What is Microsoft Entra?
Microsoft in August 2023 started to replace the name for Azure Active Directory commonly known as Azure AD into Microsoft Entra ID. At least now it’s time to deal with what Microsoft Entra is all about?
Microsoft Entra is more than just rebranding the Azure AD, it’s a new unifying brand and product family for all identity and network access solutions and beyond from Microsoft, we will see all of them below.
There are no changes to any Azure AD capabilities, APIs, login URLs, PowerShell cmdlets, Microsoft authentication library (MSAL), developer experiences, or tooling, only the name is changing.
Once the new name rolls out, all Azure AD features will also move under the new name. For example, Azure AD Conditional Access will become Microsoft Entra Conditional Access, Azure AD MFA will become Microsoft Entra MFA, Azure AD single sign-on will become Microsoft Entra single sign-on, and so on.
- Get a quick overview about each product in Microsoft Entra
But first in a nutshell, what is Microsoft Entra all about?
Microsoft Entra is as already mentioned a product family name for all identity and network access solutions from Microsoft.
Microsoft Entra is part of the Microsoft Security portfolio, which also includes Microsoft Purview for compliance, Microsoft Priva for privacy, Microsoft Defender for threat protection and cloud security, and Microsoft Sentinel for security information and event management (SIEM).
When Microsoft announced Microsoft Entra in May 2022, the Microsoft Entra product family consisted of Azure Active Directory (Azure AD), Microsoft Entra Permissions Management, and Microsoft Entra Verified ID.
The current product family has expanded beyond identity and access management into new market categories such as security service edge with Microsoft Entra Global Secure Access.
Microsoft Entra is the new unifying brand for this portfolio of products. To align with this change, Azure AD is becoming Microsoft Entra ID.
Today, the Microsoft Entra product family includes:
- Microsoft Entra ID (formerly Azure Active Directory)
- Microsoft Entra ID Governance
- Microsoft Entra External ID (formerly Azure AD External Identities)
- Microsoft Entra Permissions Management
- Microsoft Entra Verified ID
- Microsoft Entra Workload ID
- Microsoft Entra Global Secure Access
- Microsoft Entra Internet Access
- Microsoft Entra Private Access
(Microsoft Entra Internet Access and Microsoft Entra Private Access are unified in Global Secure Access in the Microsoft Entra admin center)
I will take a detailed look at each of these products and we will also see each of them in action to get a better understanding about what they all are really for. At first sight the whole product family can be a little bit overwhelming and it’s not easy to keep track of each product and its capabilities.
Each of them I will show in a separate detailed post which I will link to in the overview section below.
The Microsoft Entra admin center unifies Microsoft Entra ID with other Identitiy and Access Products.
To purchase Microsoft Entra, start with subscriptions to Microsoft Entra ID P1 or P2 licenses, which can also be purchased as part of Microsoft 365 E3 and E5 licenses. Other products in the Microsoft Entra family can be purchased as add-on or standalone solutions.
Get a quick overview about each product in Microsoft Entra
Microsoft Entra ID (formerly Azure Active Directory)
Microsoft Entra ID is just a new name for Azure AD and there are no changes to any Azure AD capabilities.
More details you will find in my following post https://blog.matrixpost.net/what-is-microsoft-entra-id/.
Microsoft Entra ID Governance
Microsoft Entra ID Governance provides 4 main sections (features) which are:
- Entitlement management
In a nutshell, it allows your organization to manage access to groups, applications and SharePoint online sites for internal users and also users outside your organization. As the name itself implies, the whole process of requesting, approving and expiration of access is automated and self-service by using so called access packages.
- Access reviews
In a nutshell, user’s access can be reviewed regularly to make sure only the right people have continued access.
- Privileged Identity Management
In a nutshell, Privileged Identity Management provides time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on resources that you care about.
- Lifecycle workflows
A new identity governance feature that enables organizations to manage Microsoft Entra users by automating these three basic lifecycle processes:
- Joiner: When an individual enters the scope of needing access. An example is a new employee joining a company or organization.
- Mover: When an individual moves between boundaries within an organization. This movement might require more access or authorization. An example is a user who was in marketing and is now a member of the sales organization.
- Leaver: When an individual leaves the scope of needing access. This movement might require the removal of access. Examples are an employee who’s retiring or an employee who’s terminated.
For more details and seeing Microsoft Entra ID Governance in action you can read my following post
Microsoft Entra External ID (formerly Azure AD External Identities)
Microsoft Entra External ID (for customers) is Microsoft’s new customer identity and access management (CIAM) solution.
For organizations and businesses that want to make their public-facing applications available to consumers, Microsoft Entra ID makes it easy to add CIAM features like self-service registration, personalized sign-in experiences, and customer account management. Because these CIAM capabilities are built into Microsoft Entra ID, you also benefit from platform features like enhanced security, compliance, and scalability.
When getting started with Microsoft Entra ID for customers, you first create a new dedicated customer tenant that will contain your customer-facing apps, resources, and directory of customer accounts.
For more details and seeing Microsoft Entra External ID in action you can read my following post
Microsoft Entra Permissions Management
Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM pronounced kim) solution that provides comprehensive visibility into permissions assigned to all identities. For example, over-privileged workload and user identities, actions, and resources across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Permissions Management detects, automatically right-sizes, and continuously monitors unused and excessive permissions.
Organizations have to consider permissions management as a central piece of their Zero Trust security to implement least privilege access across their entire infrastructure.
For more details and seeing Microsoft Entra Permissions Management in action you can read my following post https://blog.matrixpost.net/what-is-microsoft-entra-permissions-management/
Microsoft Entra Verified ID
Microsoft Entra Verified ID is Microsoft’s solution for Verifiable credentials (VCs).
For more details and seeing Microsoft Entra Verified ID in action you can read my following post https://blog.matrixpost.net/microsoft-entra-verified-id/.
Microsoft Entra Workload ID
A workload identity is an identity you assign to a software workload (such as an application, service, script, or container) to authenticate and access other services and resources.
In a nutshell, most identity and access management solutions on the market today are focused only on securing human identities and not workload identities.
Microsoft Entra Workload ID helps resolve these issues when securing workload identities.
For more details and seeing Microsoft Entra Workload ID in action you can read my following post https://blog.matrixpost.net/microsoft-entra-workload-id/.
Microsoft Entra Global Secure Access
Microsoft Entra Global Secure Access is a generic term and unified location in the Microsoft Entra admin center for two services named Microsoft Entra Internet Access and Microsoft Entra Private Access which builds Microsoft’s Security Service Edge solution (SSE).
- Microsoft Entra Internet Access secures access to Microsoft 365, SaaS, and public internet apps.
- Microsoft Entra Private Access provides your users – whether in an office or working remotely – secured access to your private, corporate resources.
For more details and seeing Microsoft Entra Global Secure Access in action you can read my following two posts.
What is Microsoft Entra ID?
What is Microsoft Entra ID Governance?
What is Microsoft Entra ID for customers?
What’s Microsoft Entra Permissions Management
Introduction to Microsoft Entra Verified ID
What are workload identities?
Global Secure Access documentation (Microsoft Entra Internet Access and Private Access)