2.1.1. Microsoft Entra ID: The Identity Foundation

💡 First Principle: Microsoft Entra ID (formerly Azure Active Directory) is Azure's cloud-based identity and access management service. It's the central authority that verifies identities and manages access permissions across Azure and integrated applications.

Scenario: A user attempts to access an Azure virtual machine. Before any access is granted, Microsoft Entra ID must verify the user's identity (authentication) and determine if they have permission (authorization).

Key Components of Microsoft Entra ID

• Users: Individual identities for people
• Groups: Collections of users for simplified permission management
• Service Principals: Identities for applications and automated processes
• Managed Identities: Azure-managed service principals for secure service-to-service authentication
• Enterprise Applications: Third-party or custom applications registered for SSO
• App Registrations: Application identity definitions for OAuth/OIDC flows

Visual: Microsoft Entra ID Identity Types