Microsoft Entra ID Reviews

I am an operational engineer and consultant that assists organizations with their Azure Active Directory implementation. I primarily deal with administrative functions in my day-to-day tasks. I am responsible for creating and configuring Azure AD users and groups, as well as assigning the dynamic membership required by the organization to their users. Another common task is that I set up guest user access for organizations that want to grant access to users on a temporary basis.

For customers that want to use a cloud-based deployment, I can assist them with that. In cases where the customer wants an on-premises deployment then we will provide them with help using AD Connect, which is used for synchronization between cloud-based and on-premises data.

This solution helps to improve security for our clients using a specific directory structure and by using a variety of options. There is a default directory, which is owned by Microsoft, and in there you can create custom directories for your use. 

There is a panel available for the administration of users, groups, and external identities. 

Options are included for uploading your on-premises applications to the cloud, and they can be registered with Azure. This means that you can also create your own applications.

Identity governance is available for paid users.

Using Azure Active Directory has benefitted several of my clients, with an example being a startup organization. Startups have three or four things that they need to do in order to begin work. First, they need a domain, and after that, they need a DNS record to be created for their domain. For instance, these services are provided by godaddy.com or similar vendors. Once these steps are complete, they connect to Azure AD with the help of the DNS record that was created. At this point, Azure AD performs the role of a Platform as a Service. Once Active Directory is connected and verified, you can create the users and groups, and begin managing your processes. 

These are the only steps that are required for a startup. For an enterprise that wants to migrate its on-premises data to the cloud, there are several additional steps. For instance, you need to create a virtual machine and install your server. Alternatively, if you already have a server, it can be connected with the help of AD Connect.

This is a good solution for end-users because the vendor provides good documentation and if the users experience errors or issues, they get a popup alert to explain the problem. Furthermore, it can provide a solution to resolve the issue.

The most valuable feature is Identity and Access Management. As an IT administrator, this feature allows me to manage access for users and groups.

This product is easy to use and easy to manage.

The application policies, licensing, and AD Connect options are valuable.

Multifactor authentication provides more security. Having a user ID and password is compulsory but after that, you can add different security features. For example, it can work with biometrics such as fingerprints, retinal scans, and facial recognition. There are many more options that may suit you better, as per your requirements.

When you log in to the Azure portal, there is an option available called Resource Groups. Here, you can add multiple things including printers and different servers. There are Windows servers available, as well as servers hosting many different flavors of Linux. Once a server is created, you can add in a database, for instance.

There are four levels of subscription and the security features are not available for free. At the free or basic level of service, Azure should provide identity protection features including single sign-on and multifactor authentication. These are the most important features for organizations and everybody should be able to utilize them for working remotely.

I have been working with Azure Active Directory for approximately three years.

Worldwide, Azure has many servers available and in fact, they are the largest cloud organization in the world. As long as you are paying for the service, you don't have to worry about availability. There is a Microsoft backend team available that can provide you with what you need.

The availability is the best in the cloud industry.

You don't need to create or manage your own infrastructure, as it is handled by the Azure team. Also, through the Azure portal, you can add databases.

This is a scalable product. You can scale it to any number of users and any number of servers, and there is no issue. As your organization grows day by day, you can increase your users, your databases, and compute services including RAM, CPU, and networking capabilities. This will ensure availability on the platform.

If you are part of a very large organization, with between 50,000 and one million users, then you might generate between 500 and 1,000 terabytes of data each day. You have two options for uploading this data to the cloud, including an online option and an offline option. In the online option, you use a gateway. The offline option includes Data Box, which is a device used to transfer your data. These hold 800 terabytes and above.

I have not used technical support from Microsoft myself. However, it is available and they can provide proper resolution to problems that people are having.

The support documentation that is supplied on the web page is very good. If anything changes then there is a section for notes in the documentation that explains it.

Using technical support is a more cost-effective solution than hiring somebody to maintain the product full-time.

The initial setup is not a complex process. It is simplest in a cloud-based deployment and it will not take much time. If your current server is on-premises then you only need two things. One is your enterprise domain users, which have full access permissions. The other is a global administrator on the cloud side. Both sides need to be integrated and this is done with the help of Azure AD connect. Once this is complete, you can have interaction between your on-premises data and cloud data.

It is helpful to have a basic level of understanding of the product prior to implementing it.

We provide support to our customers, depending on the error or issues that they are having.

There are four different levels of subscription including the free level, one that includes the Office 365 applications, the Premium 1 (P1) level, and the Premium 2 (P2) level. There are different options available for each of the different levels.

Everybody can get a one-month free trial.

This product is cheaper than Amazon AWS and Google GCP.

I do not use the other Active Directory solutions, although I do check on them from time to time. One thing I have noted is that the Google platform charges you on an hourly basis. In the case where you need a virtual machine for only one or two hours, this is a good option. However, if you forget to log out of your machine, then the cost will be large.

AWS provides you with a one-month free trial so that you can test using the resources.

At this time, Azure AD is the biggest cloud Platform as a Service that is available. They have 60+ cloud data centers available worldwide, which is more than any other organization. It is a service that I recommend.

My advice for anybody interested in this product is to utilize the free trial. Microsoft will not charge you anything for the first month. They will also give you a $200 credit so that you can use the services.

I would rate this solution an eight out of ten.

Entra ID is used to authenticate users and applications. 

Entra ID has helped us implement role-based authentication rather than conditional keys. It has made our entry point and access more secure. Entra has improved our Zero Trust platform, but I can't go into the details about how. 

It has improved our attack response slightly because we now have a better idea of what's happening and what we see in the logs. 

Entra ID provides an excellent overview of the applications and the options applied to them.

There are areas for improvement, particularly when moving between tenants. If we create a new tenant and try to set it up under the same organization, it becomes extremely difficult. A recent incident we dealt with took four months to resolve with a seven-day deadline, which was quite frustrating.

I have used Entra since it was released, and we also used Azure AD before it got renamed.

Stability has been questionable sometimes. We've had a few outages which have caused us some concern, and it's a critical solution that we can't do without.

There isn't much that can be done for scalability other than considering an alternative provider, which we have thought about at times.

I rate Microsoft support eight out of 10 in general, but they let us down when we were moving tenants. We were pretty upset with them.

Positive

We always used Azure AD and then Microsoft Entra ID.

Overall, some areas showed more return on investment, while others less so.

I rate Entra ID eight out of 10. 

Microsoft Entra ID serves as an identity protector and service privilege manager.

It has enabled my organization to build a secure environment for user login and asset access. We can enable secure user logins and access to assets.

When we implement app access with Microsoft Entra ID, it gives us confidence that we have secure authentication for our applications.

With privilege identity management, we can grant or escalate rights to a role for a short duration of time and not forever. It is a great feature. It is useful to validate the escalation of privileges. 

Federation on access service principle and the ability to be passwordless in certain use cases are valuable. Federated identity management is a great feature for the zero-trust model. 

Microsoft Entra ID could benefit from more fine-tuned rights. It is necessary to prevent granting an application or user broad access rights. A more precise approach would allow for specific rights, limited to certain contexts within the organization.

I have been using Microsoft Entra ID for three years.

Microsoft Entra ID efficiently responds to numerous requests, and we have not faced significant connectivity issues, making it reliable.

Their customer support is good.

Positive

I have not used any other solution. I was previously using Azure AD. About two years ago, it was renamed to Microsoft Entra ID.

I would rate Microsoft Entra ID a nine out of ten.

My primary use case is Azure SSO. Then, it is a hybrid synchronization of users and computers, and also for SCIM provisioning.

Using this product has helped improve our security posture. I don't handle security directly, but I know that our security team was able to identify logs containing erratic behavior, such as logins that were not authentic. They were able to identify and solve those problems.

This solution has improved our end-user experience a lot because previously, users had to remember different passwords for different applications. Sometimes, the integration with on-premises AD was a little bit difficult over the firewall. However, with Azure, that integration has become seamless. The users are also happy with the additional security afforded by multifactor authentication.

One of the benefits that we get from this solution is the Azure hybrid join, where my presence of the domains is both on-premises and on the cloud. It has allowed us to manage the client machines from the cloud, as well as from the on-premises solution. We are currently building upon our cloud usage so that we can manage more from the Azure instance directly.

Our cloud presence is growing because most people are working from home, so the management of end-users and workstations is becoming a little challenging with the current on-premises system. Having cloud-based management helps us to manage end-users and workstations better. This is because, with an on-premises solution, you need a VPN connection to manage it. Not all users have a VPN but for a cloud-based solution, you just need the internet and almost everyone now has an internet connection.

The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in.

I like the SCIM provisioning, where Azure is the single database and it can push to Google cloud, as well as Oracle cloud. This means that the user directory is synchronized across platforms, so if I am managing Azure AD then my other platforms are also managed.

In a hybrid deployment, when we update the UPN or email address of a user who has license assigned, it does not get updated automatically during normal sync. This means that we have to update it manually from Azure, which is something that needs to be corrected. Essentially, if it's a hybrid sync then it should happen automatically and we shouldn't have to do anything manually.

Azure AD DS allows only one instance in a particular tenant, which is something that could be improved. There are people that want to have AD DS on a per-subscription basis.

I have been using Azure Active Directory for more than three years.

Other than a few global outages, I have not seen any specific outages to the tenant that we use. In the typical case, we haven't faced any issues.

The scalability has been good. For the infrastructure that we have developed, there were no issues. We have nothing in terms of abnormal outages or any abnormal spikes that we have observed. Overall, scalability-wise, we are happy with it.

We have thousands of users on the Azure platform. The entire organization is on Azure AD, and everyone has a different, specific role assigned to them. Some people are using the database, whereas somebody else is using other infrastructure service, and the same is true for all of the different features. We have different teams using different features and I am part of managing identities, which involves using Azure AD and its associated features.

The support from Microsoft is very good. I would rate them a nine out of ten. They are responsive and very knowledgeable.

Prior to Azure AD, we used on-premises Active Directory.

The initial setup was not very complicated because there are very good articles online, published by Microsoft. They give detailed steps on the process and including what challenges you may face. In our setup, the articles online were sufficient but suppose you run into any issues, you simply reach out to Microsoft for support.

Taking the purchases, planning, and everything else into account, it took between three and four months to complete the deployment.

Our in-house team was responsible for deployment. In a few cases, we reached out to Microsoft for support.

We have not evaluated other options. The reason is that the integration between Azure AD and on-premises Active Directory is seamless and easy. Both solutions are by Microsoft.

My advice for anybody who is implementing Azure AD is to consider the size of their environment. If it's a large on-premises environment then you should consider a hybrid model, but if it's a small environment then it's easy to move to the Azure cloud model directly. If it's a small environment then Azure AD is also available on a free license. This is how I would suggest you start looking at having a cloud presence.

Azure AD is easy to integrate and manage, and it will reduce your capital cost a lot.

In summary, this is a good product but there is always scope for improvement.

I would rate this solution a nine out of ten.

I use this solution as an identity platform for Microsoft Applications including Office 365. We have found that users have third-party applications for authentication using an integrated identity infrastructure.

The most valuable features of this solution are security, the conditional access feature, and multifactor authentication.

The conditional access policies allow us to restrict logins based on security parameters. It helps us to reduce attacks for a more secure environment.

Multifactor authentication is for a more secure way of authenticating our use.

All our on-premises identities are synchronized to Azure Active Directory. We have an advanced license that enables conditional access based on logins, and suspicious behaviors. 

Active Directory is able to determine if a particular user signing in from a trusted IP or if there are two different sign-ins from two different locations. It will flag this latter incident as a potential compromise of a user's account. 

In terms of security, it provides us with the features to alert us if there are any fraudulent attempts from a user identity perspective.

It provides access to our Azure infrastructure and allows us to assign roles and specific aspects to different subscriptions. It has several built-in roles that you can assign to individual users based on their job scope. It allows for granular provisioning.

With onboarding applications, you are able to register applications in Azure Active Directory, which allows you to use it as a portal for access as well.

Azure Active Directory enhances the user experience because they do not have various IDs for different applications. They are using one single on-premises ID to synchronize and they are able to access various different applications that are presented to them.

If you have a new application, you will export the application within Azure AD and we add access to those who need that application and you are able to use the corporate ID and password to access it.

Azure Active Directory is a good platform for us. We rely heavily on providing our users a good system and interface that we seldom have issues with.

The management interface has some areas that need improvement. It doesn't give you an overview similar to a dashboard view for Azure Active Directory. The view can be complicated. There are many different tabs and you have to drill down into each individual area to find additional information.

There are too many features available, more than we can use.

I have been using Azure Active Directory for three years.

It's quite stable. There are no issues with the stability.

The identity platform is quite robust.

It is very scalable. We have deployed it globally for approximately 10,000 users and experienced not many issues. In fact, we have not encountered any issues so far.

Generally, we don't have issues that require technical support. We have multiple domains within the Azure AD and we had an issue where SharePoint users were not able to access the domain.

We had a prompt response and were able to identify what the issue was. We were given specific tasks which led to resolving the issue.

I would rate the technical support a nine out of ten.

Previously, we did not use another solution. Primarily it was an on-premises Active Directory that we synchronized to the cloud.

The initial setup was completed by a separate team.

We have five global administrators who are primarily responsible for providing access and assigning roles for all the various different groups and teams that have different subscriptions, and they will manage their subscriptions based on the roles that they are assigned.

In terms of deployment, Active Directory ensures that there is express route connectivity from an on-premises data center to Azure and ensures that there are sufficient redundancies in Azure Active Directory Connect Servers and Domain Controllers. 

We have seen a return on our investment. I would say that it is one of the key components of our identity solution

The pricing is very flexible. There are a few tiers of licensing, and it is a part of an enterprise contract.

It is bundled with other services and the pricing is quite reasonable.

We did not evaluate other solutions.

I would strongly recommend implementing Azure Active Directory.

For new organizations, it would be best to start implementing directly on the cloud, and for our existing organizations who have on-premises solutions, it would be seamless to synchronize the on-premises user with the cloud and use that. 

I would rate Azure Active Directory a nine out of ten.

There are many use cases. The main use case is identity synchronization to on-prem with AD Connect. Another main use case is related to conditional access. Automated licensing is also one of the use cases. 

It is also used for identity access management with specific workflows, rules, etc. Permission or role management for applications is another use case, but I have never used that in production. I have demonstrated it to multiple customers, but they were not there yet.

The main benefit is that you have one repository for identities. That is very important for main companies. If you have worked with or are familiar with the concepts of on-prem Active Directory, you can easily start with Microsoft Entra ID. You have everything in one area. You have application identities, workload identities, and other identities in one area. It is very convenient and powerful. It helps with centralized identity management. You can also connect with your partner organizations. It is quite powerful for collaboration with your partners, customers, etc.

Microsoft Entra ID provides a single pane of glass for managing user access. It is pretty good in terms of the sign-on experience of users. It is easy to understand for even non-technical people.

With this single pane of glass, we also have a good view of the security part or security policies. From an admin's perspective, we have complete logs of everything that is happening in almost real time. We have pretty much everything we need. In recent times, I have not come across many use cases that could not be covered.

With conditional access, you can make sure that you have control at any time. It is a part of the zero-trust strategy. Any access is verified. You have a very good grasp on identity and devices for compliance. You can manage any issues through Microsoft Entra ID. Most companies I have worked with let you bring your own device, and device management is very important for them. They have a tight grasp on who can connect and which devices can connect to their network or cloud resources.

There have been improvements in the onboarding and the leaving process. It has always been a challenge to make sure that people are given the right access right at the beginning and that their access is disabled at the right moment. Historically, while auditing clients, I could see people who left the company five years ago, but their access was still active. Permission management has been helpful there. It is a nice thing to implement.

In terms of user experience, we have not received any feedback from the users about Microsoft Entra ID, which is good because it means it is transparent to them. It works as expected.

My two preferred features are conditional access and privileged identity management. They are very powerful. I like conditional access a lot. It is an easy way to secure identities.

Privileged identity management helps to control who is requesting access, when, and what for. It gives you a nice overview of what is happening in your tenant and why people are doing certain things. You can easily detect outliers or if something is wrong. 

They can combine conditional access for user actions and application filtering. Currently, they are separated, and we cannot mix the two. I do not know how it would be possible, but it would be interesting.

For permission access, there can be a bit more granular distinction between Microsoft applications. Currently, you have a pack of things, but sometimes, you only want to allow one of the things and not the whole pack. For example, you just want to allow the Azure portal, not the whole experience. However, such scenarios are rare. Overall, I am pretty happy with where we are today. It is always exciting to do new things, but for the customers I have worked with, it covered 99% of the scenarios.

I have been using it since I started using Azure and M365. It has been almost six years.

It is very stable.

It is very scalable. I have not met any limitations, but I do not have clients with more than 2,000 users. 

I have used their tech support one or two times. It is pretty good. I would rate them a nine out of ten.

Positive

I have worked a bit with Okta and AWS IAM, but they are more expensive than Microsoft Entra ID. I last worked with Okta about two years ago. At that time, Okta was more advanced and intuitive in certain aspects.

Microsoft Entra ID is a no-brainer if you already do not have a solution and if you have on-prem Active Directory. If you already have something, then the choice can be different. Microsoft Entra ID works for various use cases because you have connectors with pretty much every application on the planet. You have a lot of possibilities to integrate. You can also integrate with on-prem. In terms of security, there are a lot of features to protect your identity. It is quite helpful and appealing, so if you do not have anything and you are going to use Microsoft technologies, it is a no-brainer. Similarly, if you are a cloud company just starting, and if you choose Azure, Microsoft Entra ID is a no-brainer. If you choose another cloud, you can go for another solution.

I have been working with cloud and hybrid deployments. There are a few cloud deployments, but I work a lot with hybrid deployments.

Its setup is straightforward. I am very used to it now, and for me, it is pretty straightforward. The deployment duration depends on the features that you want to enable. Features such as conditional access require discussions with the customers. Generally, two weeks are enough. You might also have to train the internal team on it, which could take a bit more time.

You do not require too many people for deployment. One or two people are normally enough.

In terms of maintenance, it is very easy to maintain. You might have to add another business case for your customers or simplify something you put in place. You have to be aware of the new features, etc.

Microsoft Entra ID must have saved organizations money, but I do not have the data.

Its price is okay. It is easy to go from a P1 to P2 license. It is not exactly a bargain, but I would recommend the P2 license.

Make sure to use MFA and conditional access wherever possible.

Overall, I would rate Microsoft Entra ID a nine out of ten.

We are a Microsoft-oriented company. All our main infrastructure for user systems and productivity, like Microsoft Office and email, are from Microsoft. So we use Microsoft products and we use Active Directory on-premises. We have also built a cloud infrastructure and we now have a completely hybrid architecture. As a result, it was mandatory to configure Azure Active Directory to synchronize with the on-premises Active Directory.

We have finished that project and now we use Azure Active Directory for users who are on the cloud.

Entra is very good for the organization because we now have many users, due to COVID, who are working from a distance. With Microsoft, we can give them the opportunity to download all the applications on their personal PCs, like Teams, OneDrive, et cetera. They have a single sign-on and they can log on from everywhere.

The solution has improved things a lot for our organization because it has improved productivity. One specific effect is that we used to use a lot of VPN access, but we have decreased that access by 80 percent because they don't need the VPN anymore. And productivity has also improved very much, because users can do their jobs from everywhere, even on their mobile phones, because they have their files on OneDrive. With Azure Active Directory, we don't have security issues thanks to the added security on the cloud, such as MFA and also Defender for Endpoint. 

But it's not only productivity tools that we have on Azure, we have other applications as well that we have set up for our users, like SAP. We have also diminished our telecom costs.

We have saved a lot of money, I'm very sure about that. We pay for the solution but because it is in the pricing agreement, we have more tools available and we don't have to buy more. I would estimate it has saved us more than 40 percent.

In addition, before, we had to work through all the horizontal firewalls and security sensors in the company. Now, we have separated the productivity tools like Word, Excel, OneDrive, and Teams. That means our users are very pleased with the user experience. They like using it. They can work from home or at the company and their files are synchronized. 

Overall, we feel our security has improved and we are confident.

I like the fact that I can manage the users, but it's also a security resource. Let's say we decide that our users need to have MFA - multi-factor authentication. It is very easy to implement that with Azure Active Directory.

What could be improved is the environment. It still has administration centers in Office 365, and the same is true for Azure in general. You can manage the users from the Office 365 administration center, and you can manage them from Azure Active Directory. Those are two different environments, but they do the same things. They can gather the features in one place, and it might be better if that place were Azure.

I have been using Azure Active Directory for five years.

The stability is very good. We don't have incidents. The only issues we had were to do with synchronization that took some time between Active Directory on-prem and Azure Active Directory. But that might have had something to do with other issues.

It is a 100-percent scalable solution and that is one of the reasons we chose it. 

We have installations on-premises, and people all over the country, including the islands, the north, and everywhere. Our users are in multiple locations. It's used across different departments with different applications and needs. At this moment, we have about 2,300 users.

Microsoft's technical support needs to be improved. It's a bit bureaucratic, to put it in one word.  The procedure for opening a case is that someone sends you an email to give them all they need. I would like the technical support proceedings to be faster. Sometimes, my company doesn't have this time. We need to find a solution very quickly. 

Neutral

We used on-premises products like System Center Configuration Manager. We used Microsoft's products, but for on-prem administration, not on the cloud.

Due to the fact that we have a hybrid architecture, not a clean cloud solution, it took us a lot of time. We had to consider how everything, all the applications, was going to work. Active Directory is also involved in emails and there were many procedures to consider and test. There were also many users who were staying on-prem. We also had to consider external cooperation with other European and domestic energy companies. So it took us about one year. Our company is not a simple company, like a sales company or a manufacturer. We deal with critical infrastructure and we have to control and operate the power for the whole country. We had to think about every step of the journey.

We had 10 to 12 people involved. I was the project manager and there were three groups of people, in addition. One was from telecom and security. There were a few people from infrastructure and technical support, and there were some people from the application side, to test that all our applications were active.

We also have teams for projects, like when we do a large construction for something like power lines. We form teams between departments and these special teams may work for a year on a specific project. We also needed to consider them because they have different needs and work from different places and are mobile.

Because we have on-premises firewalls in our company, we had to do some work before we implemented AAD to arrange access between the company's security system and the Microsoft cloud system so that they could cooperate and communicate. We had to open the protocols, et cetera. As a result, we don't have any problem with the consistency of our security policies.

In the beginning, it was a matter of getting used to the procedures. We needed to explain things to the users so we sent them a guide. We rolled it out to our 2,500 users in many batches over about four months.

There is periodical maintenance, such as upgrades, as well as ad hoc maintenance. For example, if we modify public folders, we need to do some work because, on one occasion, cloud users couldn't see a public folder that was on-premises.

We can see a return on the investment by comparing the prices we know from previous years. We don't use so many data centers now and we don't need as many installations and to pay as much rent.

Our return on investment is that the costs are very small, like one-tenth what they were, by going from owning on-premises data centers to what we have now. Over a period of five years, our return on investment is 100 percent. The money we pay for this contract is not much compared to the money you need for buildings, data centers, power, and technicians.

The price is also very good if you consider the money you save by not having to pay for many contracts with different companies to create a corporate solution. You pay one company, like Microsoft, and you have the whole solution. We have saved a lot of money by doing that. 

Of course, you need to give it time and in-house resources. People have to be trained. Otherwise, if you have many environments and many products that you don't know very well... 

Maybe using multiple companies is good. That's why we do use some other products, but not many.

The price is fair. It's not very expensive given what they offer. Of course, we did some negotiating with Microsoft. We didn't pay the list price. We have been a Microsoft customer for many years, so when the contract comes due every three years, we discuss it. Afterward, there are some discounts.

We evaluated Amazon and Google. We chose Microsoft mainly because it has the whole package, meaning it has the security, the applications, and the infrastructure, so it's a more holistic approach compared to the others. It's not that Google and Amazon don't offer something like that, but they need more time to improve because they were not on-premises companies.

Microsoft gives you the space, the data centers on the cloud, and backups; it gives you everything. From the others, something was always missing. Microsoft may not be perfect, but it has everything you need.

It's a very good solution, an excellent solution. It's very stable and robust. You don't need to do a proof of concept unless you have a special case, like, for example, fleet management, and have a very specialized application.

We use Entra’s Conditional Access feature but we also use other tools from other vendors. From our experience so far, we haven't had problems. Entra seems robust enough. We haven't even had one incident of malware. Of course, we have added some more tools to our cloud infrastructure for the mail applications in the network. So although it's robust enough, because we're handling critical infrastructure, as a company we decided to have more tools.

We use Intune and Endpoint Manager. Any device that is connected, even if it is a personal device, needs to be registered via Intune. We do not accept non-registered devices. 

Azure Active Directory, and Azure in general, is a very big solution that we are developing further. It takes a lot of time, but by using it, we don't need so many other resources from outside companies. We can manage everything in-house. It takes a lot of time, but it's better than other options. It has more tools and better monitoring. Those extra tools mean more time spent on it by the administrators. But it has dashboards that they didn't have before. So the administration is easier and more centralized, but you need time with all these tools.

Azure AD manages the identities of all our employees. 

Azure AD allowed us to get rid of servers and other hardware that run at our offices. We moved everything to the cloud. Once we set up roles and permissions, it's only a matter of adding people and removing people from different groups and letting permissions flow through. 

It also saved us some money. Our IT group is tiny, so any automation we can do is valuable. We haven't had to grow the team beyond three. The employee reaction to Microsoft Entra has been positive. People like to have a single credential for accessing all our Microsoft and non-Microsoft apps.

I like Azure AD's single sign-on and identity federation features. It allows us to issue a single credential to every employee and not worry about managing a lot of passwords. Microsoft Entra provides a single pane of glass for managing user access, and we're pleased with it.

Entra's conditional access feature enables us to set policies up based on the location and risk score of the account and the device they use to access the network. Permission management lets us assign roles for various Azure functions based on functions people perform in the company. It helps us bundle access to different things by associating it with a given role at the company.

I would like to see a better delegation of access. For instance, we want to allow different groups within the company to manage different elements of Azure AD, but I need more granularity in delegating access.

We've been using Azure AD for 10 years.

I rate Azure AD nine out of ten for stability. They've had issues in the past, but it's been quite some time. It has been nearly two years since the last availability problem.

We only have 100 employees at the company, so we're nowhere near the maximum limits. I know of a massive company that adopted Azure AD. I imagine it's scalable well beyond the size of our company.

The support is decent. I always manage to find what I'm looking for. If it's not in the documentation, there are lots of blog posts that third parties have written, and I always seem to find what I need. I rate Microsoft support nine out of ten. 

Positive

We used the on-premises version of Active Directory, but we switched to the cloud to get rid of all of our hardware. We don't run any servers in the officer anymore. 

Setting up Azure AD was straightforward. It's all delivered online, so it's only a matter of filling in the parameters for our organization. After that point, it scales easily.

There's no traditional maintenance. We have to perform audits on accounts to ensure that people and permissions are still online. There isn't product or data maintenance. 

Azure AD is essential to how the business runs. We're only investing more in the whole Microsoft Suite.

We're a Microsoft partner, so we get partner benefits. We pay almost nothing, and it's massively valuable to us.

We didn't look at anything else because we're committed to Office 365, and we need to be on Active Directory for Office 365. It's a well-known, trusted solution so we never did an analysis of alternatives.

I rate Azure Active Directory nine out of ten. I'm sure there are some areas for improvement, but it's extremely valuable to us and the way that we operate.

Since we began to use Active Directory, I've learned a lot about industry best practices, particularly digital identity and its role in zero trust. By using a major mainstream identity provider, we're able to move toward the whole zero-trust model that's popular right now.

If you implement Azure AD, you need to consider the third-party apps you want to integrate. If they support competitors like Okta, Ping, and SailPoint, then they will almost certainly support Azure AD legacy applications. However, older software applications don't integrate well with Azure AD.