What is Entra ID?
Entra ID (formerly known as Azure Active Directory) is Microsoft’s cloud-based identity and access management service for users, devices, applications and resources. It is an essential component of modern Zero Trust architectures.
Entra ID enables centralised, Cloud-native authentication and authorisation, and is increasingly being used in industrial (OT) environments for secure access and management.
🧠 How does Entra ID work?
- Users sign in with their Microsoft Entra account
- Authentication is handled in the cloud, optionally supporting:
- Multi-Factor Authentication (MFA)
- Conditional Access
- Single Sign-On (SSO)
- Entra ID integrates with:
- Microsoft 365, Azure, and numerous SaaS apps
- VPN, RADIUS, SCADA portals via federation or SAML/OIDC
- On-premises Active Directory via Entra Connect (hybrid setup)
Entra ID does not fully replace traditional domains, but extends identity management to the cloud.
🏭 Application of Entra ID in OT networks
- Remote access to OT networks with centralised, cloud-based access control
- Authentication of users on SCADA web portals or Historian dashboards via SSO
- VPN connections linked to Entra ID via RADIUS or Azure MFA Server
- Integration with on-premises Active Directory to manage existing OT accounts in the cloud
- Applying Conditional Access based on location, device status or risk level
Entra ID supports Zero Trust principles: no implicit trust – every user and every device must prove themselves.
🔍 Entra ID vs. Active Directory
| Aspect | Entra ID (Azure AD) | Active Directory (on-premises) |
|---|---|---|
| Location | Cloud-based | Local, on domain controllers |
| Authentication | Modern (OIDC, SAML, OAuth, MFA, CA) | Classic (Kerberos, NTLM) |
| Management | Web portal, APIs | Windows Admin Tools |
| OT integration | Via federation, RADIUS, VPN, SSO | Direct (e.g. via Group Policy) |
| Use in OT | For remote access and hybrid management | For local users and system bindings |
🔐 Security aspects
- Implement MFA for all users, particularly for administrators and external personnel
- Use Conditional Access to base access on risk level, location or device status
- Restrict access to OT resources via Firewall, VLAN and federation policies
- Monitor logins and suspicious activity via Microsoft Sentinel or SIEM
- Segment cloud management of production via RBAC and privileged identity management (PIM)
Security in Entra ID is based on identity, context and continuous evaluation.
📌 In summary
Entra ID is Microsoft’s cloud identity service and is a key component of modern IT/OT security. It enables secure remote management, federated access and identity-driven control – crucial for Zero Trust in industrial networks.