The evolution of the digital tools that we use is a natural result of technological advancements. In line with these developments, Microsoft has announced a significant rebranding: Microsoft Azure Active Directory will be known as Microsoft Entra ID starting October 2023.
This transition, while impactful, epitomizes Microsoft's commitment to providing cutting-edge identity and access management solutions to businesses globally.
What is Azure Active Directory (Microsoft Entra ID)?
Azure Active Directory, now known as Microsoft Entra ID, is Microsoft's cloud-based identity and access management service. Organizations use it to assist employees in signing in to applications, systems, and programs, as well as accessing resources, including:
- Cloud-based apps like Office 365.
- The Azure portal.
- Internal resources like apps on your corporate network and intranet.
This rebranding does not change the core functionality of the Azure Active Directory product. The name “Active Directory” has become something of an anachronism in our increasingly digital world. The term “directory” often conjures thoughts of a printed sheet or rotating business card filing apparatus sitting on a giant wooden desk in a smoke-filled office building. The more modern “Entra ID” name also signifies the product’s evolution and a greater alignment with Microsoft's broader offerings.
Why Did Microsoft Change Azure Active Directory to Microsoft Entra ID?
Microsoft is rebranding its Azure Active Directory product to Microsoft Entra ID in October 2023.
Azure Active Directory (Microsoft Entra ID) is a cloud-based identity and access management service that helps employees sign in and access resources in external applications and services.
The name change is part of an ongoing commitment to simplify secure access experiences for everyone and make navigating the unified and expanded Microsoft Entra portfolio easier for users.
How Does Azure Active Directory (Microsoft Entra ID) Fit Within the Microsoft Entra Family of Products?
Microsoft's decision to rebrand Microsoft Azure Active Directory to Microsoft Entra ID is part of a strategic shift to consolidate its services under the "Entra" brand name. This transition represents a more unified, integrated approach to Microsoft's range of products and services. As companies increasingly rely on interconnected systems, Microsoft Entra promises a suite of tools and services that ensure seamless interaction and heightened security.
The Microsoft Entra family of products consists of three segments:
- Identity and access management.
- Network access.
- New identity categories.
Identity and Access Management
Identity and Access Management (IAM) is a framework of policies and technologies that ensures the right individuals can access the appropriate resources in an organization at the right times and for the right reasons. It focuses on defining and managing user identities and their associated permissions.
The identity and access management segment of the Microsoft Entra ID suite includes the following products:
- Microsoft Entra ID: This core product manages user identities and controls access to your apps, data, and resources. It offers features such as multifactor authentication, conditional access, identity protection, privileged identity management, app registration, business-to-business (B2B) collaboration, business-to-consumer (B2C) identity management, and more.
- Microsoft Entra ID Governance: This product helps you protect, monitor, and audit access to critical assets while ensuring employee productivity. It offers features such as entitlement management, access reviews, terms of use, privileged access groups, and more.
- Microsoft Entra External ID: This product helps you secure and manage any external user in your organization, such as customers and partners. It offers an external identities self-service sign-up and sign-in feature, the ability to create user flows, custom policies, social identity providers, passwordless authentication, and more.
Network Access
In the context of modern information technology, network access refers to the ability of users, devices, applications, and other resources to connect to and interact with cloud-based services and infrastructure. Given the distributed nature of the cloud, controlling and monitoring network access is crucial to ensure data security, availability, and optimal performance.
The network access segment of Microsoft includes the following products:
- Microsoft Entra Internet Access: Helps you protect access to all internet, SaaS, and Microsoft 365 apps and resources with an identity-centric Secure Web Gateway. It offers features such as web filtering, malware protection, data loss prevention, cloud app discovery, cloud app control, secure remote browser isolation, and more.
- Microsoft Entra Private Access: Helps you secure access to all private apps and resources with identity-centric Zero Trust Network Access (ZTNA). It offers features such as micro-segmentation, application proxy, private link service integration, VPN replacement or augmentation, device posture assessment, and more.
New Identity Categories
Before a new employee starts at your company, your human resources department typically runs background checks on them to determine if the person is who they say they are. This verification of a new employee is similar to the function of the new identity categories segment of the Microsoft Entra suite.
The new identity category of Microsoft Entra includes the following products:
- Microsoft Entra Verified ID: This product helps you enable more secure interactions while respecting privacy with an industry-leading global platform. It offers features such as issuing and verifying identity credentials based on open standards such as Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs).
- Microsoft Entra Permissions Management: This product helps you manage identity permissions across your multi-cloud infrastructure. It offers features such as discovering permissions across clouds, right-sizing permissions based on usage data, enforcing least privilege policies across clouds, detecting anomalous permissions behavior across clouds, and more.
- Microsoft Entra Workload ID: This product helps you secure identities for apps and services and their access to cloud resources. It offers features such as managing service principals across clouds, rotating secrets across clouds, enforcing granular policies for service-to-service communication across clouds, detecting anomalous service behavior across clouds, and more.
How Does the Name Change Impact Azure Active Directory P1 and P2?
Microsoft’s active directory products come in three configurations, Azure Active Directory basic, P1, and P2. The rebranding to Microsoft Entra ID does not impact the Azure Active Directory pricing or features of any configurations. Users of these tiers will continue to enjoy the same set of capabilities they are familiar with but with enhanced updates and integrations reflective of the new brand name.
Azure Active Directory Premium provides a robust identity platform with enhanced security, productivity, and accessibility capabilities. Microsoft offers two options for buyers of this premium plan.
The Azure Active Directory P1 (Premium P1) and P2 (Premium P2) options are the higher-tier versions of Azure AD with advanced features. Here's a table that outlines the key differences between these two editions:
|
Feature/Aspect |
Azure AD Premium P1 |
Azure AD Premium P2 |
|
Directory Objects |
Up to 500,000 objects (can be increased for a fee) |
No limit |
|
Self-Service Password Reset |
Available |
Available |
|
Advanced Group Access Management |
Available |
Available |
|
Azure AD Join |
Available for Windows 10 and Windows 11 devices |
Available for both Windows 10 and Windows 11 devices |
|
Hybrid Identities |
Azure AD Connect, Connect Health |
Azure AD Connect, Connect Health |
|
MFA (Multi-Factor Authentication) |
Available |
Available with additional security reports |
|
Conditional Access |
Basic conditional access capabilities |
Advanced conditional access |
|
Identity Protection |
Not available |
Risk-based conditional access, Vulnerable users discovered |
|
Access Reviews |
Not available |
Available |
|
Entitlement Management |
Not available |
Available |
|
B2B Collaboration |
Enables a basic level of secure IAM for collaboration between external partners |
Enables advanced policies and configurations for collaboration between external partners |
|
Cloud App Discovery |
Basic analytics |
Advanced analytics |
|
Connect Health |
Available |
Available |
|
Usage Reports |
Available |
Available |
|
Price |
Generally less expensive |
Priced higher due to additional features |
Need Help with Microsoft Licensing?
Leave your Microsoft licensing, security, and software solutions to us so you can concentrate on moving your business forward.Drop Us a Line
Features of Azure Active Directory (Microsoft Entra ID)
Azure Active Directory was the cornerstone cloud-based identity and access management service for many small local businesses and large global corporations alike. Now, the rebranded Entra ID is continuing to deliver on Azure AD's core identity and access management features such as:
Strong Access Policies
Microsoft Entra ID boasts sophisticated access policies, ensuring that only authorized users can access specific resources based on conditions like their role, location, or device state. These access policies can be categorized as conditional access to corporate resources.
Prior to organizations adopting Azure Active Directory authentication methods, access to IT resources by employees (and external partners) was typically granted through simple security mechanisms like a password or PIN code. Once a user types in their alphanumeric code, they’re authenticated to access the IT resource. However, with Entra ID, an IT organization can strengthen its user authentication process via conditional access.
Conditional access evaluates the user's risk based on various signals such as:
- User or group memberships
- IP address location
- Type of device
- Connecting application
- Real-time risk detection
Entra ID quickly and automatically processes these various signals to render a decision based on the user's risk. For example, after a user authenticates, Entra ID’s conditional access checks if the user belongs to a specific business group, their role in the group, their device to authenticate, the app they're trying to access, and their physical location. Based on all these various signals, Entra ID can determine if the conditions meet the IT organization’s security policy and then either allow, deny, or require more information from the user before access is granted.
Passwordless and Multi-Factor Authentication (MFA)
Readers of the Amaxra blog know that our consultants are staunch supporters of MFA, the sign-in process requiring additional forms of identification beyond just a password. Entra ID implements MFA by automatically sending prompts for secondary forms of authentication that are typically presented to users during their first login, such as a code sent to a mobile device or a fingerprint scan. The use of MFA ensures that user identities are doubly verified, safeguarding against potential breaches.
Microsoft Entra ID allows IT admins to combine conditional access with MFA. This enables a new level of flexibility in triggering MFA based on various conditions. Although it requires a premium license, the combined MFA and conditional access can be extremely useful because IT admins can set up MFA for very specific cloud applications, users, or locations.
Embracing the future of security, Microsoft Entra ID offers a passwordless sign-in feature through Microsoft Authenticator. This helps protect users against common password-oriented attacks by allowing users to access any Azure AD account without a password. Instead, it uses key-based authentication tied to a device, which then requires a PIN or biometric for verification. Users are prompted to tap a number displayed in their Microsoft Authenticator app during the sign-in process when using this feature. They don't need to enter a username or password. To finalize the sign-in, users input the displayed number into the Authenticator app, select "Approve", and then provide their PIN or biometric.
One of the advantages is that users can activate passwordless phone sign-in for multiple Entra ID accounts on a single supported iOS device. This is beneficial for individuals like consultants or students who manage multiple accounts. Previously, there was a limitation where users with multiple accounts might need multiple devices for passwordless sign-in. With the ability to sign in to multiple accounts from a single device, administrators can more readily promote passwordless phone sign-in as the primary method.
To successfully use Entra ID's passwordless sign-in feature:
- Turn on Multi-Factor Authentication with push notifications as a verification method. These notifications enhance security by preventing unauthorized access.
- Users must have the latest version of the Microsoft Authenticator app installed on their iOS or Android devices.
- Android devices using Microsoft Authenticator should be registered to a specific user, while iOS devices need registration with each tenant they use for sign-in.
Ability to Manage Access for Cloud-Based or On-Premises Systems
In traditional IT environments, applications store users and their authentication credentials in separate databases. This approach was common when apps were hosted by on-premise servers or colocated in data centers (before the mainstream adoption of cloud-native IT environments). Challenges with that traditional approach to access management include high risks of cybersecurity breaches, time-consuming implementations required by IT departments, and the need for users to remember multiple usernames and passwords. However, the modern approach of using a centralized cloud-based identity provider for access management has simplified this process for all parties involved. Using Entra ID as an identity provider, devices and the people using them send their credentials to Entra ID and receive a security token in return. When you think of it as a server-client relationship, this security token is exchanged with the server, which verifies the client's identity based on the trusted signals cataloged and managed with Entra ID.
Entra ID (and its predecessor Active Directory) is useful because it connects with legacy on-premise systems, cloud-native environments, and hybrid versions where both are used. So, whether your organization uses cloud-based systems, on-premises setups, or a mix of both, Microsoft Entra ID offers seamless access management across all these environments.
Can Integrate with Essentially Any Enterprise Application for Seamless Security
As we’ve already established, Entra ID is the new name for Microsoft Active Directory, which is synonymous with IAM in the enterprise. It is so entrenched in the IT world that even when organizations are using non-Microsoft software such as Salesforce or Google Workspace, that same organization will use Active Directory (now Entra ID) as the identity provider for users to sign into their business-critical applications across multiple device platforms. From legacy applications to modern cloud-based solutions, Microsoft Entra ID provides integrations for virtually any enterprise application, ensuring enhanced cyber security with seamless user experiences.
Benefits of Azure Active Directory (Microsoft Entra ID)
At a high level, Entra ID provides a secure and efficient identity and access management solution that helps IT directors streamline operations, improve cyber security, and enhance the overall user experience. Some of the more tangible benefits of Entra ID for business IT organizations include:
Protect Access to Resources and Data
At its core, Microsoft Entra ID focuses on ensuring that only the right people have access to sensitive data and resources, thereby bolstering organizational security. Organizations can use Entra ID to implement consistent security policies at scale to control access to apps (or any other type of digital workload) and devices. Microsoft calls this ability “adaptive identity and access” because Entra ID uses the power of Microsoft’s secure and globally spanning cloud infrastructure to help IT managers discover devices, “right-size” the permissions needed by users based on their known identity and ensure the least privilege access for any user based on their aggregated signals.
Fast, Easy User Sign-In Experience
With features like Single Sign-On (SSO), users can access multiple applications with one set of credentials, simplifying and speeding up the sign-in process. Entra ID stores and manages all of the identity data required by SSO. This secure repository of identity data allows users to access all their apps from any location, on any device, from a centralized cloud-native web portal. The portal can also be easily branded with an organization's logo to enhance the user experience with a bit of company pride. Setting up SSO within Entra ID is largely automated, with simplified provisioning workflows and self-service tools to help reduce IT costs.
Unified Identity Management
Microsoft Entra ID brings together identity management across various services and applications under one umbrella, streamlining administrative tasks and enhancing security. An easy analogy is an office building with 25 separate rooms, each room is accessible using a keycard, and you have 100 employees in your office. Would you rather provide 25 separate keycards for each of your 100 employees (that means you’re providing 2,500 total keycards, which are all but guaranteed to be lost, stolen, and generally impossible to track) or assign each of your 100 employees a single keycard that only allowed access to the rooms they were authorized to access? That’s what unified identity management in Entra ID is like if you think of each room in the building as representing a different cloud service or software application and having a unified identity management system like Entra ID allows you to assign a single keycard per employee that can access the rooms they're allowed to enter.
Getting Started with Azure AD (Microsoft Entra ID)
Getting started with Azure AD involves these steps:
|
Task |
Description |
|
Creating a New Tenant |
Start by setting up a new tenant on the Microsoft Entra ID portal, which serves as a dedicated instance of Azure AD for your organization. |
|
Adding a Custom Domain Name |
Integrate your company's domain name with Microsoft Entra ID to enhance trust and recognition among users. |
|
Associating an Azure Subscription to Your AD Tenant |
Link your Azure subscription to Microsoft Entra ID to leverage and manage Azure resources under a unified identity system. |
|
Adding Privacy Information |
Incorporate privacy-related details to ensure users are aware of data usage policies. |
|
Add Company Branding |
Customize the Microsoft Entra ID interface with your brand's logos and themes for a more personalized experience. |
|
Users, Groups, and Licenses |
Create and manage users, organize them into groups, and allocate necessary licenses for specific Microsoft services. |
|
Enabling MFA |
Activate Multi-Factor Authentication to heighten the security of user sign-ins and transactions. |
|
Integrating Applications |
Link various enterprise applications to Microsoft Entra ID to ensure seamless access and increased security. |
|
Security Defaults |
Implement baseline security standards across the organization with predefined policies. |
|
Blocking Less Secure Authentications |
Guard against potential threats by preventing less secure authentication methods. |
Conclusion
The evolution of Azure Active Directory to Microsoft Entra ID symbolizes the future of identity and access management. As the digital world becomes more integrated and complex, relying on robust and adaptive solutions like Microsoft Entra ID is crucial.
Considering an upgrade or need help with deployment and configuration? Contact Amaxra today, and let our experts guide you in making the most of Microsoft Entra ID for your business.
Get Started Today
We'll build a secure and complete Microsoft software solution for your business while you concentrate on what's important.