Azure Active Directory was rebranded to Microsoft Entra ID in October 2023, but the core identity and access management capabilities remain the same — centralized user management, single sign-on, multi-factor authentication, and conditional access policies. This guide covers practical management tasks using the current Entra ID product names and admin center.
Azure AD vs Microsoft Entra ID: What Changed
The rebrand from Azure AD to Microsoft Entra ID changed the product name and admin console URL but did not change the underlying technology or APIs.
| Before (Azure AD) | After (Entra ID) | Impact |
|---|---|---|
| Azure Active Directory | Microsoft Entra ID | Name change only |
| Azure AD Premium P1/P2 | Microsoft Entra ID P1/P2 | License name change |
| Azure AD Conditional Access | Microsoft Entra Conditional Access | Same feature, new name |
| Azure Portal > Azure AD | entra.microsoft.com | New admin center URL |
| Azure AD Graph API | Microsoft Graph API | Migration required (deprecated) |
Existing Azure AD configurations, policies, and integrations continue to work without changes. However, scripts using the deprecated Azure AD Graph API should migrate to Microsoft Graph API.
User Provisioning and Lifecycle Management
Effective identity management starts with automated user provisioning that creates, updates, and deactivates accounts based on HR system events.
- SCIM provisioning: Connect Entra ID to SaaS applications for automatic user creation and deactivation
- Dynamic groups: Automatically assign users to groups based on attributes (department, location, job title)
- Access reviews: Schedule periodic reviews where managers confirm or revoke user access
- Lifecycle workflows: Automate onboarding and offboarding tasks (license assignment, group membership, email setup)
Microsoft reports processing over 600 million identity-related attacks daily, making automated lifecycle management critical for reducing the attack surface from orphaned accounts.
Single Sign-On Configuration
Entra ID SSO eliminates password fatigue by providing one-click access to all connected applications through a single identity. Configuration options include:
- SAML-based SSO: For enterprise applications that support SAML 2.0 protocol
- OIDC/OAuth: For modern web and mobile applications
- Password-based SSO: For legacy applications that only support form-based login
- Linked SSO: For applications that handle their own authentication
The Entra ID app gallery includes pre-configured SSO templates for over 3,000 applications, reducing setup time to minutes for common SaaS tools.
Multi-Factor Authentication and Conditional Access
MFA and conditional access work together to enforce strong authentication based on risk signals like location, device state, and user behavior.
- MFA methods: Microsoft Authenticator app, FIDO2 security keys, SMS, phone call, and hardware tokens
- Conditional access policies: Require MFA only when risk is elevated (new location, unmanaged device, sensitive application)
- Risk-based policies: Entra ID Protection detects suspicious sign-ins and triggers step-up authentication automatically
Best practice: Enable security defaults for organizations without P1/P2 licensing, or build custom conditional access policies for granular control with premium licenses.
Privileged Identity Management (PIM)
PIM provides just-in-time privileged access, reducing the window of exposure for administrative accounts.
- Assign roles as "eligible" rather than "active" — administrators must activate their role before using it
- Require MFA and approval workflows for role activation
- Set time-limited role assignments that automatically expire
- Generate audit reports showing who activated which roles and when
PIM requires Entra ID P2 licensing but significantly reduces the risk of privilege escalation attacks.
Entra ID Pricing Overview
Entra ID is available in free and premium tiers with different feature sets.
| Tier | Key Features | Price (per user/month) |
|---|---|---|
| Free | Basic SSO, user management, MFA (security defaults) | Included with Microsoft 365 |
| P1 | Conditional Access, dynamic groups, self-service password reset | $6.00 |
| P2 | PIM, Identity Protection, access reviews, entitlement management | $9.00 |
Frequently Asked Questions
Do I need to migrate from Azure AD to Entra ID?
No migration is required. Azure AD was rebranded to Entra ID — all configurations, policies, and integrations continue to work. You should update documentation and scripts that reference the old Azure AD admin portal URL.
What is the difference between Entra ID P1 and P2?
P1 includes Conditional Access and dynamic groups. P2 adds Privileged Identity Management (PIM), Identity Protection with risk-based policies, and access reviews. P2 is recommended for organizations with strict security compliance requirements.
Can Entra ID manage non-Microsoft applications?
Yes. Entra ID supports SSO and provisioning for thousands of third-party applications through the app gallery, SAML, and SCIM protocols. It can also serve as the identity provider for custom-built applications using OIDC/OAuth.
How does Entra ID integrate with on-premises Active Directory?
Microsoft Entra Connect (formerly Azure AD Connect) synchronizes user accounts, groups, and passwords between on-premises Active Directory and Entra ID. This enables hybrid identity scenarios where users authenticate against cloud services using their existing directory credentials.
Is Entra ID suitable for managing cloud infrastructure access on AWS or GCP?
Yes. Entra ID can serve as a federated identity provider for AWS IAM (via SAML) and Google Cloud (via OIDC), providing centralized identity management across multi-cloud environments. Opsio helps configure these cross-cloud identity integrations as part of our Azure consulting services.