|
1 | | -<!-- markdownlint-disable MD041 --> |
2 | | -Microsoft Entra is Microsoft's family of identity and network access products. As organizations adopt Zero Trust security models, they need solutions that go beyond basic authentication to cover identity governance, verified credentials, and secure network access. In this unit, you explore the Microsoft Entra product family, its core categories, and how these products work together to secure identities across your environment. |
3 | 1 |
|
4 | | -| Category | Description | |
| 2 | +Microsoft Entra is Microsoft's family of identity and network access products. As organizations adopt Zero Trust security models, they need solutions that go beyond basic authentication to cover identity governance, verified credentials, secure network access, and identities for AI agents. In this unit, you explore the Microsoft Entra product family and how these products work together to secure end-to-end access for employees, customers, partners, workloads, and AI agents across any cloud environment. |
| 3 | + |
| 4 | +The Microsoft Entra family is organized around the access scenarios it secures. |
| 5 | + |
| 6 | +| Category | What it covers | |
5 | 7 | | ---------- | ------------- | |
6 | | -| Identity and access management | Secure authentication and access to apps and resources | |
7 | | -| Identity governance | Automate identity lifecycle and enforce access policies | |
8 | | -| Identity protection | Detect and remediate identity-based risks | |
9 | | -| Network access | Secure access to apps and resources based on identity | |
10 | | -| Verified identity | Issue and verify credentials for decentralized identity | |
| 8 | +| Establish Zero Trust access controls | Foundational identity, authentication, and managed domain services | |
| 9 | +| Secure access for employees | Identity governance, identity protection, secure network access, and verified credentials | |
| 10 | +| Secure access for customers and partners | External collaboration and customer identity and access management (CIAM) | |
| 11 | +| Secure access in any cloud | Identities for applications, services, and workloads | |
| 12 | +| Secure access for AI agents | Identity, governance, and protection for nonhuman AI agent identities | |
11 | 13 |
|
12 | 14 | ## Understand the Microsoft Entra product family |
13 | 15 |
|
14 | | -Microsoft Entra brings together several identity and network access capabilities under a single brand. Before Microsoft Entra, many of these capabilities existed as standalone services. The Microsoft Entra family consolidates them to give organizations a unified approach to securing identities and access. |
| 16 | +Each category in the Microsoft Entra family maps to a specific access scenario that organizations commonly face. The following sections describe the key products in each category and what they do. |
| 17 | + |
| 18 | +### Establish Zero Trust access controls |
| 19 | + |
| 20 | +**Microsoft Entra ID** is the foundational product of the family. It's a cloud-based identity and access management service that provides authentication, single sign-on (SSO), policy enforcement, and protection for users, devices, apps, and resources. If your organization uses Microsoft 365, Azure, or Dynamics CRM Online, you're already using Microsoft Entra ID. Every tenant of those services is automatically a Microsoft Entra tenant, with an initial domain name like `contoso.onmicrosoft.com`. Organizations can also add their own custom domain names. |
| 21 | + |
| 22 | +**Microsoft Entra Domain Services** provides managed domain services for organizations that run older applications in the cloud that require traditional Windows Server Active Directory features. It lets those applications work in the cloud without needing to deploy and manage domain controllers. Microsoft manages the underlying infrastructure, so organizations don't have to. |
| 23 | + |
| 24 | +### Secure access for employees |
| 25 | + |
| 26 | +This category groups the products most organizations use to govern, protect, and connect their workforce. |
| 27 | + |
| 28 | +- **Microsoft Entra Private Access** secures access to private apps and resources, including corporate networks and multicloud environments. Remote users can connect to internal resources from any device or network without a virtual private network (VPN). For example, an employee can securely reach a corporate network printer while working from home or a cafe. |
| 29 | +- **Microsoft Entra Internet Access** secures access to internet resources, including software as a service (SaaS) apps and Microsoft 365 apps and resources. Administrators can enable web content filtering to regulate access to websites based on content categories and domain names. |
| 30 | +- **Microsoft Entra ID Governance** simplifies identity and permissions management by automating access requests, assignments, and reviews. It also helps protect critical assets through identity lifecycle management. For example, administrators can automatically assign user accounts, groups, and licenses to new employees and remove those assignments when employees leave. |
| 31 | +- **Microsoft Entra ID Protection** detects and reports identity-based risks, such as risky users and risky sign-ins. Administrators can investigate and automatically remediate risks using tools like risk-based Conditional Access policies. A common scenario is a policy that requires multifactor authentication (MFA) when the sign-in risk level is medium or high. |
| 32 | +- **Microsoft Entra Verified ID** is a credential verification service based on open decentralized identity (DID) standards. Organizations can issue verifiable credentials—digital signatures that prove the validity of information—to users, who store the credentials on their personal devices and present them when needed. For example, a recent college graduate can ask their university to issue a digital diploma to their DID, then present it to a potential employer who can independently verify the issuer, issuance time, and status. |
| 33 | + |
| 34 | +### Secure access for customers and partners |
15 | 35 |
|
16 | | -The core products in the Microsoft Entra family include: |
| 36 | +**Microsoft Entra External ID** lets external identities safely access business resources and consumer apps. It provides secure methods for collaborating with business partners and guests on internal apps, and for managing customer identity and access management (CIAM) in consumer-facing applications. For example, an organization can set up self-service registration so customers sign in to a web application using one-time passcodes or social accounts from providers like Google or Facebook. |
17 | 37 |
|
18 | | -- **Microsoft Entra ID**: The cloud-based identity and access management service, formerly known as Azure Active Directory (Azure AD). It provides authentication, single sign-on (SSO), and conditional access for users and applications. |
19 | | -- **Microsoft Entra ID Governance**: Automates identity lifecycle management, access reviews, and entitlement management to ensure the right people have the right access at the right time. |
20 | | -- **Microsoft Entra External ID**: Enables secure collaboration with external users such as partners, customers, and consumers through customizable sign-up and sign-in experiences. |
21 | | -- **Microsoft Entra Verified ID**: Enables organizations to issue and verify decentralized identity credentials, letting users control their own identity data. |
22 | | -- **Microsoft Entra Internet Access**: An identity-centric Secure Web Gateway (SWG) that protects access to internet and SaaS applications. |
23 | | -- **Microsoft Entra Private Access**: Provides Zero Trust Network Access (ZTNA) to private apps and resources without requiring a traditional VPN. |
| 38 | +### Secure access in any cloud |
| 39 | + |
| 40 | +**Microsoft Entra Workload ID** is the identity and access management solution for workload identities—applications, services, and containers that need authentication and authorization policies. It lets organizations secure access to resources using adaptive policies and custom security attributes. For example, GitHub Actions need a workload identity to access Azure subscriptions and run software development workflows. |
| 41 | + |
| 42 | +### Secure access for AI agents |
| 43 | + |
| 44 | +**Microsoft Entra Agent ID** is an identity and security framework that extends Microsoft Entra capabilities to AI agents. As organizations deploy assistive, autonomous, and user-like agents, Agent ID provides purpose-built identity constructs to authenticate, authorize, govern, and protect these nonhuman identities at enterprise scale. For example, when an organization deploys AI agents that access corporate data on behalf of users, Agent ID gives each agent a governed identity, enforces least-privilege access, and maintains an audit trail of the agent's actions. |
24 | 45 |
|
25 | 46 | ## How Microsoft Entra products work together |
26 | 47 |
|
27 | | -The strength of the Microsoft Entra family lies in how its products integrate with each other. Consider a scenario where an employee joins your organization: |
| 48 | +The strength of the Microsoft Entra family is how its products integrate. Consider a scenario where a new employee joins your organization: |
28 | 49 |
|
29 | 50 | 1. **Microsoft Entra ID** authenticates the employee and provides single sign-on to corporate apps. |
30 | 51 | 2. **Microsoft Entra ID Governance** automatically provisions the right access based on the employee's role. |
31 | | -3. **Microsoft Entra Internet Access** secures the employee's connection to cloud and internet resources. |
32 | | -4. **Microsoft Entra Private Access** provides secure access to on-premises apps without a VPN. |
| 52 | +3. **Microsoft Entra ID Protection** evaluates each sign-in for risk and triggers stronger authentication when needed. |
| 53 | +4. **Microsoft Entra Internet Access** secures the employee's connection to cloud and internet resources. |
| 54 | +5. **Microsoft Entra Private Access** provides secure access to on-premises apps without a VPN. |
| 55 | + |
| 56 | +This integrated approach reduces the security gaps that occur when organizations use disconnected tools for identity and network access management. |
| 57 | + |
| 58 | +## Microsoft Entra licensing |
| 59 | + |
| 60 | +Each product in the Microsoft Entra family can be used independently, but the products deliver the most value when used together as part of a comprehensive identity and access strategy. Microsoft Entra ID is available in several licensing tiers, and additional products can be added or bundled depending on an organization's needs: |
| 61 | + |
| 62 | +- **Microsoft Entra ID Free** — Included with Microsoft cloud subscriptions such as Microsoft Azure and Microsoft 365. Provides core identity capabilities including user and group management, basic reporting, and self-service password reset. |
| 63 | +- **Microsoft Entra ID P1** — Adds capabilities such as Conditional Access, hybrid identity support, and advanced group features. Included with Microsoft 365 E3, F1, F3, Enterprise Mobility + Security E3, and Microsoft 365 Business Premium. |
| 64 | +- **Microsoft Entra ID P2** — Adds risk-based Conditional Access, Microsoft Entra ID Protection, and Privileged Identity Management (PIM). Included with Microsoft 365 E5 and Enterprise Mobility + Security E5. |
| 65 | +- **Microsoft Entra Suite** — A bundled license that combines five Entra products under a single offering, designed for organizations that want comprehensive identity and network access protection. A Microsoft Entra ID P1 subscription is required. The suite includes Microsoft Entra Private Access, Microsoft Entra Internet Access, Microsoft Entra ID Governance, Microsoft Entra ID Protection, and premium capabilities of Microsoft Entra Verified ID. |
| 66 | + |
| 67 | +Microsoft Entra also integrates with Security Copilot to help administrators investigate identity risks and troubleshoot access issues using AI. |
33 | 68 |
|
34 | | -This integrated approach reduces security gaps that occur when organizations use disconnected tools for identity and network access management. |
| 69 | +## Microsoft Entra admin center |
35 | 70 |
|
36 | | -> [!NOTE] |
37 | | -> Each product in the Microsoft Entra family can be used independently, but they deliver the most value when used together as part of a comprehensive identity and access strategy. |
| 71 | +Administrators configure and manage all Microsoft Entra products from a single web-based portal called the **Microsoft Entra admin center**. |
38 | 72 |
|
39 | | -Now that you have a high-level understanding of the Microsoft Entra product family, the rest of this module dives deeper into Microsoft Entra ID specifically. You learn about its core functions, the identity types it supports, the concept of hybrid identity, and how external identities work. |
| 73 | +Now that you have a high-level understanding of the Microsoft Entra product family, the rest of this module focuses on Microsoft Entra ID—the foundational product of the family. You learn about its core functions, the identity types it supports, the concept of hybrid identity, and how external identities work. |
0 commit comments