What is Microsoft Entra ID?
Microsoft Entra ID is the identity backbone for most modern organizations. If your company uses Microsoft 365, Teams, or any Azure services, you are already using Entra ID whether you realize it or not. It is the service that verifies who your users are and decides what they are allowed to access.
Before July 2023, this service was called Azure Active Directory (Azure AD). Microsoft rebranded it as part of the broader Microsoft Entra product family. The name changed, but the core functionality stayed the same.
At its heart, Entra ID is a directory service. It stores information about your users, groups, and applications. When someone logs into their work account, Entra ID checks their credentials, applies any security policies you have configured, and grants or denies access accordingly.
How does Entra ID differ from on-premises Active Directory?
This is one of the most common points of confusion. Traditional Active Directory Domain Services (AD DS) runs on servers in your own data center or server room. It was designed for on-premises networks where users log into domain-joined Windows computers.
Entra ID is cloud-native. It was built for a world where people work from anywhere and access cloud applications. The key differences: AD DS uses Kerberos and LDAP while Entra ID uses OAuth 2.0, OpenID Connect, and SAML. AD DS uses organizational units and Group Policy while Entra ID uses a flat structure with groups and conditional access policies. AD DS manages domain-joined devices while Entra ID works with Intune for device management.
Many organizations run both side by side, using Entra Connect to synchronize users between the two. Over time, most are moving toward Entra ID as their primary directory.
What can you do with Entra ID?
User authentication. Every time someone signs in with their work account, Entra ID handles the authentication. This includes enforcing multi-factor authentication, conditional access policies, and risk-based sign-in protections.
Single sign-on. Entra ID supports SSO for thousands of pre-integrated SaaS applications. Once a user signs in, they can access Salesforce, ServiceNow, Slack, and other apps without entering separate credentials.
Group management. You can organize users into security groups and Microsoft 365 groups. These groups control access to applications, SharePoint sites, Teams channels, and more. Entra ID also supports dynamic groups that automatically add and remove members based on user attributes like department or job title.
Application management. IT teams can register and manage both Microsoft and third-party applications, giving you a central place to control who can access what and under which conditions.
Conditional access. These are if-then policies that enforce security requirements. For example: if a user signs in from an unmanaged device, require MFA. If they are signing in from an unfamiliar location, block access entirely.
Entra ID license tiers
Microsoft offers Entra ID in several tiers, and the features you get depend on your license.
Free comes included with any Microsoft cloud subscription. It covers basic user management, SSO for a limited number of apps, and self-service password reset for cloud users.
P1 adds conditional access, dynamic groups, self-service group management, and hybrid identity features. Most mid-sized organizations need at least P1.
P2 adds Entra ID Protection (risk-based conditional access), Privileged Identity Management (PIM), and access reviews. These matter for organizations with stricter compliance requirements.
Understanding which license tier you need is important because governance features like access reviews and PIM require P2. This is where third-party solutions like Adcyma can fill gaps, providing governance capabilities without requiring the most expensive license tier for every user.
Why does Entra ID matter for identity governance?
Entra ID stores the identity data, but it does not do everything when it comes to governance. Managing who has access to what, making sure access is appropriate, and cleaning up access when someone changes roles or leaves — that is where identity governance comes in.
Native Entra ID governance features exist in the P2 tier, but they can be complex to configure and maintain. Many IT teams at small and mid-sized companies find that the built-in tools require significant time investment to set up properly.
This is the problem Adcyma was built to solve. By connecting directly to your Entra ID tenant, Adcyma provides governance capabilities like automated provisioning, access reviews, and lifecycle management without the complexity of enterprise IGA platforms or the need for expensive P2 licenses across your entire organization.
Common Entra ID challenges for IT teams
User lifecycle management. When someone joins, they need the right accounts, licenses, and group memberships from day one. When they leave, all of that access needs to be revoked quickly. Doing this manually in Entra ID is error-prone and slow.
Group sprawl. Over time, organizations accumulate hundreds of groups with unclear purposes and outdated memberships. Without regular cleanup, this becomes a security risk.
Visibility. Entra ID provides audit logs and sign-in logs, but getting a clear picture of who has access to what across all your applications takes extra work.
Compliance reporting. Auditors want to see evidence that you regularly review and certify access. Entra ID's built-in access reviews (P2 only) work, but generating the reports auditors expect often requires additional tooling.
These are everyday problems for IT managers, and they only get harder as your organization grows. A dedicated governance layer on top of Entra ID turns these manual, error-prone tasks into something you can handle without dedicated identity specialists.