Describe the capabilities of Microsoft Entra

Question 1

Microsoft Entra ID

Answer 1

Microsoft Entra ID, formerly Azure Active Directory, is Microsoft’s cloud-based identity and access management service. Organizations use Microsoft Entra ID to enable their employees, guests, and others to sign in and access the resources they need, including:

-Internal resources, such as apps on your corporate network and intranet, and cloud apps developed by your own organization.
-External services, such as Microsoft Office 365, the Azure portal, and any SaaS applications used by your organization.

-Simplifies the way organizations manage authorization and access by providing a single identity system for their cloud and on-premises applications
-Can be synchronized with your existing on-premises AD, synchronized with other directory services, or used as a standalone service.
-Allows organizations to securely enable the use of personal devices

Question 2

Secure Score

Answer 2

Microsoft Entra ID includes an identity secure score, which is a percentage that functions as an indicator for how aligned you are with Microsoft’s best practice recommendations for security. Each improvement action in identity secure score is tailored to your specific configuration.

Identity secure score, which is available in all editions of Microsoft Entra ID, helps you to objectively measure your identity security posture, plan identity security improvements, and review the success of your improvements.

Question 3

Basic Terminology

Answer 3

-Tenant - A Microsoft Entra tenant is an instance of Microsoft Entra ID in which information about a single organization resides including organizational objects such as users, groups, devices, and application registrations. A tenant also contains access and compliance policies for resources, such as applications registered in the directory. Each Microsoft Entra tenant has a unique ID (tenant ID) and a domain name (contoso.onmicrosoft.com) and serves as a security and administrative boundary

-Directory - Is a logical container within a tenant that holds and organizes a catalog of identities and resources associated with an organization’s tenant. A Microsoft Entra tenant consists of only one directory.

-Multi-tenant - A multi-tenant organization is an organization that has more than one instance of Microsoft Entra ID. Reasons why an organization might have multiple tenants include organizations with multiple subsidiaries or business units that operate independently, organizations that merge or acquire companies, multiple geographical boundaries with various residency regulations, and more.

Question 4

Who uses Microsoft Entra ID?

Answer 4

Microsoft Entra ID is used by IT admins to control access to corporate apps and resources, based on business requirements. For example, Microsoft Entra ID can also be set up to require multi-factor authentication when accessing important organizational resources.

Developers use Microsoft Entra ID as a standards-based approach for adding single sign-on (SSO) to their apps, so that users can sign in with their pre-existing credentials. Microsoft Entra ID also provides application programming interfaces (APIs) that allow developers to build personalized app experiences using existing organizational data.

Subscribers to Azure services, Microsoft 365, or Dynamics 365 automatically have access to Microsoft Entra ID.

Question 5

Types of Identities

Answer 5

When you ask the question, to what can I assign an identity in Microsoft Entra ID, there are three categories.

-You can assign identities to people (humans). Examples of identities assigned to people are employees of an organization that are typically configured as internal users. For our purposes, we’ll refer to these as user identities.
-You can assign identities to physical devices, such as mobile phones, desktop computers, and IoT devices.
-You can assign identities to software-based objects, such as applications, virtual machines, services, and containers. These identities are referred to as workload identities.

Question 6

User

Answer 6

CUser identities represent people such as employees and external users (customers, consultants, vendors, and partners). In Microsoft Entra ID, user identities are characterized by how they authenticate and the user type property.

-Internal member: Considered employees of your organization. The user authenticates internally via their organization’s Microsoft Entra ID and has a UserType of Member.

-External guest: External users or guests, including consultants, vendors, and partners, typically fall into this category. The user authenticates using an external Microsoft Entra account or an external identity provider (such as a social identity) and has a UserType of Guest, giving them limited, guest-level permissions.

-External member: Common in organizations consisting of multiple tenants.(Contoso users in a shared organization access Fabrikam resources by authenticating with their Contoso accounts in Fabrikam’s directory, configured as Members for access.)

-Internal guest: When organizations who collaborate with distributors, suppliers, and vendors set up internal Microsoft Entra accounts for these users but designate them as guests by setting the user object UserType to Guest. As a guest, they have reduced permissions in the directory.

External guests and external members are business-to-business (B2B) collaboration users that fall under the category of external identities in Microsoft Entra ID

Question 7

Workload Identities

Answer 7

A workload identity is an identity you assign to a software workload. This enables the software workload to authenticate to and access other services and resources. This helps secure your workload. In Microsoft Entra, workload identities are:

-A service principal is an identity for an application. (must first be registered with Microsoft Entra ID to enable its integration) - The service principal enables core features such as authentication and authorization of the application to resources that are secured by the Microsoft Entra tenant. (application developers must manage and protect the credentials)

-Managed identities are a type of service principal that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to Azure resources that support Microsoft Entra authentication and can be used without any extra cost.

There are two types of managed identities: system-assigned and user-assigned.

–System-assigned. Some Azure resources, allow you to enable a managed identity directly on the resource. When you enable a system-assigned managed identity an identity is created in Microsoft Entra that’s tied to the lifecycle of that Azure resource.
–User-assigned. You may also create a managed identity as a standalone Azure resource. Once you create a user-assigned managed identity, you can assign it to one or more instances of an Azure service.With user-assigned managed identities, the identity is managed separately from the resources that use it. (Deleting the resources doesn’t delete the identity) The user-assigned managed identity must be explicitly deleted. Useful in a scenario where you may have multiple VMs that all have the same set of permissions but may get recycled frequently.

Question 8

Device

Answer 8

A device is a piece of hardware, such as mobile devices, laptops, servers, or printers. A device identity gives administrators information they can use when making access or configuration decisions. Device identities can be set up in different ways in Microsoft Entra ID.

-The goal of Microsoft Entra registered devices is to provide users with support for bring your own device (BYOD) or mobile device scenarios. In these scenarios, a user can access your organization’s resources using a personal device.

-A Microsoft Entra joined device is a device joined to Microsoft Entra ID through an organizational account, which is then used to sign in to the device. (devices are generally owned by the organization.)

-Microsoft Entra hybrid joined devices are joined to your on-premises Active Directory and Microsoft Entra ID requiring organizational account to sign in to the device.

Registering and joining devices to Microsoft Entra ID gives users Single Sign-on (SSO) to cloud-based resources.

IT admins can use tools like Microsoft Intune, a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM), to control how an organization’s devices are used.

Question 9

Groups

Answer 9

In Microsoft Entra ID, if you have several identities with the same access needs, you can create a group.

There are two group types:

-A Security Group is the most common type of group and it’s used to manage user and device access to shared resources. Creating security groups requires a Microsoft Entra administrator role.

-A Microsoft 365 group, which is also often referred to as a distribution group, is used for grouping users according to collaboration needs. For example, you can give members of the group access to a shared mailbox, calendar, files SharePoint sites, and more. Members of a Microsoft 365 group can only include users, including users outside of your organization. (you don’t need an administrator role.)

Groups can be configured to allow members to be assigned, that is manually selected, or they can be configured for dynamic membership.
-Dynamic membership uses rules to automatically add and remove identities.

Question 10

Hybrid Identity

Answer 10

Microsoft’s identity solutions span on-premises and cloud-based capabilities. These solutions create a common identity for authentication and authorization to all resources, regardless of location. We call this hybrid identity.

Hybrid identity is accomplished through provisioning and synchronization.

-Inter-directory provisioning is provisioning an identity between two different directory services systems. For a hybrid environment, the most common scenario for inter-directory provisioning is when a user already in Active Directory is provisioned into Microsoft Entra ID.
-Synchronization is responsible for making sure identity information for your on-premises users and groups is matching the cloud.

Question 11

Microsoft Entra Cloud Sync

Answer 11

One of the available methods for accomplishing inter-directory provisioning and synchronization is through Microsoft Entra Cloud Sync.

-Microsoft Entra Cloud Sync is designed to meet and accomplish your hybrid identity goals for the provisioning and synchronization of users, groups, and contacts to Microsoft Entra ID.

-It accomplishes this by using the Microsoft Entra cloud provisioning agent.

The agent provides a lightweight inter-directory provisioning experience that acts as a bridge between Microsoft Entra ID and Active Directory. An organization only needs to deploy the agent in their on-premises or IaaS-hosted environment. The provisioning configuration is stored in Microsoft Entra ID and managed as part of the service.

-The Microsoft Entra Cloud Sync provisioning agent uses the System for Cross-domain Identity Management (SCIM)

Question 12

External Identities

Answer 12

Microsoft Entra External ID refers to all the ways you can securely interact with users outside of your organization.

The following capabilities make up External Identities:

-B2B Collaboration: Enables employees of an organization to collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications. B2B collaboration users are represented in your directory, typically as guest users. They authenticate with their home organization or identity provider, and then your organization checks the guest user’s eligibility for B2B collaboration

–Use Microsoft Entra entitlement management, an identity governance feature that lets you manage identity and access for external users at scale by automating access request workflows, access assignments, reviews, and expiration.

-B2B Direct Connect: Is a new way to collaborate with other Microsoft Entra organizations using Microsoft Teams shared channels. (two-way trust relationship). B2B direct connect users aren’t represented in your Microsoft Entra directory (they aren’t added as guests), but they’re visible from within the Teams shared channel and can be monitored in Teams admin center reports.

-Microsoft Entra External ID for Customers (preview): is Microsoft’s new customer identity and access management (CIAM) solution. This solution is intended for businesses that want to make applications available to their customers using the Microsoft Entra platform for identity and access.

–Single sign-on (SSO) with social and enterprise identities
–Sign-up and sign-in pages to your apps
–Add your company branding to the sign-up page
–Provide self-service account management

-Microsoft Entra Multi-Tenant Organization:Multi-tenant organizations use a one-way synchronization service in Microsoft Entra ID, called cross-tenant synchronization. Cross-tenant synchronization enables seamless collaboration for a multi-tenant organization. It improves user experience and ensures that users can access resources.

Question 13

Authentication Methods

Answer 13

-Passwords are the most common form of authentication, but they have many problems, especially if used in single-factor authentication

-Phone: Microsoft Entra ID supports two options for phone-based authentication.
–SMS-based authentication. Short message service (SMS) used in mobile device text messaging can be used as a primary form of authentication. The user instead enters their registered mobile phone number, receives a text message with a verification code, and enters that in the sign-in interface. Users can also choose to verify their identity through SMS text messaging on a mobile phone
–Voice call verification. Users can use voice calls as a secondary form of authentication, to verify their identity. The user is prompted to press # on their keypad. Voice calls are not supported as a primary form of authentication.

-OATH (Open Authentication) is an open standard that specifies how time-based, one-time password (TOTP) codes are generated.
–Software OATH tokens are typically applications.
–OATH TOTP hardware tokens (supported in public preview) are small hardware devices that look like a key fob that displays a code that refreshes every 30 or 60 seconds.
–Both secondary forms of authentication in Microsoft Entra ID

-Passwordless authentication: Provides ways to natively authenticate using passwordless methods to simplify the sign-in experience for users and reduce the risk of attacks.
–Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This is a combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (biometrics). (serves as a primary form of authentication)
–Fast Identity Online (FIDO) is an open standard for passwordless authentication. FIDO allows users and organizations to leverage the standard to sign in to their resources using an external security key or a platform key built into a device, eliminating the need for a username and password. (typically USB devices, but could also be Bluetooth or Near Field Communication (NFC) based devices) (primary form of authentication)

-Microsoft Authenticator app can be used as a primary form of authentication to sign in. The App turns any iOS or Android phone into a strong, passwordless credential. Can also be used as a software token to generate an OATH verification code.

-Certificate-Based Authentication (CBA) enables customers to allow or require users to authenticate directly with X.509 certificates against their Microsoft Entra identity, for applications and browser sign-in. (primary form of passwordless authentication)

Question 14

Multi-Factor Authentication (MFA)

Answer 14

Multifactor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone or a fingerprint scan.

-Improves the security of an identity.

Microsoft Entra multifactor authentication works by requiring:

-Something you know – typically a password or PIN and
-Something you have – such as a trusted device that’s not easily duplicated, like a phone or hardware key or
-Something you are – biometrics like a fingerprint or face scan.

Security defaults are a set of basic identity security mechanisms recommended by Microsoft. When enabled, these recommendations are automatically enforced in your organization.

-Great option for organizations that want to increase their security posture but don’t know where to start, or for organizations using the free tier of Microsoft Entra ID licensing.

Question 15

Self-service password reset (SSPR)

Answer 15

Self-service password reset (SSPR) is a feature of Microsoft Entra ID that allows users to change or reset their password, without administrator or help desk involvement.

-Reduces help desk calls and loss of productivity when a user can’t sign in to their device or an application.
-SSPR includes robust audit logs that are available from an API, enabling data to be imported to a Security Incident and Event Monitoring (SIEM) system of choice.

To use self-service password reset, users must be:

-Assigned a Microsoft Entra ID license
-Enabled for SSPR by an administrator.
-Registered, with the authentication methods they want to use. (Mobile app notification
, Mobile app code, Email, Mobile phone. Office phone, Security questions)

-Password write-back allows users to use their updated credentials with on-premises devices and applications without a delay.

Question 16

Password protection and Management capabilities

Answer 16

Password protection is a feature of Microsoft Entra ID that reduces the risk of users setting weak passwords. With Microsoft Entra password protection, default global banned password lists are automatically applied to all users in a Microsoft Entra tenant.

-The global banned password list is automatically applied to all users in a Microsoft Entra tenant and can’t be disabled.
-If a Microsoft Entra user tries to set their password to one of these weak passwords, they receive a notification to choose a more secure one.
-Admins can also create custom banned password lists to support specific business security needs.
-Banned password lists are a feature of Microsoft Entra ID P1 or P2 licensing.

Microsoft Entra password protection helps you defend against password spray attacks. Most password spray attacks submit only a few of the known weakest passwords against each of the accounts in an enterprise. This technique allows the attacker to quickly search for an easily compromised account and avoid potential detection thresholds.

-For hybrid security, admins can integrate Microsoft Entra password protection within an on-premises Active Directory environment.

Question 17

Conditional Access

Answer 17

Conditional Access is a feature of Microsoft Entra ID that is implemented through policies and it analyses signals including user, location, device, application, and risk to automate decisions for authorizing access to resources (apps and data).

-Conditional Access policies at their simplest are if-then statements
-Policies are enforced after first-factor authentication is completed

A Conditional Access policy consists of two components:

Assignments: Portion of the policy controls the who, what, where, and when of the Conditional Access policy.
-Users and groups assign who the policy will include or exclude
-Cloud apps or actions can include or exclude cloud applications, user actions, or authentication contexts
-Conditions define where and when the policy will apply
–Sign-in risk is the probability that a given sign-in, or authentication request, isn’t authorized by the identity owner. User risk is the probability that a given identity or account is compromised. (identify suspicious actions)
–Device platform, the operating system that runs on a device can be used when enforcing Conditional Access policies.
–IP location information (Allowed IP ranges, even from an entire country/region’s)
–Clients apps, the software the user is employing to access the cloud app, including browsers, mobile apps, desktop clients, can also be used in access policy decision.
–Organizations can enforce policies based on device properties, by using the filters

Access controls: When the Conditional Access policy has been applied, an informed decision is reached
-Block access
-Grant access, administrators can grant access without any additional control, or they can choose to enforce one or more controls when granting access
-Session. Within a Conditional Access policy, an administrator can make use of session controls to enable limited experiences within specific cloud applications.

Question 18

Microsoft Entra roles and role-based access control (RBAC)

Answer 18

Microsoft Entra roles control permissions to manage Microsoft Entra resources. This is referred to as Microsoft Entra RBAC.

Built-in roles: Are roles with a fixed set of permissions.
-Global administrator: Access to all administrative features in Microsoft Entra.
-User administrator: Can create and manage all aspects of users and groups.
-Billing administrator: Can make purchases, manage subscriptions and support tickets, and monitor service health.

Custom roles: Is a collection of permissions that you choose from a preset list. The list of permissions to choose from are the same permissions used by the built-in roles.

1. Create a custom role definition
2. Assign that role to users or groups by creating a role assignment

-Can be assigned at organization-wide scope (access to all resources)
-Can also be assigned at an object scope. (a single application)
-Custom roles require a Microsoft Entra ID P1 or P2 license.

Question 19

Categories of Microsoft Entra roles

Answer 19

-Microsoft Entra specific roles: These roles grant permissions to manage resources within Microsoft Entra-only.

-Service-specific roles: For major Microsoft 365 services, Microsoft Entra ID includes built-in, service-specific roles that grant permissions to manage features within the service. (Exchange Administrator, Intune Administrator, SharePoint Administrator, and Teams Administrator)

-Cross-service roles: There are some roles within Microsoft Entra ID that span services. For example, Microsoft Entra ID has security-related roles, like Security Administrator, that grant access across multiple security services within Microsoft 365.

Question 20

Microsoft Entra ID Governance

Answer 20

Microsoft Entra ID Governance allows you to balance your organization’s need for security and employee productivity with the right processes and visibility. “Ensure that the right people have the right access to the right resources.”

-Govern the identity lifecycle.
-Govern access lifecycle.
-Secure privileged access for administration.

Intended to help organizations address these four key questions:

-Which users should have access to which resources?
-What are those users doing with that access?
-Are there effective organizational controls for managing access?
-Can auditors verify that the controls are working?

Azure AD and Enterprise Mobility + Security features allows you to mitigate access risk by protecting, monitoring, and auditing access to critical assets

Question 21

Identity Lifecycle

Answer 21

Managing users’ identity lifecycle is at the heart of identity governance. The goal is to achieve a balance between productivity and security.

-Microsoft Entra ID P1 or P2 offers integration with cloud-based HR systems. When a new employee is added to an HR system, Microsoft Entra ID can create a corresponding user account.
-Also includes Microsoft Identity Manager, which can import records from on-premises HR systems.

Managing the lifecycle of an identity is about updating the access that users need, whether through integration with an HR system, or through user provisioning applications.

Question 22

Access Lifecycle

Answer 22

-Access lifecycle is the process of managing access throughout the user’s organizational life. Users require different levels of access from the point at which they join an organization to when they leave it.

Organizations can automate the access lifecycle process through technologies such as:

-Dynamic groups enable admins to create attribute-based rules to determine membership of groups.
–When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any users to be added or removed from a group.
–If a user or device satisfies a rule for a group, they’re added as a member of that group. If they no longer satisfy the rule, they’re removed.

-Azure AD Access Reviews enforce review on a regular basis to maje sure only the right people have continued access

Question 23

Access Reviews

Answer 23

Microsoft Entra access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignment. Regular access reviews ensure that only the right people have access to resources.

-Microsoft Entra ID enables you to collaborate with users from inside your organization and with external users.

Use access reviews if: Too many users in privileged roles, Business critical data access, To maintain a policy’s exception list, Ask group owners to confirm they still need guests in their groups, Have reviews recur periodically.

-Ensure that users or guests have appropriate access
-Microsoft Entra access reviews support up to three review stages, in which multiple types of reviewers engage in determining who still needs access to company resources. (Multi-stage access reviews)

When the review is complete, it can be set to manually or auto-apply changes to remove access from a group membership or application assignment, except for a dynamic group or a group that originates on-premises.

Question 24

Privileged Access Lifecycle

Answer 24

Monitoring privileged access is a key part of identity governance. When employees, vendors, and contractors are assigned administrative rights, there should be a governance process because of the potential for misuse.

Microsoft Entra Privileged Identity Management (PIM) provides extra controls tailored to securing access rights.
-PIM helps you minimize the number of people who have access to resources across Microsoft Entra ID, Azure, and other Microsoft online services.
-PIM provides a comprehensive set of governance controls to help secure your company’s resources.

Question 25

Entitlement Management

Answer 25

Entitlement management is an identity governance feature that enables organizations to manage the identity and access lifecycle at scale. Entitlement management automates access request workflows, access assignments, reviews, and expiration.

-Entitlement management uses access packages to manage access to resources.
-Feature of Entra ID Premium 2

Microsoft Entra terms of use allow information to be presented to users, before they access data or an application. Terms of use ensure users read relevant disclaimers for legal or compliance requirements.

Question 26

Microsoft Entra Privileged Identity Management

Answer 26

Privileged Identity Management (PIM) is a service of Microsoft Entra ID that enables you to manage, control, and monitor access to important resources in your organization.

-Just in time, providing privileged access only when needed, and not before.
-Time-bound, by assigning start and end dates that indicate when a user can access resources.
-Approval-based, requiring specific approval to activate privileges.
-Visible, sending notifications when privileged roles are activated.
-Auditable, allowing a full access history to be downloaded.
-Feature of Entra ID Premium 2

Why use PIM? It reduces the chance of a malicious actor getting access by minimizing the number of people who have access to secure information or resources.

You can use PIM with: -Microsoft Entra roles -Azure roles
-PIM for Groups – Provide just-in-time membership in the group and just-in-time ownership of the group.

General Workflow
-Assign - The assignment process starts by assigning roles to members.
-Activate - If users have been made eligible for a role, then they must activate the role assignment before using the role.
-Approve or deny - Delegated approvers receive email notifications when a role request is pending their approval.
-Extend and renew - When a role assignment nears expiration, the user can use PIM to request an extension for the role assignment.

-You can use the Privileged Identity Management (PIM) audit history to see all role assignments and activations within the past 30 days for all privileged roles.

Question 27

Entra ID Protection

Answer 27

Identity Protection is a tool that allows organizations to:

-Automate the detection and remediation of identity-based risks.
-Investigate risks using data in the portal.
-Export risk detection data to third-party utilities for further analysis.

Detection: Can be categorized as low, medium, or high, and calculated in real-time or offline.
-A sign-in risk represents the probability that a given authentication request isn’t authorized by the identity owner. (Anonymous IP address, Atypical travel, Unfamiliar sign-in properties, M-E threat intelligence)
-A user risk represents the probability that a given identity or account is compromised. (Anomalous user activity, User reported suspicious activity, Leaked credentials, M-E threat intelligence)

Investigation: Provides organizations with three reports that they can use to investigate identity risks.
-Risk detections: Each risk detected is reported as a risk detection.
-Risky sign-ins: A risky sign-in is reported when there are one or more risk detections reported for that sign-in.
-Risky users: A Risky user is reported when either or both of the following are true:
–The user has one or more Risky sign-ins.
–One or more risk detections have been reported.

Question 28

Entra ID Protection 2

Answer 28

Remediate: Organizations can enable automated remediation using their risk policies. If the user successfully completes the access control, the risk is automatically remediated.

Export:
Data from Identity Protection can be exported to other tools for archive, further investigation, and correlation. (SIEM, Log Analytics Workspace, Storage Account, Event Hubs and more)

Workload Identity:
A workload identity is an identity that allows an application or service principal access to resources.
-Can’t perform multifactor authentication.
-Often have no formal lifecycle process.
-Need to store their credentials or secrets somewhere.

Microsoft Entra ID Protection helps organizations manage this risk by providing workload identity risk detections across sign-in behavior and other indicators of compromise

Question 29

Microsoft Entra Permissions Management

Answer 29

Microsoft Entra Permissions Management is a cloud infrastructure entitlement management (CIEM) product that provides comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS and GCP.

-This functionality helps organizations address the Zero Trust principle of least privilege access.
-Organizations adopting multicloud face challenges in visibility and managing access

-Permissions Management detects, automatically right-sizes (remediates), and continuously monitors unused and excessive permissions.

Discover: Assess permission risks by evaluating the gap between permissions granted and permissions used.
-Cross-cloud permissions discovery
-Permission Creep Index (PCI): An aggregated metric that periodically evaluates the level of risk associated with the number of unused or excessive permissions across your identities and resources.
-Permission usage analytics: Multi-dimensional view of permissions risk for all identities, actions, and resources.

Remediate: Customers can right-size permissions based on usage, grant new permissions on-demand, and automate just-in-time access for cloud resources.
-Automated deletion of permissions unused for the past 90 days.
-Permissions on-demand: Grant identities permissions on-demand for a time-limited period

Monitor: Customers can detect anomalous activities with machine learning-powered (ML-powered) alerts and generate detailed forensic reports.
-Get comprehensive visibility
-Automate least privilege access
-Consistent security policies across your cloud infrastructure.

Question 30

Microsoft Entra Verified ID

Answer 30

Microsoft Entra Verified ID is a managed verifiable credentials service based on open standards. Verified ID automates verification of identity credentials and enables privacy-protected interactions between organizations and users.