NEW Conditional Access Optimization Agent in Microsoft Entra + Security Copilot in Entra updates
Instead of switching between logs, PowerShell, and spreadsheets, Security Copilot centralizes insights for faster, more focused action. Resolve compromised accounts, uncover ownerless or high-risk apps, and tighten policy coverage with clear insights, actionable recommendations, and auto-generated policies. Strengthen security posture and reclaim time with a smarter, more efficient approach powered by Security Copilot. Diana Vicezar, Microsoft Entra Product Manager, shares how to streamline investigations and policy management using AI-driven insights and automation. Skip the scripting. Ask questions in plain language and get back policy and risk insights in seconds. Microsoft Entra now has built-in AI with Security Copilot. Stay ahead of threats. Use AI to track auth changes, elevated roles, and risky signals with Security Copilot in Entra. Start here. Improve your security posture. Receive personalized recommendations of policies and configurations to make using Microsoft Security Copilot in Microsoft Entra. Take a look. QUICK LINKS: 00:00 — Microsoft Entra with Security Copilot 01:26 — Conditional Access Optimization Agent 03:35 — Investigate risky users 05:49 — Investigate risky apps 07:34 — Personalized security posture recommendations 08:20 — Wrap up Link References Check out https://aka.ms/SecurityCopilotAgentsinMicrosoftEntra Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Microsoft Entra has built-in AI with Security Copilot. In fact, if you are new to the experience or haven’t looked at it in a while, you’ll find that it is continuously being fine-tuned with skills to accelerate your daily troubleshooting and risk assessments, which means whether you’re a seasoned admin or just getting started, you don’t need deep expertise in filtering, PowerShell, or Graph API. You can just use natural language and have Security Copilot surface the information for you. Additionally, new specialized agents like the one for Conditional Access Optimization work with you to continuously look for misaligned policies along with gaps in coverage that could be putting your organization at risk. -Today, I’ll walk through examples of just how powerful Security Copilot in Microsoft Entra can be, starting with a pretty common challenge, policy coverage and conflicts, where right now, you might try to work through these issues by using filters to identify new users in the Entra audit logs or by using PowerShell with the Microsoft Graph module, then perhaps, you might export log outputs into a spreadsheet for manual analysis, and repeat the same process to identify new Enterprise apps, all with the goal of identifying coverage or gaps in policies. It’s a manual effort that can take hours from your day. And that’s where the Conditional Access Optimization Agent comes in. It can be accessed and enabled from the agents page in the Microsoft Entra admin center. From there, the Conditional Access agent works alongside you, proactively surfacing issues and suggestions like gaps in protection, users, or apps that should be added to an existing policy and policy overlaps. And you can track the status of agent suggestions as you work through them. -Clicking into a suggestion gives you the details. For this one about adding users, the agent has listed userIDs for the new users. And I can review the user impact of the suggested policy before I apply the changes. You can also dive into the agent’s activity to explore its path of analysis and the reasoning behind each suggestion to validate its logic, making sure its behaving in the way you want it to. Then moving back to the policy details, before you apply any changes, you can review the summary of changes and even the detailed JSON view if you want a deeper look, down to the individual configuration options for the policy. And at the tenant level, if you need to fine-tune the agent’s behavior, you can do so in the agent Settings tab using Custom Instructions. -For example, you can instruct the agent to make exceptions like excluding break-glass admin accounts, which the agent will take into account on its next run. And beyond just giving you suggestions and recommendations, the agent can go a step further and create a fully configured policy if no existing equivalent policy is found. By default, these are report-only policies. And from here, you can even turn it on to enable the policy directly. And from Edit, you can review the policy details. The Conditional Access Optimization Agent is great for consistently tracking your policy coverage as users, apps, and access policies evolve over time. Additionally, the specialized Microsoft Entra skills in Security Copilot will also help save you time and even help you add to your existing expertise. -For example, let me show you how Security Copilot helps automate the manual steps when investigating and fixing a known compromised user account. Typically, you would need to use sign-in logs to isolate what they are trying to access or audit the actions that they have taken with visibility into their sign-in events as well as any group memberships giving them access to resources or examine any current or recently elevated role assignments, which could increase the severity of the compromise. Already I’m jumping between tabs, and it’s time-consuming to collect all of that information to see why they’re showing up as risky. Security Copilot on the other hand can pull everything together in a fraction of the time. In this case, I know that a user, Michael, has had an account compromise. -So, I’ll ask Copilot if his account was recently flagged as risky, which even if he is low risk now, could be a sign of a persistence attack, where his account is compromised and the attacker is waiting for the right timing. The response from Copilot shows me that he is high risk with an at-risk state that started on May 19th. So, I’ll ask for the risk details for his account. Copilot spots an attempted Primary Refresh Token or PRT access. Threat Intelligence has flagged his account. There are sign-in attempts from a known malicious IP address and an anonymized IP address. So, the account was definitely compromised. I’ll ask Copilot if Michael’s authentication methods have changed. And it looks like he added a new phone on May 15th, then updated details again on the 19th. Finally, I’ll ask about Michael’s account type and whether he has privileged roles assigned. And it looks like he has Cloud Device and Device Join admin permissions. This would let him easily register and modify other managed devices, for example, to have them send file contents or sign-in tokens to other cloud storage locations. So very quickly, I was able to get the visibility I needed to decide what to do next. - Now let’s move from risky user accounts to risky apps, which can present a vulnerability. Normally, you’d spend a long time digging through app lists just to isolate which apps are even worth worrying about, trying to understand the overall risk to determine what apps are created by my organization or maybe a 3rd party that might require more scrutiny. Who owns the app, or does it no longer have an owner? What protocols are the apps using? And are they risky? And which applications are stale or unused that you may want to purge from the list. Investigations like this can take hours. Let’s use Copilot for this instead. I’ll start by asking it to list some external apps that are not owned by my tenant with verified publisher details for each app. And it pulls together a list of seven apps with additional details like the app name, App ID, and Verified Publisher, so I’m not wasting time on low-risk noise. That said, sometimes it’s the apps owned by at-risk users that can be the real problem. -So, I want to ask Copilot, do the risky users in my tenant own any applications? And it finds an app that is owned by a high-risk user. Another potential problem that presents a hidden risk are apps and service principals in your environment that are currently ownerless. I’ll ask Copilot, what proportion of apps and service principals are ownerless? And Copilot tells me that more than half or 55% of my apps are ownerless and 92% of our service principals are also ownerless. And beyond finding and pointing out problems with my policies and settings, Copilot can even give me detailed recommendations to improve identity posture. -In this case, I’ll ask, give me recommendations to improve the security posture of at-risk apps in my tenant. Show this as a bulleted list with impacted resources as applications. And Copilot gives me seven actionable recommendations of policies and configurations to make, including the removal of the unused service principals that I presented earlier, as well as outdated authentication protocols and more. So, with just a few simple prompts, I have achieved something that otherwise might have taken hours in just a few minutes. -As you’ve seen, Security Copilot in Microsoft Entra simplifies troubleshooting and risk assessments, with specialized skills and agents. And while I showed you the Conditional Access Optimization agent today, there are more on the way. To learn more, check out aka.ms/SecurityCopilotAgentsinMicrosoftEntra. Keep checking back to Microsoft Mechanics for the latest updates and thanks for watching.Fix Identity Sprawl + Optimize Microsoft Entra
Enforce MFA, block legacy authentication, and apply risk-based Conditional Access policies to reduce exposure from stale accounts and weak authentication methods. Use built-in tools for user, group, and device administration to detect and clean up identity sprawl — like unused credentials, inactive accounts, and expired apps — before they become vulnerabilities. Jeremy Chapman, Microsoft 365 Director, shares steps to clean up your directory, strengthen authentication, and improve overall identity security. Prioritize top risks. Take action across MFA, risk policies, and stale objects with Microsoft Entra recommendations. Start here. Block over 99% of identity attacks. Enforce MFA for admins and users in Microsoft Entra. Detect and delete stale user accounts. See how to fix account sprawl, and get started with Microsoft Entra. QUICK LINKS: 00:00 — Microsoft Entra optimization 00:54 — New Recommendations tab 02:11 — Enforce multifactor authentication 03:21 — Block legacy authentication protocols 03:58 — Apply risk-based Conditional Access 04:44 — Identity sprawl 05:46 — Fix account sprawl 08:06 — Microsoft 365 group sprawl 09:36 — Devices 10:33 — Wrap up Link References Watch part one of our Microsoft Entra Beginner’s Tutorial series at https://aka.ms/EntraBeginnerMechanics Check out https://aka.ms/MicrosoftEntraRecommendations Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -If you’re managing identities using Microsoft Entra, which includes any Microsoft Cloud service, today, I’ll show you how you can fix identity sprawl, where you probably have stale accounts, groups, and devices in your directory, and improve your identity posture with stronger authentication and more. Now, these are identity management challenges that left unaddressed will introduce security vulnerabilities, but there are ways to get them under control. -So, using recommendations tailored specifically to your company to help you better secure and optimize your running environment, along with techniques to locate identity sprawl with users, groups, and devices, then delete stale objects in your directory. This is part two in our Microsoft Entra Beginner’s Tutorial series, and I’ll link you here to part one if you missed that at aka.ms/EntraBeginnerMechanics. Now, I’ll start in the Microsoft Entra admin center under Identity and the main Overview page. The new Recommendations tab gives you a super set of security and best practice-based recommendations that go beyond what’s available from Secure Score to increase your identity posture. -In fact, if you look at the recommendations here, anything in the Secure Score column marked N/A are items based on best practices. And the list that you’re seeing here is based on what applies to this specific Microsoft Entra tenant, so your list, it might look a little different. For each recommendation, you can also see the licensing requirements to implement that recommendation. As I scroll down, you’ll see that the top recommendations with high priorities require multifactor authentication, or MFA, for administrative roles at 10 Secure Score points. -Then ensure all users can complete multifactor authentication at 9 Secure Score points. And for any of these recommendations, like this one here for administrators, you can just click in to get more details and even find the accounts that are not meeting that requirement, even if you’ve scoped an all users policy and have that in place. And by the way, even Break Glass admin accounts should use MFA with FIDO2 or certificate-based authentication as a second factor. Requiring multifactor authentication is the most important control that you can enforce as an identity admin. It can block over 99% of identity-based attacks and can also solve for many of the other common issues that I mentioned before, like stale accounts, because those are most often breached because they use basic passwords. Multifactor authentication policies are set using Conditional Access policies, where it’s recommended that you assign the policy to all users and also target all resources, formerly all cloud apps. -You can also access controls for grant and then specify specific access requirements. And if you ever wondered the difference between Require MFA and require authentication strength, well, Require MFA is more of a catch-all that works with two or more authentication methods at any strength level. Whereas require authentication strength lets you narrow down which combinations of authentication methods are allowed. For example, choosing phishing-resistant authentication as an authentication strength means that SMS text messages and passwords would not be allowed as factors, because both of those could be phished by a third party. -The next highest recommendations are related to this as well. Under high priority and at 8 Secure Score points, there is a recommendation to block legacy authentication protocols like IMAP, SMTP, and POP3. Now these are related to MFA, because all of these protocols, which are used by legacy apps, do not support MFA and Conditional Access controls. Now, here’s why this is important. If an attacker can access a legacy app using those protocols with basic password authentication, they may still be able to access protected resources, then move laterally once they’ve gained access. Then, rounding out the list of high priority recommendations are the enforcement of risk-based Conditional Access policies. -Now, these risk types might indicate that a user account has been compromised or that the user is either intentionally or unintentionally doing something that they shouldn’t be doing. And all of these recommendations are easy to implement with corresponding Conditional Access policies, where you’ll target each as a condition and pair that with a risk-based control to either block access outright or grant access with additional requirements that need to be met. Next, you’ll find a few recommendations to renew expiring application credentials. And finally, a few remove recommendations, like remove unused credentials from applications and also Remove unused applications themselves. -This leads us to identity sprawl, including unused or stale accounts, non-human accounts, and inactive registered devices. Enforcing MFA and disabling legacy authentication can mitigate much of the risk, though some of the accounts might still fall outside of MFA policies. Often, these users move on or their accounts are seasonal. They leave your company and their accounts then become stale. So, what’s the risk? The problem is that most people reuse their passwords or will just modify them slightly with known patterns like adding numbers or symbols at the end of it. And if the account in Microsoft Entra is password-only and another account of theirs is compromised by an attacker to steal their password, all the attacker needs to do then is look up the user’s profile on LinkedIn, for example, to see where they’ve last worked, guess their email address, sign into their previous employer domain using the stolen password with variations to access their stale user account, and they’re in. -Fortunately, there are ways to fix account sprawl. I’ll show you how you can do this in the admin center, but you can also automate this using PowerShell with the Microsoft Graph Module. From all users, you can see that I have 2007 users right now. Now, remember that number because we’ll come back to it. -Next, using the manage view control, I’ve added a column to my view with last interactive sign-in time so I can see how long it’s been since each account has signed in. From there, I can create a filter using that property with an operator here of less than or equal to, and I’ll go ahead and choose a time, I’ll go back about eight months ago, and then I’ll apply the filter. That narrowed my list down to 27 accounts, so now I’ll hit download users to export a CSV file with their details, which is an Excel file that starts out looking like this. Now, to save time, you’ll see that I’ve removed user principal names that I don’t want to delete. In my case, that was the meeting room accounts only. And for this to work, I needed to delete all other columns and to add a version number using this format here with the colon. In the second field, I use this exact string. User, space, name, space, userPrincipalName in square brackets. Then under that, I have my chosen UPNs listed that I want to delete. -Now, moving back to the admin center, once I have that final list of items that I want to delete, I’ll use Bulk operations and select Bulk delete. And then for the sale accounts, all I need to do is upload my CSV file that we just saw. There it is. Now I need to type yes here, and then confirm and submit. And that takes a moment to run. And you’ll see that it succeeded. Now, when I refresh the list, you’ll see that only my meeting rooms are still here. The blank lines are actually deleted. Because they matched my filter, they’re still there. And if I remove the filter, you’ll see that my user count is now 1985 or 22 fewer than before. And just in case you accidentally delete a user that you didn’t want to delete, from the deleted users, you can actually recover those accounts for up to 30 days. -So, next, let’s move on to Microsoft 365 group sprawl. These groups are typically created by users so they can quickly sprawl and pose a similar risk, especially when users with basic password auth might have persistent access to the resources from that group, or if those groups have standing access for external user accounts. Here, to help control sprawl, you can set up group lifetime policies for a number of days. By default, there are options for 180, 365, and custom. I’ll choose 180. In this case, the group owners are sent an email notification at 30 days, 15 days, and one day prior to group expiration, where they can choose to renew the impacted groups or just let them go. Now, if left unrenewed, those groups will be deleted along with associated content in Outlook, SharePoint, Teams and Power BI. In this field, you’ll add an email address for groups with no owners. -And finally, you’ll choose which Microsoft 365 groups to enable for these automatic expiration controls, either all groups or using the selected option, you’ll then be able to choose exactly each of the groups that you want to have added to this policy, or you can choose none, which will effectively disable the policy. So, in my case, I’ll keep all and then I’ll hit save. Like user accounts, groups have 30 days of grace prior to permanent deletion, and you or the group owner can restore them. -We’ve covered two main areas of identity sprawl, and the third common category we’ll cover today is devices. For this, before you just start deleting devices, you’ll need to prevent your users or yourself even from getting locked out. This is because Microsoft Entra-joined physical Windows devices are often the ones that you own and manage. Their associated BitLocker keys used to encrypt and unencrypt the local drives are stored in Microsoft Entra and accessible through their device properties, which acts as an insurance policy in case, for whatever reason, you get locked out. Likewise, local administrator passwords can be maintained here, too. So, for Windows devices, unless you’re sure, don’t delete them. Otherwise, deleting Windows devices or other registered device platforms follows roughly the same process that I showed for users and groups with one important exception. Deletion in this case is permanent. There’s not a recycle bin or 30 days grace to undelete those devices. -Implementing the tips that I’ve shown today will help improve your identity posture, and help contain identity sprawl. Now, the latter helps keep your users, groups, and devices more manageable and reduces risk associated with stale objects in your directory. To learn more, check out aka.ms/microsoftEntraRecommendations. And be sure to subscribe to Microsoft Mechanics for latest updates and thanks so much for watching.Continuing with Microsoft Entra: Advanced Identity Management
In the previous blog Microsoft Entra Admin Center - Secure, Protect, & Manage, we explored the capabilities of the Microsoft Entra Admin Center, focusing on how it helps secure, protect, and manage your organization's identities and access. Building on that foundation, let's dive deeper into the advanced features and functionalities of Microsoft Entra ID, formerly known as Azure Active Directory, to further enhance your identity and access management strategy. Advanced Identity Management with Microsoft Entra ID Microsoft Entra ID offers a comprehensive suite of tools designed to streamline identity management in the cloud. Here are some key features that can help you take your organization's security to the next level: Conditional Access Policies Conditional access is a pivotal feature that allows you to enforce access controls based on specific conditions. By setting policies that consider user location, device state, and risk level, you can ensure that only authorized users gain access to sensitive resources. To learn more about Conditional Access click here: What is Conditional Access in Microsoft Entra ID? - Microsoft Entra ID | Microsoft Learn Identity Protection With the P2 plan, Microsoft Entra ID provides advanced identity protection capabilities. This includes risk-based conditional access, which assesses the likelihood of a user being compromised and adjusts access policies accordingly. It also offers tools to detect and remediate identity-based risks. To learn more about Identity Protection click here: What is Microsoft Entra ID Protection? - Microsoft Entra ID Protection | Microsoft Learn Privileged Identity Management (PIM) PIM helps you manage, control, and monitor access to important resources within your organization. By providing just-in-time privileged access and requiring approval for elevated roles, PIM reduces the risk of security breaches. To learn more about PIM click here: What is Privileged Identity Management? - Microsoft Entra ID Governance | Microsoft Learn Seamless Integration with Cloud Applications Microsoft Entra ID integrates seamlessly with a wide range of cloud applications, providing single sign-on (SSO) capabilities. This not only enhances user experience by reducing the number of login prompts but also improves security by centralizing authentication. To learn more about SSO click here: Microsoft Entra Connect: Seamless single sign-on - Microsoft Entra ID | Microsoft Learn Extending On-Premises Directories to the Cloud For organizations with existing on-premises Active Directory environments, Microsoft Entra Domain Services offers a bridge to the cloud. This service provides managed domain services such as domain join, group policy, and LDAP, enabling you to extend your on-premises directory to Azure without the need to manage domain controllers. To learn more about Microsoft Entra Domain Services click here: Overview of Microsoft Entra Domain Services - Microsoft Entra ID | Microsoft Learn Comparing Microsoft Entra ID Plans Understanding the differences between the P1 and P2 plans is crucial for selecting the right solution for your organization: P1 Plan: Ideal for organizations that need basic identity and access management features, including conditional access and self-service password reset. P2 Plan: Suited for organizations requiring advanced security features such as identity protection and privileged identity management. Optimizing Permissions Management Permissions management is crucial for maintaining a secure and efficient IT environment. Microsoft Entra provides tools to optimize permissions: Permission Insights: Gain visibility into who has access to what resources and identify any unnecessary permissions. Automated Permission Management: Automatically adjust permissions based on user roles and activities, ensuring that users only have access to what they need. Audit Logs: Keep track of all permission changes and access requests to maintain a clear audit trail. To learn more about Microsoft Entra Permissions Management click here: What is Microsoft Entra Permissions Management - Training | Microsoft Learn Ensuring Global Secure Access In today's remote work environment, secure access to resources is more important than ever. Microsoft Entra's Global Secure Access features include: Secure Remote Access: Set up secure connections for remote users, ensuring they can access the necessary resources without compromising security. Application Management: Manage and secure access to both cloud and on-premises applications. Network Security: Implement network security measures to protect your organization's data and resources from external threats. To learn more about Global Secure Access click here: What is Global Secure Access? - Global Secure Access | Microsoft Learn Conclusion Microsoft Entra ID is a powerful tool that provides robust identity and access management capabilities for both cloud and hybrid environments. By leveraging its advanced features, you can enhance your organization's security posture and streamline access management processes. For more information on this topic and to expand your knowledge, please check out Understand Microsoft Entra ID - Training | Microsoft Learn.Enabling Self-Service Password Reset for Your Organization
What Is SSPR? It is a frigid February morning. The time is approximately 6:30 AM. Your morning cup of joe is interrupted by an urgent call from your system administrator Jonathan. He informs you about a suspicious email incident over the weekend that potentially impacted numerous employees. He suggests resetting all passwords to reduce any potential impact after handling most of the preliminary measures. Jonathan is thinking about enabling Self-Service Password Reset (SSPR) to maximize time and efficiency. SSPR allows organizations to members to reset their own password. In this blog we will cover a useful feature that can be enabled in your Microsoft Entra Admin Center. Naturally, this blog assumes that you have not enabled this feature as you are just getting started. However, I do suggest looking into the links below for a deeper dive. Navigating to Microsoft Entra Admin Center First, before beginning to enable this feature, make sure to have your admin credentials handy. You must have the appropriate administrative role and access. Lastly, if you want to enable this policy for on-premises integration. You will need to set up a sync engine to be connected to your account. Please see the following link to learn more: Enable Microsoft Entra password writeback - Microsoft Entra ID | Microsoft Learn. Let us continue to the login page. Sign In Navigate to the following website https://entra.microsoft.com. Using your administrative credentials type in your “Username and Password.” If you have forgotten your password, click on “Forgot my password” then follow the prompts accordingly. You will be prompted to authenticate using your phone via the “Microsoft Authentication app.” After you sign in, you'll arrive at the Microsoft Entra Admin Center Home directory. From there, we'll guide you through the process of enabling the feature, one step at a time. Enabling SSPR In the home screen, select the “Protection” tab in the left-hand menu, then click “Password reset.” The first menu item is “Properties” on the right side you will see “Self-service password reset enabled.” Select between three options: None: No users within the organization selected for reset (this is selected by default if never enabled). Selected: Select the Microsoft groups within your organization to apply for self-reset. All: Apply for all users within the organizations for self-reset. Select one then click the “Save” button. Now that SSPR is enabled, you will see “Forgot my password” based on the option you selected. If all options were chosen, all members would see it; otherwise, it will be visible according to the groups you specified. This allows the Systems admin to send just one email to reset their passwords. Conclusion Moving forward, this policy aims to enhance self-sufficiency and improve security measures. By enabling Self-Service Password Reset (SSPR), organizations can streamline password management, lighten IT support loads, and boost security. Users can reset their passwords quickly and securely keeps productivity high and mitigates risks associated with forgotten credentials. Monitor its effectiveness and adjust settings as needed to meet your organization's unique needs and security standards. Hyperlinks License self-service password reset - Microsoft Entra ID | Microsoft Learn Enable Microsoft Entra password writeback - Microsoft Entra ID | Microsoft Learn Self-service password reset deep dive - Microsoft Entra ID | Microsoft Learn Microsoft Entra Admin Center - Secure, Protect, & Manage | Microsoft Community HubManagement Made Simple with Administrative Units - Microsoft Entra ID
Microsoft Entra ID, formerly known as Azure Active Directory, is a part of Microsoft Entra that manages both internal and external resources for your organization. These resources can reside in your Azure subscription or within your Microsoft 365 Tenant. Consequently, Entra ID assists IT administrators in managing who requires access to these resources. Organizations have the option to choose from three plans: Free, Microsoft Entra ID Plan 1, and Microsoft Entra ID Plan 2. Microsoft Entra ID is accessible through the Azure portal and the Microsoft Entra Admin Center, respectively. Additionally, within the Microsoft Entra Admin Center under Identity, you can manage devices, create lifecycle workflows, handle app resignations, and much more. In this lesson, we will learn about Administrative Units and how they can be utilized to manage your administrative staff within your organization. For license information please see a brief description on the different plans. However, you can learn more about the features here: Microsoft Entra Plans and Pricing | Microsoft Security. License Information: Microsoft Entra ID Free: Provides user and group management. Offers on-premises directory synchronization. Includes basic reports. Allows self-service password change for cloud users. Supports single sign-on across Azure, Microsoft 365, and many popular SaaS apps. Microsoft Entra ID Plan 1: Includes all features of the Free plan. Allows hybrid users to access both on-premises and cloud resources. Supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities for self-service password reset for on-premises users. Microsoft Entra ID Plan 2: Includes all features of the Free and Plan 1. Offers Microsoft Entra ID Protection for risk-based Conditional Access to apps and critical company data. Provides Privileged Identity Management to discover, restrict, and monitor administrators and their access to resources, and to provide just-in-time access when needed. Microsoft Entra Role Based Access Control (RBAC) Microsoft Entra ID allows for access control to be limited for Administrators if you do not need them to have tenant level administrative access. Restricting access to only what is necessary is crucial to abide the least privilege principle. This principle ensures that administrators have only the permissions necessary to perform their tasks, minimizing the risk of unauthorized access. For example, if you have external collaborations from a consultant who performs helpdesk tasks for only certain permissions to perform their duties. If needed, you can also build custom roles. However, most built-in roles can cover most use cases. Auditing administrative units involves monitoring and reviewing the activities within these units to ensure compliance with organizational policies and security standards. External Partner Delegation You can also delegate external partner to provision and deploy services on your behalf. Organizational Global and Billing Administrators can agree to external partnership agreements for Microsoft Partners. Microsoft Solution Partners (MSP) can provide a wide variety of services. You will have to sign partner agreement authorizing the partner to provide services on your behalf. Depending on the partner will on the scope of work. You can find a Microsoft Certified Solutions Partner here: Find the right app | Microsoft AppSource. Partners will send an email that will establishes a connection to your accounts. You can find this agreement in Microsoft Entra Admin Center & Microsoft Entra Admin Center. To see your partnership relationship follow the instructions below: Microsoft 365 Admin Center - Partnership Relationship Navigate to Microsoft 365 Admin Center: https://admin.microsoft.com/. Login with your Administrative Username and Password. Authenticate with the Microsoft Authentication App when prompted. In the left-hand menu locate and click on the Show all tab. Select the Settings tab, then click on Partnership relationships. Microsoft Entra Admin Center - Delegated Admin Partners Navigate to Microsoft Entra Admin Center: https://entra.microsoft.com/. Login with your Administrative Username and Password. Authenticate with the Microsoft Authentication App when prompted. In the home directory, in the left-hand menu click on the Identity tab. Next, select Roles & Admins, then click on Delegated admin partners. In both areas, you will be able to view the active relationship with your partner, including the specific type of partnership they have with your organization. It is advisable to consult your partner for detailed information regarding your partnership agreement before making any decisions to cancel or delete the partnership. Additionally, it is common practice to create an administrative unit for managing external partners, guests, and similar entities. This ensures that all external relationships are organized and managed efficiently. What is Administrative Units? Microsoft Entra ID Administrative Units are specialized containers within the Microsoft Entra ID environment designed to help you efficiently organize and manage users, groups, and devices. These units enable you to delegate administrative tasks to specific segments of your organization, ensuring that permissions are confined to a well-defined scope. This functionality is particularly beneficial for IT professionals, as it provides numerous use cases for delegating tasks, thereby enhancing operational efficiency and security. Administrative Units Use Cases To learn how implementation works within Microsoft Entra. An understanding of common scenarios for using administrative units below: Delegating Administrative Tasks: Administrative units allow you to delegate administrative tasks to specific segments of your organization. For example, you can delegate the Helpdesk Administrator role to regional support specialists, enabling them to manage users only in the region they support. Restricting Permissions: Administrative units help in restricting permissions to a defined scope. This is particularly useful in large organizations where different departments or regions need to manage their own resources without affecting others. Managing Users, Groups, and Devices: Administrative units can contain users, groups, or devices, making it easier to manage these resources within a specific scope. For instance, you can create an administrative unit for a particular department and manage all users, groups, and devices within that department. Implementing Least Privilege Access: By using administrative units, you can implement least privilege access, ensuring that administrators have only the permissions necessary to perform their tasks. This enhances security by minimizing the risk of unauthorized access. Organizing by Geography or Division: Administrative units can be used to organize resources by geography or division. For example, you might add users to administrative units based on their location (e.g., "Seattle") or department (e.g., "Marketing"), allowing for more granular management. Managing Properties of Groups: Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit. This allows administrators to manage properties of the group, such as group name or membership, without affecting the individual members of the group. Setting Policies at a Granular Level: Administrative units enable central administrators to set policies at a granular level. For example, in a large university with multiple autonomous schools, each school can have its own administrative unit with specific policies tailored to its needs. Conclusion In conclusion, Microsoft Entra ID Administrative Units offer a robust framework for managing user access and permissions within your organization. By leveraging these units, you can enhance security, improve efficiency, and maintain flexibility in your administrative tasks. Additionally, you have also learned how Administrative Units can be leveraged to manage external partners. Explore the possibilities and unlock the full potential of Microsoft Entra ID today! Hyperlink Administrative units in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn Overview of Microsoft Entra role-based access control (RBAC) - Microsoft Entra ID | Microsoft Learn Manage Microsoft-certified solution provider partner relationships | Microsoft Learn Find the right app | Microsoft AppSourceMicrosoft Entra Admin Center - Secure, Protect, & Manage
Microsoft Entra In a Nutshell Times have changed. Organizations of every size need to plan, manage, and secure their organization’s resources. Security is the veil that protects you from bad actors that can deter your nonprofits mission. Having a plan of action is necessary, now more than ever. Microsoft Entra can be your first step to developing a plan of action. Think of Microsoft Entra Admin Center as your unified control center where you can safeguard your organization and build the best defense. This guide is a part of a series of blogs covering Microsoft Entra Admin Center. To get familiar with managing your organizational resources. This walkthrough will focus on Identity. You will learn how to find your Microsoft Tenant information and perform your first bulk operation. Microsoft Entra Admin Center Identity: The Identity tab is where you manage user accounts and their details. Manage Users, Groups, Devices, Applications, Protection, Identity Governance, External Identities, User Experiences, Hybrid Management, and Monitoring & health. Protection: The Protection tab helps keep your organization's accounts safe. It includes tools to detect and fix security risks, and you can set up multifactor authentication to add an extra layer of security. Manage Identity Protection, Conditional Access, Authentication methods, Password reset, Custom security attributes, and Risky activities, Identity Governance: The Identity Governance tab helps you control who has access to what. It includes tools to manage user access throughout their time at the company, review access regularly, and ensure compliance with security policies. Manage Dashboard, Entitlement management, Access reviews, Privileged Identity Management, and Lifecycle workflows. Verified ID: The Verified ID tab is for managing digital credentials. You can set up and issue verifiable credentials and manage them if they need to be revoked. Configure Organization settings, register Decentralized ID and Manage Credentials Permissions Management: The Permissions Management tab gives you a clear view of all the permissions assigned to users. It helps you find and fix unnecessary permissions to ensure users only have access to what they need. Global Secure Access: The Global Secure Access tab is where you manage secure access to the internet and private networks. It includes tools to set up secure connections for remote users and ensure they have the right level of access. Secure your internet, Manage Applications, Connect, Secure, Monitor and Settings. Learn & Support: Contact support related to any issues you may have concerned about governance, identity, monitoring and securing your organization. Signing Into Microsoft Entra Admin Center Before logging into the Microsoft Entra Admin Center, ensure you have your Administrator credentials and have appropriate access. Below is a walkthrough of navigating the Microsoft Entra Admin Center. We will look at the Identity tab. Navigate to https://entra.microsoft.com. You will be greeted by the “Home” menu. There is a lot of useful information for administrators including guides, documentation, recommendations, blogs, announcements, and more information about Microsoft Entra's product line. In the left-hand menu, select the “Identity” then click on “Overview.” The Overview tab shows your Microsoft Tenant information under, “Basic information” which includes Tenant ID, Primary domain, License, Users, Group, Applications, and Devices. Auditing Users & Bulk Operations Nonprofits have unique considerations when it comes to onboarding members. You may have specific hiring quarters, volunteers, and interns working with organizations at any given time. Thus, you may have only a few people or sometimes hundreds you need to have properly onboarded. Microsoft Entra has tools within the admin center to perform bulk operations. This can save you time, especially when you may be dealing with Single Sign On (SSO) issues. You can add bulk create, invite, and delete users. Please keep in mind that there is a 1-hour threshold of operation. If the Bulk operation fails, you can check the “Bulk operations results.” Navigate to Microsoft Entra Admin Center. In the left-hand menu, select “Identity”, then click “Users.” In “All users” click the third tab “Bulk operations.” You can click three of the options from the dropdown, “Bulk create", "Bulk invite", and "Bulk delete.” To create or invite users you need to download the csv template by clicking on the blue “Download” button. Enter the information inside the csv file then reupload the document, then click the “Submit” button. It may take some time to upload the user accounts based on how many you are adding. Lastly, you can also create a support ticket by clicking on “New support request” for more support if you are having issues. In Conclusion The Microsoft Entra Admin Center provides a comprehensive suite of tools to manage identities and perform bulk operations efficiently. With features like bulk creation, invitation, and deletion of users, it caters to the unique needs of nonprofits, ensuring smooth onboarding processes. The admin center is designed to save time and streamline user management, even when dealing with large volumes of accounts or SSO issues. By following the outlined steps, administrators can effectively navigate and utilize the Microsoft Entra Admin Center to maintain organized and secure user information. Hyperlinks What is Microsoft Entra? - Microsoft Entra | Microsoft Learn Microsoft Entra Single Sign-On (SSO) | Microsoft Security Zero Trust Strategy & Architecture | Microsoft Security Tenant management for Microsoft 365 for enterprise | Microsoft Learn¿Qué es Microsoft Entra y por qué deberías elegirla para proteger tus aplicaciones?
[Blog post original - en inglés] Microsoft Entra es una familia de productos de identidad y acceso a la red, diseñados para implementar una estrategia de seguridad de Zero Trust (Confianza Cero). Forma parte del portafolio de Microsoft Security, que también incluye: Microsoft Defender para la protección contra amenazas cibernéticas y la seguridad en la nube, Microsoft Sentinel para la información de seguridad y la administración de eventos (SIEM), Microsoft Purview para el cumplimiento, Microsoft Priva para privacidad y Microsoft Intune para la administración de endpoints. Estrategia de seguridad Zero Trust La estrategia de seguridad Zero Trust es un enfoque moderno de ciberseguridad que asume que no se debe confiar en ningún usuario o dispositivo, ya sea dentro o fuera de la red, de forma predeterminada. En su lugar, cada solicitud de acceso debe verificarse y autenticarse antes de conceder acceso a los recursos. Esta estrategia está diseñada para abordar las complejidades del entorno digital moderno, incluyendo el trabajo remoto, los servicios en la nube y los dispositivos móviles. ¿Por qué utilizar Entra? Microsoft Entra ID (anteriormente conocido como Azure AD) es una solución de administración de identidades y acceso en la nube que ofrece varias ventajas sobre las soluciones locales tradicionales: Gestión unificada de identidades: Entra ofrece una solución integral para la gestión de identidades y accesos, abarcando tanto entornos híbridos como en la nube. Esto permite administrar de manera unificada las identidades de los usuarios, sus derechos de acceso y permisos, simplificando la administración y mejorando la seguridad. Experiencias de usuario fluidas: Entra admite el inicio de sesión único (SSO), permitiendo a los usuarios acceder a múltiples aplicaciones con un solo conjunto de credenciales. Esto reduce la fatiga de contraseñas y mejora la experiencia del usuario. Políticas de acceso adaptables: Entra permite una autenticación robusta y políticas de acceso adaptativo en tiempo real basadas en riesgos, sin comprometer la experiencia del usuario. Esto ayuda a proteger de manera efectiva el acceso a los recursos y datos. Integración con identidades externas: Entra External ID permite a las organizaciones administrar y autenticar de forma segura a los usuarios que no forman parte de su fuerza laboral interna, como clientes, socios y otros colaboradores externos. Esto es particularmente útil para las empresas que necesitan colaborar de manera segura con socios externos. Desafío del mercado abordado: Entra enfrenta el desafío del mercado al proporcionar una solución integral de IAM en entornos híbridos y en la nube, garantizando la seguridad, simplificando la autenticación de usuarios y permitiendo el acceso seguro a los recursos. Escalabilidad: Las soluciones en la nube como Entra pueden escalar fácilmente para adaptarse a un número creciente de usuarios y aplicaciones sin necesidad de hardware o infraestructura adicional. Rentabilidad: Mediante el uso de una solución en la nube, las organizaciones pueden reducir los costes asociados al mantenimiento de la infraestructura local, como los servidores y los equipos de red. Flexibilidad: Entra ofrece flexibilidad en términos de implementación e integración con diversas aplicaciones y servicios, tanto dentro como fuera del ecosistema de Microsoft. Seguridad: Las soluciones en la nube suelen incluir funciones de seguridad integradas y actualizaciones periódicas para protegerse contra amenazas emergentes. Entra ofrece un soporte solido para el acceso condicional y la autenticación multifactor (MFA), esenciales para proteger los datos confidenciales. Como puedes ver, hay muchas razones para explorar Entra y su conjunto de productos. Más sobre los productos Entra Microsoft Entra está diseñado para proporcionar administración de identidades y accesos, gestión de infraestructura en la nube y verificación de identidad. Funciona en: Las instalaciones. A través de Azure, AWS, Google Cloud. Aplicaciones, sitios web y dispositivos de Microsoft y de terceros. Estos son los productos y soluciones clave dentro de la familia de productos Microsoft Entra. Microsoft Entra ID: Se trata de una solución integral de gestión de identidades y accesos que incluye características como el acceso condicional, el control de acceso basado en roles, la autenticación multifactor y la protección de la identidad. Entra ID ayuda a las organizaciones a administrar y proteger identidades, garantizando un acceso seguro a aplicaciones, dispositivos y datos. Microsoft Entra Domain Services: Este producto proporciona servicios de dominio administrados, como la unión a dominio, políticas de grupo, el Protocolo Ligero de Acceso a Directorios (LDAP) y la autenticación Kerberos/NTLM. Permite a las organizaciones ejecutar aplicaciones heredadas en la nube que no pueden usar métodos de autenticación modernos o en las que no se desea que las búsquedas de directorio vuelvan siempre a un entorno local de Servicios de Dominio de Active Directory (AD DS). Puedes migrar esas aplicaciones heredadas de tu entorno local a un dominio administrado, sin necesidad de administrar el entorno de AD DS en la nube. Microsoft Entra Private Access: proporciona a los usuarios, ya sea en la oficina o trabajando de forma remota, acceso seguro a recursos privados y corporativos. Permite a los usuarios remotos conectarse a los recursos internos desde cualquier dispositivo y red, sin necesidad de una red privada virtual (VPN). El servicio ofrece acceso adaptable por aplicación basado en directivas de acceso condicional, proporcionando una seguridad más granular que una VPN. Microsoft Entra Internet Access: asegura el acceso a los servicios de Microsoft, SaaS y aplicaciones públicas de Internet, mientras protege a los usuarios, dispositivos y datos frente a las amenazas de Internet. Esto se logra a través de la puerta de enlace web segura (SWG) de Microsoft Entra Internet Access, que está centrada en la identidad, es consciente de los dispositivos y se entrega en la nube. Microsoft Entra ID Governance es una solución de gobernanza de identidades que ayuda a garantizar que las personas adecuadas tengan el acceso adecuado a los recursos correctos en el momento oportuno. Esto se logra mediante la automatización de las solicitudes de acceso, las asignaciones y las revisiones a través de la administración del ciclo de vida de la identidad. Microsoft Entra ID Protection ayuda a las organizaciones a detectar, investigar y corregir los riesgos basados en la identidad. Estos riesgos pueden integrarse en herramientas como el acceso condicional para tomar decisiones de acceso, o retroalimentar una herramienta de administración de eventos e información de seguridad (SIEM) para una mayor investigación y correlación. 7. Microsoft Entra Verified ID es un servicio de verificación de credenciales basado en estándares abiertos de identidades descentralizadas (DID). Este producto está diseñado para la verificación y gestión de identidades, garantizando que las identidades de los usuarios se verifiquen de forma segura. Admite escenarios como la verificación de credenciales laborales en LinkedIn. 8. Microsoft Entra External ID se centra en la administración de identidades externas, como clientes, socios y otros colaboradores que no forman parte de la fuerza laboral interna. Permite a las organizaciones administrar y autenticar de forma segura a estos usuarios externos, proporcionando características como experiencias de registro personalizadas, flujos de registro de autoservicio y administración de usuarios. 9. Administración de permisos de Microsoft Entra: Este producto se ocupa de la administración de permisos y controles de acceso en varios sistemas y aplicaciones, garantizando que los usuarios tengan el nivel adecuado de acceso. Permite a las organizaciones detectar, ajustar automáticamente y supervisar continuamente los permisos excesivos y no utilizados en Microsoft Azure, Amazon Web Services (AWS) y Google Cloud Platform (GCP). 10. Microsoft Entra Workload ID: Este producto ayuda a las aplicaciones, contenedores y servicios a acceder de forma segura a los recursos en la nube, proporcionando administración de identidad y acceso para la carga de trabajo. ¿Qué producto Entra elegir? Hemos explicado algunos productos importantes, pero es posible que aún te preguntes cuál elegir. Veamos algunos escenarios para ayudarte a decidir Escenario: Integración de GitHub Actions Un equipo de desarrollo usa GitHub Actions para la integración continua y las canalizaciones de implementación continua (CI/CD). Necesitan acceder de forma segura a los recursos de Azure sin administrar secretos. Producto recomendado: Entra Workload ID ¿Por qué Entra Workload ID? El identificador de carga de trabajo de Microsoft Entra admite la federación de identidades de carga de trabajo, lo que permite a GitHub Actions acceder a los recursos de Azure de forma segura mediante la federación de identidades de GitHub. Esto elimina la necesidad de administrar secretos y reduce el riesgo de fugas de credenciales. Escenario: Gestión interna del acceso de los empleados Una gran empresa necesita gestionar el acceso a sus aplicaciones y recursos internos para miles de empleados. La organización desea implementar la autenticación multifactor (MFA), las directivas de acceso condicional y el control de acceso basado en roles (RBAC) para garantizar un acceso seguro. Producto recomendado: Entra ID ¿Por qué Entra ID? Microsoft Entra ID es ideal para este escenario, ya que proporciona soluciones completas de administración de identidades y acceso, como MFA, acceso condicional y RBAC. Estas características ayudan a garantizar que solo los empleados autorizados puedan acceder a recursos confidenciales, mejorando la seguridad y el cumplimiento. Escenario: Inicio de sesión único (SSO) para aplicaciones internas Una empresa quiere agilizar el proceso de inicio de sesión de sus empleados mediante la implementación de Single Sign-On (SSO) en todas las aplicaciones internas, incluidas Microsoft 365, Salesforce y aplicaciones personalizadas. Producto recomendado: Entra ID ¿Por qué Entra ID? Microsoft Entra ID admite SSO, lo que permite a los empleados usar un único conjunto de credenciales para acceder a varias aplicaciones. Esto mejora la experiencia del usuario, reduce la fatiga de las contraseñas y mejora la seguridad al centralizar la autenticación y la gestión del acceso. Escenario: Cargas de trabajo de Kubernetes Una organización ejecuta varias aplicaciones en clústeres de Kubernetes y necesita acceder de forma segura a los recursos de Azure desde estas cargas de trabajo. Producto recomendado: Entra Workload ID ¿Por qué Entra Workload ID? Entra Workload ID permite que las cargas de trabajo de Kubernetes accedan a los recursos de Azure sin administrar credenciales ni secretos. Al establecer una relación de confianza entre las cuentas de servicio de Azure y Kubernetes, las cargas de trabajo pueden intercambiar tokens de confianza por tokens de acceso de Microsoft Identity Platform. Escenario: Empresa de comercio electrónico, portal del cliente Una empresa de comercio electrónico quiere crear un portal de clientes en el que los usuarios puedan registrarse, iniciar sesión y gestionar sus cuentas. La empresa debe proporcionar una experiencia de registro e inicio de sesión segura y fluida para sus clientes. Producto recomendado: Entra External ID ¿Por qué Entra External ID? El identificador externo de Microsoft Entra está diseñado para administrar identidades externas, como los clientes. Ofrece características como experiencias de registro personalizadas, flujos de registro de autoservicio y autenticación segura, lo que lo convierte en la opción perfecta para crear un portal de clientes. Escenario: Colaboración de socios Una empresa de fabricación colabora con múltiples socios y proveedores externos. La empresa debe proporcionar acceso seguro a los recursos y aplicaciones compartidos y, al mismo tiempo, garantizar que solo los socios autorizados puedan acceder a datos específicos. Producto recomendado: Entra External ID ¿Por qué Entra External ID? El identificador externo de Microsoft Entra es ideal para administrar identidades externas, como asociados y proveedores. Permite a la empresa gestionar y autenticar de forma segura a los usuarios externos, proporcionando funciones como la colaboración B2B y la gestión de acceso, garantizando que solo los socios autorizados puedan acceder a los recursos necesarios. Primeros pasos con Entra ID Por último, te recomendamos algunos recursos estupendos. Microsoft Identity Platform Dev Center Plataforma con documentos, tutoriales, vídeos y más Microsoft identity platform Dev Center | Identity and access for a connected world | Microsoft Developer Aprendizaje sobre Microsoft Entra ID Aumenta tus habilidades en Microsoft Learn Introducción a Microsoft Entra ¿Qué es Microsoft Entra ID? Página de inicio con documentos oficiales que explican Entra ID: un gran lugar para comenzar ¿Qué es Microsoft Entra ID? Tutorial: Inicia sesión de usuario en Entra Node.js tutorial Tutorial: Inicio de sesión de usuarios y adquisición de un token para Microsoft Graph en una aplicación web de Node.js y Express Tutorial: Agregar inicio de sesión con Microsoft Entra Java tutorial Add sign-in with Microsoft Entra account to a Spring web app - Java on Azure | Microsoft Learn Tutorial: Registra una aplicación de Python con Entra Python tutorial Tutorial: Register a Python web app with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn Tutorial: Registra una aplicación de .NET con Entra .NET Core Tutorial: Register an application with the Microsoft identity platform - Microsoft identity platform | Microsoft Learn Primeros pasos con Entra External ID One stop shop, Plataforma de identidad para programadores. Gran punto de comienzo para aprender sobre noticias, documentos, tutoriales, vídeos y más Microsoft Entra External ID | Simplify customer identity management | Microsoft Developer Tutorial: Añade autenticación a una aplicación Vanilla SPA JavaScript tutorial Tutorial: Create a Vanilla JavaScript SPA for authentication in an external tenant - Microsoft Entra External ID | Microsoft Learn Tutorial: Iniciar sesión de usuarios en Node.js aplicación JavaScript/Node.js tutorial Sign in users in a sample Node.js web application - Microsoft Entra External ID | Microsoft Learn Tutorial: Inicio de sesión de usuarios en ASP.NET Core .NET Core tutorial Sign in users to a sample ASP.NET Core web application - Microsoft Entra External ID | Microsoft Learn Iniciar sesión con usuarios en una aplicación Python Flask Python tutorial Sign in users in a sample Python Flask web application - Microsoft Entra External ID | Microsoft Learn Tutorial: Inicio de sesión de usuarios en una aplicación Node.js JavaScript/Node.js tutorial Tutorial: Prepare your external tenant to sign in users in a Node.js web app - Microsoft Entra External ID | Microsoft Learn Tutorial: Inicio de sesión de usuarios en una aplicación .NET Core .NET Core Tutorial Tutorial: Prepare your external tenant to authenticate users in an ASP.NET Core web app - Microsoft Entra External ID | Microsoft Learn Resumen y conclusiones En resumen, te presentamos Entra y algunos de sus productos dentro de una gran familia de soluciones. También te mostramos algunos escenarios y qué productos encajarían mejor en cada uno. Esperamos que hayas tenido un gran comienzo, ¡gracias por leer!
