Basics of Microsoft Entra ID

 

Microsoft Entra ID

Microsoft Entra ID is Microsoft's cloud-based Identity and Access Management (IAM)

platform that provides authentication, authorization, access control, and security for

Microsoft 365, Azure, and thousands of third-party applications.

Think of Entra ID as the security gatekeeper of Microsoft 365.

 

What is Identity and Access Management (IAM)?

IAM answers two questions:

1. Who are you?

(Authentication)

Example:

Username: ramesh@company.com
Password: ********

Entra ID verifies the identity.

 

2. What can you access?

(Authorization)

Example:

Ramesh
├── SharePoint Access
├── Teams Access
├── Outlook Access
└── HR Portal Access

Entra ID determines permissions.

 

Why Microsoft Entra ID is Important

Without Entra ID:

SharePoint → Separate Login
Teams → Separate Login
Exchange → Separate Login
Power BI → Separate Login

With Entra ID:

Single Sign-On (SSO)

One Login
    ↓
SharePoint
Teams
Exchange
OneDrive
Power BI

 

Core Components of Entra ID

1. Users

Represents employees, contractors, vendors, and service accounts.

Example

ramesh@company.com
john@company.com
vendor@partner.com

PowerShell

Get-MgUser

 

2. Groups

Used to manage permissions efficiently.

Example

HR Team
Finance Team
SharePoint Admins
Project Team

Instead of assigning permissions to 100 users, assign one group.

PowerShell

Get-MgGroup

 

3. Applications

Applications registered in Entra ID.

Examples

• Microsoft Teams
• SharePoint Online
• Salesforce
• ServiceNow

 

4. Devices

Managed corporate devices.

Examples

Windows Laptop
Android Phone
iPhone
MacBook

Benefits

• Device Compliance
• Conditional Access
• Security Enforcement

 

Authentication Methods

 

Password Authentication

Traditional login.

Username + Password

Challenge

Weak passwords.

 

Multi-Factor Authentication (MFA)

Requires additional verification.

Example

Password
    +
Mobile Approval

Benefits

Even if password is stolen, access is blocked.

 

Passwordless Authentication

Methods:

• Microsoft Authenticator
• FIDO2 Security Keys
• Windows Hello

Example

Fingerprint
Face Recognition
PIN

 

Single Sign-On (SSO)

What is SSO?

One login provides access to multiple applications.

Example

Login Once
      ↓
SharePoint
Teams
Exchange
OneDrive
Power BI

Benefits

✅ Better User Experience

✅ Fewer Password Resets

✅ Improved Productivity

 

Conditional Access

One of the most important Entra ID security features.

Purpose

Control access based on conditions.

Example Policy

If User Outside India
          ↓
Require MFA

Example Policy

If Device Non-Compliant
          ↓
Block Access

Example Policy

If High Risk Login
          ↓
Block Login

 

Real-Time Conditional Access Scenarios

Scenario 1

Employee login from office.

Location: Hyderabad
Device: Managed Laptop

Result:
Allow Access

 

Scenario 2

Employee login from unknown country.

Location: Russia

Result:
Require MFA

 

Scenario 3

Unknown device login.

Personal Device

Result:
Limited Access

 

Role-Based Access Control (RBAC)

Assign permissions based on roles.

 

Common Roles

Global Administrator

Highest privilege.

Can manage:

• Users
• Groups
• Licenses
• Security

 

SharePoint Administrator

Manages:

• Sites
• Storage
• Sharing

 

Exchange Administrator

Manages:

• Mailboxes
• Mail Flow
• Email Security

 

Teams Administrator

Manages:

• Teams
• Channels
• Policies

 

User Administrator

Manages:

• User Accounts
• Password Resets

 

Identity Protection

Protects against compromised identities.

 

Risk Detection

Detects:

Impossible Travel
Anonymous IP
Malicious IP
Leaked Credentials

Example

10:00 AM India Login
10:15 AM USA Login

Impossible travel detected.

 

Self-Service Password Reset (SSPR)

Users reset passwords without IT support.

Process

Forgot Password
      ↓
Verify Mobile
      ↓
Reset Password

Benefits

Reduced helpdesk tickets.

 

External Users (B2B Collaboration)

Invite external users.

Example

vendor@gmail.com
consultant@partner.com

Usage

• SharePoint Collaboration
• Teams Collaboration

 

B2C (Customer Identity)

Customer-facing applications.

Example

E-commerce website login.

Google Login
Facebook Login
Microsoft Login

 

Dynamic Groups

Automatic group membership.

Example Rule

Department = HR

All HR users automatically join HR group.

 

Privileged Identity Management (PIM)

Provides Just-In-Time (JIT) administrative access.

Traditional

Global Admin = Permanent

PIM

User Requests Access
        ↓
Approval
        ↓
Temporary Access

Benefits

Reduces security risk.

 

Microsoft 365 Integration

Entra ID is the backbone of:

• SharePoint Online
• Exchange Online
• Microsoft Teams
• OneDrive for Business
• Microsoft Intune
• Power BI

 

Real-Time SharePoint Online Scenario

Requirement

Only QA team should access GxP documents.

Solution

Create Group:

QA_GxP_Users

Assign group permission:

QA_GxP_Users
       ↓
SharePoint Library

When employee joins QA:

Add User to Group

Access granted automatically.

 

Daily Administrative Tasks

User Management

Get-MgUser
New-MgUser
Update-MgUser
Remove-MgUser

 

Group Management

Get-MgGroup
New-MgGroup
Remove-MgGroup

 

License Management

Get-MgSubscribedSku
Set-MgUserLicense

 

Security Monitoring

Get-MgAuditLogSignIn

 

Conditional Access

Get-MgIdentityConditionalAccessPolicy

 

Advantages of Entra ID

Security

✅ MFA

✅ Conditional Access

✅ Identity Protection

 

Productivity

✅ Single Sign-On

✅ Self-Service Password Reset

 

Governance

✅ RBAC

✅ PIM

✅ Audit Logs

 

Integration

✅ Microsoft 365

✅ Azure

✅ Salesforce

✅ ServiceNow

Thousands of SaaS applications.

 

Limitations and Challenges

Licensing Complexity

Advanced features require:

• Entra ID P1
• Entra ID P2

 

Conditional Access Complexity

Poorly designed policies can lock out users.

 

Guest User Governance

External users require regular review.

 

Large Enterprise Challenges

Managing:

100,000+
Users
Thousands of Groups
Thousands of Applications

requires strong governance.