First Look! Microsoft Entra Suite

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
today's video is sponsored by spec ops password policy the ultimate solution in securing your active directory passwords and continuously blocking over 4 billion breached passwords visit them today at specops soft.com in this episode I'm checking out the allnew Microsoft entra Suite the complete identity solution from Microsoft we're going to talk exactly about what's in it how much does it cost how does it work and most importantly is it worth it loads of demos coming up so stay [Music] tuned hey everyone how are you so nice to see you and a very warm welcome especially hey if this is your first time with us on today's episode Microsoft entra the sweet version that is has now been released and well with quite a few of the products still in public preview you have to ask is it worth its money so what I'm going to do is I'm going to talk about exactly what's included how much does it cost um are there upgrade options if you've already got certain versions for example and most important question is it actually worth it at the the end of the day and I've got demos of each of the products as we're going to go through so you'll know exactly how it works now if you haven't subscribed yeah I always say this um please go ahead bum that subscribe button come and join my learning community and if you have questions and comments about this or in fact any of my other sessions as always just get those down below and I'll do my best to answer them and if you enjoyed the session give me a big thumbs up uh it really does make a difference okay so I think without any further Ado let's take a look at entra ID or entra Suite I should say and let's look at first of all how much does it cost what's included and so on and then we'll take a walk through and look at the various demos okay you enjoy so to get started with entra Suite what you want to do is go into Microsoft 365 or you can also do this from entra ID going to purchase services and if you do a search on entra uh then all the associated products will come up and as you can see uh just down here on the right hand side there it is Microsoft entra Suite you can also take it out as a trial subscription um beyond that of course you can pay for each of these products separately so what is included as you can see it gives you details of all the different offerings which I'll just go through in a second um once you've made that decision of course you just go ahead and you subscribe so really easy to get started so firstly I suppose we should talk about exactly what's included in entra Suite as you can see the key selling point is Microsoft's ssse secure service edge offering which they call Global secure access currently in two flavors enter internet uh access and also enter private access as well and of course you see the internet access also sits in with the likes of Microsoft 365 as well um on top of that it provides things like Universal conditional access which of course you get with a P1 license you've got tenant restrictions the one of the big selling things that GSA provides is the compliant Network checks and also all the networking security that goes with that now we'll look at that in a moment or two in addition you've also got things like remote networks you've you can set up traffic forwarding rules profiles and so on on top of that you've also got the premium entra ID uh verified ID features which now also includes the facial recognition which rocks you've also got identity protection and you've also got identity governance of course which ALS also provides things like access reviews entitlement management and privileged identity management but to name a few um so this is really what's included so the entr suite you get the core license which includes all the features that I just mentioned in addition we also get the Frontline worker version of the Microsoft entr Suite I have to be honest though there doesn't seem to be any difference between the different service plans so whether one is cheaper than the other uh that's something you'll have to check out um you've also got the Step Up option so if you've already got um a P2 license then there is a step up plan so it's obviously not as expensive um what's included well as I've mentioned you get the uh entra ID governance and this includes access reviews um you get privileged identity management you get the capability to um access packages for example which rocks you've also got the two different offerings of GSA Global secure access so you get the entra private access um and also you get the entra internet access features as well and uh again although these are currently still in public preview and if you've not signed up to those I'll talk about those in a minute definitely check this out this rocks by the way um verified ID has been around for some time but we now have a new premium feature which includes facial recognition and in addition you also get the entra ID identity protection features as well um which comes on top of the uh P2 you also get the premium version of that as well um so just you might argue you know what's the difference between the entra suite and let's say for example an E5 subscription will both get the just the P2 license so if you just have an E5 license then you get the P2 license um uh on its own the entra ID P2 license is I'm just using UK prices here but you'll be equivalent of course is 740 a month compared to the entra suite which is 11.88 a month that just means that for an additional 448 a month you get all of those are features so you get identity governance you get the premium verified ID you get the private access and the ENT internet access features as well and if you look at the prices you know to be honest it's a no-brainer but that again that's if you need these uh features so let's take a look at the entra uh ID Suites and let's look at all the different features and what they do so I'm starting off my demo here on the Microsoft entra admin page and and if you click on view all products it will walk you through all the different tools and you can see here that we have all of these tools now in place um just to say that the documentation is here as well this will take you through to the uh documents on learn. microsoft.com um so if you're not familiar with all of these that's a great place to start so when we talk about the core product well what we're really talking about of course is the ability to manage and administer all of our users and as part of your core products you also get um things like external access so you can create guest and guest access and so on we also have some really clever stuff with groups um so you get a nice kind of overview of all of your groups you can set expiry dates for groups for example which absolutely is Awesome by the way um now in addition as well as your core product if you've got a P1 license um if I go down to the protection tab here um you get conditional access and conditional access is such an important component in enter ID because you can create what we call policies um so in the days of the 1990s and the ughs it was easy just to log in with a username and password now however uh what this conditional access does is it's part of Microsoft's zero trust Technologies so in other words um you've got to verify every user every application every device on your network and you can create uh conditional access policies which will help you do that so for example I'm going to create a a new policy we'll call this uh my uh office policy and I'm going to say users and groups I'm not going to choose all users be very careful of this it really can get you into hot water if you make a mistake strongly recommend all policies any kind of rules like this always try it with a single user um and then once you've got it in place then add in the other users and groups so in this case case um I'm going to add some users here so I've got a a group of users I've created a group called Oslo so I'm going to add in the Oslo HQ and this is all about signals now uh it says Target resources um I'm going to Target all Cloud applications and you can also go through them individually as well um so that I then say the network option and this is new um now you can see that this is currently grayed out is because I've not enabled Global secure access which I'll come back to uh and once you've activated that this will then uh wake up in terms of the conditions um one of the really nice features that we have is something called identity protection and so if you've created an identity protection you can say Hey you know if we've got high and medium medum risk users um who have maybe a high and medium risk when they're signing in um you can put an additional layer of security on for these users we also have a new Insider risk policy so if you're using for example Microsoft purviews Insider risk policies then you can obviously if a Insider is flagging up as um elevated you can take further action with that which device platform um is this for so again I can specify any device or just uh individual devices here if I want to and you can even specify locations so I pre-created a few locations um in the policies and I can say these are safe locations so you can specify any network location you can also say you know if I'm in the London office I don't want multiactor authentication and this is a trusted Network okay likewise you can see that we also have a new compliant Network policy again this is part of global secure access um so client apps um again uh I can say I only want browser and mobile apps for this and I can then say do I want to filter for any particular devices and we also have a new authentication flow mechanism here so that means that if I sign on one machine uh I can then continue on to a second machine so for example if you signed on with your uh mobile device uh it will then authenticate you on your PC or your Mac which is really cool and you can also transfer your authentication across as well well really nice and that's currently in public preview So based on those conditions I'm going to say yeah I'm going to require multiactor authentication except in a trusted location and you could add these other features here and for more details on a full conditional access um example check out a previous video and I'll put the links uh below okay um so now that I've created that you can see it's creating it in reporting only mode this reporting only mode will be active for 90 days and then it will be enforced after that so conditional access is a core component of the P1 license and you get that free included with P1 which of course if you've got small business and small business premium you get that included with that as well okay so what else do we have here well as well as protection of course you've got identity protection that I just mentioned and identity protection uses really kind of two main policies a user risk policy and also a signin risk policy so what how risky are those users um it looks for things like impossible travel um unusual behavior so you're in the office on a Friday evening doing Mass downloads things like that you know out of the ordinary and what it what you can do is you can then it's got some great reporting features and you can have a look at any kind of risky signings reports it will detect any kind of risky detections as well which is great and the key thing about this is you can then you know confirm that a user has indeed actually been compromised um so this is um kind of uh identity protection it works really well when combined with conditional access that is a P2 license feature okay now what else do we have so going on from that of course what is the add-on that we can have so the add-on is the identity governance Adon and you can try this as a trial and this creates what we you know you've got things like life cycle workflows here which is awesome so if you using things like HR uh connectors within your organization you're using human resources what this does is it it integrates with those um applications because of course enter ID completely integrates with third- party applications and essentially you can come up here and you can create one of these pre-re ated workflows for things like onboarding employer sorry employees and also offboarding them as well and there's an increasing number of templates here so for example if I was let's say Le we've got a lever here and the the uh users leaving the organization you can create this template um uh and this you can see it will tell you the details so when the user leaves it will delete the user account remove remove the user from all the groups and teams and it will delete the user account which places that user account into a recycle bin uh for 30 days so these templates absolutely Rock especially in conjunction with thirdparty identity features on their own not so much but if you've got third-party tools then yes this is definitely something you would take a look at all right um so what else do we have so if I come back to just by basically come back to con too um so as I said uh identity governance the other thing that we also get is I entitlement packages um or entitlement management and this is where I can create access packages so first up I create a catalog so you can see I've created a catalog of resources and those resources essentially contain um applications um so if I come down here into resources here what you're doing is you're essentially adding in a resource and this can be I I can add a resource you can bring in groups and teams you can bring in applications SharePoint sites and now currently in public preview we have the entra admin roles that you can also bring in for this which absolutely rocks so once you've created and it's really simple once you've created this catalog from that catalog I can then create a project so in this case I'm creating an access package and if I click on to edit here I can then go in I can say hey you know what resources what do I want to bring in um so I can then say Hey you know I want to add a resource or a resource role or a role group and you can select from your list of uh resources from your catalog once you've got that once you've created that you can see I've got my Oslo waffle project it will then generate a link and I essentially share that and the cool thing about this is you can set it you know you just want to give them just in time access so it's from a corporate project they can have access for an hour for a day for a week very cool feature really powerful feature and that um as I said is an access package and that comes under entitlement management another cool feature is access reviews so an access review of course can be assigned to a group so you know in the in the old days when you used to assign users to groups and then suddenly two years goes by and you suddenly realize oh my goodness there's still a member of that group so what an access review does is you can come in you can say hey I want to do an access review let's say every three months or something like that so I can come into the settings here and I can say you know um first of all who's the reviewer um does it require a a reason how often do you want to schedule it so you know every you know I want to put this you know three occasions or uh I want to have it running for a year and do a review every 3 months so um really super powerful you can schedule the review you get the review history and you also get the remediation at the end of it as well so at the end of it you can say you know um do we still want to give them access do we not want to give them access and so on so as I said that's an access review PR Pim or privileged identity management uh you can find that I I've actually got it integrated here so if I come down into my um if I come down just click on show more uh and you can see here I've got roles and admins and you can come into roll and admins again these are all P2 features so if I come into let's say my teams administrator so in the teams administrator I can assign somebody permanently but I can also assign somebody temporarily as well so for example if I just say you know I'm going to bring in a member and let's say I'm going to bring in Adele and I want Adele to be my team's administrator and I want her to be active so that's the first thing and you need to put in a reason so I'm just going to say it's for her job and you can see that she's now assigned okay now in addition you can also say hey well if Adele has got an assistant um you know it's a little bit like I want to give Adele the rights to do the job but only if she needs it so I've got Alex Alex is Adele's assistant so when Adele goes on vacation I want Alex to take over and you can see that I've set the default settings here for let's say 15 days um so I want Alex to be eligible so that's just like you handing your car keys to your neighbor and saying would you mind looking after my car for me they may not even open your car door but the fact is because they have the keys they have the right to do it you can now see that Alex is now an administrator here but it's only it would only be activated when he needs access so when Adele's away he activates it and you can see it's only active between these time periods so I got to tell you privileged identity management absolutely rocks and it's so important okay so one of my favorite features of the entra suite um is verified ID and Microsoft are just releasing verified ID premium and this is essentially a decentralized identity system decentralized in the fact that it's controlled by you and me so once you get assigned a digital ID which has been verified by a trusted provider you can then use that digital ID in many different scenarios from work uh to skillings school telecommunications travel retail in fact anywhere so essentially the user verifies their identity currently available on LinkedIn by the way and essentially when the user goes to purchase something or prove their identity they're essentially presenting their digital ID and because their ID has already been verified um of course they don't need any additional documentation or passports or anything like that so essentially um it's the user who then says yes I'm happy to share my identity with the company and you can see it maintains a complete history of everything so um the user gets this kind of digital receipt now that's been available for a little bit of time but what is new is the fact that you can now it does facial recognition so when you go and make a purchase or do a transaction it can now also do a facial recognition and this is great for example if you're um accessing um something and it requires your permission you can use your facial recognition and also you can either allow or reject the request to access your data so in all in all you're really safe with a verified ID so up next I want to talk about this one this is Microsoft's ssse or secure service edge much has been written and documented about this and I got to say rightly so it is absolutely awesome this is global secure ACC access and this essentially is comprised of uh really a couple of different products and um currently in public preview you can do a secure access within your tenant um and this then gives you the option so you can either do private internet access or you can do private access so private access for example if you had a let's say um a server on premises uh with some really important internal applications and you want to make that available so in the past you would have used thirdparty vpns and Technologies like that and the problem with that is because they're on separate networks it's very difficult to secure them and also integrate those with the likes of conditional access and network security policies and so on so rather than using um separate vpns this is kind of Microsoft's magic VPN solution which combin all the security features um to give you it really kind of closes that loop on zero trust and it's the final piece that's missing really now as I say Global secure access is currently in public preview I would definitely try it out try out for a few users um you can try both versions so the private internet access as well as the uh private um access in terms for your own company as well so really really useful and very very powerful set of tools so there you have it Microsoft entra Suite it's actually pretty good value when you look at it and it's got some awesome features now whether those features are for everyone hey well you know your business uh it's not for me to say okay Hey listen if you enjoyed it bump the like button give me a big thumbs up it does make a difference and if you've got comments and questions as always get those down below and uh if you want to support me further then why not sign up to my patreon site details here and you'll get access to full courses and so much more all right that's it for this time you stay safe I'll see you soon hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss out [Music]
Info
Channel: Andy Malone MVP
Views: 6,786
Rating: undefined out of 5
Keywords: Microsoft Entra Suite, Entra, Azure Active Directory, AAD, Microsoft 365, Andy Malone MVP
Id: 5KI-49b3v_I
Channel Id: undefined
Length: 28min 3sec (1683 seconds)
Published: Mon Jul 08 2024
Related Videos
Why are you NOT Using These 5 Microsoft 365 Apps?
Andy Malone MVP
8.2K
Samsung Z Flip/Fold 6, Watch Ultra, Buds Pro and Ring Impressions!
Marques Brownlee
488K
Copilot for Microsoft 365 The Ultimate Admin Preparation Guide
Andy Malone MVP
4.2K
Future Proof Your Tech Career In the Age of AI
Travis Media
26K
How To Get a FREE Cloud Computer (Azure Virtual Machine - Setup & Configure)
Ryko Tech
7.1K
Nvidia CUDA in 100 Seconds
Fireship
1.1M
Get Started with Microsoft Copilot for Microsoft 365
Andy Malone MVP
34K
Is Microsoft Loop the End of OneNote?
Jonathan Edwards
277K
12 Tips to Get More Done Using Microsoft Outlook
Jonathan Edwards
68K
Copilot for Microsoft 365 How it ACTUALLY Works!
Andy Malone MVP
170K
Phishing Resistant MFA How it Works!
Andy Malone MVP
11K
Group Policy 5 Nuggets Every Admin MUST Know!
Andy Malone MVP
8.4K
Super Easy IPV6 In 10 Minutes
Andy Malone MVP
4.6K
Microsoft Reacts to Being Fined $20B by EU
SAMTIME
90K
Linux on Windows......Windows on Linux
NetworkChuck
235K
Keep Your Family Safe On Your Home Network
CyberCPU Tech
8K
Microsoft Copilot - Excel has forever changed
Luke Barousse
982K
7 HIDDEN Apps in Microsoft 365 that will EXPLODE Productivity
Jonathan Edwards
163K
Ultimate Guide to Windows Autopilot - 2024 edition
Dean Ellerby MVP
2.6K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.