2.3.1. Microsoft Entra ID
š” First Principle: Microsoft Entra ID (formerly Azure Active Directory) is the cloud identity and access management service that underpins every Microsoft 365 service. Every user account, every group, every application access decision, every sign-in ā they all flow through Entra ID.
Think of Entra ID as the digital passport office for your organization. It issues identities, verifies them at the door, and records every entry and exit. Without it, M365 services have no way of knowing who's asking for access or whether they should get it.
Key capabilities of Microsoft Entra ID:
| Capability | What It Does |
|---|---|
| User and group management | The canonical directory of all identities in your organization |
| Authentication | Verifies who users are using passwords, MFA, passwordless methods |
| Authorization | Enforces what users can access through role assignments and app permissions |
| Conditional Access | Policy engine that evaluates context before granting access |
| Identity Secure Score | Measurable score (0-100%) of your identity security posture with improvement recommendations |
| B2B collaboration | External guest access ā invite partners and contractors into your tenant |
| Hybrid identity | Synchronize on-premises Active Directory to Entra via Entra Connect |
Identity Secure Score deserves special attention for the exam. It's a percentage-based score in the Entra admin center that measures how well your identity configuration follows Microsoft's security recommendations. Each recommendation shows its point value, implementation difficulty, and impact. Use it to prioritize identity hardening work ā higher-impact, lower-effort improvements first.
ā ļø Exam Trap: Entra ID is not a replacement for on-premises Active Directory in all scenarios. Organizations running legacy apps that rely on Kerberos or NTLM still need on-premises AD. Entra ID excels at cloud and modern authentication; it's not a drop-in replacement for every AD use case.
Reflection Question: An admin sees their Identity Secure Score is 45%. Which section of the Entra admin center should they visit to get prioritized recommendations for improvement?
