Examine the identity and access tools used in Microsoft 365

4 minutes

Identity and access management is a crucial aspect of any cloud-based service. It ensures that only authorized users can access the resources and data they need. Microsoft 365 offers various tools and features to help administrators and users manage their identity and access in a secure and efficient way. This unit examines several of the key tools and features used by Microsoft 365, namely: the Microsoft 365 admin center, Microsoft Entra ID, single sign-on (SSO), PowerShell for Microsoft 365, and the Microsoft Graph API. This unit explores what each of these tools does, how it works, and how it contributes to the overall identity and access management strategy for Microsoft 365.

Microsoft Entra ID

Microsoft Entra ID is a cloud-based directory and identity service that provides identity and access management for Microsoft 365 and other cloud applications. Microsoft Entra ID is based on the concept of a single identity that a person can use across multiple devices, platforms, and applications, without the need to remember multiple usernames and passwords. Microsoft Entra ID applies the power of the Microsoft cloud to provide a secure and reliable identity service that can scale to meet the needs of any organization. It does so through the following features:

Support for multiple identity models. Microsoft Entra ID supports multiple identity models, such as cloud-only, hybrid, and federated, to accommodate different scenarios and requirements.
Support for multiple authentication methods. It also supports various authentication methods, such as password, multifactor authentication (MFA), certificate-based authentication, and Windows Hello for Business.
Policy enforcement. Microsoft Entra ID enables administrators to enforce security and compliance policies, such as conditional access, identity protection, privileged identity management, and access reviews, to protect the identity and access of users and devices.

Microsoft Entra ID creates a unique and personal identity for each user, based on their email address and phone number. This identity is then linked to a Microsoft account, which is used to access Microsoft 365 and other Microsoft services.

Users can sign in to their Microsoft account using their Microsoft Entra ID, which consists of their email address and a six-digit code that Entra sends to their phone through SMS or voice call.
Users can also use their Microsoft Entra ID to sign in to other devices and applications that support Microsoft Entra ID, such as Windows 10/11, Xbox, Skype, and Outlook.
Microsoft Entra ID eliminates the need to create and remember passwords.
It also provides a more convenient and secure way to sign in to Microsoft services.

The Microsoft 365 admin center

The Microsoft 365 admin center is the web-based portal that allows administrators to manage all aspects of their Microsoft 365 subscription, including users, groups, licenses, billing, security, compliance, and settings. It does so through the following functionality:

Intuitive interface. The admin center provides a unified and intuitive interface to perform common tasks, such as adding or removing users, assigning roles and permissions, configuring policies and settings, monitoring activity and alerts, and troubleshooting issues.
Service integration. The admin center also integrates with other Microsoft services, such as Microsoft Entra ID, SharePoint, Exchange, Teams, and OneDrive, to provide a seamless and consistent experience across the Microsoft 365 ecosystem.
User and device authentication. The admin center uses the Microsoft Entra ID identity platform to authenticate and authorize users and devices, and to manage their access to Microsoft 365 resources.

Single sign-on (SSO)

Single sign-on (SSO) is a Microsoft 365 feature that allows users to sign in to multiple applications and services with one set of credentials, without having to re-enter their username and password for each application or service. SSO provides the following benefits:

Improves the user experience. SSO reduces the hassle and frustration of managing multiple passwords.
Increases productivity. SSO eliminates the need to manage multiple passwords, which in turn saves time and effort for users.
Enhances security and compliance. SSO enhances Microsoft 365 security and compliance by reducing the risk of password compromise, phishing, and credential theft. It also enables administrators to enforce consistent policies and settings across all applications and services.

Microsoft 365 supports SSO for both cloud and on-premises applications and services, using the Microsoft Entra ID identity platform.

Microsoft Entra ID provides SSO for thousands of cloud applications that are integrated with Microsoft Entra ID, such as Office 365, Salesforce, Dropbox, and Zoom.
Microsoft Entra ID provides SSO for on-premises applications that are integrated with Microsoft Entra ID using the Microsoft Entra Application Proxy, the Microsoft Entra Connect Sync, or Active Directory Federation Services (ADFS).
Microsoft Entra ID supports SSO for custom applications that are developed using the Microsoft Entra identity platform, such as web, mobile, and desktop applications.
Microsoft Entra ID supports various SSO protocols, such as SAML, OAuth, OpenID Connect, and WS-Federation. Doing so enables interoperability and compatibility with different applications and services.

PowerShell for Microsoft 365 using the Microsoft Graph PowerShell SDK

PowerShell is a scripting language and a command-line shell that allows administrators and developers to automate tasks and manage systems and applications. PowerShell for Microsoft 365 is a set of PowerShell modules that enable administrators and developers to manage and interact with Microsoft 365 resources, such as users, groups, licenses, mailboxes, calendars, contacts, files, sites, teams, and more. PowerShell for Microsoft 365 uses the Microsoft Graph PowerShell SDK, which is a library that provides a unified and consistent way to access the Microsoft Graph API, which is the RESTful web service that exposes the data and functionality of Microsoft 365 and other Microsoft services.

PowerShell for Microsoft 365 using the Microsoft Graph PowerShell SDK offers administrators several advantages when they work with Microsoft 365 resources, including:

Granular control. PowerShell for Microsoft 365 provides comprehensive and granular control over Microsoft 365 resources. It allows administrators and developers to perform tasks that aren't possible or that are difficult to do using the admin center or other tools.
Simplified management and automation. PowerShell for Microsoft 365 simplifies and streamlines the management and automation of Microsoft 365 resources. It allows administrators and developers to use a single and consistent interface to access the Microsoft Graph API, without having to deal with different endpoints, authentication methods, and data formats.
Enhanced security and compliance. PowerShell for Microsoft 365 enhances the security and compliance of Microsoft 365 resources. It allows administrators and developers to use the Microsoft Entra identity platform to authenticate and authorize users and devices, and enforce policies and settings, such as MFA, conditional access, and role-based access control (RBAC).
Integration and customization. PowerShell for Microsoft 365 enables the integration and customization of Microsoft 365 resources. It allows administrators and developers to use the Microsoft Graph API to access and manipulate data and functionality of Microsoft 365 and other Microsoft services, such as Azure, Dynamics 365, and Power Platform.

The Microsoft Graph API

The Microsoft Graph API is the RESTful web service that exposes the data and functionality of Microsoft 365 and other Microsoft services, such as Azure, Dynamics 365, and Power Platform. The Microsoft Graph API allows administrators and developers to access and manipulate the resources and entities that are part of the Microsoft cloud, such as users, groups, licenses, mailboxes, calendars, contacts, files, sites, teams, and more. The Microsoft Graph API also allows administrators and developers to access and manipulate the relationships and connections that exist between these resources and entities. For example, memberships, subscriptions, permissions, messages, events, tasks, and more.

The Microsoft Graph API offers several offers administrators several advantages when they work with Microsoft 365 and other Microsoft services, including: