Microsoft Entra, previously called Microsoft Azure Active Directory, is designed to protect identities and provide secure network access to resources within a multi-cloud family. Entra ID is Microsoft’s identity solution and serves as the foundation for their cloud ecosystem. Regardless of whether you’re using Azure, InTune, Microsoft 365 services, or Dynamics, you’re using an identity to sign in —and all identities are managed through the Entra ID Admin Center.
The portal above can be found at entra.microsoft.com. Then, if you have an Azure account, you will be able to access it with your credentials.
Your Entra ID environment is called a “tenant.” As the name suggests, a tenant behaves as a property tenant would. No need to maintain the building, fix the water heater, or mow the lawn — you just use it.
Below, on the overview tab, you’ll find your tenant ID. This is the unique identifier that distinguishes your information from everyone else’s. You’ll also receive a domain name, which can be further customised. As well, you will also see a license type. Entra ID has multiple license levels, and P2 has a host of advanced features. Conveniently, you are not boxed into using a single licence type; you can have P1 licenses for general users, for example, and P2 for your admins. Should your admin credentials ever be compromised, this can be a lifesaver.
Also note that there is a count for all users, groups, apps, and devices that are managed in this tenant.
Next, let’s look at the properties tab. This is where you can name your tenant and access information pertaining to your region and data location. Entra ID is a global, load-balanced SaaS service with endpoints across all the Azure regions — but it is important to know your tenant’s data location should you have data sovereignty requirements.
Towards the bottom of the page, you will see “Access management for Azure resources.” This is an often misunderstood feature. Since Azure uses a subscription-based model, permissions come from Entra ID, which manages identities. Each Azure subscription is linked to an Entra ID tenant, but one tenant can connect to multiple subscriptions. Only Entra ID global admins can access this switch. It allows them to control account permissions at the root of Azure subscriptions. On the Azure side, this appears as the “user access administrator” role, which is needed when setting up a subscription or recovering access if something goes wrong.
The above picture and more information regarding this topic can be found here.
Next, let’s take a look at our users on the left.
From here, we can manage users and groups. There are several different kinds of user accounts. The ones you create in the portal, here, are known as cloud-native users. We also have synced users and guest users, also known as B2B and B2C accounts.
When you create a user, you decide whether this user is cloud native or if you are inviting a guest. Every user will need a UserPrincipalName (UPN), display name, and a password, which has been auto generated for you.
Click next. We can now add any relevant metadata to your new user, similar to Active Directory.
Next is the “Assignments” page. Here, permissions are assigned to users. This can be done through an administrative unit, which is a group with pre-assigned permissions; or you can use direct role assignment for Entra ID roles.
Entra ID roles control access to Microsoft Entra resources. These resources include users, groups, and applications using the Microsoft Graph API.
Azure roles control access to Azure resources. These include virtual machines or storage using Azure Resource Management.
The final page is to review all your details and then create that new user account.
An alternative way to bring a user into Entra ID is to sync them with an existing Active Directory Domain. On the left of the screen, click “show more” to expand the menu and uncover “Hybrid Management.”
Here, you can connect Active Directory Domains to Entra ID using either Cloud Sync or Connect Sync. Connect Sync is the older method. It requires you to install a full application on a server in your domain, and you manage it from your on-premises environment.
The newer option, Cloud Sync, is simpler. It uses a small agent that you can install on any of your domain servers, and you manage everything from the Microsoft Entra Admin Center.
In conclusion, whether you’re using Azure, Microsoft 365, or any other part of the ecosystem, Entra ID is a powerful tool for ensuring secure, streamlined access to your resources. This blog provides just a glimpse of what Entra ID can do, but it should give you a solid foundation to being exploring its many capabilities.
Related Resources
- Custom Report: Ransomware Recovery Maturity Assessment
- CISO Checklist for Ransomware Preparedness [Whitepaper]
Stay tuned for Veeam Backup for Microsoft Entra ID support that will be delivered in Veeam’s V12.3 launch.