Microsoft Entra feature availability

This following tables list Microsoft Entra feature availability in Azure Government.

Microsoft Entra ID

Service Feature Availability
Authentication, single sign-on, and MFA Cloud authentication (Pass-through authentication, password hash synchronization)
Federated authentication (Active Directory Federation Services or federation with other identity providers)
Single sign-on (SSO) unlimited
Multifactor authentication (MFA)
Passwordless (Windows Hello for Business, Microsoft Authenticator, FIDO2 security key integrations)
Certificate-based authentication
Service-level agreement
Applications access SaaS apps with modern authentication (Microsoft Entra application gallery apps, SAML, and OAUTH 2.0)
Group assignment to applications
Cloud app discovery (Microsoft Defender for Cloud Apps)
Application Proxy for on-premises, header-based, and Integrated Windows Authentication
Secure hybrid access partnerships (Kerberos, NTLM, LDAP, RDP, and SSH authentication)
Authorization and Conditional Access Role-based access control (RBAC)
Conditional Access
SharePoint limited access
Session lifetime management
ID Protection (vulnerabilities and risky accounts) See Microsoft Entra ID Protection below.
ID Protection (risk events investigation, SIEM connectivity) See Microsoft Entra ID Protection below.
Administration and hybrid identity User and group management
Advanced group management (Dynamic groups, naming policies, expiration, default classification)
Directory synchronization—Microsoft Entra Connect (sync and cloud sync)
Microsoft Entra Connect Health reporting
Delegated administration—built-in roles
Global password protection and management – cloud-only users
Global password protection and management – custom banned passwords, users synchronized from on-premises Active Directory
Microsoft Identity Manager user client access license (CAL)
End-user self-service Application launch portal (My Apps)
User application collections in My Apps
Self-service account management portal (My Account)
Self-service password change for cloud users
Self-service password reset/change/unlock with on-premises write-back
Self-service sign-in activity search and reporting
Self-service group management (My Groups)
Self-service entitlement management (My Access)
Identity governance Automated user provisioning to apps
Automated group provisioning to apps
HR-driven provisioning Partial. See HR-provisioning apps.
Terms of use attestation
Access certifications and reviews
Entitlement management
Privileged Identity Management (PIM), just-in-time access
Lifecycle workflows (LCW)
Event logging and reporting Basic security and usage reports
Advanced security and usage reports
ID Protection: vulnerabilities and risky accounts
ID Protection: risk events investigation, SIEM connectivity
Frontline workers SMS sign-in
Shared device sign-out Enterprise state roaming for Windows 10 devices isn't available.
Delegated user management portal (My Staff)

Microsoft Entra ID Protection

Risk Detection Availability
Leaked credentials (MACE)
Microsoft Entra threat intelligence
Anonymous IP address
Atypical travel
Anomalous Token
Token Issuer Anomaly
Malware linked IP address
Suspicious browser
Unfamiliar sign-in properties
Admin confirmed user compromised
Malicious IP address
Suspicious inbox manipulation rules
Password spray
Impossible travel
New country
Activity from anonymous IP address
Suspicious inbox forwarding
Additional risk detected

HR provisioning apps

HR-provisioning app Availability
Workday to Microsoft Entra user provisioning
Workday Writeback
SuccessFactors to Microsoft Entra user provisioning
SuccessFactors to Writeback
API-driven inbound provisioning
Provisioning agent configuration and registration with Gov cloud tenant Works with special undocumented command-line invocation:
AADConnectProvisioningAgent.Installer.exe ENVIRONMENTNAME=AzureUSGovernment

Other Microsoft Entra products

Microsoft Entra Workload Identities Premium edition is available in the US government clouds. Microsoft Entra ID Governance and Microsoft Entra Permissions Management products aren't yet available in the US government or US national clouds.