What is our primary use case?
The use cases depend on my clients' specifications. If they have the on-premises Active Directory and it is a hybrid environment, then objects are synchronized with the cloud in Azure Active Directory. Services that are on-premises or in the cloud are synchronized with each other, to create a centralized management solution.
If we're talking about Azure Active Directory only, the cloud-based, centralized management solution, we don't need to use a VPN to access the resources; everything is cloud. We just need to be connected with Azure Active Directory and we can use the resources anywhere in the world and resource security will be intact.
I use both the cloud and on-premises versions.
How has it helped my organization?
Everybody is moving from on-premises to Azure Active Directory because it's cost-effective. They don't need to spend a lot of money on the on-premises resources, such as an on-premises server and maintenance. Now, given that Microsoft has started Windows 365, which is a PC in the cloud, you don't need to have a PC. You can work on an Android tablet from anywhere in the world, using cloud technology.
In terms of the user experience, because the solution is in a cloud environment, people are not bound to work in a specific network. In the old-school way, if you worked from home and you had on-premises Active Directory, you needed to use a VPN. VPNs can be highly unstable because they depend on your home network. If your home network is not good, you won't get the same bandwidth as you would get when using the resources inside the office network. With Active Directory in the cloud, you can use your own network to access the resources. It's faster, reliable, and it's cheaper compared to Active Directory on-premises.
What is most valuable?
- Conditional Access
- Geofencing
- Azure Multi-Factor Authentication
are the major security features to secure resources.
For example, if I don't want users using the company resources outside of India, I will add managed countries within Conditional Access. Only the people from the managed country will be able to access things. If an employee goes out of India and tries to access the resources that have been restricted, they will not be able to open the portal to access the resources.
What needs improvement?
We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work.
For how long have I used the solution?
I have been using Azure Active Directory for six years.
How are customer service and support?
Microsoft works with suppliers and vendors. Certain vendors are very good at providing support and certain vendors are not very good at providing support. It depends on the time zone in which we are opening a ticket and which vendor the ticket is going to.
How would you rate customer service and support?
Positive
How was the initial setup?
It's pretty straightforward in general, although it depends on what kind of requirements a client has.
If I'm deploying with Microsoft Autopilot, it usually takes at least 40 to 50 minutes to deploy one machine. If I'm deploying 1,000 machines in one go, you can multiply that 40 minutes for each of those 1,000 machines. Everything is configured in the cloud, in Azure Active Directory. You just need to purchase the machine, configure things, and ship the machine to the user. When they turn it on they will be able to work on it. Everything will be installed in the backend. If it's not on Autopilot, it's just in a matter of a few clicks to connect the machine to Azure Active Directory.
The deployment plan also depends on the client. If the client is not providing machines to their employees, they want the machine to be BYOD, we will work on the existing computer. In that case, we just set up the policies and ask the user to connect to Azure Active Directory. But if a client is concerned about complete security, and they want the machine to be used in a certain way, and they are providing the machine, then I prefer that it should be Autopilot. It becomes an enterprise-managed machine, and we have more control over it.
What was our ROI?
Clients only invest their money when they know that they are getting a really helpful platform. They want to see that I, as a consultant, am confident in the product I'm asking them to use. I have to be very confident that I am providing them a solution that will definitely work for them.
What other advice do I have?
People have a tendency to keep their information in-house, but the cost of keeping information on-premises in SharePoint servers is very expensive. There is a good chance that, if something happens, they will lose the database. There is no backup. And to keep a backup, you have to pay more for a cloud backup solution to keep your data on another server. You are compromising with your data in a two-sided scenario, where one is on-premises and the other is on a data server as a backup. If you go for the cloud version of Active Directory, everything is secure and everything is in the Microsoft data center, which is reliable and secure. They have disaster management and recovery. That's a win-win situation.
My work is generally on device management, which is on Intune, Endpoint Manager, and Cloud App Security. These all work hand-in-hand. Azure Active Directory is just an assembler of management resources, but Intune makes the device secure. The policies create restrictions. These things work together. If you need Active Directory, you will definitely need Intune.
The largest deployment I worked on with one of my clients was about 2,500 computers. As far as managing them goes, it varies, between 200 to 300 computers at one time in one environment. If I'm working on providing a day-to-day solution, it is different because the queries are different. People usually have problems related to smaller queries, like their printer is not connecting, or they are not able to access SharePoint, or they do not have permissions for a given file. But as far as deployment and designing the architecture of Azure Active Directory goes, I work with midsize companies.
To summarize, the big advantages of this platform are the reliability, cost-effectiveness, and security. These are the features that make it one of the best solutions in the IT industry. Azure AD is the future. Everyone is adopting the cloud environment. I, myself, use Azure Active Directory for my own devices and resources. I encourage other people to accept the future. It gives you more security than the on-premises Active Directory. To me, it is the best solution.
Disclosure: I am a real user, and this review is based on my own experience and opinions.