Blog

Is Entra ID (formerly Azure AD) M365’s Great Unifier?

In an effort to reduce complexity and simplify its naming conventions, Microsoft replaced Azure Active Directory (AD) with Entra in 2022. In this podcast, our tech gurus talk about the product and how many of its features work across the Microsoft portfolio.

Portsmouth Computer Group · Entra ID

 

Dave: Welcome to PCG Tech Tuesday. My name is Dave Hodgdon and I’m here with my guest today, Steve Ripper.

A great topic today: our podcast is on why understanding how Microsoft 365 is administered is important. So Steve, what is Entra ID in the Microsoft 365 ecosystem, and why is the change so significant?

Steve: Yeah, so Entra ID is the new naming scheme for the administration portion of M365. It replaces Azure AD. Again, one made-up or use name with another made-up use name.

Dave: Love it.

Steve: Yeah. The marketing people love it, but it’s bringing a whole bunch of new features. And I would say that the single biggest thing that Entra is unifying a lot of the things in Microsoft 365 that were all over the place. The MFA was in one place, the password management was in another place, and the directory structure was in other place, and Microsoft Intune and mobile device management was in another.

So it’s bringing it all under one location, one roof, one location, one tab, however you want to think about it. So this is basically a renamed and reconfigured interface for all of us to manage the people and the mailboxes.

Dave: You mentioned the word AD, which of course I know what it is, but it’s active directory. I always explain to clients it’s kind of that overwhelming top part of the puzzle where you’re kind of managing permissions, who has access to what? It just makes your life easier. So I just want the audience knew what AD was. So Steve, what are the many features that are being pulled together in Entra?

Steve: Yes. So Entra ID is really focused on identity. Like who are the people that are in the organization? So when Microsoft 365 first launched, people didn’t really see the directory part of it.

What they didn’t understand, what I saw for 20+ years, was that when you had an exchange server in your organization that did your mail, there was also an active directory component that was on a different server and that kind of handled. So the exchange server handled your mailbox.

Steve: The active directory part handled that you were Dave Hodgdon and what your password was and that you signed in. So when Office 365 became a thing, it also needed that. And the directory has always been there, but you just didn’t really interact with it that much. But now we’re getting to a point where so they kind of buried it just in the mailbox interface that everybody’s familiar with if they’ve ever gone in and looked at it.

Now we’re starting to see things where we need to be able to manage the actual active directory and other parts. We’re starting to see less and less servers.

So how do we have a directory where people can sign into things without having a server in the network? That’s becoming a bigger and bigger thing, and that’s where Entra ID comes in. It’s bringing in the identity know, it’s bringing in the MFA into one section, the password into one section. Like I said, the mobile device management, the Intune part where you’re managing what people can get into, what devices they can use, what their permission levels are.

And it’s really bringing in, for those of you who may know a little bit more about active directory, that whole group policy part where we can push policies out that say, listen, you can only be signed in for a certain amount of time, or we’re going to have a timeout value, or if you give the wrong password too many times, we’re going to lock you out. Those are all policy type things that Entra brings into one roof, one tab, one icon, one place, so that you can manage it all in one spot.

Dave: That’s vital, Steve, because we know now there’s more of a remote workforce, servers aren’t as prevalent anymore. I always explain to our clients in meetings that you just don’t want your house open to anyone. You want to have that certain people have access to it and they’re getting access to what they need. And having all these devices that aren’t owned by the company, you don’t know what they’re doing, what has access to permissions. I mean, this whole Entra is just pulling it all together.

Steve: Yeah. And the thing is that the question that you and I get, Dave, all the time, is like, I got these servers. How do we get rid of these servers? What do we do? How do we turn them off? Well, you turn them off. You can’t turn them off. You have to replace the services that they use with something that gives them to you that’s not in the server closet. So in a nutshell, that’s what Entra ID is. How do we all sign into our machines and it’s giving it a service in the cloud instead of the one that’s in the closet.

Dave: It’s like I said, Microsoft’s going to get you. In the old days, the Microsoft Office you bought was on your machine. Now you’re paying the subscription even though your server and your active directory is going away. Microsoft needs it someplace and then it is in the Entra t. What does a company need to do to get.

Steve: Entra ID other than use Microsoft 365? You don’t need to do anything else, like in classic Microsoft fashion. If anything, your interaction with it, if you’re a system administrator, is going to be what the heck is this? Because it’s just being rolled out by Microsoft and it’s replacing the previous version, Azure ad with Entra ID. So it’s happening automatically to all customers. Mostly it’s rolled out for almost everybody already. So you don’t need to do anything. It’s there and it’s probably already in place.

Dave: Steve, from a technical standpoint, using the old active directory from the servers versus the Microsoft Entra, is it pretty similar? Is it a new learning curve from a technical standpoint?

Steve: So if you don’t administer, if you’re not actually going in and looking at users and creating users, you wouldn’t notice any different. Your computer connects or your mailbox connects, it’s no different. But if you’re an administrator, if you’re going in and you’re creating new users, the menus are different. It’s similar, but yes, you will notice more. And the biggest thing is you’re going to see a lot more features. That left-hand pane, which is a standard UI for Microsoft things or most things nowadays, that left hand pane goes way off, rolls off the screen at the bottom. There’s a lot more options that you need to familiarize yourself with.

Dave: What are the license levels of Microsoft Entra ID?

Steve: So they’re basically called P1 and P2. So you’re looking at the Entra ID P1 and P2. If you’re getting into Entra ID, where you need to really start to administer and give licensing levels to people, P1 is the standard license that most people will use. It’s built into the premium or the Microsoft E3. Not to be confused with the Office 365 E3. That’s a different SKU. Office 365 E3, while many people have it, is being rolled into Microsoft 365 E3, which has the Entra ID P1 license in it as well as the standard license. If you’re not in E3, if you have a standard license that’s being turned into premium. So that’s being replaced with Microsoft 365 premium, which has the license level in it that gives all your views, just more features, mobile device management identity searching, connecting to Microsoft 365, that kind of thing. The P2 license builds on the P1, adds more features, adds more compliance stuff. If you’re a very large organization and you need those types of things.

Dave: Yeah, the licensing for Microsoft, it’s enormous. So some of PCG’s reps could definitely help you out with all these product SKUs because most clients are probably using Microsoft Basic, which is your email only, or Standard which is the email in the office. But as Steve said earlier, Premium is also going to be incorporating the entrepreneur part of it. So one of our reps can definitely help you with that. Steve, do you need a server on premise to have access to the servers?

Steve: You do not. And in fact that’s the whole point of Entra ID is to begin replacing the domain controllers that we’ve grown up with in the IT tech stack for the last 25 years. It’s replacing that. You can certainly have a server and you can sync your current on-prem active directory with Entra so that you’re syncing all the objects and they match up. You can do that, but the future is to start replacing those in server room or server closet servers with this cloud-based service.

Dave: Yeah, we’re seeing probably the surge over the last 3-6 months. Is this probably one of the hottest projects that we’re doing, that we’re doing many migrations, removing the servers and adding these services in place. So as Steve said earlier, having control of the people, the permissions, the devices and knowing you’re in a good place.

Steve: And we see a lot of companies that will call us that never had servers. I know that sounds crazy, but they’ve never had servers. They started the company and they had like an online product like a CRM or something, Salesforce, whatever. So they’ve never actually had a server with a directory. And so the problem that they have is that if they have 40 machines, they’re all locally joined. There’s no password management, there’s no policy.

Dave: Islands out there, no control.

Steve: You have no control over them. You basically had Dell ship you PCs or HP or Best Buy. You got them from and you fired them all up and you joined your CRM, but you have no directory control of how people are signing in, no permissions, nothing. So that’s when they call us. So now do you have Microsoft 365? Yes we do. We’re going to use that to sign all your machines and then get them on the same playing field so that you can manage them.

Dave: I think from a business ownership, having control of those devices. You don’t want your employees using their own devices because you don’t know what they’re using them for. And having control of those devices, whether you let them go to push updates, you have the ability to manage, and I think your life’s a lot easier. Steve, last question for you. What are some of the biggest benefits you feel in the value of the Entra ID platform for your business?

Steve: Yeah, sure. So we’ve kind of touched on both of them. I’m going to give you two. So, one, the ability, if you don’t have servers or you want to get rid of the servers, you can use this as a directory for signing all of those things up and managing. So that’s one. And two, is solving that problem where you don’t have any directory management of machines at all. So you have no idea whether people are setting passwords. You don’t have any MFA set up. You don’t have any policies.

Today’s announcement of MFA brought to you by Entra ID. So those are the two big ones, right? Is getting a handle on the directory structure of your network.

Dave: Steve, great topic today. If you want to learn more about the Entra ID, please reach out to PCG. Again thank you everyone for joining us for PCG Tech Tuesday. Have a great day.