With the announcement of the Microsoft Entra product family, Microsoft has made three important statements.
1. Entra is the ‘coming of age’ of Microsoft Azure
We are witnessing the coming of age of the various components of Microsoft Azure cloud offering which contribute to the management and use of secure identities for appropriate access.
We at Oxford Computer Group have, of course, been involved with components such as Azure Active Directory (AAD)(now Microsoft Entra ID), self-sovereign identities (the “Verified Identity” in Entra), and Microsoft CloudKnox (which became “Permissions Management” in Entra) since they emerged – and have built useful solutions for many customers with them.
The feeling of a “work in progress” will not (and should not) completely go away. There are always new developments to be made and emerging threats to counter. But with Entra, the sense is that a milestone has been reached and that this platform is solid.
2. Entra is an enterprise-ready identity solution
Entra is a statement of intent – Microsoft is committed to identity and access governance solutions that are enterprise-ready. With more and more activity taking place completely outside the private corporate network (think of external staff or students accessing Teams, or suppliers updating a parts catalogue in a cloud system), it is increasingly important for enterprises to avoid the need to bring everything on-premises, only to push it to the cloud again. In other words, the days of “everyone gets an Active Directory account” are over.
3. Entra enables custom solutions
Entra is highly extensible, and therefore suitable as a foundation for custom solutions. Examples of this extensibility with specific reference to identity and access are (and this is not an exhaustive list):
- Custom portal solutions using the Graph API to access Microsoft Entra ID (Azure AD) information
- Custom user experiences for self-service based on Microsoft Entra ID (Azure AD) B2C Custom Flows
- Identity lifecycle workflows that are extensible using Microsoft Flow and Logic App components
- Outbound synchronization capabilities using custom Connectors built using the ECMA2 host solution and the SCIM standard
- Integrations with third-party products (such as IDABUS and Identity Panel Suite) which provide extensive out-of-the-box capability
We expect additional capabilities to come in the future – but we already have a wide range of customization options.
What does all this mean?
Taken together, the above three statements provide the identity and access community with renewed confidence to commit to cloud-based solutions using Entra.
Microsoft’s investments in Entra, as well as the already-announced developments planned for the future, give us this confidence. And that confidence extends beyond the cloud-based identity and governance platform itself, and to confidence that the investments made over many years in on-premises identity solutions (especially MIM) and the business processes that surround them, will not be wasted but will find a safe destination in the cloud.
Some customers have already made a cloud-only move – leaving no on-premises server infrastructure behind.
Some customers have been pursuing an on-premises-led hybrid strategy, with their cloud components being integrated with on-premises solutions that are still in an authoritative position (pushing users, groups, roles, and the like out to the cloud environments).
Many of these have already moved important workloads to the cloud (HR systems such as Workday and SuccessFactors, for example), and are waiting for the appropriate moment to move authority for identity and access to the cloud as well. Entra, which includes a commitment to hybrid architectures, makes it clear that the time is right for many customers to start planning the move to Entra-based identity and access solutions.
So what’s next?
There is no doubt that for many organizations, this shift of authority to the cloud will be executed step by step: more evolution than revolution. At Oxford Computer Group, we are completely focused on the needs of our customers:
- Supporting the existing, well-running on-premises identity platforms by providing consulting assistance and training for staff tasked with running and enhancing those systems
- Establishing a vision for a future cloud-centric architecture
- Executing the vision according to the timeline which makes operational and commercial sense for the customer, by providing direct consulting services, as well as assistance to allow the customers to make changes with in-person support
- Further supporting change as new requirements emerge
Because of the complexities of the enterprise-scale identity deployments in which we specialize, we at Oxford Computer Group like to use the term “Entra Plus”. This indicates that Entra forms the foundation for identity and access for Microsoft-focused organizations, but that additional capabilities will typically be required. This “Plus” might be custom-built, or it might be out-of-the-box (with SoftwareIDM or IDABUS, for example). Either way, Oxford Computer Group is dedicated to providing the robust solutions at scale that are required.
For more information about these solutions and how we can provide them, please get in touch. We will be happy to arrange a call for you with one of our technical architects.