What is Microsoft Entra and what does it do?
The Microsoft cloud ecosystem is continually evolving, often introducing new features and capabilities. Microsoft is continuing to evolve its cloud offering and ecosystem with features to help organizations have the tools needed to streamline very difficult and often complex challenges such as RBAC, security, and identity management. In case you haven’t heard, Microsoft has introduced a new service in its portfolio of products called Microsoft Entra. What is Microsoft Entra, what does it do, and how does it compare with similar functionality across various dashboards?
The challenge with today’s hyperconnected cloud-centric world
The cloud has been a revolutionary development in the world of technology. It has transformed the way businesses architect their infrastructure and develop business-critical applications. It is allowing workers to be more mobile and hybrid than ever before.
However, with the tremendous advantages it brings to enterprise infrastructure, it also creates a tremendously expanded attack surface for attackers to take advantage of. Organizations face a conundrum as they are constantly required to push the envelope of innovation to meet business challenges. However, they also need to address cybersecurity concerns and challenges appropriately.
It is mind-boggling the number of connections, services, solutions, and applications that businesses are now using across the landscape of on-premises, hybrid cloud, multi-cloud, and Software-as-a-Service environments. It is becoming impossible to address the virtually unlimited number of access scenarios that organizations need to make happen in their enterprise environments across the many landscapes of their digital infrastructure. Access must be based on established trust using the means to validate access based on identity.
They need access decisions to be as granular as possible (ABAC) and automatically adapt access based on real-time risk assessment. These capabilities are needed everywhere: on-premises, Azure AD, Amazon Web Services, Google Cloud Platform, apps, websites, devices, and whatever comes next.
What is Microsoft Entra?
According to Microsoft’s description of what Entra is and does, it is a new product family that includes Microsoft’s identity and access management capabilities. These IAM tools include Microsoft Azure Active Directory (Azure AD) and also two new categories of products:
- Cloud Infrastructure Entitlement Management (CIEM)
- Decentralized Identity
Microsoft is calling Entra an “identity as a trust fabric” solution. The vision of Entra is that it can be a trust fabric, not only for Microsoft solutions and services but for the entire digital ecosystem that organizations are using today.
The new Microsoft Entra solution will allow organizations to:
- Protect access to apps and resources for any user
- Secure and verify every identity across hybrid and multi-cloud environments
- Discover and govern permissions in multi-cloud environments
- Implement intelligent access decisions with little effort to simply the user experience.
Microsoft Azure AD with Conditional Access and Passwordless authentication
Arguably, the cornerstone solution that makes Entra possible is Microsoft Azure Active Directory with its current features, including Conditional Access and Passwordless authentication. Conditional Access enables organizations to configure and fine-tune access control policies with contextual factors. These factors may include real-time risk information, location, device, or user information. All of these factors and attributes about the connection allow controlling what a specific user can access, how they access, and when they can access resources. With conditional access, decisions are enforced based on aggregated signals.
Azure Active Directory External Identities
Part of the ability of Microsoft Entra to secure and verify identity across multiple cloud environments is made possible by Azure Active Directory External Identities. The Azure Active Directory External Identities solution provides highly secure digital experiences for partners, customers, citizens, patients, or any users outside the boundaries of your organization with customizable controls. With Microsoft Entra, you can combine external identities and user directories in one portal to seamlessly manage access across the organization.
Microsoft Entra features
As you may have already gathered from the above descriptions of the Microsoft Entra components, Microsoft Entra is Microsoft’s solution to provide identity management, RBAC, and CIEM as a solution for all your identities.
Part of the functionality offered with Microsoft Entra comes from Microsoft’s acquisition of CloudKnox Security. It has now been reborn as Microsoft Entra Permissions Management. This solution, as part of Microsoft Entra allows discovering, remediating, and monitoring permission risks for any identity or resource across clouds.
This is the Cloud Infrastructure Entitlement Management (CIEM) platform Microsoft references with the features of Microsoft Entra. It allows organizations to have visibility and control over permissions for any identity and resources in:
- Microsoft Azure
- Amazon Web Services (AWS)
- Google Cloud Platform (GCP)
It will provide the following capabilities as part of the solution to manage identity across clouds:
- Unified multi-cloud permissions management
- Automated remediation
- Anomaly detections and alerts
- Detailed forensic reports
RBAC permissions creep index
One of the highly valuable features provided by Microsoft Entra as part of its CIEM functionality is the Permissions Creep Index. This extremely helpful permissions index provides a single and unified metric, ranging from 0 to 100, that calculates the gap between the permissions granted and permissions used over a specific period. The higher the gap, the higher the index. It focuses on and considers high-risk actions, which means it looks at actions that could cause data leakage, service disruption degradation, or security posture change.
Automatic remediation
With the automatic remediation provided, you can right-size excessive and unused permissions in only a few clicks. With the automatic remediation capabilities, all unused permissions for a predetermined set of identities can be remediated regularly.
You can also quickly implement just-in-time management to grant permissions on-demand with Microsoft Entra, allowing organizations to grant access temporarily to specific cloud resources.
Anomaly and outlier detection
Microsoft Entra provides anomaly and outlier detection that alerts on suspicious activity. The Permissions Management capabilities continuously update your Permissions Creep index and flag security incidents, sending alerts when anomalous behavior happens. You can initiate forensic reports around identities, actions, and resources from the contextual information gathered by Microsoft Entra.
Microsoft Entra Verified ID
The Microsoft Entra Verified ID is based on decentralized identity standards. It is an enterprise-ready decentralized identity service based on open standards, providing a self-owned identity for organizations using a multi-cloud strategy. With the Entra Verified ID, you can issue and verify workplace credentials, education status, certificates, or any unique identity in a global identity ecosystem.
What are verified credentials? These are identity claims or attestations that provide proof of a workplace or student ID, official memberships, or other attributes from a trusted authority. The reason to use verified ID:
- Fast onboarding
- More access security
- Easy account recovery
- Custom business solutions
Wrapping Up
Identity is the future of security in the organization. With the multitude of environments and cloud resources businesses are using today, managing and securing identities across multiple clouds and on-premises environments can be a challenge. Microsoft slates Microsoft Entra to be a “trust fabric,” allowing companies to have a single solution to manage and secure identities across their clouds.
Learn more about Microsoft Entra: