Microsoft Entra ID

Microsoft Entra ID is Microsoft's cloud-based identity and access management platform — the system that controls who can access what across your Microsoft 365, Dynamics 365, and Azure environment. It was renamed from Azure Active Directory (Azure AD) in 2023 as part of Microsoft's broader Entra product family. The name changed; its role as the identity foundation of every Microsoft cloud service did not.

Every time a staff member signs into Microsoft 365, Teams, Outlook, or Dynamics 365, that authentication goes through Entra ID. It is the gatekeeper for your entire Microsoft estate.

They are the same product with a new name. Microsoft renamed Azure Active Directory to Microsoft Entra ID in July 2023. All existing features, capabilities, licensing tiers, and functionality remain identical — only the branding changed. If you are searching for Azure AD information, you will find it under the Entra ID name going forward.

The rename was part of Microsoft creating a unified Entra product family covering identity, network access, and permissions management. Azure Active Directory is now Microsoft Entra ID; Azure AD P1 is now Entra ID P1; Azure AD P2 is now Entra ID P2.

Conditional Access is Entra ID's real-time policy engine — evaluating every sign-in request against your security rules before deciding whether to grant access, require additional verification, or block the attempt entirely. Rather than simply checking a password, Conditional Access considers multiple signals simultaneously:

• Who is the user and what is their risk level?
• What device are they signing in from — is it compliant and managed?
• Where is the sign-in coming from — known location or unusual geography?
• What application or data are they trying to access?

Based on these signals, Conditional Access applies the appropriate response automatically. Staff signing in on a managed device from a known location get seamless access. The same account signing in from an unfamiliar country on an unknown device gets blocked or challenged with additional MFA. This is Zero Trust security in practice — every request verified, nothing assumed safe.

Multi-factor authentication (MFA) requires users to verify their identity with a second factor beyond their password — typically a push notification to their phone via the Microsoft Authenticator app, a one-time code, or a biometric prompt. Microsoft's own data shows that MFA blocks over 99% of credential-based attacks, including phishing, password spray, and credential stuffing attacks.

For UK SMEs, the majority of successful cyber attacks begin with compromised credentials. Enforcing MFA across all users via Entra ID's security defaults or Conditional Access policies is one of the single highest-impact security actions available — and a requirement of most cyber insurance policies and the Cyber Essentials certification that Advantage helps clients achieve.

Not immediately — but progressively moving identity management to Entra ID is strongly recommended for any SME operating primarily in the cloud. On-premise Active Directory was designed for a world where all users and resources were inside the office network. It has no native cloud capabilities and does not support Conditional Access, MFA at the identity layer, or cloud-based device management.

The standard migration path uses Microsoft Entra Connect — a synchronisation tool that runs alongside your existing on-premise AD, synchronising user accounts to Entra ID so both systems work in parallel. This allows a gradual transition rather than a cutover migration, with Advantage managing the process to ensure no disruption to existing users or access.

Entra ID Free is included with all Microsoft 365 plans and provides basic identity management and MFA capability. The advanced security features require higher tiers:

• Entra ID P1 — Conditional Access, group-based access management, hybrid identity — included in Microsoft 365 Business Premium, E3, and EMS E3
• Entra ID P2 — everything in P1 plus Identity Protection (risk-based Conditional Access), Privileged Identity Management (PIM) — included in Microsoft 365 E5 and EMS E5

For most UK SMEs, Microsoft 365 Business Premium provides the right level of Entra ID capability at a cost-effective price point. Advantage advises on licensing as part of every engagement — often upgrading to Business Premium is the most commercially efficient way to access Entra ID P1 alongside the other security features included in that plan.

Entra ID provides multiple layers of protection against the credential theft and identity compromise attacks that account for the majority of SME security incidents:

• MFA — blocks attacks that use stolen passwords, since the attacker also needs the second factor
• Conditional Access — blocks sign-ins from unfamiliar locations, non-compliant devices, or high-risk contexts even with valid credentials
• Identity Protection — uses Microsoft's global threat intelligence to detect risky sign-ins (impossible travel, known malicious IP, compromised credential detection from dark web feeds) and respond automatically
• Password protection — blocks commonly used and compromised passwords organisation-wide
• Security defaults — a baseline set of MFA and access controls enabled by default for all Entra ID tenants, providing a minimum security floor even without advanced licensing

Entra ID, Microsoft Intune, and Microsoft Defender for Business form the three pillars of Microsoft's endpoint security platform — and they are designed to work together:

• Entra ID + Intune — Conditional Access policies in Entra ID can require devices to be enrolled in and compliant with Intune before granting access. A staff member on a non-compliant or unmanaged device can be blocked from accessing company data automatically.
• Entra ID + Defender — Defender's risk signals feed into Entra ID Identity Protection, enabling risk-based Conditional Access that responds automatically to detected threats on a device or account.
• Together — identity (Entra ID), device (Intune), and threat (Defender) signals combine to give a comprehensive, real-time picture of the security posture of every access request across the organisation.

Yes — Microsoft Entra B2B collaboration allows you to invite external users (contractors, partners, suppliers, accountants) to collaborate in your Microsoft 365 environment without giving them full internal accounts. External guests sign in with their own Microsoft or organisation credentials and are granted access only to the specific resources you share with them — Teams channels, SharePoint sites, or specific applications.

Conditional Access policies apply to guest users just as they do to internal staff, ensuring external collaborators meet your security requirements. Guest access can be time-limited and revoked instantly when a project or relationship ends — leaving no residual access that could become a security risk.

Advantage implements Entra ID using its Analyse, Activate, Aftercare methodology:

• Analyse — reviewing your current identity estate, existing Active Directory or Entra ID configuration, licensing, user groups, and security gaps. Identifying which Conditional Access policies are appropriate for your organisation's risk profile and working patterns.
• Activate — configuring Entra ID with MFA enforcement, Conditional Access policies, SSO for connected applications, and Identity Protection where licensed. Managing the rollout to minimise disruption to staff.
• Aftercare — ongoing monitoring of identity risk signals, Conditional Access policy review and updates, user lifecycle management, and security alert response — available as part of Advantage Secure365™ managed security service.

Contact the team, call 020 3004 4600, or email hello@advantage.co.uk.