table of contents
What is Microsoft Entra ID?
Microsoft Entra ID 3 plans and prices
Why do I need a Microsoft Entra ID?
5 features of Microsoft Entra ID that you should know about
If you want to make the most of the security features of Microsoft Entra ID, please consult “Microsoft 365 Security Diagnosis.”
“LANSCOPE Security Auditor” prevents information leaks in Microsoft 365 with “log monitoring.”
summary
Microsoft Azure Active Directory (Azure AD) has been renamed to “Microsoft Entra ID” from October 1, 2024. Microsoft Entra ID is a cloud-based ID and account management service provided by Microsoft that supports safe and efficient operation of Microsoft 365, Microsoft Azure, and related services.
To accommodate the diverse work styles of recent years, many companies are introducing cloud services into their operations.
However, by introducing multiple cloud services,
login information may be stolen by a third party and unauthorized login to the cloud
may occur. Confidential information may be viewed by outsiders or employees who are not authorized to do so due to insufficient access privileges.
It is also true that serious security incidents occur frequently in Japan, where file information is taken out by a third party due to a mistake in the sharing settings .
By using Microsoft Entra ID, you can solve the above security issues with features such as multi-factor authentication and single sign-on. Administrators can also centrally manage cloud service accounts, which can reduce their operational burden.
In this article, we will explain in an easy-to-understand manner the overview, plans, main functions, and changes with Azure AD of “Microsoft Entra ID” that you should know about.
▼To summarize this article
- Microsoft Entra ID is the former name “Microsoft Azure Active Directory.”. From October 1, 2023, the name has changed without changing the content or functions.
- Microsoft 365 authentication infrastructure (a mechanism for centrally managing ID and authentication information at the time of login)
- Microsoft’s cloud-based security product group “Microsoft Entra” has eight products in three categories, including Microsoft Entra ID.
- There are three plans: Microsoft Entra ID Free, Microsoft Entra ID Premium P1, and P2, and the latter has more features. Free is free for Microsoft 365 users
- Main features include “multi-factor authentication,” “privileged ID management,” “single sign-on,” “conditional access,” and “protected ID.”
What is Microsoft Entra ID?
Microsoft Entra ID is one of the products in the “Microsoft Entra” security product group provided by Microsoft , and is a service that manages cloud ID and access management for connecting to data.
Microsoft Entra ID enables users to securely access services from any location, on any device . Specifically, we use functions such as multi-factor authentication, conditional access, and single sign-on to prevent damage such as unauthorized access and information theft by third parties.
Microsoft, which aims to integrate the Entra product family, has changed the name from Azure Active Directory (Azure AD) to “Microsoft Entra ID” from October 1, 2023.
However, the content and functionality of the service itself will not change, and if you have been using Azure AD, you can continue to use the same functionality without having to renew your contract or undergo changes.
With this name change, the names of each plan for Microsoft Entra ID (formerly AzureAD) have also been changed as follows.
| Until now | From October 1, 2023 |
|---|---|
| Azure AD Free | Microsoft Entra ID Free |
| Azure AD Premium P1 | Microsoft Entra ID P1 |
| Azure AD Premium P2 | Microsoft Entra ID P2 |
| Azure AD External Identities | Microsoft Entra External ID |
Microsoft Entra ID is the authentication foundation for Microsoft 365
In recent years, with the spread of cloud services, an increasing number of companies are introducing Microsoft 365. Microsoft365 (formerly Office365) is a subscription-type (monthly billing) cloud service that allows you to use Office applications such as Word and Excel online.
Speaking of Microsoft Office, the end of support for Office 2021, the latest packaged (one-time purchase) version, is approaching on October 13, 2026, and the release of a new packaged version of Office is undecided. It appears that Microsoft is recommending a shift to Microsoft 365.
Microsoft Entra ID is used as the authentication infrastructure for Microsoft 365 (a system that centrally manages ID and authentication information at the time of login). Therefore, users using Microsoft 365 are necessarily using their Microsoft Entra ID for authentication.
Microsoft Entra ID can be used as an authentication platform for cloud services other than Microsoft 365, and as Microsoft 365 becomes more popular, the use of Microsoft Entra ID across multiple services may become established.
What is Microsoft Entra?
To begin with, “Microsoft Entra” is the name of a cloud-based security product group announced by Microsoft in May 2022.
Microsoft Entra has three categories: “Identity and Access Management,” “New Identity Categories,” and “Network Access,” and there are a total of eight products, including Microsoft Entra ID (the “Identity and Access Management” category).
| Identity and access management | New ID category | network access |
|---|---|---|
| ・Microsoft Entra ID ・Microsoft Entra ID Governance ・Microsoft Entra External ID |
・Microsoft Entra Verified ID ・Microsoft Entra Permissions Management ・Microsoft Entra Workload ID |
・Microsoft Entra Internet Access ・Microsoft Entra Private Access |
By changing Azure Active Directory (Azure AD), which was previously easily confused with on-premises Windows Server Active Directory (AD ), to Microsoft Entra ID, Microsoft has confirmed that it is a service in the Microsoft Entra product family. I showed it clearly.
Microsoft Entra ID 3 plans and prices
Microsoft Entra ID has three plans
: Microsoft Entra ID Free
, Microsoft Entra ID Premium P1
, and Microsoft Entra ID Premium P2 , each with different features.
There is no need to sign up for Free, and you can use it for free by signing up for a cloud subscription such as Microsoft 365 or Microsoft Azure . The main focus will be on Microsoft 365 user management functions.
P1 is available as a stand-alone contract and is included in Microsoft 365 E3 and Microsoft 365 Business Premium . Similarly, P2 is included in Microsoft 365 E5 as well as a standalone contract .
Additionally, P1 and P2 users can additionally purchase the “Microsoft Entra ID Governance (¥880 user/month)” plan, which provides all the features of Microsoft Entra ID Governance mentioned above.
▼Microsoft Entra ID About prices and features of each plan
| Microsoft Entra ID Free | Microsoft Entra ID Premium P1 (¥750 user/month) | Microsoft Entra ID Premium P2 (¥1,130 user/month) | |
|---|---|---|---|
| Authentication, single sign-on, and application access | △ | 〇 | 〇 |
| Management and hybrid identity | △ | 〇 | 〇 |
| End user self-service | △ | △ | 〇 |
| Multi-factor authentication and conditional access | △ | 〇 | 〇 |
| identity protection | ✕ | ✕ | 〇 |
| Event logs and reports | △ | 〇 | 〇 |
| identity governance | △ | △ | △ |
Function: 〇=included, △=partially included, ✕=not included
Why do I need a Microsoft Entra ID?
Before cloud services became widespread, Active Directory (AD) was generally an authentication system used on-premises, such as in-house networks.
However, with the spread of diverse work styles such as telework, opportunities to utilize cloud services have increased, making it difficult to securely manage authentication using traditional on-premises AD alone.
Additionally, with the increased use of cloud services, organizations and employees are facing the following challenges .
・Since employees use multiple cloud services in a day, it takes time and effort to authenticate each time . ・It takes a lot of man-hours for
administrators to manage the accounts of all their employees . ・As unauthorized access methods become more sophisticated, traditional authentication that relies only on IDs and passwords cannot prevent intrusions.
Microsoft Entra ID was created to resolve these issues in both operational efficiency and security.
First, by using Microsoft Entra ID, you can centrally manage account authentication and access to applications, regardless of whether you are in a cloud, on-premises environment, or a mixed environment.
Next, by using the “single sign-on” feature of Microsoft Entra ID, users can log in once and automatically access multiple linked cloud services. Users do not have to log in each time they use a service, which improves their work efficiency.
▼Comparison with and without introducing single sign-on
Furthermore, with Microsoft Entra ID, you can set authentication methods that do not rely solely on IDs and passwords, such as multi-factor authentication and passwordless authentication , to further strengthen the security of Microsoft services and linked cloud services. It is possible to make it into something.
Multi-factor authentication (MFA) is a security method that combines regular ID/password authentication with other methods such as one-time passwords and fingerprint authentication to log in to services.
▼Image of multi-factor authentication
Even if a user’s Microsoft account ID and password are leaked and an attacker tries to log in to the service illegally, the other authentication (biometric authentication or one-time password) cannot be breached . , can prevent unauthorized logins by attackers.
Similarly, “passwordless authentication”, as the name suggests, is a mechanism that allows users to log in to services without using a password, using biometric authentication, device authentication, or authentication via push notifications.
With Microsoft Entra, it is possible to set the following authentication methods according to the user’s wishes.
| Authentication method | Security | ease of use |
|---|---|---|
| Windows Hello for Business | high | high |
| Microsoft Authenticator | high | high |
| Authenticator Lite | high | high |
| FIDO2 security key | high | high |
| Certificate-based authentication | high | high |
| OATH Hardware Token (Preview) | During ~ | During ~ |
| OATH Software Token | During ~ | During ~ |
| Temporary Access Pass (TAP) | During ~ | high |
| SMS | During ~ | high |
| audio | During ~ | During ~ |
| Password | low | high |
As cyber-attacks become more sophisticated, Microsoft Entra ID, which enables secure authentication, is essential for cloud service users.
If you have already implemented Microsoft Entra ID, it is a good idea to periodically check your company’s authentication status to ensure that you have correctly configured secure authentication status such as single sign-on and multi-factor authentication.
5 features of Microsoft Entra ID that you should know about
Here are five key security-enhancing features of Microsoft Entra ID.
1. Multi-factor authentication
2. Conditional access
3. Single sign-on (SSO)
4. Identity protection
5. Privileged ID management
*Available features vary depending on Microsoft Entra ID plan.
1. multi-factor authentication
The first is multi-factor authentication, which was introduced earlier.
No matter how long and strong your password is, if it is leaked and falls into the hands of an attacker, there is a risk that unauthorized access to multiple services may be possible. Attackers use various methods to attempt unauthorized logins, such as purchasing a list of passwords on a dark web market or spying on the target PC from behind to steal passwords.
Under these circumstances, multi-factor authentication, which is an authentication method that does not use passwords, is attracting attention as a way to fundamentally solve fraudulent logins.
Microsoft Entra ID multi-factor authentication
・Microsoft Authenticator (fingerprint authentication, face authentication, PIN data)
・Authenticator Lite (in Outlook: one-time passcode for mobile devices)
・Windows Hello for Business (fingerprint authentication, face authentication, iris authentication, PIN data)
・FIDO2 security key (insert security key)
・SMS
・Voice call
Other forms of authentication can be used.
2. Conditional Access
When accessing cloud services, you can set access conditions for each user or group to prove that you are a secure user.
for example
– Require multi-factor authentication for users with administrator privileges
– Require multi-factor authentication for access from external networks
– Block access from specific locations
User access can be permitted or denied based on preset conditions, such as:
3. Single sign-on (SSO)
One of the major benefits of using Microsoft Entra ID is “single sign-on.”
By enabling the single sign-on function, you will be able to automatically access all linked services, whether cloud or on-premises, just by logging in once . Employees are expected to improve their work efficiency by eliminating the need to log in for each service.
Additionally, since there is no need to manage IDs and passwords for each service, the burden on IT administrators, such as resetting passwords when users forget their passwords, will be reduced.
Microsoft Entra ID’s single sign-on feature allows you to access cloud and SaaS applications that can be linked in addition to Microsoft applications (e.g. Salesforce, Adobe Creative Cloud, etc.) without the need for re-authentication.
Four. identity protection
Microsoft Entra ID’s “Identity Protection” is a feature that uses advanced machine learning to identify unusual user behavior and take actions such as blocking or restricting unauthorized access, requesting authentication information, etc.
Even in the unlikely event that password information is leaked, ID protection determines in real time whether the user has authorized or unauthorized access, making it possible to prevent the threat of cyber-attacks and unauthorized access.
Five. Privileged ID management
A privileged ID is an administrator ID with special privileges. Having a privileged ID allows you to perform operations that are not available with a regular user ID, such as managing databases and changing system settings.
By using the “Privileged ID Management” function, administrators can provide users with the authority (privileged ID) that they may need for their work for a certain period of time, according to the user’s request.
Rather than continually granting privileged IDs to users, the idea is that the administrator approves them as needed and grants privileges to users each time.
The reason behind privileged ID management is that if a privileged ID with the authority to change the system is misused, it will cause fatal damage to the company. Privileged ID management is an effective function not only against abuse by external attacks, but also as a countermeasure against internal fraud.
If you want to make the most of the security features of Microsoft Entra ID, please consult “Microsoft 365 / Microsoft Azure Security Diagnosis”
Microsoft Entra ID has various security features such as multi-factor authentication, conditional access, and single sign-on, and by using them effectively, you can operate your Microsoft 365 and Microsoft Azure safely and efficiently. is as mentioned above.
However, in reality, the security settings for Microsoft Entra ID have not been properly implemented, and there are many cases where Microsoft services are operated with weak security settings .
In fact, many cloud service information leaks are caused by incorrect settings such as access privileges and authentication methods.
・I want to know if there are any problems with the current settings of Microsoft 365 or Microsoft Azure
・I want to operate Microsoft services in a more secure state
・I don’t know the best solution for authentication and permission settings and want advice
For such customers, we recommend the “Microsoft 365 Security Diagnosis” and “Microsoft Azure Security Diagnosis” provided by LANSCOPE Professional Services .
Our experienced security engineers will diagnose the settings in your Microsoft service environment and identify deficiencies that could lead to security risks. We will take measures such as applying multi-factor authentication and reviewing access privileges and sharing settings to alleviate customer concerns.
We also offer the Microsoft 365 Security Health Checkup Package, which performs diagnostics at a lower cost and in a shorter period of time .
“LANSCOPE Security Auditor” prevents information leaks in Microsoft 365 with “log monitoring”
“LANSCOPE Security Auditor” allows you to “visualize” user operations on Microsoft 365 applications using the audit log function and immediately prevent employee actions that could lead to information leaks.
By integrating Security Auditor with your Microsoft 365,
・Unauthorized file sharing outside the company
・Taking out information
・Unauthorized access to OneDrive and Teams
User actions such as these can be viewed in a list from the management screen.
▼Analyze Microsoft 365 audit logs to understand who did what, when, and what
Microsoft 365 itself has the “audit log storage function”, but in addition to the fact that the management screen is a little hard to read, the logs are The disadvantage is that it can only be stored for 90 days.
However, with Security Auditor, you can specify the target users and target period, and save and export audit logs for up to the past 25 months in bulk.
By adding LANSCOPE Security Auditor to the secure operation of Microsoft Entra ID, we can expect to greatly reduce the risk of information leaks caused by Microsoft 365.
LANSCOPE Security Auditor can be used for up to 300 yen (excluding tax)/month per PC.
summary
In this article, we have explained the overview of “Microsoft Entra ID”.
▼Summary of this article
- Microsoft Entra ID is the former name “Microsoft Azure Active Directory”. From October 1, 2023, the name has changed without changing the content or functions.
- Authentication infrastructure for Microsoft 365 and Microsoft Azure (a mechanism for centrally managing ID and authentication information at the time of login)
- Microsoft’s cloud-based security product group “Microsoft Entra” has eight products in three categories, including Microsoft Entra ID.
- There are three plans: Microsoft Entra ID Free, Microsoft Entra ID Premium P1, and P2, and the latter has more features. Free is free for Microsoft 365 users
- Main features include “multi-factor authentication,” “privileged ID management,” “single sign-on,” “conditional access,” and “protected ID.”
The need for Microsoft Entra ID will continue to increase in the future due to the established variety of work styles and the future trend of migrating to Microsoft 365 and cloud services.
Why not take a moment to review the security settings and current status of the Microsoft services and cloud services you are currently using?
