Microsoft Entra ID— identity managed by PIP, not left at defaults
The identity layer most businesses set up once and forget. PIP configures and manages it from day one — Conditional Access, MFA, user lifecycle — as part of every Microsoft 365 engagement.
The identity backbone of Microsoft 365
Microsoft Entra ID is a cloud-based identity and access management service built into every Microsoft 365 subscription. It controls who can sign in, from where, on which devices, and to which apps. Entra ID tenants are created automatically when enrolling in Microsoft cloud services — which means most Sydney businesses already have one running inside their Microsoft tenant without ever having configured it properly.
The defaults are not secure defaults. Without Conditional Access, without MFA enforced, and without user provisioning handled correctly, Entra ID is a door with a lock that nobody turned. PIP configures Microsoft Entra ID for every Microsoft 365 client it manages — identity and access management set up correctly, not left at whatever Microsoft ships out of the box.
What Entra ID controls — and why it matters
Entra ID handles three things: identity (who you are), authentication (proving it), and access (what you can reach). The features below are the ones that make or break a Microsoft 365 environment.
Single Sign-On (SSO)
One login grants access to Microsoft 365, Azure and thousands of SaaS applications — including Google Workspace federation where needed. Staff sign in once and reach everything, using SAML 2.0 and OAuth 2.0 under the hood.
Multi-Factor Authentication
Multifactor authentication adds multiple layers of authentication — something you know, something you have, something you are. PIP enforces multi-factor authentication for every managed client from day one.
Conditional Access
Conditional Access policies assess real-time signals — device compliance, location, user risk level — and dynamically allow, block or require additional verification before granting access. This is the control that stops compromised accounts cold.
Self-Service Password Reset
Users reset their own passwords securely through self-service password reset — no call to IT required. Reduces helpdesk load and keeps user accounts accessible.
Identity Protection
Microsoft Entra ID Protection uses AI-powered identity protection and machine learning for adaptive conditional access — detecting compromised credentials, risky sign-ins and impossible-travel scenarios before they become incidents.
Passwordless Authentication
Hardware security keys, Windows Hello biometrics and the Microsoft Authenticator app — passwordless authentication removes the weakest link in the chain entirely.
Dynamic Groups & Governance
Dynamic groups update membership automatically based on user attributes. Microsoft Entra ID Governance takes it further — automating user provisioning and deprovisioning based on HR or lifecycle data, so identity management scales with the business.
External Identities & Zero Trust
Microsoft Entra External ID manages secure access for business partners, vendors and customers. Entra ID is the foundation of Microsoft’s Zero Trust model — verify explicitly, least-privilege access, assume breach — providing identity and network access control across cloud resources.
Entra ID vs Active Directory — not the same thing
This is the question that comes up in nearly every migration conversation. Active Directory and Microsoft Entra ID (formerly Azure Active Directory / Azure AD) serve the same broad purpose — managing user accounts and access — but they work in fundamentally different places.
| On-premises Active Directory | Microsoft Entra ID (cloud) | |
|---|---|---|
| Runs on | Windows Server on your local network | Microsoft’s cloud — no local server required |
| Manages | Local network resources, file shares, printers, group policies | Microsoft 365, Azure, SaaS apps, cloud resources |
| Protocol | LDAP, Kerberos | SAML 2.0, OAuth 2.0, OpenID Connect |
| Tenant model | Domain-based (yourcompany.local) | Tenant-based (initial domain name: yourcompany.onmicrosoft.com) |
| Device management | Group Policy | Microsoft Intune + Conditional Access |
| Hybrid option | Microsoft Entra Connect syncs on-premises Active Directory accounts to Entra ID | |
They can coexist: many businesses run a hybrid environment where on-premises Active Directory and Entra ID sync user accounts through Microsoft Entra Connect. One thing Entra ID does not support is migrating local user profiles directly — re-enrolling devices into cloud management platforms is typically required when moving to an Entra ID-only model.
What’s included — and when you need more
Entra ID Free
Basic identity management, user and group administration, single sign-on, self-service password change. Enough to log in — not enough to protect a business properly.
Entra ID P1
Adds Conditional Access, self-service password reset, hybrid identity via Entra Connect, and dynamic groups. This is where real access management begins for most organisations.
Entra ID P2
Adds Identity Protection (AI-driven risk detection) and Entra ID Governance (automated lifecycle management). For businesses with compliance obligations or higher-risk environments.
What PIP configures and manages
Entra ID misconfiguration is one of the most common causes of Microsoft 365 security incidents — shared passwords, no MFA, over-privileged user accounts, and organisations left at defaults. PIP configures Entra ID for every Microsoft 365 client, and manages it ongoing as the business changes.
- Initial domain configuration and tenant setup
- MFA enforcement across every user account from day one
- Conditional Access policies written for how your business actually operates
- User provisioning and deprovisioning — new staff onboarded, leavers revoked promptly
- Group management and SSO app connections for secure access to SaaS applications
- Ongoing identity management — policy reviews, security alert response, licence auditing
- Data protection through proper identity controls — securely access corporate data, nothing more
PIP’s developers can also integrate Entra ID into custom applications where organisations need identity built into their own tools. Entra ID configuration is part of the broader Microsoft 365 managed service — not a bolt-on.
Entra ID, answered
What is Microsoft Entra ID for?
Entra ID is Microsoft’s cloud-based identity and access management service. It controls who can sign into Microsoft 365, Azure and connected SaaS applications, from which devices and locations, and with what level of access. It enforces security policies like MFA and Conditional Access across your organisation — it’s the identity layer that every other Microsoft cloud service relies on.
Why do I have a Microsoft Entra ID?
Every Microsoft 365 subscription automatically creates an Entra ID tenant for your organisation. When your business signed up for Microsoft 365, an Entra ID directory was created — that’s where all your user accounts, groups and access policies live. If you have Microsoft 365, you have Entra ID. The question is whether anyone has configured it.
Is Microsoft Entra ID free?
The free tier is included with every Microsoft 365 subscription and covers basic identity management. Advanced features — Conditional Access, Identity Protection, Governance — require Entra ID P1 (included in Microsoft 365 Business Premium) or P2 (add-on or E5). For most businesses, P1 via Business Premium is the right starting point.
Where can I find my Entra ID?
Entra ID is managed through the Microsoft Entra admin centre at entra.microsoft.com, or via the Microsoft 365 admin centre. IT administrators can manage user accounts, groups and policies there. PIP manages the Entra ID environment for its managed Microsoft 365 clients — clients can still access the admin centre, but the configuration and ongoing management is handled by PIP’s team.
Identity configured. Access controlled.
Whether you’re setting up Microsoft 365 for the first time or have an existing tenant where nobody has touched Entra ID — that’s the conversation to have with PIP before anything else.