Entra Platform Infrastructure

This topic covers the Azure platform services that commonly surround systems built on Microsoft Entra. Each service is taught on its own terms - what it is, how it works, when to use it - rather than through an identity-only lens. The Entra context explains why these services appear together, but the knowledge is general-purpose and applies to any Azure workload.

Overview

• What it covers: Microsoft Graph as the API layer, Azure Functions for event-driven compute, Cosmos DB for operational data, Azure Storage for objects and files, Event Hubs for streaming, Service Bus for messaging, Azure Data Explorer for analytics, and VMs/networking for hybrid scenarios
• Who it is for: Builders working with Azure platform services, especially those building systems around Entra where these services commonly appear together
• Approach: Each service is explained as general infrastructure first, with Entra context showing where it fits in identity-adjacent architectures

Platform Architecture

flowchart LR
    subgraph control["Control Plane"]
        entra["Microsoft Entra"]
        msgraph["Microsoft Graph API"]
    end

    subgraph compute["Compute"]
        func["Azure Functions"]
        vm["VMs"]
    end

    subgraph messaging["Messaging"]
        sb["Service Bus"]
        eh["Event Hubs"]
    end

    subgraph data["Data"]
        cosmos["Cosmos DB"]
        storage["Azure Storage"]
        adx["Data Explorer"]
    end

    entra --> msgraph
    msgraph --> func
    func --> sb
    func --> eh
    func --> cosmos
    func --> storage
    eh --> adx
    sb --> func
    vm -->|hybrid targets| msgraph

Contents

Concepts

• Entra Foundation - Where Entra stops and platform infrastructure starts.
• Microsoft Graph - The unified API for Microsoft 365 and Entra data.
• Azure Functions - Event-driven serverless compute for glue logic, APIs, and automation.
• Cosmos DB - Globally distributed NoSQL database for operational workloads.
• Azure Storage - Object, file, queue, and table storage under one account.
• Event Hubs - High-throughput event streaming platform (managed Kafka).
• Service Bus - Enterprise message broker with queues, topics, and delivery guarantees.
• Azure Data Explorer and KQL - Interactive analytics over large event and telemetry datasets.
• VMs, Networking, and Boundaries - When direct machine control and private networking are required.

Quickstart

• Graph to Functions Automation - Build a minimal automation pipeline from Graph events through Functions.
• Event Stream to Data Explorer - Wire event ingestion into Data Explorer for operational analysis.
• Reliable Worker with Service Bus - Build a worker pattern with durable messaging and failure handling.
• State and Artifacts - Choose Cosmos DB for operational state and Storage for larger artifacts.
• Hybrid Worker on VM - Run workers at the network edge when cloud-only execution cannot reach the target.

Deep Dives

• Messaging Patterns - Choose between Event Hubs and Service Bus, then design around their failure behavior.
• Cosmos DB Patterns - Partitioning, consistency, and container design for real workloads.
• Data Explorer KQL Patterns - KQL patterns for investigating operational events and telemetry.
• Networking and Private Access - Private endpoints, VNet isolation, and hybrid connectivity design.

How To Use This Topic

Start with the Concepts section to build mental models for each service. Each page answers: what is it, what are the key concepts, when do you use it, and when do you not.

Move to Quickstarts when you want to see how services connect in practice. Each quickstart shows a concrete pattern with architecture diagrams.

Use Deep Dives when you need to make real design decisions - partition keys, messaging selection, failure modes, networking boundaries.

Resources

• Microsoft Learn: Microsoft Graph fundamentals
• Microsoft Learn: Azure Functions
• Microsoft Learn: Azure Cosmos DB
• Microsoft Learn: Azure Storage
• Microsoft Learn: Azure Event Hubs
• Microsoft Learn: Azure Service Bus
• Microsoft Learn: Azure Data Explorer
• Microsoft Learn: Azure Virtual Machines

Writing Rules

• Teach each service as general infrastructure first, then show where it appears in Entra-adjacent systems.
• Use current Microsoft terminology throughout.
• Use diagrams when they clarify architecture boundaries or data flow.
• Link to existing local Entra topics (Entra Connect Sync, Entra Cloud Sync, Entra Application Provisioning) for product-specific depth.