Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Entra is a family of identity and network access products that helps organizations implement a Zero Trust security strategy. Use Microsoft Entra to verify identities, validate access conditions, check permissions, encrypt connection channels, and monitor for compromise across your environment.
Microsoft Entra product family
The Microsoft Entra product family spans identity, access, governance, and security. It covers secure end-to-end access for employees, customers, partners, workloads, and AI agents across any cloud environment.
Establish Zero Trust access controls
Microsoft Entra ID
Microsoft Entra ID is the foundational product of Microsoft Entra. It's a cloud-based identity and access management service that provides authentication, policy enforcement, and protection for users, devices, apps, and resources. Every new Microsoft Entra directory includes an initial domain name, like contoso.partner.onmschina.cn. You can also add your organization's custom domain names.
If you're a Microsoft 365, Azure, or Dynamics CRM Online subscriber, you're already using Microsoft Entra ID — every tenant is automatically a Microsoft Entra tenant. You can start managing access to your integrated cloud apps right away.
Microsoft Entra Domain Services
Microsoft Entra Domain Services provides managed domain services like group policy, LDAP, and Kerberos/NTLM authentication. It's designed for legacy applications in the cloud that can't use modern authentication methods.
Scenario: An organization with services that need Kerberos authentication can create a managed domain where Microsoft deploys and maintains the core service components.
Secure access for employees
Microsoft Entra ID Governance
Microsoft Entra ID Governance simplifies identity and permissions management by automating access requests, assignments, and reviews. It also helps protect critical assets through identity lifecycle management.
For example, administrators can automatically assign user accounts, groups, and licenses to new employees and remove those assignments when employees leave the company.
Secure access for customers and partners
Microsoft Entra External ID
Microsoft Entra External ID lets external identities safely access business resources and consumer apps. It provides secure methods for collaborating with business partners and guests on internal apps, and for managing customer identity and access management (CIAM) in consumer-facing applications.
Scenario: Set up self-service registration for customers to sign in to a web application using one-time passcodes or social accounts.
Secure access in any cloud
Microsoft Entra Workload ID
Microsoft Entra Workload ID is the identity and access management solution for workload identities — applications, services, and containers that require authentication and authorization policies. It lets organizations secure access to resources using adaptive policies and custom security attributes.
For example, GitHub Actions need a workload identity to access Azure subscriptions to automate, customize, and execute software development workflows.
Prepare your environment
Before deploying Microsoft Entra, configure your infrastructure and processes according to security best practices and standards. The following articles provide architectural, deployment, and operational guidance:
License Microsoft Entra features
The features of Microsoft Entra are licensed in multiple ways. These licenses include Microsoft Entra ID Free, Microsoft Entra ID P1, Microsoft Entra ID P2, Microsoft Entra Suite, Microsoft Entra External ID, Microsoft Entra Workload ID, Microsoft Entra ID Governance, and other standalone products. Microsoft Entra is also part of licenses like Microsoft 365 and Enterprise Mobility + Security. For more information about licensing and available options, see the article Microsoft Entra licensing or the Microsoft Entra pricing page.
Manage and develop with Microsoft Entra
Administrators can use the Microsoft Entra admin center and Microsoft Graph API to manage identity and network access resources. Developers can use the Microsoft identity platform to build identity-aware applications.
Microsoft Entra admin center
The Microsoft Entra admin center is a web-based portal for configuring and managing Microsoft Entra products from a single interface.
To learn more, see Overview of Microsoft Entra admin center.
Microsoft Graph API
The Microsoft Graph API automates administrative tasks like license deployments and user lifecycle management.
To learn more, see Manage Microsoft Entra using Microsoft Graph.
Microsoft identity platform
The Microsoft identity platform enables developers to build authentication experiences for web, desktop, and mobile applications using open-source libraries and standard-compliant authentication services.
To start developing, see Getting started.
Next steps
- Microsoft Entra licensing — Detailed licensing information for all Microsoft Entra products.
- Identity and access fundamentals — Understand core identity concepts.
- Sign up for a free 30-day Microsoft Entra ID P1 or P2 trial.
- Compare Active Directory and Microsoft Entra ID.
- Get started with Microsoft Entra ID for developers.
- Find definitions in the Microsoft identity platform glossary.