← daniellepel.com
Capability Profile
Capability Profile
Microsoft Entra ID
The identity foundation everything else depends on
Microsoft Entra ID is Microsoft's cloud identity platform - the system that controls who can sign in, what they can access, and under what conditions. Every M365 and Azure workload depends on it.
Overview
My Experience
Key Work
Related
What It Is
Microsoft Entra ID (formerly Azure Active Directory) is the identity and access management backbone of the Microsoft cloud. It handles authentication, authorization, and access policy enforcement across Microsoft 365, Azure, and any connected application. For organizations running on the Microsoft platform, Entra ID is not one workload among many. It is the control plane that everything else runs through.
Why It Matters
The shift from network-perimeter security to identity-based security means Entra ID has become the primary security boundary for most organizations. A misconfigured Entra ID tenant, with overprivileged accounts, weak authentication policies, unmanaged guest access, and no Conditional Access, is the most common root cause of cloud security incidents. Getting Entra ID right is not a prerequisite to cloud security work. It is the cloud security work.
Core Capabilities
  • Authentication and single sign-on across M365, Azure, and third-party applications
  • Conditional Access policy enforcement based on user, device, location, and risk signals
  • Privileged Identity Management for just-in-time admin elevation
  • Identity Protection with risk-based signal detection from Microsoft's global threat intelligence network
  • Hybrid identity synchronization with on-premises Active Directory via Entra Connect Sync
  • Identity Governance including access reviews, entitlement management, and lifecycle workflows
In Practice

At National Business Technologies, I was the sole Microsoft platform architect across approximately 25 MSP client tenants. Every environment had an Entra ID footprint I owned end-to-end, from authentication configuration and Conditional Access frameworks through hybrid identity, guest access governance, and privileged access controls. No two were identical, which meant developing architectural patterns that adapted rather than applied verbatim.

Entra ID is the capability I have worked with most consistently across the widest range of environments. At National Business Technologies, I was the sole Microsoft platform architect across approximately 25 MSP client tenants. Every one of those environments had an Entra ID footprint that I owned, from the authentication configuration and Conditional Access framework through to hybrid identity, guest access governance, and privileged access controls. No two environments were identical, which meant developing architectural patterns that could be adapted rather than applied verbatim.
Earlier in my career, at Atos/Siemens assigned to MetLife, I managed Windows server infrastructure for 64,000 users globally, which at that scale meant working extensively with Active Directory as the on-premises identity foundation. That background gives me an anchor most cloud-only architects lack: I understand hybrid identity from both directions, which matters significantly when organizations are mid-migration and running Entra Connect Sync in a mixed-mode environment.
At Latham Pool Products, there were three potential acquisitions in the pipeline, one of which was completed. It was a small organization. The work involved planning discussions and coordination around identity decisions, contributing to the thinking about how integration would be approached.
  • 25-tenant MSP architecture - Owned Entra ID configuration across approximately 25 client tenants at NBT, including Conditional Access frameworks, hybrid identity, guest access governance, and privileged access controls across environments of varying size and compliance posture.
  • Enterprise scale identity at MetLife - Managed Active Directory infrastructure supporting 64,000 users globally at Atos/Siemens. Responsible for the Windows identity foundation underpinning a major financial institution's operations across multiple continents.
  • M&A planning at Latham Pool Products - Participated in integration planning for three potential acquisitions, one of which was completed. Contributed to discussions around identity boundary decisions and integration approach.
  • Conditional Access framework design - Built Conditional Access policy sets aligned to Zero Trust principles across multiple organizations, including device compliance requirements, risk-based step-up authentication, and location-based access controls.
  • Hybrid identity migration patterns - Designed and implemented Entra Connect Sync configurations for organizations in various stages of on-premises to cloud migration, including handling attribute synchronization, filtering rules, and staged rollout.
  • Privileged access elimination - Deployed Privileged Identity Management to eliminate standing Global Administrator accounts across multiple tenants, replacing them with just-in-time elevation workflows with approval and audit trails.
← Previous Zero Trust Architecture →