News

Microsoft Entra ID Governance Commercially Released

Microsoft this week described additions to its Microsoft Entra identity and access management products.

Fairly large organizations using the Microsoft Entra Azure Active Directory service can now assess uptime relative to their service level agreements (SLAs) with a new preview capability, announced on Tuesday. Also, the Microsoft Entra ID Governance service has now reached the "general availability" commercial-release stage, per a Wednesday announcement.

Microsoft Entra ID Governance General Availability
Microsoft Entra ID Governance enables identity controls across "on-premises and cloud apps and resources," and it's now deemed ready for commercial use by Microsoft.

Partner support is available to implement the Microsoft Entra ID Governance service from "Edgile, a Wipro company, EY LLP, KPMG firms and PwC," the announcement indicated.

Microsoft described this governance product as having automation capabilities that address the "identity lifecycle" within organizations. For instance, the service can update access permissions automatically "when employees change roles or move," according to the Microsoft Entra ID Governance landing page. It will automatically assign application access permissions "based on employee group memberships." It also has so-called "entitlement management" capabilities to check resource access by "partners, suppliers and guests."

IT pros get a dashboard view with the Microsoft Entra ID Governance service showing stats about the number of employees, guests and groups, as well as the number of business applications. It also shows policy configurations for users and apps, plus the number of "access reviews" that have been set up. There's also a new capability added to entitlement management that leverages the Microsoft Entra Verified ID preview to confirm the digital identities of users.

Organizations will be able to purchase licensing to use Microsoft Entra ID Governance "starting July 1," the announcement indicated. A free trial can be accessed from Microsoft's landing page.

Organizations likely will need Azure Active Directory Premium P2 licensing to use the product. Organizations having Microsoft 365 E5 plans already have Azure Active Directory Premium P2 licensing, according to Microsoft's pricing page.

The announcement suggested that "ID Governance can be added to Azure AD Premium P1 or P2 licenses," but it's unclear what this means because it's already included in the P2 licensing, and it's not included in the P1 licensing.

Azure AD SLA Performance Preview
Microsoft is previewing the ability of organizations "with at least 5,000 monthly active users signing in" to see their actual SLA performance for their Azure AD tenancies. This preview is currently available via "the Entra and Azure portals."

The idea behind the SLA is that Microsoft is assuring "four nines" (99.99 percent) service uptime per billing month. Microsoft already publishes global stats on how well the Azure AD service has maintained its uptime relative to its 99.99 percent SLA promise to customers. Globally, the Azure AD service has "exceeded 4-nines' SLA for over 16 months running (as of June 2023)," per the announcement.

Microsoft also touted Azure AD "resilience" protections via a "Backup Auth System" it introduced in 2021 to address Azure AD service failures. Should an Azure AD failure occur, this backup system will take on the task of authenticating users if the following conditions are met:

  • The user has authenticated with the same app and device within the last three days;
  • The user is authenticating as a member of their home tenant and not a B2B user;
  • Resilience defaults for that user authentication are enabled; and
  • The user's authentication has not been recently revoked or restricted.

The Backup Auth System will be getting improvements over the "next 12 to 18 months." It will get protections for Android OS apps, SAML Web apps and "non-Microsoft applications requesting OpenID Connect access tokens."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.