Managing Identities in Entra ID

Key Terms

ENTRA ID - Licenses and Features

Licenses

FREE

Provides user and group management, on prem directory synchronization and cloud resources, basic reports, self-service password change for cloud users, and SSO across Azure, MS 365, and other SaaS applications.

P1 - Everything in Free plus:

Hybrid user access both on-prem and cloud resources, advanced administration such as dynamic groups, self-service group management, MS Identity Manager, and Cloud-write back capabilities.

P2 - Everything in P1 plus:

ENTRA ID Protection for risk-based conditional access to apps, company data, and Privileged Identity Management. PIM allows for discovering, restricting, and monitoring administrators and their access to resources - "just in time" access when needed.

Pay as You Go 

Self-Explanatory. Pay for features and services with various factors being used to determine cost.

 

 

 

 

 

 

User Types & Creation

Always try and enforce the concept of least privilege: Users should only have the level of access required for them to perform their work tasks. Nothing more.

User Types

Internal Member

Internal Guest

External Members

External Guest

User Creation

  1. Navigate to Entra ID ---> Users ---> All Users
  2. Select the +New User icon and select Create New User
    1. image.png

 

 

Groups, Memberships, Access Management

Group Types

Security Groups

Microsoft 365 Group

Membership Types

Assigned

Dynamic User

Dynamic Device

Ways to Assign Access Rights

Direct Assignment

Group Assignment

Rule-Based Assignment

External Authority Assignment

image.png

When to use External Identities

B2B collaboration is the most common use of this method. It allows you to securely share company applications and services with external users, while maintaining control over your own corporate data. 

image.png

MS Entra B2B

Entra B2B allows fore partners to use their own identity management solution