Microsoft Entra is a family of identity and network access products. It lets organizations implement aZero Trust security strategy and create atrust fabric that verifies identities, validates access conditions, checks permissions, encrypts connection channels, and monitors for compromise.

Microsoft Entra product family

The Microsoft Entra product family covers four maturity stages of secure end-to-end access for any trustworthy identity. These stages include establishing Zero Trust access controls, and securing access for employees, customers, partners, and any cloud environment.

Establish Zero Trust access controls

Microsoft Entra ID

Microsoft Entra ID is the foundational product of Microsoft Entra. It's a cloud-based identity and access management service that provides the essential identity, authentication, policy, and protection to secure users, devices, apps, and resources. Every new Microsoft Entra directory includes an initial domain name, likecontoso.onmicrosoft.com. You can also add your organization's domain names.

Microsoft 365, Azure, or Dynamics CRM Online subscribers already use Microsoft Entra ID as every Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically a Microsoft Entra tenant. You can immediately start managing access to your integrated cloud apps.

Microsoft Entra Domain Services

Microsoft Entra Domain Services provides managed domain services such as group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. It enables organizations to run legacy applications in the cloud that can't use modern authentication methods.

For example, organizations with services that need Kerberos authentication can create a managed domain where Microsoft deploys and maintains the core service components.

Secure access for employees

Microsoft Entra Private Access

Microsoft Entra Private Access secures access to all private apps and resources, including corporate networks and multicloud environments. It lets remote users connect to internal resources from any device and network without using a virtual private network (VPN).

For example, an employee can securely access a corporate network printer while working from home or even a cafe.

Microsoft Entra Internet Access

Microsoft Entra Internet Access secures access to all internet resources including software as a service (SaaS) apps, and Microsoft 365 apps and resources.

For example, organizations can enable web content filtering to regulate access to websites based on content categories and domain names.

Microsoft Entra ID Governance

Microsoft Entra ID Governance makes identity and permissions easier to manage by automating access requests, assignments, and reviews. It also helps protect critical assets through identity lifecycle management.

For example, administrators can automatically assign user accounts, groups, and licenses to new employees, and remove those assignments from employees that are no longer with the company.

Microsoft Entra ID Protection

Microsoft Entra ID Protection detects and reports identity-based risks. It enables administrators to investigate and automatically remediate risks using tools likerisk-based Conditional Access policies.

For example, organizations can create risk-based Conditional Access policies that require multifactor authentication when the sign-in risk level is reported as medium or high.

Microsoft Entra Verified ID

In addition to identities that are used for authentication, there are decentralized identities (DIDs) used for information verification.

Microsoft Entra Verified ID is a credential verification service based on openDID standards. It enables organizations to issue a verifiable credential (digital signature proving the validity of information) to a user who stores the credential on their personal device. After receiving the verifiable credential, the user can present it to a company or organization to verify something about their identity.

For example, a recent college graduate can ask the university to issue a digital copy of their diploma to their DID. They can then choose to present the diploma to a potential employer who can independently verify the issuer of the diploma, the time of issuance, and its status.

Secure access for customers and partners

Microsoft Entra External ID

Microsoft Entra External ID enables external identities to safely access business resources and consumer apps. It offers secure methods for collaborating with business partners and guests on internal apps and resources, as well as managing customer identity and access management (CIAM) for your consumer-facing applications.

For example, organizations can set up self-service registration for customers to sign-in to a web application using methods such as one-time passcodes, or social accounts from Google or Facebook.

Secure access in any cloud

Microsoft Entra Workload ID

In addition to human and device identities, workload identities such as applications, services, and containers require authentication and authorization policies.

Microsoft Entra Workload ID is the identity and access management solution for workload identities. It enables organizations to secure access to resources using adaptive policies and custom security attributes for apps.

For example, GitHub Actions need a workload identity to access Azure subscriptions to automate, customize, and execute software development workflows.

Getting ready for Microsoft Entra

Before organizations deploy Microsoft Entra, they should configure their infrastructure and processes according to security best practices and standards. The following articles provide architectural, deployment, and operational guidance to integrate Microsoft Entra successfully.

• Architecture
• Deployment plans
• Operations reference
• Operations guide
• Recommended security configurations

Licensing Microsoft Entra features

The features of Microsoft Entra are licensed in multiple ways. These licenses include Microsoft Entra ID Free, Microsoft Entra ID P1, Microsoft Entra ID P2, Microsoft Entra Suite, Microsoft Entra External ID, Microsoft Entra Workload ID, Microsoft Entra ID Governance, and other standalone products. Microsoft Entra is also part of licenses likeMicrosoft 365 andEnterprise Mobility + Security. For more information about licensing and available options, see the articleMicrosoft Entra licensing or theMicrosoft Entra pricing page.

Working with Microsoft Entra

After organizations deploy Microsoft Entra, administrators can use theMicrosoft Entra admin center andMicrosoft Graph API to manage the identity and network access resources, and developers can use theMicrosoft identity platform to build identity and access applications.

Microsoft Entra admin center

TheMicrosoft Entra admin center is a web-based portal for administrators to configure and manage Microsoft Entra products using a single user interface.

To learn more, seeOverview of Microsoft Entra admin center.

Microsoft Graph API

In addition to the Microsoft Entra admin center, theMicrosoft Graph API can be used to automate administrative tasks, including license deployments, and user lifecycle management.

To learn more, seeManage Microsoft Entra using Microsoft Graph.

Microsoft identity platform

TheMicrosoft identity platform enables developers to build authentication experiences for web, desktop, and mobile applications using open-source libraries and standard-compliant authentication services.

To start developing, seeGetting started.

Related content

• Sign up for afree 30-day Microsoft Entra ID P1 or P2 trial.
• Learn the differences between Active Directory and Microsoft Entra ID.
• Learn how to get started withMicrosoft Entra ID for developers.
• Find definitions to related termsMicrosoft identity platform glossary