Microsoft Entra ID
- Cloud-based Identity and Access Management (IAM) solution
- Formerly known as Azure Active Directory (Azure AD)
- Provides authentication, authorization, SSO, MFA, B2B/B2C, identity protection, and governance for cloud and hybrid environments.
🔑 Core Modules:
▪️Tenant - Dedicated instance of Entra ID tied to an organization
▪️Directory - Identity store containing users, groups, apps
▪️Users - Employees, guests, service accounts
▪️Groups - Security (permissions) and Microsoft 365 (collaboration)
▪️App Registration - Register apps to authenticate using Entra ID
▪️Enterprise Applications - SSO integration for apps used by your org
▪️Roles - Define what users can manage (Global Admin, User Admin, etc.)
IT Management Features:
✔️ User & Group Management:
Create, update, delete, dynamic groups based on attributes
✔️ Conditional Access:
Define policies based on user, device, location, risk to enforce MFA, block access, or require compliance
✔️ Multi-Factor Authentication (MFA):
Strengthens authentication beyond passwords
✔️ SSO (Single Sign-On):
One identity to access multiple apps
✔️ B2B (Guest Access):
Invite external users securely
✔️ B2C (Customer Identity):
CIAM for external customer-facing apps (different from core Entra ID)
✔️ Hybrid Identity (Azure AD Connect):
Sync on-prem AD users to Entra ID for hybrid scenarios
✔️ Privileged Identity Management (PIM):
Just-in-time admin role assignments with approval workflows
✔️ Identity Protection:
Detect and remediate risky users or sign-ins
✔️ Access Reviews & Entitlement Management (IGA):
Review access to ensure least privilege, automate resource access packages
✔️ Application Proxy:
Provide secure remote access to on-prem apps
🔷 Authentication Methods:
✅ Password
✅ MFA (OTP, Authenticator App, FIDO2, SMS)
✅ Password less (Windows Hello, Authenticator App)
✅ Certificate-based
🔷 Common Admin Roles:
▪️Global Admin - Full control
▪️User Admin - Manage users and groups
▪️Application Admin - Manage app registrations and enterprise apps
▪️Privileged Role Admin - Manage PIM, role assignments
▪️Security Admin - Manage security-related features
🔷 Useful URLs:
▪️Entra Admin Center: entra.microsoft.com
▪️Azure Portal: portal.azure.com
▪️Microsoft Learn (Entra ID): Microsoft Learn Entra
▪️PowerShell Graph Module: Install Microsoft Graph PowerShell
🔷 Quick Scenario Examples:
✔️ Onboarding external contractors: Use B2B guest invites + Conditional Access + Entitlement Management
✔️ Protecting admin accounts: Enforce MFA + PIM + exclude break-glass accounts from CA policies
✔️ App integration: Register app, assign API permissions, configure SSO (SAML or OIDC)
💡One-Line Summary:
Microsoft Entra ID is your cloud-based identity backbone for securing and managing user, app, and device access across Microsoft and third-party services.
Top comments (0)