Microsoft Entra is not only the identity system for users; it’s also the identity and access management (IAM) system for Azure-based services, all internal infrastructure services at Microsoft, and our customers’ workload identities. This is why our 99.99% service-level promise extends to workload identity authentication, and why Microsoft continues to improve our service’s resilience through a multilayered approach that includes the backup authentication system.
In 2021, Microsoft introduced the backup authentication system, as an industry-first innovation that automatically and transparently handles authentications for supported workloads when the primary Microsoft Entra ID service is degraded or unavailable. Through 2022 and 2023, Microsoft continued to expand the coverage of the backup service across clouds and application types.
Today, we’re sharing how workload identities gain resilience from the regionally isolated authentication endpoints as well as from the backup authentication system. We explore two complementary methods that best fit our regional-global infrastructure. Examples include when an Azure virtual machine (VM) authenticates its identity to Azure Storage or when one of our customers’ workloads authenticates to application programming interfaces (APIs).
Regionally isolated authentication endpoints provide region-isolated authentication services to an Azure region. All frequently used identities will authenticate successfully without dependencies on other Azure regions. Essentially, they are the primary endpoints for Azure infrastructure services as well as the primary endpoints for managed identities in Azure. Managed identities help prevent out-of-region failures by consolidating service dependencies, and improving resilience by handling certificate expiry, rotation, and trust.
In the realm of digital identity, non-human entities such as apps and services are identified through what are known as "workload identities." Microsoft Entra incorporates these identities, encompassing both applications and service principals within its framework.
Microsoft Entra ID stands as Microsoft's cloud-centric solution for identity and access management. It plays a pivotal role in linking individuals with their applications, devices, and the data they rely on.
Utilizing Microsoft Entra Workload Identities incurs a charge of $3 per identity on a monthly basis. Additionally, Microsoft provides an opportunity to explore this service through a complimentary 90-day trial accessible via the Microsoft Azure Portal.
Beyond the offerings encompassed within the Free and P1 tiers, the P2 level introduces Microsoft Entra ID Protection. This feature enhances security through risk-based Conditional Access to applications and vital corporate data. Furthermore, it encompasses Privileged Identity Management, empowering organizations to uncover, regulate, and oversee administrators and their resource access, while also facilitating just-in-time access provisioning.
Microsoft Entra resilience, workload identity authentication, Entra update, Microsoft security update, identity management solutions, workload identity security, Microsoft Entra features, Entra authentication enhancements