Microsoft Entra ID

Last updated
Microsoft Entra ID color icon.svg
Developer Microsoft
Type Cloud-based identity management service
Platform(s) Cross-platform
StatusActive
Website Official Site

Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services such as Microsoft 365, Dynamics 365, and Microsoft Azure. [1] Entra ID provides users with single sign-on experience, regardless of whether their applications are cloud-based or on-premises.

Contents

Entra ID offers many authentication methods, including password-based, multi-factor, smart card, and certificate-based authentication. It also includes several security features, such as Conditional Access policies, risk-based authentication, and identity protection. [2]

On July 11, 2023, Microsoft announced the renaming of Azure AD to Microsoft Entra ID to improve consistency with other Microsoft cloud products. [3] The name change took place on July 15, 2023. [4]

Service limits and restrictions [5]

CategoryLimit
Tenants
  • A user can belong to a maximum of 500 AAD tenants.
  • A user can create a maximum of 200 directories.
  • 300 license-base subscriptions
Domains
  • No more than 5000 managed domain names.
Resources

(users, devices, identities, applications)

  • Max of 50,000 Azure AD resources.
  • Non-Admin user can create no more than 250 resources.
Schema Extensions
  • Max 256 characters for String-type extensions.
  • Max 256 bytes for Binary-type extensions.
  • Only 100 extension values across all types and all applications.
  • Only User, Group, Tenant Detail, Device, Application and Service Principal entities can be extended.
Applications
  • Max 100 users and service principals can be owners of an application.
  • A user, group or service principle can have max of 1,500 app role assignments.

See also

Related Research Articles

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">Windows CardSpace</span> Discontinued identity selector app by Microsoft

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

<span class="mw-page-title-main">SharePoint</span> Web application platform

SharePoint is a web-based collaborative platform that integrates natively with Microsoft 365. Launched in 2001, SharePoint is primarily sold as a document management and storage system, although it is also used for sharing information through an intranet, implementing internal applications, and for implementing business processes.

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

PhoneFactor is a proprietary multi-factor authentication owned by Microsoft. It uses telephone calls, SMS messages, and push notifications to verify identity.

Microsoft Azure, often referred to as Azure, is a cloud computing platform developed by Microsoft. It offers access, management, and the development of applications and services through global data centers. It also provides a range of capabilities, including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Microsoft Azure supports many programming languages, tools, and frameworks, including Microsoft-specific and third-party software and systems.

Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services.

Access Control Service, or Windows Azure Access Control Service (ACS) was a Microsoft-owned cloud-based service that provided an easy way of authenticating and authorizing users to gain access to web applications and services while allowing the features of authentication and authorization to be factored out of the application code. This facilitates application development while at the same time providing users the benefit of being able to log into multiple applications with a reduced number of authentications, and in some cases only one authentication. The system provides an authorization store that can be accessed programmatically as well as via a management portal. Once authorizations are configured, a user coming to an application via ACS arrives at the application entrance with not only an authentication token, but also a set of authorization claims attached to the token. ACS was retired by Microsoft on November 7, 2018.

<span class="mw-page-title-main">Microsoft account</span> User account required for Microsoft-owned services

A Microsoft account or MSA is a single sign-on personal user account for Microsoft customers to log in to consumer Microsoft services, devices running on one of Microsoft's current operating systems, and Microsoft application software.

<span class="mw-page-title-main">Netwrix</span>

Netwrix is a Frisco, Texas-based private IT security software company that develops software to help companies identify and secure sensitive data and assist with compliance auditing. After eight acquisitions the company's team geographically expanded to Latin America, UK, Germany, France, Asia, USA as well as other countries. The company's flagship products are Netwrix Auditor and StealthAUDIT that help information security and governance professionals manage sensitive, regulated and business-critical data.

Azure AD Connect is a tool for connecting on-premises identity infrastructure to Microsoft Entra ID. The wizard deploys and configures prerequisites and components required for the connection, including synchronization scheduling and authentication methods. Azure AD Connect encompasses functionality that was previously released as Dirsync and AAD Sync. These tools are no longer being released individually, and all future improvements will be included in updates to Azure AD Connect.

<span class="mw-page-title-main">MaaS 360</span> Unified endpoint management software

IBM MaaS360 is a SaaS Unified Endpoint Management (UEM) solution offered by IBM that manages and protects any existing endpoint including laptops, desktops, mobile devices and apps, wearables, IoT and purpose built devices and allow protected, low risk access to company resources. IBM Security MaaS360 with Watson integrates with current security platforms owned by different companies. It’s AI powered analytics removes friction by reducing actions required from the device user.

<span class="mw-page-title-main">Azure Sphere</span> Linux-based microcontroller system

Azure Sphere is an application platform with integrated communications and security features developed and managed by Microsoft for Internet Connected Devices.

Unified access management (UAM) refers to an identity management solution that is used by enterprises to manage digital identities and provide secure access to users across multiple devices and applications, both cloud and on-premise. Unified access management solutions provide a single platform from which IT can manage access across a diverse set of users, devices, and applications, whether on-premise or in the cloud.

<span class="mw-page-title-main">Microsoft 365</span> Subscription services offered by Microsoft

Microsoft 365 is a product family of productivity software, collaboration and cloud-based services owned by Microsoft. It encompasses online services such as Outlook.com, OneDrive, Microsoft Teams, programs formerly marketed under the name Microsoft Office, enterprise products and services associated with these products such as Exchange Server, SharePoint, and Viva Engage. It also covers subscription plans encompassing these products, including those that include subscription-based licenses to desktop and mobile software, and hosted email and intranet services.

<span class="mw-page-title-main">Microsoft Power Platform</span> Family of business software products

Microsoft Power Platform is a line of business intelligence, app development, and app connectivity software applications. Microsoft developed the Power Fx low-code programming language for expressing logic across the Power Platform. It also provides integrations with GitHub and Microsoft Teams among other apps.

References

  1. Bertocci, Vittorio (December 17, 2015). Modern Authentication with Azure Active Directory for Web Applications. Pearson Education (published December 13, 2015). ISBN   9780735698482.{{cite book}}: CS1 maint: date and year (link)
  2. Moniz, Hencita (7 March 2023). "Azure Active Directory and identity management". Skillzcafe. Retrieved 2023-04-10.
  3. Chik, Joy (2023-07-11). "Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID". Microsoft Security Blog. Retrieved 2023-07-12.
  4. "New name for Azure Active Directory - Microsoft Entra". 29 August 2023.
  5. barclayn (2023-03-16). "Service limits and restrictions - Microsoft Entra". learn.microsoft.com. Retrieved 2023-06-06.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.