Describe access management capabilities of Microsoft Entra

A key function of Microsoft Entra is to manage access. Learn about Microsoft's Security Service Edge (SSE) solution, conditional access, and how Microsoft Entra roles and role-based access control (RBAC) help organizations manage access. Learning objectives By the end of this module, you'll be able to: Describe Conditional Access in Microsoft Entra ID. Describe Microsoft Entra roles and role-based access control. Describe Global Secure Access in Microsoft Entra.

Conditional Access policies are

enforced after first-factor authentication is completed

assignments and access controls

A Conditional Access policy in Microsoft Entra ID consists of two components

Access controls

determine how a Conditional Access policy is enforced once assignments are satisfied

Authentication strength

a Conditional Access grant control that specifies which combinations of authentication methods users can use to access a resource.

Global Secure Access

is Microsoft's Security Service Edge (SSE) solution, built on Zero Trust principles of verifying explicitly, using least privilege, and assuming breach. It combines Microsoft Entra Internet Access, Microsoft Entra Internet Access for Microsoft Services, and Microsoft Entra Private Access—together with Microsoft Defender for Cloud Apps—to converge network, identity, and endpoint access controls so organizations can secure access to any app or resource, from any location, device, or identity

SSE helps organizations address security challenges such as:

• Reducing the risk of lateral movement through a compromised VPN tunnel.

• Putting a security perimeter around internet-based assets.

• Improving service in remote locations, such as branch offices.