Learning Objectives
- Secure user identities in Microsoft Entra ID to prevent unauthorized access and protect user accounts.
- Implement security measures to protect groups in Microsoft Entra ID, ensuring proper access control and group management.
- Make informed recommendations on when to use external identities and how to securely manage them.
- Implement security measures to protect external identities, maintaining confidentiality and integrity.
- Implement Microsoft Entra ID Protection to proactively identify and respond to identity-related security threats and vulnerabilities.
Goals
The module aims to equip participants with the knowledge and skills necessary to manage identities and enhance security within Microsoft Entra ID. Participants will learn how to secure user accounts, groups, and external identities, and they'll be able to implement Microsoft Entra ID Protection to detect and mitigate identity-related security risks, ultimately strengthening the organization's overall security posture.
What is Microsoft Entra ID?
Microsoft Entra ID is a cloud-based identity and access management service that enables your employees access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications.
Microsoft Entra ID also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.
Who uses Microsoft Entra ID?
Microsoft Entra ID provides different benefits to members of your organization based on their role:
- IT admins use Microsoft Entra ID to control access to apps and app resources, based on business requirements. For example, as an IT admin, you can use Microsoft Entra ID to require multifactor authentication when accessing important organizational resources. You could also use Microsoft Entra ID to automate user provisioning between your existing Windows Server and your cloud apps, including Microsoft 365. Finally, Microsoft Entra ID gives you powerful tools to automatically help protect user identities and credentials and to meet your access governance requirements. To get started, sign up for a free 30-day Microsoft Entra ID P1 or P2 trial.
- App developers can use Microsoft Entra ID as a standards-based authentication provider that helps them add single sign-on (SSO) to apps that works with a user's existing credentials. Developers can also use Microsoft Entra APIs to build personalized experiences using organizational data. To get started, sign up for a free 30-day Microsoft Entra ID P1 or P2 trial. For more information, you can also see Microsoft Entra ID for developers.
- Microsoft 365, Office 365, Azure, or Dynamics CRM Online subscribers already use Microsoft Entra ID as every Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically a Microsoft Entra tenant. You can immediately start managing access to your integrated cloud apps.
What are the Microsoft Entra ID licenses?
Microsoft Online business services, such as Microsoft 365 or Microsoft Azure, use Microsoft Entra ID for sign-in activities and to help protect your identities. If you subscribe to any Microsoft Online business service, you automatically get access to Microsoft Entra ID Free.
To enhance your Microsoft Entra implementation, you can also add paid features by upgrading to Microsoft Entra ID P1 or Premium P2 licenses. Microsoft Entra paid licenses are built on top of your existing free directory. The licenses provide self-service, enhanced monitoring, security reporting, and secure access for your mobile users.
- Microsoft Entra ID Free. Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps.
- Microsoft Entra ID P1. In addition to the Free features, P1 also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which allow self-service password reset for your on-premises users.
- Microsoft Entra ID P2. In addition to the Free and P1 features, P2 also offers Microsoft Entra ID Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.
- "Pay as you go" feature licenses. You can also get licenses for features such as, Microsoft Entra Business-to-Customer (B2C). B2C can help you provide identity and access management solutions for your customer-facing apps.
Which features work in Microsoft Entra ID?
After you choose your Microsoft Entra ID license, you'll get access to some or all of the following features:
| Category- | Description |
|---|---|
| Application management | Manage your cloud and on-premises apps using Application Proxy, single sign-on, the My Apps portal, and Software as a Service (SaaS) apps. |
| Authentication | Manage Microsoft Entra self-service password reset, multifactor authentication, custom banned password list, and smart lockout. |
| Microsoft Entra ID for developers | Build apps that sign in all Microsoft identities, get tokens to call Microsoft Graph, other Microsoft APIs, or custom APIs. |
| Business-to-Business (B2B) | Manage your guest users and external partners, while maintaining control over your own corporate data. |
| Business-to-Customer (B2C) | Customize and control how users sign up, sign in, and manage their profiles when using your apps. |
| Conditional Access | Manage access to your cloud apps. |
| Device Management | Manage how your cloud or on-premises devices access your corporate data. |
| Domain services | Join Azure virtual machines to a domain without using domain controllers. |
| Enterprise users | Manage license assignments, access to apps, and set up delegates using groups and administrator roles. |
| Hybrid identity | Use Microsoft Entra Connect and Connect Health to provide a single user identity for authentication and authorization to all resources, regardless of location (cloud or on-premises). |
| Identity governance | Manage your organization's identity through employee, business partner, vendor, service, and app access controls. You can also perform access reviews. |
| Identity protection | Detect potential vulnerabilities affecting your organization's identities, configure policies to respond to suspicious actions, and then take appropriate action to resolve them. |
| Managed identities for Azure resources | Provide your Azure services with an automatically managed identity in Microsoft Entra ID that can authenticate any Microsoft Entra ID-supported authentication service, including Key Vault. |
| Privileged identity management (PIM) | Manage, control, and monitor access within your organization. This feature includes access to resources in Microsoft Entra ID and Azure, and other Microsoft Online Services, like Microsoft 365 or Intune. |
| Monitoring and health | Gain insights into the security and usage patterns in your environment. |
| Workload identities | Give an identity to your software workload (such as an application, service, script, or container) to authenticate and access other services and resources. |