Microsoft Entra is the new umbrella for Azure Active Directory
With Microsoft Entra, Microsoft introduces a new product family in which identity management becomes the focus of the corporation. Basically, the focus of Entra is primarily on user management in networks and cloud services.
As a provider of IAM solutions both on-premise and in the cloud, this is good news for FirstAttribute. There is increasing focus on the importance of identity management as a key component of an organization’s IT security strategy.
Microsoft Entra addresses multicloud infrastructures
Identity security is playing an increasingly important role in the authentication of networks, cloud services and hybrid environments. In the future, the services in Entra will not only be used in Microsoft networks, but also in cloud structures with AWS and Google Cloud Platform (GCP). Entra is therefore Microsoft’s answer to multicloud infrastructures in which Active Directory credentials are also frequently used.
Identity lifecycle in the cloud and in hybrid networks
Since Active Directory and Azure AD are being used in more and more services and on different platforms, Microsoft has decided to take these requirements into account. Microsoft Entra is a new product family on the market that focuses on managing and securing identities.
In parallel, the management of authorizations of the identities in the cloud takes place and enables the monitoring of these areas. In addition, there is the possibility of automation. With Microsoft Entra, Microsoft wants to provide a central instance with which identities can also be controlled centrally for other cloud services. Of course, Azure AD is to be the most important component here.
Entra is intended to accompany identities throughout their entire lifecycle, like a kind of meta-solution with additional services. In the future, it should also be possible to perform more authentications without a password and instead work with modern technologies such as Windows Hello or authentication apps. These options already exist in Microsoft accounts and also in Azure AD. With the functions in Microsoft Entra, these functionalities should work across the entire internet.
Microsoft Entra with FirstWare IDM-Portal: Better together
Together with IAM solutions, such as FirstAttribute’s FirstWare IDM-Portal, this enables organizations to integrate comprehensive access rights management that
- is easy to manage,
- provides a secure database and
- together with the Entra services, provides an improvement of the authorization management in hybrid networks.
In addition, there are AI technologies and various functions for automation.
It is important to note that Microsoft Entra does not comprehensively extend the management capabilities of Azure AD and Active Directory. Therefore, solutions are still needed to manage the identities. Entra does not replace such solutions, but complements them and enables their use across platforms.
Add to that Entra’s ability to work in hybrid multicloud environments that also use Active Directory and user replication. AWS and Google Cloud Platform (GCP) both allow synchronization with an on-premises AD. Here, Microsoft Entra can support, but requires additional solutions, such as FirstWare IDM-Portal, for proper user account maintenance.
Entra also has no answer for managing contacts and permissions in Microsoft Teams. These requirements, in turn, can be supplemented with my-IAM, FirstAttribute’s new cloud identity management platform that specializes in Microsoft Teams.
Attacks on identities continue to increase
The number of identities is increasing simultaneously with the number of times they are used. Users have to authenticate themselves to more and more services in the local data center, private clouds and also in cloud platforms. This often involves the same user account, which in many cases has its basis in Active Directory and migrates to the cloud through synchronization. But identities in the cloud, for example in Azure AD or Microsoft 365, are also being used for more and more areas of application and should therefore be protected accordingly.
Parallel to the area of use, phishing attacks and other attacks on identities are increasing enormously. This is shown by various studies and statistics in this field:
- Remote access data has become a coveted trade item in relevant Internet forums.
- According to the Verizon Data Breach Incident Report, credentials are the most sought-after category of data in security breaches, accounting for more than 60 percent.
- According to the Identity Defined Security Alliance, 79% of organizations have experienced an identity-related security breach in the past two years.
- According to Gartner, “[…] many data breaches are caused by security and identity tools that have been configured incorrectly or incompletely, or whose configuration is outdated.” (Gartner, Predicts 2022).
- In 2021, ransomware attacks increased 93%, according to the Cyber Attack 2021 Mid Year Report.
Such statistics demonstrate the need for appropriate security measures to improve identity data protection.
Azure AD authentication service moves to the forefront
In response to these threats and the growing number of identity requirements, Microsoft intends to use Entra to push its Azure AD authentication service more to the forefront. Of course, even after integration with Microsoft Entra, organizations can continue to synchronize local user accounts from Active Directory with Azure AD. These synchronized accounts can then be used more extensively. Local maintenance of user accounts will therefore continue to play a decisive role in hybrid networks in the future.
Azure AD is the mainstay of Microsoft Entra. However, Microsoft is not changing any functionalities in Azure AD so that they only work in Entra. All current functions of Azure AD are retained, including security services such as conditional access or passwordless logon. Nevertheless, Azure AD also works with the other services in Entra. It is expected that the functionalities will be extended and more features will be added to Entra. With Azure AD, it is possible to control the identities of workloads that are deployed in Azure. Workload identities can also be protected with conditional access and other features.
Cloud Infrastructure Entitlement Management
Besides Azure AD, Entra Permission Management as Cloud Infrastructure Entitlement Management (CIEM) is a service that belongs to Entra. This is the CCloudKnox Permissions Management product, which Microsoft has renamed. Microsoft acquired the vendor, CloudKnox Security, in June 2021. The CIEM solution keeps an eye on users’ rights in cloud platforms and can take automated countermeasures if a user has too many rights.
If necessary, the service can automatically restrict the rights of users and also release them again if required. For this purpose, the respective user can request the release in a self-service portal and receives it back through Entra Permission Management. This makes it possible to reliably protect entire environments from excessive rights. This also works in multicloud environments with AWS and Google Cloud Platform (GCP).
Entra Permission Management also works with AI technologies to automatically detect and counteract anomalies in the use of permissions. Misuse of assigned rights can thus be detected and the dangers in this area immediately eliminated. In parallel, Entra Permission Management can also generate reports that show how permissions are used in the company.
Entra Verified ID – The decentralized identity solution in the cloud
In addition to Azure AD and Entra Permission Management as CIEM, Entra Verified ID is the third pillar in Entra. This solution is designed to simplify the registration and onboarding of new users. The basis of the service is again Azure AD. The solution is intended to allow credentials for external services to be handled via Azure AD as well, with simultaneous storage of other information, such as health data. In general, Entra Verified ID can function in a similar way to Post Ident, i.e. it can also verify the authenticity of users. Users can control the data stored in the ID, and users can also specify who should have access to the data. It is also possible that different rights are granted, which users can release themselves.
Identity governance with Microsoft Entra
To ensure identity security, companies can use guest accounts and other identities and grant rights that are not intended to be permanent. This is important for collaboration with partners, where accounts can be automatically expired or permissions canceled when an employee leaves. The component in Entra includes identity lifecycle management, which can be used to significantly simplify onboarding. Here, too, the basis is Azure AD. The components are managed in the Microsoft Entra Admin Center, which can be accessed via the URL https://entra.microsoft.com. The login is done with an admin account from Azure AD.
The most important information about the connected directories can be found in the Microsoft Entra Admin Center under “Azure Active Directory” via “Overview”. The available details quickly make it clear that Microsoft wants to significantly enhance the importance of Azure AD in the future and also bring it into use outside of the Microsoft world. To this end, it will continue to play an important role in the future that the data is correctly maintained. This also applies to synchronization between local AD environments and Azure AD.
About FirstAttribute AG
FirstAttribute AG is an independent German cloud service and software company with a focus on Identity & Access Management (IAM) for AD and M365/Azure AD.
You can find out everything you need to know about our products and services here.