Microsoft Entra ID
Cloud identity and access management (formerly Azure Active Directory)
Overview
Microsoft Entra ID is the foundation of identity for Microsoft 365 and Azure. It handles authentication, single sign-on, conditional access, and MFA for your entire organisation. Formerly known as Azure Active Directory, it was rebranded in 2023 as part of the broader Entra family.
Why Use It
Entra ID is non-negotiable if you're on Microsoft 365. It's the identity backbone that makes Conditional Access, Intune compliance policies, and Defender signals all work together. Without properly configured Entra ID, your other Microsoft tools are significantly weaker.
Why Not
If you're not a Microsoft shop and prefer open standards, Okta or similar IdPs may integrate more cleanly with your stack. Entra ID's value is maximised when used alongside other Microsoft tools.
Pros & Cons
Pros
- Foundation of the Microsoft security stack — required for Conditional Access
- P1 included in M365 Business Premium
- Seamless SSO across thousands of SaaS apps
- Self-service password reset reduces helpdesk load
- Privileged Identity Management (P2) for just-in-time admin access
Cons
- P2 features (PIM, Identity Protection) require expensive E5 or separate P2 licence
- Hybrid environments (on-prem AD sync) add complexity
- Conditional Access policies require careful design to avoid user lockouts
- Guest B2B access management can become complex at scale
- Rebranding from Azure AD causes documentation confusion
How to Get the Most Out of It
- Enable Security Defaults at minimum — or better, configure Conditional Access policies from day one
- Require MFA for all users, with no exceptions for shared or service accounts
- Use Named Locations to mark trusted office IP ranges and tighten policies for unknown locations
- Enable Entra ID Protection (P2) to get risk-based sign-in policies that block anomalous logins automatically
- Use Access Reviews (P2) to periodically audit guest and privileged account access