Microsoft Entra feature availability
This following tables list Microsoft Entra feature availability in Azure Government.
Microsoft Entra ID
Service | Feature | Availability |
---|---|---|
Authentication, single sign-on, and MFA | Cloud authentication (Pass-through authentication, password hash synchronization) | ✅ |
Federated authentication (Active Directory Federation Services or federation with other identity providers) | ✅ | |
Single sign-on (SSO) unlimited | ✅ | |
Multifactor authentication (MFA) | ✅ | |
Passwordless (Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations) | ✅ | |
Certificate-based authentication | ✅ | |
Service-level agreement | ✅ | |
Applications access | SaaS apps with modern authentication (Microsoft Entra application gallery apps, SAML, and OAUTH 2.0) | ✅ |
Group assignment to applications | ✅ | |
Cloud app discovery (Microsoft Defender for Cloud Apps) | ✅ | |
Application Proxy for on-premises, header-based, and Integrated Windows Authentication | ✅ | |
Secure hybrid access partnerships (Kerberos, NTLM, LDAP, RDP, and SSH authentication) | ✅ | |
Authorization and Conditional Access | Role-based access control (RBAC) | ✅ |
Conditional Access | ✅ | |
SharePoint limited access | ✅ | |
Session lifetime management | ✅ | |
Identity Protection (vulnerabilities and risky accounts) | See Identity protection below. | |
Identity Protection (risk events investigation, SIEM connectivity) | See Identity protection below. | |
Administration and hybrid identity | User and group management | ✅ |
Advanced group management (Dynamic groups, naming policies, expiration, default classification) | ✅ | |
Directory synchronization—Microsoft Entra Connect (sync and cloud sync) | ✅ | |
Microsoft Entra Connect Health reporting | ✅ | |
Delegated administration—built-in roles | ✅ | |
Global password protection and management – cloud-only users | ✅ | |
Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory | ✅ | |
Microsoft Identity Manager user client access license (CAL) | ✅ | |
End-user self-service | Application launch portal (My Apps) | ✅ |
User application collections in My Apps | ✅ | |
Self-service account management portal (My Account) | ✅ | |
Self-service password change for cloud users | ✅ | |
Self-service password reset/change/unlock with on-premises write-back | ✅ | |
Self-service sign-in activity search and reporting | ✅ | |
Self-service group management (My Groups) | ✅ | |
Self-service entitlement management (My Access) | ✅ | |
Identity governance | Automated user provisioning to apps | ✅ |
Automated group provisioning to apps | ✅ | |
HR-driven provisioning | Partial. See HR-provisioning apps. | |
Terms of use attestation | ✅ | |
Access certifications and reviews | ✅ | |
Entitlement management | ✅ | |
Privileged Identity Management (PIM), just-in-time access | ✅ | |
Event logging and reporting | Basic security and usage reports | ✅ |
Advanced security and usage reports | ✅ | |
Identity Protection: vulnerabilities and risky accounts | ✅ | |
Identity Protection: risk events investigation, SIEM connectivity | ✅ | |
Frontline workers | SMS sign-in | ✅ |
Shared device sign-out | Enterprise state roaming for Windows 10 devices isn't available. | |
Delegated user management portal (My Staff) | ❌ |
Identity protection
Risk Detection | Availability |
---|---|
Leaked credentials (MACE) | ✅ |
Microsoft Entra threat intelligence | ❌ |
Anonymous IP address | ✅ |
Atypical travel | ✅ |
Anomalous Token | ✅ |
Token Issuer Anomaly | ✅ |
Malware linked IP address | ✅ |
Suspicious browser | ✅ |
Unfamiliar sign-in properties | ✅ |
Admin confirmed user compromised | ✅ |
Malicious IP address | ✅ |
Suspicious inbox manipulation rules | ✅ |
Password spray | ✅ |
Impossible travel | ✅ |
New country | ✅ |
Activity from anonymous IP address | ✅ |
Suspicious inbox forwarding | ✅ |
Additional risk detected | ✅ |
HR provisioning apps
HR-provisioning app | Availability |
---|---|
Workday to Microsoft Entra user provisioning | ✅ |
Workday Writeback | ✅ |
SuccessFactors to Microsoft Entra user provisioning | ✅ |
SuccessFactors to Writeback | ✅ |
Provisioning agent configuration and registration with Gov cloud tenant | Works with special undocumented command-line invocation:AADConnectProvisioningAgent.Installer.exe ENVIRONMENTNAME=AzureUSGovernment |
Other Microsoft Entra products
Microsoft Entra Workload Identities Premium edition is available in the US government clouds. Microsoft Entra ID Governance and Microsoft Entra Permissions Management products aren't yet available in the US government or US national clouds.
Palaute
https://aka.ms/ContentUserFeedback.
Tulossa pian: Vuoden 2024 aikana poistamme asteittain GitHub Issuesin käytöstä sisällön palautemekanismina ja korvaamme sen uudella palautejärjestelmällä. Lisätietoja on täällä:Lähetä ja näytä palaute kohteelle