Home / Technologies / Microsoft Entra ID
Technology Partner · Identity & Access

Microsoft Entra ID,
managed by TruPoint.

Identity is the new perimeter. Every Zero Trust architecture — including TruWorkspace Zero Trust — starts with Microsoft Entra ID as the enforcement layer for every access decision. User identity, device compliance, location, and risk signals all flow through Entra conditional access policies. Without Entra properly configured, your MFA and device compliance requirements have no enforcement.

Book a Discovery Call See TruWorkspace ZT
PartnerMicrosoft Cloud Solution Provider
ModulesIdentity · SSO · Conditional Access · PIM
Deployed forTruWorkspace Zero Trust
IntegrationIntune · Cloudflare ZTNA · ESET
01 · What it does

Every access decision — user identity, device posture, location, risk — enforced here.

Entra ID is the policy engine that evaluates every factor before any user reaches any resource. It's what makes MFA conditional (not just mandatory), device compliance enforced (not just reported), and privileged access audited (not just assumed).

IT administrator configuring identity and access policies on a laptop
IDENTITY FOUNDATION · TRUPOINT MANAGED
/IDENTITY

Cloud Identity

Entra ID replaces on-premises Active Directory as the authoritative identity store. All users, groups, service accounts, and guest identities managed in the cloud — no domain controller to maintain, patch, or harden.

/CA

Conditional Access

Policy engine that evaluates user identity, device compliance state, network location, and sign-in risk before granting access. The enforcement layer that turns MFA and device posture from settings into real access controls.

/MFA

Phishing-Resistant MFA

Microsoft Authenticator with number matching, FIDO2 security keys, and certificate-based authentication. Phishing-resistant authentication that satisfies cyber insurance requirements — not SMS or basic push notifications.

/PIM

Privileged Identity Management

Just-in-time admin access — users operate with standard permissions and elevate only when needed, with approval workflows and a complete audit trail for every privileged session. No permanent admin accounts.

02 · How TruPoint deploys it

From default AD to enforced Zero Trust identity in four phases.

A structured identity deployment that closes privileged access gaps, enforces phishing-resistant MFA, and connects Entra to every downstream enforcement layer in the Zero Trust stack.

01

Identity Audit

Map all user accounts, admin roles, service accounts, and guest identities. Identify privileged accounts without MFA, stale accounts, and service accounts with excessive permissions or broad scopes.

02

Configure

Conditional access policy matrix built across user tiers and risk profiles. Phishing-resistant MFA enrolled for all admin accounts. Named locations, device compliance requirements, and risk-based blocks defined.

03

Harden

Legacy authentication blocked — the single largest attack surface in most tenants. Security defaults replaced with named conditional access policies. PIM configured for all admin roles. Emergency access accounts documented.

04

Integrate

Entra connected to Cloudflare ZTNA for access enforcement, Intune for device compliance signals, ESET for threat-intelligence integration, and TruCompliance ISMS evidence collection.

03 · Why it matters for SMBs

Without Entra conditional access, your MFA is a setting, not a control.

Most SMBs that have "MFA enabled" have MFA available — not enforced. A user can bypass it, an admin can disable it, and a compromised account from a legacy authentication path ignores it entirely. Entra conditional access makes MFA mandatory, device compliance required, and legacy authentication impossible — for every user, every time.

  • Legacy authentication blocked — eliminates the most common credential attack vector
  • Conditional access policies enforce MFA — not just suggest it
  • PIM eliminates permanent admin accounts that attackers target
  • Device compliance signals from Intune gate access at the identity layer
  • Connects to Cloudflare ZTNA for full Zero Trust access enforcement
"

We didn't realize we had 14 admin accounts with no MFA and full global admin rights. Entra PIM and conditional access fixed all of that in a week — we should have done this years ago.

IT DirectorMANUFACTURING · 120 USERS · HAMILTON
04 · Related services

Where Entra ID fits in the TruPoint stack.

SERVICE

TruWorkspace Zero Trust™

Entra ID is the identity foundation of every TruWorkspace Zero Trust deployment — all access decisions start here.

EXPLORE →
TECHNOLOGY

Microsoft Intune

Intune device compliance signals feed Entra conditional access — unmanaged devices are blocked at the identity layer before they reach any resource.

EXPLORE →
TECHNOLOGY

Cloudflare Zero Trust

Cloudflare ZTNA uses Entra identity claims for per-app access policy — the downstream enforcement layer of the Entra conditional access architecture.

EXPLORE →
Audit your identity posture

A 30-min Entra ID walkthrough.

We'll pull your tenant's identity posture live — privileged accounts, legacy auth exposure, and conditional access gaps — in 30 minutes.

Book a Discovery Call See TruWorkspace ZT