Microsoft Entra ID used to be called Azure AD until 2023!
Same with Microsoft Entra Domain Services - it used to be called Azure AD Domain Services.
So if you ever come across older Azure resources, they might say "Azure AD"/"Azure AD Domain Services" instead of their new names.
Imagine being able to use the same account to access all of the apps and tools you use at work - not just the ones hosted by Microsoft, like Azure and Microsoft 365, but even other cloud apps and service providers (think Google, Salesforce and AWS and more).
Microsoft Entra ID is an identity and access management solution that consolidates all identity services (i.e. every app that makes you create an account) into a single place. It's also called a directory service, meaning it stores information about all the users, devices and resources in a company network.
This makes Microsoft Entra ID crucial for tasks like authentication (users proving who they say they are) and authorisation (IT administrators deciding what users are allowed access with their company account).
1. It's a challenge to remember different logins for different apps and services. With Microsoft Entra ID, you only need one account to access all your work-related tools. Entra ID also collates all of those services into a central dashboard, so you can see all of your business apps in one place instead of having to manage bookmarks and favourites in your browser.
2. Access management: Microsoft Entra ID is a one-stop-shop for companies to handle account creation, permission settings, identity changes, password resets, and more. As employees change jobs or leave a company, it's a relief if their access is tied to just one single identity. This takes away the effort of changing or disabling different accounts.
3. Better security: It's so common for people to use the same password across all their accounts (no judgement, we all do it). But here's the truth: it's not the safest move. If any one of your account credentials get compromised, attackers can use them to access other services. This is a big headache for companies too, because all of their employees' accounts are potential entry points for attackers to access internal data. Microsoft Entra ID gives you additional layers of security like two-factor authentication to make it much harder for attackers to access your account. It can also assess risk in real time, blocking anyone it thinks is trying to sign in with stolen credentials.
Microsoft Entra ID lets access administrators (i.e. the people responsible for everyone's access to company resources) set up:
In a traditional on-premises environment, companies use an older system called Active Directory to manage their employees' accounts and access to services running on their physical servers.
So if a company has both an on-premises environment and a cloud environment, their users are going to have two sets of logins - one for Active Directory, and the other for Entra ID.
But, you can connect the two by using Microsoft Entra Connect! Entra Connect synchronises user identities, so users that have an Active Directory account can just use that set of credentials to access Entra ID. The synchronisation doesn't go the other way, meaning users with an Entra ID account don't automatically get access to Active Directory.
There's also an extension of Microsoft Entra ID that we're going to learn about... introducing Microsoft Entra Domain Services (what a mouthful)!
Applications living in an on-premises environment often rely on legacy (i.e. outdated) authentication methods. This means that when companies decide to lift and shift their applications onto the cloud, these applications need to be compatible with Entra ID's modern authentication methods like SSO and multifactor authentication. Updating old application code to work with modern technology can be really challenging and costly - and this is where Microsoft Entra Domain Services comes in.
Microsoft Entra Domain Services is an extension of Entra ID, designed to bring legacy authentication methods into the cloud.
It does this by creating a managed domain in the cloud.
So when Entra Domain Services creates a Windows domain to the cloud, it's bringing in a traditional domain controller and its legacy authentication methods too. Now, you have a cloud domain controller to authenticate and authorise users wanting to access the apps that you've just migrated onto the cloud.
These virtual domains are entirely hosted and managed in Azure, so you won't need to manage, configure or update the domain controllers yourself. Easy peasy!