Microsoft Entra ID vs Azure AD: What Changed and What MSPs Need to Know

In September 2023, Microsoft announced a significant rebrand: Azure Active Directory (Azure AD) would become Microsoft Entra ID. For MSPs managing Azure AD tenants, this created confusion—is it a new product? Do I need to migrate? Will this break my configurations?

The short answer: it’s a rebrand, not a migration. Your existing Azure AD infrastructure continues working. The underlying technology, APIs, and capabilities remain unchanged. But understanding what’s different and why matters for your MSP operations, client communication, and future planning.

The Rebrand: Why Did Microsoft Change the Name?

Microsoft made several strategic decisions with the Entra rebrand:

1. Clarify product positioning: Azure AD served multiple purposes—identity management, access control, application authentication—making it hard for customers to understand its scope.

2. De-couple from Azure: While “Azure AD” is used by organizations with zero Azure infrastructure, the name created confusion that Entra ID was only for Azure users.

3. Establish an identity platform family: “Entra” is now the parent brand for Microsoft’s identity products:

   • Entra ID – core identity and access platform (formerly Azure AD)
   • Entra External ID – external user identity management
   • Entra Internet Access – cloud-native network security
   • Entra Private Access – zero-trust remote access
   • Entra Permissions Management – least-privilege access management

4. Align with cloud-native identity: Modern identity management requires more than authentication. It demands zero-trust, permission management, and external collaboration—concepts Azure AD’s name didn’t convey.

What Actually Changed: Technology vs. Naming

Nothing changed at the technical level:

• Existing Azure AD tenants continue functioning identically
• All APIs remain unchanged (microsoft.graph.com, etc.)
• PowerShell cmdlets remain the same (Get-AzureADUser, etc.)
• Conditional Access, device management, and security controls remain unchanged
• Client integrations (applications, federations) continue working
• Your licensing remains valid—Azure AD Premium now called “Entra ID Premium”

What changed in user interfaces and documentation:

• Portal URL now “entra.microsoft.com” (old “portal.azure.com” still works)
• Microsoft 365 admin center references “Entra ID” instead of “Azure AD”
• Documentation and training materials reflect Entra terminology
• Product names updated: “Azure AD Join” → “Entra-joined device”
• Service names simplified: “Application Registration” slightly clarified but functionally identical

User Interface Navigation Changes

Old path (still works):

• portal.azure.com > Azure AD > Users > Create new user

New path (recommended):

• entra.microsoft.com > Identity > Users > Create new user

Both paths access the same identity service. Microsoft will eventually deprecate the Azure portal path, but currently supports both for backward compatibility.

What MSPs Should Know About the Transition

1. Client Communications

Many clients are confused about the rebrand. Proactively manage this:

What to tell clients:

“Microsoft rebranded Azure Active Directory to Microsoft Entra ID. This is a name change, not a platform change. Your identity infrastructure, policies, and configurations continue working identically. We’ve updated our documentation and will use ‘Entra ID’ in future communications, but technically nothing changes for your environment.”

2. Documentation and Internal Knowledge Bases

Update MSP internal documentation to use Entra terminology:

• Replace “Azure AD” with “Entra ID”
• Update client onboarding guides to reference entra.microsoft.com
• Clarify that new implementations use Entra ID naming (though Azure AD terminology still functions)
• Update training materials and runbooks

3. Future-Proofing Your Configurations

While current Azure AD configurations continue working, plan for evolution:

Plan for these changes:

• Phased migration to Entra ID terminology in admin interfaces
• Potential retirement of “Azure AD” brand in portal interfaces
• New Entra capabilities (Permissions Management, Internet Access) may be Entra-only features

What to do now:

• Test Entra ID portal (entra.microsoft.com) to familiarize your team
• Plan to migrate client communications to Entra ID branding within 12 months
• Adopt Entra terminology in new documentation to avoid re-documentation later

4. PowerShell and API Integration

Important: PowerShell cmdlets haven’t changed.

# These still work exactly the same
Get-AzureADUser
New-AzureADUser
Set-AzureADUserPassword

# No migration needed for PowerShell scripts
# Module names remain: AzureAD, AzureADPreview

However, Microsoft is developing next-generation cmdlets:

# New Microsoft Graph PowerShell module (recommended for new automation)
Get-MgUser
New-MgUser
Update-MgUser

# Graph module is module-agnostic (works with Entra, Azure, Teams, etc.)
# Long-term, Graph will be preferred over AzureAD module

Recommendation: For new automation, use Microsoft Graph PowerShell (Get-MgUser) rather than legacy AzureAD module (Get-AzureADUser). Begin migrating existing scripts gradually to Graph module.

5. Licensing and SKU Clarity

Licensing changes with the rebrand:

Old licensing names:

• Azure AD Premium P1 → Entra ID Premium Plan 1
• Azure AD Premium P2 → Entra ID Premium Plan 2
• Office 365 (includes Azure AD) → Still valid but now includes Entra ID

New naming convention:

• Entra ID Free
• Entra ID Premium Plan 1 ($6/user/month)
• Entra ID Premium Plan 2 ($9/user/month)

Existing licenses transfer automatically. No action needed, but update your MSP pricing and product documentation.

Entra ID: Beyond Azure AD

While Azure AD → Entra ID is purely a rebrand, Microsoft is expanding the Entra platform with new capabilities that differentiate from legacy Azure AD:

Entra Permissions Management

Provides least-privilege access governance across cloud services:

• Automatically discovers unused permissions
• Recommends permission reduction
• Monitors privilege abuse and anomalies
• Critical for compliance (SOX, SEC, HIPAA)

Entra Internet Access

Cloud-native network security (alternative to traditional VPN):

• Advanced filtering and threat detection
• Zero-trust network access
• DLP at network layer
• Potentially replaces traditional firewall/VPN for modern orgs

Entra External ID

Simplified external user identity management:

• Invite and manage external partners
• Application-specific access policies
• Reduced complexity vs. native Entra ID B2B

Roadmap for MSPs: Managing the Transition

Immediate (next 30 days):

• Rename Azure AD to Entra ID in client-facing materials
• Update all documentation, proposals, and communications
• Test Entra ID portal (entra.microsoft.com) with test tenant

Short-term (next 90 days):

• Train your technical team on Entra terminology
• Update client onboarding guides
• Create Entra ID-specific runbooks and documentation

Medium-term (next 12 months):

• Plan migration of PowerShell automation to Microsoft Graph module
• Evaluate new Entra capabilities (Permissions Management, Internet Access) for client value-add services
• Communicate Entra platform expansion to clients as upsell opportunities

Long-term (ongoing):

• Monitor Microsoft’s Entra roadmap for new capabilities
• Adopt new Entra services where they add client value
• Continuously update documentation as Azure AD terminology deprecates

FAQ: Common MSP Questions About Entra ID

Q: Do my current Azure AD configurations need updating?
A: No. All configurations continue working without changes.

Q: Will my PowerShell scripts break?
A: No. AzureAD PowerShell module continues working. Consider gradually migrating to Microsoft Graph PowerShell module for new scripts.

Q: Should I migrate to the Entra ID portal or keep using Azure portal?
A: Entra portal (entra.microsoft.com) is Microsoft’s direction. Azure portal access will likely deprecate. Migrate at your convenience—both currently supported.

Q: Are there new skills or certifications I need?
A: No new certifications required. Microsoft Learn content uses Entra terminology, but covers identical concepts to Azure AD training.

Q: What’s the timeline for Azure AD terminology to fully disappear?
A: Microsoft hasn’t announced deprecation dates. Likely 2-3 years before Azure AD brand is fully retired.

Conclusion: Rebrand, Not Revolution

The Azure AD → Entra ID transition is a rebrand, not a technical revolution. Your identity infrastructure continues unchanged. The value is in Microsoft’s new product positioning—clarifying that Entra ID is a comprehensive identity platform, not just an authentication directory.

For MSPs, the transition is primarily communications and documentation. Update your marketing, client materials, and internal documentation to reflect Entra ID terminology. Plan a gradual migration of PowerShell automation to Microsoft Graph module. Stay alert for new Entra capabilities that create upsell opportunities with clients.

The underlying identity security principles—zero-trust, least privilege, continuous verification, threat detection—remain. Entra ID simply provides a clearer brand and expanded platform for implementing these principles.

Ready to future-proof your MSP practice for the Entra era? Let’s discuss your identity security strategy, PowerShell automation modernization, and opportunities to expand service offerings with new Entra capabilities. Schedule a consultation at 365securityassessment.com—we’ll help you navigate the identity security landscape and deliver greater value to your clients.