Request demo

Microsoft Azure AD expands into Entra ID – this is what you need to know

Microsoft recently shared some big news. They have launched a new version of Azure AD, renaming the product into Entra ID. Microsoft says they wanted to simplify their product naming and unify their product family. 

Entra ID is a cloud-based identity and access management solution that helps organizations secure and manage identities for hybrid and multi-cloud environments. Entra is an umbrella term for all things related to identity and access in the M365 environment. Entra ID has the same managing and protecting capabilities as Azure AD. But with two new products added to Entra ID, Microsoft is dipping its toes into the SSE world.

 

Contents

Azure AD into Entra ID - what will stay the same?
What's new?
The wider Entra product family
Zero Trust at the basis of Microsoft's future development
Why is identity and access protection so critical?
When identity is not enough for secure access

 

Azure AD into Entra ID - what will stay the same?

You’ll see notifications of the Entra ID name change in the administrator portal, on Microsoft websites, in documentation, and in other places where you may interact with Azure AD. As Microsoft highlights, the change in the product name does not require any effort from the user. 

Some features slightly change while others don't. Recently Microsoft added new features to the toolkit, such as ID protection, ID governance, and Workload ID.

Let’s look at all the features that will remain the same:

  • Capabilities 
  • Licensing plans 
  • Sign-in URLs
  • APIs 
  • All existing deployments
  • Configurations
  • Integrations

 

What's new?

New Microsoft Entra ID contains a whole bunch of new features, many of which revolve around security.

Some of the new features contain, for example:

  • Entra provisioning guidance experience
  • Enhanced user management
  • Device management
  • SLA attainment
  • Dynamic administrative units
  • Role management
  • Cross-tenant synchronization
  • Sign-ins
  • On-premise application provisioning


Entra ID introduces a new user experience by allowing centralized governance of user identities. It also applies adaptive secure access and identity protection.

One of the new features is cross-tenant synchronization. Entra ID allows a user to synchronize multiple tenants by enabling the user to automate the provisioning of identities across the organization. This simplifies collaboration within the organization.

Entra ID offers also a set of security features as a part of tenant protection, such as Entra Conditional Access, Entra ID Protection, and Verified ID method.

Users can control and monitor security features easily in the administrator portal, where it is possible, for example, to capture user sign-in logs with parameters like DateTime, RequestID, and user and login IP address details.

 

The wider Entra product family

The biggest changes coming along with Entra ID are the extended Entra product family, including Microsoft Entra Internet Access and Microsoft Entra Private Access. These products are part of a wider construct that Microsoft calls Global Secure Access.

Let's take a look at what these products offer:

Microsoft Entra Internet Access

Microsoft Entra Internet Access is an identity-centric Secure Web Gateway (SWG), a solution for SaaS apps and internet traffic. It is aimed to protect against malicious internet traffic and other security threats. It is designed to work together with Microsoft Entra Private Access, unifying access policies across all internet resources and SaaS apps.

Microsoft Entra ID has integrated all identity-centric access controls and enables Conditional Access to be extended to any external destination (internet resource or cloud application), even when they are not integrated with Entra ID. It can also be deployed as a main solution to protect access to all internet resources and SaaS, but it can also be used side-by-side with other SSE solutions.

A central feature offered by Microsoft Entra Internet Access is Compliant Network, a control that enables users to protect Microsoft Entra-integrated cloud applications against token theft and ensure that users do not bypass network security policies while accessing cloud services. Entra ID also enables users to manage all access policies in one place without the need to change applications.

Microsoft Entra Private Access

Microsoft Entra Private Access is an identity-centric Zero Trust Network Access (ZTNA), a SASE solution that simplifies and secures access to any private resource, port, or protocol. 

With Private Access, users can connect to private applications from any location. A user does not have to make any changes to their applications or resources to add another layer of security controls, such as multifactor authentication (MFA), identity protection, identity governance, device compliance check, and single sign-on (SSO), to any TCP/UDP-based application, including SSH, RDP, SAP, and SMB file shares and other private resources.

Together, Microsoft Internet Access and Private Access create Microsoft´s Security Service Edge solution.

 

Zero Trust at the basis of Microsoft's future development

More developments are coming our way in the future from Microsoft. They have announced that even greater adaptability and contextual intelligence will be designed in the future of true Zero Trust. The Microsoft team is aiming to deliver six foundational elements of their Zero-Trust-based SSE solution roadmap this quarter, emphasizing secure web gateways and VPN replacements. 

Identity-centrism will be at the core of the approach to defining and delivering a security service edge (SSE) solution. The conditional access policy engine and Microsoft Entra are the future of Zero Trust at Microsoft because they enforce least privilege access and provide a unified interface for managing and monitoring permissions across multi-cloud environments. Microsoft is also planning to improve Zero Trust’s network DLP, BYOD, threat protection, and firewall support.  

The New Unified Security Operations Platform suite will integrate Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Security Copilot. SIEM, XDR, and AI for real-time threat analysis and response integration will enable continuous monitoring and adaptive threat response, ensuring the detection and mitigation of threats across network segments.

 

Why is identity and access protection so critical?

As everything in life has become more and more digital, cyberattacks are becoming more frequent, affecting organizations of every size, in every industry, and all parts of the world.

The new Entra ID is said to enhance Microsoft’s vision for securing millions of connections that happen every second between people, machines, apps, and devices that access and share data.

Cyberattacks are also becoming more and more sophisticated, including those that aim to invade critical defenses, such as multi-factor authentication. Attacks can also include impersonating rightful users, stealing access codes and tokens, and gaining access to classified data.

 

When identity is not enough for secure access

Even if 99,5% of user identities could be handled by the Entra product family, there is a special group of privileged users that constitute 0,5% of all identities, but their risk profile is massive. 

These high-impact users are database administrators, system administrators, superusers, power users, and developers - all perform critical tasks that can cripple an organization's entire network, jeopardize the company’s intellectual property rights (IPR), or put healthcare records at risk.

For these users, you need layered security that offers security and controls beyond the Entra product family, including:

  • Maps identities and permissions governed by Entra ID into the right roles

  • Based on strong identity authentication, grants access to critical targets with the least privilege and just-in-time (JIT) for the session without always-on authorization

  • Manages both passwords and SSH keys

  • Supports multiple protocols (including SSH, RDP, HTTP(S), and VNC) and grants vendor-agnostic access to industrial targets that use proprietary protocols

  • Ensures that privileged users never see or handle secrets required for the connection.

  • Audits every session and allows session monitoring and recording for compliance

  • Access is granted using ephemeral certificates that expire automatically after the authorization, leaving no passwords or encryption keys to be vaulted, rotated, or managed.

 

See how Zero Trust Suite by SSH Communications Security (SSH) complements the Entra product family with critical features >>>