What is Microsoft Entra (formerly Azure AD)?

Microsoft uses the term Entra to summarize all products that deal with Identity and access functions deal with. There will also be Azure Active Directory (ADD) integrated, now under the name Microsoft Access ID running.

(Last update: August 24.08.2023th, XNUMX)

Microsoft Entra: Security and Pentesting

It is obvious why this product family is interesting in terms of IT security and pentesting: Entra ID (formerly AAD) is widely used and therefore an ideal attack vector for hackers to gain unauthorized access to information and functions

That's why in this article we first fundamentally clarify the question "What is Microsoft Entra (formerly Azure)?" In further articles we will discuss potential attacks and protection options.

Click here to go directly to the other articles in our Entra series:

(Last update: August 24.01.2024th, XNUMX)

Table of Contents

What is Microsoft Entra (formerly Azure AD)?

In addition to Entra ID (formerly AAD), which is the best-known component, Microsoft Entra includes many other services for creating entire cloud-based infrastructures.

Does your company already use a Microsoft solution via O365/M365? Then you automatically have Microsoft Entra ID. Identity management for these solutions runs here. If you already use an Active Directory in your company, you can connect it to your identity management in Entra via Azure AD Connect. Through Azure AD Connect, your users' access data is automatically synchronized into the cloud.

What is Microsoft Entra? Admin Center
Microsoft Entra Admin Center
You want to see the consequences of a successful hacker attack
Spare your IT system?
Test your IT now with a professional penetration test!
For the penetration test

What is a Microsoft Entra ID (formerly AAD) tenant?

Tenant roughly translates to client and represents an identity in Entra ID and O365/M365. In the on-premise Active Directory it would be equivalent to the customer's domain, although Entra allows multiple linked domains. (It is possible to switch between domains and also adopt policies.)

Entra ID Tenants are dedicated, unique and separate instances within Entra ID. The tenant is created automatically as soon as you subscribe to one of the Microsoft cloud services, such as M365. An Entra ID Tenant reflects a single person or organization and can best be compared to the classic on-premise Active Directory.

How does O365/M365 relate to Microsoft Entra ID?

O365/M365 is a standalone product of Microsoft applications. The best-known applications are Outlook, Teams, Word and Excel. In addition, you get access to Entra ID (formerly Azure AD), which is the basic IAM platform that handles authentication, authentication and authorization and enables administrators to manage it.

Due to the user control offered here, a reference to Entra can easily be made. When the Entra ID is created, groups and users are automatically taken over from the M365 including license status and user information.

Information from Entra ID is also transferred to the O365/M365 so that the data in both areas is synchronous. In addition, this combination allows multi-factor authentication to be integrated very cleanly into a company.

What is Microsoft Entra ID (formerly AAD)?

Entra ID (formerly Azure AD or AAD) is the cloud-based identity and access management (IAM) service under Entra. This allows you to access the virtual machines provided in Azure, the Entra portal, its SaaS applications such as Microsoft 365 (aka O365), but also internal resources in the OnPrem environment. Microsoft itself describes Entra ID as an Identity as a Service solution (IDaaS) for applications and services in the cloud as well as for on-prem solutions.

What is Microsoft Entra? Overview
Microsoft Entra Admin Center – View Identity

How does Entra ID differ from a classic AD?

The classic Active Directory is local to your company and requires regular maintenance and updates.

With the Microsoft Cloud version, the update and upgrade options are much more deeply rooted, which means you can carry them out more quickly. On the other hand, recommendations for action are recommended via internal monitoring and other security services such as Intune.

But what differentiates the two solutions are the protocols. While Active Directory works a lot with LDAP, SMB and RPC, Entra ID relies on other protocols due to its web-based origins.

Active DirectoryEntra ID
LDAPREST API's
NTLM/KerberosOAuth/SAML/OpenID

The next big difference between the two solutions is the organization of objects. While with Active Directory you could arrange your objects in a structured manner in OU's (Organizational Units), the structure in Entra ID is very flat. Here authorizations are assigned via predefined roles. According to Microsoft Docs, there are 83 roles at the time of this post. Some research is required here so as not to “accidentally” assign a role that has too many permissions.

User list in the Entra Admin Center – by default, normal users can view the list of all users.
Microsoft Entra Admin Center – with default settings everyone can view all users.

We still see customers using Entra ID (Azure AD) environments that have Microsoft default settings that offer the potential for attacks. Many of our customers are not yet familiar with these setting options in Active Directory.

Fundamental things only change in Active Directory when a new domain function level is introduced and used via a new Windows version. Entra ID (Azure AD) is still very “new” in comparison and innovations can occur almost daily. This means that settings that you set yesterday may no longer exist or work differently the next day. In order to understand how the Entra ID construct works, some research is required in the Microsoft Docs, which in certain cases do not always reveal the whole truth.

Are the permissions distributed sensibly in your network?
Do the practical check with a realistic pen test!
Contact us now

What else is there besides Entra ID and M365/O365 SaaS?

You can do several things via Entra Subscriptions. From virtual machines, virtual networks to databases etc. everything is possible here.

It is possible for you to integrate the servers hosted in the cloud into the on-prem infrastructure so that it appears as if the server is in the same network as the other on-prem devices.

Conclusion

You can do several things via Entra Subscriptions. From virtual machines, virtual networks to databases etc. everything is possible here.

It is possible for you to integrate the servers hosted in the cloud into the on-prem infrastructure so that it appears as if the server is in the same network as the other on-prem devices.

Follow for more!
Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!
Newsletter Form

Become a Cyber ​​Security Insider

Get early access and exclusive content!


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!
OTHER CONTRIBUTIONS

Table of Contents

Do you have any questions or additions? bring it on!
Write a comment and we will reply as soon as possible!

Your email address will not be published. Required fields are marked with *.

PSN_KU_Cover
NewsLetter Form Pop Up New

Become a Cyber ​​Security Insider

Subscribe to our knowledge base and get:

Early access to new blog posts
Exclusive content
Regular updates on industry trends and best practices


By signing up, you agree to receive occasional marketing emails from us.
Please accept the cookies at the bottom of this page to be able to submit the form!