What You Need to Know About Microsoft Entra
This week, Microsoft announced the launch of a new suite of products – Microsoft Entra! Perhaps you already read the announcement posted on the Microsoft security blog or watched the video featuring Joy Chik, CVP Corporate Identity and Vasu Jakkal, CVP, Security, Compliance, Identity & Management. If not, allow us to provide you with the TL; DR on what Entra is and what it means for your organization.
Essentially, Microsoft Entra is a new brand that brings together the three main pillars of Microsoft’s identity and access management strategy under a single, integrated “identity trust fabric.” The name “Entra” was chosen, “…because identity…should be an entryway into a world of new possibilities, not a gateway restricting access, creating friction and holding back innovation.”
Entra represents a bringing together of Microsoft’s vision of identity that they have been working on for the last several years. In launching the new branding, Microsoft has been able to emphasize two of their key initiatives: A Zero Trust approach to the identity components of their security strategy and an increasing emphasis on multicloud environments.
In this blog, I’ll expand on the three pillars of Entra. As you read through this, keep in mind the entire application landscape is evolving towards modern authentication and security. Microsoft Entra will verify all types of identities while securing, managing, and governing their access to any resource.
The Three Pillars of Entra
Microsoft Azure Active Directory
Azure AD, the foundation of identity access management, is the central component. As Joy says in the announcement video, “Azure AD will remain the foundation on which all the new value props will be added.”
Azure AD is truly the world’s largest identity service with over 30 billion daily authentications. Azure AD External Identities will continue to be the solution for customer and partner identity management under the Entra brand.
Check out OCG’s recent blog, “Azure Active Directory as the Center of the Identity Universe,” which discusses moving the center of identity and authentication away from on-premises directories to prepare for modern authentication and Zero Trust security.
Microsoft Entra Permissions Management
Formerly known as CloudKnox Permissions Management, Entra Permissions Management is the newest member of the family. Microsoft is the first major cloud provider to offer a Cloud Identity Entitlement Management (CIEM) solution. Designed specifically for organizations operating in a multi-cloud environment, it provides visibility into the permissions for all identities (user and workload), actions, and resources.
Entra Permissions Management will be a standalone offering generally available worldwide in July 2022 and will integrate with the Microsoft Defender for Cloud dashboard, extending Defender for Cloud’s protection with CIEM.
Microsoft Entra Verified ID
Entra Verified ID is the culmination of several years of Microsoft collaboration with the decentralized identity (DID) community. Based on the DID standards, Entra Verified ID makes portable, self-owned identity possible. Business use cases for decentralized identity include: conducting background checks, managing health records, and conducting business-to-business and business-to-consumer transactions more efficiently and securely.
To learn more, join us on June 30th for our next webinar, “How do Verifiable Credentials and Decentralized Identity Work?”
Entra Verified ID bolsters capabilities for privacy, risk, and compliance requirements. The tenets of decentralized identity are that individuals should:
- have the right to own their own digital identity
- that it should be secure and reliable and not prone to compromise
- that it be inclusive, fair, and easy to use
- that it can be delegated to trusted family and friends in the event of incapacity
- that it is environmentally responsible.
Extending these guiding principles out further to the enterprise means that organizations can issue verifiable identities to employees and other workloads. Having this capability under a unified suite of products makes managing this capability easier and much more secure.
What does all of this mean for you and your organization?
If you are already using Azure Active Directory as the focal point of your identity and access management strategy, then you are poised to benefit from many of the existing capabilities Azure AD provides. You can also begin exploring more advanced functionality, such as privileged identity management, entitlement management, access reviews, and passwordless authentication.
Advancing the Zero Trust security model
Microsoft has placed Azure AD at the center of the Zero Trust model. It provides users, devices, and workload identities with a single, strong identity, along with an intelligent risk-based policy engine for granting or denying access to critical resources based on real-time conditions.
In addition to providing a modern authentication and authorization control plane for all your identities and apps, Azure AD can provide a complete identity lifecycle management solution by using the lifecycle workflows and leveraging the existing functionality in Microsoft Identity Manager (MIM), Azure AD Cloud Sync, and Azure AD Connect Sync. Azure AD provides automated provisioning from human resources apps to Azure AD, from Azure AD to apps, and between Azure AD and on-premises Active Directory domain services.
If you are currently operating key infrastructure in a multi-cloud environment – or plan to – an integrated CIEM solution that can effectively discover, remediate, and continuously monitor permission risk for any identity or resource will be an important part of your overall governance strategy. Mergers and acquisitions, which often introduce new digital ecosystems with new risks, will benefit from an integrated solution that can provide a governance layer to multicloud environments while mitigating the risks associated with permissions creep.
Some concluding thoughts
By bringing Azure AD, Entra Permissions Management, and Entra Verified ID together, Microsoft is helping customers align with a Zero Trust Framework. The goal is to protect all cloud resources under a single Azure Identity control plane.
If you’re wondering about licensing, know that products within Microsoft Entra are available for sale but there is no Entra bundle to purchase. Additionally, the Azure AD offering does not change. Permissions Management will reach general availability soon and is available to all customers.
If your organization is looking for guidance around the solutions included in Microsoft Entra, please contact Oxford Computer Group. We’d be delighted to help.