Microsoft Entra - the new branch for identity and access solutions
Microsoft has unveiled its new product branch for identity and access solutions, named Microsoft Entra.
The company says identity is not just about directories, and access is not just about the network. It says security challenges have become much broader, so broader solutions are needed.
But keeping it simple is also crucial. Microsoft says organizations don’t want to deal with incomplete and disjointed solutions that solve only one part of the problem, work in only a subset of environments, and require duct tape and bubble gum to work together.
Microsoft says businesses need access decisions to be as granular as possible and to automatically adapt based on real-time assessment of risk. And they need this everywhere: on-premises, Azure AD, Amazon Web Services, Google Cloud Platform, apps, websites, devices, and whatever comes next.
The company says Microsoft Entra will verify all types of identities and secure, manage, and govern their access to any resource. It says the new product family will:
- Protect access to any app or resource for any user.
- Secure and verify every identity across hybrid and multicloud environments.
- Discover and govern permissions in multicloud environments.
- Simplify the user experience with real-time intelligent access decisions.
Microsoft says familiar products like Microsoft Azure AD and Azure AD External Identities will now come under Microsoft Entra, but there are completely new solutions too.
Microsoft Entra Permissions Management
With the acquisition of CloudKnox Security last year, Microsoft says it is now the first major cloud provider to offer a CIEM solution. Permissions Management will provide comprehensive visibility into permissions for all identities (both user and workload), actions, and resources across multicloud infrastructures.
Microsoft says the new solution will help detect, right-size, and monitor unused and excessive permissions and mitigate the risk of data breaches by enforcing the principle of least privilege in Microsoft Azure, Amazon Web Services, and Google Cloud Platform. This will be a standalone offering generally available worldwide this July 2022 and will also be integrated within the Microsoft Defender for Cloud dashboard, extending Defender for Cloud’s protection with CIEM.
Microsoft Entra Verified ID
Microsoft says Verified ID implements the industry standards that make portable, self-owned, decentralized identity possible. It says instead of granting broad consent to countless apps and services and spreading identity data across numerous providers, Verified ID allows individuals and organizations to decide what information they share, when they share it, with whom they share it, and—when necessary—take it back. The company says Verified ID will be generally available in early August 2022.
Microsoft says it’s an enormous challenge for IT and security teams regarding new users and guest accounts. It says new employees often experience a slow ramp-up to full effectiveness while waiting for the access required for their jobs. The company says similar delays in granting necessary access to guest users undermine a smoothly functioning supply chain. Then, without formal or automated processes for reprovisioning or deactivating people’s accounts, their access rights may remain when they change roles or exit the organization.
Microsoft says Identity Governance addresses this with identity lifecycle management, which simplifies the processes for onboarding and offboarding users. Lifecycle workflows automate assigning and managing access rights, and monitoring and tracking access, as user attributes change. Lifecycle workflows in Identity Governance will enter public preview this July 2022.