Microsoft Entra is a new product family that integrates all of Microsoft's identity and access capabilities, including Azure AD and two new product categories: Cloud Infrastructure Entitlement Management (CIEM) and Decentralized Identity. A technology presentation from Microsoft.
The Entra family of products will help enable secure access to anything and everything by integrating identity and access management, cloud infrastructure entitlement management and identity verification.
Sealing off no longer works in the networked world
When the world was even more manageable than it is today, it was relatively easy to control digital access. We have simply sealed off IT systems from outside access. But that no longer works today because people and organizations are extensively networked with each other. We don't just communicate in one direction. Rather, it is part of our everyday life that other people, companies, devices or even "things" from the Internet of Things communicate with us.
This complex communication landscape gives rise to a practically unlimited number of access and thus also attack possibilities along the value chain of companies. It is virtually impossible to anticipate and account for all of them, especially when involving third-party systems, platforms, applications and devices that are beyond the control of any single organization. Because security challenges have become much broader, we need broader solutions. We need to secure access for every customer, partner and employee - for every microservice, sensor, network, device and database.
A comprehensive solution must address all parts of the problem
And this solution must be simple. Businesses don't want to deal with overly complex solutions that only address part of their problems and only work in part of their environment. Rather, access by humans and machines must be as granular as possible and dynamically adapt to current requirements, automatically and based on real-time risk assessments. And it has to work everywhere: in the on-premises data center, in Microsoft Azure, Amazon Web Services, the Google Cloud Platform - and in all applications, websites and devices that are hosted or supported there.
From these considerations and decisions, our new product family was born, with which we enable secure access to everything and with which we integrate identity and access management, cloud infrastructure entitlement management and identity verification: Microsoft Entra.
New requirements need a new understanding of “identity”
For the success of Microsoft Entra, we have evolved the notion of "identity": For our fully connected world, we need a flexible and agile model in which people, organizations, applications and even intelligent things can make access decisions in real time. With Microsoft Entra, we will extend our identity and access solutions to provide the foundation of trust for the entire digital ecosystem. Entra verifies all types of identities and secures, manages and regulates their access to any resource.
The new product family will:
- protect access to any application or resource for any user,
- verify and secure each identity in hybrid and multi-cloud environments,
- Discover and manage permissions in multi-cloud environments and
- simplify the user experience with intelligent, real-time access decisions.
Microsoft Entra at a glance
We will integrate our flagship identity and access management product, Microsoft Azure Active Directory (Azure AD), with Microsoft Entra. The key features of Azure AD, including conditional access and passwordless authentication, remain unchanged, and Azure AD External Identities is also retained as an identity solution for customers and partners.
We will also introduce new solutions and product categories around Microsoft Entra. We are announcing three of these innovations today: "Permissions Management", "Verified ID" and "Identity Governance".
Permissions Management: Reduce access risks in multi-cloud environments
🔎 Structure of Microsoft Entra Permissions Management (Image: Microsoft).
The use of multi-clouds from different providers has led to a massive increase in identities, authorizations and resources on public cloud platforms. This increases the attack surface for organizations and increases the risk of negligent or malicious abuse of permissions. Without visibility across cloud providers and tools to provide a consolidated view, it has become nearly impossible for identity and security teams to manage permissions and enforce the principle of least privilege across the entire digital estate.
Acquisition of CloudKnox Security in July 2021 we are now the first major cloud provider to have a solution for CIEM ("Cloud Infrastructure Entitlement Management") in its portfolio: Microsoft Entra Permissions Management provides a comprehensive view into the permissions of all identities (users and workloads), actions and resources in multi-cloud infrastructures.
The technology helps to identify unused and oversized permissions and, if necessary, to correct them. It also mitigates the risk of data breaches through the principle of least privilege in Microsoft Azure, Amazon Web Services and Google Cloud Platform. Microsoft Entra Permissions Management will be available worldwide as a standalone offering in July this year. We will add the technology to the dashboard of Microsoft Defender for Cloud integrate to extend the protection there to CIEM. In addition, our customers can use the preview of the Workload Identity Management in Microsoft Entra Assign and secure identities for any application or service hosted in Azure, extending the reach of access control.
Verified ID: Secure interactions via self-managed identities
Verified ID represents our commitment to an open, trusted, interoperable, and standards-based future of decentralized identities for individuals and organizations. Instead of allowing a growing number of applications and services to access identities again and again and disseminating identity data via numerous providers, Verified ID puts the decision in people's hands as to what information they share, when and with whom and – if necessary – take them back and organizations.
With decentralized managed identities, there are a variety of use cases: For example, if we can verify an organization's credentials in less than a second, conducting business-to-business and business-to-customer transactions becomes more efficient and reliable. This also applies to background checks, which are getting faster and better as individuals can store and share their educational and certification records digitally. And dealing with health data that is particularly worthy of protection becomes less stressful if both medical staff and patients can verify the identity of the other. Microsoft Entra Verified ID will be generally available in early August.
Identity Governance: Automate critical identity governance scenarios
Setting up new users and guest accounts and manually managing their access rights is a huge hassle for IT and security teams. As a result, this often delays the onboarding of new employees or the integration of external partners, who often have to start without the access and authorizations necessary for their work. In addition, without formal or automated processes for deactivating the accounts after a role change, the departure of employees or the end of cooperation with partners, their original access rights often remain.
Identity governance solves this problem via "identity lifecycle management" that simplifies the processes for onboarding and offboarding users. Lifecycle workflows simplify the assignment and management of access rights and the monitoring and tracking of access. Identity Governance will be in public preview in July.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.