Try our new research platform with insights from 80,000+ expert users
reviewer2596251 - PeerSpot reviewer
It leader infrastructure server at a manufacturing company with 1,001-5,000 employees
Real User
We could securely enable MFA access on most of our applications
Pros and Cons
  • "Entra ID's ability to sync with the local Active Directory provides redundancy, allowing authentication via cloud features even if the local Active Directory faces issues. The SSO features with app registrations are also crucial, as we use Azure globally, allowing role and permission assignments directly from Entra."
  • "I would rate Microsoft Entra ID 10 out of 10."

    What is our primary use case?

    We are using Microsoft Entra ID every day for SSO authentication for our end users. We sync local active directories with Entra, register applications for SSO, assign licenses with dynamic security groups, and utilize it for enterprise applications.

    How has it helped my organization?

    The solution has improved our application security because we can deploy app registrations on our enterprise applications. We could securely enable MFA access on most of our applications.

    What is most valuable?

    Entra ID's ability to sync with the local Active Directory provides redundancy, allowing authentication via cloud features even if the local Active Directory faces issues. The SSO features with app registrations are also crucial, as we use Azure globally, allowing role and permission assignments directly from Entra.

    For how long have I used the solution?

    I have used Entra ID for eight to 10 years.

    Buyer's Guide
    Microsoft Entra ID
    April 2025
    Learn what your peers think about Microsoft Entra ID. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
    848,716 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    The stability of Microsoft Entra ID is excellent. We haven't experienced any issues.

    What do I think about the scalability of the solution?

    At the moment, it accommodates all our needs, and we have not encountered any scalability issues.

    Which solution did I use previously and why did I switch?

    Previously, we used local Active Directory, specifically an on-premises solution.

    How was the initial setup?

    The initial setup was straightforward.

    What other advice do I have?

    I would rate Microsoft Entra ID 10 out of 10. It's a good product that's easy to deploy and manage, with no significant learning curve to adapt to various features.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Chief Digitalization Executive at a energy/utilities company with 1,001-5,000 employees
    Real User
    Helps with compliance, integrates well, and we can provide the right access and keep our organization secure
    Pros and Cons
    • "Personally, I'm a great fan of Azure Active Directory due to the security and compliance features that are there in the classic or default Azure Active Directory."
    • "There is a lot of room for improvement in terms of its integration with the local Active Directory. There are some gaps in terms of the local Active Directory through which Microsoft is syncing our environment from our data center. There should be the availability of custom attributes on Azure Active Directory. In addition, there should be the availability of security groups and distribution groups that are residing on the local Active Directory. Currently, they are not replicated on Azure Active Directory by default."

    What is our primary use case?

    We're using Azure Active Directory to get authentication from Office 365, and along with this, we're using it for infrastructure-as-a-service authentication. For all the virtual machines hosted on Azure right now, we're getting authentication from Azure Active Directory.

    In addition to these, we're using some other SaaS or software-as-a-service products such as SAP Ariba and SAP SuccessFactors. For these specific products also, I have integrated single sign-on via Azure Active Directory.

    We're also using e-procurement solutions such as Tejari and SAP Ariba. To get authentication of my guest users, who are my partners, vendors, or external collaborators, we create their guest accounts on Azure Active Directory. They come into our applications through that. We get a secure channel to provide access to the external parties on our tenant through Azure Active Directory. These are the basic use cases of Azure Active Directory.

    How has it helped my organization?

    After moving to Azure Active Directory, life becomes very easy, not only for the administrator and IT people but for the end-users as well. They've now got a single sign-on. Previously, our end-users had to remember multiple account IDs and passwords, and they had to enter the relevant account ID and password for each application, whereas now, they have a single identity across all the applications provisioned in our landscape.

    It's helpful for security and compliance. Security is a big concern right now, and we're very sensitive about it. I am from the Oil and Gas sector, and this is something that's very critical for us. Additionally, we have external contributors, such as partners, vendors, and technical consultants, who need access to our resources from outside the organization. Azure Active Directory provides some very good features for that such as guest user access and limited user access. 

    It has default integration with all Microsoft products such as SharePoint, Power BI, Power Apps, Power Automate, and obviously, the infrastructure as the service landscape of Azure. This integration is surely amazing.

    Conditional access is amazing. I have a success story to share for the conditional access feature. About six or seven years ago, we identified a cyber attack that was coming from certain IPs from Nigeria on our tenant, and through that, some of our users were compromised. We blocked all Nigerian IPs using Azure conditional access and saved our users. It was something amazing and life-saving for us. 

    The conditional access feature complements the zero-trust strategy. It makes our environment more secure. It makes our environment more reliable as far as the whole security landscape is concerned.

    We use Microsoft Endpoint Manager. Initially, we were not using it, but later on, we started to use Microsoft Endpoint, which was previously known as Microsoft Advanced Threat Protection. Implementing secure policies of Microsoft Endpoint, advanced threat protection, and conditional access provides us with a very safe and kind of sandbox environment. This combination protects us from those who are accessing our environment from unpatched devices, pirated applications, and applications with security loopholes.

    We're also using Microsoft Intune to save our corporate devices and provide a secure zone for our users to access corporate resources and applications.

    What is most valuable?

    Personally, I'm a great fan of Azure Active Directory due to the security and compliance features that are there in the classic or default Azure Active Directory. 

    The conditional access feature is absolutely great through which we provide access to users on the basis of a certain device, a certain geographical location, a certain set of IPs, or any other criteria that we can define via a set of rules. 

    The auditing of Azure Active Directory is fantastic, and its integration with Cloud App Security is something amazing because we can get complete visibility of our environment through Cloud App Security. It also helps us a lot with our yearly audits and monthly reporting.

    What needs improvement?

    There is a lot of room for improvement in terms of its integration with the local Active Directory. There are some gaps in terms of the local Active Directory through which Microsoft is syncing our environment from our data center. There should be the availability of custom attributes on Azure Active Directory. In addition, there should be the availability of security groups and distribution groups that are residing on the local Active Directory. Currently, they are not replicated on Azure Active Directory by default.

    There should also be a provision for Azure Active Directory to support custom-built applications. 

    For how long have I used the solution?

    I've been using this solution for the last 12 years.

    What do I think about the stability of the solution?

    It's very stable.

    What do I think about the scalability of the solution?

    It's very scalable. It's being used in companies with 64 users as well as in companies with 16,000 users. For both companies, it's working perfectly. It's a very good product.

    My environment is based on multiple things. We're using Office 365 in the software-as-a-service mode. We're using Azure infrastructure in the infrastructure-as-a-service mode. We have integrated our Azure Active Directory with multiple third-party solutions such as Oracle Aconex, SAP S4HANA, SAP Ariba, SAP SuccessFactors, and Tejari. Along with this, we're providing authentication services to our third-party or external vendors, contractors, and guest users through Azure Active Directory. It's in hybrid mode. It's in the private cloud, software-as-a-service, and infrastructure-as-a-service environments. There are multiple environments.

    How are customer service and support?

    Back in 2010 or 2011, when Microsoft launched it initially, it was very good, but since COVID or post-COVID, the quality has reduced significantly. Before COVID, it was very good. We would normally get very good engineers on call. We got support from the European zones, but since COVID, their support services have been significantly compromised. The quality of engineers or the quality of SLAs is not up to the mark. 

    I was one of the people here in Pakistan who started the cloud. Microsoft has published three case studies of mine on the cloud during the last ten years. Over the years, I've seen that the overall support model of Microsoft Cloud has been compromised. I'd rate their support a six out of ten. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were using the local Active Directory previously. From day one, we've been die-hard fans of Active Directory. Until 2011 or 2012, we used the local Active Directory that was hosted in my own data center, and now, because we're in a hybrid environment, we're managing local Active Directory, and we're managing Azure Active Directory. We're managing both.

    We got Azure Active Directory because we moved to Office 365, public cloud, infrastructure as a service, and software as a service. We needed a single sign-on and integration with some third-party cloud products such as SAP Ariba, SAP SuccessFactors, and Tejari. 

    Last month, we did the very first integration in Pakistan with Oracle Aconex. It's one of the biggest engineering document management suites in the world. We integrated Azure Active Directory with EDMS, which was really commendable. It was something that was done for the first time in Pakistan.

    How was the initial setup?

    We're using Azure Active Directory with Office 365, which is a public cloud. The same Azure Active Directory is integrated with Azure infrastructure's private cloud, so the same Active Directory is serving in multiple scenarios. Through the same Azure Active Directory, we have integrated with the custom applications that are hosted on other public clouds such as Oracle Aconex, SAP S4HANA, SAP Ariba, SAP SuccessFactors, and Tejari. So, we're using it in the hybrid mode to sync our local Active Directory. From that hybrid mode, it's providing authentication to the users for Office 365 and it's providing services for the users who are using Windows virtual desktop. On the other side, for the third party, we're also using Azure Active Directory.

    I deployed it myself. The initial setup was complex when we were implementing it around twelve years ago, but now, it's very simple. When we started this journey, it took us six months to integrate our local Active Directory with Azure Active Directory. We worked with three different partners. Two of them failed, and then Microsoft Pakistan got involved with us. Through their Dubai-based partner, we successfully integrated our Azure Active Directory with our local, on-premises Active Directory. We got success with the third partner, but overall, it took us six months. Nowadays, the hybrid configuration and the integration of Azure Active Directory with the local Active Directory is a piece of cake.

    In terms of maintenance, because it's software as a service, Microsoft is managing it for us. We don't take any backup, etc. It's just managed by Microsoft.

    What was our ROI?

    We got a very good ROI when we compare it with what we were using around ten years ago. It's a much improved and cost-efficient product in terms of cloud provision.

    What's my experience with pricing, setup cost, and licensing?

    It's pretty good. We're using the native features. It's bundled with our Office 365 licenses. We aren't paying anything extra for Azure Active Directory. It's pretty good for us because it's complementary to Office 365. We're only paying for Office 365.

    Which other solutions did I evaluate?

    We checked Google Suite. We checked its identity mechanism, but it was not as per our requirements.

    What other advice do I have?

    It's a very good product. It's a stable product. I'd highly recommend it.

    Overall, I'd rate Azure Active Directory a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Microsoft Entra ID
    April 2025
    Learn what your peers think about Microsoft Entra ID. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
    848,716 professionals have used our research since 2012.
    Amir Rashid - PeerSpot reviewer
    Assistant Manager IS at Hilton PHarma
    Real User
    Provides fine-tuned and adaptive access controls from a single pane of glass
    Pros and Cons
    • "The most valuable feature is Conditional Access, and we use it extensively."
    • "We previously used Microsoft's technical support, which was excellent; they were very responsive. Now, we use a CSP, and their support is lacking, so I rate them five out of ten."

    What is our primary use case?

    We use Azure AD to implement conditional access when using Microsoft Network (MSN) services. Our infrastructure is primarily on-prem, and we operate our email in a hybrid environment and use the solution for continuity between our on-prem and cloud landscapes.

    How has it helped my organization?

    The solution improved our organization, especially in terms of security control. Overall, we're 65-70% satisfied with the product.

    What is most valuable?

    The most valuable feature is Conditional Access, and we use it extensively.

    Azure AD provides a single pane of glass for managing user access; we integrated multiple APIs and use single sign-on for all of our Microsoft products. I can't speak in universal terms, but we had some positive feedback from our users regarding user experience.  

    We use the Conditional Access feature to enforce fine-tuned and adaptive access controls, an excellent feature we use to enhance the security of all the machines connected to our domain. Users cannot access long-term data, data from untrusted devices, or data on connected personal devices.  

    We use Azure AD Verified ID, which is a good feature for privacy and control of identity data; it offers a good level of secrecy. 

    For how long have I used the solution?

    We've been using the solution for over six years now. 

    What do I think about the stability of the solution?

    The product is stable. 

    What do I think about the scalability of the solution?

    The scalability isn't an issue; it depends on our license.

    How are customer service and support?

    We previously used Microsoft's technical support, which was excellent; they were very responsive. Now, we use a CSP, and their support is lacking, so I rate them five out of ten.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The initial setup was straightforward, and a partner was present to assist us during the implementation. We have around 250 users, and the solution doesn't require any maintenance.

    What's my experience with pricing, setup cost, and licensing?

    The product's price is in the midrange. 

    What other advice do I have?

    I rate the solution eight out of ten. 

    Azure AD helped to save some time for our IT admins but not for our HR department, as they don't currently have access to the tool.

    I recommend the product to those considering it, though it depends on the use case and requirements. If Azure AD has featured you don't need, then going with one of the cheaper competitors could be a better option.   

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Andrew Kolyvas - PeerSpot reviewer
    Director and Founder at Nuage Solutions Australia
    Real User
    Good access control, more efficient administrative process, and helps with complex compliance obligations
    Pros and Cons
    • "Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved."
    • "They should put the features of P1 and P2 into a single license."

    What is our primary use case?

    I have come to depend upon Azure AD as my go-to identity management tool. Almost all businesses today use a Microsoft cloud-based product in some form or another, and integration in Azure AD ensures consistency, compliance, and simplified integration across the enterprise.

    Additionally, we use many of the built-in security enhancements and features offered by the solution. Single sign-on and other integrations into a range of line-of-business software applications add to the many use cases available through Azure AD. Along with securely extending the on-premises environment to the hybrid state.

    How has it helped my organization?

    The key improvements to our organization are:

    1. A singular control plane is enabling a more efficient administrative process.
    2. RBAC simplifies role access providing a simpler approach to zero trust.
    3. Onboarding and offboarding extend to every integrated application meaning that compliance is maintained.
    4. PIM and PAM: Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved.

    With so many features available out of the box, it is difficult to adequately summarise in the space provided here.

    What is most valuable?

    I find that integration of enterprise applications outside of Microsoft via OATH and SAML is by far one of the most valuable features as it makes software distribution and access simpler and, with SSO enablement, ensures a lower threat surface from end users.

    Azure boasts 90 compliance certifications, and this exceeds that of its competitors. With the compliance manager resource, you can control the company’s compliance tasks from one place.

    The tool helps you meet complex compliance obligations. For example, you can undertake continuous risk examinations, provide an outlook on your company’s status and provide opportunities for improvement as needed.

    With Azure Advisor and the Secure Score continually assessing your security and compliance posture, there is less need for highly paid security engineers. Especially when considering the size of the Microsoft security operations team also monitoring significant portions of the client environment.

    What needs improvement?

    It's really difficult to speak to this. The product is constantly undergoing feature enhancement and enrichment, and anything I would like to see coming is already available for public review.

    Azure Active Directory is an easy-to-deploy, robust unified identity and access solution that securely extends your existing on-premise infrastructure to the cloud and provides seamless integration for in-house applications and 3rd party SaaS platforms. Granular policy-driven access controls ensure that access is granted only to authorized identities and devices and from approved locations. Azure AD includes an array of security and compliance options to ensure your business governance is adhered to without impacting productivity.

    If I had to pick one, it would be to put the features of P1 and P2 into a single license.

    For how long have I used the solution?

    I have been using Azure AD for approximately seven years.

    What do I think about the stability of the solution?

    The platform is not without its occasional hiccups, however, in general, it is stable and issue-free.

    What do I think about the scalability of the solution?

    There are few other identity options available with the scale made available by Azure AD.

    How are customer service and support?

    Support is hit-and-miss. Some days you'll get someone amazing who has the right knowledge and is willing to go beyond to help. And then there are the other times when help isn't forthcoming.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The initial configuration is simple. The configuration process is guided so that even a non-technical person can successfully complete the onboarding.

    Which deployment model are you using for this solution?

    Hybrid Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a Microsoft Cloud Solutions Provider partner. We exclusively offer Microsoft cloud products and services to our Managed Services Clients.
    PeerSpot user
    Technical Manager at a non-profit with 201-500 employees
    Real User
    Helps provide high security and is stable and easy to install
    Pros and Cons
    • "Microsoft Azure AD is easy to install and is a stable solution."
    • "There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail."

    What is our primary use case?

    We are a small consultant company, and we help customers to build hybrid environments. We synchronize on-premises AD to Azure AD and help our customers decide which one they want to use.

    In our own company, we use Office 365, so we use Activity Directory directly for authentication and authorization.

    What is most valuable?

    The most valuable feature is Conditional Access. As there are more and more people working from home, security is a challenge for a lot of companies. To build a general trust solution, we need Conditional Access to make sure the right people use the right device and access the right content.

    In our company, we use Conditional Access with Trend to make sure that our employees can use the device from the company. We can make sure that there is higher security. We can also use Trend to set up a group policy and to set up Windows Defender as well.

    Microsoft Azure AD is easy to install and is a stable solution.

    What needs improvement?

    There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail.

    More documentation on some complete scenarios, such as best practices to integrate forests into Azure AD when a customer has several on-premises forests, would be helpful.

    For how long have I used the solution?

    I've been using it for four years.

    What do I think about the stability of the solution?

    In my experience, it has been working fine.

    What do I think about the scalability of the solution?

    Scalability is a pain point. There is no documentation about how Microsoft will scale Azure AD for customers. We do, however, plan to increase usage.

    Which solution did I use previously and why did I switch?

    We used on-premises Active Directory before using Azure Active Directory.

    How was the initial setup?

    The initial setup is pretty simple. Microsoft Azure AD can be deployed in one or two minutes.

    If you have an Office 365 subscription, Microsoft will build Azure AD for you.

    What's my experience with pricing, setup cost, and licensing?

    Microsoft Azure AD has P1 or P2 licensing options, and it depends on the customer's needs. To use Conditional Access, you need to have the P1 license, and to use the PIN features, you need the P2 license. We use the P1 license as we use Conditional Access.

    What other advice do I have?

    It will be a very good solution if your company is already using on-premises Windows Active Directory. Microsoft has provided a useful tool called Azure AD Connect. So, you can easily sync your on-premises Active Directory to Azure Active Directory, and you can easily implement the SSO.

    Overall, we are satisfied with the solution and the features provided, and on a scale from one to ten, I would rate this solution at nine.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    M365 enterprise Advisor(Azure) at a tech services company with 501-1,000 employees
    MSP
    It helps in terms cloud security, simplicity, and single sign-on for multiple apps
    Pros and Cons
    • "In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps."
    • "The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform, am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly."

    What is our primary use case?

    Our use case depends on the client, their project, and what they want to deploy. 

    1. The solution can be deployed for security purposes. Multi-factor authentication is being deployed as a second layer of authentication, especially during this COVID-19 time, because everything has to stay secure. 
    2. Almost every organization uses the software as a service (SaaS) part. Because of the pandemic right now, a lot of companies are moving many things to the cloud, like virtual machines (VMs) and virtual networks. It doesn't invalidate the fact that some companies don't want to have control on-premises. 

    Everything depends on the solution or what the client wants.

    We use it for PaaS and IaaS.

    What is most valuable?

    In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.

    What needs improvement?

    In terms of improvement, there should be more flexibility and conditional access. There is a lot of flexibility already, but there are some technologies that should be embedded and integrated into it for a more flexible, customized experience. Also, there should be more tools for analysis for clients, e.g., there should be more flexibility aimed at end users. Regular IT guys for each company should be able to use the tools to troubleshoot a certain level of analysis in their environment.

    The security part should be improved overall. 

    The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform,  am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly.

    For how long have I used the solution?

    I have been using it for four to five years.

    What do I think about the stability of the solution?

    Availability for Azure AD as a whole is 99.95 percent. It is simpler and more available than the way technology used to be previously.

    What do I think about the scalability of the solution?

    It is very scalable. When you talk about licensing, you have the option to scale up or scale down. For example, you purchase 50 seats of licenses and assign 45 licenses, then for some reason, you fire 10 employees. Once you fire them, you will probably block their identity access and single sign-in. After that, you can decide to reduce the number of licenses. On the other hand, if you acquire 10 licenses and employ five new people, then you can scale up by adding more five licenses that month. So, it helps you to scale up or scale down easily.

    In another example, if you have acquired five virtual machine instances, then are using more in terms of the processor, you can scale up. It depends on the configuration you have. If you have done the setup and everything from the beginning, then you can say, "If the processor level reaches 80 percent, you want to add another two virtual machine instances." On the other hand, if you deployed five virtual machine instances, but your usage of those processors is lower than 30 percent, then you should scale down. So, if you have five licenses and you want to scale down by one, then you can scale it down so you can reduce your costs.

    How are customer service and technical support?

    I would rate the technical support as a nine out of 10.

    How was the initial setup?

    When I set it up two years ago, it was easy, not complex. It didn't take much time at all to set up.

    A lot of people sign in or set it up with a Google account, Yahoo account, or Microsoft account, which is not the global administrator. A lot of people think that this is the global administrator. They don't understand that the account might have an extension and don't see this until that account gets locked out. That is when they have problems signing in. The setup is not that complex. It is just that the user experience overall needs improvement here.

    The deployment process depends on what you are trying to achieve and the technology that you are trying to deploy, e.g., are you trying to deploy SSO, set up device writeback, or do a regular AD Connect setup? Everything depends on the objective or the overall goals of what you want to achieve.

    What about the implementation team?

    Even after it has been deployed, one or two users may have problems with their account in terms of multi-factor authentication or the way it has been set up. I work with them to troubleshoot these issues.

    Sometimes, the priority is to set up AD Connect, which integrates your on-premises to Active Directory. You must make sure your server is up and running. Apart from that, you need to set up your tenant, which is your profile admin center. 

    If they want to download and install their tools, then we can connect to their on-premises for synchronization. So, it helps collect on-premises data and put it into the cloud. 

    You can also install PowerShell. 

    What's my experience with pricing, setup cost, and licensing?

    Everything needs to be considered for the requirements and if it is within the budget, then you can come up with a solution, whether it is SaaS, PaaS, or IaaS. 

    What other advice do I have?

    Since people might not be very familiar with the platform, I have developed a system for how to use, deploy, or utilize the technology.

    At the end of the day, it is about the overall goal because everything comes with a cost. Azure AD comes in different ways and shapes, e.g., SaaS is different from IaaS or PaaS, though it is still the same platform. 

    Whether you are a small business or large business, you can always enjoy a very secure cloud platform. 

    I would rate Azure AD as a nine out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Infrastructure Manager at trt18
    Real User
    Enables us to apply security policies and manage a large number of users and their hardware
    Pros and Cons
    • "The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera."

      What is our primary use case?

      We are using it for all non-structured data and as an identity manager for all of our accounts. In addition, we use it also to authenticate Google services, because we have Google Workspace for email, and to integrate other tools with our services. We are able to keep it all going, balanced, and synchronized. It's very good. We use it for just about everything that we need to do an identity check on.

      How has it helped my organization?

      We couldn't live without the Active Directory services. It has helped to improve our security posture. We have a lot of users and hardware to manage and we can do that with Active Directory.

      What is most valuable?

      The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.

      For how long have I used the solution?

      I have been using the Active Directory solution for three years. I'm responsible for almost all infrastructure services in our organization.

      What do I think about the stability of the solution?

      It's pretty stable. In the three years, the service has never been down.

      What do I think about the scalability of the solution?

      As far as I know, it works for 10,000 and 100,000. It's just difficult to find current information, such as how much hardware and how many licenses we would need to keep it going. But it's scalable and works really well. We can keep adding servers and scale up or out.

      We don't have another company that provides support for Active Directory. On my team, there are three people who work with it, and we have about 2,000 users in our company.

      How are customer service and support?

      To be honest, I can barely navigate Microsoft's support. Microsoft is so well-known and there is so much information to look up on the internet, that we have never come to the point where we have actually had to open an issue with Microsoft's team. We can almost always find out the information that we need by looking it up with Google or in Microsoft's Knowledge Base.

      Which solution did I use previously and why did I switch?

      We used to use LDAP, a free tool, but since almost all of our hardware needed integration, we had to move to Active Directory. We couldn't apply the policies that we needed, using open source, and we couldn't keep the integration going the way we needed to.

      We are really happy with how the functionality Azure Active Directory gives us. I have a security policy applied to all workstations. Before, all of our users could configure their machines the way they wanted to. As a result, we often had to reconfigure and do other things to them as well because the computers were crashing. We almost don't have to do that anymore.

      How was the initial setup?

      The trick was to immigrate from LDAP. We had to get all the properties from the files into Active Directory, so it took some time. When we did that, there were some issues with the system and we had to do it manually. It would be nice if they had a service that would make it easier to migrate from LDAP to Active Directory, keeping all of the properties from files and non-structured data as well.

      What was our ROI?

      It gives a good return on investment. The amount of first-level support we have had to give internally has dropped a lot since we applied the policies and restricted our users. But our users are now more satisfied because their computers don't have the issues that they had before. Before Active Directory, there were many issues that our users complained about, like worms and malware. We don't have those issues anymore. Even with endpoint protection we had some cases of viruses in our company, but now we don't have them either.

      Directly, I couldn't calculate the return on investment, but indirectly we saved by reducing work for our team, and we are keeping our users satisfied.

      What's my experience with pricing, setup cost, and licensing?

      The process for buying licenses from Microsoft is somewhat messy and really hard to do. We have to talk to someone because it's hard to find out how many licenses we need. If I'm applying for 2,000 users, how many Windows licenses do we need?

      They could also charge less for support. You buy the license, but if you want to keep it in good standing, you have to pay for the support, and it is expensive. It's okay to pay for the license itself, but to pay so much for support...

      Which other solutions did I evaluate?

      We were thinking about buying another tool, to be capable of managing and keeping all the identities within our organization current. But we had to go straight to Microsoft because there are no other solutions that I know of. By now, almost all organizations are using Windows 10 or 11, and it would be hard to achieve the possibilities that we have with Active Directory if we used another service.

      What other advice do I have?

      We are integrated with NetApp because we use NetApp storage. It's pretty awesome. We are also integrated with many others, such as our data center hardware with storage from IBM. We're using it for logging switches, as well. It works really well.

      My advice to others would be to look at the options and focus on how you can pay less. Do the research so that you buy just the essential licenses to keep it going. If you don't do the sizing well, you can buy more, but it's expensive to keep it going and pay for support.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Consultant at Upwork Freelancer
      Real User
      Eliminates the need for VPNs and enables conditional access based on a user's location
      Pros and Cons
      • "Conditional Access, Geofencing, and Azure Multi-Factor Authentication are the major security features to secure resources."
      • "We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work."

      What is our primary use case?

      The use cases depend on my clients' specifications. If they have the on-premises Active Directory and it is a hybrid environment, then objects are synchronized with the cloud in Azure Active Directory. Services that are on-premises or in the cloud are synchronized with each other, to create a centralized management solution. 

      If we're talking about Azure Active Directory only, the cloud-based, centralized management solution, we don't need to use a VPN to access the resources; everything is cloud. We just need to be connected with Azure Active Directory and we can use the resources anywhere in the world and resource security will be intact.

      I use both the cloud and on-premises versions.

      How has it helped my organization?

      Everybody is moving from on-premises to Azure Active Directory because it's cost-effective. They don't need to spend a lot of money on the on-premises resources, such as an on-premises server and maintenance. Now, given that Microsoft has started Windows 365, which is a PC in the cloud, you don't need to have a PC. You can work on an Android tablet from anywhere in the world, using cloud technology.

      In terms of the user experience, because the solution is in a cloud environment, people are not bound to work in a specific network. In the old-school way, if you worked from home and you had on-premises Active Directory, you needed to use a VPN. VPNs can be highly unstable because they depend on your home network. If your home network is not good, you won't get the same bandwidth as you would get when using the resources inside the office network. With Active Directory in the cloud, you can use your own network to access the resources. It's faster, reliable, and it's cheaper compared to Active Directory on-premises.

      What is most valuable?

      • Conditional Access
      • Geofencing
      • Azure Multi-Factor Authentication

      are the major security features to secure resources.

      For example, if I don't want users using the company resources outside of India, I will add managed countries within Conditional Access. Only the people from the managed country will be able to access things. If an employee goes out of India and tries to access the resources that have been restricted, they will not be able to open the portal to access the resources.

      What needs improvement?

      We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work.

      For how long have I used the solution?

      I have been using Azure Active Directory for six years.

      How are customer service and support?

      Microsoft works with suppliers and vendors. Certain vendors are very good at providing support and certain vendors are not very good at providing support. It depends on the time zone in which we are opening a ticket and which vendor the ticket is going to.

      How would you rate customer service and support?

      Positive

      How was the initial setup?

      It's pretty straightforward in general, although it depends on what kind of requirements a client has.

      If I'm deploying with Microsoft Autopilot, it usually takes at least 40 to 50 minutes to deploy one machine. If I'm deploying 1,000 machines in one go, you can multiply that 40 minutes for each of those 1,000 machines. Everything is configured in the cloud, in Azure Active Directory. You just need to purchase the machine, configure things, and ship the machine to the user. When they turn it on they will be able to work on it. Everything will be installed in the backend. If it's not on Autopilot, it's just in a matter of a few clicks to connect the machine to Azure Active Directory.

      The deployment plan also depends on the client. If the client is not providing machines to their employees, they want the machine to be BYOD, we will work on the existing computer. In that case, we just set up the policies and ask the user to connect to Azure Active Directory. But if a client is concerned about complete security, and they want the machine to be used in a certain way, and they are providing the machine, then I prefer that it should be Autopilot. It becomes an enterprise-managed machine, and we have more control over it.

      What was our ROI?

      Clients only invest their money when they know that they are getting a really helpful platform. They want to see that I, as a consultant, am confident in the product I'm asking them to use. I have to be very confident that I am providing them a solution that will definitely work for them.

      What other advice do I have?

      People have a tendency to keep their information in-house, but the cost of keeping information on-premises in SharePoint servers is very expensive. There is a good chance that, if something happens, they will lose the database. There is no backup. And to keep a backup, you have to pay more for a cloud backup solution to keep your data on another server. You are compromising with your data in a two-sided scenario, where one is on-premises and the other is on a data server as a backup. If you go for the cloud version of Active Directory, everything is secure and everything is in the Microsoft data center, which is reliable and secure. They have disaster management and recovery. That's a win-win situation.

      My work is generally on device management, which is on Intune, Endpoint Manager, and Cloud App Security. These all work hand-in-hand. Azure Active Directory is just an assembler of management resources, but Intune makes the device secure. The policies create restrictions. These things work together. If you need Active Directory, you will definitely need Intune.

      The largest deployment I worked on with one of my clients was about 2,500 computers. As far as managing them goes, it varies, between 200 to 300 computers at one time in one environment. If I'm working on providing a day-to-day solution, it is different because the queries are different. People usually have problems related to smaller queries, like their printer is not connecting, or they are not able to access SharePoint, or they do not have permissions for a given file. But as far as deployment and designing the architecture of Azure Active Directory goes, I work with midsize companies.

      To summarize, the big advantages of this platform are the reliability, cost-effectiveness, and security. These are the features that make it one of the best solutions in the IT industry. Azure AD is the future. Everyone is adopting the cloud environment. I, myself, use Azure Active Directory for my own devices and resources. I encourage other people to accept the future. It gives you more security than the on-premises Active Directory. To me, it is the best solution.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Buyer's Guide
      Download our free Microsoft Entra ID Report and get advice and tips from experienced pros sharing their opinions.
      Updated: April 2025
      Buyer's Guide
      Download our free Microsoft Entra ID Report and get advice and tips from experienced pros sharing their opinions.