Microsoft Entra ID

What is Microsoft Entra ID?

Microsoft Entra ID, formerly known as Azure Active Directory, is Microsoft's cloud identity and access management platform. It manages authentication and authorization for users accessing Microsoft 365 applications, Azure resources, and thousands of third-party SaaS applications through federated single sign-on. Entra ID generates detailed sign-in logs that capture every authentication attempt, including the user, device, location, IP address, conditional access policy evaluation result, and whether MFA was satisfied. Its Identity Protection module applies risk-based policies that can automatically block or require step-up authentication for sign-ins that display suspicious characteristics. Privileged Identity Management adds just-in-time access controls for sensitive roles, with audit logs capturing every privileged access activation. For SOC teams, Entra ID logs are essential for detecting account compromise, credential stuffing, and insider threat scenarios.

How does Microsoft Entra ID work with Qevlar?

Qevlar integrates with Microsoft Entra ID to retrieve sign-in logs and identity risk signals during automated investigations. When an alert involves a suspicious authentication event, an impossible travel scenario, or an unusual role assignment, Qevlar queries Entra ID to establish whether the identity involved shows a broader pattern of anomalous behavior.