table of contents
- 01.What is Microsoft Entra ID?
- 02.Microsoft Entra ID: Three Plans and Pricing
- 03.Why do I need Microsoft Entra ID?
- 04.Five features of Microsoft Entra ID you should know about
- 05.If you want to make the most of the security features of Microsoft Entra ID, please consult with us for a Microsoft 365 / Microsoft Azure Security Assessment.
- 06.LANSCOPE Security Auditor prevents Microsoft 365 data leaks through log monitoring
- 07.summary
Microsoft Azure Active Directory (Azure AD) will be renamed to “Microsoft Entra ID” on October 1, 2023. Microsoft Entra ID is a cloud-based ID and account management service provided by Microsoft, and supports the safe and efficient operation of Microsoft 365, Microsoft Azure, and related services.
In order to accommodate the diverse working styles that have emerged in recent years, many companies are introducing cloud services into their operations.
However, it is also true that the introduction of multiple cloud services has led to frequent serious security incidents in Japan, such as
: login information being stolen by a third party and unauthorized login to the cloud
; inadequate access permissions allowing confidential information to be viewed by outsiders or employees
without the proper permissions; and errors in sharing settings allowing file information to
be taken out by a third party.
By using Microsoft Entra ID, it is possible to solve the above security issues with features such as multi-factor authentication and single sign-on . In addition, administrators can manage cloud service accounts in a centralized manner, which is expected to reduce the workload.
In this article, we will clearly explain the important information you need to know about “Microsoft Entra ID”, including its overview, plans, main features, and changes from Azure AD.
To summarise this article:
- Microsoft Entra ID is formerly known as Microsoft Azure Active Directory. From October 1, 2023, the content and functions will remain the same, but the name will change.
- It is the authentication infrastructure for Microsoft 365 (a system for centrally managing ID and authentication information when logging in).
- Microsoft’s cloud-based security product group “Microsoft Entra” has three categories and eight products, including Microsoft Entra ID.
- There are three plans: Microsoft Entra ID Free, Microsoft Entra ID Premium P1, and P2. The latter plan has more features. Free is free for Microsoft 365 users.
- Main features include “multi-factor authentication,” “privileged ID management,” “single sign-on,” “conditional access,” and “protected ID.”
What is Microsoft Entra ID?
Microsoft Entra ID is one of the products in the Microsoft Entra security product group provided by Microsoft , and is a service that provides cloud ID and access management for connecting to data.
By utilizing Microsoft Entra ID, users can access secure services regardless of location or device . Specifically, features such as multi-factor authentication, conditional access, and single sign-on are used to prevent unauthorized access and information theft by third parties.
As Microsoft aims to integrate its Entra product family, it has changed the name of its existing Azure Active Directory (Azure AD) to “Microsoft Entra ID” from October 1, 2023.
However, the content and functions of the service itself will remain unchanged, and if you have been using Azure AD until now, you will be able to continue using the same functions without having to re-contract or take any other changes.
With this name change, the names of each Microsoft Entra ID (formerly AzureAD) plan have also changed as follows:
| Until now | From October 1, 2023 |
|---|---|
| Azure AD Free | Microsoft Entra ID Free |
| Azure AD Premium P1 | Microsoft Entra ID P1 |
| Azure AD Premium P2 | Microsoft Entra ID P2 |
| Azure AD External Identities | Microsoft Entra External ID |
Microsoft Entra ID is the authentication platform for Microsoft365.
In recent years, with the spread of cloud services, an increasing number of companies are introducing “Microsoft 365.” Microsoft 365 (formerly Office 365) is a subscription-based (monthly fee-based) cloud service that allows you to use Office applications such as Word and Excel online.
Speaking of Microsoft Office, the end of support for the latest packaged (one-time purchase) version, Office 2021, is approaching on October 13, 2026, and there are no plans to release a new packaged version of Office in the future. Microsoft seems to be recommending a shift to Microsoft 365.
Microsoft Entra ID is used as the authentication infrastructure for Microsoft 365 (a system that centrally manages ID and authentication information when logging in). Therefore, users of Microsoft 365 will inevitably use Microsoft Entra ID for authentication.
Microsoft Entra ID can also be used as an authentication infrastructure for cloud services other than Microsoft 365. As Microsoft 365 becomes more widespread, the use of Microsoft Entra ID across multiple services is likely to become more common.
What is Microsoft Entra?
“Microsoft Entra” is the name of a cloud-based security product group announced by Microsoft in May 2022.
Microsoft Entra has three categories: “Identity and Access Management,” “New ID Categories,” and “Network Access,” and has a total of eight products, including Microsoft Entra ID (in the “Identity and Access Management” category).
| Identity and Access Management | New ID Categories | Network Access |
|---|---|---|
| ・Microsoft Entra ID ・Microsoft Entra ID Governance ・Microsoft Entra External ID |
・Microsoft Entra Verified ID ・Microsoft Entra Permissions Management ・Microsoft Entra Workload ID |
・Microsoft Entra Internet Access ・Microsoft Entra Private Access |
Microsoft has renamed Azure Active Directory (Azure AD) , which was previously easily confused with on-premises Windows Server Active Directory (AD) , to Microsoft Entra ID, making it clearer that it is a service in the Microsoft Entra product family.
Microsoft Entra ID: Three Plans and Pricing
Microsoft Entra ID has three plans:
Microsoft Entra ID Free
, Microsoft Entra ID Premium P1
, and Microsoft Entra ID Premium P2. Each plan has different features.
Free does not require a separate contract, and can be used for free if you sign up for a cloud subscription such as Microsoft 365 or Microsoft Azure . It mainly focuses on the user management functions of Microsoft 365.
P1 is available as a standalone contract or is included in Microsoft 365 E3 and Microsoft 365 Business Premium . Similarly, P2 is available as a standalone contract or is included in Microsoft 365 E5 .
P1 and P2 users can also purchase the additional Microsoft Entra ID Governance plan (¥880 per user/month), which gives access to all the features of Microsoft Entra ID Governance.
▼ Microsoft Entra ID: Pricing and features for each plan
| Microsoft Entra ID Free | Microsoft Entra ID Premium P1 (¥750 per user/month) | Microsoft Entra ID Premium P2 (¥1,130 per user/month) | |
|---|---|---|---|
| Authentication, Single Sign-On, and Application Access | △ | 〇 | 〇 |
| Management and Hybrid Identity | △ | 〇 | 〇 |
| End User Self-Service | △ | △ | 〇 |
| Multi-factor authentication and conditional access | △ | 〇 | 〇 |
| Identity Protection | ✕ | ✕ | 〇 |
| Event Logs and Reports | △ | 〇 | 〇 |
| Identity Governance | △ | △ | △ |
Why do I need Microsoft Entra ID?
Before cloud services became as widespread as they are today, Active Directory (AD) was commonly used as an authentication system on-premise, such as on an internal company network.
However, as diverse working styles such as teleworking have become more widespread, the opportunities to utilize cloud services have increased, making it difficult to provide secure authentication management using only traditional on-premises AD.
In addition, the increased use of cloud services has created the following challenges for organizations and employees:
・Employees use multiple cloud services in one day, which means they have to authenticate each time .
・Administrators also have to spend a lot of time managing all the employees’ accounts.
・As methods of unauthorized access become more sophisticated, traditional authentication methods that rely only on IDs and passwords cannot fully prevent intrusions.
Microsoft Entra ID was created to resolve these issues in both business efficiency and security.
First, by using Microsoft Entra ID, you can centrally manage account authentication and application access, regardless of whether your environment is cloud or on-premise, or even if the two are mixed in your work environment.
Next, by using the “single sign-on” feature of Microsoft Entra ID, users can automatically access multiple linked cloud services by logging in once. This improves user work efficiency as it eliminates the need to log in to each service each time.
▼Comparison between when single sign-on is implemented and when it is not implemented
Furthermore, with Microsoft Entra ID, you can set up authentication methods that do not rely solely on ID and password, such as “multi-factor authentication” and “passwordless authentication,” thereby further strengthening the security of Microsoft services and connected cloud services.
Multi-factor authentication (MFA) is a security method that combines regular ID/password authentication with other methods, such as a one-time password or fingerprint authentication , to log in to a service.
▼ Multi-factor authentication image
Even if a user’s Microsoft account ID or password is leaked and an attacker attempts to illegally log into a service, the other authentication (biometric authentication or one-time password) cannot be breached , so the attacker’s unauthorized login can be prevented.
Similarly, “passwordless authentication” is, as the name suggests, a system that allows you to log in to a service without using a password, using biometric authentication, device authentication, or push notifications.
With Microsoft Entra, you can set the following authentication methods according to your users’ preferences.
| Authentication Method | Safety features | Ease of use |
|---|---|---|
| Windows Hello for Business | high | high |
| Microsoft Authenticator | high | high |
| Authenticator Lite | high | high |
| FIDO2 Security Keys | high | high |
| Certificate-Based Authentication | high | high |
| OATH Hardware Tokens (Preview) | Medium | Medium |
| OATH Software Token | Medium | Medium |
| Temporary Access Pass (TAP) | Medium | high |
| SMS | Medium | high |
| audio | Medium | Medium |
| Password | low | high |
As cyber attacks become more sophisticated, Microsoft Entra ID, which provides secure authentication, is indispensable for cloud service users.
If you have already implemented Microsoft Entra ID, it is a good idea to regularly check your company’s authentication status to ensure that secure authentication such as single sign-on and multi-factor authentication are correctly configured.
Five features of Microsoft Entra ID you should know about
Here are five main features of Microsoft Entra ID that enhance security:
1. Multi-factor authentication
2. Conditional access
3. Single sign-on (SSO)
4. ID protection
5. Privileged ID management
*The features available vary depending on the Microsoft Entra ID plan.
1. Multi-factor authentication
The first is “multi-factor authentication,” which we mentioned earlier.
No matter how long and strong your password is, if it is leaked and falls into the hands of an attacker, there is a risk that unauthorized access will be made to multiple services. Attackers will try various methods to illegally log in, such as purchasing password lists on dark web markets or peeking at the target’s PC from behind to steal passwords.
In this situation, “multi-factor authentication,” an authentication method that does not use passwords, is attracting attention as a means to fundamentally solve unauthorized login problems.
Microsoft Entra ID multi-factor authentication
・Microsoft Authenticator (fingerprint authentication, face authentication, PIN data)
・Authenticator Lite (in Outlook: one-time passcode for mobile devices)
・Windows Hello for Business (fingerprint authentication, face authentication, iris authentication, PIN data)
・FIDO2 security key (insert security key)
・SMS
・Voice call
You can use authentication formats such as:
2. Conditional Access
When accessing cloud services, access conditions can be set for each user or group to prove that they are a secure user.
for example
– Require multi-factor authentication for users with administrative privileges
– Require multi-factor authentication for access from external networks
– Block access from specific locations
You can allow or deny user access based on pre-defined conditions.
3. Single Sign-On (SSO)
A major benefit of using Microsoft Entra ID is “single sign-on.”
By enabling the single sign-on function, you can automatically access all connected services, whether they are cloud or on-premise, by logging in once . This eliminates the need to log in for each service, which is expected to improve employee work efficiency.
In addition, since there is no need to manage IDs and passwords for each service, the workload of IT administrators, such as resetting forgotten passwords, will be reduced.
The single sign-on function of Microsoft Entra ID allows access to linked cloud and SaaS applications (e.g. Salesforce, Adobe Creative Cloud, etc.) other than Microsoft applications without the need for re-authentication.
4. identity protection
Microsoft Entra ID’s “ID Protection” is a feature that uses advanced machine learning to identify unusual user behavior and take action such as blocking or restricting unauthorized access or requesting authentication information.
Even in the unlikely event that password information is leaked, ID protection determines in real time whether the access by the user is legitimate or unauthorized, making it possible to prevent the threat of cyber attacks and unauthorized access.
5. Privileged ID Management
A privileged ID is an administrator ID with special authority. By possessing a privileged ID, you can perform operations that cannot be performed with a general user ID, such as managing databases and changing system settings.
By using the “Privileged ID Management” function, administrators can provide users with the permissions (privileged ID) that they are likely to need for their work, for a certain period of time, upon request.
The idea is that rather than continually giving privileged IDs to users, administrators approve and grant permissions to users as needed.
The background to privileged ID management is that if a privileged ID with authority to make system changes, etc. is misused, it can cause fatal damage to a company. Privileged ID management is an effective function not only to prevent abuse by external attacks, but also as a countermeasure against internal fraud.
