What is Entra and why choose it to secure your apps

Microsoft Entra is an identity and network access suite designed to implement a zero trust security strategy. It is part of the Microsoft security portfolio, which includes: Microsoft Defender For cyber threat prevention and cloud security Microsoft Sentinel For Security Information and Event Management (SIEM) microsoft furview For compliance purposes, Microsoft Freeva Personal information protection and Microsoft Intune For endpoint management

Zero Trust Strategy

Zero trust security strategy is a modern approach to cybersecurity that assumes that no user or device, whether inside or outside the network, can be trusted by default. Instead, all access requests must be verified and authenticated before granting access to the resource. This strategy is designed to address the complexities of the modern digital environment, including remote work, cloud services, and mobile devices.

Why use Entra?

Microsoft Entra Identity (formerly Azure AD) is a cloud-based identity and access management solution that offers several advantages over traditional on-premises solutions.

1. Unified identity management: Entra provides comprehensive identity and access management solutions across hybrid and cloud environments. This means you can manage user identities, access rights, and entitlements in a unified way, simplifying administration and increasing security.

1. Seamless user experience: Entra supports single sign-on (SSO), allowing users to access multiple applications with a single set of credentials. This reduces password fatigue and improves user experience.

1. Adaptive access policy: Entra supports strong authentication and real-time risk-based adaptive access policies without compromising the user experience. This helps effectively protect access to resources and data.

1. Integration with external identities: Entra External Identity allows organizations to securely manage and authenticate users outside of their internal workforce, such as customers, partners, and other external collaborators. This is especially useful for businesses that need to securely collaborate with external partners.

1. Addressing market challenges: Entra addresses the market challenge of providing a comprehensive IAM solution across hybrid and cloud environments that ensures security, simplifies user authentication, and enables secure access to resources.

1. Scalability: Cloud solutions like Entra can easily scale to accommodate growing numbers of users and applications without additional hardware or infrastructure.

1. Cost-effective: Cloud solutions allow organizations to reduce costs associated with maintaining on-premises infrastructure, such as servers and networking equipment.

1. pliability: Entra provides flexibility in terms of deployment and integration with a variety of applications and services both within and outside the Microsoft ecosystem.

1. security: Cloud solutions often come with built-in security features and regular updates to protect against new threats. Entra includes robust support for conditional access and multi-factor authentication (MFA), essential for protecting sensitive data.

As you can see, there are many reasons to be excited about Entra and the Entra family.

Learn more about Entra products

Microsoft Entra is designed to provide identity and access management, cloud infrastructure management, and identity verification. It works with:

• Across Azure, AWS, and Google Cloud.

• Across Microsoft and third-party apps, websites, and devices.

Key products and solutions in the Microsoft Entra family include:

1. Microsoft Entra ID: A comprehensive identity and access management solution. This includes features such as conditional access, role-based access control, multi-factor authentication, and identity protection. Entra ID helps organizations manage and secure their identities to ensure secure access to apps, devices, and data.

1. Microsoft Entra Domain Services: This product provides managed domain services such as domain join, Group Policy, Lightweight Directory Access Protocol (LDAP), and Kerberos/NTLM authentication. This allows organizations to run legacy applications in the cloud where they cannot use modern authentication methods or who do not want directory lookups to always fall back to their on-premises Active Directory Domain Services (AD DS) environment. You can lift and shift those legacy applications from your on-premises environment to a managed domain without having to manage your AD DS environment in the cloud.

1. Microsoft Entra Private Access Provides users (whether in the office or working remotely) secure access to personal corporate resources. This allows remote users to connect to internal resources from any device and network without the need for a virtual private network (VPN). This service provides per-app adaptive access based on conditional access policies for more granular security than a VPN.

1. Microsoft Entra Internet Access Microsoft Entra Internet Access’s identity-centric, device-aware, cloud-delivered secure web gateway (SWG) protects users, devices, and data from Internet threats while securing access to Microsoft services, SaaS, and public Internet apps.

1. Microsoft Entra Identity Governance An identity governance solution that automates access requests, assignments, and reviews through identity lifecycle management to ensure the right people have the right access to the right resources at the right time.

1. Microsoft Entra ID Protection It helps organizations detect, investigate, and remediate identity-based risks. These identity-based risks can be further fed into tools like Conditional Access to make access decisions, or fed back into a Security Information and Event Management (SIEM) tool for further investigation and correlation.

1. Microsoft Entra Authentication ID An identity service based on the open Decentralized Identity (DID) standard. This product is designed for identity verification and management to securely authenticate the user’s identity. Supports scenarios such as verifying work credentials on LinkedIn.

1. Microsoft Entra External ID: This product focuses on managing external identities, such as customers, partners, and other collaborators, rather than internal personnel. This allows organizations to securely manage and authenticate these external users by providing features such as custom branded sign-up experiences, self-service sign-up flows, and user management.

1. Microsoft Entra Rights Management: This product manages permissions and access controls across a variety of systems and applications, ensuring users have the appropriate level of access. It allows organizations to detect, automatically scale, and continuously monitor unused or excessive permissions across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

1. Microsoft Entra Workload ID: This product helps apps, containers, and services securely access cloud resources and provides identity and access management for workloads.

Which Entra product should I choose?

Although we’ve explained some important products, you may still be wondering which one to choose, so let’s look at a few scenarios.

Scenario: GitHub Actions Integration

Our development team uses GitHub Actions for our continuous integration and continuous deployment (CI/CD) pipeline. You need secure access to Azure resources without managing secrets.

Recommended products:Entra workload ID

Why Entra Workload ID? Microsoft Entra Workload Identity supports workload identity federation, allowing GitHub Actions to securely access Azure resources by federating identities in GitHub. This eliminates the need to manage secrets and reduces the risk of credential leaks.

Scenario: Internal Employee Access Management

Large enterprises need to manage access to internal applications and resources for thousands of employees. Organizations want to implement multi-factor authentication (MFA), conditional access policies, and role-based access control (RBAC) to ensure secure access.

Recommended products: Entra ID

Why Entra ID? Microsoft Entra Identity is ideal for this scenario because it provides a comprehensive identity and access management solution, including MFA, Conditional Access, and RBAC. These features help increase security and compliance by ensuring that only authorized personnel have access to critical resources.

Scenario: Single Sign-On (SSO) for Internal Applications

A company wants to streamline the sign-in process for employees by implementing single sign-on (SSO) across all internal applications, including Microsoft 365, Salesforce, and custom apps.

Recommended products: Entra ID

Why Entra ID? Microsoft Entra ID supports single sign-on, allowing employees to access multiple applications using a single set of credentials. It centralizes authentication and access management to improve user experience, reduce password fatigue, and increase security.

Scenario: Kubernetes workload

Organizations run multiple applications on Kubernetes clusters and require these workloads to securely access Azure resources.

Recommended products: Entra Workload ID

Why Entra Workload ID? Entra Workload Identity allows Kubernetes workloads to access Azure resources without managing credentials or secrets. By establishing a trust relationship between Azure and the Kubernetes service account, workloads can exchange trusted tokens for access tokens from the Microsoft identity platform.

Scenario: E-commerce company, customer portal

An e-commerce company wants to create a customer portal where users can sign up, log in, and manage their accounts. Companies must provide customers with a seamless and secure registration and login experience.

Recommended products: Entra external ID.

Why Entra External ID? Microsoft Entra External Identity is designed to manage external identities, such as customers. It’s ideal for creating customer portals because it offers features such as custom branded sign-up experiences, self-service sign-up flows, and secure authentication.

Scenario: Partner Collaboration

Manufacturing companies work with several external partners and suppliers. Companies must provide secure access to shared resources and applications while ensuring that only authorized partners have access to specific data.

Recommended products: Entra External ID

Why Entra External ID? Microsoft Entra External Identity is ideal for managing external identities such as partners and vendors. This allows the company to securely manage and authenticate external users and provide features such as B2B collaboration and access management to ensure that only authorized partners have access to the resources they need.

Get started with Entra ID

Getting started with Entra External ID

Summary and Implications

In summary, we have introduced Entra and some of the products in its family. We also showed you some scenarios and which products are suitable. Lastly, I’ve recommended some great starting links. I hope this is a good start. Thanks for reading!