Microsoft Entra ID — formerly Azure Active Directory, often abbreviated as AAD or now Entra ID — comes up in almost every Microsoft 365 conversation. It's described as "identity management" or "the cloud directory." These descriptions are accurate but don't really explain why it matters.
Here's a plain-English explanation of what Entra ID is, what it does, and why your business should care about it.
What It Is
Entra ID is the system that manages who your staff are, what they're allowed to access, and how they prove who they are when they log in. Every Microsoft 365 tenant has Entra ID underneath it, whether you think about it or not.
When Sarah in your accounts team logs into Outlook, Teams or SharePoint, Entra ID is the system that checks: is this Sarah? Is she allowed to access this? What devices is she allowed to use? This happens every time, invisibly, in the background.
Why It Matters
Single sign-on is the most immediately useful capability. Entra ID can provide single sign-on (SSO) to thousands of applications — meaning your staff log in once with their Microsoft account and can access other connected applications without entering separate usernames and passwords. Many common business applications (Salesforce, Slack, DocuSign, Xero and hundreds of others) support this.
For staff, this means fewer passwords to remember and a smoother day-to-day experience. For IT administrators, it means user provisioning and deprovisioning in one place — when someone leaves, disabling their Entra ID account cuts off access to everything simultaneously.
Conditional access is where Entra ID becomes genuinely powerful for security. Conditional access policies let you set rules like: "Require multi-factor authentication when logging in from outside the office." Or: "Block login from countries we don't operate in." Or: "Only allow access from devices enrolled in our device management system." These policies run automatically without any user or IT intervention.
Device management integration — Entra ID works closely with Microsoft Intune (the device management component) to enforce that company devices meet security requirements before they can access company data.
The Licensing Reality
Basic Entra ID (the level included with Microsoft 365 Business Basic and Standard) gives you user accounts, single sign-on, and multi-factor authentication. That's the most important 80% and it's included.
Entra ID P1 (included with Microsoft 365 Business Premium) adds conditional access, self-service password reset, and more granular access management. For businesses with significant remote working or complex access requirements, P1 is worth the additional cost.
Entra ID P2 adds identity protection features — risk-based conditional access, privileged identity management — that are primarily relevant to larger organisations with dedicated security teams.
Where Most Small Businesses Under-Use It
The most common gap I find is that businesses have Entra ID but haven't implemented MFA properly across all users, and haven't configured conditional access policies. They're paying for the platform and using a fraction of its security capabilities.
The second most common gap is around guest access. When you share files or teams with external parties, Entra ID manages those guest accounts. Many businesses have accumulated hundreds of guest accounts for former clients, suppliers and contractors, with no process for removing them. Running a guest account audit is a useful annual exercise.