Microsoft Entra ID: What you need to know

Microsoft's Active Directory has been a leading solution for organizational user and object services, primarily hosted on-premises. However, with the shift to cloud services, many organizations are now using a hybrid configuration. This article discusses Entra ID, a cloud-based identity and access management service that enables employees to access external resources, internal line of business applications, and services within an organization's intranet. Entra ID is not the cloud version of Active Directory, but rather a distinct service that provides user and group management, single sign-on, and self-service password change for cloud users. Entra ID offers a free tier license, which includes user and group management, single sign-on, and hybrid user access to cloud and on-prem resources. The Premium P1 license adds advanced features such as dynamic membership groups, self-service group management, and cloud write-backs. The Premium P2 license includes Microsoft Entra ID Protection features, including conditional access policies and Privileged Identity Management. Entra ID provides authentication features, including self-service password reset, multi-factor authentication, passwordless authentication, and password policies. The service also offers role-based access control, allowing administrators to grant granular access to users following the principle of least privilege. Entra ID provides built-in and custom roles, with the ability to create role definitions and assign them to users or groups at different scopes, including tenant, administrative unit, and Entra resource scope. Role assignment in Entra ID involves three components: the role, the security principal, and the scope. The service offers a range of features, including role-assignable groups, Privileged Identity Management, and auditing capabilities. To get started with Entra ID, organizations can begin with the free tier and upgrade as needed. Microsoft Learn provides a comprehensive guide to Entra ID, and organizations can start small and build up their identity and access management capabilities over time.