Microsoft Entra ID
- Microsoft Entra ID is primarily an identity solution, and it’s designed for internet-based applications by using HTTP (port 80) and HTTPS (port 443) communications.
- Microsoft Entra ID is a multi-tenant directory service.
- Microsoft Entra users and groups are created in a flat structure, and there are no OUs or GPOs.
- You can't query Microsoft Entra ID by using LDAP; instead, Microsoft Entra ID uses the REST API over HTTP and HTTPS.
- Microsoft Entra ID doesn't use Kerberos authentication; instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication, and uses OAuth for authorization.
- Microsoft Entra ID includes federation services, and many third-party services such as Facebook are federated with and trust Microsoft Entra ID.
P1
The following features are available with the Microsoft Entra ID P1 edition:
- Self-service group management. It simplifies the administration of groups where users are given the rights to create and manage the groups.
- Advanced security reports and alerts.
- Multi-factor authentication.
- Microsoft Identity Manager (MIM) licensing. MIM integrates with Microsoft Entra ID P1 or P2 to provide hybrid identity solutions. MIM can bridge multiple on-premises authentication stores such as AD DS, LDAP, Oracle, and other applications with Microsoft Entra ID.
- Enterprise SLA of 99.9%.
- Password reset with writeback.
- Cloud App Discovery feature of Microsoft Entra ID.
- Conditional Access based on device, group, or location.
- Microsoft Entra Connect Health. You can use this tool to gain operational insight into Microsoft Entra ID.
P2
In addition to these features, the Microsoft Entra ID P2 license provides extra functionalities:
- Microsoft Entra ID Protection.
- Microsoft Entra Privileged Identity Management.