This article was written by Liam Rae, Senior Cloud Consultant at Bridgeall.

I often work with businesses implementing Entra ID, Microsoft’s cloud-based identity and access management solution. Over the years, identity and access management has significantly evolved, and Entra ID (formerly known as Azure Active Directory) has become an essential part of modern authentication strategies. With the rise in cloud computing and productivity tools such as Microsoft 365 the security parameter has shifted from the traditional network boundary to relying on Identity and Access Management to secure your resources.

The Evolution of Identity Management

In the past, most businesses relied solely on on-premises Active Directory Domain Services (AD DS) for user authentication, device management, and resource access. However, with the shift to cloud computing and remote work, the limitations of traditional AD DS has became apparent.

Many businesses then turned to implementing Entra ID in a hybrid setup, using tools like Entra ID connect or the newer Entra ID Cloud Sync to integrate with their established and familiar AD DS environment. Syncing their identities, groups and devices to the cloud would bring them the capabilities of Entra ID such as modern authentication, single sign-on (SSO), conditional access, and leaked credential detection while still having the benefits of a familiar AD DS.

While hybrid identity is a great stepping stone, in recent times I have seen a growing shift among small and medium-sized businesses (SMBs) moving towards adopting a fully cloud-based identity model, eliminating the requirement for an on-premises AD DS entirely. This shift simplifies IT infrastructure, reduces operational overhead, and unlocks the full potential of modern authentication.

Adopting a Full Cloud-Based Identity

Sometimes it may be considered that a cloud only approach is for start up businesses that don’t have an on-premises infrastructure to start with. However I believe that when transitioning to a full cloud-based identity model with Entra ID, careful planning and execution will ensure success for any business. Here is a simplified overview of some of the key stages I would consider when planning a customers transition:

  1. Initial Assessment – Document dependencies, including applications, devices and services that rely on on-premises AD. You should also consider any legacy systems that may not support modern authentication.
  2. Housekeeping – Clean up the existing environment by removing stale user accounts, devices, and group policies. Ensure all user identities are properly synced to Entra ID. Audit and consolidate group policies.
  3. Hybrid Join Devices – Hybrid join all end-user devices to Entra ID to ensure they are authenticating directly with Entra ID. Enrolling in Intune for further device management capabilities such as software, policy and configuration deployment.
  4. Break the Sync – Once all identities and devices are in the cloud, break the connection between on-premises AD and Entra ID.
  5. Remove Devices from On-Premises Domain– Remove devices from the on-premises domain and ensure they are fully managed by Entra ID.

Every migration is unique, and my role is to ensure a seamless transition. I oversee each phase, mitigating risks and ensuring a smooth user experience. User adoption is a critical aspect of success, and it is crucial that comprehensive training is provided to help end-users adapt to the new authentication model and the changes it brings.

Benefits of Cloud Identities

Whether you are adopting a hybrid approach with on-premises AD DS or going fully into a cloud only model there is many benefits of using Entra ID within your identity and access management strategy that businesses can take advantage of. Some of these advantages include:

  • Single Sign-On (SSO) – Users can seamlessly access cloud-based applications with their single corporate credentials, eliminating the need to remember various credentials.
  • Basic multi-factor authentication – SMS, phone call, and authenticator app options through security defaults to help protect user identities.
  • Leaked Credential Detection – Entra ID monitors for compromised credentials and alerts administrators to potential security risks.

To unlock advanced features of Entra ID and enhance security and compliance, I often recommend Entra ID P1 or P2 licencing.

P1 Features include:

  • Conditional Access Policies – Enforcing strong multi-factor authentication methods based on user location, device health, and risk level.
  • Dynamic Groups – Attribute based group membership that can be used for licence assignment, access management and policy application. Reduces administrative overheads by eliminating manual group management.
  • Self-Service Password Reset – Allow users the ability to reset their forgotten passwords without administrator support.

P2 features include P1 features along with:

  • Identity Protection – Real-time detection and remediation of identity-based risks.
  • Privileged Identity Management (PIM) – Enables Just-in-time access to critical resources.
  • Access Reviews – Regular reviews of user access to ensure compliance.

Why I Believe This Approach Works

Transitioning to a fully cloud-based identity model with Entra ID offers businesses, particularly small to medium sized businesses, several benefits:

  • Simplified IT Infrastructure – Eliminate the need to maintain on-premises AD DS servers and the expensive hardware that hosts them.
  • Enhanced Security – Leverage advanced and modern security features for authentication, conditional access, and identity protection capabilities within Entra ID.
  • Improved Scalability – Easily scale to support growing businesses and remote workforces without legacy constraints of on-premises AD DS.
  • Cost Savings – Reduce hardware and maintenance costs associated with on-premises AD.

Is Cloud Only Right for Every Business?

Despite the benefits from transitioning to a cloud only identity model, this approach isn’t right for every business. There is quite a few dependencies that might make this transition challenging including legacy applications requiring direct LDAP authentication, specialised hardware or software requiring domain-based authentication, regulatory requirements for on-premises identity control and limited internet connectivity in key locations.

It is crucial that a thorough initial assessment phase is carried out to ensure feasibility and to identify potential roadblocks before they become issues.

My Final Thoughts

The shift to a fully cloud-based identity model with Entra ID is a powerful way to modernise IT operations and streamline infrastructure. While not every business is ready for a complete transition, those that can make the shift I believe will gain significant operational efficiencies, enhanced security, scalability and cost efficiencies.

As digital transformation continues to accelerate within businesses, identity management remains the foundation upon which secure, productive work environments are built. As a cloud consultant, my goal is to assess business requirements and guide them through their transformation journey, ensuring minimal disruption and maximise value from their investment in cloud identity and access management.

If you’re considering shifting to cloud only Entra ID or have questions about how this could impact your business feel free to reach out for a chat.