Azure Active Directory Identity Protection enables synchronization between my on-premises user accounts and the cloud. By using Azure Active Directory, I can enforce restrictions and create policy rules. I can also identify the devices connected to Azure Directory and apply policies accordingly. The usage of this feature is extensive, with a large number of users utilizing its capabilities. I feel that it forms the core of Microsoft's security infrastructure, acting as a central portal for managing the security of Microsoft solutions.
Information Technology Architect at GMS, Inc.
Enables us to have more control over application levels and device restrictions
Pros and Cons
- "I use conditional access most of the time."
- "Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar."
What is our primary use case?
How has it helped my organization?
Most things can be managed through Azure Active Directory, which functions as a security and reporting hub for all Microsoft solutions. This is especially helpful when checking logs or accessing various features within Microsoft. By going directly to Azure Active Directory, I can easily search and utilize any Microsoft feature. It serves as the main entry point for accessing Microsoft solutions.
The single pane of glass, when it comes to administration, is really good and helpful. For example, if there are any cases where I need to check something about user devices, logs, or access management—such as revoking access, giving access, or creating groups—all of these tasks are easily accessible. As an IT infrastructure manager, I mainly work in the cloud, so the Azure Active Directory is my go-to resource. Having the Azure portal open most of the time makes it convenient for me to access the Azure Active Directory directly. Instead of navigating through Office.com and its admin panel, I can have a comprehensive view from Azure Active Directory, which serves as the main pilot for my tasks. This seamless integration is essential because it eliminates the need to switch between different portals. Whether I'm dealing with infrastructure-related matters or user management, I have one centralized portal where I can efficiently switch between tasks. It simplifies my work and enhances my productivity. Regarding security and access control, I also find Azure Active Directory very valuable since I handle security matters. If there are any security logs or incidents, I can easily manage and address them using Azure Active Directory. This capability further streamlines my responsibilities and ensures a smooth workflow.
Initially, there was limited control. However, when we examine the recent features available in Active Directory, for instance, controlling access to company resources from personal devices due to COVID, we find an increased need for such control. Active Directory offers a way to manage this type of access effectively. One of the features that I particularly appreciate is controlled access, which allows us to apply security controls based on whether the device is part of the company directory or not. By combining this feature with cloud app security, we gain even more control over user access at the device level. Using these features, we can decide whether users are allowed to download content on their laptops or restrict access to specific mobile devices. If it's a company device, full access is granted; otherwise, access is limited. This kind of bundled approach is very convenient for security personnel responsible for the company's security, providing a one-stop shop for managing access controls. Moreover, this system allows granular control over individual users as well. For example, higher-level executives like the CEO may require different policies compared to regular users. We can easily create open policies for certain users, granting them unrestricted access to personal devices. Overall, the conditional access module of Active Directory offers a comprehensive and effective solution for managing access controls and security measures within the company.
Traditionally, we used to make a good device compliant by simply adding it to the domain and then applying GPOs from it. However, after Azure Active Directory, there is an additional level of authentication, which occurs with Azure AD joined devices. When a device is Azure AD joined, we can blindly trust it because only company devices can join Azure AD. Nevertheless, there are still potential issues and loopholes that may arise. For example, even if it is a company-managed device, there is a chance that it was mistakenly added by an administrator and later given to an unauthorized person, granting them access to company resources. To address these concerns, we use conditional access policies. With these policies, we can verify multiple steps: Is it an Azure AD joined device? Is it a hybrid joined device? Is it located in the correct area? Is the user associated with the device authorized to access company resources? Based on these checks, we determine which applications the user should have access to. This multi-layered security approach is crucial and is known as zero trust security. We need to authorize users at each level, and this is made possible through the implementation of conditional access policies. This module showcases the beauty and effectiveness of this approach.
Azure Active Directory has helped save time for our IT administrators. It significantly reduces the time required for management tasks. I no longer need to log in to the ADA server or manually disable accounts. Checking the logs is now a simple process. Accessing the Active Directory is easy from anywhere, whether it's through email or from home—it doesn't matter.
Azure Active Directory has had a significant impact on the employee user experience within our organization. One feature that stands out is the password reset process. Previously, whenever I needed to reset an employee's password, I had to go to the ADA server and reset it from there. This process used to take around 15 to 20 minutes, especially if the password had expired or any other issues arose. Additionally, if I wasn't at my computer, I would have to spend at least an hour sitting in front of it to provide access or reset the password and then share the new credentials with the employee. Moreover, the passwords I generated were temporary, which meant employees had to reset them again. However, with the introduction of the password reset portal in Azure Active Directory, our workload has been significantly reduced. This portal allows us to provide users with an option to reset their passwords securely without compromising account security. It has proven to be one of the best features I've experienced in Azure Active Directory.
What is most valuable?
I use conditional access most of the time. From there, I can access other features, such as Endpoint Device Management. It has been moved to a different module, initially a part of the Active Directory. This conditional access is one of my favorites as it allows us to have more control over application levels and device restrictions if needed. We can set security policies there as well. Previously, I used to handle it from Azure Active Directory. Another useful feature is Access Management, which provides an easy portal to manage user access, privileges, and other related settings.
What needs improvement?
When it comes to logs, we don't have access to all of them because there's a limitation of 90 days for log retention. It would be a great option to have the ability to increase this duration in the portal itself, either as a paid feature or something similar, as three months of log retention is insufficient. If we want to check someone's log, the challenge is sometimes finding different access points to various portals. However, they have started adding these access points, which is a positive improvement. For example, previously, there was no cloud app security access from Active Directory, but now they have already added the link.
Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar. It doesn't have to be a complete module, but having some logs or notifications for administrators would be very helpful. If they could provide us with the option to receive notifications or something similar, it would significantly enhance the platform.
One more thing to consider is the log retention period in the Active Directory. It would be useful if we could export logs or have access to information about how long the logs can be retained in the Active Directory.
Buyer's Guide
Microsoft Entra ID Protection
December 2024
Learn what your peers think about Microsoft Entra ID Protection. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Azure Active Directory Identity Protection for over eight years.
What do I think about the stability of the solution?
I have never encountered any stability issues. Active Directory has worked flawlessly since day one.
What do I think about the scalability of the solution?
The scalability is controlled by Microsoft and is adjusted based on our demands. The only thing we may need to do is add more licenses if we exceed what we already possess.
How are customer service and support?
The technical support is always helpful and they try to come up with a quick resolution each time.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward and not complex at all. All the information is available online including tutorial videos. I completed the deployment myself.
What's my experience with pricing, setup cost, and licensing?
Azure Active Directory Identity Protection is not very expensive. Security is not free, and it comes with a cost but the charge is reasonable.
What other advice do I have?
I give Azure Active Directory Identity Protection an eight out of ten.
We are not heavily using DLP at the moment, but we have started implementing it in our company. Along with Endpoint Manager, we also use Cloud App Security, which functions somewhat like an endpoint manager but is not a complete DLP solution. We have begun testing this feature recently, but we are not currently using it as a protection measure. Only a few people in my company, who are part of the testing team, have access to it. Once the testing is complete, we plan to implement it for broader use.
Our organization utilizes Microsoft solutions because they are convenient and create a complete ecosystem. Active Directory has been our go-to choice because it integrates so well with our other Microsoft solutions.
From day one, if we use any Microsoft solution, it will be available in our tenant. However, if we need to enhance or access other features, we will have to purchase a specific license to unlock the complete set of features beyond the basic ones in Active Directory. When we activate the office suite, the Active Directory will also be available. If we wish to add additional features, such as conditional access, I generally advise users to purchase an Azure Active Directory tier-one license based on their requirements. After obtaining the license, they can activate the desired security features or any other features they need.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
AI Solution Architect at Bitscape Infotech Pvt. Ltd.
Conditional access strengthens security for seamless application management
Pros and Cons
- "I find the most valuable feature to be conditional access."
- "I find the most valuable feature to be conditional access. It allows for comprehensive security controls, network security, and application label security."
- "Microsoft has not offered control over how they calculate high or low-risk scenarios."
- "Microsoft has not offered control over how they calculate high or low-risk scenarios. While they mention if a low risk is found by Microsoft, the triggered policy isn't customizable."
What is our primary use case?
I primarily use Microsoft Entra ID Protection to manage identities for applications, including single sign-on capabilities for third-party and in-house applications. I leverage its features for conditional access and identity management.
What is most valuable?
I find the most valuable feature to be conditional access. It allows for comprehensive security controls, network security, and application label security. It enables me to set policies for signing security user sign-in risks and specific application access.
Additionally, having a single sign-on feature with Entra ID ensures seamless access to various applications, even those with significant security constraints. Microsoft offers extensive use cases, including app security and IP restrictions, enhancing our overall enforcement capabilities.
What needs improvement?
Microsoft has not offered control over how they calculate high or low-risk scenarios. While they mention if a low risk is found by Microsoft, the triggered policy isn't customizable. Enhanced configurations for verified credentials would also be beneficial since the current configuration is quite complex and tedious.
For how long have I used the solution?
I have been using the solution for approximately two and a half years.
How are customer service and support?
As a Microsoft partner, I find the assistance isn't as extensive as expected. They often refer to internal blogs, which doesn't offer much new information and can limit our capabilities in troubleshooting.
How would you rate customer service and support?
Neutral
What's my experience with pricing, setup cost, and licensing?
Microsoft Entra ID requires additional licensing components, particularly for Entra ID governance as an add-on for those with P1 or P2 licenses.
What other advice do I have?
I rate Microsoft Entra ID Protection eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Dec 16, 2024
Flag as inappropriateBuyer's Guide
Microsoft Entra ID Protection
December 2024
Learn what your peers think about Microsoft Entra ID Protection. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Managing Director at a tech services company with 1-10 employees
Efficient access management that enhances trust with partners with a good interface
Pros and Cons
- "The features we find most effective for identity security include access reviews, two-factor authentication, and modification."
- "Microsoft has room for improvement in simplifying their integration with third-party solutions and making the licensing model more understandable."
What is our primary use case?
We mostly deal with identity management by different vendors. We are a partner of Microsoft, Oracle, and Symantec, among others, and we also deal with open-source solutions like Evolvium ID. We are dealing with Microsoft Identity Manager. They call it Microsoft Entra IntraID.
How has it helped my organization?
Microsoft Entra ID Protection has allowed us to manage partners and external users effectively, providing us with trust from these organizations. Access reviews are conducted to ensure that when partners leave their respective organizations, they are also cleaned up on our side.
What is most valuable?
The features we find most effective for identity security include access reviews, two-factor authentication, and modification.
What needs improvement?
Microsoft has room for improvement in simplifying their integration with third-party solutions and making the licensing model more understandable.
For how long have I used the solution?
I have been working with Microsoft ID Protection for five to seven years.
What do I think about the stability of the solution?
Microsoft Entra ID Protection is stable, and we do not need any technical assistance.
What do I think about the scalability of the solution?
The product is very scalable and works well.
How are customer service and support?
I am very satisfied with the technical support. Microsoft has consolidated their support into one, which has been very effective. However, I have not needed to request any technical support from them.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We find mostly SailPoint used by big companies, however, we don't use SailPoint at the moment.
How was the initial setup?
The interface is very good, and setting up is easy because it involves SaaS solutions where you click a button and it does everything. It's easy to configure, sign up, and integrate.
What's my experience with pricing, setup cost, and licensing?
Microsoft has various pricing models. Some of them are bundled with the current price, such as E3 and E5. Understanding the pricing model requires familiarity with their fragmented model.
Which other solutions did I evaluate?
For identity management instead of Symantec, the recommended solutions depend on the environment, features, complexity, user types, and budget.
What other advice do I have?
I'd rate the solution nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Oct 31, 2024
Flag as inappropriateSenior IT System Administrator at a financial services firm with 51-200 employees
Helps to manage users, groups, access, and licenses
Pros and Cons
- "The tool is simple and you can find a lot of tutorials, and videos on YouTube that can help you."
- "The solution's sync should be faster since it can take about 30 minutes to two hours to complete a simple sync. The tool needs to sync instantly. It also needs to improve scalability, support, and stability."
What is our primary use case?
I use the solution to manage users, groups, access, and license.
What is most valuable?
The tool is simple and you can find a lot of tutorials, and videos on YouTube that can help you.
What needs improvement?
The solution's sync should be faster since it can take about 30 minutes to two hours to complete a simple sync. The tool needs to sync instantly. It also needs to improve scalability, support, and stability.
For how long have I used the solution?
I have been using the product for four years.
What do I think about the stability of the solution?
I would rate the solution's stability a nine out of ten. We encountered bugs while integrating with other Microsoft or MDM solutions.
What do I think about the scalability of the solution?
I would rate the product's scalability a nine out of ten. My company has 200 users.
How are customer service and support?
Support takes longer than expected to revert back.
What other advice do I have?
I would rate the solution a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager at Vodafone
Helps with authentication but needs to improve stability and scalability
Pros and Cons
- "The solution helps us with authentication."
- "The solution is not optimized to work with Mac devices on a granular level. They work seamlessly with Windows but have a lot to improve to work with Mac devices. It also needs to improve stability and scalability."
What is our primary use case?
The solution helps us with authentication.
What is most valuable?
I am impressed with the tool's compliance and authentication.
What needs improvement?
The solution is not optimized to work with Mac devices on a granular level. They work seamlessly with Windows but have a lot to improve to work with Mac devices. It also needs to improve stability and scalability.
What do I think about the stability of the solution?
I would rate the solution's stability an eight out of ten.
What do I think about the scalability of the solution?
I would rate the solution's scalability an eight out of ten.
What other advice do I have?
I would rate the product a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Microsoft Entra ID Protection Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Identity Management (IM) Microsoft Security Suite Identity Threat Detection and Response (ITDR)Popular Comparisons
CrowdStrike Falcon
Microsoft Entra ID
SailPoint Identity Security Cloud
Microsoft Identity Manager
SAP Identity Management
Intercede MyID
Identity Automation RapidIdentity
Buyer's Guide
Download our free Microsoft Entra ID Protection Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Looking for an Identity and Access Management product for an energy and utility organization
- Which Identity and Access Management solution do you use?
- Sailpoint IdentityIQ vs Oracle identity Governance
- OpenIAM vs Ping identity
- Which is the best legacy IDM solution for SAP GRC?
- What are some tips for effective identity and access management to prevent insider data breaches?
- What are your best practices for Identity and Access Management (IAM) in the Cloud?
- How to convince a client that Identity and Access Management (IdAM) is essential for risk elimination?
- What access management tools would you recommend to help with GDPR compliance?
- Why is identity and access management (IAM) so important in preventing data breaches?