Known as Entra ID, the system stores each Azure cloud customer’s user identities, sign-in access controls, applications, and subscription management tools. Mollema has studied Entra ID security in depth and published multiple studies about weaknesses in the system, which was formerly known as Azure Active Directory. I was like, ‘No, this shouldn’'t really happen,’” says Mollema, who runs the Dutch cybersecurity company Outsider Security and specializes in cloud security. Both vulnerabilities relate to legacy systems still functioning within Entra ID. Microsoft is in the process of retiring Azure Active Directory Graph and transitioning users to its successor, Microsoft Graph, which is designed for Entra ID.