Search
  • Jonathan Works

Microsoft Entra: A Comprehensive Review and Getting Started Guide


Microsoft Entra

If you’re interested in tech, ID management, and blockchain, you might have heard of Decentralized Identification or did. But, you also might not have cared and want to read about how Microsoft fits into this discussion. So, I am here to tell you that Microsoft has a new identity platform, and it is pretty cool.

This blog will go over what Microsoft Entra is, the basics of Decentralized Identifiers (DIDs), and how DIDs will be used in the Microsoft Entra Platform. Digital identities are a new way to manage who has access to what. These decentralized IDs give us control over our digital lives and help us avoid getting locked out of essential accounts—like your email or bank account—if you lose your password. In short, digital IDs provide a new type of security for your personal information, which is especially useful if you’re worried about hackers stealing it or using it without your permission.


Microsoft Entra is Microsoft’s new effort to bring decentralized identity and access management services to the web

Microsoft Entra is Microsoft’s new effort to bring decentralized identity and access management services to the web. If you’re not aware, decentralized identity is the idea that instead of having a single source of truth for your identity, it should be distributed across multiple providers. So if one service goes down or starts abusing your data, you can simply switch over to another provider (which is exactly what happened with Facebook when they were caught selling user data)

The main difference between this system and traditional centralized systems is that instead of storing your sensitive information in a central database on their servers, it’s stored on an immutable blockchain. This means that nobody has control over who accesses what information or can edit any part of it without proper authorization by the owner first - making this an ideal solution for individuals looking for more privacy online than what current social media sites offer them today!


The goal of Entra is to put users in control of their own identities by giving them a way to manage their digital and real-world identities, via self-owned identifiers, for any app or service.

The goal of Entra is to put users in control of their own identities by giving them a way to manage their digital and real-world identities, via self-owned identifiers, for any app or service.

The value proposition is that Entra provides a decentralized identity solution through which users can manage their identity independently from any other party (such as Facebook or Google) while still being able to check out items on Amazon or use Apple Pay if they choose so (and it also includes some other cool stuff like decentralized authentication).


In addition, Entra offers businesses advanced analytics capabilities for analyzing user data across multiple apps/services without compromising user privacy because all user data stays within their own devices rather than being stored by third parties such as Google or Facebook (which means it’s safer).


Microsoft Entra aims to verify all types of identities and secure, manage, and govern their access to any resource

Microsoft Entra’s purpose is to verify all types of identities and secure, manage and govern their access to any resource. In addition, it provides a way for users to control their own identities. And it will be open and lightweight enough to support the many different use cases in the world today.

The bottom line is that Microsoft Entra is an important step forward for identity management - which impacts all areas of society from banking and healthcare to education and legal services - because it shifts control over identity away from centralized authorities who can be vulnerable to hacking attacks or government interference.

The implications are enormous: if you think about what this means regarding personal data privacy rights, you can see how quickly this technology could change everything around us!


The Microsoft Entra family comprises multiple products that further build identity as a trust fabric.

Microsoft Entra is the umbrella family for Microsoft’s decentralized identity and access management services. The family of products includes Microsoft Azure Active Directory (Azure AD), Microsoft Entra Permissions Management, and Microsoft Entra Verified ID.

Entra adds two new solutions that integrate into the existing foundations of Azure AD:

  • Microsoft Entra Permissions Management (EPM) – A CIEM service that manages access to any on-premises or cloud-based resource. It provides visibility on what identities are accessing across the platform; allows automation of least privilege; and implements security policies across your cloud.

  • Microsoft Entra Verified ID (Verified ID) – A decentralized identity platform that provides credentials and verifiable claims for users, devices, and apps. Verified ID uses blockchain technology to create a decentralized ledger that stores all your digital and physical world credentials.


Microsoft Entra family of products


Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) product.

Cloud Infrastructure Entitlement Management (CIEM) is a cloud infrastructure entitlement management (CIEM) product. CIEM enables you to quickly and easily discover, monitor, and control the users, groups, and service accounts that have access to your cloud resources throughout their lifecycle. The new Microsoft Entra Permissions (EPM) product is the subsequent development of Microsoft’s 2021 acquisition of CloudKnox Security, which has been integrated into Azure.


EPM aims to provide visibility and control over permissions for any identity in any environment in the cloud. This covers workload and user identities, actions, and resources across multi-cloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). EPM covers three key use cases:

  • Discovery (Assess and Evaluate): Permissions can be discovered across key cloud platforms: AWS, Azure, and GCP. With a Permission Creep Index, the evaluation of unused or excessive permissions is measured. Multi-dimensional permissions risk analytics cover identities, actions, and resources.

  • Remediation (Grant and Revoke right-sizing): Ensure permissions are revoked or granted based on usage. Automated deletion of unused permissions. Grant on-demand permissions JIT or on a time-limited basis.

  • Monitoring (Alert and Report): Detect anomalous activities with ML-powered alerts and generate context-rich forensic reports for rapid investigation and remediation.



Microsoft Entra Verified ID (VID) is the Decentralized Identity platform.

Decentralized Identity is a critical component of Microsoft Entra. It is a new type of identity that gives users control over their digital identity and provides them with privacy and security. Decentralized Identity (DID) is an open, permissionless network where users can register, manage, and use DIDs to sign-in to apps and services. It’s an open and permissionless network built on blockchain technology to provide trustworthiness and security in online interactions.

Decentralized Identities are digital representations of people that are owned and controlled by the user, not some centralized organization or government entity like Meta, Amazon, or Google. This means you can use your Verifiable Credential with any app on the web without asking for permission or getting approval from anyone else first. Unlike traditional identifiers like usernames or email addresses, which are tied down to specific services like Facebook, Twitter, or TikTokA trust fabric made up by DI allows users’ assets—like money and health records—to be safely accessed across multiple applications while maintaining privacy and security standards so they can only be accessed with consent from both parties involved in transactions involving these assets or sensitive information.

These verifiable credentials live on decentralized networks where all participants have equal rights over who can access them (or not). Furthermore, because VCs are decentralized, nobody owns this new form of identity—there’s no central hub where all data is stored; instead, it lives across multiple locations scattered around the world in different countries (like Switzerland).



Verifiable credentials enable you to own and prove who you are in the digital world. See how to enable decentralized identity through seamless user and developer experiences.

Verifiable credentials (VCs) are the building blocks of decentralized identity. They enable you to own and prove who you are in the digital world. Verifiable credentials are self-sovereign, portable, and independently verifiable. A decentralized entity is a powerful tool that can help with everything from securing your data to ensuring only valid transactions on your behalf, but it requires an easy way for users to create their own verified identities.

VCs work by allowing users to prove their identity through multiple methods (e.g., biometrics or device verification) while also providing them with a piece of information that can be used by others as evidence of their identity. The combination of these two factors makes it possible for any interested party to validate someone’s name and basic information without relying on any centralized authority like Facebook or Google for verification purposes - which means no one company has access or control over this information either!


Decentralized identifiers (DIDs) are the keys to self-sovereign identity: an identifier that a user controls independently from any organization or authority. It brings trust, privacy, and choice while enabling interoperability across systems worldwide.

Decentralized identifiers (DIDs) are the keys to self-sovereign identity: an identifier that a user controls independently from any organization or authority. It brings trust, privacy, and choice while enabling interoperability across systems worldwide.

Decentralized IDs are safer and more secure than centralized IDs because they cannot be revoked by a central authority like Facebook or Google, which has been known to do so in the past. If you lose access to your data (by deleting your Facebook account), you also lose access to all of your friends’ data too! With decentralized IDs, this problem is solved because you alone control and manage your own personal information so no one can take it away from you without your permission.


DIDs are used to anchor verifiable credentials (VCs). VCs facilitate the creation of new business processes, such as Zero Trust authorization models based on verified attributes instead of passwords.

VCs use DIDs as a universal identifier to anchor verifiable credentials. These VCs can be used across various applications and services, enabling a Zero Trust authorization model based on verified attributes instead of passwords. In this model, the user is always in control of their data and credentials (e.g., credit score, employment history), while organizations benefit from greater trust in accessing users’ information without having access to their PII (personally identifiable information).


How can you start with Microsoft Entra Permissions Management?

The first step to start using Microsoft Entra Permissions Management is registering your organization. This is a quick task from the Azure Portal, from the Azure AD services blade.

  1. In the Azure AD portal, select Features highlights, and then select Permissions Management. The Welcome to Permissions Management screen appears, displaying information on how to enable Permissions Management on your tenant.

  2. Create a service principal that points to the Permissions Management application via Cloud Shell. You copy the script provided on the Welcome screen and run it in a Cloud Shell session.

  3. After your service principal is created The Cloud Infrastructure Entitlement Management application displays in the Azure AD portal under Enterprise applications.

  4. Return to the Welcome to Permissions Management screen and select Enable Permissions Management.

Microsoft Entra Welcome to Permissions Management screen

The next step after the registration is to onboard an AWS account, Azure Subscription, or GCP project:

Your next step after onboarding your authorization systems is to configure data collection. You use the Data Collectors dashboard in EPM to view and configure settings for collecting data and the status of the data collection:

Now that you're collecting data into EPM you can begin:

As you go through setting up your EPM environment and run into questions, Microsoft Docs has a decent FAQs reference available for you.



Microsoft Entra video demonstrations and usage

Microsoft is still going through rebranding some of the CloudKnox material under Microsoft Entra. They do have a few video demonstrations below on YT that are useful. The first video covers registering Microsoft Entra Permissions Management on your Azure tenant as I walked you through above step-by-step. The second video walks through an example of onboarding an AWS account.



Wrap up

The importance of giving users control over their digital identity is even more critical in this global pandemic, as we continue to learn about the new ways people are using their digital identities and the critical services our modern society now relies on. Decentralized identities provide a solution to these issues because they provide an independent, open-source framework for self-sovereign digital identity.


I’m excited to see what will happen next with Microsoft Entra and DIDs. I hope this article has given you a better understanding of the technology and what it could mean for your organization. I’m sure we’ll have many more questions as time goes on, but hopefully, now you know where to find answers here with me on CloudBorn.


64 views0 comments