Microsoft Entra is a family of identity and network access products designed to implement a Zero Trust security strategy. It is part of the Microsoft Security portfolio which also includes
- Microsoft Defender for cyberthreat protection and cloud security,
- Microsoft Sentinel for security information and event management (SIEM),
- Microsoft Purview for compliance,
- Microsoft Priva for privacy and
- Microsoft Intune for endpoint management.
Zero-trust strategy
The Zero Trust security strategy is a modern approach to cybersecurity that assumes no user or device, whether inside or outside the network, should be trusted by default. Instead, every access request must be verified and authenticated before granting access to resources. This strategy is designed to address the complexities of the modern digital environment, including remote work, cloud services, and mobile devices.
Why use Entra
Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management solution that offers several benefits over traditional on-premises solutions:
- Unified Identity Management:Entra provides a comprehensive identity and access management solution that spans across hybrid and cloud environments. This means you can manage user identities, access rights, and entitlements in a unified manner, which simplifies administration and enhances security.
- Seamless User Experiences:Entra supports Single Sign-On (SSO), allowing users to access multiple applications with a single set of credentials. This reduces password fatigue and improves user experience.
- Adaptive Access Policies:Entra enables strong authentication and real-time, risk-based adaptive access policies without compromising user experience. This helps in securing access to resources and data effectively
- Integration with External Identities:Entra External ID allows organizations to securely manage and authenticate users who are not part of their internal workforce, such as customers, partners, and other external collaborators. This is particularly useful for businesses needing to collaborate securely with external partners
- Market Challenge Addressed:Entra addresses the market challenge of providing a comprehensive IAM solution across hybrid and cloud environments that ensures security, simplifies user authentication, and enables secure access to resources
- Scalability:Cloud solutions like Entra can scale easily to accommodate growing numbers of users and applications without the need for additional hardware or infrastructure.
- Cost Efficiency:By using a cloud solution, organizations can reduce the costs associated with maintaining on-premises infrastructure, such as servers and networking equipment.
- Flexibility:Entra provides flexibility in terms of deployment and integration with various applications and services, both within and outside the Microsoft ecosystem.
- Security:Cloud solutions often come with built-in security features and regular updates to protect against emerging threats. Entra includes robust support for Conditional Access and Multi-Factor Authentication (MFA), which are essential for protecting sensitive data
As you can see, you have many reasons to be excited about Entra and its suite of products.
More on Entra products
Microsoft Entra is designed to provide identity and access management, cloud-infrastructure management, and identity verification. It works on:
- On-premises.
- Across Azure, AWS, Google Cloud.
- Across Microsoft and third-party apps, websites, and devices.
Here are the key products and solutions within the Microsoft Entra product family.
- Microsoft Entra ID: This is a comprehensive identity and access management solution. It includes features like conditional access, role-based access control, multifactor authentication, and identity protection. Entra ID helps organizations manage and protect identities, ensuring secure access to apps, devices, and data.
- Microsoft Entra Domain Services: This product provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. It enables organizations to run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises Active Directory Domain Services (AD DS) environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.
- Microsoft Entra Private Access provides users (in office or working remotely) secured access to private, corporate resources. It enables remote users to connect to internal resources from any device and network without requiring a virtual private network (VPN). The service offers per-app adaptive access based on Conditional Access policies, for more granular security than a VPN.
- Microsoft Entra Internet Access secures access to Microsoft services, SaaS, and public internet apps while protecting users, devices, and data against internet threats through the identity-centric, device-aware, cloud-delivered Secure Web Gateway (SWG) of Microsoft Entra Internet Access.
- Microsoft Entra ID Governance is an identity governance solution that helps ensure that the right people have the right access to the right resources at the right time by automating access requests, assignments, and reviews through identity lifecycle management.
- Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks. These identity-based risks can be further fed into tools like Conditional Access to make access decisions or fed back to a security information and event management (SIEM) tool for further investigation and correlation.
- Microsoft Entra Verified ID is a credential verification service based on open decentralized identities (DID) standards. This product is designed for identity verification and management, ensuring that users' identities are securely verified. It supports scenarios like verifying workplace credentials on LinkedIn.
- Microsoft Entra External ID: This product focuses on managing external identities, such as customers, partners, and other collaborators who are not part of the internal workforce. It allows organizations to securely manage and authenticate these external users, providing features like custom-branded sign-up experiences, self-service registration flows, and user management.
- Microsoft Entra Permissions Management: This product deals with managing permissions and access controls across various systems and applications, ensuring that users have the appropriate level of access. It enables organizations to detect, automatically right-size, and continuously monitor unused and excessive permissions across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
- Microsoft Entra Workload ID: This product helps apps, containers and services securely access cloud resources, providing identity and access management for workload.
Which Entra product to choose?
We’ve explained some important products, but you might still wonder what to choose, so let’s look at some scenarios.
Scenario: GitHub Actions Integration
A development team uses GitHub Actions for continuous integration and continuous deployment (CI/CD) pipelines. They need to securely access Azure resources without managing secrets.
Recommended product: Entra Workload ID
Why Entra Workload ID? Microsoft Entra Workload ID supports workload identity federation, allowing GitHub Actions to access Azure resources securely by federating identities from GitHub. This eliminates the need to manage secrets and reduces the risk of credential leaks
Scenario: Internal Employee Access Management
A large enterprise needs to manage access to its internal applications and resources for thousands of employees. The organization wants to implement multifactor authentication (MFA), conditional access policies, and role-based access control (RBAC) to ensure secure access.
Recommended product: Entra ID
Why Entra ID? Microsoft Entra ID is ideal for this scenario because it provides comprehensive identity and access management solutions, including MFA, conditional access, and RBAC. These features help ensure that only authorized employees can access sensitive resources, enhancing security and compliance.
Scenario: Single Sign-On (SSO) for Internal Applications
A company wants to streamline the login process for its employees by implementing Single Sign-On (SSO) across all internal applications, including Microsoft 365, Salesforce, and custom-built apps.
Recommended product: Entra ID
Why Entra ID? Microsoft Entra ID supports SSO, allowing employees to use a single set of credentials to access multiple applications. This improves user experience, reduces password fatigue, and enhances security by centralizing authentication and access management.
Scenario: Kubernetes Workloads
An organization runs multiple applications on Kubernetes clusters and needs to securely access Azure resources from these workloads.
Recommended product: Entra Workload ID
Why Entra Workload ID? Entra Workload ID enables Kubernetes workloads to access Azure resources without managing credentials or secrets. By establishing a trust relationship between Azure and Kubernetes service accounts, workloads can exchange trusted tokens for access tokens from Microsoft Identity Platform
Scenario: e-commerce company, customer portal
An e-commerce company wants to create a customer portal where users can sign up, log in, and manage their accounts. The company needs to provide a seamless and secure registration and login experience for its customers.
Recommended product: Entra External ID.
Why Entra External ID? Microsoft Entra External ID is designed for managing external identities, such as customers. It offers features like custom-branded sign-up experiences, self-service registration flows, and secure authentication, making it the perfect fit for creating a customer portal.
Scenario: Partner Collaboration
A manufacturing company collaborates with multiple external partners and suppliers. The company needs to provide secure access to shared resources and applications while ensuring that only authorized partners can access specific data.
Recommended product: Entra External ID
Why Entra External ID? Microsoft Entra External ID is ideal for managing external identities, such as partners and suppliers. It allows the company to securely manage and authenticate external users, providing features like B2B collaboration and access management, ensuring that only authorized partners can access the necessary resources.
Getting started with Entra ID
Title | Description | Link |
Microsoft Identity Platform Dev Center | On-stop show for docs, tutorials, videos and more | Microsoft identity platform Dev Center | Identity and access for a connected world | Microsoft Developer |
Training for Microsoft Entra ID | Microsoft Learn, skill yourself on a number of modules | Training for Microsoft Entra ID | Microsoft Learn |
What is Microsoft Entra ID | Starting page on official Docs explaining Entra Id, a great place to start | What is Microsoft Entra ID? - Microsoft Entra | Microsoft Learn |
Tutorial: Sign in user to Entra | Node.js tutorial | |
Tutorial: Add sign-in with Microsoft Entra | Java tutorial | Add sign-in with Microsoft Entra account to a Spring web app - Java on Azure | Microsoft Learn |
Tutorial: Register a Python app with Entra | Python tutorial | Tutorial: Register a Python web app with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn |
Tutorial: Register a .NET App with Entra | .NET Core | Tutorial: Register an application with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn |
Getting started with Entra External ID
Title | Description | Link |
One stop shop, identity platform Developer Center | Great starting point to learn news, docs, tutorials, videos and more | Microsoft Entra External ID | Simplify customer identity management | Microsoft Developer |
Tutorial: Add authentication to Vanilla SPA App | JavaScript tutorial | Tutorial: Create a Vanilla JavaScript SPA for authentication in an external tenant - Microsoft Entra External ID | Microsoft Learn |
Tutorial: Sign in users to Node.js app | JavaScript/Node.js tutorial | Sign in users in a sample Node.js web application - Microsoft Entra External ID | Microsoft Learn |
Tutorial: Sign in users to ASP .NET Core | .NET Core tutorial | Sign in users to a sample ASP.NET Core web application - Microsoft Entra External ID | Microsoft Learn |
Sign in users to a Python Flask app | Python tutorial | Sign in users in a sample Python Flask web application - Microsoft Entra External ID | Microsoft Learn |
Tutorial: Sign in to Node.js app | JavaScript/Node.js tutorial | Tutorial: Prepare your external tenant to sign in users in a Node.js web app - Microsoft Entra External ID | Microsoft Learn |
Tutorial: Sign in users to .NET Core app | .NET Core Tutorial | Tutorial: Prepare your external tenant to authenticate users in an ASP.NET Core web app - Microsoft Entra External ID | Microsoft Learn |
Summary and takeaways
In summary, we introduced you to Entra and some of its products in a large family of products. You were also shown some scenarios and what products would fit. Finally, we recommended some great starter links. Hope you’re off to a great start, thanks for reading!