What’s New in Microsoft Entra ID
Microsoft Azure Active Directory is now called as Microsoft Entra ID. It contains a whole bunch of exciting features starting from Entra provisioning sync guidance experience, enhanced user management, device management, dynamic administrative units, cross-tenant synchronization, SLA attainment, role management, sign-ins, on-premise application provisioning, security etc. It authorizes seamless user experience by managing centralized governance of user identities, applies adaptive secure access and identity protection.
Microsoft Entra ID Management Resources
Microsoft Entra ID supports group creation, user creation, roles and administrator units deployment. Apart from that it allows for creation of administrative units, delegated admin partners etc. Delegated admin partners allow to add Microsoft Partners to add into the tenant.
- Cross-tenant synchronization — Microsoft Entra ID enables to automate the provisioning of identities across the organization and simplify the collaboration within the enterprise. Cross-tenant synchronization automates the B2B user creation across tenants in the org, enrichment of B2B users with data from the home tenant and lifecycle management of the user. Also allows sharing apps across tenants utilizing Microsoft Entra ID IAM capabilities. Microsoft Entra P1 or P2 license is mandatory to enable cross-tenant synchronization
Security of Microsoft Entra ID
Microsoft Entra ID supports a whole lot of security features as part of protection of tenants like Entra Conditional Access, Entra ID Protection, Azure Security Center & Verified ID method.
- It has also introduced Secure Score for Identity representing organization’s overall security posture and improvement actions.
- It includes the following security principles like-
a) ensuring Multi-factor authentication is enabled for all users
b) designate more than one global admin
c) use least privileged administrative roles
d) enable conditional access policies to block legacy authentication
e) enablement of Azure AD Identity Protection sign-in risk policies
f) enablement of Azure AD Identity Protection user risk policies
g) self -service password reset enablement is set to ‘All’
Logging and Monitoring of Microsoft Entra ID
- Microsoft Entra ID allows to capture user sign-in logs with parameters like DateTime, RequestID, user and login IP address details.
- It can capture the audit logs for tenant directory specifically targeted to Role Management, App Management purposes.
- It allows to identify provisioning logs like what groups are successfully deployed in ServiceNow or what users from WorkDay are created in Active Directory etc.
- SLA Attainment — SLA Attainment provides a report of Entra ID’s user authentication availability per month. When availability falls below the SLA threshold of 99.99%, the bar for that month in the chart turns from green to red. You can find more details on Entra ID/ Azure AD SLA performance here.
5. Microsoft Entra ID permits the collection of diagnostics logs, audit logs, ADFSSignInlogs, RiskyUsers, UserRiskEvents, ServicePrincipalRiskEvents, ManagedIdentitySignInLogs etc. and store them in Storage account for long term retention purposes apart from collecting directory metrics (Service principal sign-in activity, ADFS app activity, authentication methods activity etc.).
For more details on Microsoft Entra ID, check out this official link.
