Microsoft Entra: high-level preview
Microsoft Entra: Secure access for a connected world
Microsoft just set a new product available: Microsoft Entra: a modern identity and access solution. Accessible on the URL: https://entra.microsoft.com/ - it is designed as identity supersolution platform with a signle-pane of glass experience that combines:
- Azure Active Directory - Central cloud based identity provider (IdP) and access management
- Permissions Management (previously CloudKnox Permissions Management) - Discover, remediate, and monitor permission risks for any identity and
any resource across your cloud infrastructure
- Verified ID - Enable more secure interactions while respecting the privacy of individuals
Microsoft Entra overview page
Azure Active Directory's most important components are built-in into the Entra portal. Although there are some segments restructured.
The overview is quite familiar and similar to the AAD portal.
- All users - show all users and their attributes
- Deleted users - show deleted users and restore them
- User settings - User settings (external collaboration settings and user feature settings)
- All groups - show all groups and their attributes
- Deleted groups - show deleted groups and restore them
- Group settings - User settings (general settings such as Self Service Group Management, group access, Security Groups, Microsoft 365 Groups, expiration and naming policy)
Devices provides an overview, a list of all Azure AD joined/registered devices and BitLocker keys.
- Enterprise Applications - local service principal or instance of an application object (App Registration) created by another organization
- App registrations your own (global) definition of an application
Roles & admins
- Azure privileged role list (built-in) - shows all default administrative roles of AAD
- Admin units - a container of resources that are fully managed through a dedicated admin unit
- Licenses a complete page about all product licenses and their features
- Linked subscriptions trust relationship with another Azure Active Directory
- Preview hub - a list of new preview features for AAD
- Domain names - custom domain names
- Mobility - add MDM and MAM application > Learn more about Microsoft Endpoint Management
Protect & secure
Especially this segment is unique by making a clear listing about AAD security features.
- Conditional Access - Learn more
- Identity Protection - Evaluate user and sign-in risk based on different criteria
- Security Center
- Identity Secure Score - a representation of your organization's security posture and your opportunity to improve it
- Multifactor authentication - redirection to the MFA portal to set up MFA methods and configurations
- Authentication methods - set up different authentication methods (FIDO2, Microsoft Authenticator, Text message, Temporary Access Pass, Certificate-based authentication) or Password Protection
- Password reset - configure Self-service password reset (SSPR)
- Custom attributes - configure custom key-value security attributes for Azure AD objects (users or applications)
- Risky activities - redirection to Identity protection risky users hub
- Entitlement management - manage digital identities securely and efficiently with Azure Active Directory Identity Governance
- Access reviews - review user access to resources (groups, applications, roles) regularly to fulfill the identity lifecycle
- Privileged Identity Management (PIM) - Learn more
Mange external identities with AAD B2B or B2C. Add common identity providers (e.g. Google, Facebook) or through SAML/WS-Fed IdP. Create User flows and adjust Cross-tenant access settings and External collaboration settings.
- Company branding - Company branding includes uploading company logos and adjusting the colors of all Office online components
- Azure AD connect - integrate your hybrid identities with Azure AD connect synchronization and manage provisioning, sign-in, on-premises applications and health and analytics
Monitoring & health
This is the new monitoring experience of Azure AD. Learn more
- Sign-in logs - Sign-in logs show any authentication against Azure AD with the corresponding information
- Audit logs - display events on Azure resources. So it's all about operational logs from your tenant
- Provisioning logs - provisioning logs are generated from the provisioning service when creating or modifying resources
- Log Analytics Learn more
- Diagnostic settings - connect service logs to a log/storage solution
- Workbooks - Workbooks cover the visualization aspect of logs in AAD
- Usage & insights - from: Azure AD application activity, AD FS application activity, Authentication methods activity, Service principal sign-in activity
- Bulk operations
Discover, remediate, and monitor permission risks for any identity or resource across your landscape
Issue, customize, verify, revoke and build your identities.
- Decentralized identity service
- Claim or attest verify credentials, status, certifications, IDs, memberships or any unique identity attributes
- Secure people's interactions while respecting the privacy of individuals
- Cryptographic keys stored in Azure Key Vault
I think Microsoft Entra is a great new portal that cleans up some of the identity and access resources throughout the Microsoft environment - especially for the distributed security centers. There are useful links to all sorts of services, even if they sometimes lead to "old" portals, where I would sometimes call it a confusion between all the different portals.
But I suspect Microsoft is trying to focus more and more on Entra as a holistic identity platform and if we get new products it is even better.