Funnel overlay image

Blog | 8-minute Read

What is Microsoft Entra?

Marcus Idle profile headshot

Marcus Idle

Head of External Identity

Published: 18 April 2024

Microsoft Entra has firmly established itself as a major name in identity and access management (IAM). We explore how it’s matured, where it’s heading, and the benefits it can unlock in your organisation.

Microsoft launched Entra as the collective name for its IAM products in May 2022.

Since then, it’s evolved to become a core pillar in Microsoft’s unified ecosystem.

Today, Microsoft Entra boasts an expanding portfolio of products. Each designed to meet the significant operational and security challenges faced by modern identity and access management.

In this article, we explore how these products are helping organisations improve their productivity in increasingly diverse digital ecosystems.

And stay secure in the face of advanced threats that relentlessly target identities and access points.

Investment in Microsoft Entra is typically paid back within six months, and delivers 240% ROI over three years.

The Total Economic Impact™ Of Microsoft Entra, Forrester Consulting

OK, so why use Microsoft Entra?

With Entra, Microsoft has developed a comprehensive collection of identity and access technology equipped to meet the challenges of hybrid and multi-cloud environments.

It consolidates solutions into one portal, and allows you to retire complex legacy infrastructure that uses multiple technology solutions.

Which not only improves security, but reduces complexity and costs.

This can be a big deal for any modern workplace, where IAM ought to be the foundation for both a strong security posture and a productive workforce.

It’s certainly a reason why Microsoft’s gone big on their investment in Entra and their IAM offering.

Which has meant a sharp expansion in the products now under the Entra banner.

And, as we found out from Microsoft’s Rohit Gulati at our 2024 Identity Roadshow, there’s an awful lot more to come on the roadmap [watch his keynote presentation at the end of this article].

 

The complete guide to Microsoft Entra ID

Download your 34-page guide to Microsoft’s identity tools.

What does Microsoft Entra include?

Today, the family extends to six core identity and access products. Some are name-changed products that have been developed extensively. Others are new entities designed to add further functionality and value.

These are:

  • Microsoft Entra ID (formerly Azure AD)

  • Microsoft Entra ID Governance

  • Microsoft Entra Permissions Management

  • Microsoft Entra Workload ID

  • Microsoft Entra Verified ID

  • Microsoft Entra External ID

Plus, as part of a major update in 2023, Microsoft added two new network access products to the Entra suite.

Products that collectively make up Microsoft’s Security Service Edge (SSE) solution.  Access solutions providing organisations the capability of secure, frictionless access to online resources, from anywhere, on any device.

A modern, secure perimeter for remote access workers, without need for costly and complex VPNs.

These are:

  • Microsoft Entra Internet Access

  • Microsoft Entra Private Access

Now, let’s look deeper into what each solution brings to your identity parade.

Microsoft Entra ID

Entra ID is Microsoft’s cloud-based, multi-tenant, core identity and access management solution. In a former life this was the well-established cloud-IAM solution, Azure AD.

But, true to Microsoft’s commitment of developing their IAM features, Entra ID has seen its features expand in line with modern requirements.

It provides the digital infrastructure needed for employees to sign in and access external resources held in the Office 365 stack.

Plus, it allows you to sign-in to an impressive number of software-as-a-service (SaaS) applications, on top of those held on your corporate network or intranet.

How it benefits your organisation

Entra ID is Microsoft’s flagship identity and access management technology. A versatile platform with an ever-expanding suite of value-adding products (as you’ll discover by downloading our e-guide).

And it offers particular value when it comes to:

Ebony and green key icon on transparent background

Secure, adaptive access

User friendly MFA and passwordless login options enhance user experience, while Conditional Access policies and user entity behaviour analytics increase security and protect against compromised identities.

Ebony and green 'OK,' hand gesture icon on transparent background

Seamless user experience

With Entra ID’s single sign-on (SSO), users need only one sign-in credential to access all apps and resources. Removing the friction of multiple logins reduces frustration and makes it more convenient for the user. Plus, it further enhances security by reducing password fatigue that can lead to breaches.

Ebony and green open person file icon on transparent background

Unified identity management

Entra ID centralises the management of all identities and access permissions, be that in the cloud or on-premises. This significantly reduces the administrative burden on IT teams, while providing full and fast visibility that makes it much easier to spot anomalies and potential security risks.

Ebony and green person and rising arrow icon on transparent background

Increased productivity

As part of the continuous improvement of Entra capabilities, Microsoft have added API-driven inbound user provisioning. This allows users to integrate Entra ID with any system of record (like an HR or HCM system). Which in turn enables full automation of user provisioning and a more secure, efficient joiner-mover-leaver process. Reducing the workload of IT teams and enabling better productivity across the business.

Microsoft Entra Identity Governance

You need to be able to track the access you’ve given out and revoke that access promptly when it’s no longer needed. This should apply to internal and external users.

This is the purpose of Identity Governance. It allows you to ensure that the right people have the right access to the right resources.

Identity Governance gives organisations the ability to govern the identity lifecycle, govern the access lifecycle, and secure privileged access for administration.

And not just for your employees. But also for business partners and vendors, and across services and applications both on-premises and in the cloud.

What you get from Entra ID Governance

Now, it should be noted that there remains a raft of governance tools available for use within Entra ID P1 and P2 licences. These include (and not limited to):

  • HR-driven provisioning

  • Automated user provisioning

  • Access certification and reviews

  • Entitlement management

  • Privileged Identity Management (PIM)

However, Microsoft have extended their governance offering, bundling advanced tools into a stand-alone SKU.

It’s fair to say, given this initial separation, that future governance development, of which we predict to be plenty, will rest within this product.

Some of the new capabilities within Microsoft Entra ID Governance are:

  • Lifecycle Workflows: Customise workflows and automate repetitive tasks, such as the onboarding of new employees.

  • Separation of duties: Automate controls so that identities don’t get excessive access (e.g., requiring more than one person involved in a transaction to reduce fraud risk).

  • Connection back to on-premises: Provision back to your on-premises applications.

  • AI-Driven access reviews: Allows users and guests to have the right access when they need it, based upon automated insight.

Microsoft Entra reduces likelihood of a breach by 20%

The Total Economic Impact™ Of Microsoft Entra, Forrester Consulting

Microsoft Entra Permissions Management

Permissions Management is a cloud infrastructure entitlement management (CIEM) service. A CIEM’s job is to automate the process of managing user entitlements and privileges in cloud environments.

Permissions management continuously monitors user permissions across the Cloud and gives you detailed visibility across your cloud infrastructure.

Additionally, this technology isn’t confined to the Azure Cloud. You can get detailed insights and responses from Amazon Web Services (AWS) and the Google Cloud Platform (GCP).

How it benefits your organisation

Part of the problem with organisations operating multi-cloud platforms is that it muddies the water around who has what permissions where. Here’s how permissions management tackles this problem:

  • Discover: The Permissions Management dashboard gives you detailed visibility and a comprehensive view of every action performed by any identity on any resource. Anything of note gets reported in the ‘Permission Creep Index’, a single metric that evaluates the gap between permissions granted and permissions used.

  • Remediate: Permissions Management allows you to grant the right permissions based on usage and activity and enforce permissions on-demand at cloud scale. Once you’ve identified the most critical permissions risks in your infrastructure, you can automate least privilege policy enforcement. For one-off scenarios, you can request those permissions in a ‘just-in-time’ manner for a limited period, using the self-service workflow.

  • Monitor: You can track permissions usage patterns and set up customisable alerts to detect anomalous usage. Using machine learning-based anomaly detections, you can also strengthen your security posture. Additionally, you can support rapid investigation and remediation by generating fully customisable, context-rich forensic reports around identities, actions, and resources.

Microsoft Entra Workload ID

As more organisations move towards cloud computing, they deploy software workloads (such as applications, services, or scripts) that access cloud resources.

Organisations have been provisioning these workloads with human identities. But this is not without its own problems.

For example, once a workload identity is created, there’s limited visibility into the activity of that identity.

This can make it difficult to measure the impact of removing that identity. And can potentially lead to your organisation retaining many redundant identities.

Workload Identities solves these problems for you, giving you visibility over the permissions, activity, and any security vulnerabilities of your workloads.

How it benefits your organisation

Entra Workload ID gives the same level of security for workload identities as you’d get for human users.

This enables:

Ebony and green magnifying glass tick icon on transparent background

Detection

Entra Workload ID empowers you to effectively detect and contain threats that target compromised workloads.

Ebony and green open eye icon on transparent background

Visibility

You can have a granular view of the permissions assigned to each workload, enabling you to assess and fine-tune the security posture of your system.

Ebony and green ticklist icon on transparent background

Conditional Access policies

Create Conditional Access rules that define the circumstances under which a workload can access resources or perform specific actions.

Microsoft Entra Verified ID

Verified ID is Microsoft’s decentralised identity solution and works on the principle that people should be in control of their digital identity.

Verified ID works a little bit like a digital passport and is stored and managed by the individual – not on a company server.

Users have the freedom to approve or deny requests to share their identity credentials, receiving receipts of who those credentials have been shared with. This allows the user to revoke access at any time.

Every time the credential is used, it’s validated by the organisation that issued it.

How it benefits your organisation

Verified ID is a slightly newer technology that’s been making waves and changing how we do identity verification.

Here’s why you should be using Verified ID:

  • Fast remote onboarding: Verified ID enables the remote issuance, onboarding, and verification of identity credentials for new hires. Typically, this process takes minutes. Employees now have with secure and convenient access to your organisation’s applications, data, and assets globally. With ID credentials that remain solely in their control.

  • More secure access: You’ll be able to quickly verify an individual’s credentials and status. This, in turn, will allow you to grant access to data, assets, or applications based on least privileged access principles.

  • Easy account recovery: Verified ID streamlines identity verification, and allows employees to reset their own passwords, reducing help desk calls.

  • Custom business solutions: Verified ID gives you the ability to build custom solutions for a wide range of use cases using the developer kit, application programming interfaces (APIs), and documentation.

Learn more about Verified ID here.

Microsoft Entra External ID

Entra External ID is one of the areas of the Entra family continually evolving out of its former iterations.

It’s the catch-all name for all capabilities that help with the management, authentication, and security of partners, collaborators, and customers.

You may be familiar with the former External Identities offerings that comprised Azure AD B2B (for partner and collaborators) and Azure AD B2C (for customers).

From a B2B perspective, these capabilities have largely been absorbed into Microsoft Entra ID, via its B2B collaboration tool. This allows partners to securely sign into apps and resources from their own IAM solution.

The benefits of which are:

  • Partners can retain their own credentials for access

  • No administrative burden managing external identities

On the B2C side of things, Entra External ID for Customers is now in public preview. This represents Microsoft’s vision for the future of Customer Identity and Access Management (CIAM), with customer-centric tools such as full-brand customisations and security features.

If you’d like to learn more about our thoughts on the eventual transition from Azure AD B2C to Entra External ID for Customers, please have a read of our recent article.

Entra’s identity-based secure network access

In the summer of 2023, as part of a major update announcement of the Entra family, Microsoft revealed two new products aimed at redefining secure network access.

It’s a response to the dramatic changes organisations have seen to their working cultures, alongside the increasingly pervasive threat of advanced cyber attacks.

The products, collectively comprising a new Security Service Edge (SSE) offering are:

  • Microsoft Entra Internet Access

  • Microsoft Entra Private Access

Cloud-based solutions, they align networks with identities and endpoints for secure access built upon the core principles of Zero Trust (always verify, use least privilege, assume breach).

And what they promise is the creation of network environments where users can have secure, frictionless access to public and private resources, from any device or location.

Microsoft Entra Internet Access

Microsoft Entra Internet Access is a Secure Web Gateway (SWG) solution.

By applying Conditional Access policies across the network and having full traffic visibility it allows frictionless access to internet resources. At the same time offering best-in-class protection for users, devices, and data.

Microsoft Entra Private Access

Microsoft Entra Private Access is a Zero Trust Network Access (ZTNA) solution that  applies Zero Trust to provide remote users seamless, secure access to private apps.

Regardless of their device, location, or network.

It means organisations can free themselves from legacy VPNs, while also cutting excessive access and preventing lateral movement of threats.

Operational and commercial benefits of Microsoft Entra

According to a study conducted by Forrester Consulting, adopting Microsoft Entra yields significant operational and financial benefits.

These include:

  • 240% ROI over three years

  • $2.08 million saved by modernising IAM and vendor consolidation.

  • $1.52 million saved through breach-reducing risk-based policies

  • 90% reduction in development wait times.

  • 13 hours saved per employee per year.

  • $4.05 million saved by productivity improvements.

  • 75% reduction in help desk calls due to self-service password resets.

Getting started with Microsoft Entra

If you’re a Microsoft licence holder then getting started with Entra’s family of products is easy.

Microsoft Entra ID’s free version comes as standard with any Microsoft cloud subscription, such as Azure or Microsoft 365.

It also has two premium licences: P1 and P2.

You can access P1 as part of your Microsoft 365 E3 for enterprise or Microsoft 365 Business Premium subscription. Or you can subscribe to it as a standalone item.

Similarly, P2 is available to Microsoft 365 E5 for enterprise subscribers, or again, as a standalone item.

Also, if you are an active Entra ID subscriber, then you have automatic access to Entra Verified ID, currently at no extra cost.

As we’ve already mentioned, Entra ID also comes with a suite of governance tools within its P1 and P2 licences (somewhat weighted towards P2). However, to take advantage of the advanced tools with Entra ID Governance, you do require an additional subscription.

The same applies to the standalone products of Entra Permissions Management and Entra Workload ID.

That said, each of these items have options for free trials before commitment to subscribe.

Microsoft’s SSE network access products are currently in public preview. You can find out more about these products, as well as how to book our readiness review, in our on-demand webinar.

What’s next on the Microsoft Entra roadmap?

play icon 00:37:40 Play video

Conclusion

Identity and access still present the greatest challenge for organisations, especially as they move to hybrid and multi-cloud platforms. Legacy technologies simply aren’t able to keep up with the evolving digital landscape anymore.

By expanding its range of identity and access technologies and bringing them under one portal, Microsoft Entra solves these problems by going further than simply providing secure access to organisations.

Now, your organisation can provision decentralised ID under the full control of your employees. They can see what permissions those employees have, no matter where they operate

Not only that, your non-human workloads and users now have the same protection and visibility as your human users, plugging those potential security gaps.

And with identity governance, you’ll know what access you’ve given and where, and will be able to manage and revoke it as and when you need to.

Modern organisations have needed new ways to address the challenges of identity and access management in an evolving digital landscape for a while.

With Microsoft Entra, those challenges have finally been met head-on.

Key takeaways

  • Identity and access management remain the key security focus for any enterprise-sized business.

  • Identity management complexity increases when organisations operate across hybrid and multi-cloud platforms.

  • Microsoft Entra solves the complex challenges of identity and access in a new, cloud-enabled digital landscape.

  • Entra’s suite of products put user identities back in control and ownership of users and manages permissions across multiple clouds and environments.

The complete guide to Microsoft Entra ID

Master Microsoft Identity. Grab your free 34-page guide and discover tools that:

  • Improve identity efficiency by 50%
  • Reduce data breach risk by 45%
tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image
Marcus Idle profile headshot

Author

Marcus Idle

Marcus Idle is Kocho’s Head of External Identity. Marcus is passionate about bringing cloud and external identity to life to solve business problems for our clients.

Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.