You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Microsoft Entra ID (formerly Azure Active Directory, or Azure AD) is Microsoft's cloud-based identity and access management service. It is the backbone of authentication and authorisation across the Azure ecosystem and integrates with thousands of SaaS applications, on-premises resources, and custom-built solutions.
Identity and Access Management (IAM) is the discipline of ensuring that the right people and services have the right level of access to the right resources at the right time. IAM covers:
Without a robust IAM strategy, organisations face data breaches, compliance violations, and operational chaos.
In July 2023, Microsoft rebranded Azure Active Directory to Microsoft Entra ID as part of the broader Microsoft Entra product family. The service itself remains functionally the same, but the new name reflects its expanded scope beyond Azure.
Key points about the rebrand:
Throughout this course, we will use the name Microsoft Entra ID, but you will encounter "Azure AD" in older documentation, scripts, and community resources.
A tenant is a dedicated instance of Entra ID that an organisation receives when it signs up for a Microsoft cloud service (Azure, Microsoft 365, Dynamics 365). Each tenant has a unique ID and a default domain (e.g., contoso.onmicrosoft.com).
The directory is the database within the tenant that stores identity objects — users, groups, applications, service principals, and devices.
| Object | Description |
|---|---|
| User | A person who authenticates to access resources |
| Group | A collection of users, devices, or service principals |
| Application | A registered application that can request tokens |
| Service Principal | The local representation of an application within a tenant |
| Device | A registered or joined device (PC, phone, IoT) |
When a user signs in to an Azure resource or a connected application, the following flow occurs:
This flow uses industry-standard protocols:
Microsoft Entra ID is available in several editions:
| Edition | Key Features |
|---|---|
| Free | User and group management, basic SSO, self-service password change, Entra Connect sync |
| P1 | Conditional Access, dynamic groups, self-service password reset, on-premises write-back |
| P2 | Identity Protection (risk-based policies), Privileged Identity Management (PIM), access reviews |
| Governance | Entitlement management, lifecycle workflows, advanced access reviews |
Most organisations require at least P1 for Conditional Access policies. P2 is essential for organisations with strict governance and zero-trust requirements.
It is important to distinguish between Entra ID and traditional Windows Server Active Directory Domain Services (AD DS):
| Aspect | Entra ID | AD DS |
|---|---|---|
| Protocol | OAuth 2.0, OIDC, SAML | Kerberos, LDAP, NTLM |
| Structure | Flat (no OUs or GPOs) | Hierarchical (OUs, forests, domains) |
| Management | Azure portal, Graph API | Server Manager, Group Policy |
| Scope | Cloud-first, internet-facing | On-premises, LAN-focused |
| Join type | Entra join, Entra hybrid join | Domain join |
Entra ID is not a direct replacement for AD DS. Many organisations run both and synchronise identities using Microsoft Entra Connect (formerly Azure AD Connect).
The Microsoft identity platform is the developer-facing side of Entra ID. It provides:
Developers register their applications in Entra ID and use MSAL to acquire tokens that grant access to protected APIs.
Microsoft Entra ID is the foundational identity service in Azure. It manages users, groups, applications, and devices, and it provides authentication and authorisation using modern protocols. Understanding Entra ID is essential for securing any Azure environment. In the next lesson, we will explore users, groups, and tenants in greater detail.