Microsoft Releases ID Governance Service plus SLA Performance Preview
Microsoft described a few of additions to its Microsoft Entra identity and access management products this week.
For instance, Microsoft is now previewing the ability of tenancies using the Microsoft Entra Azure Active Directory service to review the performance of their service level agreements (SLAs), per a Tuesday announcement. Next, the Microsoft Entra ID Governance service has now reached the "general availability" commercial-release stage, per a Wednesday announcement.
Microsoft Entra is Microsoft's branding for about six different identity and access management services, as described at this product landing page.
Microsoft Entra ID Governance General Availability
Microsoft Entra ID Governance enables identity controls across "on-premises and cloud apps and resources," and it's now deemed ready for commercial use by Microsoft.
Microsoft described this governance product as having automation capabilities that address the "identity lifecycle" within organizations. For instance, the service can update access permissions automatically "when employees change roles or move," according to the Microsoft Entra ID Governance landing page. It will automatically assign application access permissions "based on employee group memberships." It also has so-called "entitlement management" capabilities to check resource access by "partners, suppliers and guests."
IT pros get a dashboard view with the Microsoft Entra ID Governance service showing stats about the number of employees, guests and groups, as well as the number of business applications. It also shows policy configurations for users and apps, plus the number of "access reviews" that have been set up. There's also a new capability added to entitlement management that leverages the Microsoft Entra Verified ID preview to confirm the digital identities of users.
Partner support is available to implement the Microsoft Entra ID Governance service from "Edgile, a Wipro company, EY LLP, KPMG firms and PwC," the announcement indicated.
Organizations will be able to purchase licensing to use Microsoft Entra ID Governance "starting July 1," the announcement indicated. A free trial can be accessed from Microsoft's landing page.
Organizations likely will need Azure Active Directory Premium P2 licensing to use the product. Organizations having Microsoft 365 E5 plans already have Azure Active Directory Premium P2 licensing, according to Microsoft's pricing page.
The announcement suggested that "ID Governance can be added to Azure AD Premium P1 or P2 licenses," but it's unclear what this means because it's already included in the P2 licensing, and it's not included in the P1 licensing.
Azure AD SLA Performance Preview
Microsoft is previewing the ability of organizations "with at least 5,000 monthly active users signing in" to see their actual SLA performance for their Azure AD tenancies. This preview is currently available via "the Entra and Azure portals."
The idea behind the SLA is that Microsoft is assuring "four nines" (99.99 percent) service uptime per billing month. Should the service fall below that threshold, organizations can apply for a service credit (no monetary compensation). However, it's a tiered scheme.
For instance, organizations just get a 10-percent service credit at <99.99 percent uptime per month. It's a 25-percent service credit at <99.9 percent and a 50-percent credit at <99 percent. A full service credit is only allowed at <95 percent per month. Microsoft's calculation details can be downloaded from this page.
A 99.99 percent SLA equates to "4.38 minutes" of downtime per month, according to this Wikipedia page.
Microsoft already publishes global stats on how well the Azure AD service has maintained its uptime relative to its 99.99 percent SLA promise to customers. Globally, the Azure AD service has "exceeded 4-nines' SLA for over 16 months running (as of June 2023)," per the announcement.
Microsoft also touted Azure AD "resilience" protections via a "Backup Auth System" it introduced in 2021 to address Azure AD service failures. Should an Azure AD failure occur, this backup system will take on the task of authenticating users if the following conditions are met:
- The user has authenticated with the same app and device within the last three days;
- The user is authenticating as a member of their home tenant and not a B2B user;
- Resilience defaults for that user authentication are enabled; and
- The user's authentication has not been recently revoked or restricted.
The Backup Auth System will be getting improvements over the "next 12 to 18 months." It will get protections for Android OS apps, SAML Web apps and "non-Microsoft applications requesting OpenID Connect access tokens."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.