Microsoft Corp. today introduced Entra, a new product suite that organizations can use to manage user access to their applications.
Entra includes a mix of new and existing products. The suite also incorporates technology that Microsoft obtained last year through the acquisition of CloudKnox Security Inc., a multicloud security startup.
The flagship product in Entra is Azure AD, the cloud version of Microsoft’s popular Active Directory software. Organizations rely on Active Directory to manage which employee can access what application and how. It’s estimated that Azure AD and Active Directory are used by more than 90% of large enterprises.
Azure AD is receiving a feature called lifecycle workflows on occasion of the Entra product suite’s launch. When a company expands its workforce, administrators have to provide new hires with access to the business applications that they need for their work. The new lifecycle workflows feature in Azure AD promises to automate this process, as well as a streamline number of related tasks.
Alongside Azure AD, the Entra suite includes another Microsoft product called Azure AD External Identities. Companies rely on Azure AD External Identities to manage how customers and partners access their applications. A software-as-a-service provider, for example, could use the product to process user login requests.
“Security challenges have become much broader, so we need broader solutions,” Microsoft executives Joy Chik and Vasu Jakkal explained in a blog post today. “We need to secure access for every customer, partner, and employee—and for every microservice, sensor, network, device, and database.”
With the Entra suite, Microsoft plans to extend its access management capabilities to yet more areas. The suite includes a new product dubbed Entra Verified ID that will enable users to securely store and share their identity data. According to Microsoft, the product can ease data management for not only consumers but also organizations.
Microsoft envisions Entra Verified ID being used to streamline tasks such as conducting background checks and verifying a company’s business credentials. It will also support other use cases. “The potential scenarios for decentralized identity are endless,” Chik and Jakkal wrote. “When we can verify the credentials of an organization in less than a second, we can conduct business-to-business and business-to-customer transactions with greater efficiency and confidence.”
The second new product that is launching as part of Entra is known as Entra Permissions Management. The product, which is based on technology that Microsoft obtained through its acquisition of CloudKnox last June, promises to help companies more easily secure their multicloud environments.
In a cloud environment, applications are accessed not only by users but also by other applications. A revenue forecasting application, for example, might require the ability to retrieve information stored in a company’s cloud database. Entra Permissions Management enables companies to centrally manage the access permissions of both users and workloads.
According to Microsoft, the platform helps organizations detect potential cybersecurity risks. Entra Permissions Management can determine if a cloud environment is configured in a way that may enable hackers to compromise workloads.
There are cases where an application has access to more parts of a cloud environment than strictly necessary. A workload might, for example, be accidentally given the ability to edit firewall settings even though it’s not designed for cybersecurity tasks. If hackers were to breach the workload, they could use it to disable the firewall.
According to Microsoft, Entra Permissions Management automatically detects unnecessary access permissions that should be removed. Moreover, the platform can spot potentially malicious activity. It works with Microsoft’s Azure cloud platform, as well as Amazon Web Services and Google Cloud.