Microsoft Entra ID Protection Reviews

Azure Active Directory Identity Protection enables synchronization between my on-premises user accounts and the cloud. By using Azure Active Directory, I can enforce restrictions and create policy rules. I can also identify the devices connected to Azure Directory and apply policies accordingly. The usage of this feature is extensive, with a large number of users utilizing its capabilities. I feel that it forms the core of Microsoft's security infrastructure, acting as a central portal for managing the security of Microsoft solutions.

Most things can be managed through Azure Active Directory, which functions as a security and reporting hub for all Microsoft solutions. This is especially helpful when checking logs or accessing various features within Microsoft. By going directly to Azure Active Directory, I can easily search and utilize any Microsoft feature. It serves as the main entry point for accessing Microsoft solutions.

The single pane of glass, when it comes to administration, is really good and helpful. For example, if there are any cases where I need to check something about user devices, logs, or access management—such as revoking access, giving access, or creating groups—all of these tasks are easily accessible. As an IT infrastructure manager, I mainly work in the cloud, so the Azure Active Directory is my go-to resource. Having the Azure portal open most of the time makes it convenient for me to access the Azure Active Directory directly. Instead of navigating through Office.com and its admin panel, I can have a comprehensive view from Azure Active Directory, which serves as the main pilot for my tasks. This seamless integration is essential because it eliminates the need to switch between different portals. Whether I'm dealing with infrastructure-related matters or user management, I have one centralized portal where I can efficiently switch between tasks. It simplifies my work and enhances my productivity. Regarding security and access control, I also find Azure Active Directory very valuable since I handle security matters. If there are any security logs or incidents, I can easily manage and address them using Azure Active Directory. This capability further streamlines my responsibilities and ensures a smooth workflow.

Initially, there was limited control. However, when we examine the recent features available in Active Directory, for instance, controlling access to company resources from personal devices due to COVID, we find an increased need for such control. Active Directory offers a way to manage this type of access effectively. One of the features that I particularly appreciate is controlled access, which allows us to apply security controls based on whether the device is part of the company directory or not. By combining this feature with cloud app security, we gain even more control over user access at the device level. Using these features, we can decide whether users are allowed to download content on their laptops or restrict access to specific mobile devices. If it's a company device, full access is granted; otherwise, access is limited. This kind of bundled approach is very convenient for security personnel responsible for the company's security, providing a one-stop shop for managing access controls. Moreover, this system allows granular control over individual users as well. For example, higher-level executives like the CEO may require different policies compared to regular users. We can easily create open policies for certain users, granting them unrestricted access to personal devices. Overall, the conditional access module of Active Directory offers a comprehensive and effective solution for managing access controls and security measures within the company.

Traditionally, we used to make a good device compliant by simply adding it to the domain and then applying GPOs from it. However, after Azure Active Directory, there is an additional level of authentication, which occurs with Azure AD joined devices. When a device is Azure AD joined, we can blindly trust it because only company devices can join Azure AD. Nevertheless, there are still potential issues and loopholes that may arise. For example, even if it is a company-managed device, there is a chance that it was mistakenly added by an administrator and later given to an unauthorized person, granting them access to company resources. To address these concerns, we use conditional access policies. With these policies, we can verify multiple steps: Is it an Azure AD joined device? Is it a hybrid joined device? Is it located in the correct area? Is the user associated with the device authorized to access company resources? Based on these checks, we determine which applications the user should have access to. This multi-layered security approach is crucial and is known as zero trust security. We need to authorize users at each level, and this is made possible through the implementation of conditional access policies. This module showcases the beauty and effectiveness of this approach.

Azure Active Directory has helped save time for our IT administrators. It significantly reduces the time required for management tasks. I no longer need to log in to the ADA server or manually disable accounts. Checking the logs is now a simple process. Accessing the Active Directory is easy from anywhere, whether it's through email or from home—it doesn't matter.

Azure Active Directory has had a significant impact on the employee user experience within our organization. One feature that stands out is the password reset process. Previously, whenever I needed to reset an employee's password, I had to go to the ADA server and reset it from there. This process used to take around 15 to 20 minutes, especially if the password had expired or any other issues arose. Additionally, if I wasn't at my computer, I would have to spend at least an hour sitting in front of it to provide access or reset the password and then share the new credentials with the employee. Moreover, the passwords I generated were temporary, which meant employees had to reset them again. However, with the introduction of the password reset portal in Azure Active Directory, our workload has been significantly reduced. This portal allows us to provide users with an option to reset their passwords securely without compromising account security. It has proven to be one of the best features I've experienced in Azure Active Directory.

I use conditional access most of the time. From there, I can access other features, such as Endpoint Device Management. It has been moved to a different module, initially a part of the Active Directory. This conditional access is one of my favorites as it allows us to have more control over application levels and device restrictions if needed. We can set security policies there as well. Previously, I used to handle it from Azure Active Directory. Another useful feature is Access Management, which provides an easy portal to manage user access, privileges, and other related settings.

When it comes to logs, we don't have access to all of them because there's a limitation of 90 days for log retention. It would be a great option to have the ability to increase this duration in the portal itself, either as a paid feature or something similar, as three months of log retention is insufficient. If we want to check someone's log, the challenge is sometimes finding different access points to various portals. However, they have started adding these access points, which is a positive improvement. For example, previously, there was no cloud app security access from Active Directory, but now they have already added the link.

Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar. It doesn't have to be a complete module, but having some logs or notifications for administrators would be very helpful. If they could provide us with the option to receive notifications or something similar, it would significantly enhance the platform.

One more thing to consider is the log retention period in the Active Directory. It would be useful if we could export logs or have access to information about how long the logs can be retained in the Active Directory.

I have been using Azure Active Directory Identity Protection for over eight years.

I have never encountered any stability issues. Active Directory has worked flawlessly since day one.

The scalability is controlled by Microsoft and is adjusted based on our demands. The only thing we may need to do is add more licenses if we exceed what we already possess.

The technical support is always helpful and they try to come up with a quick resolution each time.

Positive

The initial setup is straightforward and not complex at all. All the information is available online including tutorial videos. I completed the deployment myself.

Azure Active Directory Identity Protection is not very expensive. Security is not free, and it comes with a cost but the charge is reasonable.

I give Azure Active Directory Identity Protection an eight out of ten.

We are not heavily using DLP at the moment, but we have started implementing it in our company. Along with Endpoint Manager, we also use Cloud App Security, which functions somewhat like an endpoint manager but is not a complete DLP solution. We have begun testing this feature recently, but we are not currently using it as a protection measure. Only a few people in my company, who are part of the testing team, have access to it. Once the testing is complete, we plan to implement it for broader use.

Our organization utilizes Microsoft solutions because they are convenient and create a complete ecosystem. Active Directory has been our go-to choice because it integrates so well with our other Microsoft solutions.

From day one, if we use any Microsoft solution, it will be available in our tenant. However, if we need to enhance or access other features, we will have to purchase a specific license to unlock the complete set of features beyond the basic ones in Active Directory. When we activate the office suite, the Active Directory will also be available. If we wish to add additional features, such as conditional access, I generally advise users to purchase an Azure Active Directory tier-one license based on their requirements. After obtaining the license, they can activate the desired security features or any other features they need.

We mostly deal with identity management by different vendors. We are a partner of Microsoft, Oracle, and Symantec, among others, and we also deal with open-source solutions like Evolvium ID. We are dealing with Microsoft Identity Manager. They call it Microsoft Entra IntraID.

Microsoft Entra ID Protection has allowed us to manage partners and external users effectively, providing us with trust from these organizations. Access reviews are conducted to ensure that when partners leave their respective organizations, they are also cleaned up on our side.

The features we find most effective for identity security include access reviews, two-factor authentication, and modification.

Microsoft has room for improvement in simplifying their integration with third-party solutions and making the licensing model more understandable.

I have been working with Microsoft ID Protection for five to seven years.

Microsoft Entra ID Protection is stable, and we do not need any technical assistance.

The product is very scalable and works well.

I am very satisfied with the technical support. Microsoft has consolidated their support into one, which has been very effective. However, I have not needed to request any technical support from them.

Positive

We find mostly SailPoint used by big companies, however, we don't use SailPoint at the moment.

The interface is very good, and setting up is easy because it involves SaaS solutions where you click a button and it does everything. It's easy to configure, sign up, and integrate.

Microsoft has various pricing models. Some of them are bundled with the current price, such as E3 and E5. Understanding the pricing model requires familiarity with their fragmented model.

For identity management instead of Symantec, the recommended solutions depend on the environment, features, complexity, user types, and budget.

I'd rate the solution nine out of ten.

I use the solution to manage users, groups, access, and license. 

The tool is simple and you can find a lot of tutorials, and videos on YouTube that can help you. 

The solution's sync should be faster since it can take about 30 minutes to two hours to complete a simple sync. The tool needs to sync instantly. It also needs to improve scalability, support, and stability. 

I have been using the product for four years. 

I would rate the solution's stability a nine out of ten. We encountered bugs while integrating with other Microsoft or MDM solutions. 

I would rate the product's scalability a nine out of ten. My company has 200 users.

Support takes longer than expected to revert back. 

I would rate the solution a nine out of ten. 

The solution helps us with authentication. 

I am impressed with the tool's compliance and authentication. 

The solution is not optimized to work with Mac devices on a granular level. They work seamlessly with Windows but have a lot to improve to work with Mac devices. It also needs to improve stability and scalability. 

I would rate the solution's stability an eight out of ten.

I would rate the solution's scalability an eight out of ten. 

I would rate the product a nine out of ten.