What is Azure AD ?

Azure Active Directory (Azure AD, now called Entra ID) is Microsoft’s cloud-based identity and access management service. It provides single sign-on and multifactor authentication to help organizations securely access cloud applications and on-premises apps.

Entra ID allows organizations to manage users and groups. It can integrate with on-premises Active Directory to provide a hybrid identity solution.

Main Features of Entra ID

Entra ID’s main features include:

  • Single sign-on (SSO) – Allows users to sign in once with one account to access multiple resources. This reduces the number of passwords needed and improves security.
  • Multi-Factor authentication (MFA) – Provides an extra layer of security for signing in to resources. It requires not only a password but also a verification code sent to the user’s phone or an app notification.
  • Application management – Administrators can add, configure, and manage access to SaaS applications like Office 365, Dropbox, Salesforce, etc. Users can then access all their applications through the Entra ID access panel.
  • Role-based access control (RBAC) – Provides fine-grained access management for Entra resources and applications based on a user’s role. This ensures users have access only to what they need to perform their jobs.
  • Monitoring and reporting – Entra ID provides logs, reports, and alerts to help monitor activity and gain insights into access and usage. This information can help detect potential security issues.
  • Self-service password reset – Allows users to reset their own passwords without calling helpdesk support. This reduces costs and improves the user experience.
  • User provisioning – Users can be manually created and managed in the Entra ID portal, allowing administrators to define attributes, roles, and access rights.
  • And more – Other capabilities include mobile device management, B2B collaboration, access reviews, conditional access, etc.

How Entra ID Works

Entra ID works by syncing with on-premises directories and allowing single sign-on to cloud applications. Users can sign in once with one account and gain access to all their resources. Entra ID also enables multi-factor authentication, access management, monitoring, and security reporting to help protect user accounts and control access.

How Directory Synchronization Works

Entra ID Connect synchronizes on-premises directories like Active Directory Domain Services with Entra ID. This allows users to use the same credentials for both on-premises and cloud resources. Entra ID Connect synchronizes objects like:

  • User accounts
  • Groups
  • Contacts

This synchronization process matches on-premises directory objects to their Entra ID counterparts and ensures changes are reflected in both directories.

Single Sign-On

In single sign-on (SSO), users are able to access multiple applications with a single login. Entra ID provides SSO through Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) protocols with thousands of pre-integrated applications. With seamless access, users do not have to re-enter their credentials each time they access an app.

Conditional Access

Entra ID Conditional Access allows administrators to set access controls based on conditions like:

  • User location
  • Device state
  • Risk level
  • Application accessed

Admins can block access or require multi-factor authentication to help reduce risk. Conditional Access provides an extra layer of security for accessing resources.

What is Windows Active Directory?

Windows Active Directory (AD) is Microsoft’s directory service for Windows domain networks. It stores information about objects on the network, like users, groups, and computers. AD allows network administrators to manage users and resources in a Windows environment.

AD uses a hierarchical database to store information about objects in the directory. The objects include:

  • Users – Represent individual users like employees. Contains info like username, password, and groups they belong to.
  • Groups – Collections of users and other groups. Used to assign permissions to multiple users at once.
  • Computers – Represent individual machines on the network. Stores info like computer name, IP address, and groups it belongs to.
  • Organizational Units (OUs) – Containers used to group users, groups, computers, and other OUs. Help organize objects in the directory and assign permissions.
  • Domains – Represent a namespace and security boundary. Made up of OUs, users, groups and computers. The directory service ensures objects with the same domain name share the same security policies.
  • Trusts – Allow users in one domain to access resources in another domain. Created between two domains to enable cross-domain authentication.
  • Sites – Represent physical locations of subnets on the network. Used to optimize network traffic between objects located in the same site.

AD allows system administrators to have a centralized location to manage users and resources in a Windows environment. By organizing objects like users, groups and computers into a hierarchical structure, AD makes it easy to apply policies and permissions across an entire network.

Difference Between Windows AD and Entra ID

Windows Active Directory (AD) and Entra ID  are both directory services from Microsoft, but they serve different purposes. Windows AD is an on-premises directory service for managing users and resources in an organization. Entra ID is Microsoft’s multi-tenant cloud-based directory and identity management service.

Windows AD requires physical domain controllers to store data and manage authentication. Entra ID is hosted in Microsoft’s cloud services, so no on-premises servers are needed. Windows AD uses the LDAP protocol, while Entra ID  uses RESTful APIs. Windows AD is designed primarily for on-premises resources, while Entra ID is designed to manage identities and access to cloud applications, software as a service (SaaS) apps, and on-premises apps.

User management

In Windows AD, users are synced from on-premises Windows servers and managed locally. In Entra ID, users can be created and managed in the cloud portal or synced from on-premises directories using Entra ID Connect. Entra ID also supports bulk user creation and updates through the Entra ID Graph API or PowerShell.

Application management

Windows AD requires manual configuration to publish on-premises applications. Entra ID has a different of pre-integrated SaaS apps and enables automatic provisioning of users. Custom applications can also be added to Entra ID for single sign-on using SAML or OpenID Connect.

Authentication Methods

Windows AD uses Kerberos and NTLM for on-premises authentication. Entra ID supports authentication protocols like SAML, OpenID Connect, WS-Federation and OAuth 2.0. Entra ID also provides multi-factor authentication, conditional access policies and identity protection.

Directory synchronization

Entra ID Connect can synchronize identities from Windows AD to Entra ID. This allows users to sign in to Entra ID and Office 365 using the same username and password. Directory synchronization is one-way, updating Entra ID with changes from Windows AD.

In summary, while Windows AD and Entra ID are both Microsoft directory services, they serve very different purposes. Windows AD is for managing on-premises resources, while Entra ID is a cloud-based service for managing access to SaaS applications and other cloud resources. For many organizations, using Windows AD and Entra ID together provides the most complete solution.

Entra ID Features

Entra ID provides essential identity and access management capabilities for Azure and Microsoft 365. It offers core directory services, advanced identity governance, security, and application access management.

Core directory services

Entra ID acts as a multi-tenant cloud directory and identity management service. It stores information about users, groups, and applications and synchronizes with on-premises directories. Entra ID provides single sign-on (SSO) access to apps and resources. It supports open standards like OAuth 2.0, OpenID Connect, and SAML for SSO integrations.

Identity governance

Entra ID includes capabilities for managing the identity lifecycle. It provides tools for provisioning and deprovisioning user accounts based on HR data or when employees join, move within, or leave an organization. Conditional access policies can be configured to require multi-factor authentication, device compliance, location restrictions, and more when accessing resources. Entra ID also allows administrators to configure self-service password reset, access reviews, and privileged identity management.


Entra ID utilizes adaptive machine learning algorithms and heuristics to detect suspicious sign-in activities and potential vulnerabilities. It provides security reports and alerts to help identify and remediate threats. Microsoft also offers Entra ID Premium P2 which includes Identity Protection and Privileged Identity Management for added security.

Application access management

Entra AD enables single sign-on access to thousands of pre-integrated SaaS apps in the Entra AD app gallery. It supports provisioning users and enabling SSO for custom applications as well. Application proxy provides secure remote access to on-premises web applications. Entra AD B2C offers customer identity and access management for customer-facing applications.

In summary, Azure AD is Microsoft’s multi-tenant cloud directory and identity management service. It provides essential capabilities like core directory services, identity governance, security features, and application access management to enable organizations to manage user identities and secure access to resources in Azure, Microsoft 365, and other SaaS applications.

Benefits Of Entra AD

Entra AD provides several benefits for organizations:

Increased Security

Entra AD provides robust security features like multi-factor authentication, conditional access, and identity protection. MFA adds an extra layer of security for user sign-ins. Conditional access allows organizations to implement access controls based on factors like user location or device state. Identity protection detects potential vulnerabilities and risks to a user’s account.

Streamlined Access Management

Entra AD simplifies the management of user accounts and access. It provides a single place to manage users and groups, set access policies, and assign licenses or permissions. This helps reduce administrative overhead and ensures consistent policy enforcement across an organization.

Seamless Single Sign-On

With Entra AD, users can sign in once using their organizational account and access all their cloud and on-premises applications. This single sign-on experience improves productivity and reduces password fatigue for users. Entra AD supports single sign-on for thousands of pre-integrated applications as well as custom applications.

Increased Productivity

By enabling single sign-on and streamlining access management, Entra AD helps increase end user productivity. Users can quickly access all their applications and resources without having to repeatedly sign in with different credentials. They spend less time managing multiple logins and passwords and more time engaged with the applications and resources they need.

Cost Savings

For many organizations, Entra AD may help reduce costs associated with on-premises identity solutions. It eliminates the need to purchase and maintain hardware and software for identity management. And by simplifying access management and enabling single sign-on, it can help reduce help desk costs related to password resets and access issues.

Common Attacks Against Entra AD

Common attacks against Entra AD include:

Password spray attacks

Password spray attacks are attempts to access multiple accounts by guessing common credentials. Attackers will try passwords like “Password1” or “1234” hoping they match accounts in the organization. Enabling multi-factor authentication and password policies can help prevent these kinds of brute force attacks.

Phishing attacks

Phishing attacks try to steal user credentials, install malware, or trick users into granting access to accounts. Attackers will send fraudulent emails or direct users to malicious websites that mimic the look and feel of legitimate Entra AD login pages. Educating users about phishing techniques and enabling multi-factor authentication can help reduce the risk of compromise from phishing.

Token theft and replay

Access tokens issued by Entra AD can be stolen and replayed to gain access to resources. Attackers will try to trick users or applications into revealing access tokens, then use those tokens to access data and systems. Enabling multi-factor authentication and only issuing short-lived access tokens help prevent token theft and replay attacks.

Rogue account creation

Attackers will create accounts in Entra AD to use for reconnaissance, as a jumping off point for lateral movement in the network, or to blend in as a legitimate account. Tightening account creation policies, enabling multi-factor authentication, and monitoring for anomalous account activity can help detect rogue account creation.

Malware and malicious applications

Malware, malicious applications, and compromised software can be used to extract data from Entra AD, spread to other accounts and systems, or maintain persistence in the network. Carefully controlling what third-party applications have access to your Entra AD data and accounts, monitoring for signs of compromise, and educating users about safe application usage help reduce the risk from malicious software.


Entra AD provides essential identity and access management capabilities like multi-factor authentication, conditional access, identity protection, privileged identity management, and more. For any organization looking to improve security and efficiently manage identities in the cloud, Entra AD should be considered as a robust and trusted solution.