Pro User
explore our new search
Microsoft Entra Update: Enhance Workload Identity Security
Image Source:
Microsoft Entra
Mar 30, 2024 4:00 PM

Microsoft Entra Update: Enhance Workload Identity Security

by HubSite 365 about Microsoft

Software Development Redmond, Washington

AdministratorMicrosoft EntraM365 ReleaseM365 Admin

Boost Azure resilience: Microsoft Entra enhances workload identity authentication - learn how!

Key insights



  • Microsoft Entra enhances resilience in workload identity authentication through a multilayered approach including a backup system.
  • The backup authentication system, an industry-first innovation introduced in 2021, ensures service continuity for Azure-based services and customer workloads.
  • Workload identities benefit from regional isolation and backup systems, ensuring high resilience and availability across global and regional infrastructure.
  • Regionally isolated authentication endpoints enable efficient, local authentication without dependencies on other regions, bolstered by proactive cache refreshing.
  • Microsoft plans to extend backup authentication coverage to all infrastructure authentication requests, maintaining a 99.99% uptime guarantee.

Understanding Microsoft Entra's Resilience in Identity Authentication

Microsoft Entra is not only the identity system for users; it’s also the identity and access management (IAM) system for Azure-based services, all internal infrastructure services at Microsoft, and our customers’ workload identities. This is why our 99.99% service-level promise extends to workload identity authentication, and why Microsoft continues to improve our service’s resilience through a multilayered approach that includes the backup authentication system.

In 2021, Microsoft introduced the backup authentication system, as an industry-first innovation that automatically and transparently handles authentications for supported workloads when the primary Microsoft Entra ID service is degraded or unavailable. Through 2022 and 2023, Microsoft continued to expand the coverage of the backup service across clouds and application types.

Today, we’re sharing how workload identities gain resilience from the regionally isolated authentication endpoints as well as from the backup authentication system. We explore two complementary methods that best fit our regional-global infrastructure. Examples include when an Azure virtual machine (VM) authenticates its identity to Azure Storage or when one of our customers’ workloads authenticates to application programming interfaces (APIs).

Regionally isolated authentication endpoints provide region-isolated authentication services to an Azure region. All frequently used identities will authenticate successfully without dependencies on other Azure regions. Essentially, they are the primary endpoints for Azure infrastructure services as well as the primary endpoints for managed identities in Azure. Managed identities help prevent out-of-region failures by consolidating service dependencies, and improving resilience by handling certificate expiry, rotation, and trust.

Read the full article Microsoft Entra resilience update: workload identity authentication



People also ask

What is Microsoft Entra workload ID?

In the realm of digital identity, non-human entities such as apps and services are identified through what are known as "workload identities." Microsoft Entra incorporates these identities, encompassing both applications and service principals within its framework.

Which choice correctly describes Microsoft Entra ID?

Microsoft Entra ID stands as Microsoft's cloud-centric solution for identity and access management. It plays a pivotal role in linking individuals with their applications, devices, and the data they rely on.

How much does entra workload identities cost?

Utilizing Microsoft Entra Workload Identities incurs a charge of $3 per identity on a monthly basis. Additionally, Microsoft provides an opportunity to explore this service through a complimentary 90-day trial accessible via the Microsoft Azure Portal.

What is Microsoft Entra ID P2?

Beyond the offerings encompassed within the Free and P1 tiers, the P2 level introduces Microsoft Entra ID Protection. This feature enhances security through risk-based Conditional Access to applications and vital corporate data. Furthermore, it encompasses Privileged Identity Management, empowering organizations to uncover, regulate, and oversee administrators and their resource access, while also facilitating just-in-time access provisioning.



Microsoft Entra resilience, workload identity authentication, Entra update, Microsoft security update, identity management solutions, workload identity security, Microsoft Entra features, Entra authentication enhancements