Microsoft Renaming Azure AD to Microsoft Entra ID

What is in a name? Quite a lot. On July 12^th, Microsoft renamed Azure AD to Entra ID. Why does it matter? Because it serves as a shift from a legacy internal-only directory system for validating identities to a full Security Service Edge (SSE) category.

Why is that important? In the past, we had boundaries for our network. There was the internet, a firewall, a less secure DMZ, and a secure internal network. With the advent of the cloud and cloud applications, plus “work from anywhere”, we no longer have a boundary we can always control and protect. The boundary is now the whole internet. By moving identity and access to the edge, we can bring some level of security and assurance to address these changes. Of course, there are already products and ways to do this, but the value is that many of these options are now included with your Azure subscription (depending on the subscription level) and can be managed centrally.

Today

Consider this use case; you have numerous SaaS tools. You can set up these apps in Entra (Azure) as registered apps, then assign groups to them. Our users can log in and be presented with a single sign-on to these apps, providing users the ease of signing in once for many apps. We have a single source of truth to be assured they are who they say they are, based on our policies. We can require Multi-Factor Authentication (MFA), specific browsers, geographic locations, and making management of access to many apps through one tool. We can even do this for apps we may host in our on-premise environment through proper configuration and the use of proxies.

Another great feature is that we can now manage access for external users or guests. Suppose we need to share a document or app access with a partner, auditor, or vendor. In that case, we can allow them access and manage that access with access reviews and time periods to expire. We can brand tenants for a more professional look and feel so external users accept the terms of use. In the past, there were limited controls that required multiple admin consoles to manage access for external users.

The Future

What does the future of Entra ID hold? With the launch of two new products—Microsoft Entra Internet Access and Microsoft Entra Private Access, Microsoft is accelerating Zero Trust Network Architecture (ZTNA). Internet access will act like a proxy between your users and the internet, meaning you can make sure wherever they are browsing on the internet is approved and checked for malicious traffic. Private Access allows the organization to control what happens inside your network. Think of it as a traffic officer for your internal network. Again, there are already tools for these things, but by bringing it into Azure, you have a one-stop shop to manage all access. These features are in preview today but will soon be full features.

Risks

Several risks come to mind. The first is trust; by centralizing everything we say, we implicitly trust Microsoft. They technically have access to even more information about us and our organizations than they already have.

What about the risk of Entra being unavailable? There are numerous ways to add resiliency to Entra, but they require design choices and spending that should only be done after the risk is calculated for the likelihood of it happening and the impact. In other words, the organization needs to put a value on these resiliency choices and determine if they are worth the cost.

Finally, there is vendor lock-in. When an organization goes ‘all in’ with Microsoft, deciding to leave becomes difficult and costly. If Microsoft decides to increase prices, stop offering a service, etc., we are beholden to them or will require a big lift and shift to make a change.

Summary

This is not a simple name change. If you have a subscription with access to these features, you should determine if you want to use them. If you have a subscription that doesn’t include the features discussed, consider upgrading the subscription.