What is Entra and why choose it to secure your apps (2024)

Microsoft Entra is a family of identity and network access products designed to implement a Zero Trust security strategy. It is part of the Microsoft Security portfolio which also includes

- Microsoft Defender for cyberthreat protection and cloud security,

- Microsoft Sentinel for security information and event management (SIEM),

- Microsoft Purview for compliance,

- Microsoft Priva for privacy and

- Microsoft Intune for endpoint management.

Zero-trust strategy

The Zero Trust security strategy is a modern approach to cybersecurity that assumes no user or device, whether inside or outside the network, should be trusted by default. Instead, every access request must be verified and authenticated before granting access to resources. This strategy is designed to address the complexities of the modern digital environment, including remote work, cloud services, and mobile devices.

Why use Entra

Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management solution that offers several benefits over traditional on-premises solutions:

- Unified Identity Management:Entra provides a comprehensive identity and access management solution that spans across hybrid and cloud environments. This means you can manage user identities, access rights, and entitlements in a unified manner, which simplifies administration and enhances security.

- Seamless User Experiences:Entra supports Single Sign-On (SSO), allowing users to access multiple applications with a single set of credentials. This reduces password fatigue and improves user experience.

- Adaptive Access Policies:Entra enables strong authentication and real-time, risk-based adaptive access policies without compromising user experience. This helps in securing access to resources and data effectively

- Integration with External Identities:Entra External ID allows organizations to securely manage and authenticate users who are not part of their internal workforce, such as customers, partners, and other external collaborators. This is particularly useful for businesses needing to collaborate securely with external partners

- Market Challenge Addressed:Entra addresses the market challenge of providing a comprehensive IAM solution across hybrid and cloud environments that ensures security, simplifies user authentication, and enables secure access to resources

- Scalability:Cloud solutions like Entra can scale easily to accommodate growing numbers of users and applications without the need for additional hardware or infrastructure.

- Cost Efficiency:By using a cloud solution, organizations can reduce the costs associated with maintaining on-premises infrastructure, such as servers and networking equipment.

- Flexibility:Entra provides flexibility in terms of deployment and integration with various applications and services, both within and outside the Microsoft ecosystem.

- Security:Cloud solutions often come with built-in security features and regular updates to protect against emerging threats. Entra includes robust support for Conditional Access and Multi-Factor Authentication (MFA), which are essential for protecting sensitive data

As you can see, you have many reasons to be excited about Entra and its suite of products.

More on Entra products

Microsoft Entra is designed to provide identity and access management, cloud-infrastructure management, and identity verification. It works on:

  • On-premises.
  • Across Azure, AWS, Google Cloud.
  • Across Microsoft and third-party apps, websites, and devices.

Here are the key products and solutions within the Microsoft Entra product family.

  1. Microsoft Entra ID: This is a comprehensive identity and access management solution. It includes features like conditional access, role-based access control, multifactor authentication, and identity protection. Entra ID helps organizations manage and protect identities, ensuring secure access to apps, devices, and data.
  2. Microsoft Entra Domain Services: This product provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. It enables organizations to run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises Active Directory Domain Services (AD DS) environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.
  3. Microsoft Entra Private Access provides users (in office or working remotely) secured access to private, corporate resources. It enables remote users to connect to internal resources from any device and network without requiring a virtual private network (VPN). The service offers per-app adaptive access based on Conditional Access policies, for more granular security than a VPN.
  4. Microsoft Entra Internet Access secures access to Microsoft services, SaaS, and public internet apps while protecting users, devices, and data against internet threats through the identity-centric, device-aware, cloud-delivered Secure Web Gateway (SWG) of Microsoft Entra Internet Access.
  5. Microsoft Entra ID Governance is an identity governance solution that helps ensure that the right people have the right access to the right resources at the right time by automating access requests, assignments, and reviews through identity lifecycle management.
  6. Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks. These identity-based risks can be further fed into tools like Conditional Access to make access decisions or fed back to a security information and event management (SIEM) tool for further investigation and correlation.
  7. Microsoft Entra Verified ID is a credential verification service based on open decentralized identities (DID) standards. This product is designed for identity verification and management, ensuring that users' identities are securely verified. It supports scenarios like verifying workplace credentials on LinkedIn.
  8. Microsoft Entra External ID: This product focuses on managing external identities, such as customers, partners, and other collaborators who are not part of the internal workforce. It allows organizations to securely manage and authenticate these external users, providing features like custom-branded sign-up experiences, self-service registration flows, and user management.
  9. Microsoft Entra Permissions Management: This product deals with managing permissions and access controls across various systems and applications, ensuring that users have the appropriate level of access. It enables organizations to detect, automatically right-size, and continuously monitor unused and excessive permissions across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
  10. Microsoft Entra Workload ID: This product helps apps, containers and services securely access cloud resources, providing identity and access management for workload.

Which Entra product to choose?

We’ve explained some important products, but you might still wonder what to choose, so let’s look at some scenarios.

Scenario: GitHub Actions Integration

A development team uses GitHub Actions for continuous integration and continuous deployment (CI/CD) pipelines. They need to securely access Azure resources without managing secrets.

Recommended product: Entra Workload ID

Why Entra Workload ID? Microsoft Entra Workload ID supports workload identity federation, allowing GitHub Actions to access Azure resources securely by federating identities from GitHub. This eliminates the need to manage secrets and reduces the risk of credential leaks

Scenario: Internal Employee Access Management

A large enterprise needs to manage access to its internal applications and resources for thousands of employees. The organization wants to implement multifactor authentication (MFA), conditional access policies, and role-based access control (RBAC) to ensure secure access.

Recommended product: Entra ID

Why Entra ID? Microsoft Entra ID is ideal for this scenario because it provides comprehensive identity and access management solutions, including MFA, conditional access, and RBAC. These features help ensure that only authorized employees can access sensitive resources, enhancing security and compliance.

Scenario: Single Sign-On (SSO) for Internal Applications

A company wants to streamline the login process for its employees by implementing Single Sign-On (SSO) across all internal applications, including Microsoft 365, Salesforce, and custom-built apps.

Recommended product: Entra ID

Why Entra ID? Microsoft Entra ID supports SSO, allowing employees to use a single set of credentials to access multiple applications. This improves user experience, reduces password fatigue, and enhances security by centralizing authentication and access management.

Scenario: Kubernetes Workloads

An organization runs multiple applications on Kubernetes clusters and needs to securely access Azure resources from these workloads.

Recommended product: Entra Workload ID

Why Entra Workload ID? Entra Workload ID enables Kubernetes workloads to access Azure resources without managing credentials or secrets. By establishing a trust relationship between Azure and Kubernetes service accounts, workloads can exchange trusted tokens for access tokens from Microsoft Identity Platform

Scenario: e-commerce company, customer portal

An e-commerce company wants to create a customer portal where users can sign up, log in, and manage their accounts. The company needs to provide a seamless and secure registration and login experience for its customers.

Recommended product: Entra External ID.

Why Entra External ID? Microsoft Entra External ID is designed for managing external identities, such as customers. It offers features like custom-branded sign-up experiences, self-service registration flows, and secure authentication, making it the perfect fit for creating a customer portal.

Scenario: Partner Collaboration

A manufacturing company collaborates with multiple external partners and suppliers. The company needs to provide secure access to shared resources and applications while ensuring that only authorized partners can access specific data.

Recommended product: Entra External ID

Why Entra External ID? Microsoft Entra External ID is ideal for managing external identities, such as partners and suppliers. It allows the company to securely manage and authenticate external users, providing features like B2B collaboration and access management, ensuring that only authorized partners can access the necessary resources.

Getting started with Entra ID

Title

Description

Link

Microsoft Identity Platform Dev Center

On-stop show for docs, tutorials, videos and more

Microsoft identity platform Dev Center | Identity and access for a connected world | Microsoft Developer

Training for Microsoft Entra ID

Microsoft Learn, skill yourself on a number of modules

Training for Microsoft Entra ID | Microsoft Learn

What is Microsoft Entra ID

Starting page on official Docs explaining Entra Id, a great place to start

What is Microsoft Entra ID? - Microsoft Entra | Microsoft Learn

Tutorial: Sign in user to Entra

Node.js tutorial

Tutorial: Add sign-in with Microsoft Entra

Java tutorial

Add sign-in with Microsoft Entra account to a Spring web app - Java on Azure | Microsoft Learn

Tutorial: Register a Python app with Entra

Python tutorial

Tutorial: Register a Python web app with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn

Tutorial: Register a .NET App with Entra

.NET Core

Tutorial: Register an application with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn

Getting started with Entra External ID

Title

Description

Link

One stop shop, identity platform Developer Center

Great starting point to learn news, docs, tutorials, videos and more

Microsoft Entra External ID | Simplify customer identity management | Microsoft Developer

Tutorial: Add authentication to Vanilla SPA App

JavaScript tutorial

Tutorial: Create a Vanilla JavaScript SPA for authentication in an external tenant - Microsoft Entra External ID | Microsoft Learn

Tutorial: Sign in users to Node.js app

JavaScript/Node.js tutorial

Sign in users in a sample Node.js web application - Microsoft Entra External ID | Microsoft Learn

Tutorial: Sign in users to ASP .NET Core

.NET Core tutorial

Sign in users to a sample ASP.NET Core web application - Microsoft Entra External ID | Microsoft Learn

Sign in users to a Python Flask app

Python tutorial

Sign in users in a sample Python Flask web application - Microsoft Entra External ID | Microsoft Learn

Tutorial: Sign in to Node.js app

JavaScript/Node.js tutorial

Tutorial: Prepare your external tenant to sign in users in a Node.js web app - Microsoft Entra External ID | Microsoft Learn

Tutorial: Sign in users to .NET Core app

.NET Core Tutorial

Tutorial: Prepare your external tenant to authenticate users in an ASP.NET Core web app - Microsoft Entra External ID | Microsoft Learn

Summary and takeaways

In summary, we introduced you to Entra and some of its products in a large family of products. You were also shown some scenarios and what products would fit. Finally, we recommended some great starter links. Hope you’re off to a great start, thanks for reading!

What is Entra and why choose it to secure your apps (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Annamae Dooley

Last Updated:

Views: 5555

Rating: 4.4 / 5 (45 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Annamae Dooley

Birthday: 2001-07-26

Address: 9687 Tambra Meadow, Bradleyhaven, TN 53219

Phone: +9316045904039

Job: Future Coordinator

Hobby: Archery, Couponing, Poi, Kite flying, Knitting, Rappelling, Baseball

Introduction: My name is Annamae Dooley, I am a witty, quaint, lovely, clever, rich, sparkling, powerful person who loves writing and wants to share my knowledge and understanding with you.