Azure Active Directory

There's no disrespect there, but when every other post he responds beside the point by being very sure of himself and that he doesn't take himself for shit (what was the last threat again? I'm ex-secret service and if I tell you my secrets I'll have to kill you or some shit?) it gets tiresome fast.
He may be experienced, but his age is starting to show.
Stay focused on the original question, old man. Or stay on the containment board Rants & Rave.

That is what comes from being in the copier industry for over 55 years and servicing computers since Olivetti released the M20 in 1982 and DOS based PCs since they released the M24 in 1983, a clone of the first IBM PC. I also learned programming in 1966-67 on the IBM 1620 and the following year on an IBM 1132 to include writing Stress Analysis and Thermal Dynamics programs for Mechanical Engineering students who were required to do one to pass those classes even though they were never required to take programming courses

Entra, or Azure AD, is pretty much a more of a federated login method: it's not a 1:1 replacement for on-prem Active Directory. The advantage of it instead of an on-prem AD is that you don't need a server for it at all: a basic SOHO router could handle DNS and DHCP while Entra manages your machine logins so there's less of a hardware cost to deal with. For a business that's just starting out it's potentially a good move. For an established business with servers and other resources onsite it's better to use it in a hybrid mode where you sync your local AD to Entra, which allows your staff to just use one set of credentials for both AD and any 365 services they have. There's also a lot of third-party business services that can use Entra as a login method (federation), so there's one set of credentials/MFA that a business can use for third-party services as well as internal ones.

The confusing piece comes with the different tiers of Entra AD. There's a basic tier that allows you to just sync on-prem AD and also higher tiers that allow you to use Microsoft services like Intune and Autopilot for device management. Autopilot and Intune are pretty cool: the former is a configuration tool where you enroll a device and when a user signs into a custom sign-in page, it configures the device with the software and other settings pre-defined for that user. Intune is a device management system that works with computers (Windows, MacOS, and even Ubuntu) and mobile devices and allows you to set policies and other configurations. It's pretty close to group policy, but again not a 1:1 match.

I have a client that's just five people with no office space that are entirely Entra based. Their data lives in SharePoint Online through Teams as a frontend and their invoicing app and a fe other third-party web apps use their Entra accounts to login via Microsoft Authenticator for MFA. I have my own company's internal AD synced to Entra but we're primarily an on-prem AD shop. For a few consultants I have that only use SPO or Teams with us it's been a pretty easy way to get their AD and 365 credentials synced.

That's interesting as all get-out to me. I need hands on to fully grasp this.