What is Microsoft Entra ID? (Formerly Azure Active Directory)
Microsoft Entra ID (formerly known as Azure Active Directory, or Azure AD) is Microsoft's cloud-based identity and access management service. It provides essential tools for managing users, groups, and access to resources in your organization, such as Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Entra ID serves as the backbone for secure user authentication, identity protection, and access control in the cloud and on-premises environments. It also integrates with your on-premises Active Directory (AD) to provide a seamless experience for hybrid environments.
Key Features of Microsoft Entra ID
- User Authentication: Ensures that only authorized users can access your resources by providing secure, multi-factor authentication (MFA) and single sign-on (SSO) capabilities.
- Conditional Access: Enforces policies to ensure that users only access resources when they meet specific security conditions, like device compliance or location.
- Identity Protection: Uses advanced machine learning and behavioral analytics to detect and respond to identity risks, including compromised accounts or risky logins.
- Access Management: Manages access to applications and resources by controlling permissions, creating security groups, and setting up role-based access control (RBAC).
- B2B and B2C Capabilities: Allows secure collaboration with external users (B2B) and provides a scalable identity management system for customer-facing applications (B2C).
- Self-Service Capabilities: Provides users with self-service password reset (SSPR) and profile management features to reduce IT workloads.
Licensing for Microsoft Entra ID
Microsoft Entra ID offers various licensing tiers, depending on the needs and size of your organization. The main licensing models include:
1. Entra ID Free:
- Provides basic user and group management, SSO for up to 10 apps, and self-service password change for cloud users.
- Ideal for small organizations with minimal identity management needs.
2. Entra ID Premium P1:
Entra ID P1 features includes - Conditional Access, Role-based access control (RBAC), Advanced group management (dynamic groups, naming policies, expiration, default classification), Cross-tenant user synchronization, multitenant organizations, SharePoint limited access, Session lifetime management, Global password protection and management (custom banned passwords, users synchronized from on-premises Active Directory), Application launch portal and user application collections in My Apps and Self-service: password change, reset, and unlock; sign-in activity search and reporting; group management (My Groups); entitlement management (My Access); app launching (My Apps); delegated password resets and phone number management (My Staff).
it also includes Microsoft Entra ID Governance features - Automated user provisioning to software as a service (SaaS) apps, Automated user provisioning to on-premises apps, Automated group provisioning to apps, HR-driven provisioning and Terms-of-use attestation.
it also includes some Microsoft Entra Verified ID features such as Verifiable credentials issuance and Verifiable credentials verification.
the P1 featurs are suitable for SMB customers, usually as part of a Business Premium license plan or for customers using a different collaboration platform such as Google Workspace who usually use P1 licenses or Enterprise Mobility And Security E3 if they are interested in Intune MDM as well.
- Entra ID Premium P2:
Entra ID P2 licenses include everything in Entra ID P1 plus the following features:
Microsoft Entra ID Governance features such as - Basic access certifications and reviews, Basic entitlement management and Privileged identity management.
Microsoft Entra ID Protection features such as - Risk-based conditional access, Real-time dynamic sign-in assessment, Real-time dynamic user assessment, Authentication context (step-up authentication), Device and application filters for conditional access, Token protection, Vulnerabilities and risky account detection and Risk event investigation.
- Microsoft Entra Suite
Microsoft Entra Suite is a new service plan for Entra ID that requires basic Entra ID P1 licenses. it includes all of the features included in Entra ID P1 and P2 plus the following features:
Additional Microsoft Entra ID Governance features - Machine learning-assisted access certifications and reviews, Entitlement management custom extensions (Microsoft Azure Logic Apps), Entitlement management with Microsoft Entra Verified ID, Lifecycle workflows and Identity governance dashboard.
Additional Microsoft Entra Verified ID features - High-assurance entitlement management with Microsoft Entra ID Governance and Face Check high-assurance facial matching verification.
Microsoft Entra Internet Access - with features such as Universal conditional access, Traffic logging and policy monitoring, Web category filtering and Fully qualified domain name filtering. This product can also be purchased as a stand-alone.
Microsoft Entra Private Access - with features such as Identity-centric Zero Trust network access (ZTNA), Conditional access across all private apps and resources, Adaptive multifactor authentication, Seamless single sign-on (SSO) access and Fast and easy access at global scale. This product can also be purchased as a stand-alone.
- Additional Stand-Alone Products
Microsoft Entra ID Governance is available for Microsoft Entra ID P1 and P2 customers as a stand-alone add-on. the product helps you Secure access to all internet and SaaS applications and resources, Improve productivity by ensuring that people have access when they require it—without the burden of manual approvals, Strengthen security by reducing risk arising from access abuse and making smart access decisions based on machine learning and Automate the approval process for customary resource access to help you focus on AI-provided insights and exceptions.
Microsoft Entra Workload ID is a standalone product as well that helps youControl workload identity access with adaptive policies, Reduce the risk exposure from lost or stolen identities or credentials and Get a comprehensive health-check view of workload identities. Workload ID supports application identities and service principles in Azure
Microsoft Entra Domain Services is also a standalone product that allows you to Manage your domain services in the cloud, Join Azure virtual machines to a managed domain without domain controllers and Sign in to apps connected to your managed domain with Microsoft Entra credentials.
Microsoft Entra Verified ID is included with any Microsoft Entra ID subscription. Face Check with Verified ID is a premium feature included in the Microsoft Entra Suite or that can be purchased separately. The product allows you to Verify and issue credentials from your organization for any unique identity attributes, Empower your users with ownership of their digital credentials and greater visibility, Reduce security vulnerabilities and simplify the audit process and Use facial matching to provide high-assurance identity verification at scale.
Microsoft Entra Permissions Management is a standalone offering that helps you Get a multidimensional view of risks across identities, permissions, and resources, Enforce least privilege access in your multicloud infrastructure and Prevent breaches caused by misuse and malicious exploitation of permissions.
Permissions Management supports all resources across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform but only requires licenses for billable resources. A billable resource is defined as a cloud service that uses compute instances or data services
Entra ID and Microsoft 365
When purchasing Microsoft 365, Entra ID is included with various plans:
- Microsoft 365 Business Plans: Typically include the basic Entra ID functionality, enabling SSO, user management, and some conditional access policies. Business premium plan includes Entra ID P1.
- Microsoft 365 Enterprise Plans: Microsoft Enterprise E3 Include Entra ID Premium P1 and Microsoft E5 or E5 Security includes Entra ID P2, depending on the plan, providing advanced security, identity protection, and compliance features.
Understanding the licensing model for Microsoft Entra ID is essential to ensuring your organization leverages the right tools and security features, providing scalable identity management as your organization grows.
Conclusion
Microsoft Entra ID is a powerful cloud-based identity management solution designed to secure user access and protect your organization's resources. With a range of licensing options, it can meet the needs of businesses of all sizes, ensuring a flexible, secure, and scalable solution for managing identities in a hybrid and multi-cloud environment.