Entra ID

Also know as Active Directory Domain Service(AD DS) previously. It deals only with authentication and identity. This is covered in SC-300.

Capabilities

Configuring access to applications
Configuring single sign-on (SSO) to cloud-based SaaS applications
Managing users and groups
Provisioning users
Enabling federation between organizations
Providing an identity management solution
Identifying irregular sign-in activity
Configuring multi-factor authentication
Extending existing on-premises Active Directory implementations to Microsoft Entra ID
Configuring Application Proxy for cloud and local applications
Configuring Conditional Access for users and devices

Microsoft 365 comes with Entra ID.
Entra ID is a cloud-based identity and access management service.
Entra ID have tiers
- Free
- Microsoft Entra ID P1
- Microsoft Entra ID P2
- Microsoft Entra ID Governance
Unlike AD it doesn't store Computer name but device class.
All Tenant have a onmicrosoft.com domain name. It is the default domain name. You can add custom domain name.
AD is NOT DEAD, you can use it on computers; i.e even installing into VM (just not on drive C:).

flowchart TD
    Tenant --> Subscription --> Group --> User

Microsoft Entra ID is primarily an identity solution, and it’s designed for internet-based applications by using HTTP (port 80) and HTTPS (port 443) communications.
Microsoft Entra ID is a multi-tenant directory service.
Microsoft Entra users and groups are created in a flat structure, and there are no OUs or GPOs.
You can't query Microsoft Entra ID by using LDAP; instead, Microsoft Entra ID uses the REST API over HTTP and HTTPS.
Microsoft Entra ID doesn't use Kerberos authentication; instead, it uses HTTP and HTTPS protocols such as SAML, WS-Federation, and OpenID Connect for authentication, and uses OAuth for authorization.
Microsoft Entra ID includes federation services, and many third-party services such as Facebook are federated with and trust Microsoft Entra ID.