Microsoft Entra ID Reviews

The solution strengthened our security posture by providing fine-grained access based on attributes, standardized names, and values. Azure AD reduced our time to market for products based on improved security.

The product also improved our service desk overhead.

Azure AD positively affected our end-user experience via reduced time to market, being an identity product for our workforce.

Privileged Identity Management (PIM), managed identities, dynamic groups, and extension and security attributes are all great features.

Better integration with external governance products would be a welcome addition to Azure AD. 

We've been using the solution for four years.

The solution is stable but can be improved, especially regarding response times.

Azure AD is a cloud-based solution operating from a worldwide tenant, so scalability isn't an issue, especially from an identity perspective. We have 300,000 total end users. 

We have yet to interact with technical support, so I can't speak to that.

We previously used standard AD. 

The setup is mixed; the startup is fast, but configuring requires the knowledge of a consultant or technical resource. Basic deployment can be completed in a day, but our greenfield deployment took a relatively long time as we're a large organization. A greenfield deployment should take at most two weeks, but implementing Azure AD into a functional environment is a project unto itself. It could take months, depending on the use cases.

Regarding maintenance, we're a global organization, and each feature has its own operating team. At our scale, a group of 25 is responsible for managing and maintaining the identity part of the solution.

The pricing depends on the use case and can be negotiated based on volume. 

I rate the solution eight out of ten. 

My advice to others evaluating the product is to do good due diligence beforehand to determine a clear set of requirements, as with any identity tool or access management solution.  

We use it because we have to onboard our user laptops to our Windows domain. Azure AD provides us with the Windows domain capability.

As an organization, we are going for ISO 27001 compliance. The only way to achieve much of that was to have Azure AD in place. Once Azure was in place, many things, like bringing all our laptops into the domain, and ensuring centralized policy deployment, were taken care of and that is where Azure AD has come in handy.

We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune. As a user, I rarely go into Azure AD. I would rather go to Intune and work from there.

I've been using Azure Active Directory for the last few years. Since 2020, I've been using it extensively because, where I'm working, we're totally on Azure AD.

There is nothing to be worried about when it comes to stability. It's a cloud product.

We are not worried about scalability because it's a cloud system. It will run and they will scale it. They already have packages wherein you can scale it depending on how many users you have in your system.

Our usage of Azure AD will continue, going forward, as an organization. We are not going to pull back on it. It's only a question of what more we can extract out of it as we go along.

Technical support varies. The problem is that Microsoft has contracted out support to multiple organizations around the world. When you raise a ticket, you may or may not get support from someone in your country or region. That's "Part I". 

"Part II" is that when you get to a support agent, they go by the playbook. While they do a lot of R&D for us when we give them the problem in detail, and they actually find things out and come back to us, they're not willing to go beyond the established guidelines to try to troubleshoot. They will only do so if it becomes a pain-in-the-neck issue and multiple users are reporting that problem. For example I found an issue with Defender and I raised a ticket with the Defender team. That has now been pushed to some sort of a feature update, so things like that do happen.

Positive

The initial setup is straightforward. There is nothing very complicated about it.

The very basic setup of AD might take between 10 minutes and half an hour. Then, if you sit down and focus on the task, it takes about a couple of days to have all your nodes in place.

In our company, there is another person who is my immediate junior and who reports to me. We are the ones who deploy, use, and maintain the system.

We are using the version that comes with Microsoft 365 Business Premium.

Microsoft has a very weird way of licensing the product. With the standard on-prem edition, we can do a lot of regular, day-to-day maintenance, including creating policies and the like. We can't do that in Azure Active Directory. The Azure system is very basic in nature compared to what the server provides us.

There are add-on components and services, such as identity services, that we have to add to our Azure subscription. Only then can I actually say it's on par with the on-prem server edition.

Why should I pay for a component? It should be included in my subscription. I understand there may be an added fee, but don't remove an essential component. I am a career IT guy. When I start comparing my on-prem server against this cloud edition, I see that there are components missing. The money issue is secondary. Give me a solution that matches the Azure standard edition. They should ensure that whatever I have on my domain controller are the facilities that run here in Azure AD. For example, on the domain controller, if you are my user, I can let you create a 14-character or a 20-character password. I can't do that on Azure AD. To do that, I must get the Directory Services module, which costs me another $100 a month. Let that cost be added to the bill and let me create my configurations as and how I want. Why do they want to restrict me? It's a detrimental business practice.

Still, I say go for it. Don't worry about the pricing. Licensing, at the basic level, is sensible. But you should actively talk to your reseller about the needs of your organization. Costs will vary as you dig deeper into understanding what product or service you need. Independent of your geographic location, talk to a local Microsoft partner and understand the cost. Don't simply go online and order things. I would stress that to anybody in the world, whatever the size of their organization.

The pricing module is pretty straightforward for many of the products. They have a price for up to 300 users for many of the licensed products. Up to 300 users is not considered an enterprise business.

You may have knowledge about the product, but when you talk to somebody else you get a slightly different perspective. Exercise that principle. Talk to one or two vendors, but talk. Spend time on the call. Understand what you want. One person might give you an idea of how you can deploy with your existing products, while another guy might say those products have these weaknesses and these strengths.

From the organizational perspective, it's not the native Azure AD components that provide value to the customer, it's more the other components. If you're a Microsoft 365 Business Premium customer, you get Microsoft 365 Defender. Along with that package, you get something called Secure Score for your organization. The beauty of Secure Score is that it gives you something of a benchmark. It says X percentage of organizations have this particular level of security score and it tells you how you can upgrade your security. It may tell you to enable something or disable a feature. After about a day's time, during which the change percolates across the organization, your security posture goes up a notch. That's a very useful tool for any organization, whatever the size.

The end-user experience is better because we don't have to have so many components on board, compared to other solutions, to do something. For example, even though Defender is a limited version in some critical aspects, it still does its job pretty well. One major benefit of having it is that we can control the policies of Defender from the Intune portal or the Microsoft 365 Defender system because it's backed by Azure AD. Azure AD plays a kind of backend role. 

It doesn't play much of a front-end role wherein I can create a policy. If I have to create a GPO, I must get the Directory Services component. Without that, I cannot create a GPO the way I would with the ordinary service. That's a critical difference. And with Microsoft, as usual, until you go digging around, you'll never know about this. I raised support queries with Microsoft and followed up with the tech support, after which I was informed that until I have Directory Services I can't do anything. This kind of clarity is not provided to the customer. Microsoft's website is really weak when it comes to providing specific details.

I would tell any organization that doesn't have Azure Active Directory today not to spend money on setting up a server and a data center and infrastructure. Simply upgrade your Office subscription, because it eventually happens. The world is divided into two major parts: Microsoft users and Google users, and there may be some percentage that doesn't use either product. If you're using these products and looking at ISO compliance, simply upgrade to Microsoft 365 Business Premium. You'll get Azure AD and then you can go about the rest of your work.

Overall, I rate Azure AD at seven out of 10. There is a huge difference in the capabilities between the on-prem server and the Azure version.

Microsoft Authenticator is the tool provided to assure that we are using the Microsoft product in the correct way, from the Microsoft point of view.

It's two-factor authentication. I personally use several of them, from Google to Microsoft Authenticator to others. It's a solution that works.

The solution is stable. 

The product is easy to install and quick to deploy.

The solution is secure.

It offers good Microsoft integration capabilities. 

For the moment, I don't have any complaints. 

The pricing is okay, however, it could always be better in the future.

It is a stable, reliable product. There are no bugs or glitches. It doesn't crash or freeze. 

In terms of scalability, we don't have complaints about this from the users of this kind of solution.

Several people in our company use the product. I am unsure of the exact number. 

When we have problems, we don't go to Microsoft; we complain internally to a group that is responsible for keeping this working. I can't speak to how Microsoft's support is. I've never directly interacted with them.

Positive

I also use Google Authenticator.

I need to use different services to log on. Microsoft promotes its own solutions. For my bank, for instance, I have a solution imposed by my bank. For Google, I have Google Authenticator. For Microsoft Plus. I have Microsoft Authenticator. For our VPN, we use FortiGate, the authenticator.

The installation is easy. You can do the installation on mobile phones and it can be installed on the web. It's not a problem.

The deployment is fast and only takes about two minutes. It's supposed to be done by the end-user.

I have done the implementation myself. I did not need the assistance of any integrators or consultants.

I don't pay a separate licensing fee. It's already included in the service we buy from Microsoft.

I'd rate the solution an eight out of ten.

It underpins our application authentication and security requirements for internal users.

During the pandemic, it helped us carry on working securely as a business.

Azure Active Directory hugely improved our organization’s security posture. The ability to control access to resources has vastly improved.

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

On-premise capabilities for information and identity management need improvement but I know these are in pipeline.

I have been using it for five or six years.

The stability has improved over the last two to three years.

It has fantastic scalability. Globally, we have about 80,000 users. 

In each territory there are on average around 40 people managing the solution on the admin side. We also have SMEs for the harder tasks. Then you have people, like me, who are architects and determine approach and create designs.

Microsoft Premier Support is very good. We make good use of it. 

The free support is okay.

For mobile device management we used to have MobileIron and Blackberry. Those products have been removed in favour of Intune and Azure AD features. Other legacy security services will be removed in preference for the Azure equivalents. Strategically, Azure AD makes more sense for us. Cloud first is the strategic direction within my company.

It is a predeployed solution, creating the links between the on-premise system and SaaS system is moderately easy.

Our deployment took a month.

For a non-complex organization, the deployment process would be a lot easier than it is for a complex organization. There are a lot of business processes that need to be determined as well as a lot of conversations. The technology side of things is the easy bit. It is the design that takes awhile.

It was all done internally and using Microsoft Partners

We have only really bought into the solution over the last 12 months or so. We expect to see cost returns in the next 12 months.

If you get rid of all the products providing features that Azure suite can provide, then it makes sense cost-wise.

Microsoft Premier Support is an additional cost to the standard licensing fees.

Azure Active Directory and its feature set under a single vendor are unique in our market.

Compared to how it was five years ago, the solution is has really matured.

Make sure that business requirements are understood upfront and a design is in place before any services are deployed. Ensure the people deploying it understand the capabilities and implications of choices.

I would rate this solution as a nine out of 10.

We use Azure Active Directory for our project management proposals. Employees who are onboarding in Active Directory can use project filters for authentication and other back-end tasks. There are different installed environments and staging areas. Different areas are being used for different purposes.

Azure Active Directory provides us with a single pane of glass for managing user access.

Azure AD made organizing information much easier for our organization. The solution also helped the IT and HR departments save up to 50 percent of their time. Based on the time savings, I would say that Azure AD also helped save costs within our organization.

Azure AD positively affected our employees' experience in the company by providing them with a single sign-on portal to access all their accounts in an easy way.

Overall, I think the support and the pictorial format of this web portal are very good. Everything is just a click away, which is very convenient. Previously, we had to write a configuration file to do anything, but now everything can be configured through the user interface. This is a great improvement.

The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what.

I have been using Azure AD for three years.

I give Azure Active Directory an eight out of ten.

I recommend Azure Active Directory.

I am a systems manager. I use Azure Active Directory every day for my support job.

Our authentication tools to single sign-on portals are hosted in different cloud products, like Amazon or GCP. So, we create an enterprise application and Azure Active Directory to give our users for authentication access to various public URLs.

Before Azure Active Directory, it took effort to provide cloud access to on-premises users. With Azure Active Directory and AD Connect, we are able to sync on-prem users to the cloud with minimal effort. We don't have to manage keeping multiple entities for the same user.

The multi-factor authentication (MFA) is one of the best aspects of the product. 

The security features are great. They will report in advance to you in the case of suspicious activity. 

The GUI is pretty enhanced. You can configure applications or do whatever they need to do. 

Azure Active Directory currently supports Linux machines. However, the problem is that you get either full or minimal access. It would be very nice if we could have some granular authorization modules in Azure Active Directory, then we could join it to the Linux machine and get elevated access as required. Right now, it is either full or nothing. I would like that to be improved. 

We have the ability to join Windows VMs to Azure. It would be nice if we could have some user logs, statistics, and monitoring with Azure Active Directory.

When we subscribe to MFA, the users get MFA tokens. However, it is not a straightforward process to embed any of the OTP providers. It would be good if Microsoft started embedding other third-party OTP solutions. That would be a huge enhancement.

I have been using Active Directory for two years.

This product is used every second of every day.

The solution offers nice stability and performance. 

In my organization, there might be as many as 60,000 people who utilize the solution. 

The scalability is awesome. You don't even need to think about scalability because Microsoft manages it.

We use it on a daily basis.

The support could be better. Lately, they sort of dropped off a bit in terms of quality. Recently, Microsoft support has not been doing such a good job. Previously, they used to do a good job.

In the past, AD Connect was not syncing. It threw errors in the beginning. So, I had to call up technical support to solve the problem. At the time, we were satisfied with their assistance.

I am also using AWS.

Azure Active Directory is not an Active Directory product. It is just the application proxy. You need to have an on-prem solution. Azure Active Directory would just be a proxy that uses the on-prem data and hosts the application. It is not a full-scale Active Directory solution. However, it has a lot of enhancements. The traditional on-prem Active Directory hosts the users and computers as well as some additional group objects. 

On the other hand, AWS Active Directory has all the capabilities of the traditional Active Directory with limited access for the administrator. All domain administration and sensitive credentials will be managed by AWS. So, you don't need to worry about application delays or syncing issues.  

The initial setup is simple.

It is pretty easy to set up the product. You subscribe in Azure Active Directory. By default, it will have an extension where you need to register. If you need a custom domain name, then you need to register with your public DNS providers to create the DNS public entry. You will then have to prove that you own the domain name. Once it has been proven, then your Active Directory pretty much works. 

If you need to sync up your on-prem users with the Azure Active Directory, then you need to have an AD Connect server installed at the VM-level domain. It should be credentialed so AD Connect can use credentials to read your on-premises and sync it to the cloud. Once this has been done, you are good to go. As an enhancement, for whatever user you are syncing, you can mandate them by adding them to a group or rolling out an MFA policy.

Since it is pretty straightforward, you just need one person to deploy it.

I implemented it in an hour.

Some maintenance is required. However, it is not on Azure Active Directory's part. Rather, it is for AD Connect. Often, we see that the connection is getting lost or something is not happening. Sometimes, port 443 might not be open from your on-prem Azure Active Directory. In that case, if you haven't implemented it in the beginning, then you need to do this. For a high availability solution, if you find that the machine is having additional issues, then you might need a higher AD Connect device. I would probably also deploy it with a different availability.

The solution has three types of tiers:

1. E1 has very basic features. 
2. You get limited stuff in E2 and cannot have Office 360 associated with it. 
3. E3 is on the costly side and has all the features.
   

If you need to have an Exchange subscription or email functionality, then you need to pay more for that.

We are using both the on-premises version and the SaaS version.

I would advise potential new users to learn a bit about the product before jumping in. If you are new, you need to do background research about Azure Active Directory. You also need to understand its purpose and how you want to leverage it. When you have a draft architecture in place, then you can go ahead and implement this solution. If it needs to be reimplemented, it is just a matter of five minutes.

I would rate the solution as nine out of 10.

I started using Azure in my organization for user management, identity management, and app security.

I am using purely Azure Active Directory, but I've used Azure Active Directory in a hybrid scenario. I sync my user from on-premises Active Directory to cloud. While I have used the solution in both scenarios, I use it mostly for purely ATS cloud situations.

We don't really have breaches anymore. Now, in most cases, we set up a sign-in policy for risky things, like a user signing in via VPN or they can't sign in based on their location. This security aspect is cool.

If a user wants to sign onto the company's account, but turn on their VPN at the same time, they might not be able to sign in because of the Conditional Access policy set up in place for them. This means their location is different from the trusted site and trusted location. Therefore, they would not be able to sign in. While they might not like it, this is for the security of the organization and its products.

The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.

The authentication, the SSO and MFA, are cool. 

It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment. 

The user management and application management are okay.

There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory. 

I have been using Azure AD for three years.

Overall, stability is okay. Although, sometimes with the cloud, we have had downtime. In some instances, Microsoft is trying, when it comes to Azure AD, to mitigate any issues as soon as possible. I give them that. They don't have downtime for a long time.

You can extend it as much as you need. For example, you can create as many users as you want on the cloud if you sync your users from on-premises. Therefore, it is highly scalable.

I used to manage about 1,500 users in the cloud. Also, at times, I have worked with organizations who have up to 25,000 users. When it comes to scalability, it is actually okay. Based on your business requirements, small businesses can use Azure Active Directory with no extra cost as well as an organization with more than 10,000 users.

The support is okay, but it is actually different based on your specific issue because they have different teams. For example, when you have issues with cloud identity management, I think those are being handled by Microsoft 365 support, and if you have an issue with your Azure services, the Azure team handles it. 

I can say the support from Microsoft 365 support is awesome because it is free support. Although the experience is not all that awesome every time, and there is no perfect system, when compared to other supports, I would rate them as 10 (out of 10).

Positive

The initial setup was straightforward. When I set up Azure Active Directory, I just had to create an Office 365 tenant.

Creating an Office 365 tenant automatically creates an Azure Active Directory organization for you. For example, if I create my user in Microsoft 365 automatically, I see them in Azure Active Directory. I just need to go to Azure Active Directory, set up my policies, and whatever I want to do based on the documentation.

A part of the documentation is actually complex. You need to read it multiple times and reference a lot of links before you can grasp how it works and what you need to do.

The very first time, it took me awhile to set up. However, when setting it up the second time, having to create Azure AD without setting up users was less than three minutes.

I work with a client who has a small organization of 50 users worldwide. With Active Directory, they are spending a lot for 50 users for management, the cost of maintenance, etc. The ROI number is too small for the costs that they are spending on the maintenance of an on-premises setup. So, I migrated them to Azure Active Directory, where it is cost-effective compared to an on-premises setup.

For you to make use of some of the security features, you need to upgrade your licenses. If it is possible, could they just make some features free? For instance, for the Condition Access policy, you need to set that up and be on Azure AD P2 licensing. So if they could make it free or reduce the licensing for small businesses, that would be cool, as I believe security is for everyone.

The product is very good. Sometimes, I try to use Google Workspace, but I still prefer Azure to that solution. I prefer the Azure user interface versus the Google Workspace interface.

Draw out a plan. Know what you want and your requirements. Microsoft has most things in place. If you have an existing setup or MFA agreement with Okta and other services, you can still make use of them at the same time while you are using Azure Active Directory. Just know your requirements, then look for any possible way to integrate what you have with your requirements.

Overall, this solution is okay.

I would rate this solution as an eight out of 10.

We have deployed an Active Directory model with Active Directory on-premises, and that is providing services to the entire organization. In 2018, we wanted to implement single sign-on with some of our cloud solution partners. That was the main reason that drove us to implement Azure Active Directory. As far as I know, that's the only thing that we use Azure Active Directory for at this moment.

We can call it a hybrid system. All our internal operations are using Active Directory on-premises, but when we need to identify some of our users with applications on the cloud, that's when we use Azure Active Directory.

We are a mid-size company with around 550 users end-users, with the same number of end-user machines. We also run somewhere between 120 and 150 servers.

The reason we implemented it is that we can use it for authentication with some of our service applications, and that makes users' lives easier. They do not need to learn a lot of different passwords and different usernames. The other benefit is that, on the management side, it's very easy because you can have tight control over who is using the application and who is not; who has permissions.

For some applications, it's not only working for authentication but it's also being used to apply roles for users. From the management perspective, it's much better to have this because in the past we constantly needed to go into the console of the different solutions and create or delete users or modify their roles and permissions. Now, with Azure Active Directory, we can do that from a single point. That makes our management model much easier.

As a result, the solution has helped to improve our security, because user management control is very important. In the past, there were times when, for some reason, we forgot about deleting or even creating users for certain applications. Now, because we have only a single point for those processes, there is better control of that and it reduces the risk of information security incidents. That's especially true when you consider the case where we had forgotten to delete some users due to the increasing number of applications in the cloud. We now have five or six applications using single sign-on and that capability is one of our requirements when we introduce a new solution. It has to be compliant with single sign-on and it should have a way to be implemented with Azure Active Directory. It makes our infrastructure more secure.

Among the applications we have that are using single sign-on are Office 365, Concur for expense control, we have an integration with LinkedIn, as well as two other applications. When a user decides to leave the organization, we check that their access to all our internal applications has been closed. That can be done now with a single script. It makes it very easy for us to delete the user from the organizational unit, or from where the group linked to the application.

It makes things a lot more comfortable in terms of security as we don't need to log in to every single application to delete users. We would see, in the past, when we would run a review on an application in the cloud, that suddenly there were, say, 10 users who shouldn't be there. They could still be using the service because we didn't delete them. For some applications it's not that bad, but for others it could be an open security risk because those users would still have access to assets of the organization. We have reduced, almost to zero, the occurrences of forgetting a user.

Azure AD has affected the end-user experience in a positive way because, as I mentioned, they do not need to learn different usernames and different passwords. In addition, when users request access to some of the applications, we just need to assign the user to the different groups we have. These groups have been integrated with the different cloud applications and that means they can have almost immediate access to the applications. It makes it easier for us to assign roles and access. From the user perspective that's good because once they request something they have access to the service in less than 15 minutes.

Implementation of single sign-on with other vendors is quite easy. It might take a couple of hours and everything is running.

We've been using Azure Active Directory for over two years.

The availability of Azure AD is good. I don't have any complaints about it. Regarding the stability, we haven't had any issues with it. We haven't experienced any service interruption. 

Part of our strategy in the short-term is to move most of our Microsoft environment, when it's feasible, to the cloud, because we have seen that the cloud environment offered by Microsoft is really stable. We have proved that with tools like Azure Active Directory. In almost three years we haven't had a single issue with it.

From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately. It really only takes a few minutes. Although it doesn't seem to cause any problems for our organization, I would like to see more efficiency when it comes to the different connectors with cloud services.

We haven't had a situation where we need to scale this solution.

We haven't had any major issue with the solution so we haven't called Microsoft technical support for Azure AD so far.

We have always used Active Directory as our dedicated services solution. Three years ago we increased the scope of it and synchronized it with Azure Active Directory. Our on-premises Active Directory is our primary solution. Azure Active Directory is an extension of that.

The initial setup was quite straightforward. It didn't take too long just to get our Azure Active Directory environment set up and running. I think it took less than a day. It was really fast.

We already had Active Directory on-premises, so what we created was the instance of Azure Active Directory. All the different groups, users, and services were already set up. We then replicated with what we currently have in the Azure Active Directory instance. It was not really difficult.

Our company is quite small and that is reflected in our IT department. Azure Active Directory is handled by our infrastructure coordination team, which has only two members. One is the senior engineer who performs all the major changes and the main configurations. We also have a junior engineer who runs all the operations in the company. From time to time, one person from our help desk, usually me, does some small operations when we don't have the infrastructure team available.

We use a reseller to buy the product and they also provide some consulting services. Our relationship with Microsoft is not a direct relationship.

Our reseller is SoftwareONE. They're a global company and our experience with them has been good. We have been with them since 2010 or 2011. We have two or three different services from them related to Microsoft and other brands. They are not exclusively reselling Microsoft licenses. 

From a very subjective point of view, as I haven't drawn any kind of numbers to calculate the return on investment, what I can see so far is that the investment is running smoothly and it's easier for us to run our environment with it.

If you have all your infrastructure built using Microsoft tools, it is straightforward to go with Azure Active Directory. Under these circumstances, I don't see any reason to find another solution.

We have an E3 contract, and I believe Azure AD is included in it.

We didn't evaluate other vendors because our entire environment is based on Microsoft solutions.

As with any implementation, design is key. That would be applicable to Active Directory as well, but when it comes to Azure AD, do not start the installation unless you have an accepted design for it. You shouldn't just start creating objects on it. You need to have a clear strategy behind what you're going to do. That will save you a lot of headaches. If you start without any kind of design, at the end of the road, you can end up saying, "Okay, I think it would have been better to create this organizational unit," or, "We should have enabled this feature." It's probably not very straightforward to implement the changes. So have a team design the Azure Active Directory structure for you. You need to have the map before starting the implementation.