Microsoft Entra: Secure access for a connected world

Microsoft just set a new product available: Microsoft Entra: a modern identity and access solution. Accessible on the URL: - it is designed as identity supersolution platform with a signle-pane of glass experience that combines:

  • Azure Active Directory - Central cloud based identity provider (IdP) and access management
  • Permissions Management (previously CloudKnox Permissions Management) - Discover, remediate, and monitor permission risks for any identity and
    any resource across your cloud infrastructure
  • Verified ID - Enable more secure interactions while respecting the privacy of individuals

Microsoft Entra overview page

Azure Active Directory

Azure Active Directory's most important components are built-in into the Entra portal. Although there are some segments restructured.



The overview is quite familiar and similar to the AAD portal.


  • All users - show all users and their attributes
  • Deleted users - show deleted users and restore them
  • User settings - User settings (external collaboration settings and user feature settings)


  • All groups - show all groups and their attributes
  • Deleted groups - show deleted groups and restore them
  • Group settings - User settings (general settings such as Self Service Group Management, group access, Security Groups, Microsoft 365 Groups, expiration and naming policy)


Devices provides an overview, a list of all Azure AD joined/registered devices and BitLocker keys.



  • Enterprise Applications - local service principal or instance of an application object (App Registration) created by another organization
  • App registrations your own (global) definition of an application

Learn more about it

Roles & admins

  • Azure privileged role list (built-in) - shows all default administrative roles of AAD
  • Admin units - a container of resources that are fully managed through a dedicated admin unit


  • Licenses a complete page about all product licenses and their features
  • Linked subscriptions trust relationship with another Azure Active Directory


Protect & secure

Especially this segment is unique by making a clear listing about AAD security features.

  • Conditional Access - Learn more
  • Identity Protection - Evaluate user and sign-in risk based on different criteria
  • Security Center
  • Identity Secure Score - a representation of your organization's security posture and your opportunity to improve it
  • Multifactor authentication - redirection to the MFA portal to set up MFA methods and configurations
  • Authentication methods - set up different authentication methods (FIDO2, Microsoft Authenticator, Text message, Temporary Access Pass, Certificate-based authentication) or Password Protection
  • Password reset - configure Self-service password reset (SSPR)
  • Custom attributes - configure custom key-value security attributes for Azure AD objects (users or applications)
  • Risky activities - redirection to Identity protection risky users hub

Identity Governance

  • Entitlement management - manage digital identities securely and efficiently with Azure Active Directory Identity Governance
  • Access reviews - review user access to resources (groups, applications, roles) regularly to fulfill the identity lifecycle
  • Privileged Identity Management (PIM) - Learn more

External Identities

Mange external identities with AAD B2B or B2C. Add common identity providers (e.g. Google, Facebook) or through SAML/WS-Fed IdP. Create User flows and adjust Cross-tenant access settings and External collaboration settings.

User experiences

  • Company branding - Company branding includes uploading company logos and adjusting the colors of all Office online components

Hybrid management

  • Azure AD connect - integrate your hybrid identities with Azure AD connect synchronization and manage provisioning, sign-in, on-premises applications and health and analytics

Monitoring & health

This is the new monitoring experience of Azure AD. Learn more

  • Sign-in logs - Sign-in logs show any authentication against Azure AD with the corresponding information
  • Audit logs - display events on Azure resources. So it's all about operational logs from your tenant
  • Provisioning logs - provisioning logs are generated from the provisioning service when creating or modifying resources
  • Log Analytics Learn more
  • Diagnostic settings - connect service logs to a log/storage solution
  • Workbooks - Workbooks cover the visualization aspect of logs in AAD
  • Usage & insights - from: Azure AD application activity, AD FS application activity, Authentication methods activity, Service principal sign-in activity
  • Bulk operations

Permissions Management

Discover, remediate, and monitor permission risks for any identity or resource across your landscape

Source: Microsoft

Source: Microsoft

Verified ID

Issue, customize, verify, revoke and build your identities.

  • Decentralized identity service
  • Claim or attest verify credentials, status, certifications, IDs, memberships or any unique identity attributes
  • Secure people's interactions while respecting the privacy of individuals
  • Cryptographic keys stored in Azure Key Vault

Source: Microsoft



I think Microsoft Entra is a great new portal that cleans up some of the identity and access resources throughout the Microsoft environment - especially for the distributed security centers. There are useful links to all sorts of services, even if they sometimes lead to "old" portals, where I would sometimes call it a confusion between all the different portals.
But I suspect Microsoft is trying to focus more and more on Entra as a holistic identity platform and if we get new products it is even better.


You’ve successfully subscribed to Oceanleaf
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.