Companies that use Microsoft Entra ID

Pacific Life LSEG MGEN Charles Schwab Puget Sound Energy Nationwide Money Forward NetApp Tesco Orange Goldman Sachs Raymond James

We interview engineers working in some of the biggest companies to tell us how they are using Entra ID in the most sophisticated ways. Here are real-world examples of how the biggest companies in the world are using Microsoft Entra ID.

Pacific Life

Insurance · Newport Beach, California · Entra ID

Pacific Life is a nearly 160-year-old American life insurance company based in Newport Beach, California. They sell life insurance, annuities, and mutual funds, helping people plan for retirement and protect their families. It's a Fortune 500 company most Americans have probably seen advertised, often with their whale logo.

Pacific Life runs Entra ID as the backbone of workforce identity, in a hybrid setup that ties on-premises Active Directory and Office 365 together. The hybrid piece is where a lot of the actual work lives. They're supporting cloud-joined, hybrid-joined, and multi-domain directory configurations side by side, which means keeping Active Directory replication, Kerberos, NTLM, LDAP, and DNS all healthy on the on-prem side while Entra ID handles the cloud identities, and making sure the sync between them doesn't drift.

On top of that, they've layered SSO, MFA, and conditional access across their integrated business applications. What's more unusual is how much automation they've built around Entra ID itself. PowerShell and Python scripts, Microsoft Graph, and Power BI handle account lifecycle tasks, self-service flows, and reporting, so provisioning and deprovisioning don't rely on someone clicking through admin portals.

They're also running the whole thing under CoBIT and ITIL frameworks, which tells you identity is treated as a properly governed service with defined processes, SLAs, and metrics around uptime and adoption, rather than a side project owned by whoever has time.

LSEG

Financial Services · London, United Kingdom · Entra ID

LSEG is the company behind the London Stock Exchange, one of the oldest and most important stock markets in the world. Beyond running the exchange itself, they're a massive financial data and infrastructure business, employing around 25,000 people across 65 countries. When traders and banks need market data or the plumbing that makes financial markets actually work, a lot of that comes from LSEG.

LSEG runs Entra ID as the core of their identity platform for all 25,000 employees. Given the scale and the sensitivity of the business, a big focus is how access gets delegated. Rather than handing out broad admin rights, they work with role-scoped access and tightly managed administrative boundaries, so someone managing, say, collaboration tools can't accidentally touch directory objects that belong to the trading infrastructure side.

They run a hybrid model, syncing on-premises directories into Entra ID, and a lot of daily operational work is about keeping those synchronisation processes healthy. If sync breaks, access breaks, so they've built continuous monitoring around sync health, sign-in signals, and identity component availability.

They've also built a dedicated specialist function around the platform, sitting alongside their security, collaboration, and endpoint groups. Identity attributes and directory objects get maintained centrally, so that when, for example, the collaboration group needs a new group policy or endpoint needs a device configuration, they're pulling from one consistent source rather than each group maintaining their own version of the truth.

MGEN

Insurance · Paris, France · Entra ID

MGEN is a French mutual insurance company that's been around since 1946. They protect roughly 4.7 million people in France, mostly public service workers like teachers and healthcare staff, and employ around 10,000 people themselves. Beyond insurance, they also run health centers and care facilities across France, which makes them an unusual hybrid of insurer and healthcare provider.

Their identity environment is unusually complex for their size. On the on-prem side, they run multiple Active Directory forests and domains. In the cloud, they have one main Entra ID tenant plus several smaller ones alongside it, covering around 10,000 identities in total. Most companies operate a single tenant, so this kind of setup usually shows up when a business has grown through mergers or needs hard separation between different parts for regulatory reasons.

On top of that, they run a tiered administration model. The most powerful admin accounts, the ones that could compromise everything if stolen, are kept in their own isolated environment with the strictest controls. That model extends into Entra ID through RBAC and PIM, so admins only get their privileges temporarily when they actually need them, rather than keeping them switched on permanently.

The sync pipeline between on-prem AD and Entra ID gets special attention, because those sync accounts are a favourite target for attackers. MGEN watches them closely with dedicated logging and tight flow controls. Across the rest of the environment, conditional access, MFA, and risk-based policies do the normal work of deciding who gets in and under what conditions.

Finally, Entra ID logs feed straight into their security operations center, which watches for attackers trying to move sideways through the network or escalate their access. Combined with regular clean-up of orphaned and inactive accounts, it adds up to a pretty mature identity operation for a mutual of this size.

Charles Schwab

Financial Services · Southlake, Texas · Entra ID

Charles Schwab is one of the largest brokerage firms in the United States, serving tens of millions of clients with investment accounts, retirement planning, banking, and wealth management. If an American has a 401(k) or a brokerage account, there's a decent chance it sits with Schwab. They're a Fortune 500 company headquartered in Texas, with offices across the country.

Schwab runs Entra ID as the core of their identity stack, alongside Active Directory, covering a highly regulated environment with SOX, HIPAA, GDPR, and ISO 27001 controls layered across it. For a brokerage firm, who can access what system is basically a regulatory question as much as a security one, so the governance side of Entra ID gets a lot of attention. They use PIM, access reviews, entitlement management, custom roles, and segregation of duties rules to keep things clean and auditable.

What makes Schwab interesting is that they don't manage Entra ID by clicking through admin portals. They manage it as code. They've built reusable Terraform modules and automated CI/CD pipelines that provision and configure identity services, which means an Entra ID policy change goes through the same review and deployment process as a software release. The change is version-controlled, reviewed, tested, and rolled out consistently, rather than being a one-off tweak in a portal that nobody remembers making six months later.

They've also gone heavy on modern authentication, with passwordless options like FIDO2 and Windows Hello for Business, conditional access tuned around Zero Trust principles, and continuous evaluation so that access decisions don't just happen at login but keep getting re-checked during a session. For a brokerage holding trillions in client assets, that continuous re-checking is the kind of thing that actually matters.

Puget Sound Energy

Utilities · Bellevue, Washington · Entra ID

Puget Sound Energy is Washington state's oldest and largest energy company, serving over a million electric customers and more than 800,000 natural gas customers across 10 counties. They're the utility behind the lights and heat for a big chunk of the Pacific Northwest, and they employ around 3,300 people.

Their Entra ID and Active Directory setup has an unusual shape. They have around 3,300 employees, but roughly 11,000 service accounts. That ratio, where non-human identities outnumber humans more than three to one, is typical for utilities because every automated system, monitoring agent, integration, and piece of operational technology needs its own credentials to authenticate. But it also makes identity management a lot more complex, because service accounts are a favourite target for attackers and tend to accumulate quietly over time if nobody's watching.

On top of that, they're a utility, which means they fall under NERC-CIP regulations governing the security of the bulk electric system. So Entra ID and AD aren't just corporate IT tools for them. They're part of a compliance regime where access controls around critical infrastructure have to be demonstrable to regulators. They handle group policy management, role-based access control, conditional access policies, PIM, and DNS and ACL management all under that lens.

They're also in the middle of modernising the identity infrastructure, including leading a full PKI implementation across the organisation. PKI, or public key infrastructure, is what lets machines and people prove their identity using certificates rather than passwords, and rolling it out at this scale across both corporate IT and operational systems is a substantial piece of work.

Nationwide

Insurance · Columbus, Ohio · Entra ID

Nationwide is a Fortune 100 insurance and financial services company based in Columbus, Ohio, with nearly $70 billion in annual sales. They sell auto, home, life, and business insurance, plus retirement plans and annuities, and most Americans have probably heard their jingle at some point. They employ around 30,000 people.

Entra ID and Active Directory sit at the centre of how those 30,000 people get access to Nationwide's systems. The AD environment alone is large and complex enough that they treat it as a specialist area, with dedicated expertise around domain controller promotion and demotion, backup and recovery of Active Directory itself, and the design of intricate group policy structures that govern how thousands of machines and users behave. On the Entra ID side, they're running it as part of the broader identity and access management programme with the usual conditional access and MFA controls layered on.

What stands out is the explicit focus on applying AI and automation to identity operations. Rather than just using Entra ID as-is, they're actively looking at how AI can take over repetitive identity tasks, spot patterns in access data, and improve how incidents get triaged. Troubleshooting access issues, DNS failures, and replication problems across a large AD estate is exactly the kind of work where automation and AI assistance can genuinely cut down response times.

They're also running Entra ID under strict security policy monitoring and auditing, with configuration compliance checked continuously rather than at audit time. For a Fortune 100 insurer holding decades of policyholder data, that continuous posture check is a big part of the job.

Money Forward

Financial Services · Tokyo, Japan · Entra ID

Money Forward is one of Japan's best-known fintech companies, offering personal finance and business accounting software to millions of Japanese users. In April 2025, they partnered with Sumitomo Mitsui Financial Group and Sumitomo Mitsui Banking Corporation, one of Japan's three megabanks, to launch a brand new digital bank called SMBC Money Forward Bank. It's a rare thing: a completely greenfield bank, being built from scratch by a fintech and a megabank together.

Because the bank is brand new, they get to build the identity stack the modern way from day one, without dragging along decades of legacy systems. Entra ID is the foundation of that stack. They're designing the management model for user principals, service principals, and dynamic groups, implementing SAML and SCIM for application integration, and handling ID and group management end to end inside Entra ID.

The whole thing is being built as infrastructure as code, using Terraform and GitHub. Every Entra ID configuration, every policy, every group structure lives in a repository, gets peer-reviewed, and gets deployed through automated pipelines. For a bank, that's a significant change from how identity normally gets built, where decades of manual configuration tends to pile up into something nobody fully understands.

They're also implementing their security design against CIS Controls and CIS Benchmarks, which are industry-standard configuration baselines, and they have to integrate with the broader SMBC group's existing identity management system as part of group join. So the work is partly greenfield Entra ID design, partly stitching into one of Japan's largest banking groups. A rare combination of fresh-start flexibility and enterprise banking integration.

NetApp

Software · San Jose, California · Entra ID

NetApp is an American data storage and management company based in California, with a worldwide presence. They build the storage systems and cloud data services that large enterprises use to keep their data organised, accessible, and safe. If a big company is running massive amounts of data across cloud and on-prem environments, there's a good chance NetApp gear or software is involved somewhere.

What makes NetApp's identity story unusual is that they're doing a full transition from Active Directory to Entra ID. Most big enterprises settle into a hybrid setup and stay there indefinitely, keeping one foot in on-prem AD forever. NetApp is actually going the whole way and moving off AD, which is a significant piece of engineering work involving multiple domains, trusts, and sites being migrated and eventually retired.

Entra ID isn't just for employees either. They run Azure AD B2C for customer-facing identity, meaning the people logging into NetApp's own customer portals and services authenticate through Entra. That's a different kind of identity problem from workforce identity, with much higher scale and different expectations around sign-up flows, branding, and consumer protocols.

They've invested heavily on the automation and integration side. HR systems provision identities into Entra ID, and Entra ID then provisions out to downstream applications, so a new joiner flows automatically through the whole chain. Custom claims for applications get built via CLI rather than clicked through portals. Access policies are written in JSON and PowerShell. Microsoft Graph and the Entra ID APIs are used heavily for automation. For a company whose whole business is helping other enterprises run their data at scale, running their own identity platform with that level of automation is consistent with the brand.

Tesco

Retail · Welwyn Garden City, United Kingdom · Entra ID

Tesco is one of the largest retailers in the United Kingdom and one of the biggest supermarket chains in the world. They run thousands of stores across the UK and several other countries, employing hundreds of thousands of people in roles ranging from shop floor staff to corporate offices to logistics and supply chain. If you've lived in the UK, you've been in a Tesco.

Running identity for a business that size is a serious operation. Tesco uses Active Directory, Entra ID, PKI, and modern authentication as a single integrated identity platform for what they call the digital colleague experience. That basically means every one of those hundreds of thousands of employees needs to log in, access the systems relevant to their job, and do so securely, whether they're stocking shelves in a store, working a till, or sitting in a corporate office.

The PKI side is where it gets technically interesting. They manage their own public key infrastructure with hardware security modules, which are specialised devices that store cryptographic keys in tamper-resistant hardware rather than in software. That means certificates used for authentication across the business are protected at a level that's typical in banking and government rather than retail. They also run secure admin tiering, where the most powerful administrator accounts are isolated from regular accounts to limit the blast radius if something gets compromised.

They manage the whole platform as code using Terraform and PowerShell, with infrastructure as code principles applied to identity configurations. Disaster recovery gets treated seriously too, with documented RTO and RPO targets for identity services and regular failover testing. For a retailer where a sign-in outage could stop tills from working across thousands of stores, that resilience work isn't theoretical.

Orange

Telecommunications · Paris, France · Entra ID

Orange is one of the world's largest telecoms companies, headquartered in France, with 127,000 employees across 26 countries and around 291 million customers worldwide. They run mobile networks, broadband, and enterprise IT services across Europe, Africa, the Middle East, and beyond, making them a genuinely global operator of critical communications infrastructure.

For a company at that scale, the risk of Active Directory or Entra ID being compromised is significant. If attackers get into the identity layer of a telecom, they can potentially reach the systems that run national communications networks. So Orange has built a dedicated IAM Governance function sitting alongside their main cybersecurity organisation, specifically to oversee Active Directory and Entra ID across the whole group.

The governance function maintains a central inventory of every Active Directory and Entra ID environment running across Orange Business. Any time a new AD or Entra ID tenant is created, modified, or retired, it flows through them. That kind of central registry is the sort of thing that sounds obvious but almost nobody actually does at scale, because it's genuinely hard to enforce across a company with operations in 26 countries.

They also track a Cyberating score for identity posture and actively work to improve it, handle audit findings and remediation plans, and monitor security bulletins affecting AD and Entra ID to push fixes out across the estate. When vulnerabilities or misconfigurations show up, the governance function chases them down rather than waiting for each country operation to notice on its own. For a telecom where a national outage can make the news, that centralised posture management is a big part of keeping the identity layer from becoming the weak link.

Goldman Sachs

Financial Services · New York, New York · Entra ID

Goldman Sachs is one of the most recognised names in global finance. Founded in 1869 and headquartered in New York, they're a leading investment bank, serving corporations, governments, and wealthy individuals across investment banking, securities, and investment management. They employ around 70,000 people across offices all over the world.

For a bank with this kind of regulatory scrutiny and business complexity, identity is a serious engineering problem. Goldman runs multiple Entra ID instances globally rather than a single tenant, which is unusual. Most enterprises try to consolidate down to one. Goldman's architecture involves several tenants running in parallel, each supporting different parts of the business, with a dedicated Workforce Identities Engineering team inside Core Engineering responsible for architecting, designing, and running them.

On top of those tenants, Goldman integrates the whole Microsoft stack into Entra ID, including Hybrid Exchange environments, Exchange Online, SharePoint Online, Teams, and Windows 365. Getting all of that working cleanly across multiple tenants with cross-forest Active Directory on the on-prem side is genuinely hard, and it's the sort of work that takes a specialist team to stay on top of.

What makes Goldman's Entra ID setup stand out beyond scale is that they work directly with Microsoft's own product managers across the Identity, M365, and Azure product groups. That kind of direct product-level engagement means Goldman is essentially helping shape what Entra ID does next, rather than just consuming it. They're also heavy users of passwordless and phishing-resistant authentication including FIDO2, plus smartcard scenarios tied into Active Directory Certificate Services. For a bank where a compromised credential could translate directly into market manipulation or fraud, that bar on authentication is where a lot of the identity investment goes.

Raymond James

Financial Services · St. Petersburg, Florida · Entra ID

Raymond James is a major American financial services firm headquartered in St. Petersburg, Florida. Founded in 1962, they serve individuals, corporations, and municipalities through investment banking, wealth management, and capital markets, with roughly $1.26 trillion in client assets and around 8,700 financial advisers working under their umbrella across the US, Canada, and overseas.

Their Entra ID setup is interesting because it sits in the same team as their networking infrastructure. The Identity and Access Management group runs Active Directory, Entra ID, and Infoblox all together, where Infoblox handles DNS, DHCP, and IP address management. Most companies separate identity from networking and treat them as unrelated domains, but Raymond James treats them as one connected problem, which makes sense when you consider how tightly Active Directory depends on DNS working correctly.

They also run AWS as part of the mix, so the identity platform has to bridge on-prem Active Directory, cloud-based Entra ID, and AWS workloads cleanly. Supporting all three in a hybrid setup with consistent access controls is the sort of thing that sounds simple and is not. It's especially tricky in financial services, where every authentication event has to be auditable and every privileged action has to flow through proper change controls.

On top of that, they put heavy emphasis on automation, using PowerShell to handle operational engineering tasks, vulnerabilities, maintenance, and routine changes. They run disaster recovery exercises on the identity stack and operate an on-call rotation specifically for identity issues, which reflects how critical it is. If 8,700 advisers can't log in on a Monday morning, that's a very bad Monday morning for a wealth management firm.