Product and Support News

Beta: Unify Identity Management with Microsoft Entra ID Synchronization

Five Reasons to Transition Away from On-Premises Identity Systems

In today’s cloud-centric IT landscape, identity is the new perimeter. For most organizations, Microsoft Entra ID (formerly Azure Active Directory) has become the center of gravity for identity - the authoritative source for who your users are, what groups they belong to, and what they can access.

The challenge, however, is ensuring this source of truth is consistently reflected across your entire security stack, from the cloud applications users access to the network resources they connect to. Manually creating users and mirroring group structures across different platforms is time-consuming, error-prone, and creates security gaps.

At WatchGuard, we believe in a unified approach. That’s why we are excited to announce the public beta for our new Directories and Domain Services (DDS) with Microsoft Entra ID synchronization! This is a foundational step in making identity management across the WatchGuard ecosystem seamless, automated, and more secure.

The Challenge: Breaking Down Identity Silos

As you deploy more services within the WatchGuard Unified Security Platform, from network security with your FireCloud users to advanced protection of your endpoints, managing user identities separately for each service is  a major administrative burden. MSPs need a way to ensure that when a new employee joins an organization or a team structure changes in Entra ID, those changes are automatically applied everywhere your security policies and services depend on them.

The Solution: A Centralized Hub for Your Cloud Identity

The Directories and Domain Service (DDS) is the new identity cornerstone of the WatchGuard Cloud platform. It’s designed to be the central repository of users, groups, and devices for all WatchGuard products.

With this beta, we are introducing our first and most critical connector: Microsoft Entra ID. By linking your Entra ID tenant to DDS, you can:

  • Synchronize users, groups, and their memberships directly from the cloud.
  • Automate the user lifecycle, so additions, deletions, and changes in Entra ID are automatically reflected in WatchGuard Cloud.

What’s in it for You? A Single Source of Truth for Security

By centralizing identity management with DDS, you can transform your administrative workflow and strengthen your security posture.

  • Establish a Single Source of Truth: Eliminate identity silos and make Entra ID the definitive source for user and group information. This ensures consistency across every layer of your security.
  • Power Zero Trust Access with FireCloud: The benefits of DDS extend immediately beyond authentication. FireCloud customers can leverage the same synchronized users and groups from Entra ID to build and apply granular Zero Trust policies. This means you can define network access rules based on the Entra ID groups your users already belong to, ensuring that access rights are consistent from the cloud right down to the network level.
  • A True Foundation for the Unified Security Platform: This isn't a future promise; it's a present-day reality. With this beta, two major services immediately leverage DDS:
    • AuthPoint MFA: Easily apply strong, multi-factor authentication policies to your synchronized Entra ID groups. For the ultimate level of integration, this synchronization makes AuthPoint a perfect fit for Microsoft's External Authentication Method (EAM). While not mandatory, this powerful capability allows you to configure AuthPoint as a recognized MFA provider directly within Entra ID's Conditional Access policies, securing the primary login to Microsoft 365 and Entra itself.
    • FireCloud: Build granular Zero Trust policies using the same Entra ID users and groups for network access for non-MFA authentication flows.

Who Should Join?

We invite our customers and partners to participate, especially those who:

  • Use Microsoft Entra ID as their primary identity provider (IdP).
  • Use FireCloud and want to implement  global Zero Trust policies
  • Want to re-align  setting  AuthPoint MFA risk-based policies.
  • Are Partners (MSPs) seeking to standardize zero trust access, user management, and group management across multiple customer tenants and products.

Ready to Join the Beta?

It's quick and easy to join the beta. To get started, click here to visit our beta management site. You’ll find information about all the changes and instructions to enable the beta feature.

We look forward to hearing your suggestions and feedback!

The WatchGuard Team

Filed under: WatchGuard Cloud Platform
Blog Home

Related Posts

Robo credenciales.jpg
Article

WatchGuard Cloud Goes Dark (Mode)

Article

WatchGuard Cloud Goes Dark (Mode)

Dark Mode has arrived in WatchGuard Cloud!

WatchGuard Cloud users can now activate Dark Mode, with a simple toggle, delivering the same powerful visibility, control, and reporting experience in a sleek, low-light interface.

Designed for long sessions, late-night monitoring, and reduced eye strain, Dark Mode aligns with how modern IT and security teams actually work. Whether managing Fireboxes, AuthPoint, Endpoint Security, or ThreatSync, every module now supports a consistent dark theme optimized for clarity and focus.

WGC Dark Mode

Switching is instant. Users can toggle Dark Mode in their WatchGuard Cloud profile settings or automatically set it to follow system preferences.

WGC Dark Mode

Dark Mode isn’t just a slick new look; it’s part of WatchGuard’s broader commitment to usability and experience across our Unified Security Platform®. Dark Mode reflects a design system that adapts to the operator, not the other way around.

Dark mode is available now, so  turn the lights off and get started! 

Read Article
Blog_Engagement_
Article

Introducing the WatchGuard Agent Beta

Article

Introducing the WatchGuard Agent Beta

WatchGuard is introducing the WatchGuard Agent Beta, a unified software agent designed to streamline security deployment and management across the WatchGuard ecosystem.

The WatchGuard Agent consolidates multiple endpoint agents into a single, modular installer. In its initial release, it supports WatchGuard Endpoint Security, FireCloud (SASE), and ThreatSync NDR collectors. It operates across Windows, macOS, and Linux, with centralized administration through WatchGuard Cloud.

Unified Deployment and Management
With the WatchGuard Agent, administrators install once and activate only the components they need. Updates are delivered automatically and in real time, minimizing exposure windows and ensuring consistent protection. Through WatchGuard Cloud, administrators gain a unified view of agent health, component status, and security posture, along with advanced configuration features including Active Directory/IP-based targeting, caching, proxy configuration, and WPAD support.

Key Advantages

  • One installer for all WatchGuard products (coming soon), reducing deployment time and costs.
  • Centralized, automatic updates keep all components current.
  • Rapid and consistent patching of critical vulnerabilities across environments.
  • Unified visibility and reporting in WatchGuard Cloud for simplified monitoring.
  • On-demand activation of new features and products, accelerating time-to-value.

Built for Performance and Flexibility
Unlike traditional, resource-heavy endpoint agents, the WatchGuard Agent uses a modular design that activates only the necessary components. This reduces system overhead and improves performance while simplifying setup and scaling. The result is a faster, lighter, and more efficient deployment experience.

Roadmap
The current beta release supports endpoint protection, FireCloud, and NDR. Future releases will extend to AuthPoint, enabling deployment of the AuthPoint logon app and network security capabilities such as HTTPS inspection certificate management, VPN, and SSO support. By 2026, the WatchGuard Agent will provide a single foundation for deploying and managing WatchGuard’s complete portfolio of network, endpoint, and identity security solutions.

Availability
The WatchGuard Agent Beta is available now. Partners and customers can begin testing today through WatchGuard Cloud.

Read Article
Img_blog_ZeroTrust.jpg
Article

Now in Beta: New Zero Trust Policies in WatchGuard Cloud

Article

Now in Beta: New Zero Trust Policies in WatchGuard Cloud

We're excited to announce a significant step forward in our mission to provide you with a unified Zero Trust Access experience in WatchGuard Cloud! As part of platform enhancements on the WatchGuard Identity Framework, our global zero trust policy engine and policy templates are now shared policy configurations for AuthPoint – In Beta.

WHAT DOES THIS MEAN FOR YOU?

Simply put, WatchGuard Cloud is centralizing policy management with a new feature called Zero Trust Policy Based Access. You can now add and edit policies and conditions for multiple products in WatchGuard Cloud such as AuthPoint. These enhancements ensure that zero trust risk-based policies are defined and enforced consistently across your organization for WatchGuard products and services going forward.

READY TO GET STARTED?

It's quick and easy to join the beta. To get started, click here to visit our beta management site. You’ll find information about all of the changes and instructions to enable the beta feature.

We look forward to hearing your suggestions and feedback!

The beta team.

Read Article
Blog Home