Adcyma vs Doing It Manually in Entra ID
Microsoft Entra ID gives you the building blocks. But as your company grows, manual processes break down - onboarding gets inconsistent, offboarding has gaps, and compliance evidence lives in spreadsheets. Here's when native tools stop being enough, and what comes next.
Start free trial - deploys on top of your existing Entra ID and ADThis isn't about replacing Entra ID
Adcyma doesn't replace Entra ID. It connects to your existing tenant and adds a governance layer on top - the management console that Entra ID's native tools should be but aren't.
If you have fewer than 50 users with simple access needs and no compliance pressure, native Entra ID is genuinely fine. Keep doing what you're doing.
If you have 50+ users and you're starting to feel the cracks - inconsistent onboarding, offboarding gaps, audit evidence scattered across portals - that's the point where a governance layer pays for itself.
The tools Microsoft provides (and where they work)
Microsoft has been improving identity management in Entra ID. Here's what you get without any third-party tools:
User management.
Create, update, and delete users through the portal, PowerShell, or Graph API. Assign licenses, set properties, manage authentication. The basics work well.
Dynamic groups.
Automatically add and remove group members based on user attributes - department, job title, location. Powerful concept, but the rule syntax is limited and troubleshooting broken rules is painful.
Entra ID Governance (P2 license).
Access reviews, entitlement management, lifecycle workflows, and privileged identity management. These features exist, but they're spread across different portal blades, require P2 licensing for every user, and have real functional limitations.
Lifecycle workflows.
Trigger automated tasks when users join, move, or leave. Relatively new. Available actions are limited, conditions are rigid, and anything beyond basic scenarios requires workarounds.
Signs you've outgrown manual Entra ID management
These tend to appear gradually, usually between 50 and 150 users:
1. Onboarding takes too long and varies too much.
With 50+ hires per year, manual provisioning eats real time. Worse: different admins do it differently. One assigns all the right groups, another misses two, a third follows a wiki doc that's six months out of date. Result: inconsistent access, confused new hires, day-one support tickets.
2. Offboarding has gaps.
Disabling an account takes seconds. But revoking access to every group, shared mailbox, Teams channel, SharePoint site, and application that person accumulated? That's harder. Without a structured process, things get missed. Former employees with lingering access is one of the most common audit findings.
3. Access reviews are a nightmare.
Entra ID's native access reviews (P2) handle simple cases. Managing review campaigns across departments, tracking completions, handling exceptions, and producing clean audit evidence? Most teams end up in spreadsheets, which defeats the purpose.
4. Compliance evidence is scattered.
When your auditor asks "show me all access changes in the last quarter" or "prove access reviews were completed for every department," you're pulling data from multiple portal blades, cross-referencing logs, and hoping you didn't miss anything.
5. Dynamic groups hit their limits.
"All marketing people except contractors, but include marketing contractors who've been here more than six months" - good luck writing that as a native dynamic group rule. And when a rule breaks silently, people lose access with no alert.
What you're paying for Entra ID P2
Entra ID P2 (now part of Microsoft Entra Suite) costs roughly €8-9 per user per month for the governance features.
For a 200-person company, that's over €19,000 per year - and you still need to stitch together multiple portal blades to get a coherent governance experience.
That's not a small number. And the question worth asking is whether that spend gets you a better governance experience than a purpose-built tool at a comparable price point.
The governance layer Entra ID is missing
Automated lifecycle management.
Define what each role needs - groups, licenses, Teams memberships, mailbox access - once. Provisioning and deprovisioning runs consistently every time, connected to your HR system or triggered manually. No wiki doc. No guessing.
Simplified dynamic groups.
Create and manage group rules with a clearer interface than Entra ID's native syntax. See what changed and why. Get alerts when something unexpected happens.
Structured access reviews.
Run campaigns with clear ownership, deadlines, and escalation. Every decision logged. Every completion tracked. Export directly in a format your auditor accepts.
Unified compliance reporting.
SOC 2, ISO 27001, NIS2 - pull reports from one place instead of assembling evidence from multiple portal blades and log sources.
No P2 dependency.
Adcyma provides governance capabilities without requiring P2 licensing for every user. Depending on your current licensing, this can offset a meaningful part of the cost.
What changes with Adcyma
| Manual Entra ID + P2 | Adcyma | |
|---|---|---|
| Annual cost (200 users) | ~€19,000+ (P2 licensing alone) | Comparable or lower |
| Setup | Already running (sort of) | 1-2 days on top of your existing tenant |
| Onboarding | Manual, varies by admin | Defined once, runs the same every time |
| Offboarding | Manual checklist, easy to miss things | Automated, comprehensive |
| Access reviews | Native reviews + spreadsheets | Structured campaigns with full audit trail |
| Compliance reporting | Manual assembly from multiple portals | Pre-built reports for SOC 2, ISO 27001, NIS2 |
| Dynamic groups | Native syntax (limited, fragile) | Clearer interface, better visibility |
| Audit trail | Fragmented across portal blades | Unified, everything in one place |
| P2 license required | Yes, for every user | No |
Should you stick with native tools or add a governance layer?
Stick with native Entra ID if:
- You have fewer than 50 users and low turnover
- Compliance requirements are minimal or informal
- Your IT team has capacity for manual lifecycle tasks
- You're not facing SOC 2, ISO 27001, or NIS2 audits
- Access reviews are annual or informal
Add Adcyma if:
- Onboarding and offboarding are inconsistent or have produced incidents
- You're approaching a compliance audit and evidence is scattered
- Access reviews happen in spreadsheets (or don't happen at all)
- You've had a former employee access incident
- Your team is growing and manual workload scales linearly while IT doesn't
- You're paying for P2 primarily for governance features and not getting enough value
Questions from IT teams considering the switch
No. Adcyma connects to your existing Entra ID tenant. Your current groups, users, and configurations stay exactly as they are. Adcyma adds a governance layer on top - it doesn't replace what's underneath.
Yes. If you're already paying for P2 and using features like Conditional Access and Privileged Identity Management, Adcyma complements those by adding structured lifecycle management, better access reviews, and unified compliance reporting. It doesn't duplicate the P2 features you're actively using - it fills the gaps.
That's actually the ideal time to put governance in place. Before processes calcify and before your first audit. It's much easier to start clean than to fix inconsistent access across 300 users retroactively.
Yes. Adcyma connects with read permissions initially. You can see what it would do - what governance looks like in your environment - before enabling any automated actions.
Add governance to your Entra ID - in a day
Free for up to 25 users. Connects to your existing Entra ID tenant. No infrastructure. No P2 dependency. No disruption to what's already working.