Microsoft Entra ID: Creating Identities for Maximum Efficiency

Microsoft Entra ID (formerly known as Azure Active Directory) is a service in Azure which provides identity and access management solution.

This is where we create users and other identities, which will then internally integrate with other Microsoft 365 services like Exchange Online, SharePoint Online after you provide license to the users from the portal.

An identity is an Object in Microsoft Entra ID. We can create users, groups, guest users, contacts, devices in the admin center, after we create Identity, it can be used across multiple workloads in Microsoft 365.

If your organization is already using Windows Active Directory and it has 20,000 identities already created, after your organization starts using Microsoft 365 services, it does not make sense to create 20,000 identities in Microsoft Entra ID.

The organization can use Microsoft Identity Management tool, Microsoft Entra connect or Microsoft Entra Cloud Sync to sync the identities from Windows Active Directory to Microsoft Entra ID, depending on the organizations requirement.

Authentication (process of proving that an identity (user) is who they say they are). Once Microsoft Entra verifies the password, the user will be able to login into the Microsoft 365 portal. The service can authorize various identities including External Identities.

Example: a user opens https://portal.office.com and enters the username user@aashu.co.in and password “***********”

Conditional Access is a feature in Microsoft Azure that will use IF – ELSE condition when the user login into Microsoft 365 portal, if a user wants to access a resource, then they must complete an action.

CA are enforced after first-factor authentication (Username and Password entered) is completed. Example: Users must undergo multifactor authentication or log in from a designated IP to access the application or service.

During the sign-in process, the system prompts users for an additional form of identification as part of the Multifactor Authentication (MFA) process. 2 factor authentication is another name for Multifactor authentication.

MFA will show up after the user enters the correct password while logging into Microsoft 365 portal. The methods available for MFA are Microsoft Authenticator, Windows Hello for Business, FIDO2 security key, SMS, Voice call.

After the username and password is verified to be true, Microsoft Entra ID will confirm which services in Azure and Microsoft 365, the user will have access to, this process is known as Authorization. Authorization determines the level of access or the permissions an authenticated person has to your data and resources.

Example: Upon logging in, users will access a limited selection of Microsoft 365 apps based on assigned licenses.

An organization can manage cloud applications and on-premises apps using Microsoft Entra Application Proxy. Microsoft Entra application proxy provides secure remote access to on-premises web applications.

This means, the user can login into Microsoft 365 portal and will be able to access the on premises application.

This feature restricts admin access, overseeing and auditing sensitive resource usage within the organization.

PIM provides the below features.

This feature helps organizations detect, investigate, and remediate identity-based risks.

Administrators can configure Identity protection policies to respond to suspicious actions, and then take appropriate action to resolve them.