What You Need to Know About Microsoft Entra
This week, Microsoft announced the launch of a new suite of products – Microsoft Entra! Perhaps you already read the announcement posted on the Microsoft security blog or watched the video featuring Joy Chik, CVP Corporate Identity and Vasu Jakkal, CVP, Security, Compliance, Identity & Management. If not, allow us to provide you with the TL; DR on what Entra is and what it means for your organization.
Essentially, Microsoft Entra is a new brand that brings together the three main pillars of Microsoft’s identity and access management strategy under a single, integrated “identity trust fabric.” The name “Entra” was chosen, “…because identity…should be an entryway into a world of new possibilities, not a gateway restricting access, creating friction and holding back innovation.”
Entra represents a bringing together of Microsoft’s vision of identity that they have been working on for the last several years. In launching the new branding, Microsoft has been able to emphasize two of their key initiatives: A Zero Trust approach to the identity components of their security strategy and an increasing emphasis on multicloud environments.
In this blog, I’ll expand on the three pillars of Entra. As you read through this, keep in mind the entire application landscape is evolving towards modern authentication and security. Microsoft Entra will verify all types of identities while securing, managing, and governing their access to any resource.
The Three Pillars of Entra
Microsoft Entra ID (previously Azure Active Directory)
Microsoft Entra ID, the foundation of identity access management, is the central component. As Joy says in the announcement video, “{Microsoft Entra ID] will remain the foundation on which all the new value props will be added.”
Microsoft Entra ID is truly the world’s largest identity service with over 30 billion daily authentications. Microsoft Entra External Identities will continue to be the solution for customer and partner identity management under the Entra brand.
Check out OCG’s recent blog, “Microsoft Entra ID as the Center of the Identity Universe,” which discusses moving the center of identity and authentication away from on-premises directories to prepare for modern authentication and Zero Trust security.
Microsoft Entra Permissions Management
Formerly known as CloudKnox Permissions Management, Entra Permissions Management is the newest member of the family. Microsoft is the first major cloud provider to offer a Cloud Identity Entitlement Management (CIEM) solution. Designed specifically for organizations operating in a multi-cloud environment, it provides visibility into the permissions for all identities (user and workload), actions, and resources.
Entra Permissions Management will be a standalone offering generally available worldwide in July 2022 and will integrate with the Microsoft Defender for Cloud dashboard, extending Defender for Cloud’s protection with CIEM.
Microsoft Entra Verified ID
Entra Verified ID is the culmination of several years of Microsoft collaboration with the decentralized identity (DID) community. Based on the DID standards, Entra Verified ID makes portable, self-owned identity possible. Business use cases for decentralized identity include: conducting background checks, managing health records, and conducting business-to-business and business-to-consumer transactions more efficiently and securely.
To learn more, check out our webinar recording, “How do Verifiable Credentials and Decentralized Identity Work?”
Entra Verified ID bolsters capabilities for privacy, risk, and compliance requirements. The tenets of decentralized identity are that individuals should:
- have the right to own their own digital identity
- that it should be secure and reliable and not prone to compromise
- that it be inclusive, fair, and easy to use
- that it can be delegated to trusted family and friends in the event of incapacity
- that it is environmentally responsible.
Extending these guiding principles out further to the enterprise means that organizations can issue verifiable identities to employees and other workloads. Having this capability under a unified suite of products makes managing this capability easier and much more secure.
What does all of this mean for you and your organization?
If you are already using Azure Active Directory, now Microsoft Entra ID, as the focal point of your identity and access management strategy, then you are poised to benefit from many of the existing capabilities Microsoft Entra provides. You can also begin exploring more advanced functionality, such as privileged identity management, entitlement management, access reviews, and passwordless authentication.
Advancing the Zero Trust security model
Microsoft has placed Microsoft Entra ID at the center of the Zero Trust model. It provides users, devices, and workload identities with a single, strong identity, along with an intelligent risk-based policy engine for granting or denying access to critical resources based on real-time conditions.
In addition to providing a modern authentication and authorization control plane for all your identities and apps, Microsoft Entra ID can provide a complete identity lifecycle management solution by using the lifecycle workflows and leveraging the existing functionality in Microsoft Identity Manager (MIM), Microsoft Entra Cloud Sync, and Microsoft Entra Connect Sync. Microsoft Entra ID provides automated provisioning from human resources apps to Microsoft Entra ID, from Microsoft Entra ID to apps, and between Microsoft Entra ID and on-premises Active Directory domain services.
If you are currently operating key infrastructure in a multi-cloud environment – or plan to – an integrated CIEM solution that can effectively discover, remediate, and continuously monitor permission risk for any identity or resource will be an important part of your overall governance strategy. Mergers and acquisitions, which often introduce new digital ecosystems with new risks, will benefit from an integrated solution that can provide a governance layer to multicloud environments while mitigating the risks associated with permissions creep.
Some concluding thoughts
By bringing Microsoft Entra ID, Entra Permissions Management, and Entra Verified ID together, Microsoft is helping customers align with a Zero Trust Framework. The goal is to protect all cloud resources under a single Entra Identity control plane.
If you’re wondering about licensing, know that products within Microsoft Entra are available for sale but there is no Entra bundle to purchase. Additionally, the Microsoft Entra ID offering does not change. Permissions Management will reach general availability soon and is available to all customers.
If your organization is looking for guidance around the solutions included in Microsoft Entra, please contact Oxford Computer Group. We’d be delighted to help.