Purpose
This article explains how Microsoft Entra ID (formerly Azure AD) measures and reports Service Level Agreement (SLA) performance for authentication, and how admins can view both global and tenant-level SLA attainment.
Scope
- Product: Microsoft Entra ID
- Tenants: Workforce and external (B2B/B2C) tenants
- Audience: Identity / M365 / Azure administrators, architects, and service owners
Background
Microsoft publishes an SLA for Microsoft Entra ID that defines how authentication availability is calculated and what constitutes downtime. SLA performance for Entra ID is reported in two key ways:[
- Global historical SLA performance (all tenants, worldwide)
- Tenant-level SLA attainment for eligible organizations (≥ 5000 monthly active users)
These metrics are typically used in discussions with application and business owners to justify onboarding critical workloads to Entra ID and to set realistic availability expectations.
How Microsoft Entra ID SLA Is Measured
Measurement focus
SLA performance is calculated to reflect actual customer authentication experience, not just raw system endpoint availability. In practical terms, the calculation is based on whether:
- Users can successfully authenticate to Microsoft Entra ID
- Microsoft Entra ID can successfully issue tokens for target applications after authentication.
If either of these capabilities is impaired for a meaningful portion of user traffic in a given window, it contributes to downtime in the SLA calculation (as defined in the published SLA document for Entra ID).
Calculation method
The formal definition of downtime and the exact availability formula are documented in the official “SLA for Microsoft Entra ID” page; Microsoft uses these definitions when computing monthly SLA performance.
Starting in April 2025, Microsoft updated the SLA performance calculation to include successful authentications achieved via Entra’s resilient infrastructure (for example, when a backup authentication path succeeds after retry). Under the old calculation, those successful retries were not counted towards SLA performance.
Example: For April 2025, the previous logic would have yielded 99.998% availability, while the updated logic reports 99.999%.
No Planned Downtime
Microsoft Entra ID is designed and operated as a 24x7 cloud service supporting critical identity and access scenarios. To avoid affecting customers’ business operations:
- Microsoft does not schedule planned downtime for Entra ID.
- Service maintenance is performed online while the service remains available, using resilient engineering and deployment practices to avoid customer impact.
This model is important when you position Entra ID as an identity provider for line-of-business or mission-critical applications.
Recent Worldwide SLA Performance
Microsoft publishes historical SLA performance data to help customers evaluate Entra ID as an identity provider for business-critical workloads.
Key points:
- The published table shows monthly authentication availability from 2021 onwards, across all customers and geographies.
- Values represent global authentication availability (all Entra ID customers combined), not tenant-specific numbers.
- Percentages are truncated to three decimal places, not rounded up, so actual availability is slightly higher than reported.
Examples from the published historical data:
- The vast majority of months from 2021–2025 are at 99.998%–99.999% authentication availability or higher.
- A notable exception is March 2021, which is documented at 99.568% availability, reflecting a significant incident during that period.
- Recent years (2022–2024 and the available months in 2025) consistently report 99.998%–99.999% monthly availability.
You can reference these numbers directly when discussing historical performance with application owners and risk stakeholders.
Incident History
Not every incident will cause the monthly SLA to drop below the contractual threshold, but major events are documented publicly.
- All serious incidents that impact Microsoft Entra ID performance are recorded in the Azure status history.
- For each documented incident, you can typically review:
- Scope and impact
- Timeline
- Root cause analysis
- Mitigation and prevention actions taken by Microsoft
When performing a post-incident review with your business or compliance teams, combine:
- The monthly SLA performance data
- The Azure status history entry for the relevant period
Tenant-Level SLA Attainment
In addition to global reporting, Entra ID provides SLA metrics at the tenant level for larger organizations.
Eligibility
- Tenant-level SLA attainment is available for organizations with at least 5000 monthly active users.
Definition
- SLA attainment is the user authentication availability for your specific Entra ID tenant over time.
- It uses the same core SLA definition as the public SLA, but scoped to your tenant’s authentication traffic.
Viewing Tenant-Level SLA Attainment in the Portal
To view your organization’s SLA attainment:
- Sign in to the Microsoft Entra admin center with at least the Reports Reader or equivalent permissions.
- In the left navigation, go to Entra ID > Monitoring & health > Health
- On the Health page, review the SLA attainment chart:
- Hover over a bar for a given month to see the exact percentage.
- A table with the same monthly values appears below the chart for detailed review.
Typical use cases:
- Providing evidence of actual monthly authentication availability to application or risk owners
- Supporting internal SLAs/OLAs for identity services
- Comparing your tenant’s SLA attainment to the global published numbers
Accessing SLA Attainment via Microsoft Graph
For automated reporting or integration into internal monitoring platforms, SLA attainment data can also be accessed programmatically.
- Entra exposes tenant-level SLA attainment information through Microsoft Graph APIs.
- This enables scenarios such as:
- Scheduled export of SLA metrics into your data warehouse
- Integration into Power BI or other BI tooling
- Automated monthly reports for internal stakeholders
Refer to the Microsoft Entra documentation for the specific Microsoft Graph endpoints and permissions required.
How to Use SLA Performance Data Internally
You can use the SLA performance and attainment data in several ways:
- Application onboarding
Use global and tenant-level SLA figures to demonstrate that Entra ID meets or exceeds the availability requirements of candidate applications (for example, apps requiring 99.9% or 99.99% identity availability). - Risk and compliance discussions
Provide evidence of historical resilience and availability, including how often the published SLA has been exceeded. - Service reviews and OLAs
Align your internal identity service objectives and operational-level agreements with the published Entra ID SLA and your tenant’s actual attainment - Post-incident service reviews
Combine Azure status history entries with monthly SLA data to show the net impact of incidents on your environment.
Key Considerations and Notes
- The SLA is specifically about authentication availability (ability to sign in and obtain tokens), not every conceivable feature of Entra ID.
- The global SLA performance table is descriptive, not contractual; contractual terms are defined only in the official SLA document.
- From April 2025 onward, the SLA calculation includes successful sign-ins via resilient infrastructure paths, resulting in slightly higher reported availability compared to the previous method.
- For smaller tenants (fewer than 5000 monthly active users), tenant-level SLA attainment is not available, but you can still rely on global SLA performance data and Azure status history.
Comments
0 comments
Article is closed for comments.