Microsoft Entra ID
Zero Trust security and identity management for Swiss businesses — Conditional Access, MFA and PIM.
What is Microsoft Entra ID?
Microsoft Entra ID (formerly Azure Active Directory, renamed 2023) is Microsoft's cloud-based identity and access management service. As the heart of the Zero Trust security model, Entra ID controls access to all Microsoft 365 and third-party apps based on identity, device, location and risk signals.
per user/month for Entra ID P1 (Conditional Access, Hybrid)
Microsoft Pricingto basic Conditional Access implementation by CNEXT
CNEXT Projektdaten“Entra ID with Conditional Access is the most important single step for Zero Trust in Swiss organisations. 80% of security incidents arise from compromised identities — not network exploits.”
Marcel Haas— CEO & Solution Architect, CNEXT
Entra ID Services from CNEXT
Conditional Access
Context-based access control: location, device, risk signals. MFA enforcement and legacy auth blocking.
Privileged Identity Management
Just-in-time admin rights: activate admin roles only when needed. MFA and justification on activation.
Identity Governance
Access Reviews, Entitlement Management and Identity Protection for structured IAM.
Swiss Reference Projects
Concrete Entra ID projects by CNEXT for Swiss businesses.
Zero Trust implementation (financial services, Zürich)
CNEXT implements 12 Conditional Access policies, PIM for 8 admin roles, Identity Protection with automatic MFA enforcement and SSPR. Compliance report delivered for ISO 27001 audit. Duration: 6 weeks.
Hybrid Identity (industrial company, Winterthur)
Entra Connect Sync for 800 on-premises AD users. Password Hash Sync + Seamless SSO for all M365 apps. Legacy auth blocking: 100% of sign-ins via modern authentication. No more VPN needed for cloud apps.
Privileged access (hospital, Aarau)
PIM for all 15 privileged Entra roles, quarterly Access Reviews, phishing-resistant FIDO2 keys for admins. nFADP requirements for health data met after 8 weeks project duration.
Frequently Asked Questions about Entra ID
What is Microsoft Entra ID and what does it have to do with Azure Active Directory?
Microsoft Entra ID is the new name for Azure Active Directory (AAD), renamed in July 2023. It is Microsoft's cloud-based Identity and Access Management (IAM) service — the central authentication platform for all Microsoft 365 apps, Azure services and thousands of third-party SaaS apps.
What Entra ID plans are available and which is right for our company?
Entra ID Free: included in M365, basic authentication. Entra ID P1: Conditional Access, hybrid identity, SSPR — approximately CHF 6/user/month. Entra ID P2: all P1 features + Identity Protection, Privileged Identity Management (PIM), Access Reviews — approximately CHF 9/user/month. CNEXT recommends P1 for most Swiss SMEs.
What is Conditional Access and how does it protect our company?
Conditional Access is a policy engine in Entra ID that allows or blocks access based on signals: user identity, device status (Entra-joined, compliant), location (country/IP), app type, risk signals (Identity Protection). Example: Outlook access only with MFA and compliant device, completely blocked from high-risk countries.
How much does an Entra ID / Conditional Access implementation cost at CNEXT?
Basic implementation (5–8 CA policies, MFA enforcement, legacy auth blocking): CHF 3,500–6,000. Full Zero Trust implementation (CA, PIM, Identity Protection, Access Reviews, Hybrid Identity): CHF 10,000–25,000. Licence costs: Entra ID P1 from CHF 6/user/month separately.
How does Entra ID integrate with our on-premises Active Directory?
Via Microsoft Entra Connect (formerly Azure AD Connect), on-premises AD users are synchronised with Entra ID (Hybrid Identity). Password Hash Sync or Pass-Through Authentication enables single sign-on for on-premises and cloud apps with the same password. CNEXT implements Hybrid Identity for companies with on-premises infrastructure.
What is Privileged Identity Management (PIM) and why is it important?
PIM ensures that privileged roles (Global Admin, SharePoint Admin) are not permanently assigned (standing access). Instead, roles are only activated as needed (just-in-time, maximum 8 hours) with MFA and justification required. PIM massively reduces damage in the event of compromised admin accounts.
How does Entra ID protect against stolen credentials?
Entra ID Identity Protection detects risky sign-ins (anonymous IP, unknown locations, impossible travel, leaked credentials from the dark web) and automatically enforces MFA or blocks access. Combined with Conditional Access, it forms the core layer of the Zero Trust security model.
What are Access Reviews in Entra ID?
Access Reviews are regular automated reviews of group memberships, app assignments and privileged roles. Managers or resource owners are asked by email to confirm or revoke access rights. CNEXT configures quarterly Access Reviews as an nFADP compliance measure.
Can Entra ID be configured to be nFADP-compliant for Swiss companies?
Yes. Entra ID runs on Azure with Swiss and EU data residency. With Conditional Access (location-based access control), PIM (least privilege), Identity Protection and complete audit log, Entra ID meets the requirements of the Swiss nFADP and GDPR for data protection.
How secure is Microsoft Entra ID against phishing attacks?
Entra ID with phishing-resistant MFA methods (FIDO2 security keys, Windows Hello for Business, certificate-based authentication) is immune to classic password phishing. CNEXT recommends FIDO2 or certificate-based auth for privileged accounts and Microsoft Authenticator with Number Matching for all users.
Zero Trust for your organisation?
CNEXT implements Microsoft Entra ID and Conditional Access for nFADP-compliant identity management.
Free initial consultation