Microsoft Entra ID Governance Commercially Released
- By Kurt Mackie
- June 07, 2023
Microsoft this week described additions to its Microsoft Entra identity and access management products.
Fairly large organizations using the Microsoft Entra Azure Active Directory service can now assess uptime relative to their service level agreements (SLAs) with a new preview capability, announced on Tuesday. Also, the Microsoft Entra ID Governance service has now reached the "general availability" commercial-release stage, per a Wednesday announcement.
Microsoft Entra ID Governance General Availability
Microsoft Entra ID Governance enables identity controls across "on-premises and cloud apps and resources," and it's now deemed ready for commercial use by Microsoft.
Partner support is available to implement the Microsoft Entra ID Governance service from "Edgile, a Wipro company, EY LLP, KPMG firms and PwC," the announcement indicated.
Microsoft described this governance product as having automation capabilities that address the "identity lifecycle" within organizations. For instance, the service can update access permissions automatically "when employees change roles or move," according to the Microsoft Entra ID Governance landing page. It will automatically assign application access permissions "based on employee group memberships." It also has so-called "entitlement management" capabilities to check resource access by "partners, suppliers and guests."
IT pros get a dashboard view with the Microsoft Entra ID Governance service showing stats about the number of employees, guests and groups, as well as the number of business applications. It also shows policy configurations for users and apps, plus the number of "access reviews" that have been set up. There's also a new capability added to entitlement management that leverages the Microsoft Entra Verified ID preview to confirm the digital identities of users.
Organizations will be able to purchase licensing to use Microsoft Entra ID Governance "starting July 1," the announcement indicated. A free trial can be accessed from Microsoft's landing page.
Organizations likely will need Azure Active Directory Premium P2 licensing to use the product. Organizations having Microsoft 365 E5 plans already have Azure Active Directory Premium P2 licensing, according to Microsoft's pricing page.
The announcement suggested that "ID Governance can be added to Azure AD Premium P1 or P2 licenses," but it's unclear what this means because it's already included in the P2 licensing, and it's not included in the P1 licensing.
Azure AD SLA Performance Preview
Microsoft is previewing the ability of organizations "with at least 5,000 monthly active users signing in" to see their actual SLA performance for their Azure AD tenancies. This preview is currently available via "the Entra and Azure portals."
The idea behind the SLA is that Microsoft is assuring "four nines" (99.99 percent) service uptime per billing month. Microsoft already publishes global stats on how well the Azure AD service has maintained its uptime relative to its 99.99 percent SLA promise to customers. Globally, the Azure AD service has "exceeded 4-nines' SLA for over 16 months running (as of June 2023)," per the announcement.
Microsoft also touted Azure AD "resilience" protections via a "Backup Auth System" it introduced in 2021 to address Azure AD service failures. Should an Azure AD failure occur, this backup system will take on the task of authenticating users if the following conditions are met:
- The user has authenticated with the same app and device within the last three days;
- The user is authenticating as a member of their home tenant and not a B2B user;
- Resilience defaults for that user authentication are enabled; and
- The user's authentication has not been recently revoked or restricted.
The Backup Auth System will be getting improvements over the "next 12 to 18 months." It will get protections for Android OS apps, SAML Web apps and "non-Microsoft applications requesting OpenID Connect access tokens."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.