Microsoft Entra ID
Cloud-based identity and access management service (formerly Azure Active Directory) for SSO, MFA and conditional access
Hosting & Jurisdiction
Cloud-only. Norway datacenter available. EU Data Boundary supported. US jurisdiction still applies to identity data.
⚠️ Jurisdiction Risk
This product is subject to foreign jurisdiction (US), which may allow foreign authorities to compel data disclosure.
Key Concerns
- Subject to US CLOUD Act - identity data particularly sensitive
- Cloud-only with no self-hosting option
- Central dependency for Microsoft 365 users
- Single point of failure for authentication
NDSI Assessment
Norwegian Digital Sovereignty Index v1.0 - Assessed 2025-12-19
EU Data Boundary available, Norway datacenter
Microsoft carbon commitment
Subject to CLOUD Act. Identity data highly sensitive.
Norway datacenter, strong partner network
Identity provider = critical infrastructure. US jurisdiction concerning.
Cloud-only, central to Microsoft ecosystem
Strong security features, Conditional Access, PIM
US company, dominant in enterprise identity
Part of Azure/Microsoft 365 stack
SAML/OIDC standards but proprietary platform
What You Can Do
Enable EU Data Boundary
Configure for EU data storage using Norway datacenter
Implement Conditional Access
Use location-based policies and device compliance
Use Privileged Identity Management
Enable just-in-time admin access
Alternatives
Cloud-based identity and access management (IAM) platform providing SSO, MFA, and lifecycle management for enterprise organizations
Significant RiskNorwegian digital identity and electronic signature platform supporting BankID, eIDAS, and identity verification across the Nordics
Low Risk