Microsoft Entra; An Enterprise IAM Inflection Point

Microsoft has been a dominant force in the enterprise Identity and Access Management (IAM) market since the introduction of Active Directory (AD) in 1994. While Active Directory has a massive enterprise footprint providing directory services in over 90% of large organizations, the limited traditional breadth of AD capabilities has?opened the door for complementary (or competing) IAM related cyber security capabilities provided by hundreds of vendors. These capabilities include Single Sign On (SSO), Multi-Factor Authentication (MFA), Identity Governance and Administration (IGA), IAM Lifecycle Management, Privileged Access Management (PAM), Decentralized Identity/Verifiable Credentials and many other supporting services. The bottom line is that the historic Microsoft suite of IAM offerings were often not sufficient to fully support the complex requirements of large organizations, but Microsoft Entra is closing many of these gaps.

The TechVision Research team has had the opportunity to assess Microsoft Entra based on 4 interviews/briefings with Microsoft's product leadership teams, detailed technical analysis as well as our on-going working with several large organizations to support their next generation IAM reference architecture and service portfolio. To net out our findings we believe Microsoft Entra has the potential of changing the enterprise IAM landscape and should be factored into next generation IAM plans for most large organizations. This is, of course, primarily focused on large enterprises with a substantial Microsoft base, but this does apply to most large organizations.

So what is Microsoft Entra? Entra is the product family name for Microsoft’s identity and access products. It is not just a renaming/rebranding of Azure AD, which remains a significant centerpiece of the Entra strategy, but adds several key Identity and Security elements to the mix.?There are five main products supporting the initial Microsoft Entra program: Microsoft Azure Active Directory, Microsoft Entra Permissions Management, Microsoft Entra Workload Identities, Microsoft Entra Identity Governance, and Microsoft Entra Verified ID.?Each product area is covered in detail in our recently released research report on Microsoft Entra, but suffice to say each area is a significant upgrade and represents a modernization of the legacy IAM foundation. Those wanting to dive deeper can access a complimentary 15 page excerpt from our 40 page research report here: https://techvisionresearch.com/project/microsoft-entra-complete-iam-platform/.

So what does Entra mean for a large enterprise? We'll start with the business side; the cost effectiveness of leveraging an existing enterprise-wide licensing agreement for Microsoft Azure that includes Microsoft 365 and Azure AD may create economic incentives. There may likely be other IAM solutions in place across a large organization that may no longer be necessary as Microsoft introduces new Entra capabilities. This may bring very significant cost saving to the organization in terms of end user licensing but also in terms of integration costs and user experience costs.?

The bottom line is that Microsoft Entra has significantly elevated and modernized the Microsoft IAM portfolio and those organizations that are currently using some combination of Microsoft and 3rd?party IAM solutions may want to take a fresh look at their architecture, service capabilities and patterns. The TechVision Research analyst/consulting team provides independent strategy, architecture, vendor assessments and education for large organizations.