Today I want to talk about Microsoft Entra. What is it? What problem does it solve? Will it make your life easier or harder? Come on along.
What is old is new again.
You have heard that saying, yes? Think of your favorite example. Here are a few of mine.
- Linux and UNIX
- Terminal Server and Remote Desktop Protocol
- Client-server and mainframe distributed computing
Some technical concepts do seem to appear and reappear over time. Although old and new concepts are similar, they are not identical. So, a more accurate saying would be:
What is old is new again, but not exactly in the same way.
Sure, client-server computing is like the days of mainframe computers, when you shared access to the computer’s CPU and memory. Except that, back then the terminals had no local intelligence, and often little or no local storage.
Welcome (Back), Entra
Which brings us to Entra. The simplest way for me to describe it is to tell you that it is Azure Active Directory—Azure AD—renamed. That is true. But Entra is more than just a rebranded product. Entra and its components are part of Microsoft’s SSE (Secure Service Edge) offering. You might dismiss this as Marketing gobbledygook. I will give you partial credit for that answer.
Microsoft is bringing together some existing (and some new) security components that solve an evolved security question:
How do I secure applications, data, and devices at the network edge?
We have seen this repositioning and re-mixing of security solutions before: Microsoft Defender. Microsoft combined “point” solutions around needs such as device protection and server security and positioned them as elements of a (more) complete detection and response capability.
Similarly, Entra and its components have been set up to provide support for Secure Service Edge capabilities. Entra brings together identity and access management (IAM), policy management, and conditional access. The value here is that it pulls together the management consoles that handle each of these functions. Managing these functions from one console leads to specifying more complete security solutions.
More Powerful Access Controls
Just recently Microsoft announced two access security capabilities. Microsoft Entra Internet Access provides a secure web gateway that authenticates users and workloads prior to granting access to web-based applications and resources. It extends Conditional Access policies to include network conditions that can factor into access decisions.
The second access security capability, Microsoft Entra Private Access, manages access to applications hosted within the organization’s network. The big gain here is in supplanting VPNs for accessing network-based resources. As with Entra Internet Access, customers can create Conditional Access policies that define the conditions permitting access, in this case to legacy applications.
No Price Change for Entra ID
Microsoft is offering Entra ID with no change in price (or other commercial terms) compared with Azure AD. Entra ID Governance is an add-on subscription, as are the Entra ID P1 and P2 plans.
Entra is more than a rebranding of Azure AD. It pulls together the security management enforced via permissions, identity, and conditional access. Microsoft is rolling out new Entra-based capabilities as well. For instance, Microsoft Entra ID Governance helps you manage identify and access throughout a user’s tenure in the organization. And Entra External ID helps manage a consistent set of access policies across classes of external users.
With Entra and its ilk, we are witnessing the evolution of security services, from individual services to solutions addressing multiple, related customer needs. If you are the type of IT person that prefers to “set it and forget it,” Entra may be what you are looking for.