diff --git a/.changeset/fresh-camels-give.md b/.changeset/fresh-camels-give.md
new file mode 100644
index 0000000000..723733e45e
--- /dev/null
+++ b/.changeset/fresh-camels-give.md
@@ -0,0 +1,7 @@
+---
+'@backstage/plugin-catalog-backend-module-msgraph': patch
+'@backstage/integration': patch
+'@backstage/plugin-auth-backend': patch
+---
+
+JSDoc and Error message updates to handle `Azure Active Directory` re-brand to `Entra ID`
diff --git a/.github/vale/Vocab/Backstage/accept.txt b/.github/vale/Vocab/Backstage/accept.txt
index 1a028d1387..0e86ef5fc4 100644
--- a/.github/vale/Vocab/Backstage/accept.txt
+++ b/.github/vale/Vocab/Backstage/accept.txt
@@ -456,3 +456,4 @@ Lightsail
 PR
 rebasing
 lookbehind
+Entra
\ No newline at end of file
diff --git a/contrib/docs/tutorials/aws-alb-aad-oidc-auth.md b/contrib/docs/tutorials/aws-alb-aad-oidc-auth.md
index b88efbb561..d742c33498 100644
--- a/contrib/docs/tutorials/aws-alb-aad-oidc-auth.md
+++ b/contrib/docs/tutorials/aws-alb-aad-oidc-auth.md
@@ -1,18 +1,18 @@
-# Using AWS Application Load Balancer with Azure Active Directory to authenticate requests
+# Using AWS Application Load Balancer with Entra ID to authenticate requests
 
 Backstage allows offloading the responsibility of authenticating users to an AWS Application Load Balancer (**ALB**), leveraging the authentication support on ALB.
 This tutorial shows how to use authentication on an ALB sitting in front of Backstage.
-Azure Active Directory (**AAD**) is used as identity provider but any identity provider supporting OpenID Connect (OIDC) can be used.
+Entra Id (formerly Azure Active Directory) is used as identity provider but any identity provider supporting OpenID Connect (OIDC) can be used.
 
 It is assumed an ALB is already serving traffic in front of a Backstage instance configured to serve the frontend app from the backend.
 
 ## Infrastructure setup
 
-### AAD App
+### Entra App Registration
 
-The AAD App is used to execute the authentication flow, serve and refresh the identity token.
+The App Registration is used to execute the authentication flow, serve and refresh the identity token.
 
-Create the AAD App following the steps outlined in `Create a Microsoft App Registration in Microsoft Portal` section from the tutorial [Monorepo App Setup With Authentication][monorepo-app-setup-with-auth].
+Create the App following the steps outlined in `Create a Microsoft App Registration in Microsoft Portal` section from the tutorial [Monorepo App Setup With Authentication][monorepo-app-setup-with-auth].
 
 Instead of `localhost` addresses, use the following values.
 
@@ -27,12 +27,12 @@ In the AWS console, configure ALB Authentication:
 
 - Edit the ALB rule used to forward the traffic to Backstage and add a new `Authenticate` action. The action will have higher priority compared to the existing `Forward to`.
 - Select `OIDC` under `Authenticate`
-- Set `Issuer` to `https://login.microsoftonline.com/{TENANT_ID}/v2.0`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the AAD App.
-- Set `Authorization endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the AAD App.
-- Set `Token endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the AAD App.
+- Set `Issuer` to `https://login.microsoftonline.com/{TENANT_ID}/v2.0`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the App Registration.
+- Set `Authorization endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/authorize`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the App Registration.
+- Set `Token endpoint` to `https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/token`, replacing `{TENANT_ID}` with the value of `Directory (tenant) ID` of the App Registration.
 - Set `User info endpoint` to `https://graph.microsoft.com/oidc/userinfo`
-- Set `Client ID` to the AAD App `Application (client) Id`
-- Set `Client secret` to the AAD APP `client secret`
+- Set `Client ID` to the App Registration `Application (client) Id`
+- Set `Client secret` to the App Registration `client secret`
 
 Use the following advanced settings:
 
@@ -41,7 +41,7 @@ Use the following advanced settings:
 - `Scope` = `openid profile offline_access`
 - `Action on unauthenticated request` = `Autenticate (client reattempt)`
 
-Once you've saved the action, you should see an authentication flow be triggered against AAD when visiting Backstage address at `https://backstage.yourdomain.com`. The flow will not complete successfully as the Backstage app isn't yet configured properly.
+Once you've saved the action, you should see an authentication flow be triggered against Entra ID when visiting Backstage address at `https://backstage.yourdomain.com`. The flow will not complete successfully as the Backstage app isn't yet configured properly.
 
 ## Backstage changes
 
@@ -215,11 +215,11 @@ auth:
       region: <AWS_REGION>
 ```
 
-Replace `<TENANT_ID>` with the value of `Directory (tenant) ID` of the AAD App and `<AWS_REGION>` with the AWS region identifier where the ALB is deployed (for example: `eu-central-1`).
+Replace `<TENANT_ID>` with the value of `Directory (tenant) ID` of the App Registration and `<AWS_REGION>` with the AWS region identifier where the ALB is deployed (for example: `eu-central-1`).
 
 ## Conclusion
 
-Once it's deployed, after going through the AAD authentication flow, Backstage should display the AAD user details.
+Once it's deployed, after going through the Entra ID authentication flow, Backstage should display the Entra user details.
 
 <!-- links -->
 
diff --git a/docs/auth/microsoft/azure-easyauth.md b/docs/auth/microsoft/azure-easyauth.md
index 6d53189922..07a3923da1 100644
--- a/docs/auth/microsoft/azure-easyauth.md
+++ b/docs/auth/microsoft/azure-easyauth.md
@@ -5,7 +5,7 @@ sidebar_label: Azure Easy Auth
 description: Adding Azure's EasyAuth Proxy as an authentication provider in Backstage
 ---
 
-The Backstage `core-plugin-api` package comes with a Microsoft authentication provider that can authenticate users using Azure Active Directory for PaaS service hosted in Azure that support Easy Auth, such as Azure App Services.
+The Backstage `core-plugin-api` package comes with a Microsoft authentication provider that can authenticate users using Microsoft Entra ID (formerly Azure Active Directory) for PaaS service hosted in Azure that support Easy Auth, such as Azure App Services.
 
 ## Backstage Changes
 
@@ -101,11 +101,11 @@ const app = createApp({
 
 ## Azure Configuration
 
-How to configure azure depends on the service you're enable AAD auth on the app service.
+How to configure azure depends on the Azure service you're using to host Backstage.
 
 ### Azure App Services
 
-To use EasyAuth with App Services, turn on Active Directory authentication
+To use EasyAuth with App Services, turn on Entra ID (formerly Azure Active Directory) authentication
 You must also enable the token store.
 
 The following example shows how to do this via a bicep template:
diff --git a/docs/features/kubernetes/authentication.md b/docs/features/kubernetes/authentication.md
index f30521189f..e0cddefbcf 100644
--- a/docs/features/kubernetes/authentication.md
+++ b/docs/features/kubernetes/authentication.md
@@ -11,7 +11,7 @@ add custom providers there if needed.
 
 These providers are configured so your Kubernetes plugin can locate and access the
 clusters you have access to, some of them have special requirements in the third party in
-question, like Azure's Managed AAD subscription or Azure RBAC support active on the cluster.
+question, like Microsoft Entra ID (formerly Azure Active Directory) subscription or Azure RBAC support active on the cluster.
 
 The providers currently available are divided into server side and client side.
 
@@ -78,7 +78,7 @@ You get both, the cluster `url` and `caData` directly from the AWS console by go
 ### Azure
 
 The Azure server side authentication provider works by authenticating on the server with
-the Azure CLI, please note that [Azure AD Authentication][1] is a requirement and has to
+the Azure CLI, please note that [Microsoft Entra authentication][1] is a requirement and has to
 be enabled in your AKS cluster, then follow these steps:
 
 - [Install the Azure CLI][2] in the environment where the backstage application will run.
diff --git a/docs/integrations/azure/locations.md b/docs/integrations/azure/locations.md
index 7553df4081..b59c4149e0 100644
--- a/docs/integrations/azure/locations.md
+++ b/docs/integrations/azure/locations.md
@@ -89,6 +89,6 @@ The `credentials` element is a structure with these elements:
 > Note:
 >
 > - You cannot use a service principal or managed identity for Azure DevOps Server (on-premises) organizations
-> - You can only use a service principal or managed identity for Azure AD backed Azure DevOps organizations
+> - You can only use a service principal or managed identity for Microsoft Entra ID (formerly Azure Active Directory) backed Azure DevOps organizations
 > - You can only specify one credential per host without any organizations specified
 > - The personal access token should just be provided as the raw token generated by Azure DevOps using the format `raw_token` with no base64 encoding. Formatting and base64'ing is handled by dependent libraries handling the Azure DevOps API
diff --git a/docs/integrations/azure/org.md b/docs/integrations/azure/org.md
index 8b7bd3c5b8..370678d9f9 100644
--- a/docs/integrations/azure/org.md
+++ b/docs/integrations/azure/org.md
@@ -1,13 +1,13 @@
 ---
 id: org
-title: Microsoft Azure Active Directory Organizational Data
+title: Microsoft Entra tenantal Data
 sidebar_label: Org Data
 # prettier-ignore
-description: Importing users and groups from Microsoft Azure Active Directory into Backstage
+description: Importing users and groups from Microsoft Entra ID into Backstage
 ---
 
 The Backstage catalog can be set up to ingest organizational data - users and
-teams - directly from a tenant in Microsoft Azure Active Directory via the
+teams - directly from a tenant in Microsoft Entra ID via the
 Microsoft Graph API.
 
 ## Installation
@@ -205,7 +205,7 @@ export async function myGroupTransformer(
       annotations: {},
     },
     spec: {
-      type: 'aad',
+      type: 'Microsoft Entra ID',
       children: [],
     },
   };
@@ -219,7 +219,7 @@ export async function myUserTransformer(
   const backstageUser = await defaultUserTransformer(graphUser, userPhoto);
 
   if (backstageUser) {
-    backstageUser.metadata.description = 'Loaded from Azure Active Directory';
+    backstageUser.metadata.description = 'Loaded from Microsoft Entra ID';
   }
 
   return backstageUser;
diff --git a/packages/integration/src/azure/config.ts b/packages/integration/src/azure/config.ts
index 98704ba570..5c16394484 100644
--- a/packages/integration/src/azure/config.ts
+++ b/packages/integration/src/azure/config.ts
@@ -90,7 +90,7 @@ export type AzureCredentialBase = {
 export type AzureClientSecretCredential = AzureCredentialBase & {
   kind: 'ClientSecret';
   /**
-   * The Azure Active Directory tenant
+   * The Entra ID tenant
    */
   tenantId: string;
   /**
diff --git a/plugins/auth-backend/src/providers/azure-easyauth/provider.test.ts b/plugins/auth-backend/src/providers/azure-easyauth/provider.test.ts
index b521ddeb10..1b7c51263c 100644
--- a/plugins/auth-backend/src/providers/azure-easyauth/provider.test.ts
+++ b/plugins/auth-backend/src/providers/azure-easyauth/provider.test.ts
@@ -256,7 +256,7 @@ describe('easyAuth factory', () => {
     });
 
     expect(() => factory({} as any)).toThrow(
-      'Authentication provider is not Azure Active Directory',
+      'Authentication provider is not Entra ID',
     );
   });
 
diff --git a/plugins/auth-backend/src/providers/azure-easyauth/provider.ts b/plugins/auth-backend/src/providers/azure-easyauth/provider.ts
index 7da069f6ae..ca8cacf892 100644
--- a/plugins/auth-backend/src/providers/azure-easyauth/provider.ts
+++ b/plugins/auth-backend/src/providers/azure-easyauth/provider.ts
@@ -185,7 +185,7 @@ function validateAppServiceConfiguration(env: NodeJS.ProcessEnv) {
   if (
     env.WEBSITE_AUTH_DEFAULT_PROVIDER?.toLowerCase() !== 'azureactivedirectory'
   ) {
-    throw new Error('Authentication provider is not Azure Active Directory');
+    throw new Error('Authentication provider is not Entra ID');
   }
   if (process.env.WEBSITE_AUTH_TOKEN_STORE?.toLowerCase() !== 'true') {
     throw new Error('Token Store is not enabled');
diff --git a/plugins/catalog-backend-module-msgraph/README.md b/plugins/catalog-backend-module-msgraph/README.md
index 6f8c95b667..b70134cba3 100644
--- a/plugins/catalog-backend-module-msgraph/README.md
+++ b/plugins/catalog-backend-module-msgraph/README.md
@@ -2,7 +2,7 @@
 
 This is an extension module to the `plugin-catalog-backend` plugin, providing a `MicrosoftGraphOrgEntityProvider`
 that can be used to ingest organization data from the Microsoft Graph API.
-This provider is useful if you want to import users and groups from Azure Active Directory or Office 365.
+This provider is useful if you want to import users and groups from Entra Id (formerly Azure Active Directory) or Office 365.
 
 ## Getting Started
 
diff --git a/plugins/catalog-backend-module-msgraph/src/microsoftGraph/client.ts b/plugins/catalog-backend-module-msgraph/src/microsoftGraph/client.ts
index 4acf7c726e..f1ccc44a99 100644
--- a/plugins/catalog-backend-module-msgraph/src/microsoftGraph/client.ts
+++ b/plugins/catalog-backend-module-msgraph/src/microsoftGraph/client.ts
@@ -69,7 +69,7 @@ export type GroupMember =
 
 /**
  * A HTTP Client that communicates with Microsoft Graph API.
- * Simplify Authentication and API calls to get `User` and `Group` from Azure Active Directory
+ * Simplify Authentication and API calls to get `User` and `Group` from Microsoft Graph
  *
  * Uses `msal-node` for authentication
  *