Microsoft Entra: Understanding the Product Family

Microsoft Entra: Understanding the Product Family


Seen it many times but have yet to deal with it, Microsoft Entra. The product family offers a comprehensive set of products for managing identities and their access in different cloud environments and more. In this blog post, I try to explain the products briefly.
Please take the information with a pinch of salt, I found the information at hand sometimes confusing, and please leave your feedback when I’m wrong.

What is Microsoft Entra?

Microsoft Entra was introduced last year and combines partly new and old identity and access products into a new product family. It’s a package of different centralized permission and access management products, not only but mostly for multi-cloud environments. So you can govern and administrate Microsoft Azure, Amazon Web Services (AWS), and the Google Cloud Platform (GCP) Access and Privileges with it.
The management for Microsoft Entra can be found here

But what products are included in the Microsoft Entra product family?

Currently, four solutions are globally available, and one is in public preview.

Microsoft Azure Active Directory

Microsoft Azure AD is the already known centralized cloud identity and access management solution and is now part of Microsoft Entra. It will stay the same; no feature cuts are known to me right now.

Microsoft Entra Permissions Management

The Entra Permissions Management Solution, formerly known as CloudKnox, is a Cloud Infrastructure Entitlement Management, in short CIEM (not SIEM). It discovers, remediates, and monitors privileges and access for human and workload identities across multiple cloud infrastructures like Microsoft Azure, Amazon Web Services (AWS), and the Google Cloud Platform (GCP). Further, it contributes to a Zero Trust Security Framework by continuously enforcing a least-privilege access model. For this, it uses AI that detects anomalies in the use of rights. Does a user need more rights? It will grant more rights; does a user need fewer rights, it will reduce them. Oh, and it will detect anomalies, e.g., when rights are abused.

Microsoft Entra Verified ID

Microsoft Entra Verified ID is a decentralized service that helps to validate user identities with ID verification providers. This should ensure trustworthy self-service enrollment and faster onboarding. It is based on open standards and is a secure way to verify your identity when signing up for online services, such as online banking, shopping, and other activities. Microsoft Entra Verified ID uses a combination of biometric data, such as your face, voice, and fingerprint, as well as additional personal information, such as your name, address, and date of birth, to verify your identity. This helps to ensure that the person signing up for the service is who they say they are.

Microsoft Entra Workload Identities

Microsoft Entra is an identity and access management solution for Workload Identities like applications, services, scripts, or containers, in short, good old “service accounts”, which should help organizations securely manage access to their workloads. It secures access, detects risks, and manages the lifecycle for workload identities. You can delegate access reviews for Workload Identities to the responsible people, who can then check, and allow or deny further access for these identities.

Microsoft Entra Identity Governance (In Preview)

Microsoft Identity Governance helps organizations protect their data and resources by managing user access and providing visibility into user activities. It enables organizations to control user access to applications, data, and other resources and to monitor user activities to ensure compliance with the set corporate policies. It also provides a comprehensive set of tools to help organizations manage user identities, access rights, and privileges. Microsoft Identity Governance allows organizations to reduce the risk of data breaches, improve user productivity, and ensure compliance with industry regulations.