Identity

Here is an overview of what will be covered in this section :

We will start with Entra ID, which serves as a central hub for identity management. It acts as an intermediary between different types of identities and services.

On-premises identities focus on security measures such as multi-factor authentication (MFA) and conditional access policies. We will not explore this topic in detail, as it is covered in the AZ-500 course.

Next, B2B stands for Business-to-Business, which allows us to integrate external identities into our Entra ID. This involves enabling guest users from partner companies to access our resources, which helps us avoid creating new users in our directory.

Finally, Entra ID encompasses users and groups that belong to the organisation in the cloud.

Entra ID

Entra ID is a crucial point of Microsoft Cloud Services as it centrally manages access for Azure service, Microsoft 365, and other SaaS applications. If you're seeking seamless access to your emails, calendars, documents, and more, all through a single sign-up process, Microsoft Entra proves invaluable for any company. This service operates upstream, verifying your identity and seamlessly granting access to the necessary tools.

Entra ID primarily ensures cloud-based identity and directory management, facilitating access to all SaaS solutions. Additionally, it provides self-service options for users, allowing them to reset passwords, manage authentication, and handle device management.

It seamlessly integrates with on-premise applications, ensuring secure collaboration across the company, device management, and connections to both SaaS applications and Active Directory.

Concepts

Entra ID is divide in four main concepts :

• Identity : This encompasses any object that required an authentication, such as a user, group, managed identity, or service principle. Managed identity represents entities like virtual machines, apps, services, and others.
• Account : To associate data attributes with an identity, an account must be utilised. Users may possess multiple attributes such as location, department, manager, phone number, etc.
• Microsoft Entra ID Account : Any account created on Entra ID or Microsoft Cloud services like XBOX 360, Outlook, Hotmail, etc., falls under this category and can be either work or school accounts.
• Microsoft Entra ID Tenant or Directory : When signing up for an Azure Account, a tenant (or directory) is created, and all subscriptions are linked to it.

Difference with Active Directory

Entra ID has a more modern approach compared to the traditional Active Directory :

• Accessibility : Entra ID is queried over the web using HTTP/HTTPS protocols, providing secure access from everywhere, while Active Directory relies on a protocol called LDAP and is more commonly used for on-premises and network-restricted environments.
• Authentication : Entra ID uses more modern protocols for today's internet-based applications, such as SAML, WS-Federation, OpenID, and OAuth for authorisation. In contrast, Active Directory uses Kerberos, which is often considered outdated.
• Federation : Federation is used to facilitate authentication. With Entra ID, you can add multiple organisations and manage the level of access for each one. In contrast, with Active Directory, you are limited to only two shares.
• Infrastructure : Active Directory requires a dedicated infrastructure with VMs or physical servers. In contrast, with Entra ID, everything is managed in the cloud by Microsoft, so you don't have to worry about this aspect, which can be complicated if there is a problem somewhere.