What is Microsoft Entra?

Updated May 2023.

Digital transformation and rapid cloud adoption has changed the way we work. It’s freed organisations from traditional on-premises servers, and unshackled workers from their desks.

However, today’s connected landscape poses new challenges when it comes to identity and access management, including:

• Rapidly expanding attack surfaces due to a growing number of diverse access points
• The increasing volume and growing sophistication of attacks
• Overlapping of identity and access tools/technology

In response to these challenges, Microsoft have expanded their portfolio of identity and access technologies and put them under a single umbrella and portal. That portal is Microsoft Entra.

Microsoft Entra Explained

Microsoft Entra is the name for the family of identity and access technologies brought into one place, and under one portal.

Entra goes beyond traditional identity and access management. It’s Microsoft’s vision for the future of identity and access.

What does Microsoft Entra include?

Microsoft Entra currently offers five identity and access management products:

• Entra ID (formerly Azure AD)
• Permissions Management
• Verified ID
• Workflow Identities
• Identity Governance

Let’s dive a little deeper into each.

Microsoft Entra ID

Entra ID is Microsoft’s cloud-based, multi-tenant, core identity and access management solution.

It provides the digital infrastructure needed for employees to sign in and access external resources held in the Office 365 stack.

It also allows you to sign-in to an impressive number of software-as-a-service (SaaS) applications, on top of those held on your corporate network or intranet.

How it benefits your organisation

As the flagship Identity and access management technology, Entra ID’s capabilities have been well documented. But where it’s particularly strong are areas such as:

• Secure, adaptive access: User friendly MFA and passwordless login options enhance user experience, while conditional access policies and user entity behaviour analytics increase security and protect against compromised identities.
• Seamless user experiences: With Entra ID’s single sign-on (SSO), only one identity and one sign-in are needed to connect to all a user’s applications. You can also seamlessly connect to over 3,000 pre-integrated, non-Microsoft SaaS applications, as well as your on-premises or custom apps.
• Unified identity management: All of your identities, and access to all your applications, are in a central location. Whether that’s in the Cloud or on-premises, dramatically improving visibility and control. Unified identity management enables users to bring their own identity from outside of your network to applications, allowing for frictionless authentication.

Learn more about Entra ID here.

Microsoft Entra Verified ID

Verified ID is Microsoft’s decentralised identity solution and works on the principle that people should be in control of their digital identity.

Verified ID works a little bit like a digital passport and is stored and managed by the individual – not on a company server.

Users have the freedom to approve or deny requests to share their identity credentials, receiving receipts of who those credentials have been shared with. This allows the user to revoke access at any time.

Every time the credential is used, it’s validated by the organisation that issued it.

How it benefits your organisation

Verified ID is a slightly newer technology that’s been making waves and changing how we do identity verification. Here’s why you should be using Verified ID:

• Fast remote onboarding: Verified ID enables the remote issuance, onboarding, and verification of identity credentials for new hires. Typically, this process takes minutes. Employees now have with secure and convenient access to your organisation’s applications, data, and assets globally. With ID credentials that remain solely in their control.
• More secure access: You’ll be able to quickly verify an individual’s credentials and status. This, in turn, will allow you to grant access to data, assets, or applications based on least privileged access principles.
• Easy account recovery: Verified ID streamlines identity verification, and allows employees to reset their own passwords, reducing help desk calls.
• Custom business solutions: Verified ID gives you the ability to build custom solutions for a wide range of use cases using the developer kit, application programming interfaces (APIs), and documentation.

Learn more about Verified ID here.

Microsoft Entra Permissions Management

Permissions Management is a cloud infrastructure entitlement management (CIEM) service. A CIEM’s job is to automate the process of managing user entitlements and privileges in cloud environments.

Permissions management continuously monitors user permissions across the Cloud and gives you detailed visibility across your cloud infrastructure.

Additionally, this technology isn’t confined to the Azure Cloud. You can get detailed insights and responses from Amazon Web Services (AWS) and the Google Cloud Platform (GCP).

How it benefits your organisation

Part of the problem with organisations operating multi-cloud platforms is that it muddies the water around who has what permissions where. Here’s how permissions management tackles this problem:

• Discover: The Permissions Management dashboard gives you detailed visibility and a comprehensive view of every action performed by any identity on any resource. Anything of note gets reported in the ‘Permission Creep Index’, a single metric that evaluates the gap between permissions granted and permissions used.
• Remediate: Permissions Management allows you to grant the right permissions based on usage and activity and enforce permissions on-demand at cloud scale. Once you’ve identified the most critical permissions risks in your infrastructure, you can automate least privilege policy enforcement. For one-off scenarios, you can request those permissions in a ‘just-in-time’ manner for a limited period, using the self-service workflow.
• Monitor: You can track permissions usage patterns and set up customisable alerts to detect anomalous usage. Using machine learning-based anomaly detections, you can also strengthen your security posture. Additionally, you can support rapid investigation and remediation by generating fully customisable, context-rich forensic reports around identities, actions, and resources.

Learn more about Permissions Management here.

Microsoft Entra Workload Identities

As more organisations move towards cloud computing, they deploy software workloads (such as applications, services, or scripts) that access cloud resources.

Organisations have been provisioning these workloads with human identities. But this is not without its own problems.

For example, once a workload identity is created, there’s limited visibility into the activity of that identity.

This can make it difficult to measure the impact of removing that identity. And can potentially lead to your organisation retaining many redundant identities.

Workload Identities solves these problems for you, giving you visibility over the permissions, activity, and any security vulnerabilities of your workloads.

How it benefits your organisation

Entra Workload Identities gives the same level of security for workload identities as you’d get for human users.

Entra Workload Identities enables:

• Detection: Entra Workload Identities empowers you to effectively detect and contain threats that target compromised workloads.
• Visibility: You can have a granular view of the permissions assigned to each workload, enabling you to assess and fine-tune the security posture of your system.
• Conditional access policies: Create conditional access rules that define the circumstances under which a workload can access resources or perform specific actions.

Microsoft Entra Identity Governance

You need to be able to track the access you’ve given out and be able to revoke that access promptly when it is no longer needed. This should apply to internal and external users.

You can do this with Identity Governance. It provides you with capabilities to ensure that the right people have the right access to the right resources.

Identity Governance gives organisations the ability to govern the identity lifecycle, govern the access lifecycle, and secure privileged access for administration.

It is able to do these tasks across employees, business partners and vendors, and across services and applications both on-premises and in the cloud.

How it benefits your organisation

All the features that you know and love from when Identity Governance was a function of Azure AD  are still present.

However, now that Identity Governance is its own function in Microsoft Entra, there are now more advanced tools included that simplify identity management and governance.

New capabilities in Microsoft Entra Identity Governance let you:

• Lifecycle Workflows: Customise workflows and automate repetitive tasks, such as the onboarding of new employees.
• Separation of duties: Automate controls so that identities don’t get excessive access (e.g., requiring more than one person involved in a transaction to reduce fraud risk).
• Connection back to on-premises: Provision back to your on-premises applications.

Learn more about Identity Governance here.

Why use Microsoft Entra?

Microsoft Entra is a comprehensive identity and access family of technology that easily operates in multi-cloud environments.

It consolidates solutions into one portal, and allows you to retire complex legacy infrastructure that uses multiple technology solutions. This improves security, while reducing complexity and costs.

The numbers paint an impressive picture

According to a study conducted by Forrester Consulting, adopting Microsoft Entra yields significant financial benefits for organisations that adopt it.

The study, a based on existing Microsoft customers found:

• ROI of 240% over three years.
• Modernising identity and consolidating vendors resulted in cost savings of $2.08 million.
• Implementing risk-based policies reduced breaches by 20%, saving $1.52 million.
• Development wait times reduced by 90%, resulting in $922,422 of benefits.
• SSO saved employees 13 hours per year, saving $4.05 million.
• Self-service password rests decreased help desk calls by 75%, saving £251,794.

Getting started with Microsoft Entra

While Microsoft Entra is one family of products, you can get started with any of the technologies separately.

For example, Entra ID comes as standard with Office 365, Microsoft 365, Azure, Dynamics 365, Intune, and Power Platform. If you have any of these products, all you have to do is enable Entra ID.

Verified ID needs an active Azure tenant, and then extra configuration to use the Verified Credentials service.

Entra Permissions Management is less complicated to get started with, and you can give this technology a test drive with a free 90-day trial.

By trialling Entra ID free for 12 months, you’re able to trial Identity Governance for free. And if you want to try out Workload Identities, you can also trial this for free.

For help with getting started with Entra’s technology stack, or to get the best out of your licences and products, feel free to get in touch with us.

Conclusion

Identity and access still present the greatest challenge for organisations, especially as they move to hybrid and multi-cloud platforms. Legacy technologies simply aren’t able to keep up with the evolving digital landscape anymore.

By expanding its range of identity and access technologies and bringing them under one portal, Microsoft Entra solves these problems by going further than simply providing secure access to organisations.

Now, your organisation can provision decentralised ID under the full control of your employees. They can see what permissions those employees have, no matter where they operate

Not only that, your non-human workloads and users now have the same protection and visibility as your human users, plugging those potential security gaps.

And with identity governance, you’ll know what access you’ve given and where, and will be able to manage and revoke it as and when you need to.

Modern organisations have needed new ways to address the challenges of identity and access management in an evolving digital landscape for a while.

With Microsoft Entra, those challenges have finally been met head-on.

Key takeaways

Next steps

Like this? Don’t forget to share.