In some of our previous blog articles, the concept of Identity and Access Management (IAM) was reviewed, and its importance in the world of Cybersecurity today.  Essentially, the primary goal of IAM is to give the company the ability to effectively 2FA and even 3FA Identity based solutions in a quick, automated manner.  But there have been challenges with this, as employees are still stuck in their old ways of using their passwords.

But now, Microsoft has come up with a new product which is called “Entra”.  It is designed for the IT Security team to manage all of the credentials, identities, permissions, rights, etc. from one central location.  In this article, we review it in more detail.

What Is It All About?

Essentially, Entra is a platform that allows an organization to manage all of their employee identities (even including third party vendors) across all kinds of configurations possible, ranging from a Hybrid environment (Cloud and On Prem) to a pure On Prem to a Pure Cloud (100% exclusively in the Cloud), to even a Hybrid Cloud (Private and Public) environment.

The four main functionalities of Entra include the following:

  • Anything and everything is protected:

There is no discrimination whatsoever of what can be protected.  As far as Entra is concerned, access to any mobile application or shared resource that each and every employee uses is guaranteed protection.  It is important to note here that this only relates to work related apps, and not personal ones.

  • Permissions management:

You can monitor and discover your level of risk by making use of what is known as a Cloud Infrastructure Entitlement Management (CIEM) solution.

  • Every identity is secured:

Each and every identity that works in your company is protected.  This starts all of the way from your overnight cleaning crew all the way to the Board of Directors.

  • Only what is necessary is provided:

The entire process of assigning rights and permissions is totally automated with Entra.  There is no need to go through each user profile to see what kinds access they should have.  All you have to do is create the groups, upload the user identities into it, and Entra takes care of the rest.  Also, the process of disabling and deleting unneeded accounts is done on a daily basis, so you do not have to do this.  All rights and permissions that are assigned strictly follow and adhere to the concept of Least Privilege.

 

The Products of the Entra Family

Entra is not just a single solution, rather it is comprised of three main product groupings which are as follows:

  • The Azure Active Directory:

This is the heart of the Azure cloud platform.  With its new integration into Entra, the following capabilities are now realized:

  • SSO;
  • MFA;
  • Conditional Access;
  • External Identities;
  • Identity Governance;
  • Password elimination;
  • Account lifecycle management;
  • Protection of Identity;
  • Privileged Access Management;
  • Mobile App integration.

This is illustrated in the diagram below:

(SOURCE:  1).

  • The Entra Permissions Management:

Under traditional security models, managing permissions for all of your employees – no matter how small or large your business – has always proven to be a nightmare.  Various attempts have been made to help automate this, but it has not been until now, with the introduction of Entra, that this is now a task that is actually easy to accomplish, largely due to the advancements made in Azure.

With the CIEM tool (as described earlier in this article), you can not only get full visibility as to who is being assigned what, but you can also implement your security policies in a unified fashion from the very beginning, which has been a huge obstacle for businesses to conquer.  You can even extend the use of CIEM into other Cloud based platforms as well, such as the AWS and the Google Cloud Platform (GCP).

This is illustrated in the diagram below:

(SOURCE:  2).

  • The Entra Verified ID:

Once you have established a set of credentials for an employee, you can have them automatically verified using this product set.  This simply means that once this process has been accomplished, the employee can access whatever they need to, with having to be verified over and over again for each subsequent login attempt.  Some of the other benefits of the Verified ID role include the following:

  • Quick onboarding of new employees and contractors;
  • The ability to recover accounts without having to go through a long help desk process;
  • The permissions that have been established for one set of applications can be carried over to other areas as well. This is especially useful for software development teams.

This is illustrated below:

(SOURCE:  3).

Conclusions

Overall this article has examined what Microsoft Entra is all about.  It is yet another very powerful offering from Azure to help you stay one step ahead of the Cyberattacker.  If you have questions, please contact us today.

Sources