Hubbry Logo
Microsoft Entra IDMicrosoft Entra IDMain
Open search
Microsoft Entra ID
Community hub
Microsoft Entra ID
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Microsoft Entra ID
Microsoft Entra ID
Microsoft Entra ID
View on Wikipedia
from Wikipedia
Microsoft Entra ID
DeveloperMicrosoft
TypeCloud-based identity management service
Launch dateOctober 27, 2008; 17 years ago (2008-10-27)
PlatformCross-platform
StatusActive
WebsiteOfficial Site

Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution. It is a directory and identity management service that operates in the cloud and offers authentication and authorization services to various Microsoft services, such as Microsoft 365, Dynamics 365, Microsoft Azure, and third-party services.[1] Entra ID provides users with a single sign-on experience, called "work or school accounts",[2] regardless of whether their applications are cloud-based or on-premises.

Entra ID offers various authentication methods, including password-based, multi-factor, smart card, and certificate-based authentication. It also includes several security features, such as conditional access policies, risk-based authentication, and identity protection.[3]

On July 11, 2023, Microsoft announced the renaming of Azure AD to Microsoft Entra ID to improve consistency with other Microsoft cloud products.[4] The name change took place on July 15, 2023.[5]

See also

[edit]

References

[edit]

Further reading

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Microsoft Entra ID

View on Grokipedia
from Grokipedia
Entra ID is a cloud-based identity and access management (IAM) service developed by , functioning as the foundational product within the broader Entra family of identity and network access solutions. It enables organizations to create, manage, and protect user identities while controlling access to applications, , devices, and resources across and on-premises environments. Originally launched as Azure in 2013 as part of the Azure platform, it was rebranded to Entra ID in July 2023 to emphasize its expanded role in multicloud identity management and alignment with Zero Trust security models. At its core, Microsoft Entra ID provides robust authentication and authorization capabilities, including (SSO), (MFA), and (SSPR), which simplify user sign-ins and enhance security by verifying identities before granting access. It supports hybrid identity scenarios through integration with on-premises via tools like Microsoft Entra Connect, allowing seamless synchronization of user accounts and credentials between local and cloud infrastructures. Key features also include policies that enforce dynamic risk-based decisions, such as requiring additional verification for high-risk logins, and integration with API for programmatic identity management. These elements make it essential for enterprises using , Azure, and other services, where it handles billions of authentications daily to protect against threats like and credential compromise. Beyond basic IAM, Microsoft Entra ID extends to advanced scenarios through companion products in the Entra suite, such as Microsoft Entra ID Governance for automated lifecycle management of identities and entitlements, and Microsoft Entra ID Protection for real-time threat detection using . It also facilitates external identity management via Microsoft Entra External ID, enabling secure collaboration with customers, partners, and guests without compromising internal security. As of 2025, ongoing enhancements focus on AI-driven security insights and broader support for workload identities in cloud-native applications, positioning it as a critical component of modern cybersecurity strategies.

History

Origins and early development

Microsoft's early forays into management began with the launch of Microsoft Passport in 1999, a service aimed at providing secure for web-based commerce and consumer services. This system served as the foundation for user in key Microsoft offerings, such as Hotmail email and the MSN portal, enabling seamless access across multiple online properties without repeated logins. By facilitating centralized management, Passport addressed the growing need for simplified user experiences in the emerging ecosystem. In the mid-2000s, evolved this technology amid shifting strategies toward and broader web services. The service was rebranded as Windows Live ID around 2006, integrating it into the suite of consumer applications and emphasizing federation capabilities for enhanced . This rebranding supported authentication for an expanding array of services, including Windows Live Messenger and further iterations of Hotmail, while positioning it as a more flexible platform for partner integrations. Windows Live ID marked a transition from Passport's initial focus on universal web sign-on to a more targeted role in Microsoft's consumer cloud ecosystem. The groundwork for enterprise identity was established with the introduction of directory services in Microsoft's Business Productivity Online Suite (BPOS) in late 2009. Formerly known as part of early cloud trials, BPOS provided hosted versions of Exchange, , and Office Communications Online, relying on integrated directory services for user provisioning, authentication, and synchronization with on-premises . This suite represented Microsoft's initial push into cloud-based productivity, where directory management became essential for secure multi-tenant access and administrative control. BPOS's directory capabilities laid the basis for scalable identity handling in environments, bridging and enterprise needs. Microsoft's broader cloud strategy crystallized with the announcement of the Windows Azure platform on October 28, 2008, at the Professional Developers Conference. Positioned as a PaaS offering for developers, Windows Azure included foundational elements like .NET Services with service-based , foreshadowing integrated identity features. As Azure evolved, early previews of identity components emerged in , aligning directory services with cloud resource management and SaaS integrations. Azure Active Directory entered public preview in late 2012, with general availability achieved on April 9, 2013, introducing core functionalities such as basic user and group management, (SSO) via , and directory services tailored for Azure virtual machines and third-party SaaS applications. This launch focused on enabling secure, cloud-native identity for developers and enterprises, supporting directory synchronization and without requiring on-premises infrastructure. Subsequent enhancements in 2014 built on this foundation, but the initial release established Azure AD as a pivotal component of Microsoft's cloud identity portfolio.

Evolution and key milestones

In March 2014, Microsoft introduced Azure AD Premium, a paid tier that enhanced the free edition with advanced capabilities such as , allowing users to recover access without administrator intervention, and dynamic group management for automated membership assignment based on user attributes. In September 2014, Microsoft released Azure AD Sync (later renamed Azure AD Connect), a tool designed to synchronize identities between on-premises and Azure Active Directory, enabling hybrid identity management for organizations transitioning to the cloud. This release addressed the need for seamless integration of existing directory services with cloud-based authentication, supporting features like password hash synchronization and . Later that year, enhancements built on Premium's foundation. Between 2016 and 2018, several key enhancements expanded Azure AD's security and management features. In September 2016, Azure AD Premium P2 achieved general availability, incorporating (MFA) as a core component for broader deployment, including integration with Azure AD Identity Protection to detect and respond to suspicious sign-ins. In 2017, Azure AD deepened its integration with , enabling policies that evaluated device compliance before granting access to resources, thus combining identity verification with endpoint management in a unified Azure portal experience. By 2018, Microsoft initiated pilots for , leveraging Windows Hello for Business and FIDO2 standards in Windows 10 version 1803 to allow biometric or hardware-based sign-ins without passwords, marking an early step toward reducing reliance on traditional credentials. From 2019 to 2022, Azure AD focused on governance and external collaboration capabilities. In 2019, Microsoft previewed Azure AD entitlement management, part of the emerging Identity Governance suite, which automated access package assignments, approvals, and reviews to ensure compliance while scaling access for internal and external users. This was followed in 2020 by advancements in risk-based , where Identity Protection's machine learning-driven risk signals—such as anomalous user behavior—triggered automated policy responses like step-up , building on earlier foundations to provide more proactive threat mitigation. In 2021, support for external identities expanded significantly, with Azure AD External Identities introducing premium features like sign-up and integration with consumer-facing apps, allowing organizations to manage guest and partner access more securely without creating unmanaged accounts. Throughout this period, Azure AD Connect evolved with version releases emphasizing scalability and reliability. Starting from version 1.x in 2014, updates progressed through incremental improvements in performance and support for larger environments; , released in June 2021, introduced enhanced scalability for high-volume sync scenarios, better handling of complex hybrid topologies, and modern libraries, culminating in the retirement of all 1.x versions on August 31, 2022, to encourage adoption of these advancements. These milestones collectively transformed Azure AD from a basic into a robust platform for secure, hybrid identity management prior to its . In 2024 and 2025, post-rebranding developments included the full implementation of naming changes across all components and the retirement of legacy elements, such as the Azure AD Graph on June 30, 2025, which required migration to Microsoft Graph for continued functionality. New purchases of Azure AD B2C ended on May 1, 2025, for new customers, with existing customers supported until at least May 2030 and Azure AD B2C P2 discontinued on March 15, 2026. Ongoing enhancements integrated AI-driven threat detection and expanded support for workload identities, aligning with zero-trust principles.

Rebranding to Microsoft Entra ID

Microsoft announced the rebranding of Azure Active Directory (Azure AD) to Microsoft Entra ID on July 11, 2023, as part of a broader strategy to unify its identity and access management offerings under the Microsoft Entra product family. This change was intended to better reflect the service's evolution beyond Azure-specific boundaries, emphasizing support for multicloud and multiplatform environments while reducing confusion with the on-premises Windows Server . The rebranding aligns Microsoft Entra ID with complementary products in the Entra suite, such as Microsoft Entra Permissions Management, to create a cohesive identity portfolio. The official rollout began with a 30-day notification period starting July 11, 2023, followed by the initial name changes appearing across experiences on August 15, 2023. Full service name updates were implemented on October 1, 2023, including the renaming of service plans such as Azure AD Premium P1 to Entra ID P1 and Azure AD Free to Entra ID Free. On-premises software components, including tools like Entra Connect, received updates to reflect the new branding, with completion in 2024 to ensure seamless synchronization with cloud services. Most product experiences adopted the new name by the end of 2023, though licensing, pricing, and service level agreements remained unchanged throughout the process. Key motivations for the included expanding capabilities into the service edge (SSE) domain, enabling unified identity-centric access to , SaaS, and private applications across hybrid and multicloud setups. This shift positions Microsoft Entra ID as a foundational element for zero-trust models, integrating with solutions like Microsoft Entra Internet Access and Private Access to replace traditional VPNs. For users, the rebranding introduced no functional disruptions or changes to core capabilities, methods, or existing configurations. Updates were limited to branding in documentation, the Microsoft Entra admin center, and display names, with APIs, URLs, cmdlets (except the deprecated Azure AD module, retired March 30, 2024), and Microsoft Authentication Library (MSAL) references remaining fully backward compatible. Microsoft committed to supporting Azure AD nomenclature in code and integrations for an extended period, with certain legacy components like synchronization services maintaining compatibility until at least September 30, 2026, to allow ample migration time. As part of the post-rebranding timeline, announcements highlighted enhanced integrations, such as those between Microsoft Entra ID and Microsoft Purview for improved and compliance workflows.

Overview

Core purpose and architecture

Microsoft Entra ID serves as a cloud-based identity and access management (IAM) service, enabling organizations to securely manage identities, authenticate users, and control access to applications, data, and resources in and hybrid environments. It forms the foundation of the Microsoft Entra product family, supporting modern methods and policy enforcement to facilitate Zero Trust security models. As of 2023, Microsoft Entra ID connects over 610 million monthly active users across more than 800,000 organizations (as of 2024) to essential business applications. The architecture of Microsoft Entra ID is designed as a multi-tenant, cloud-native , leveraging APIs through the for programmatic access and management. It incorporates standard protocols such as OAuth 2.0 and OpenID Connect for authorization and authentication, SAML for federation, and SCIM for automated user provisioning. At its core, the system organizes data into tenants, where each organization receives a dedicated tenant with an initial domain like contoso.onmicrosoft.com, allowing isolation of identities and configurations. Key components include user objects that represent individuals within the tenant, encompassing both internal users and external guests invited through Microsoft Entra B2B collaboration for cross-organization access. Service principals act as identities for registered applications, enabling secure app-to-resource interactions without user involvement. For scalability and reliability, the service distributes data across global Azure datacenters using a partition-based model with primary replicas for writes and multiple secondary replicas for reads, ensuring automatic replication and geo-redundancy. This setup provides with a 99.99% (SLA) for availability. Unlike on-premises Active Directory, which relies on domain controllers for replication and management, Microsoft Entra ID adopts a cloud-first approach without physical domain controllers, emphasizing federation protocols for identity synchronization and access across distributed environments.

Relationship to Microsoft ecosystem

Microsoft Entra ID serves as the foundational identity and access management service within the Microsoft ecosystem, enabling seamless single sign-on (SSO) across Microsoft 365 applications such as Teams and Outlook. Users authenticate once via Microsoft Entra ID to access these productivity tools without repeated logins, enhancing user experience and security. This integration has been central to Microsoft 365 since the general availability of Azure Active Directory in 2013, when it became the primary identity provider for Office 365 services. As of April 2025, it manages identities, licenses, and compliance for over 430 million paid seats in Microsoft 365 commercial offerings. Beyond , Microsoft Entra ID integrates deeply with Azure services, where it authorizes access to resources like virtual machines and storage accounts through Azure role-based access control (Azure RBAC). Security principals, including users and managed identities, leverage Microsoft Entra ID authentication to perform operations on these Azure components, ensuring granular permissions aligned with organizational policies. This unified approach extends identity management across hybrid and cloud environments, supporting secure resource access without separate credential systems. Microsoft Entra ID also connects with Microsoft's security portfolio, notably integrating with Microsoft Defender for Identity—formerly Azure Advanced Threat Protection, introduced in 2018—for on-premises identity threat detection. This collaboration allows Defender for Identity to monitor hybrid environments using Microsoft Entra ID signals, identifying anomalous behaviors like reconnaissance or privilege escalations. Additionally, it feeds identity data into Microsoft Sentinel, Microsoft's cloud-native SIEM solution, via built-in connectors that stream sign-in, audit, and provisioning logs for advanced analytics and incident response. For broader ecosystem compatibility, Microsoft Entra ID supports third-party integrations through its application gallery, which includes thousands of pre-integrated SaaS applications with pre-built connectors for SSO and automated user provisioning. Custom integrations are facilitated by the , enabling developers to programmatically manage identities, access tokens, and app registrations across diverse services. Under the Entra branding, Entra ID expands to include Entra Verified ID, a service for issuing and verifying decentralized credentials based on open standards, supporting user-owned identity scenarios without relying on central directories. Complementing this, Entra Domain Services provides managed domain functionality that synchronizes with Entra ID, ensuring compatibility for legacy applications requiring traditional protocols like LDAP or Kerberos.

Features

Authentication and authorization

Microsoft Entra ID provides robust mechanisms to verify user identities, emphasizing secure and user-friendly methods. Passwordless options include Windows Hello for Business, which leverages or a PIN for primary sign-in and supports (MFA) as a step-up mechanism when combined with FIDO2 registration. FIDO2 security keys, functioning as passkeys, enable primary and MFA through hardware tokens or platform-based authenticators that resist attacks. The Microsoft Authenticator app offers passwordless sign-in as a primary method via push notifications, number matching, or , and also supports secondary MFA approvals. Administrators can enable additional context in these push notifications, such as the application name and geographic location of the sign-in, through the Authentication methods policy in the Microsoft Entra admin center under Security > Authentication methods > Microsoft Authenticator. When combined with number matching, this feature helps prevent MFA fatigue attacks by providing users with more verification details to assess the legitimacy of requests. Administrators can configure a registration campaign in the Authentication methods policy to prompt users to set up the Microsoft Authenticator app during sign-in. When the "Limited number of snoozes" option is enabled (default: true), users can skip the setup prompt up to three times. After three skips, they are forced to register the app during their next sign-in, effectively requiring setup to complete the sign-in process. As of June 2025, QR + PIN is generally available for frontline workers, providing a simple passwordless option using QR codes and PINs. Although Microsoft Entra ID emphasizes passwordless authentication, it continues to support traditional password-based authentication, governed by tenant-wide password policies in Microsoft 365 environments (including Business plans). These policies enforce a minimum password length of 8 characters, require complexity with characters from at least three of the four categories (uppercase letters, lowercase letters, numbers, and symbols), and prohibit the use of commonly banned passwords through global and organization-specific lists. Password expiration is set organization-wide, with the default and recommended configuration being that passwords never expire to reduce user inconvenience while relying on complementary security measures such as MFA. Administrators may override expiration for specific users through PowerShell using the Update-MgUser cmdlet to set the PasswordNeverExpires property to true. However, elements such as password length, complexity rules, and banned password lists cannot be customized on a per-user or per-group basis. Multifactor authentication in Microsoft Entra ID enhances security by requiring multiple verification factors. Common MFA methods include short message service () for one-time passcodes, usable as both primary and secondary factors; app notifications through the Microsoft Authenticator for secondary approval; and biometrics integrated with Windows Hello for Business as an MFA step-up. Certificate-based authentication allows primary sign-in using client certificates mapped to user accounts via policies on issuers, subject names, and thumbprints, while also supporting MFA as a secondary factor to meet combined registration requirements for MFA and . As of October 2025, Microsoft enforces mandatory MFA for all sign-ins to Azure portals, the Microsoft Entra admin center, admin center, and tools like Azure CLI and , with Phase 2 enforcement starting October 1, 2025; exemptions apply to workload identities and certain service accounts, but no general opt-outs are available. Authorization mechanisms in Microsoft Entra ID rely on (RBAC) to enforce least-privilege access to directory resources such as users, groups, and applications via the . Built-in s provide predefined permissions; for instance, the Global Administrator grants full management of all Microsoft Entra ID features, while the User Administrator handles user creation, deletion, and password resets without broader directory control. Custom s extend flexibility by allowing administrators to define specific permission sets using JSON-formatted definitions, which specify allowable actions like reading or updating users, and are assignable at tenant-wide or scoped levels such as individual applications. Creating custom s requires a Microsoft Entra ID P1 license and can be performed through the Microsoft Entra admin center, , or s. Microsoft Entra ID supports industry-standard protocols for seamless authentication and authorization. OAuth 2.0 implementations include the authorization code flow, where client applications redirect users to the authorization endpoint to obtain a short-lived code, subsequently exchanged at the token endpoint for access and refresh tokens to access protected resources on the user's behalf. The client credentials flow enables application-only authorization, allowing service principals to request access tokens directly using client secrets or certificates, ideal for background processes without user interaction. OpenID Connect, layered atop OAuth 2.0, facilitates authentication by issuing ID tokens as JSON Web Tokens (JWTs) containing user claims like name and email, retrieved via the same endpoints after successful sign-in to enable single sign-on across applications. For enterprise federation, SAML 2.0 supports single sign-on through HTTP redirects for AuthnRequest messages from service providers, to which Microsoft Entra ID responds with signed assertions via HTTP POST, including NameID formats (e.g., email or persistent), authentication contexts (e.g., password or certificate), and validity conditions up to 70 minutes. The app registration in Entra ID integrates applications into the identity platform for secure access. Developers register applications via the Entra admin center in the Azure portal by specifying a display name, supported account types (e.g., single tenant or multi-tenant), and redirect URIs, which generates a unique application (client) ID and directory (tenant) ID for token requests. The Tenant ID is a unique GUID identifying the specific Entra ID tenant (directory or organization), used in authority URLs such as https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize to scope authentication to the correct tenant. In contrast, the Client ID (also known as Application ID) is a unique GUID assigned to the registered application, identifying it globally and used in authentication requests, such as the client_id parameter in OAuth 2.0 flows. Thus, the Tenant ID specifies the directory or organization ("where"), while the Client ID specifies the application requesting access ("what"). Permissions are configured under the permissions blade, differentiating delegated permissions—scopes granted on behalf of signed-in users for actions like reading user profiles—and application permissions—app roles for daemon access without a user context, such as full mailbox . frameworks govern permission grants: user prompts appear during sign-in for low-risk delegated scopes affecting only the user's data, while admin is mandatory for application permissions or high-privilege delegated scopes impacting the , with policies allowing preauthorized consents or restrictions on user-initiated grants. In (B2B) scenarios, Microsoft Entra ID enables secure by allowing tenant administrators to invite external guest users, who redeem invitations using their credentials to access shared resources like applications and custom line-of-business apps, with guests identifiable by the #EXT# suffix in their user principal names and permissions controlled via external settings. These settings are configured in the Microsoft Entra admin center by navigating to Entra ID > External Identities > External collaboration settings. Under Guest invite settings, administrators can configure who can invite guest users, with options including anyone in the organization including guests and non-admins (most inclusive), member users and users assigned to specific admin roles, only users assigned to specific admin roles, or no one in the organization including admins (most restrictive), along with other restrictions for external collaboration and guest invites such as domain-based limits. For business-to-consumer (B2C) use cases, Microsoft Entra External ID serves as the next-generation customer identity and access management (CIAM) platform for managing consumer identities in dedicated external tenants for customer-facing applications. It supports self-service sign-up flows with local accounts, social providers (e.g., Google or Facebook), or one-time passcodes, customizable branding, attribute collection, and multifactor options such as SMS or email verification to ensure scalable, secure authentication without merging with internal workforce identities. This is distinct from Azure AD B2C, which is not rebranded as Microsoft Entra External ID and remains supported for existing customers until at least May 2030, with no immediate migration required.

Identity protection and governance

Microsoft Entra ID Protection utilizes to detect and mitigate identity-based risks by analyzing trillions of signals daily, including sign-in risks such as anomalous locations, unfamiliar devices, and leaked credentials, as well as user risks like compromised accounts or suspicious behavior patterns. As of August 2025, detection quality has been improved with enhanced models. This feature identifies risks in real-time, assigning levels from low to high, and enables automated remediation actions, such as requiring (MFA) or self-service password resets, to secure access without disrupting legitimate users. Specifically, Microsoft Entra ID Protection user risk detections (requiring a P2 license) integrate with Conditional Access policies, allowing administrators to configure policies that apply when user risk is High and select "Require risk remediation" under Grant controls; this prompts high-risk users—particularly those using password-based authentication—to securely change their password for self-remediation and access restoration, while passwordless users have sessions revoked requiring reauthentication. Legacy separate risk policies in ID Protection are scheduled for retirement on October 1, 2026, in favor of this Conditional Access integration. Integration with tools like Microsoft Sentinel allows risk data to be exported via APIs for broader security operations. Access reviews in Microsoft Entra ID provide mechanisms for regularly evaluating and certifying user access to resources, encompassing automated processes driven by dynamic rules or lifecycle workflows, alongside manual reviews conducted by designated reviewers, group owners, or users themselves. These reviews target group memberships, application roles, and entitlements, offering smart recommendations to streamline decisions and ensure compliance by revoking unnecessary access, thereby reducing risks from over-provisioning. They integrate seamlessly with entitlement management and Privileged Identity Management (PIM) to support ongoing throughout the identity lifecycle. Privileged Identity Management (PIM) enables just-in-time access to elevated s, allowing users to activate privileges temporarily rather than maintaining permanent assignments, which minimizes the from standing administrative access. Available in the Premium P2 edition, PIM incorporates approval workflows for role activations, multifactor authentication requirements, and detailed auditing of all elevations and denials to track accountability. Administrators can configure time-bound activations and conduct periodic access reviews within PIM to verify ongoing need. Entitlement management facilitates self-service provisioning of access through access packages—bundled resources such as groups, applications, and sites—allowing users to request and receive time-limited entitlements based on predefined policies. As of October 2025, suggested access packages are generally available in My Access, providing curated recommendations based on user needs. This automates the identity and access lifecycle, including approvals, assignments, and expirations, while reducing administrative overhead by delegating package creation to non-IT roles via catalogs and enforcing through recurring reviews. It supports both internal and external users, ensuring scalable management without compromising . Microsoft Entra ID Governance includes Lifecycle Workflows, which automate identity lifecycle processes such as onboarding (joiner), changes (mover), and offboarding (leaver). In hybrid environments, Lifecycle Workflows serve as the primary tool for automating "Leaver" offboarding and deprovisioning, executing tasks such as disabling user accounts, removing licenses, removing users from groups and Teams, revoking sign-in sessions, and deleting accounts. These tasks can integrate with hybrid identity synchronization tools like Microsoft Entra Connect or Cloud Sync to propagate changes to on-premises Active Directory, with certain actions (e.g., disabling or deleting on-premises accounts) supported directly when configured. For purely on-premises Active Directory environments, offboarding relies on manual methods using PowerShell cmdlets (e.g., Disable-ADAccount) or Active Directory Users and Computers. For compliance, Microsoft Entra ID integrates audit logs with Microsoft Purview, capturing identity events such as role changes, sign-ins, and policy updates for forensic analysis and regulatory adherence. Purview provides retention policies tailored to these logs, with standard retention of 180 days and premium options extending to one year or up to 10 years via add-ons, enabling organizations to maintain searchable records for compliance reporting and risk assessments. This unified auditing supports intelligent insights across Microsoft services, facilitating investigations into identity-related activities.

Conditional access and compliance

Microsoft Entra ID's provides a policy-based framework for enforcing dynamic access decisions based on real-time signals, enabling organizations to implement zero-trust security models. This feature acts as a rule-based engine that evaluates contextual factors such as user identity, device state, location, and risk levels to determine appropriate access outcomes, ensuring that only verified and compliant sessions are granted. The engine aggregates multiple signals—including user or group membership, IP address ranges, device platforms (e.g., Windows, , Android), targeted applications, and risk scores derived from Microsoft Entra ID Protection—to apply post-initial authentication. Possible actions include blocking access entirely, requiring (MFA), mandating compliant devices via integration with , enforcing terms of use acceptance, or requiring risk remediation for high user risk. Specifically, Conditional Access policies can require risk remediation when the "User risk" condition is set to High and the "Require risk remediation" grant control is selected, prompting high-risk users to securely change their password for self-remediation and access restoration (requiring a Microsoft Entra ID P2 license). Legacy separate risk policies are retired; this is now handled via Conditional Access. For instance, a might block access from unmanaged devices while allowing it from trusted corporate endpoints after MFA verification. As of July 2025, the Conditional Access Optimization Agent and audience reporting are generally available to improve management and visibility. Creating a policy involves defining assignments and conditions through the Entra admin center or . Assignments specify targets such as users, groups, directory roles, or cloud applications, with options for inclusions and exclusions (e.g., excluding emergency access accounts). Conditions encompass factors like IP ranges, device platforms, client types, locations, and user risk levels; policies can be built from templates or created from scratch, with a minimum of a name, assignments, and access controls required. To test without enforcement, administrators use report-only mode or the what-if simulation tool, which analyzes a specified sign-in and predicts policy matches and outcomes. As of July 2025, the What If is generally available for programmatic simulations. As of October 2025, soft delete and restore for policies and named locations is in public preview. For compliance, integrates with standards like GDPR and HIPAA by enforcing granular access controls that align with regulatory requirements for authorized access and data protection. It signals to data loss prevention (DLP) tools in Microsoft Purview for preventing unauthorized and supports session controls via Microsoft Defender for Cloud Apps, allowing app-specific restrictions such as limiting downloads or sign-ins in high-risk scenarios. These mechanisms help automate adherence to privacy rules, such as requiring device compliance for handling under HIPAA or verifying user consent under GDPR. As of July 2025, provisioning of custom attributes from HR sources is generally available to enhance compliance with attribute-based access controls. Named locations and trusted IP configurations enhance geo-fencing in zero-trust setups by defining trusted networks or regions (e.g., corporate IP ranges or country-specific areas) as conditions within policies. Administrators can mark these as trusted to bypass certain controls, such as MFA for internal access, while applying stricter rules to unknown locations, thereby reducing lateral movement risks in compliance-focused environments. Reporting and insights tools provide visibility for compliance auditing, including policy match reports that detail outcomes like successes, failures, or required user actions over customizable timeframes (e.g., 7 to 90 days). The insights workbook breaks down matches by conditions such as device state or location, while what-if analysis simulates policy effects on sample sign-ins to identify coverage gaps without real-world impact. These features enable ongoing audits to ensure policies meet regulatory standards and organizational security postures.

Automated user provisioning

Microsoft Entra ID includes a built-in automated user provisioning and deprovisioning service that manages the lifecycle of user accounts in connected applications and systems. The service automates account creation, attribute updates and synchronization, and deprovisioning by disabling or deleting accounts when users fall out of scope (such as due to unassignment, soft deletion, hard deletion, or failure of scoping filters). Provisioning occurs through initial and incremental cycles, with deprovisioning typically disabling accounts (e.g., setting active to false) by default, or deleting them if the target system does not support disabling or upon hard deletion in the source. In HR-driven inbound provisioning scenarios from cloud HR systems (e.g., Workday, SuccessFactors), automatic deprovisioning supports disabling user accounts in both Microsoft Entra ID and on-premises Active Directory via provisioning agents when users are terminated or fall out of scope in the HR system. For comprehensive user offboarding in hybrid environments, these provisioning capabilities integrate with Microsoft Entra ID Governance Lifecycle Workflows, which automate additional leaver processes including disabling or deleting user accounts (with optional on-premises synchronization), revoking sign-in sessions, removing licenses, and removing users from groups and Teams. Key provisioning options include:
  • Preintegrated connectors for gallery SaaS applications (e.g., Slack, Salesforce, Dropbox, ServiceNow) using the SCIM 2.0 protocol.
  • Custom SCIM 2.0 integrations for non-gallery applications.
  • On-premises application support via custom ECMA connectors, including LDAP, SQL, REST/SOAP web services, and PowerShell for flat-file systems.
  • Inbound provisioning from cloud HR systems (e.g., Workday, SuccessFactors), supporting automated provisioning and deprovisioning to Microsoft Entra ID and on-premises Active Directory via provisioning agents.
  • Just-in-Time (JIT) provisioning via SAML for automatic account creation during sign-in.
The service is configured and managed through the Microsoft Entra admin center, supporting customizable attribute mappings for data flow, scoping filters to determine in-scope users, and monitoring of provisioning status. Programmatic management is available via the Microsoft Graph API.

Cross-tenant access settings

Microsoft Entra ID provides cross-tenant access settings to manage B2B collaboration with external Microsoft Entra organizations, controlling inbound and outbound access for users and applications. These settings support cross-cloud B2B collaboration between tenants in different Microsoft Azure clouds, such as between the commercial cloud and Azure Government. Cross-cloud collaboration enables secure guest user access across clouds, including scenarios where users from a commercial tenant access resources in a government tenant (Azure Government, supporting GCC High and DoD) or vice versa. Both tenants must mutually configure the following: enable the relevant external Microsoft Azure cloud in their Microsoft cloud settings under Cross-tenant access settings, add the partner's tenant ID (the unique identifier for an Entra ID tenant) in organizational settings (domain name lookup is not available in cross-cloud scenarios), and optionally customize inbound and outbound B2B collaboration access settings. This configuration allows guest users to be invited to access resources such as SharePoint sites, documents, Power BI content, and applications. However, B2B direct connect is not supported in cross-cloud scenarios, and only B2B guest accounts are permitted (B2B member accounts are not supported). Users from another cloud must sign in using their user principal name (UPN), as email sign-in is not supported cross-cloud.

Licensing and editions

Free edition capabilities

The free edition of Microsoft Entra ID provides foundational identity and access management capabilities suitable for small organizations, trials, or basic cloud-only environments, without any per-user licensing fees. It includes core directory services for creating and managing up to 50,000 user accounts, groups, and other directory objects per tenant. User and group management supports basic (RBAC) assignments and delegation for administrative tasks. Key authentication features encompass unlimited (SSO) across Microsoft 365 applications and thousands of pre-integrated SaaS apps, enabling seamless access without repeated logins. (MFA) is available through security defaults, which enforce prompts for all users during sign-ins to Azure, Microsoft 365, and other resources, blocking over 99% of account compromise attacks in basic scenarios. and change are supported for cloud-only users, alongside basic password protection that hashes and blocks weak passwords from Microsoft's global banned list during creation or updates. Basic reports offer insights into sign-ins, audits, and directory usage, with data retained for up to 7 days. Hybrid environments benefit from basic synchronization with on-premises using Microsoft Entra Connect, allowing directory objects to flow to the cloud without advanced writeback or filtering options. However, limitations include the absence of policies for granular controls, no enforcement for on-premises resources beyond cloud sign-ins, and restricted governance features like access reviews. MFA and other protections apply primarily to cloud-only users, with hybrid users relying on on-premises policies unless upgraded. Existing Azure AD tenants automatically transition to the free edition of following the 2023 rebranding, incurring no costs for core usage but potentially tying into broader Azure consumption if additional services are enabled. Subscriptions to plans can trigger automatic upgrades, granting access to premium features without separate Entra ID licensing. This edition targets organizations with up to a few hundred users seeking cost-free entry into identity management, while larger or more complex needs often necessitate premium editions for enhanced and scalability.

Premium editions (P1 and P2)

Microsoft Entra ID offers two premium editions, P1 and P2, designed to provide advanced identity management capabilities for enterprises beyond the free tier's basic functionalities. The P1 edition includes (SSPR), which allows users to reset their passwords independently without administrator intervention; group self-service for creating and managing groups; (MFA) enforcement for administrators; basic policies to control access based on user, device, and location conditions; and hybrid identity features for synchronizing on-premises with the cloud. The P2 edition builds on P1 by adding specialized governance and protection tools, including Microsoft Entra ID Protection for detecting and remediating identity-based risks; Privileged Identity Management (PIM) for just-in-time elevated access; access reviews to periodically verify user entitlements; risk-based Conditional Access policies that automate responses to suspicious activities, including self-remediation options such as requiring secure password changes for high-risk users; and full entitlement management for streamlined access package provisioning. P2 supports unlimited risk detections, enabling comprehensive monitoring without the quotas applied in P1. As of 2025, pricing for standalone licenses requires an annual commitment: P1 at $6 per user per month and P2 at $9 per user per month. Microsoft Entra ID P2 is also available in GCC High environments as a standalone license, with pricing aligning with the commercial standalone rate of $9 per user per month; no separate public pricing is indicated for GCC High, and standalone licenses are supported in these environments as confirmed in Microsoft documentation. These editions are also bundled in Microsoft 365 plans, with P1 included in E3 and P2 in E5, providing integrated value for organizations already subscribed to those suites.
CategoryP1 FeaturesP2 Additions (Beyond P1)
SecurityBasic conditional access; MFA for admins; hybrid identity syncIdentity Protection; risk-based Conditional Access policies with self-remediation (e.g., requiring password change for high user risk); unlimited risk detections
GovernanceSSPR; group self-servicePIM; access reviews; full entitlement management
ScalabilityStandard reporting and administrationAdvanced remediation workflows; comprehensive policy automation
Upgrading from the free edition or P1 to P2 is seamless, with licenses managed through the Azure portal; organizations can assign licenses to users via the admin center without disrupting existing configurations. Free 30-day trials for P1 and P2 are available directly from the Entra admin center, allowing evaluation before commitment.

Group-based licensing

Group-based licensing is a feature available in the premium editions (P1 and higher) of Microsoft Entra ID that enables administrators to assign product licenses to groups rather than individual users. Licenses assigned to a group are automatically applied to all members, with new members inheriting licenses upon joining and licenses removed upon leaving. This simplifies management in dynamic organizations. To assign licenses to groups in Microsoft Entra ID (via the Microsoft 365 admin center or Microsoft Graph), an administrator must have at least one of the following roles: License Administrator, Groups Administrator, or User Administrator. The License Administrator role can read, add, remove, and update license assignments on users and groups (explicitly including group-based licensing). The Groups Administrator can manage groups and also assign licenses to groups (supported by Graph API permissions). The User Administrator also works as an alternative with similar capabilities for group licensing assignments. This applies to security groups (including dynamic groups) and Microsoft 365 groups, excluding role-assignable groups. Key permissions include microsoft.directory/groups/assignLicense for assigning licenses to groups and microsoft.directory/groups/reprocessLicenseAssignment for reprocessing group license assignments. Since September 1, 2024, the Microsoft Entra ID admin center no longer supports license assignments to groups through its user interface; such assignments must be performed via the Microsoft 365 admin center, Microsoft Graph API, or PowerShell. API and PowerShell access remain unaffected by this change. This capability enhances efficient license management for large-scale deployments by reducing manual per-user operations.

Deployment and management

Hybrid identity synchronization

Microsoft Entra ID enables hybrid identity synchronization by integrating on-premises (AD) with cloud-based identities, allowing organizations to maintain a unified across environments. The primary tool for this is Microsoft Entra Connect, an on-premises application that synchronizes user accounts, groups, and attributes between AD and Microsoft Entra ID. Installation of Microsoft Entra Connect involves downloading the installer from the Download Center, running it on a dedicated domain-joined , 2019, or 2022, and selecting either Express settings for quick setup or custom installation for advanced options. During configuration, administrators can choose sign-in methods such as password hash synchronization (PHS), which securely transfers hashed passwords from AD to Microsoft Entra ID for seamless authentication; pass-through authentication (PTA), which validates passwords directly against on-premises AD using lightweight agents; or federation with (AD FS), which delegates authentication to an on-premises AD FS farm for more complex scenarios like custom claims. The process in Entra Connect uses a delta mechanism, where changes in are detected and synced to Microsoft Entra ID every 30 minutes, minimizing bandwidth usage by only transferring modifications rather than full datasets. This supports write-back capabilities, enabling updates from the cloud—such as password changes via (SSPR) or device registrations—to be propagated back to on-premises for attributes like user passwords and registered devices. Furthermore, Microsoft Entra ID Governance Lifecycle Workflows automate deprovisioning ("Leaver") processes for hybrid identities, including disabling or deleting user accounts, removing licenses, and revoking access. For synchronized users, tasks such as disabling or deleting accounts can propagate changes back to on-premises Active Directory using the Microsoft Entra provisioning agent when configured with parameters like disableOnPremisesAccount or deleteOnPremisesAccount, requiring prerequisites such as agent installation (version 1.1.1586.0 or later) and appropriate permissions. Microsoft Entra Connect supports various topologies to accommodate diverse environments, including single-forest setups where one AD forest syncs to a single Microsoft Entra tenant, often using Express settings for simplicity. Multi-forest topologies allow multiple AD forests to sync to one tenant, either in a full (where users and resources can span forests, linked by attributes like mail) or account-resource models (separating user accounts from resource forests). Staged rollouts are facilitated by deploying a secondary staging server that mirrors the primary but remains read-only, enabling testing, , or gradual migration without disrupting production. Selective synchronization is achieved through filtering rules, such as organizational unit (OU)-based, attribute-based, or group-based filters, to exclude specific objects from syncing and optimize performance. For organizations seeking lighter synchronization without the full Microsoft Entra Connect installation, Microsoft Entra Cloud Sync provides an alternative provisioning solution that synchronizes users and groups from AD to Microsoft Entra ID using a dedicated provisioning agent installed on-premises. Introduced as a modern approach to hybrid synchronization, Cloud Sync leverages the (SCIM) protocol for efficient, agent-based provisioning and supports scenarios like multi-tenant environments or coexistence with existing Connect deployments. Unlike full Connect Sync, it focuses on one-way provisioning without authentication features like PHS or PTA, making it suitable for targeted hybrid needs, though it enables group writeback from Microsoft Entra ID to on-premises AD. In hybrid setups, comprehensive user offboarding often combines Lifecycle Workflows with Microsoft Graph API actions (e.g., Revoke-MgUserSignInSession to revoke sign-in sessions) and on-premises PowerShell cmdlets (e.g., Disable-ADAccount) for actions beyond standard synchronization. Troubleshooting hybrid synchronization involves monitoring and resolving common issues like sync errors, attribute mismatches, and connectivity problems through built-in tools. The Synchronization Service Manager UI, accessible from the on the Connect server, allows viewing operations, connectors, and data to diagnose errors such as duplicate attributes or failed exports, with options to resync specific objects or adjust mappings. Attribute mapping issues can be addressed by editing rules in the UI or via , ensuring source and target attributes align correctly. monitoring is available in the Entra admin center under Connect , providing alerts for sync latency, object change failures, and detailed error reports (updated every 30 minutes) categorized by type, such as data validation errors, with exportable CSV data for further analysis.

Administrative tools and interfaces

The Microsoft Entra admin center serves as the primary web-based portal for managing Microsoft Entra ID and related products, offering a centralized interface for identity administration. It enables administrators to handle tenant configurations, user and group provisioning, device management, application registrations, assignments, and licensing oversight. In device management, a key distinction exists between registered and enrolled devices. A registered device enables single sign-on (SSO) for applications such as Microsoft 365 but lacks full management capabilities, which is common for personal or bring-your-own-device (BYOD) scenarios; in such cases, the user interface displays a Disconnect button for the account. Conversely, the Info button appears only when the device is fully enrolled in an organization's mobile device management (MDM) system, such as Microsoft Intune, providing access to management details and compliance information. Key sections include Entra ID for core identity tasks, Identity Protection for risk-based policies, and Identity Governance for access reviews, providing an overview with recent activities, tools like Diagnose & Solve, and quick access to support resources. For programmatic management, the API provides RESTful endpoints that allow developers and administrators to automate identity operations across Microsoft Entra ID. These APIs support tasks such as querying and updating user profiles via the /users endpoint, managing group memberships through the /groups endpoint, and handling application permissions and tenant details. The API integrates with the Microsoft Graph SDK, including the Microsoft.Graph module, which offers cmdlets for scripting these interactions in environments. Additional command-line tools facilitate bulk operations and scripting for Entra ID management. The Entra module, built on the SDK, enables administrators to perform tasks like user onboarding, group creation, and role assignments at scale through dedicated cmdlets, replacing legacy Azure AD modules for enhanced compatibility and features. It supports of complex workflows, such as processing large user sets or integrating with other services. For cross-platform scripting, Entra ID integrates with the Azure CLI via extensions like az ad, allowing commands for user and group operations in bash or other shells. Audit and sign-in logs in Microsoft Entra ID capture administrative actions and authentication events, essential for monitoring and compliance. In the free edition, both audit logs and sign-in logs are retained for 7 days, while premium editions (P1 and P2) extend retention to 30 days. Administrators can export these logs beyond default periods by routing them to an Azure storage account or Log Analytics workspace via Azure Monitor, enabling long-term archiving and custom querying for up to 2 years or more depending on storage configurations. Best practices for Entra ID administration emphasize security and efficiency through role delegation, requiring administrators to apply the principle of least privilege by assigning granular roles and scopes, ideally limiting Global Administrators to fewer than five and using groups for scalable assignments. Enabling (MFA) for all admin accounts is recommended to mitigate compromise risks by up to 99.9%, often enforced via Privileged Identity Management (PIM) for just-in-time access; as of October 1, 2025, MFA is mandatory for sign-ins to Azure CLI, Azure PowerShell, Azure mobile app, and tools. Monitoring is enhanced by integrating with Azure Monitor to track logs and configure recurring access reviews, ensuring timely revocation of unused permissions and proactive threat detection.

Adoption and impact

Usage statistics and case studies

Microsoft Entra ID demonstrates extensive enterprise adoption, supporting identities for over 90% of companies through its foundational role in ecosystems. As of 2025, the platform serves 1 billion monthly active users globally, underscoring its scale in managing cloud-based and access. Daily operations involve processing vast sign-in volumes, with Microsoft Entra detecting and mitigating over 600 million identity attacks per day, 99% of which target passwords. (MFA) usage has surged amid mandatory enforcement rollouts starting in 2025, following a baseline of 38% adoption among active users in 2024. In the identity and access management (IAM) market, Entra ID holds leadership status, named a Leader in the 2024 Gartner for Access Management and positioned highest in ability to execute among key vendors including and . The access management segment grew 17.6% to $5.85 billion in 2023, reflecting rising demand for integrated solutions like Entra. Real-world implementations illustrate Entra ID's effectiveness. SEB Group, a leading Nordic bank serving over 10 million customers, deployed Entra ID alongside Microsoft Defender to enforce Zero Trust principles, including conditional access policies that adapt to user risk and device compliance, thereby strengthening hybrid identity security across its global operations. In another example, a multinational manufacturing organization, such as NSK Ltd., leveraged Entra ID's B2B collaboration features to securely onboard external partners and vendors, streamlining access to supply chain systems while maintaining granular controls to prevent unauthorized entry. Emerging trends highlight Entra ID's role in advancing , with the global market projected to surpass $20 billion in 2025 as enterprises adopt methods like passkeys and integrated with Entra. This shift aligns with broader Zero Trust adoption, where 83% of implementing organizations report fewer security incidents, often powered by Entra's policy enforcement. Microsoft's internal surveys via Entra ID Protection reveal proactive defenses, automatically blocking high-confidence risky sign-ins and contributing to the mitigation of billions of threats annually; for instance, in 2024, the service analyzed signals to prevent widespread compromise from password-based vectors comprising 99% of daily attacks.

Criticisms and limitations

Microsoft Entra ID, formerly known as Azure Active Directory, has faced security concerns stemming from high-profile incidents that exposed vulnerabilities in its mechanisms. During the 2020 , adversaries exploited a compromised DLL in the Orion platform to gain initial access, subsequently expanding their foothold into Azure AD environments through SAML-based , allowing token issuance and lateral movement across Microsoft services like Office 365. This incident highlighted risks in federated setups, where attackers could forge SAML tokens—a technique dubbed "Golden SAML"—to impersonate users without direct credential compromise. Although had been aware of related flaws for years, the company did not prioritize patches until after the breach was publicized, contributing to widespread exposure affecting thousands of organizations. Ongoing risks persist despite the implementation of (MFA) in Entra ID, as certain attack vectors can bypass or fatigue these protections. MFA fatigue attacks, where users are bombarded with push notifications until they inadvertently approve access, have enabled unauthorized entry even in enabled environments, with reports of successful compromises in 2025. However, Microsoft Entra ID provides mitigations such as enabling additional context—including the application name and geographic location—in Microsoft Authenticator notifications, which can be configured in Entra ID > Security > Authentication methods > Microsoft Authenticator; this feature, when combined with number matching, helps users verify the legitimacy of requests and prevent MFA fatigue attacks. Additionally, legacy protocols like IMAP and POP3 can circumvent MFA, and adversary-in-the-middle (AiTM) allows real-time interception of credentials and tokens. recommends -resistant MFA methods, such as FIDO2 keys or certificate-based , to mitigate these issues, but adoption remains uneven due to compatibility challenges. Limitations in hybrid identity setups have been a notable drawback, particularly for organizations with legacy applications that require synchronization between on-premises and Entra ID. Configuring for hybrid environments demands complex infrastructure, including multiple (ADFS) servers, proxies, and SSL certificates, which increases maintenance overhead and potential failure points. Hybrid Azure AD joined devices, while enabling seamless access, still necessitate line-of-sight to on-premises domain controllers for policy updates, adding operational complexity without fully cloud-native benefits. This setup can complicate migrations for enterprises reliant on older apps, often requiring specialized expertise. Cost structures for premium features in Entra ID have drawn criticism, especially when compared to alternatives like Google Workspace. The Entra ID P2 edition, which includes advanced capabilities such as identity protection and privileged identity management, is priced at $9 per user per month, potentially escalating for large-scale deployments with add-ons. In contrast, Google Workspace's Business Plus plan at $26.40 per user per month (as of March 2025) bundles similar identity management with broader productivity tools and more storage, making Entra ID appear costlier for non-Microsoft-centric organizations seeking comprehensive suites. Tiered licensing can lead to unexpected expenses for advanced security, limiting accessibility for smaller enterprises. Criticisms also extend to delayed feature rollouts and pre-rebrand dependencies on the ecosystem. Full via methods like Windows Hello for Business and FIDO2 security keys did not achieve general availability in Azure AD until March 2021, lagging behind industry pushes for reduced password reliance amid rising credential-based attacks. Prior to the 2023 rebranding to Entra ID, the service's tight integration with Azure and limited multicloud flexibility, as native support for non-Microsoft platforms like AWS or Cloud required custom configurations or third-party tools, hindering hybrid cloud strategies. Regulatory challenges, particularly around EU data residency and GDPR compliance, have plagued Entra ID implementations. In March 2024, the European Data Protection Supervisor ruled that the European Commission's use of Microsoft 365—powered by Entra ID—infringed GDPR by transferring personal data to the US without adequate safeguards, ordering suspension of non-essential data flows by December 2024. However, the European Commission brought its use of Microsoft 365 into compliance in July 2025. Misconfigurations in Entra ID, such as improper conditional access policies, have contributed to broader Microsoft-related fines, including a €310 million penalty against LinkedIn Ireland in October 2024 for unlawful data processing. Microsoft's EU Data Boundary initiative, completed in February 2025, aims to address residency by keeping core services within the EU, but challenges persist for global tenants. Post-2023 improvements under the Entra ID branding have enhanced multicloud support, with expanded application gallery integrations for platforms like Google Cloud and AWS, enabling seamless provisioning and . However, user feedback continues to highlight UI complexity, with advanced configuration interfaces requiring Microsoft-specific knowledge and leading to steep learning curves for non-experts. Reviews from 2025 note that while core functionality is robust, the administrative portal's layered options can overwhelm administrators during setup and .

References

  1. https://learn.microsoft.com/en-us/entra/fundamentals/what-is-entra
  2. https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id
  3. https://learn.microsoft.com/en-us/entra/fundamentals/new-name
  4. https://devblogs.microsoft.com/identity/aad-rebrand/
  5. https://techcrunch.com/2013/04/08/windows-azure-opens-active-directory-for-general-availability-as-identity-battle-heats-up/
  6. https://learn.microsoft.com/en-us/entra/identity/authentication/overview-authentication
  7. https://learn.microsoft.com/en-us/entra/identity-platform/v2-overview
  8. https://learn.microsoft.com/en-us/entra/external-id/external-identities-overview
  9. https://rcpmag.com/articles/2001/09/20/microsoft-opens-passport-renames-hailstorm.aspx
  10. https://www.cnet.com/tech/tech-industry/microsoft-beefs-up-passport-security/
  11. https://betanews.com/2006/02/27/windows-live-id-to-replace-passport/
  12. https://www.identityblog.com/?p=509
  13. https://rcpmag.com/articles/2010/12/01/bpos-gets-a-new-brand.aspx
  14. https://vincentlauzon.wordpress.com/2010/07/09/microsoft-online-bpos/
  15. https://techcommunity.microsoft.com/blog/educatordeveloperblog/the-history-of-microsoft-azure/3574204
  16. https://www.computerworld.com/article/1429046/first-look-windows-azure-active-directory-preview.html
  17. https://rcpmag.com/articles/2013/04/09/windows-azure-active-directory-ga.aspx
  18. https://www.zdnet.com/article/microsoft-starts-making-more-of-its-azure-cloud-services-generally-available/
  19. https://techcommunity.microsoft.com/t5/security-compliance-and-identity/enterprise-mobility-teched-announcements/ba-p/248632
  20. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history-archive
  21. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/azuread-identity-protection-azure-ad-privileged-identity/ba-p/245077
  22. https://www.microsoft.com/en-us/microsoft-365/blog/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/
  23. https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-active-directory-external-identities-goes-premium-with/ba-p/1604572
  24. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-version-history
  25. https://learn.microsoft.com/en-us/entra/fundamentals/whats-new
  26. https://learn.microsoft.com/en-us/azure/active-directory-b2c/faq
  27. https://www.microsoft.com/en-us/security/blog/2023/07/11/microsoft-entra-expands-into-security-service-edge-and-azure-ad-becomes-microsoft-entra-id/
  28. https://www.microsoft.com/en-us/security/business/microsoft-entra
  29. https://petri.com/microsoft-entra-id-name-change-2024/
  30. https://www.microsoft.com/en-us/security/blog/2024/07/16/microsoft-purview-data-governance-will-be-generally-available-september-1-2024/
  31. https://www.microsoft.com/en-us/investor/events/fy-2023/earnings-fy-2023-q4
  32. https://techcommunity.microsoft.com/t5/microsoft-entra-blog/introducing-microsoft-entra-license-utilization-insights/ba-p/3796393
  33. https://learn.microsoft.com/en-us/entra/architecture/architecture
  34. https://www.azure.cn/en-us/support/sla/active-directory/
  35. https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-single-sign-on
  36. https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/bot-sso-overview
  37. https://redmondmag.com/blogs/the-schwartz-report/2013/06/ad-big-numbers.aspx
  38. https://www.microsoft.com/en-us/investor/events/fy-2025/earnings-fy-2025-q3
  39. https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
  40. https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
  41. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-overview
  42. https://www.microsoft.com/en-us/security/blog/2018/11/13/the-evolution-of-microsoft-threat-protection-november-update/
  43. https://learn.microsoft.com/en-us/defender-for-identity/what-is
  44. https://learn.microsoft.com/en-us/azure/sentinel/connect-data-sources
  45. https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/overview-application-gallery
  46. https://learn.microsoft.com/en-us/graph/tutorial-applications-basics
  47. https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-verified-id
  48. https://learn.microsoft.com/en-us/entra/identity/domain-services/overview
  49. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-additional-context
  50. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-number-match
  51. https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-registration-campaign
  52. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-methods
  53. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad-combined-policy
  54. https://learn.microsoft.com/en-us/microsoft-365/admin/manage/set-password-expiration-policy?view=o365-worldwide
  55. https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
  56. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-certificate-based-authentication-technical-deep-dive
  57. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication
  58. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference
  59. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create
  60. https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols
  61. https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-on-saml-protocol
  62. https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app
  63. https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview
  64. https://learn.microsoft.com/en-us/entra/external-id/external-collaboration-settings-configure
  65. https://learn.microsoft.com/en-us/entra/external-id/customers/overview-customers-ciam
  66. https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection
  67. https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-risk-policies
  68. https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-risk-based-user
  69. https://learn.microsoft.com/en-us/entra/id-governance/access-reviews-overview
  70. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure
  71. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-overview
  72. https://learn.microsoft.com/en-us/entra/id-governance/lifecycle-workflow-templates
  73. https://learn.microsoft.com/en-us/entra/id-governance/lifecycle-workflow-tasks
  74. https://learn.microsoft.com/en-us/purview/audit-solutions-overview
  75. https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
  76. https://learn.microsoft.com/en-us/security/zero-trust/adopt/meet-regulatory-compliance-requirements
  77. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policies
  78. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-grant
  79. https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-insights-reporting
  80. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-report-only
  81. https://learn.microsoft.com/en-us/entra/standards/hipaa-access-controls
  82. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session
  83. https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-conditions
  84. https://learn.microsoft.com/en-us/entra/identity/app-provisioning/user-provisioning
  85. https://learn.microsoft.com/en-us/entra/identity/app-provisioning/how-provisioning-works
  86. https://learn.microsoft.com/en-us/entra/identity/saas-apps/workday-inbound-tutorial
  87. https://learn.microsoft.com/en-us/entra/architecture/governance-deployment-employee-lifecycle
  88. https://learn.microsoft.com/en-us/entra/identity/app-provisioning/customize-application-attributes
  89. https://learn.microsoft.com/en-us/entra/identity/app-provisioning/define-conditional-rules-for-provisioning-user-accounts
  90. https://learn.microsoft.com/en-us/entra/external-id/cross-cloud-settings
  91. https://learn.microsoft.com/en-us/microsoft-365/solutions/collaborate-guests-cross-cloud?view=o365-worldwide
  92. https://learn.microsoft.com/en-us/entra/identity/users/directory-service-limits-restrictions
  93. https://learn.microsoft.com/en-us/office365/servicedescriptions/azure-active-directory
  94. https://www.microsoft.com/en-us/security/business/microsoft-entra-pricing
  95. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mfa-licensing
  96. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad
  97. https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/microsoft-entra-id-free
  98. https://learn.microsoft.com/en-us/entra/fundamentals/licensing
  99. https://learn.microsoft.com/en-us/entra/id-governance/licensing-fundamentals
  100. https://learn.microsoft.com/en-us/entra/fundamentals/get-started-premium
  101. https://learn.microsoft.com/en-us/entra/fundamentals/concept-group-based-licensing
  102. https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-group-licenses?view=o365-worldwide
  103. https://learn.microsoft.com/en-us/entra/identity/users/licensing-admin-center
  104. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-roadmap
  105. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-prerequisites
  106. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization
  107. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-pta
  108. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-whatis
  109. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-whatis
  110. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-device-writeback
  111. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-sync-attributes-synchronized
  112. https://learn.microsoft.com/en-us/entra/id-governance/lifecycle-workflow-on-premises
  113. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/plan-connect-topologies
  114. https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/what-is-cloud-sync
  115. https://learn.microsoft.com/en-us/entra/identity/hybrid/cloud-sync/concept-how-it-works
  116. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/whatis-azure-ad-connect
  117. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-service-manager-ui
  118. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-health-sync
  119. https://learn.microsoft.com/en-us/entra/identity/devices/concept-device-registration
  120. https://learn.microsoft.com/en-us/answers/questions/1279782/about-the-info-button-for-work-or-school-accounts
  121. https://learn.microsoft.com/en-us/windows/client-management/mdm-enrollment-of-windows-devices
  122. https://learn.microsoft.com/en-us/entra/fundamentals/entra-admin-center
  123. https://learn.microsoft.com/en-us/graph/identity-network-access-overview
  124. https://learn.microsoft.com/en-us/powershell/entra-powershell/
  125. https://learn.microsoft.com/en-us/entra/identity/monitoring-health/reference-reports-data-retention
  126. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/best-practices
  127. https://futurumgroup.com/insights/microsoft-q1-fy-2026-cloud-and-ai-fuel-broad-based-growth/
  128. https://sqmagazine.co.uk/microsoft-statistics/
  129. https://expertinsights.com/email-security/microsoft-365-usage-and-security-statistics-for-2024/
  130. https://practical365.com/entra-id-multifactor-authentication-reaches-38-percent/
  131. https://www.bankinfosecurity.com/microsoft-ping-okta-dominate-access-management-gartner-mq-a-27214
  132. https://accutech.com/seb-takes-zero-trust-to-the-bank-with-entra-id-and-microsoft-defender-solutions-microsoft-customer-stories/
  133. https://www.microsoft.com/en/customers/story/24702-nsk-ltd-microsoft-entra-external-id
  134. https://jumpcloud.com/blog/passwordless-authentication-adoption-trends
  135. https://dxc.com/us/en/newsroom/10092025-security-leaders-embrace-zero-trust-but-lag-on-adopting-ai-security-tools-dxc-and-microsoft-research-finds
  136. https://www.wiz.io/blog/the-solarwinds-attack
  137. https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
  138. https://borncity.com/win/2024/03/04/new-variant-of-the-solarwinds-attack-technique-discovered-in-2020/
  139. https://www.securew2.com/blog/phishing-resistant-mfa-vs-authentication-methods-azure-ad
  140. https://northwave-cybersecurity.com/threat-intel-research/how-to-use-and-defend-against-mfa-fatigue-attacks
  141. https://learn.microsoft.com/en-us/answers/questions/4754008/how-to-investigate-compromised-accounts
  142. https://medium.com/%40majameeljameey/azure-ad-connect-hybrid-identity-management-e3996e562ec9
  143. https://www.isdecisions.com/en/blog/mfa/hybrid-identity-extend-on-premise-active-directory-identity-to-entra-id
  144. https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/choose-ad-authn
  145. https://www.trustradius.com/compare-products/google-workspace-vs-microsoft-entra-id
  146. https://workspace.google.com/pricing
  147. https://petri.com/how-to-enable-passwordless-authentication/
  148. https://www.computing.co.uk/news/4027923/microsoft-announces-passwordless-authentication-azure-updates-teams-outlook
  149. https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/european-commissions-use-microsoft-365-infringes-data-protection-law-eu-institutions-and-bodies
  150. https://www.edps.europa.eu/system/files/2024-03/24-03-08-edps-investigation-ec-microsoft365_en.pdf
  151. https://www.edps.europa.eu/press-publications/press-news/press-releases/2025/european-commissions-use-microsoft-365-into-compliance-data-protection-rules-eu-institutions-and-bodies
  152. https://2b-advice.com/en/2024/11/02/the-five-highest-dsgvo-fines-in-october-2024/
  153. https://docs.cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on
  154. https://www.g2.com/products/microsoft-entra-id/reviews?qs=pros-and-cons
Add your contribution
Related Hubs
User Avatar
No comments yet.