Browse all topics
All guidesGlossary
Microsoft 365 essentials

What is Microsoft Entra ID?

Microsoft Entra ID is the cloud identity service behind every Microsoft 365 sign-in. Here's what it does and where it came from.

Microsoft Entra ID is Microsoft's cloud identity and access management service — the directory of users, groups, and devices that every Microsoft 365 sign-in goes through, and the system that decides who can access which apps and data.

What Entra ID provides

  • Identity directory — accounts for employees, guests, service principals (apps), and managed identities.
  • Single sign-on — to Microsoft 365 itself and to thousands of third-party SaaS apps via SAML and OIDC.
  • Multi-factor authentication (MFA) — verifier app, FIDO2 keys, Windows Hello, phone-based methods.
  • Conditional Access — policies that allow, block, or step up authentication based on user, device, location, app, and risk signals.
  • Identity protection — risk detection for compromised credentials and risky sign-ins.
  • Privileged Identity Management (PIM) — just-in-time, approval-gated activation of admin roles.
  • B2B and B2C — bring external partners in as guests, or run an Entra ID tenant for your own customers.

Where it came from

Entra ID was previously called Azure Active Directory (Azure AD); Microsoft renamed it in 2023. The product itself is unchanged — same APIs, same admin tools — but the branding and a handful of feature names changed (for example, "Azure AD Connect" became "Microsoft Entra Connect"). You'll still see "Azure AD" in older docs, on the on-premises connector, and in the Graph API endpoint names.

Entra ID vs Active Directory

Despite the name, Entra ID is not a cloud version of on-premises Active Directory Domain Services (AD DS). They're different products with overlapping concepts:

  • AD DS is the traditional on-prem directory: domain controllers, Kerberos, LDAP, GPOs.
  • Entra ID is a cloud identity provider: HTTPS APIs, OAuth/OIDC, modern device protocols.

Most organisations run both in hybrid identity: AD DS on-premises, synced to Entra ID with Entra Connect or Cloud Sync, so the same user account works for both worlds. Microsoft is steadily building features that make AD DS less necessary, but it's still common in enterprise environments.

If a Microsoft 365 admin talks about "users," "groups," or "tenants," they're almost always talking about Entra ID objects.