’s capabilities have been well documented. But where it’s particularly strong are areas such as:

  • Secure, adaptive access: User friendly MFA and passwordless login options enhance user experience, while conditional access policies and user entity behaviour analytics increase security and protect against compromised identities.
  • Seamless user experiences: With Entra ID’s single sign-on (SSO), only one identity and one sign-in are needed to connect to all a user’s applications. You can also seamlessly connect to over 3,000 pre-integrated, non-Microsoft SaaS applications, as well as your on-premises or custom apps.
  • Unified identity management: All of your identities, and access to all your applications, are in a central location. Whether that’s in the Cloud or on-premises, dramatically improving visibility and control. Unified identity management enables users to bring their own identity from outside of your network to applications, allowing for frictionless authentication.

Learn more about Entra ID here.

Microsoft Entra Verified ID

Verified ID is Microsoft’s decentralised identity solution and works on the principle that people should be in control of their digital identity.

Verified ID works a little bit like a digital passport and is stored and managed by the individual – not on a company server.

Users have the freedom to approve or deny requests to share their identity credentials, receiving receipts of who those credentials have been shared with. This allows the user to revoke access at any time.

Every time the credential is used, it’s validated by the organisation that issued it.

How it benefits your organisation

Verified ID is a slightly newer technology that’s been making waves and changing how we do identity verification. Here’s why you should be using Verified ID:

  • Fast remote onboarding: Verified ID enables the remote issuance, onboarding, and verification of identity credentials for new hires. Typically, this process takes minutes. Employees now have with secure and convenient access to your organisation’s applications, data, and assets globally. With ID credentials that remain solely in their control.
  • More secure access: You’ll be able to quickly verify an individual’s credentials and status. This, in turn, will allow you to grant access to data, assets, or applications based on least privileged access principles.
  • Easy account recovery: Verified ID streamlines identity verification, and allows employees to reset their own passwords, reducing help desk calls.
  • Custom business solutions: Verified ID gives you the ability to build custom solutions for a wide range of use cases using the developer kit, application programming interfaces (APIs), and documentation.

Learn more about Verified ID here.

Microsoft Entra Permissions Management

Permissions Management is a cloud infrastructure entitlement management (CIEM) service. A CIEM’s job is to automate the process of managing user entitlements and privileges in cloud environments.

Permissions management continuously monitors user permissions across the Cloud and gives you detailed visibility across your cloud infrastructure.

Additionally, this technology isn’t confined to the Azure Cloud. You can get detailed insights and responses from Amazon Web Services (AWS) and the Google Cloud Platform (GCP).

How it benefits your organisation

Part of the problem with organisations operating multi-cloud platforms is that it muddies the water around who has what permissions where. Here’s how permissions management tackles this problem:

  • Discover: The Permissions Management dashboard gives you detailed visibility and a comprehensive view of every action performed by any identity on any resource. Anything of note gets reported in the ‘Permission Creep Index’, a single metric that evaluates the gap between permissions granted and permissions used.
  • Remediate: Permissions Management allows you to grant the right permissions based on usage and activity and enforce permissions on-demand at cloud scale. Once you’ve identified the most critical permissions risks in your infrastructure, you can automate least privilege policy enforcement. For one-off scenarios, you can request those permissions in a ‘just-in-time’ manner for a limited period, using the self-service workflow.
  • Monitor: You can track permissions usage patterns and set up customisable alerts to detect anomalous usage. Using machine learning-based anomaly detections, you can also strengthen your security posture. Additionally, you can support rapid investigation and remediation by generating fully customisable, context-rich forensic reports around identities, actions, and resources.

Learn more about Permissions Management here.

Microsoft Entra Workload Identities

As more organisations move towards cloud computing, they deploy software workloads (such as applications, services, or scripts) that access cloud resources.

Organisations have been provisioning these workloads with human identities. But this is not without its own problems.

For example, once a workload identity is created, there’s limited visibility into the activity of that identity.

This can make it difficult to measure the impact of removing that identity. And can potentially lead to your organisation retaining many redundant identities.

Workload Identities solves these problems for you, giving you visibility over the permissions, activity, and any security vulnerabilities of your workloads.

How it benefits your organisation

Entra Workload Identities gives the same level of security for workload identities as you’d get for human users.

Entra Workload Identities enables:

  • Detection: Entra Workload Identities empowers you to effectively detect and contain threats that target compromised workloads.
  • Visibility: You can have a granular view of the permissions assigned to each workload, enabling you to assess and fine-tune the security posture of your system.
  • Conditional access policies: Create conditional access rules that define the circumstances under which a workload can access resources or perform specific actions.

Microsoft Entra Identity Governance

You need to be able to track the access you’ve given out and be able to revoke that access promptly when it is no longer needed. This should apply to internal and external users.

You can do this with Identity Governance. It provides you with capabilities to ensure that the right people have the right access to the right resources.

Identity Governance gives organisations the ability to govern the identity lifecycle, govern the access lifecycle, and secure privileged access for administration.

It is able to do these tasks across employees, business partners and vendors, and across services and applications both on-premises and in the cloud.

How it benefits your organisation

All the features that you know and love from when Identity Governance was a function of Azure AD  are still present.

However, now that Identity Governance is its own function in Microsoft Entra, there are now more advanced tools included that simplify identity management and governance.

New capabilities in Microsoft Entra Identity Governance let you:

  • Lifecycle Workflows: Customise workflows and automate repetitive tasks, such as the onboarding of new employees.
  • Separation of duties: Automate controls so that identities don’t get excessive access (e.g., requiring more than one person involved in a transaction to reduce fraud risk).
  • Connection back to on-premises: Provision back to your on-premises applications.

Learn more about Identity Governance here.

Microsoft Entra delivers 240% return on investment

Forrester Consulting

Why use Microsoft Entra?

Microsoft Entra is a comprehensive identity and access family of technology that easily operates in multi-cloud environments.

It consolidates solutions into one portal, and allows you to retire complex legacy infrastructure that uses multiple technology solutions. This improves security, while reducing complexity and costs.

The numbers paint an impressive picture

According to a study conducted by Forrester Consulting, adopting Microsoft Entra yields significant financial benefits for organisations that adopt it.

The study, a based on existing Microsoft customers found:

  • ROI of 240% over three years.
  • Modernising identity and consolidating vendors resulted in cost savings of $2.08 million.
  • Implementing risk-based policies reduced breaches by 20%, saving $1.52 million.
  • Development wait times reduced by 90%, resulting in $922,422 of benefits.
  • SSO saved employees 13 hours per year, saving $4.05 million.
  • Self-service password rests decreased help desk calls by 75%, saving £251,794.
Speech mark icon

Entra is your entry gate to new opportunities for innovation. It’s not a gateway to restrict or block a user through security controls. It’s all about how a user can innovate with the services that you offer.

Rohit Gulati

Principal Product Manager, Microsoft Identity Engineering

Getting started with Microsoft Entra

While Microsoft Entra is one family of products, you can get started with any of the technologies separately.

For example, Entra ID comes as standard with Office 365, Microsoft 365, Azure, Dynamics 365, Intune, and Power Platform. If you have any of these products, all you have to do is enable Entra ID.

Verified ID needs an active Azure tenant, and then extra configuration to use the Verified Credentials service.

Entra Permissions Management is less complicated to get started with, and you can give this technology a test drive with a free 90-day trial.

By trialling Entra ID free for 12 months, you’re able to trial Identity Governance for free. And if you want to try out Workload Identities, you can also trial this for free.

For help with getting started with Entra’s technology stack, or to get the best out of your licences and products, feel free to get in touch with us.

Conclusion

Identity and access still present the greatest challenge for organisations, especially as they move to hybrid and multi-cloud platforms. Legacy technologies simply aren’t able to keep up with the evolving digital landscape anymore.

By expanding its range of identity and access technologies and bringing them under one portal, Microsoft Entra solves these problems by going further than simply providing secure access to organisations.

Now, your organisation can provision decentralised ID under the full control of your employees. They can see what permissions those employees have, no matter where they operate

Not only that, your non-human workloads and users now have the same protection and visibility as your human users, plugging those potential security gaps.

And with identity governance, you’ll know what access you’ve given and where, and will be able to manage and revoke it as and when you need to.

Modern organisations have needed new ways to address the challenges of identity and access management in an evolving digital landscape for a while.

With Microsoft Entra, those challenges have finally been met head-on.

Key takeaways

  • Identity and access management remain the key security focus for any enterprise-sized business.

  • Identity management complexity increases when organisations operate across hybrid and multi-cloud platforms.

  • Microsoft Entra solves the complex challenges of identity and access in a new, cloud-enabled digital landscape.

  • Entra’s suite of products put user identities back in control and ownership of users and manages permissions across multiple clouds and environments.

tag icon

Free e-Guide

The Complete Guide to Microsoft Entra ID

Unlock the full power of the world’s most popular multi-cloud identity and access management platform.

Download your 34-page guide and discover:

  • How organisations are achieving 123% ROI
  • How you can reduce data breaches by 45%
  • The tools to improve efficiency by 50%
tag icon

Great emails start here

Sign up for great content and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image
Marcus Idle profile headshot

Author

Marcus Idle

Marcus Idle is Kocho’s Head of External Identity. Marcus is passionate about bringing cloud and external identity to life to solve business problems for our clients.

Butterfly overlay image

Got a question? Need more information?

Our expert team can help you.