Microsoft Entra as a Complete IAM Platformnce Architecture

Microsoft has been a dominant force in enterprise Identity and Access Management (IAM) since the introduction of Active Directory (AD) in 1994. While Active Directory is a primary enterprise directory in over 90% of large organizations, the limited traditional breadth of AD capabilities has opened the door for complimentary (or competing) IAM-related cyber security capabilities such as Single Sign On (SSO), Multi-Factor Authentication (MFA), Identity Governance and Administration (IGA), IAM Lifecycle Management, and Privileged Access Management (PAM).  These key capabilities have been delivered by vendors such as Okta, SailPoint, Saviynt, CyberArk, BeyondTrust, Thycotic/Delinea, Ping Identity, Radiant Logic, and others.  

Microsoft Entra represents a significant upgrade to Microsoft’s traditional IAM program as they plan to offer capabilities that address many of the IAM security gaps within Microsoft’s portfolio and to provide a more comprehensive enterprise Identity, Security, and Governance ecosystem. There are five main products supporting the initial Microsoft Entra program: Microsoft Azure Active Directory, Microsoft Entra Permissions Management, Microsoft Entra Workload Identities, Microsoft Entra Identity Governance, and Microsoft Entra Verified ID, and each element will be explained and assessed in detail. We’ll do this by referencing a set of typical enterprise requirements as well as assessing how Microsoft’s current and expected future Entra offerings fits within our Reference Architecture for IAM.