One-Pager · Identity & Access

Microsoft Entra ID at a Glance

Core identity platform for Azure and Microsoft 365 — authentication, authorization, governance, and external identities. Formerly Azure Active Directory.

Core Features

Single Sign-On (SSO)

One identity across thousands of SaaS apps, on-premises apps, and custom apps. SAML, OIDC, and WS-Fed protocols. App gallery with 5,000+ pre-integrated apps.

All appsSAMLOIDCApp Gallery

Multi-Factor Authentication

Protect sign-ins with a second factor. Microsoft Authenticator, FIDO2 keys, phone, SMS. Per-user, Conditional Access, or Security Defaults.

Security baselineAuthenticatorFIDO2Passwordless

Conditional Access

Policy engine for zero trust. Grant or block access based on user, device, location, risk, app, and session conditions.

Zero trustPolicy engineRisk-basedDevice state

Application Proxy

Publish on-premises web apps externally without VPN. Pre-authentication via Entra ID, SSO to backend apps, Conditional Access support.

On-prem appsNo VPNPre-auth

Governance & Lifecycle

Privileged Identity Management

Just-in-time privileged access. Time-bound role activation with approval workflows, MFA enforcement, and audit trail.

JIT accessLeast privilegeApproval flowAudit

Access Reviews

Periodic certification of who has access to what. Reviewers confirm or revoke. Auto-apply results. Required for SOX, SOC 2, HIPAA.

ComplianceRecertificationAuto-revoke

Entitlement Management

Access packages bundling groups, apps, and sites. Self-service requests with approval, expiration, and automatic lifecycle management.

Access packagesSelf-serviceExpiration

Lifecycle Workflows

Automate joiner-mover-leaver processes. Trigger workflows on hire, department change, or termination. Custom tasks and notifications.

OnboardingOffboardingAutomation

Protection & External

Identity Protection

ML-based risk detection. User risk (leaked credentials, anomalous behavior) and sign-in risk (impossible travel, anonymous IP). Auto-remediate.

Risk detectionML-basedAuto-remediate

External Identities (B2B)

Invite partners and vendors with their own credentials. Cross-tenant access settings, direct connect, and SAML/OIDC federation.

Partner accessGuest usersFederation

External Identities (B2C)

Customer identity platform. Custom sign-up/sign-in flows, social logins (Google, Facebook, Apple), progressive profiling.

Customer-facingSocial loginCustom flows

Verified ID

Decentralized identity credentials. Issue and verify claims without storing personal data. W3C Verifiable Credentials standard.

DecentralizedPrivacyW3C standard

License Tiers

Feature	Free	P1	P2
SSO (cloud apps)	✓ (10 apps)	✓ Unlimited	✓ Unlimited
MFA	Security Defaults	✓ Conditional Access	✓ Conditional Access
Conditional Access	—	✓	✓
Application Proxy	—	✓	✓
PIM	—	—	✓
Access Reviews	—	—	✓
Identity Protection	—	—	✓
Entitlement Mgmt	—	—	✓
Lifecycle Workflows	—	—	✓