Microsoft Entra ID is a cloud-based identity and access management service provided by Microsoft to manage user identities and control access to resources like applications and services in the cloud. When you sign up for [[Azure]] or any Microsoft cloud service, an [[Entra Tenant]], is automatically created for you. - **Deployment Options:** - **Cloud-Only:** Provides identity management and protection for all user accounts. - **Hybrid:** Extends on-premises Active Directory to the cloud using Microsoft Entra Connect or Microsoft Entra Connect cloud sync. - **Key Considerations:** - **Centralized Management:** Integrate on-premises and cloud directories for unified management. - **Single Instance:** Use a single authoritative Microsoft Entra directory to reduce security risks. - **Account Synchronization:** Limit synchronization of high-privilege accounts to mitigate security risks. - **Password Hash Synchronization:** Sync user password hashes to protect against credential replay attacks. - **Single Sign-On (SSO):** Enable SSO to reduce password management overhead and enhance security. - **Management Overhead:** Consider the administrative burden of managing separate identities.