![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 77%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,442 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi pallab,
All of the main limitations are described in this article. https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-service-limits-restrictions
There are limits to the number of managed domains and resources you can create, and there are restrictions around group syncing.
This document also describes a lot of the precautions and considerations:
https://learn.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn
If they're looking for a truly cloud-only setup, they should note that Azure Active Directory is not designed to be the cloud version of Active Directory or a replacement for an on-premises Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It provides a lot of extra capabilities as well, but the differences should be noted.