Microsoft Entra ID

Learn about the fundamentals of Microsoft’s cloud-based identity and access management service, Microsoft Entra ID.

Active Directory

Active Directory was introduced in 1999 as a part of the Windows 2000 Server system. Active Directory (AD) provides directory services for Windows-based networks. It is designed to manage the on-premises network resources, including user accounts, computers, printers, and other devices. Active Directory is based on Lightweight Directory Access Protocol (LDAP) and operates over TCP/IP networks. It provides authentication, authorization, and management of objects in a hierarchical structure called a directory tree.

Active Directory integrates with DNS, DHCP, and Group Policy Management (GPM) services. This integration provides administrators with flexible options for managing objects within an organizational environment. Active Directory has grown steadily over the years due to its features like single sign-on authentication and role-based access control, making it easier for organizations to manage their IT infrastructure efficiently.

The Active Directory Users and Computers console can be used to manage most AD configurations.

Press + to interact
AD on Windows is responsible for resource authentication and management.
AD on Windows is responsible for resource authentication and management.

Microsoft Entra ID

Microsoft Entra ID (previously known as Azure Active Directory (AAD)) is Microsoft’s cloud-based identity and access management solution for connecting users with applications. It can also be called an AD extension that allows organizations to manage users and groups in the cloud.

Press + to interact

Microsoft Entra ID is a comprehensive identity and access management cloud solution. It provides a secure authentication system that allows organizations to manage user access to data and resources across on-premise and cloud-based environments. It leverages various security protocols, such as multi-factor authentication, single sign-on, application proxy, and conditional access policies, to ensure that only authorized users can access organizational resources.

With Microsoft Entra ID, IT administrators can easily manage user accounts across multiple platforms without manually creating or maintaining separate accounts for each system or application. This makes it easier to ensure that only authorized users can access sensitive data.

Microsoft Entra ID offers several versions, each with a list of features and benefits. The basic version is Microsoft Entra ID Free, and there are three paid versions: Microsoft Entra ID P1, Microsoft Entra ID P2, and Microsoft Entra ID Governance.

Getting started with Microsoft Entra ID

Configuring Microsoft Entra ID doesn’t have to be complicated or time-consuming. Your organization will need an active Azure subscription to access Microsoft Entra ID services.

Follow the steps below to get started with Microsoft Entra ID:

  1. Login to Azure Portal using your Microsoft account or your company account.

  2. In the search bar, on the top, type Entra ID and then click the Microsoft Entra ID.

  3. You will then land on the Microsoft Entra ID home page/portal.

Press + to interact
Azure homepage
Azure homepage
1 of 3

Components

Microsoft Entra ID is the fundamental identity and access management service for secure authentication to Azure services. It includes several components that help organizations manage their users and resources more securely and efficiently:

  • User accounts are created when an individual wants to use the services associated with the directory. These accounts can be managed by either administrators or users, depending on the desired level of control.

  • Application registration is used to register applications that need access to Microsoft Entra ID resources to be used securely within an organization’s cloud environment.

  • Devices represent physical or virtual devices registered in Microsoft Entra ID and can be used to access resources in your organization.

  • Directory Objects are the entities in Microsoft Entra ID that represent users, groups, applications, and other directory-related objects. They are used to store and manage information about each entity, such as its name, type, or category.

  • Groups enable efficient permissions management in a hierarchical structure by allowing multiple identities to share a standard set of attributes, such as permission profiles or security policies.

  • Roles provide an organization’s administrators a way to define access levels for different entities for accessing resources in the Microsoft Entra ID.

Press + to interact
Microsoft Entra ID components
Microsoft Entra ID components

Security and compliance features

Microsoft Entra ID provides security and compliance features that help organizations maintain control over user access and identity data.

  • Microsoft Entra ID Protection feature helps protect organizational identities from malicious actors, while the Privileged Identity Management feature helps manage access to privileged accounts.

  • Single Sign-On (SSO) involves the integration of Microsoft Entra ID with applications and services so that users can access them with a single set of credentials. It supports various authentication protocols, including SAML 2.0, OpenID Connect, WS-Federation, and OAuth 2.0. Additionally, Microsoft Entra ID provides secure access controls that help protect user accounts from unauthorized access or malicious activity.

  • Multi-factor authentication (MFA) provides extra security by requiring users to provide multiple authentication methods when they log into an account. This can include providing a code via SMS or email, using biometrics such as fingerprints or facial recognition, and using hardware tokens with time-based one-time passwords. These multiple factors make it much more difficult for malicious actors to access applications, data, and networks protected by MFA.

  • Conditional Access Policies (CAP) provide a way to implement access controls and security requirements to an organization’s applications based on specific conditions. The conditions can include user identity, location, device compliance, the application accessed, etc. Based on these conditions, access can either be allowed or denied.

  • Finally, Microsoft Entra ID offers a range of monitoring and auditing capabilities that provide visibility into user activity and detailed reports about user sign-in events.

Press + to interact

These tools help organizations comply with regulatory requirements such as GDPR (General Data Protection Regulation) and HIPAA (Health Insurance Portability and Accountability Act). With these features, organizations can ensure their data is secure while meeting compliance requirements.