Describe Active Directory and Microsoft Entra ID
A common question is what is the difference between Microsoft Entra ID and Windows Server Active Directory, which we’ll refer to simply as ‘Active Directory’?. This is especially confusing for new administrators because Microsoft Entra ID interacts with Active Directory. Both solutions provide authentication services and identity management, but in different ways—Active Directory uses a protocol called Kerberos to provide authentication using tickets, and it is queried by the Lightweight Directory Access Protocol (LDAP). Microsoft Entra ID uses HTTPS protocols like SAML and OpenID Connect for authentication and uses OAuth for authorization.
The two services have different use cases—for example, you cannot join a Windows Server to a Microsoft Entra domain and work together in most organizations to provide a single set of user identities. A service called Microsoft Entra Connect connects your Active Directory identities with your Microsoft Entra ID.