What is Microsoft Entra ID (Formerly Azure Active Directory?)

Microsoft Entra ID, formerly known as Azure Active Directory, is Microsoft’s enterprise cloud-based identity and access management (IAM) solution. It provides secure access to resources like Microsoft 365, syncs with on-premises Active Directory, and supports authentication protocols such as OAuth, SAML, and WS-Federation. Entra ID enhances security through features like Multi-Factor Authentication (MFA), Conditional Access, and Identity Protection, making it a comprehensive tool for managing user identities and access in a cloud-first environment.

In July 2023, Microsoft rebranded Azure Active Directory to Microsoft Entra ID to improve consistency with Microsoft’s other cloud products. The goal was for Microsoft to offer a comprehensive identity management solution beyond just traditional directory management services. Microsoft Entra includes other products like identity governance, privilege access management, and decentralized identity solutions. Unifying these services under the Entra brand allows Microsoft to offer a more integrated and holistic approach to identity management.

What was Azure Active Directory?

Azure Active Directory was a directory service built by Microsoft in 2000 and released in the Windows 2000 Server edition. As later versions of Windows Server were released, the directory was improved, and additional services were tacked on (like Active Directory Federation Services). Teams with subscriptions to Microsoft 365, Office 365, or Dynamics CRM already had access to an edition of Azure AD.

First and foremost, Azure AD helped organizations manage identities. Rather than team members connecting to many different components directly, they could connect to Azure AD instead. This freed companies from the burden of on-premise security management. Instead of spending time and money on in-house security measures that may not be foolproof, enterprises used Azure for free or at a very low cost. They received state-of-the-art security that had been perfected over time. In addition to identity management, Azure’s other big claim to fame was user access management. 

As Azure became more complex and multifaceted, oversight and management became more challenging. However, with Azure monitoring, teams could track all Azure metrics and ensure maximum ROI for their Azure spending. This gave teams a robust, lean system to help them grow and conserve time, money, and resources.

Microsoft Entra ID key features 

Now, there’s Microsoft Entra ID, a comprehensive cloud-based identity management solution. It provides a robust set of features that helps businesses manage and secure user identities across modern digital environments, including:

• Single Sign-On (SSO): Allows users to access multiple applications and servers with one set of credentials instead of multiple login credentials, improving the user experience.
• Multi-Factor Authentication (MFA): Enhances security by requiring users to use two verification methods (email/text access codes, authenticator application codes, and hardware authentication) before accessing data.
• Granular access controls: Allows organizations to set granular or conditional access policies based on user, device, location, and real-time risk detection. 
• Identity Protection: Helps prevent identity-based risks by using machine learning algorithms to detect suspicious sign-ins and other fraudulent activity.
• Privileged Identity Management (PIM): Allows organizations to use just-in-time privileges with approval workflows to minimize the number of people accessing sensitive data.

The Entra ID product suite offers more than great features for businesses. It also has security features built into the core offering, helping businesses secure data, protect customers, and comply with regulations.

It does this in a few ways:

• Customizable access controls to help organizations limit access to data and the scope of potential data breaches
• Features to help businesses comply with regulatory requirements like GDPR
• Encryption of data at rest and in transit
• Detailed logging for security analysis
• Regular security audits and penetration testing

One big benefit of working with Entra is that you can use other software in the Microsoft ecosystem. Entra integrates seamlessly with other Microsoft products, such as Microsoft 365, Azure Services, Dynamics 365, and the Power Platform.

Microsoft Entra also works well for developers, allowing them to build applications and authenticate seamlessly. It supports:

• Industry-standard protocols like OAuth 2.0 and OpenID Connect
• SDKs and APIs to integrate custom applications with Entra ID
• B2C capabilities for managing customer identities

Businesses that use Microsoft Entra get this comprehensive set of features—and more—that allow them to streamline identity management in their organization. It helps improve security, streamline access management, and enhance the overall cybersecurity posture.

Active Directory vs. Azure AD vs. Entra ID

While often used interchangeably, there is a difference between Active Directory and Azure AD. Azure Active Directory evolved from the cloud-based identity and access management solutions of its time. First released in 2000, Microsoft built Active Directory Domain Services to offer enterprises more control over infrastructure management. Single users could log in and manage various infrastructure components from one place, marking a turning point in directory management technology.

Azure AD was like an upgraded version of Active Directory, providing Identity as a Service (IaaS). IaaS is a cloud-based authentication service operated by an offsite provider that ensures that users are who they say they are. 

Entra ID is the evolution of Azure AD. It takes the benefits of IaaS and adds features that help businesses integrate with modern cloud resources and hybrid environments. It has the capabilities of Activity Directory and Azure AD (user logins, user roles) and adds modern tools like OAuth for developer access, risk-management features, identity protection, and privileged access.

Entra ID is new and offers more flexibility and features than Azure AD and Active Directory, making it the clear solution for businesses that want a reliable service that offers more. But it’s important to understand what extra it offers. Here are a few ways it stands apart from traditional directory services.

Scope and vision

Azure AD and Active Directory were primarily focused on on-prem and cloud-based identity and access management. Entra ID is more comprehensive and is included in the entire Entra product family. It has other features like Entra Permissions  Management and Entra Verified ID to help businesses build a more comprehensive identity management solution.

Product features

Azure AD and Active Directory contained many features that help businesses manage user identity by assigning IDs and roles to users. Entra ID offers a more comprehensive set of features and improvements in decentralized management, multi-cloud features, and advanced security and compliance capabilities.

Integrations

Active Directory was an identity management solution, and Microsoft Azure AD added to that by offering integrations with Microsoft’s cloud services. Entra ID has more flexibility. It not only integrates with Microsoft’s cloud services but also extends beyond Microsoft’s ecosystem to offer better support in multi-cloud and hybrid environments.

Security approach

Azure AD’s security approach was based on cloud-based identity security, and Active Directory used Lightweight Directory Access Protocol (LDAP) to manage on-prem authentication. Entra ID is broader and includes security features like threat detection, identity governance, and risk-based conditional access for different scenarios.

Comparison chart between Active Directory and Azure AD and Entra ID

What are the benefits of Microsoft Entra ID?

Many teams operate in an increasingly hybrid model, which means companies must be able to move fluidly between onsite and remote resource management. Each team member must be empowered to access what they need regardless of location, which raises new security concerns. When many devices attempt to gain access, how do admins know whether they are legitimate users or rogue cyber attackers?

As infrastructure diversity grows, organizations need to uplevel their authentication methods and make sure privileges are in the hands of only those who need them. Entra ID offers precisely this, along with other key benefits, for modern organizations that want to prioritize both flexibility and safety. Rather than a traditional network access security perimeter, Microsoft provides authentication at the layer of organizational identity.

Access to various applications is simplified

With features like single sign-on, IT administrators can access many different apps from the same login. This is done either through authentication or federation. Entra ID also provides a more granular level of control compared to Azure AD, which helps in multi-cloud environments. 

Users save time with self-service features

Team members can reset passwords by responding to extra security questions. This means authority isn’t required to unlock user accounts whenever something happens. Users can also create and manage new groups and associated memberships. Dynamic groups are groups where membership is automatically given according to a user’s attributes.

Security is achieved through multiple features 

Entra ID provides a two-step verification process for users. Different users may be granted conditional access according to device type, network, user roles, and even the risk level of signing in. Extra protection is also available through advanced detection of identity risks and enhanced PIM.

Collaboration for B2B and B2C is streamlined

Teams can add partners to various projects and share pertinent information. If a business has its own app, customers can log in, and Entra ID will manage their identities.

Detailed reports give more control over user activity

Administrators are never in the dark with real-time data and access to high-quality reporting. They can access accounts that might be in danger and identify spam accounts. Activity logs are given in tenant reports. 

How to set up Microsoft Entra ID

Organizations can set up Microsoft Entra ID using a few simple steps:

1. Sign in to the Azure portal to access your Microsoft account
2. Create an Entra ID tenant by searching for Entra ID and selecting “create Tenant”
3. Configure basic settings like organization name and domain
4. Set up a custom domain if available
5. Create new user accounts in Microsoft Entra (or sync existing Active Directory accounts if coming from an on-prem installation)
6. Set up groups and user roles to restrict access to only what’s needed
7. Configure security settings like MFA for enhanced security

These steps will allow you to set up a simple Entra ID solution. Depending on your needs, additional steps are available, such as integrating pre-existing applications like Office and custom apps and creating reporting to gain insights into the Entra environment.

Microsoft Entra ID editions

Microsoft Entra ID is available in four versions: Free, Entra ID P1, Entra ID P2, and Microsoft Entra Suite.

Free

The free version is accessible once a business signs up for a Microsoft service, such as an Office 365 subscription. Users of the free Entra ID get a taste of the platform’s capabilities and how it provides value in the era of cloud-based technology. These capabilities include:

• Scalability: Free Entra ID supports up to 50,000 objects (users, roles, and assignments) and up to 300,000 for verified domains.
• Registration of Devices: Devices can be registered in Entra ID’s free version to support work-from-home employees or those who bring their own devices to work.
• Security Reports: While not the most comprehensive reports available in Entra ID, the free version includes standard reports that help teams monitor security.
• Microsoft Entra Connect: This is available in all editions.
• PowerShell: A command environment that utilizes cmdlets to automate things in the management of systems

The free edition is ideal for testing but not for a live environment because it doesn’t have key security features. Many teams get comfortable with the free version and upgrade to the premium as their needs advance. 

Premium 1 and Premium 2

There are two premium versions of Entra ID, known as P1 and P2. P1 opens users up to an entire realm of new controls, like:

• Advanced Security Reports
• Advanced Application Use Reports run by machine learning
• Self-Serve Group Management
• System for Cross-domain Identity Management support
• Multi-factor Authentication
• User Licenses for Microsoft Identity Manager

Premium 2 is a step up for advanced enterprise technology management. P2 has all the basic functions of P1, with eight added functions. These additional functions fall under the categories of threat protection and identity governance. With P2, users can:

• Receive tailored recommendations to boost security
• Calculate levels of risk
• Provider greater capability to investigate risks when detected
• Set up limited timeframes for specific resource access
• Receive an audit history
• Manage access to groups and apps for both internal and external users
• Implement risk-based access controls
• Enable privilege identity management

Entra ID Governance

Entra ID governance is an advanced set of features for P1 and P2 customers. It contains additional features like:

• Lifecycle workflows
• Identity governance dashboard
• Advanced entitlement management

Office 365 is free, and extra features are included in the following editions: E1, E3, E5, F1, F3. Premium 1 costs $6 per user per month, Premium 2 costs $9 per user per month, and ID Governance costs $12 per user per month. Both Premium editions come with a 30-day free trial. Get more visibility and insight into your Azure Cloud costs.

The future of cloud computing

Microsoft Entra ID is anything but static. Features are added and updated regularly for superior functionality. Security needs are changing quickly as cyberattacks become more sophisticated and companies transition to remote work flexibility. As the second-largest cloud-based service provider, Entra ID and Microsoft Entra External ID equip teams to get ahead of their competition in cloud computing. 

Interested in maximizing Azure ROI, gaining visibility, and sealing security vulnerabilities? Monitoring your company’s entire Entra ID infrastructure can give you a single-pane view of all your critical business operations.