<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Azure-AD on IT Made Simple</title><link>https://itmadesimple.co.nz/tags/azure-ad/</link><description>Recent content in Azure-AD on IT Made Simple</description><generator>Hugo -- gohugo.io</generator><language>en</language><managingEditor>Thaddeus</managingEditor><webMaster>Thaddeus</webMaster><lastBuildDate>Mon, 08 Jun 2026 08:00:00 +1200</lastBuildDate><atom:link href="https://itmadesimple.co.nz/tags/azure-ad/index.xml" rel="self" type="application/rss+xml"/><item><title>What Is Microsoft Entra (Azure AD) and Why Should You Care?</title><link>https://itmadesimple.co.nz/posts/what-is-microsoft-entra/</link><pubDate>Mon, 08 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/what-is-microsoft-entra/</guid><description>Microsoft Entra (formerly Azure Active Directory) sounds like enterprise jargon — but it&amp;#39;s the backbone of your Microsoft 365 account. Here&amp;#39;s what it actually does and why it matters.</description><content:encoded><![CDATA[<p>You might have heard the term &ldquo;Microsoft Entra&rdquo; or &ldquo;Azure AD&rdquo; thrown around and immediately tuned out. Sounds like enterprise nonsense. Something that only big companies with dedicated IT teams need to worry about.</p>
<p>Fair enough. But here&rsquo;s the thing — if you use Microsoft 365, you&rsquo;re already using Entra. Whether you know it or not. It&rsquo;s the system that controls who can log in to your email, your files, your Teams — everything.</p>
<p>So let&rsquo;s demystify it.</p>
<h3 id="what-is-microsoft-entra-actually">What Is Microsoft Entra, Actually?</h3>
<p>Microsoft Entra ID (formerly Azure Active Directory, or Azure AD — Microsoft loves renaming things) is Microsoft&rsquo;s <strong>identity and access management</strong> service.</p>
<p>In plain English: it&rsquo;s the system that decides <strong>who gets in</strong> and <strong>what they can see</strong> once they&rsquo;re in.</p>
<p>Every time you log in to Outlook, OneDrive, Teams, or any Microsoft 365 service, Entra is the bouncer at the door. It checks your username, verifies your password, maybe asks for your MFA code, and then lets you through.</p>
<p>That&rsquo;s it. That&rsquo;s the core job. It&rsquo;s the lock on the front door.</p>
<h3 id="why-the-name-changes">Why the Name Changes?</h3>
<p>Quick sidebar because I know someone is wondering — yes, this used to be called Azure Active Directory, and yes, Microsoft renamed it to Entra ID, and yes, it&rsquo;s confusing.</p>
<p>Here&rsquo;s the deal: &ldquo;Azure Active Directory&rdquo; was a terrible name. While it shared some high-level concepts with the traditional Active Directory you might know from on-premises Windows servers — users, groups, authentication — it was a completely different architecture underneath. The name made people assume it was just Active Directory in the cloud. It wasn&rsquo;t. That caused endless confusion. So Microsoft split the identity product line into &ldquo;Entra&rdquo; and now it&rsquo;s called <strong>Microsoft Entra ID</strong>.</p>
<p>Same product. Shiny new name. If you see Azure AD in older documentation, it&rsquo;s the same thing. Old habits die hard — you&rsquo;ll still see Azure AD everywhere in older docs, scripts, and PowerShell modules. Just know it&rsquo;s the same thing with a new label.</p>
<h3 id="what-does-it-actually-do">What Does It Actually Do?</h3>
<p>Let&rsquo;s get specific about what Entra handles day to day in a small business:</p>
<p><strong>1. User accounts and passwords.</strong>
Every person in your business who has a Microsoft 365 account — that account lives in Entra. Their username, password, display name, job title, all of it. You manage users through the Microsoft 365 admin centre (which is backed by Entra).</p>
<p><strong>2. Single Sign-On (SSO).</strong>
If your device is set up with your work account, you’ll often sign in once to your computer and won’t be prompted again when you open apps like Teams. That’s Entra working behind the scenes — one login, access to everything. It’s more convenient and more secure than using separate passwords everywhere.</p>
<p><strong>3. Multi-Factor Authentication (MFA).</strong>
This is the big one. MFA means that even if someone gets your password, they still can&rsquo;t log in without the second factor — usually a code from an app on your phone.</p>
<p>Without MFA, your password is the only thing standing between a hacker and your business email, files, and customer data. That&rsquo;s one lock. MFA adds a second. Simple concept, massive impact.</p>
<p><strong>4. Conditional Access.</strong>
This is where it gets powerful. Conditional Access lets you set rules about <em>how</em> and <em>where</em> people can log in. For example:</p>
<ul>
<li>Only allow logins from New Zealand</li>
<li>Require MFA if someone is logging in from a new device</li>
<li>Block logins from countries you don&rsquo;t operate in</li>
<li>Only allow company-managed devices to access certain files</li>
</ul>
<p>Business Premium includes Conditional Access. Basic and Standard rely on Security Defaults, which enforces MFA automatically but with less flexibility.</p>
<p><strong>5. Device management (with Intune).</strong>
If you add Intune to the mix (Business Premium), Entra tells Intune which devices are trusted and which aren&rsquo;t. A company laptop that&rsquo;s been set up properly? Fine. A random personal laptop from a coffee shop? Maybe not.</p>
<h3 id="why-should-you-care">Why Should You Care?</h3>
<p>Because identity is the new firewall.</p>
<p>Old school IT thinking was: build a strong perimeter. Get a good firewall, lock down the network, and you&rsquo;re safe. That worked when everyone worked in an office and all the computers were plugged into the same network.</p>
<p>That&rsquo;s not how most businesses work anymore. People work from home. They check email on their phones. They log into SharePoint from their laptop at the airport. The perimeter is gone.</p>
<p>So what&rsquo;s left? <strong>Identity.</strong> The only thing that matters now is: is this person actually who they say they are, and should they be allowed to access this thing?</p>
<p>That&rsquo;s Entra&rsquo;s job. And if you&rsquo;re not paying attention to it — if MFA isn&rsquo;t enabled, if former employees still have active accounts, if you&rsquo;ve got no control over what devices can access your data — you&rsquo;ve got a gaping hole in your security and you don&rsquo;t even know it&rsquo;s there.</p>
<h3 id="the-scary-bit">The Scary Bit</h3>
<p>Here&rsquo;s what keeps me up at night when I think about small businesses:</p>
<p>The number one way business accounts get compromised is <strong>stolen or phished passwords</strong>. Someone gets tricked into entering their Microsoft 365 password on a fake login page. The hacker now has their username and password. They log in. They read emails. They access files. They send <em>from that person&rsquo;s email</em> to suppliers with new bank account details.</p>
<p>Sound far-fetched? It happens <em>constantly</em>.</p>
<p>And the fix is dead simple: <strong>enable MFA.</strong> If you do nothing else after reading this post, go turn on MFA for every user in your Microsoft 365 account.</p>
<p>With MFA enabled, the stolen password is useless. The hacker needs the second factor — the code from your phone — and they don&rsquo;t have it.</p>
<p>It&rsquo;s not bulletproof. Nothing is. But according to Microsoft, MFA stops over 99.2% of identity-based account compromise attacks dead in their tracks.</p>
<h3 id="what-about-business-standard-users">What About Business Standard Users?</h3>
<p>If you&rsquo;re on Business Standard, you still get basic MFA and user management through Entra. You just don&rsquo;t get the fancier conditional access policies and Intune integration.</p>
<p>Here&rsquo;s what you should still do:</p>
<ol>
<li><strong>Enable MFA for every user.</strong> No exceptions. Not just the important ones. Everyone.</li>
<li><strong>Use the Microsoft Authenticator app.</strong> It&rsquo;s free, it works well, and it&rsquo;s easier than SMS codes.</li>
<li><strong>Remove accounts for people who&rsquo;ve left.</strong> When someone leaves your business — voluntarily or otherwise — disable their account immediately. Don&rsquo;t leave old accounts sitting there. They&rsquo;re an open door.</li>
<li><strong>Check sign-in logs occasionally.</strong> In the Entra admin centre, you can see who&rsquo;s been logging in and from where. If you see a login from Nigeria and you don&rsquo;t have staff in Nigeria, something&rsquo;s wrong.</li>
</ol>
<h3 id="how-to-enable-mfa-quick-version">How to Enable MFA (Quick Version)</h3>
<p>There are two approaches depending on your licence. Pick the one that applies to you.</p>
<p><strong>Option A: Security Defaults (Business Basic / Business Standard)</strong></p>
<p>This is the simplest option. Security Defaults enforces MFA for all users with no configuration needed.</p>
<ol>
<li>Go to <a href="https://entra.microsoft.com">entra.microsoft.com</a></li>
<li>Sign in as at least a Conditional Access Administrator</li>
<li>Navigate to <strong>Entra ID → Overview → Properties</strong></li>
<li>Click <strong>Manage Security Defaults</strong></li>
<li>Set it to <strong>Enabled</strong></li>
<li>Save</li>
<li>Tell your staff to download Microsoft Authenticator and set it up — they&rsquo;ll be prompted on their next login</li>
</ol>
<p><strong>Option B: Conditional Access Policy (Business Premium)</strong></p>
<p>If you&rsquo;re on Business Premium, you have Entra ID P1 and can create Conditional Access policies for more control.</p>
<ol>
<li>Go to <a href="https://entra.microsoft.com">entra.microsoft.com</a></li>
<li>Sign in as at least a Conditional Access Administrator</li>
<li>Navigate to <strong>Entra ID → Conditional Access</strong></li>
<li>Click <strong>New Policy</strong></li>
<li>Under <strong>Users</strong>, select <strong>All users</strong></li>
<li>Under <strong>Target resources</strong>, select <strong>All cloud apps</strong></li>
<li>Under <strong>Grant</strong>, select <strong>Require multifactor authentication</strong></li>
<li>Set <strong>Enable policy</strong> to <strong>On</strong> and save</li>
<li>Tell your staff to download Microsoft Authenticator and set it up</li>
</ol>
<blockquote>
<p><strong>Note:</strong> Microsoft is phasing out the older per-user MFA page. Don&rsquo;t use it for new setups — use Security Defaults or Conditional Access instead.</p>
</blockquote>
<p>Staff grumble about MFA for about a week. Then they forget it&rsquo;s even there. It becomes second nature. Don&rsquo;t let a bit of initial pushback stop you from enabling it.</p>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>Microsoft Entra isn&rsquo;t just enterprise jargon. It&rsquo;s the lock on the door of your entire digital business. If you&rsquo;re on Microsoft 365 — which most businesses are — you&rsquo;re already using it.</p>
<p>The question is: are you using it well? Is MFA on? Are old accounts disabled? Do you know who has access to what?</p>
<p>If you can&rsquo;t answer those questions, it&rsquo;s time to take a look. Not next month. This week.</p>
<hr>
<p><em>I&rsquo;ve put together a step-by-step MFA setup guide on Patreon — covering both Security Defaults and Conditional Access, with a staff onboarding email template you can send to your team and a monthly security checklist. <a href="https://www.patreon.com/c/ITMadeSimple">Grab the guide here</a>.</em></p>
]]></content:encoded></item></channel></rss>