Photo by Ari Sha on Unsplash

Photo by Ari Sha on Unsplash

Zero-Trust Features and Tools for Identities in Entra ID

Key to the Fortress

Article from ADMIN 91/2026
By
Zero trust – maximum security through minimum permissions – applies from the network through terminal devices to entire data centers, but critical human factors come into play with identities. We show you how Entra ID can help you manage your users' accounts securely.

Zero trust is not a specific action, but an ongoing process. Microsoft refers to it as a journey that never really ends. Why a journey? Because there is always something new to discover, and because existing technologies are critically questioned and new approaches examined in a cycle that constantly repeats.

Two issues pose specific challenges: On the one hand, the awareness that with zero trust, especially in the context of identities in Entra ID, particularly sensitive areas are accessed over the Internet, which changes the rules of the game. On the other hand, the mindset of many administrators is shaped by decades of working in classic on-premises environments, where domain controllers are protected by firewalls and identities are therefore relatively well secured. The situation with Entra ID is different, and you need to rethink because identity is the new perimeter.

Admin accounts, with access to comprehensive authorizations, are particularly vulnerable to criminal activity. Therefore, maximum security is essential for these accounts, which is exactly where the scenarios I look at here come into play. The objective is to use Entra ID to achieve a level of security that surpasses that of on-premises products.

The toolbox in Entra ID is comprehensively equipped for this purpose. One of the central tools it contains is Conditional Access policies, which are among the most powerful control instruments available to admins. They let you specify precisely who is allowed to access a specific set of resources and under which conditions. The mechanism behind policies is particularly useful for admin accounts and is made possible because a large number of signals are sent every time you log in to Entra ID or use an application. The signals then contribute to access decisions in the Conditional Access policy ruleset, among which are: On which device did the request originate? From which location? Which application did it target?

The policy


...

Use one of the options below to read the full article

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Related content

  • Backup and Restore in Entra ID
    Data backup is often overlooked in Microsoft Entra ID. User accounts, groups, and Conditional Access policies need targeted protection. We tell you which objects are backed up automatically, where you need to take action, and how you can effectively combine backups and documentation.
  • Find Entra ID vulnerabilities with AzureADRecon
    The AzureADRecon tool lets you analyze Entra ID environments, generate reports, and identify potential risks at an early stage by providing detailed insights into users, roles, and service principals. We show you how to set up, automate, and use the tool for security checks.
  • Secure Active Directory with the rapid modernization plan
    The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts.
  • Manage user accounts with MS Entra lifecycle workflows
    Microsoft Entra unites key identity technologies, resulting in a centralized management tool for Azure Active Directory. We look at how MS Entra works in conjunction with a local Active Directory.
  • Configure Entra ID with PowerShell Desired State Configuration
    Configuration and security of authorization assignment and access control by Entra ID, formerly Azure Active Directory, requires careful consideration. We reveal how configuration as code works with PowerShell and Microsoft 365 DSC for tenant configuration in Entra ID.
comments powered by Disqus