Microsoft Entra ID: Features and Licensing Explained

Microsoft Entra ID is Microsoft’s cloud-based identity and access management (IAM) service, evolving from traditional Active Directory Domain Services for the modern cloud and hybrid world. It provides Identity as a Service (IDaaS) for managing access to applications across cloud and on-premises environments.

Key Entra ID Features

• Application Management: Manage cloud/on-prem apps via Application Proxy, Single Sign-On (SSO), My Apps portal, SaaS app integration.
• Authentication: Features include Self-Service Password Reset (SSPR), Multi-Factor Authentication (MFA), custom banned password lists, smart lockout.
• Microsoft Entra ID for Developers: Build apps using Microsoft identities, acquire tokens for Microsoft Graph and other APIs.
• Business-to-Business (B2B): Manage guest user access and external collaboration securely.
• Business-to-Customer (B2C): Allow customer sign-in using social, enterprise, or local accounts with SSO.
• Conditional Access: Implement granular access policies based on user, location, device, application, and risk.
• Device Management: Manage how cloud or on-premises devices access corporate data (integration with Intune).
• Domain Services: (Microsoft Entra Domain Services - separate but related) Join Azure VMs to a managed domain without traditional domain controllers.
• Enterprise Users: Manage licenses, app access, delegation via groups and administrator roles.
• Hybrid Identity: Connect on-premises AD DS with Entra ID using Microsoft Entra Connect or Cloud Sync for unified identity.
• Microsoft Entra ID Protection: Detect identity risks, configure risk-based policies (requires P2).
• Managed Identities for Azure Resources: Provide Azure services with an identity to authenticate to other services (like Key Vault) without embedded credentials.
• Privileged Identity Management (PIM): Manage, control, monitor, and provide just-in-time access for privileged roles (requires P2).
• Monitoring and Health: Gain insights into security events and usage patterns.
• Workload Identities: Provide identities for applications, services, or scripts to authenticate securely.

Entra ID Licenses

Entra ID offers different tiers, providing access to various features:

• Microsoft Entra ID Free: Included with Microsoft Online business services (Azure, Microsoft 365). Provides basic user/group management, directory sync, basic reports, SSPR (cloud users only), SSO for many apps.
• Microsoft Entra ID P1: Includes Free features plus:
  • Hybrid user access (on-prem/cloud resources).
  • Advanced group management (dynamic groups, self-service group management).
  • Cloud write-back capabilities (e.g., SSPR for on-prem users).
  • Conditional Access (basic policies).
  • Available standalone or included in Microsoft 365 Business Premium, E3.
• Microsoft Entra ID P2: Includes Free and P1 features plus:
  • Microsoft Entra ID Protection: Risk-based Conditional Access, vulnerability detection.
  • Privileged Identity Management (PIM): Just-in-time privileged access, monitoring.
  • Available standalone or included in Microsoft 365 E5.

Additional Related Products (Separate Licensing)

• Microsoft Entra Internet Access: Secure Web Gateway (SWG) functionality.
• Microsoft Entra Private Access: Zero Trust Network Access (ZTNA) for private apps.
• Microsoft Entra ID Governance: Advanced identity lifecycle management, access reviews, entitlement management.