What is Microsoft Entra?
Microsoft Entra is a family of identity and network access products. It enables organizations to implement a Zero Trust security strategy and create a trust fabric that verifies identities, validates access conditions, checks permissions, encrypts connection channels, and monitors for compromise.
Microsoft Entra product family
The Microsoft Entra product family covers four maturity stages of secure end-to-end access for any trustworthy identity. These stages include establishing Zero Trust access controls, and securing access for employees, customers, partners, and any cloud environment.
Establish Zero Trust access controls
Microsoft Entra ID
Microsoft Entra ID is the foundational product of Microsoft Entra. It provides the essential identity, authentication, policy, and protection to secure employees, devices, and enterprise apps and resources.
Microsoft Entra Domain Services
Microsoft Entra Domain Services provides managed domain services such as group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. It enables organizations to run legacy applications in the cloud that can't use modern authentication methods.
For example, organizations with services that require access to Kerberos authentication can create a managed domain where the core service components are deployed and maintained by Microsoft as a managed domain experience.
Secure access for employees
Microsoft Entra ID Governance
Microsoft Entra ID Governance makes identity and permissions easier to manage by automating access requests, assignments, and reviews. Additionally, it helps protect critical assets through identity lifecycle management.
For example, administrators can automatically assign user accounts and Microsoft 365 licenses to new employees, and remove those assignments from employees that are no longer with the company.
Secure access for customers and partners
Microsoft Entra External ID
Microsoft Entra External ID enables external identities to safely access business resources and consumer apps. It offers secure methods for collaborating with business partners and guests on internal apps and resources, as well as managing customer identity and access management (CIAM) for your consumer-facing applications.
For example, organizations can set up self-service registration for customers to sign-in to a web application using methods such as social accounts.
Secure access in any cloud
Microsoft Entra Workload ID
In addition to human and device identities, workload identities such as applications, services, and containers require authentication and authorization policies.
Microsoft Entra Workload ID is the identity and access management solution for workload identities. It enables organizations to secure access to resources using adaptive policies and custom security attributes for apps.
For example, GitHub Actions need a workload identity to access Azure subscriptions to automate, customize, and execute software development workflows.
Getting ready for Microsoft Entra
Before organizations deploy Microsoft Entra, they should configure their infrastructure and processes according to security best practices and standards. The following articles provide the architectural, deployment, and operational guidance to successfully integrate Microsoft Entra.
Working with Microsoft Entra
After organizations deploy Microsoft Entra, administrators can use the Microsoft Entra admin center and Microsoft Graph API to manage the identity and network access resources, and developers can use the Microsoft identity platform to build identity and access applications.
Microsoft Entra admin center
The Microsoft Entra admin center is a web-based portal for administrators to configure and manage Microsoft Entra products using a single user interface.
To learn more, see Overview of Microsoft Entra admin center.
Microsoft Graph API
In addition to the Microsoft Entra admin center, the Microsoft Graph API can be used to automate administrative tasks, including license deployments, and user lifecycle management.
To learn more, see Manage Microsoft Entra using Microsoft Graph.
Microsoft identity platform
The Microsoft identity platform enables developers to build authentication experiences for web, desktop, and mobile applications using open-source libraries and standard-compliant authentication services.
To start developing, see Getting started.