Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Entra is a family of identity and network access products. It lets organizations implement a Zero Trust security strategy and create a trust fabric that verifies identities, validates access conditions, checks permissions, encrypts connection channels, and monitors for compromise.
Microsoft Entra product family
The Microsoft Entra product family covers four maturity stages of secure end-to-end access for any trustworthy identity. These stages include establishing Zero Trust access controls, and securing access for employees, customers, partners, and any cloud environment.
Establish Zero Trust access controls
Microsoft Entra ID
Microsoft Entra ID is the foundational product of Microsoft Entra. It's a cloud-based identity and access management service that provides the essential identity, authentication, policy, and protection to secure users, devices, apps, and resources. Every new Microsoft Entra directory includes an initial ___domain name, like contoso.onmicrosoft.com. You can also add your organization's ___domain names.
Microsoft 365, Azure, or Dynamics CRM Online subscribers already use Microsoft Entra ID as every Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically a Microsoft Entra tenant. You can immediately start managing access to your integrated cloud apps.
Microsoft Entra Domain Services
Microsoft Entra Domain Services provides managed ___domain services such as group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. It enables organizations to run legacy applications in the cloud that can't use modern authentication methods.
For example, organizations with services that need Kerberos authentication can create a managed ___domain where Microsoft deploys and maintains the core service components.
Secure access for employees
Microsoft Entra Private Access
Microsoft Entra Private Access secures access to all private apps and resources, including corporate networks and multicloud environments. It lets remote users connect to internal resources from any device and network without using a virtual private network (VPN).
For example, an employee can securely access a corporate network printer while working from home or even a cafe.
Microsoft Entra Internet Access
Microsoft Entra Internet Access secures access to all internet resources including software as a service (SaaS) apps, and Microsoft 365 apps and resources.
For example, organizations can enable web content filtering to regulate access to websites based on content categories and ___domain names.
Microsoft Entra ID Governance
Microsoft Entra ID Governance makes identity and permissions easier to manage by automating access requests, assignments, and reviews. It also helps protect critical assets through identity lifecycle management.
For example, administrators can automatically assign user accounts, groups, and licenses to new employees, and remove those assignments from employees that are no longer with the company.
Microsoft Entra ID Protection
Microsoft Entra ID Protection detects and reports identity-based risks. It enables administrators to investigate and automatically remediate risks using tools like risk-based Conditional Access policies.
For example, organizations can create risk-based Conditional Access policies that require multifactor authentication when the sign-in risk level is reported as medium or high.
Microsoft Entra Verified ID
In addition to identities that are used for authentication, there are decentralized identities (DIDs) used for information verification.
Microsoft Entra Verified ID is a credential verification service based on open DID standards. It enables organizations to issue a verifiable credential (digital signature proving the validity of information) to a user who stores the credential on their personal device. After receiving the verifiable credential, the user can present it to a company or organization to verify something about their identity.
For example, a recent college graduate can ask the university to issue a digital copy of their diploma to their DID. They can then choose to present the diploma to a potential employer who can independently verify the issuer of the diploma, the time of issuance, and its status.
Secure access for customers and partners
Microsoft Entra External ID
Microsoft Entra External ID enables external identities to safely access business resources and consumer apps. It offers secure methods for collaborating with business partners and guests on internal apps and resources, as well as managing customer identity and access management (CIAM) for your consumer-facing applications.
For example, organizations can set up self-service registration for customers to sign-in to a web application using methods such as one-time passcodes, or social accounts from Google or Facebook.
Secure access in any cloud
Microsoft Entra Workload ID
In addition to human and device identities, workload identities such as applications, services, and containers require authentication and authorization policies.
Microsoft Entra Workload ID is the identity and access management solution for workload identities. It enables organizations to secure access to resources using adaptive policies and custom security attributes for apps.
For example, GitHub Actions need a workload identity to access Azure subscriptions to automate, customize, and execute software development workflows.
Getting ready for Microsoft Entra
Before organizations deploy Microsoft Entra, they should configure their infrastructure and processes according to security best practices and standards. The following articles provide architectural, deployment, and operational guidance to integrate Microsoft Entra successfully.
- Architecture
- Deployment plans
- Operations reference
- Operations guide
- Recommended security configurations
Licensing Microsoft Entra features
The features of Microsoft Entra are licensed in multiple ways. These licenses include Microsoft Entra ID Free, Microsoft Entra ID P1, Microsoft Entra ID P2, Microsoft Entra Suite, Microsoft Entra External ID, Microsoft Entra Workload ID, Microsoft Entra ID Governance, and other standalone products. Microsoft Entra is also part of licenses like Microsoft 365 and Enterprise Mobility + Security. For more information about licensing and available options, see the article Microsoft Entra licensing or the Microsoft Entra pricing page.
Working with Microsoft Entra
After organizations deploy Microsoft Entra, administrators can use the Microsoft Entra admin center and Microsoft Graph API to manage the identity and network access resources, and developers can use the Microsoft identity platform to build identity and access applications.
Microsoft Entra admin center
The Microsoft Entra admin center is a web-based portal for administrators to configure and manage Microsoft Entra products using a single user interface.
To learn more, see Overview of Microsoft Entra admin center.
Microsoft Graph API
In addition to the Microsoft Entra admin center, the Microsoft Graph API can be used to automate administrative tasks, including license deployments, and user lifecycle management.
To learn more, see Manage Microsoft Entra using Microsoft Graph.
Microsoft identity platform
The Microsoft identity platform enables developers to build authentication experiences for web, desktop, and mobile applications using open-source libraries and standard-compliant authentication services.
To start developing, see Getting started.
Related content
- Sign up for a free 30-day Microsoft Entra ID P1 or P2 trial.
- Learn the differences between Active Directory and Microsoft Entra ID.
- Learn how to get started with Microsoft Entra ID for developers.
- Find definitions to related terms Microsoft identity platform glossary