Blog Post

Apps on Azure Blog
8 MIN READ

What is Microsoft Entra  (and why use it)?

Chris_Noring's avatar
Chris_Noring
Icon for Microsoft rankMicrosoft
Oct 04, 2024

 

Microsoft Entra is a family of identity and network access products designed to implement a Zero Trust security strategy. It is part of the Microsoft Security portfolio which also includes

 

- Microsoft Defender for cyberthreat protection and cloud security,

- Microsoft Sentinel for security information and event management (SIEM),

- Microsoft Purview for compliance,

- Microsoft Priva for privacy and

- Microsoft Intune for endpoint management. 

 

 

Zero-trust strategy 

The Zero Trust security strategy is a modern approach to cybersecurity that assumes no user or device, whether inside or outside the network, should be trusted by default. Instead, every access request must be verified and authenticated before granting access to resources. This strategy is designed to address the complexities of the modern digital environment, including remote work, cloud services, and mobile devices. 

 

Why use Entra 

Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management solution that offers several benefits over traditional on-premises solutions: 

 

- Unified Identity Management: Entra provides a comprehensive identity and access management solution that spans across hybrid and cloud environments. This means you can manage user identities, access rights, and entitlements in a unified manner, which simplifies administration and enhances security.

 

- Seamless User Experiences: Entra supports Single Sign-On (SSO), allowing users to access multiple applications with a single set of credentials. This reduces password fatigue and improves user experience.

 

- Adaptive Access Policies: Entra enables strong authentication and real-time, risk-based adaptive access policies without compromising user experience. This helps in securing access to resources and data effectively 

 

- Integration with External Identities: Entra External ID allows organizations to securely manage and authenticate users who are not part of their internal workforce, such as customers, partners, and other external collaborators. This is particularly useful for businesses needing to collaborate securely with external partners 

 

- Market Challenge Addressed: Entra addresses the market challenge of providing a comprehensive IAM solution across hybrid and cloud environments that ensures security, simplifies user authentication, and enables secure access to resources 

 

- Scalability: Cloud solutions like Entra can scale easily to accommodate growing numbers of users and applications without the need for additional hardware or infrastructure.

 

- Cost Efficiency: By using a cloud solution, organizations can reduce the costs associated with maintaining on-premises infrastructure, such as servers and networking equipment.

 

- Flexibility: Entra provides flexibility in terms of deployment and integration with various applications and services, both within and outside the Microsoft ecosystem.

 

- Security: Cloud solutions often come with built-in security features and regular updates to protect against emerging threats. Entra includes robust support for Conditional Access and Multi-Factor Authentication (MFA), which are essential for protecting sensitive data 

As you can see, you have many reasons to be excited about Entra and its suite of products. 

 

More on Entra products 

Microsoft Entra is designed to provide identity and access management, cloud-infrastructure management, and identity verification. It works on:  

  • On-premises.  
  • Across Azure, AWS, Google Cloud.  
  • Across Microsoft and third-party apps, websites, and devices. 

Here are the key products and solutions within the Microsoft Entra product family. 

 

 

  1. Microsoft Entra ID: This is a comprehensive identity and access management solution. It includes features like conditional access, role-based access control, multifactor authentication, and identity protection. Entra ID helps organizations manage and protect identities, ensuring secure access to apps, devices, and data. 
  2. Microsoft Entra Domain Services: This product provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. It enables organizations to run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises Active Directory Domain Services (AD DS) environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud. 
  3. Microsoft Entra Private Access provides users (in office or working remotely) secured access to private, corporate resources. It enables remote users to connect to internal resources from any device and network without requiring a virtual private network (VPN). The service offers per-app adaptive access based on Conditional Access policies, for more granular security than a VPN. 
  4. Microsoft Entra Internet Access secures access to Microsoft services, SaaS, and public internet apps while protecting users, devices, and data against internet threats through the identity-centric, device-aware, cloud-delivered Secure Web Gateway (SWG) of Microsoft Entra Internet Access. 
  5. Microsoft Entra ID Governance is an identity governance solution that helps ensure that the right people have the right access to the right resources at the right time by automating access requests, assignments, and reviews through identity lifecycle management.  
  6. Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks. These identity-based risks can be further fed into tools like Conditional Access to make access decisions or fed back to a security information and event management (SIEM) tool for further investigation and correlation.  
  7. Microsoft Entra Verified ID is a credential verification service based on open decentralized identities (DID) standards. This product is designed for identity verification and management, ensuring that users' identities are securely verified. It supports scenarios like verifying workplace credentials on LinkedIn. 
  8. Microsoft Entra External ID: This product focuses on managing external identities, such as customers, partners, and other collaborators who are not part of the internal workforce. It allows organizations to securely manage and authenticate these external users, providing features like custom-branded sign-up experiences, self-service registration flows, and user management. 
  9. Microsoft Entra Permissions Management: This product deals with managing permissions and access controls across various systems and applications, ensuring that users have the appropriate level of access. It enables organizations to detect, automatically right-size, and continuously monitor unused and excessive permissions across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). 
  10. Microsoft Entra Workload ID: This product helps apps, containers and services securely access cloud resources, providing identity and access management for workload. 

 

Which Entra product to choose? 

We’ve explained some important products, but you might still wonder what to choose, so let’s look at some scenarios. 

Scenario: GitHub Actions Integration 

A development team uses GitHub Actions for continuous integration and continuous deployment (CI/CD) pipelines. They need to securely access Azure resources without managing secrets. 

Recommended product: Entra Workload ID 

Why Entra Workload ID? Microsoft Entra Workload ID supports workload identity federation, allowing GitHub Actions to access Azure resources securely by federating identities from GitHub. This eliminates the need to manage secrets and reduces the risk of credential leaks 

 

Scenario: Internal Employee Access Management 

A large enterprise needs to manage access to its internal applications and resources for thousands of employees. The organization wants to implement multifactor authentication (MFA), conditional access policies, and role-based access control (RBAC) to ensure secure access. 

Recommended product: Entra ID 

Why Entra ID? Microsoft Entra ID is ideal for this scenario because it provides comprehensive identity and access management solutions, including MFA, conditional access, and RBAC. These features help ensure that only authorized employees can access sensitive resources, enhancing security and compliance. 

 

Scenario: Single Sign-On (SSO) for Internal Applications 

A company wants to streamline the login process for its employees by implementing Single Sign-On (SSO) across all internal applications, including Microsoft 365, Salesforce, and custom-built apps. 

Recommended product: Entra ID 

Why Entra ID? Microsoft Entra ID supports SSO, allowing employees to use a single set of credentials to access multiple applications. This improves user experience, reduces password fatigue, and enhances security by centralizing authentication and access management. 

 

 

Scenario: Kubernetes Workloads 

An organization runs multiple applications on Kubernetes clusters and needs to securely access Azure resources from these workloads. 

Recommended product: Entra Workload ID 

Why Entra Workload ID? Entra Workload ID enables Kubernetes workloads to access Azure resources without managing credentials or secrets. By establishing a trust relationship between Azure and Kubernetes service accounts, workloads can exchange trusted tokens for access tokens from Microsoft Identity Platform 

 

Scenario: e-commerce company, customer portal 

An e-commerce company wants to create a customer portal where users can sign up, log in, and manage their accounts. The company needs to provide a seamless and secure registration and login experience for its customers. 

Recommended product: Entra External ID. 

Why Entra External ID? Microsoft Entra External ID is designed for managing external identities, such as customers. It offers features like custom-branded sign-up experiences, self-service registration flows, and secure authentication, making it the perfect fit for creating a customer portal. 

 

Scenario: Partner Collaboration 

A manufacturing company collaborates with multiple external partners and suppliers. The company needs to provide secure access to shared resources and applications while ensuring that only authorized partners can access specific data. 

Recommended product: Entra External ID 

Why Entra External ID? Microsoft Entra External ID is ideal for managing external identities, such as partners and suppliers. It allows the company to securely manage and authenticate external users, providing features like B2B collaboration and access management, ensuring that only authorized partners can access the necessary resources. 

 

Getting started with Entra ID 

Title 

Description 

Link 

Microsoft Identity Platform Dev Center 

On-stop show for docs, tutorials, videos and more 

Microsoft identity platform Dev Center | Identity and access for a connected world | Microsoft Developer 

 

Training for Microsoft Entra ID 

Microsoft Learn, skill yourself on a number of modules 

Training for Microsoft Entra ID | Microsoft Learn 

 

What is Microsoft Entra ID 

Starting page on official Docs explaining Entra Id, a great place to start 

What is Microsoft Entra ID? - Microsoft Entra | Microsoft Learn 

 

Tutorial: Sign in user to Entra 

Node.js tutorial 

Tutorial: Sign in users in a Node.js & Express web app - Microsoft identity platform | Microsoft Learn 

Tutorial: Add sign-in with Microsoft Entra  

Java tutorial 

Add sign-in with Microsoft Entra account to a Spring web app - Java on Azure | Microsoft Learn 

Tutorial: Register a Python app with Entra 

Python tutorial 

Tutorial: Register a Python web app with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn 

Tutorial: Register a .NET App with Entra 

.NET Core 

Tutorial: Register an application with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn 

 

 

Getting started with Entra External ID 

Title 

Description 

Link 

One stop shop, identity platform Developer Center 

Great starting point to learn news, docs, tutorials, videos and more 

Microsoft Entra External ID | Simplify customer identity management | Microsoft Developer 

 

Tutorial: Add authentication to Vanilla SPA App 

JavaScript tutorial 

Tutorial: Create a Vanilla JavaScript SPA for authentication in an external tenant - Microsoft Entra External ID | Microsoft Learn 

Tutorial: Sign in users to Node.js app 

JavaScript/Node.js tutorial 

Sign in users in a sample Node.js web application - Microsoft Entra External ID | Microsoft Learn 

Tutorial: Sign in users to ASP .NET Core 

.NET Core tutorial 

Sign in users to a sample ASP.NET Core web application - Microsoft Entra External ID | Microsoft Learn 

Sign in users to a Python Flask app 

Python tutorial 

Sign in users in a sample Python Flask web application - Microsoft Entra External ID | Microsoft Learn 

Tutorial: Sign in to Node.js app 

JavaScript/Node.js tutorial 

Tutorial: Prepare your external tenant to sign in users in a Node.js web app - Microsoft Entra External ID | Microsoft Learn 

Tutorial: Sign in users to .NET Core app 

.NET Core Tutorial 

Tutorial: Prepare your external tenant to authenticate users in an ASP.NET Core web app - Microsoft Entra External ID | Microsoft Learn 

 

Summary and takeaways 

In summary, we introduced you to Entra and some of its products in a large family of products. You were also shown some scenarios and what products would fit. Finally, we recommended some great starter links. Hope you’re off to a great start, thanks for reading! 

 

Updated Oct 09, 2024
Version 6.0
  • Excellent blog! I meet so many developers that are not aware of how managed identity and identity-based security can help them achieve their goals when creating AI apps on Azure. Bookmark this, folks.