Microsoft Entra ID - The definitive Guide - Introduction
Whether you're starting out, planning to sit for the SC-300 Certification Exam, or just trying to understand Entra ID
The Problem it solves
Historically, IT usage was confined into the on-premises environments where enterprises had their own servers, hosting instances of their applications, which users needed to access for work.
While the actual implementations of this model evolved over time, at some point it reached a conventional model that could be summarized into this architecture :
The democratization of internet in the mid-2000s made it so that users (and enterprises) were more prone to use cloud applications, although at the time those were simply called internet web sites/applications.
At the same time, Microsoft was gradually releasing online offers for their traditional on-premises services such as Exchange Server & Sharepoint Server, services that were later grouped under Microsoft 365 :
These use-cases created the need for a mechanism analog to Active Directory, which would provide authentication and authorization for online services. So why not just integrate with the already existing Active Directory infrastructure ?
Although there is no single correct answer to this question, in my opinion it could be answered by this couple of points:
- Reduce / Remove dependencies on on-premises infrastructures, especially for Cloud-Only Organizations
- Every authentication request would need to proxy to on-premises DCs
- If the DCs are unreachable, if latency is high, or if replication is delayed,
nobody logs in to any cloud app
- LDAP, Kerkebros, & NTLM were never designed for exposure to untrusted / public networks
- RPC and other network ports (135, 389, 445, 636, 88, etc.) communication between clients and domain controllers
- Passwords, tickets, and NTLM handshakes would cross a translation boundary
This is where Entra ID comes in :
Where to start:
Until relatively recently, you could create a free Entra ID tenant for free at any time. However Microsoft decided to put some guardrails to the process; probably to combat spam & abuse.
Nowadays, if you don't already have an account that already has/had an Azure Subscription or a Microsoft 365 Subscription or any other Microsoft Cloud Service Subscription (i.e. a Work or School account), you basically have 2 options:
- Start a M365 or Azure Free Trial (Requires Credit Card information, don't forget to stop billing before the renewal deadline)
- Sign-up for a free Microsoft Service such as PowerBI Free using a functional email under a custom domain (i.e. no outlook/gmail/etc.)
From a Licensing perspective:
Since Entra ID is intertwined with so many apps and services, it is essentially a freemium product with 3 licensing offers that cover a large panel of use-cases :
| Core Functionality | |
|---|---|
|
|
|
|
|
Entra ID Premium tiers can be purchased individually on a per-user basis, but they are generally included in bundles such as M365 Business or Enterprise.
What's Next ?
- Authenticating Hybrid Identities
- Installing and Configuring Entra ID Connect
- Implementing Entra ID Cloud Sync
- Securing Identities with Entra ID
- Entra ID Applications
- More on the way...