ComplyJet's Microsoft Entra ID integration (formerly Azure AD / Office 365) gives you real-time visibility into every identity across Microsoft 365. ComplyJet imports your users and accounts and continuously verifies that multi-factor authentication is enforced, departed employees lose access, and every account belongs to one identified person.
As your identity provider, Microsoft Entra is where access begins and ends. ComplyJet turns it into continuous, audit-ready evidence of who has access and how it is controlled, so access reviews stop being a quarterly fire drill. The Microsoft 365 integration takes minutes to connect via OAuth and requires no custom configuration.
24/7
Continuous monitoring
Compliance automation
How ComplyJet automates SOC 2 / ISO 27001 for Microsoft Entra
Proving access is controlled used to mean exporting user lists, cross-checking them against HR records by hand, and screenshotting MFA settings before each audit. Most teams repeat this every quarter, and the evidence is stale the moment it is captured.
1
Connect once
Connect Microsoft Entra to ComplyJet with read-only access. No changes to your directory, takes under 10 minutes.
2
Monitor continuously
ComplyJet imports your accounts and continuously tracks MFA enforcement, account ownership, and access lifecycle.
3
Collect evidence automatically
Every passing and failing access check is timestamped and stored as audit evidence, with no screenshots and no manual cross-referencing.
4
Get alerted on drift
The moment an account loses MFA, an ex-employee keeps access, or a shared login appears, ComplyJet flags it in real time so you can remediate before it becomes an audit finding.
The result: your SOC 2 and ISO 27001 evidence is always current, your auditor gets a clean documented trail, and access reviews become a continuous background process instead of a scramble.
See the Microsoft Entra integration live
30 minutes. We'll walk through exactly how ComplyJet governs access through Microsoft Entra, collects evidence, and maps checks to SOC 2, ISO 27001, and HIPAA.
Microsoft Entra resources
What Resources does ComplyJet sync from Microsoft Entra?
ComplyJet pulls and monitors the following Microsoft Entra data in real time. Click any resource to see what's tracked.
Microsoft 365 integration: Entra ID Users & Groups
Identity and group records imported from Microsoft Entra, with MFA status and account-to-employee mapping.
Entra Accounts & Tenant Settings
Account and tenant login configuration used to verify access governance across Microsoft 365.
Continuous checks
What automated tests does ComplyJet run on Microsoft Entra?
ComplyJet continuously verifies access governance across Microsoft Entra, with every result stored as audit evidence. Click the area to see the checks.
Identity & Access
MFA, account lifecycle, unique accounts
Accounts protected with multi-factor authentication: Verifies MFA is enforced on all Microsoft Entra accounts so credentials alone cannot grant access.
Access revoked on employee departure: Verifies no active Microsoft Entra accounts remain mapped to former employees.
Shared account use detected and flagged: Ensures every Microsoft Entra account is linked to exactly one individual, so access can be attributed and reviewed.
Microsoft Entra customers
Teams already running Microsoft Entra with ComplyJet
Real startups. Real Microsoft Entra stacks. Real audit outcomes.
Setup
How to Integrate Microsoft Entra with ComplyJet
Takes under 10 minutes. No code required, and ComplyJet never gets write access to your directory.
1
Log in to ComplyJet and go to Integrations
Find Microsoft Entra in the integrations list and click Connect.
2
Register a read-only App Registration in Microsoft Entra
ComplyJet guides you through registering an application with read-only Microsoft Graph directory permissions. No write access is required.
3
Authorize the connection in ComplyJet
ComplyJet validates the connection and begins importing your users and accounts.
4
ComplyJet begins syncing immediately
Your users and accounts appear within minutes, access checks start running, and evidence collection begins.
Need help with multi-domain directories or large user bases? Reach out to our support team.
Framework coverage
What Controls Are Automated Across SOC 2 / ISO 27001 / HIPAA
ComplyJet maps every Microsoft Entra check to the relevant framework controls and maintains an always-current evidence record for your auditor.
SOC 2
Logical access, network security, monitoring, audit trail, availability
CC6.1
Logical access security: MFA enforcement, access revocation on termination, unique account assignment.
CC6.2
User registration and authorization: accounts provisioned to identified individuals and reviewed.
CC6.3
Access authorization: access rights governed and attributable to current employees.
ISO 27001
Access control, authentication, logging, network security, cryptography, backup
A.5.15
Access control: MFA enforcement, account uniqueness, access revocation on departure.
A.5.16
Identity management: every account linked to an identified individual.
A.5.17
Authentication information: multi-factor authentication required across accounts.
A.5.18
Access rights: rights granted, reviewed, and revoked through the identity provider.
HIPAA
Access control, encryption, audit controls, integrity, transmission security
§164.312(a)(1)
Access control: MFA enforcement and access revocation on termination.
§164.312(a)(2)(i)
Unique user identification: each account linked to one individual.
§164.312(d)
Person or entity authentication: multi-factor authentication enforced across accounts.
.svg){kind=logo}
.png)
.png)
