About Entra Cards

Entra Cards is a powerful, portal that transforms your Microsoft Entra ID directory into a rich, interactive experience for every employee — and a governance powerhouse for IT administrators. Built on Microsoft Graph, it works with any Microsoft 365 tenant.

Group Browser

Browse your entire organization grouped by Department, Job Title, Company, or Location. See portrait grids of colleagues within each group, complete with profile photos, names, titles, and departments.

Click on any department name, job title, or company label to pivot instantly to that group — making it easy to explore the organization structure laterally.

Bulk Actions
  • Export Team vCard — Download a single .vcf file containing the contact cards for everyone in the group, with embedded photos. Import all your team's contacts at once.
  • Print Report — Generate a clean, print-optimized A4 report listing everyone in the group with their name, job title, department, company, email, and phone number. Ideal for team meetings, onboarding packs, or office directories.

Group views integrate seamlessly with the Geographic Map — click a city on the map to see all colleagues in that location.

Organization Directory & Org Chart

Visualize your entire organization's reporting structure with two complementary views:

Card View

See your position in the hierarchy at a glance. The focused person's card is centered, with their manager above, peers alongside, and direct reports below. Click any card to re-center the view on that person. Navigate upward through the management chain all the way to the CEO.

Interactive Org Chart

A full React-based tree visualization that you can expand, collapse, drag, and scroll. Nodes load lazily as you explore deeper parts of the organization, ensuring fast performance even for large enterprises.

Print Org Chart

Generate a comprehensive printable org chart report. The system traverses up to the top-most manager, then renders the complete tree downward with the focused user highlighted — perfect for executive presentations or HR documentation.

Geographic Map

See where your colleagues are located around the world on an interactive heat map powered by Leaflet.js. Markers are sized proportionally to the number of employees at each location, giving you an instant visual overview of your organization's geographic footprint.

  • Clickable markers — Each marker shows a popup with the city, country, and employee count. Click through to see the full list of colleagues at that location.
  • Location table — A sortable table lists every office location with employee counts. Click any row to zoom the map to that city.
  • "Where Am I?" — Uses your browser's IP-based geolocation to center the map on your current location.
  • "My Office" — Centers the map on your profile's registered office location.

Summary cards show total users, users with location data, and the number of unique office locations across the organization.

vCard & QR Code Export

Every colleague's contact information can be exported as a vCard 3.0 (.vcf) file — the universal contact format supported by iPhone, Android, Outlook, and every major address book application.

Each vCard includes: full name, job title, organization (company and department), email, work phone, mobile phone, office address, UPN, and employee ID. Profile photos are automatically embedded and optimized to under 50 KB for smooth mobile import, with iOS-compatible line folding.

QR codes encode the full vCard data (excluding the photo for scanability). Display a QR code on screen and let anyone scan it with their phone camera to instantly save the contact — perfect for conferences, meetings, and onboarding.

Team-Building Games

Entra Cards includes three interactive games that use real colleague data from your directory — making learning about your coworkers genuinely fun. Great for onboarding, team events, and building a connected culture.

Memory Match

A classic card-matching game featuring your colleagues' real profile photos. Match pairs of cards showing faces to names, departments, job titles, and managers. Five difficulty levels (12 to 28 cards) progressively add more information to test your organizational knowledge. Includes a timer and move counter to challenge yourself.

Find the Outlier

A pattern recognition game with three modes: identify the person from a different department ("Odd One Out"), spot an incorrect fact about a colleague ("False Fact"), or discover hidden patterns in names and titles ("Hidden Pattern"). Uses real directory data to sharpen your awareness of organizational structure.

Directory Drop

A fast-paced arcade game where employee names fall from the top of the screen. Use your mouse, touch, or arrow keys to bounce each name into the correct department gate using a trampoline. Build score streaks and race against gravity. Real department data makes this surprisingly addictive — and educational.

All games track anonymous global statistics — see how many games have been played across all Entra Cards installations worldwide on the home page.

Dark & Light Mode

Switch between dark and light themes with a single click. Your preference is saved automatically and persists across sessions. The portal also respects your operating system's theme preference on first visit.

Admin features require the Admin app role to be assigned in Microsoft Entra ID. All end-user features above are also available to administrators. See the Admin Setup Guide for configuration instructions.

License Management

A comprehensive React-based license management dashboard with ten specialized tabs that give you complete visibility into your Microsoft 365 licensing landscape.

Licenses Overview

See every license SKU in your tenant with user counts and assignment methods (direct vs. group-based). Understand at a glance which licenses are in use and how they are distributed.

Users

Searchable table of all users with their complete license assignments. Filter and find any user to see exactly what licenses they hold, with support for deep-linking from other parts of the portal.

Companies

License distribution broken down by company name — essential for multi-entity organizations, cost allocation, and chargeback models.

Utilization

Subscribed SKU inventory showing total, consumed, available, suspended, and warning unit counts. Quickly identify over-provisioned or under-utilized licenses.

SKU Insights

Deep-dive into 700+ Microsoft service plan definitions. See which service plans are included in each license SKU, filtered to your environment. Invaluable for license optimization and migration planning.

Trends

Historical license count charts showing how your license landscape evolves over time. Data is stored in CosmosDB with each portal visit, building a valuable long-term licensing timeline.

Anomalies

AI-style anomaly detection identifies users whose licenses differ significantly from their department or job-title peers. Shows severity ratings, estimated cost impact, potential savings, and peer group comparisons. Configurable grouping modes let you detect anomalies by department, title, or both.

Disabled Users

Instantly identify disabled user accounts that still hold paid licenses — a common source of unnecessary cost. See exactly which licenses are assigned and the monthly waste.

Pricing

Set custom per-SKU pricing for your tenant to get accurate cost calculations throughout the portal. Supports multiple currencies. Community-contributed pricing is available as a fallback for common SKUs.

Help

Built-in usage guidance for every tab and feature.

Data Quality Dashboard

Measure and improve the completeness and accuracy of your Entra ID directory data with a sophisticated Data Quality Score (0–100) powered by a quadratic penalty model across four categories.

Completeness

Measures how many user profiles have essential fields filled in: job title, department, city, country, company, office location, street address, postal code, and manager assignment.

Integrity

Detects logical inconsistencies: city without country, office without address, department without title, location without company, and invalid country codes.

Hygiene

Identifies quality issues: mixed-case UPN prefixes, whitespace in display names, display name mismatches, non-routable domains, and legacy domain usage.

Concentration

Penalizes over-concentration where a single value dominates a field (e.g., 90% of users in one department), which often indicates data entry issues.

Additional Features
  • Distribution Charts — Visual breakdowns of job titles, departments, companies, and office locations with counts and percentages. Click any item to see the full group of users.
  • Incomplete Profiles — Table listing users missing critical fields like job title or department.
  • Historical Trends — Track your data quality score over time with historical charts stored in CosmosDB.
  • Bulk Update via Excel — Export all users to a formatted .xlsx spreadsheet, edit in Excel, and re-import using the included PowerShell script. The fastest way to clean up directory data at scale.
  • Data Quality Certificate — Download a certificate showing your organization's current data quality score.

Guest & External User Analytics

Gain full visibility into your B2B collaboration landscape. Understand who your external guests are, which organizations they come from, what they cost, and whether they are still active.

Overview

Summary cards show total guests, licensed guests, disabled guests, and pending invitations. A domain distribution chart reveals which external organizations have the most guest accounts. The detailed guest table lists every external user with their name, email, external domain, creation date, invitation state, assigned licenses, and estimated monthly cost.

Stale Guest Detection

Automatically identifies guest accounts with no sign-in activity for over 180 days. See the count of stale guests, how many are disabled, and which domains they belong to — helping you clean up inactive collaborators and reduce your attack surface.

Historical Trends

Track guest user metrics over time: total guests, licensed guests, disabled guests, pending invitations, stale guests, monthly licensing cost, and unique external domains. All stored in CosmosDB for long-term trend analysis.

Domain Security Analysis

A comprehensive security scanner for every custom domain registered in your Microsoft Entra ID tenant. All checks use publicly available data sources — DNS records, RDAP registration data, and Microsoft's public endpoints — requiring no additional permissions beyond reading the domain list.

Security Score (0–100)

Each domain receives a security score based on its email authentication configuration. Points are deducted for missing or weak SPF, DKIM, DMARC, and MX configurations. Domains are classified as Low, Medium, High, or Critical risk.

Email Authentication Analysis
  • SPF — Validates the Sender Policy Framework record, checks enforcement level (+all, ~all, -all, ?all), counts DNS lookups against the RFC 7208 limit of 10, and recursively analyzes the full include chain to detect broken references.
  • DKIM — Probes multiple common DKIM selectors to verify DomainKeys Identified Mail signing is configured.
  • DMARC — Analyzes the DMARC policy (none, quarantine, reject), subdomain policy, percentage coverage, and reporting configuration.
  • MX — Verifies mail exchange records, identifies the mail provider, detects split MX configurations (critical risk), and confirms Microsoft 365 routing.
Advanced DNS Security

Checks for BIMI (brand logo in email), MTA-STS (enforced TLS), TLS-RPT (TLS failure reports), CAA (certificate authority restrictions), DANE (DNS-based certificate authentication), and DNSSEC (DNS record signing).

Third-Party Service Detection

Discovers 70+ external services configured on your domains through SPF includes, TXT verification records, DKIM selectors, MX routing, and CNAME entries — including email providers, marketing platforms, CRMs, security gateways, CDNs, and hosting services.

DNS Probe

Full inventory of root-level DNS records (TXT, MX, NS, A, AAAA, CNAME, SOA, CAA, SRV) with TTL values. Discovers hosts by probing common subdomain prefixes (mail, autodiscover, vpn, api, etc.). Detects DNS hosting provider from NS records.

WHOIS / RDAP Lookup

Queries the RDAP (Registration Data Access Protocol) service for domain registration details — registrar, registrant organization, creation date, and expiry date. Domains expiring within 30 days are flagged with a warning.

Dangling DNS Detection

Checks CNAME records against 18 known subdomain-takeover-vulnerable cloud services (Azure, AWS, GitHub Pages, Heroku, etc.) and verifies whether the target still resolves. Dangling records are flagged as subdomain takeover risks.

Parked / Unused Domain Detection

Identifies domains with zero users that may be parked or unused, and recommends adding reject-all SPF and DMARC records to prevent email spoofing abuse.

Historical Trends

Security scores for each domain are tracked over time in CosmosDB. Domain names are hashed for privacy in the stored data. View trend charts showing how your domain security posture evolves.

Excel User Export

Export your complete user directory as a formatted Excel (.xlsx) file with 18 columns: UPN, Display Name, Given Name, Surname, Email, Job Title, Department, Company, Employee ID, Manager, Office Location, Street Address, City, State, Postal Code, Country, Mobile Phone, and Business Phones.

The export handles pagination automatically for large organizations and formats the data as an Excel table with auto-fitted columns — ready for immediate analysis, reporting, or bulk update workflows.

Platform Highlights

Secure by Design

Self-hosted in your own Azure subscription. No data leaves your tenant. OAuth 2.0 and Microsoft Entra ID authentication.

Fully Responsive

Optimized for desktop, tablet, and mobile. Bootstrap 5.3 responsive design with dark and light themes.

Historical Tracking

CosmosDB-backed historical snapshots for licenses, data quality, guest users, and domain security. Track trends over months and years.

Microsoft Graph Powered

Built on Microsoft Graph API. Works with any Microsoft 365 tenant. Delegated permissions with incremental consent.

Entra Cards is built with ASP.NET Core 8.0, React, TypeScript, Bootstrap 5.3, Chart.js, Leaflet.js, and Recharts. It integrates with Microsoft Entra ID (formerly Azure Active Directory) via Microsoft Graph SDK, and uses Azure Cosmos DB for historical data storage.

Privacy & Permissions Changelog Admin Setup Guide