Microsoft Entra ID Reviews

We use Azure AD to manage users in terms of user accounts and profiles. We also use it to manage applications, access control, and application management.

Azure AD has helped improve the onboarding and offboarding process, especially with the user provisioning and SSO. With Azure AD, once a user account is created, the user automatically gets synced across all of our applications without the admin having to touch each application once at a time.

The solution helped improve our onboarding process by saving us a lot of time.

The feature I have found the most valuable is user provisioning (SSO). Azure Active Directory provides a single pane of glass for managing use cases. 

How it works is once it has all been set up, it allows the user to use the same credential – the username and password – across multiple applications. It creates ease of use for the user as they don't have to keep entering a username and password across multiple applications.

Azure AD allows us to manage the users' access from a single point. In a typical environment, if, for example, a user exits the company and the account needs to be disabled, you would have to go across each application to disable that access. With the Microsoft experience, you just have to disable it from the Azure Active Directory, and then it syncs across all of the applications. Once the account is disabled on the Azure, the accounts are disabled on all applications. The user instantly loses access across all applications without the admin having to go to each application one at a time. When you are offboarding an exited user or an employee that leaves the organization, there's no room for error in terms of missing out or forgetting to revoke an access for a particular application.

I would like to see Microsoft communicate how they intend to manage legacy applications. Right now, you still have to deploy a hosted domain server (which comes at an extra cost) if you have a legacy application that cannot sync properly with the enterprise applications and the modern applications.

I have been using Azure Active Directory for about five years now. 

Azure is stable. 

Azure is scalable. 

Microsoft's tech support is very responsive and really supportive. They will work with you if you have any concerns or if you have any issues. They have experts that will be able to jump on a call with you and assist you in making sure that whatever your concerns are, they all get resolved.

Positive

I did not previously use a different solution. 

The initial deployment was straightforward for me because I already had a pretty good experience managing the on-prem Active Directory. The deployment of the directory itself does not take long. However, it took us about a couple of months to carry out the user creation, create the Conditional Access policies, and to test. You have to test your policies before you go live. We had a lot of design to do in terms of setup, testing, rollout, and setup for each feature that we needed to implement. We had more of a test phase before the go-live phase. That's why it took quite a while. 

We did our deployment in-house. We had three people on the deployment. 

We have seen a return on investment from Azure AD because, first of all, we have been able to use the Cloud infrastructure to bring in more response. Also, it has high availability. We can easily scale it up or down, thereby managing costs. Now, in terms of the Azure Active Directory Office 365, we also have scale licenses where we get to manage the licenses across multiple users, thereby reducing costs of having to purchase one per user.

I would say that Azure AD's pricing is very reasonable because of the structure and in terms of the solution. I can offer this tip for the licensing: if you plan on going to a CSV, you can get a certain level of discounts.

We looked at Google Workspace when we were trying to migrate from on-prem to the cloud. At the end of the day, after analyzing and comparing most of the features that we are going to go with and how it will integrate with our existing system, we found the Microsoft Azure Active Directory to be more effective and better suited to our requirements.

This is how Azure AD stacks up against Okta. Okta is a third-party application for syncing user profiles from on-prem to cloud. However, Microsoft already has a pretty good application for that, which is Azure's AD Connect. It's more or less the same thing as Okta and more effective in the sense that with AD Connect we can actually get to query the user objects in terms of all the attributes to work on-prem and on the Cloud, just the same way you probably do it if you run an LDAP query. This is something you might not get with Okta because of the integration with the Active Directory.

My advice to someone looking to implement the solution is: your in-house technical support needs to understand the technology and your requirements as an organization because Azure is very robust. You need to know exactly what you intend to deploy and the requirements you intend or need. If you have that covered, Azure AD will be simple and straightforward to use. If you are able to plan and manage the users and services, it is really cost-effective.

I have identified that Azure Active Directory has a lot of features that are handy and useful. Microsoft is also constantly improving on it and it has all the required features that my organization requires. 

Azure AD is helpful and user friendly when it comes to managing identity and access tasks. It helps you manage that effectively because you have all the clouds, you have profile creation, you have all the features. Everything is easy to locate and simple to navigate.

Azure AD allows us to improve compliance for enforcing fine-tuned and adaptive access controls. It also allows us to manage access to all the applications in our environment. With it, we can create design policies that either the leader or the identify side from HR has to comply with before a particular user gains access into our environment or into a particular service within our environment.

We use Entra's Conditional Access feature in conjunction with Microsoft Endpoint Manager. We do so because one part allows for full control in the endpoint for managing access on the user and that user as an object, and then the other manages the device as an object.

This combination has the ability to reduce the risk of unpatched devices connecting to your corporate network. It will prevent a user from accessing an environment or a service space via a compromised device. If a user, for example, tries to access our network, service, or environment, via a compromised personal device, this combination will help prevent that kind of intrusion. Also, if a corporate authorized device gets compromised, that's when we find out the device is authorized to access that environment. It also helps to manage and restrict access.

Entra has helped our IT administrators and HR department save time. As a rough estimate, I would say it has cut our costs down by 20 hours per week.

Microsoft Entra has affected our employee user experience by helping to manage the end-to-end communication between user, device, and services by creating a very similar communication and very similar to the experience, which allows the user to be able to connect seamlessly to services and also to the device itself.

We use  Azure Active Directory to provide all the identity services for all of our applications.

As a company, you want effective identity and access management. You are able to achieve this with Azure Active Directory, you are able to manage everything, such as building user provisioning into third-party applications, or single sign-on, and tools to mitigate threats or risky sign-ins. There are a lot of features that are provided.

The solution has some great features, such as identity governance, and user self-service. The Outlook application is very good and is used by a lot of people even if they are using Google services.

Azure Active Directory could improve by having an authentication service for laptops or desktop computers running Mac and Linux operating systems. They currently have authentication capabilities for Microsoft Windows. Having this capability would benefit people because in today's world everybody is working from the home environment.

I have been using Azure Active Directory within the past 12 months.

The solution is stable. There was one global outage that lasted approximately four hours in the past year.

Microsoft has different kinds of support you can have. If you pay then you will receive premium support which is very good.

I have previously used Google G Suite.

The initial setup is straightforward.

Azure Active Directory is more expensive than Google, but the capabilities they provide are superior.

I have evaluated SalePoint which is another very good product for collaboration that is available on the B2C platform.

The people who are considering Azure Active Directory should look at it as a whole because even if their company is using G Suite, they will still have to go to Office 365 for accounting and finance users who are very familiar with MS Excel and still want to use it. I see most of the companies that are using G Suite will have Office 365 for certain services. There is no need to have two services, a single Office 365 platform will provide all the capabilities needed.

I rate Azure Active Directory a nine out of ten.

Our use case for Azure AD is principally to do the role-based access management for our resources. So, we essentially use it for authentication operations for our primary groups and users to secure access to resources.

It has helped in improving our security posture. It is modeled around that. It is an AD, which means it is a directory of users, objects, and resources, and there is a lot of security in terms of the access model and in terms of who is accessing those resources.

In terms of user experience, it is pretty seamless for any user to use Azure Active Directory. The way its security model works is that once you sign in to Azure Active Directory, you get access to a lot of applications and systems that have Single Sign-on enabled. So, Azure Active Directory works seamlessly as an identity provider for many applications such as Slack, GitHub, etc. That's one of the best parts of it. If it is used properly, only by using the Azure Active Directory sign-in, a person can access different resources, which really improves the user experience.

We've benefited from all the security or AD features of this solution. Azure Active Directory is the only directory we've been using, and we make use of pretty much all the features, including the user identity protection features such as MFA. The way it allows us to audit who is logging in and do our work in a secure manner is one of the best features of it.

Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory.

Generally, everything works pretty well, but sometimes, Azure Active Directory has outages on the Microsoft side of things. These outages really have a very big impact on the users, applications, and everything else because they are closely tied to the Azure AD ecosystem. So, whenever there is an outage, it is really difficult because all things start failing. This happens very rarely, but when it happens, there is a big impact.

I've been working as a DevOps engineer for the last four years, and I have been using Azure Active Directory during this time. I got to know it really well over the last two years in my current job and as a part of my Azure Security certification, where I get to know how to secure everything in the cloud by using Azure Active Directory.

It is available most of the time. Only once in the last six months, we faced an issue. So, it is very reliable.

It is managed by Microsoft, so it is not something that is in our hands. We don't manage the infrastructure side and the scalability side.

My present organization is a startup with around a hundred people. There are 5 to 10 people who primarily work in the CloudOps and DevOps space, and we work with Azure Active Directory at some point in time. All people who have resources in Azure, such as the cloud administrators and people from the CloudOps team and the DevOps team, work with Azure AD.

In terms of resources, there are around 100 to 150 resources that we manage within it.

Microsoft has extensive documentation on its website about how to set up things in Azure AD. There are also video tutorials. So, typically, we don't need to engage technical support to do anything.

Only when there is an outage or something like that, we had to engage someone from Microsoft. For example, when there was an outage, we didn't know what was happening. There were some strange behaviors in certain applications, and that's when we involved Microsoft's technical support. 

They are very reliable, and they are very fast to respond. The response time also depends on the support plan that an organization has with Microsoft. 

I haven't used any other Identity Provider solution.

Our organization has definitely seen a return on its investment from using Azure Active Directory. It ties really well with the Azure ecosystem, which is why it makes sense to use Azure Active Directory to access resources.

Azure Active Directory has a very extensive licensing model. Most of the features are available in the free and basic version, and then there are premium P1 and P2 editions. The licensing model is based on how many users you have per month. In Australia, for a P1 license, the cost is 8 dollars.

With P1 and P2 licenses, you get a lot of goodies around the security side of things. For example, User Identity Protection is available only in P2. These are extra features that allow you to have a pretty good security posture, but most of the required things are available in the free and basic version.

I would definitely recommend this solution. I have been using it extensively, and it works really well. It is one of the best Identity Provider solutions out there. You have all the guidance from Microsoft to set things up, and if there is an issue, their technical support is highly available. 

It has been around for a while now, and most organizations leverage Active Directory as their on-premises identity provider. This is just Azure managing your Active Directory for you. It is pretty popular and rock-solid.

I haven't used any other Identity Provider solution, which makes it hard for me to compare it with others. Based on my experience and the things that I have done and learned over time, I would rate Azure Active Directory a nine out of 10. 

We are using Microsoft Entra ID every day for SSO authentication for our end users. We sync local active directories with Entra, register applications for SSO, assign licenses with dynamic security groups, and utilize it for enterprise applications.

The solution has improved our application security because we can deploy app registrations on our enterprise applications. We could securely enable MFA access on most of our applications.

Entra ID's ability to sync with the local Active Directory provides redundancy, allowing authentication via cloud features even if the local Active Directory faces issues. The SSO features with app registrations are also crucial, as we use Azure globally, allowing role and permission assignments directly from Entra.

I have used Entra ID for eight to 10 years.

The stability of Microsoft Entra ID is excellent. We haven't experienced any issues.

At the moment, it accommodates all our needs, and we have not encountered any scalability issues.

Previously, we used local Active Directory, specifically an on-premises solution.

The initial setup was straightforward.

I would rate Microsoft Entra ID 10 out of 10. It's a good product that's easy to deploy and manage, with no significant learning curve to adapt to various features.

We're using Azure Active Directory to get authentication from Office 365, and along with this, we're using it for infrastructure-as-a-service authentication. For all the virtual machines hosted on Azure right now, we're getting authentication from Azure Active Directory.

In addition to these, we're using some other SaaS or software-as-a-service products such as SAP Ariba and SAP SuccessFactors. For these specific products also, I have integrated single sign-on via Azure Active Directory.

We're also using e-procurement solutions such as Tejari and SAP Ariba. To get authentication of my guest users, who are my partners, vendors, or external collaborators, we create their guest accounts on Azure Active Directory. They come into our applications through that. We get a secure channel to provide access to the external parties on our tenant through Azure Active Directory. These are the basic use cases of Azure Active Directory.

After moving to Azure Active Directory, life becomes very easy, not only for the administrator and IT people but for the end-users as well. They've now got a single sign-on. Previously, our end-users had to remember multiple account IDs and passwords, and they had to enter the relevant account ID and password for each application, whereas now, they have a single identity across all the applications provisioned in our landscape.

It's helpful for security and compliance. Security is a big concern right now, and we're very sensitive about it. I am from the Oil and Gas sector, and this is something that's very critical for us. Additionally, we have external contributors, such as partners, vendors, and technical consultants, who need access to our resources from outside the organization. Azure Active Directory provides some very good features for that such as guest user access and limited user access. 

It has default integration with all Microsoft products such as SharePoint, Power BI, Power Apps, Power Automate, and obviously, the infrastructure as the service landscape of Azure. This integration is surely amazing.

Conditional access is amazing. I have a success story to share for the conditional access feature. About six or seven years ago, we identified a cyber attack that was coming from certain IPs from Nigeria on our tenant, and through that, some of our users were compromised. We blocked all Nigerian IPs using Azure conditional access and saved our users. It was something amazing and life-saving for us. 

The conditional access feature complements the zero-trust strategy. It makes our environment more secure. It makes our environment more reliable as far as the whole security landscape is concerned.

We use Microsoft Endpoint Manager. Initially, we were not using it, but later on, we started to use Microsoft Endpoint, which was previously known as Microsoft Advanced Threat Protection. Implementing secure policies of Microsoft Endpoint, advanced threat protection, and conditional access provides us with a very safe and kind of sandbox environment. This combination protects us from those who are accessing our environment from unpatched devices, pirated applications, and applications with security loopholes.

We're also using Microsoft Intune to save our corporate devices and provide a secure zone for our users to access corporate resources and applications.

Personally, I'm a great fan of Azure Active Directory due to the security and compliance features that are there in the classic or default Azure Active Directory. 

The conditional access feature is absolutely great through which we provide access to users on the basis of a certain device, a certain geographical location, a certain set of IPs, or any other criteria that we can define via a set of rules. 

The auditing of Azure Active Directory is fantastic, and its integration with Cloud App Security is something amazing because we can get complete visibility of our environment through Cloud App Security. It also helps us a lot with our yearly audits and monthly reporting.

There is a lot of room for improvement in terms of its integration with the local Active Directory. There are some gaps in terms of the local Active Directory through which Microsoft is syncing our environment from our data center. There should be the availability of custom attributes on Azure Active Directory. In addition, there should be the availability of security groups and distribution groups that are residing on the local Active Directory. Currently, they are not replicated on Azure Active Directory by default.

There should also be a provision for Azure Active Directory to support custom-built applications. 

I've been using this solution for the last 12 years.

It's very stable.

It's very scalable. It's being used in companies with 64 users as well as in companies with 16,000 users. For both companies, it's working perfectly. It's a very good product.

My environment is based on multiple things. We're using Office 365 in the software-as-a-service mode. We're using Azure infrastructure in the infrastructure-as-a-service mode. We have integrated our Azure Active Directory with multiple third-party solutions such as Oracle Aconex, SAP S4HANA, SAP Ariba, SAP SuccessFactors, and Tejari. Along with this, we're providing authentication services to our third-party or external vendors, contractors, and guest users through Azure Active Directory. It's in hybrid mode. It's in the private cloud, software-as-a-service, and infrastructure-as-a-service environments. There are multiple environments.

Back in 2010 or 2011, when Microsoft launched it initially, it was very good, but since COVID or post-COVID, the quality has reduced significantly. Before COVID, it was very good. We would normally get very good engineers on call. We got support from the European zones, but since COVID, their support services have been significantly compromised. The quality of engineers or the quality of SLAs is not up to the mark. 

I was one of the people here in Pakistan who started the cloud. Microsoft has published three case studies of mine on the cloud during the last ten years. Over the years, I've seen that the overall support model of Microsoft Cloud has been compromised. I'd rate their support a six out of ten. 

Positive

We were using the local Active Directory previously. From day one, we've been die-hard fans of Active Directory. Until 2011 or 2012, we used the local Active Directory that was hosted in my own data center, and now, because we're in a hybrid environment, we're managing local Active Directory, and we're managing Azure Active Directory. We're managing both.

We got Azure Active Directory because we moved to Office 365, public cloud, infrastructure as a service, and software as a service. We needed a single sign-on and integration with some third-party cloud products such as SAP Ariba, SAP SuccessFactors, and Tejari. 

Last month, we did the very first integration in Pakistan with Oracle Aconex. It's one of the biggest engineering document management suites in the world. We integrated Azure Active Directory with EDMS, which was really commendable. It was something that was done for the first time in Pakistan.

We're using Azure Active Directory with Office 365, which is a public cloud. The same Azure Active Directory is integrated with Azure infrastructure's private cloud, so the same Active Directory is serving in multiple scenarios. Through the same Azure Active Directory, we have integrated with the custom applications that are hosted on other public clouds such as Oracle Aconex, SAP S4HANA, SAP Ariba, SAP SuccessFactors, and Tejari. So, we're using it in the hybrid mode to sync our local Active Directory. From that hybrid mode, it's providing authentication to the users for Office 365 and it's providing services for the users who are using Windows virtual desktop. On the other side, for the third party, we're also using Azure Active Directory.

I deployed it myself. The initial setup was complex when we were implementing it around twelve years ago, but now, it's very simple. When we started this journey, it took us six months to integrate our local Active Directory with Azure Active Directory. We worked with three different partners. Two of them failed, and then Microsoft Pakistan got involved with us. Through their Dubai-based partner, we successfully integrated our Azure Active Directory with our local, on-premises Active Directory. We got success with the third partner, but overall, it took us six months. Nowadays, the hybrid configuration and the integration of Azure Active Directory with the local Active Directory is a piece of cake.

In terms of maintenance, because it's software as a service, Microsoft is managing it for us. We don't take any backup, etc. It's just managed by Microsoft.

We got a very good ROI when we compare it with what we were using around ten years ago. It's a much improved and cost-efficient product in terms of cloud provision.

It's pretty good. We're using the native features. It's bundled with our Office 365 licenses. We aren't paying anything extra for Azure Active Directory. It's pretty good for us because it's complementary to Office 365. We're only paying for Office 365.

We checked Google Suite. We checked its identity mechanism, but it was not as per our requirements.

It's a very good product. It's a stable product. I'd highly recommend it.

Overall, I'd rate Azure Active Directory a nine out of ten.

I have come to depend upon Azure AD as my go-to identity management tool. Almost all businesses today use a Microsoft cloud-based product in some form or another, and integration in Azure AD ensures consistency, compliance, and simplified integration across the enterprise.

Additionally, we use many of the built-in security enhancements and features offered by the solution. Single sign-on and other integrations into a range of line-of-business software applications add to the many use cases available through Azure AD. Along with securely extending the on-premises environment to the hybrid state.

The key improvements to our organization are:

1. A singular control plane is enabling a more efficient administrative process.
2. RBAC simplifies role access providing a simpler approach to zero trust.
3. Onboarding and offboarding extend to every integrated application meaning that compliance is maintained.
4. PIM and PAM: Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved.

With so many features available out of the box, it is difficult to adequately summarise in the space provided here.

I find that integration of enterprise applications outside of Microsoft via OATH and SAML is by far one of the most valuable features as it makes software distribution and access simpler and, with SSO enablement, ensures a lower threat surface from end users.

Azure boasts 90 compliance certifications, and this exceeds that of its competitors. With the compliance manager resource, you can control the company’s compliance tasks from one place.

The tool helps you meet complex compliance obligations. For example, you can undertake continuous risk examinations, provide an outlook on your company’s status and provide opportunities for improvement as needed.

With Azure Advisor and the Secure Score continually assessing your security and compliance posture, there is less need for highly paid security engineers. Especially when considering the size of the Microsoft security operations team also monitoring significant portions of the client environment.

It's really difficult to speak to this. The product is constantly undergoing feature enhancement and enrichment, and anything I would like to see coming is already available for public review.

Azure Active Directory is an easy-to-deploy, robust unified identity and access solution that securely extends your existing on-premise infrastructure to the cloud and provides seamless integration for in-house applications and 3rd party SaaS platforms. Granular policy-driven access controls ensure that access is granted only to authorized identities and devices and from approved locations. Azure AD includes an array of security and compliance options to ensure your business governance is adhered to without impacting productivity.

If I had to pick one, it would be to put the features of P1 and P2 into a single license.

I have been using Azure AD for approximately seven years.

The platform is not without its occasional hiccups, however, in general, it is stable and issue-free.

There are few other identity options available with the scale made available by Azure AD.

Support is hit-and-miss. Some days you'll get someone amazing who has the right knowledge and is willing to go beyond to help. And then there are the other times when help isn't forthcoming.

Neutral

The initial configuration is simple. The configuration process is guided so that even a non-technical person can successfully complete the onboarding.

I work on it to investigate it. I work at a cybersecurity company, so I focus on how the product behaves, particularly how Microsoft Entra ID behaves with group permissions and such.

We work with Microsoft because we're also a security company, so we scan Microsoft Entra ID and then monitor what happens regarding defending against token theft and nation-state attacks.

We are partners with Microsoft. We don't sell Microsoft products; we sell our own product, but we integrate it with Microsoft.

It's simple to create groups or accounts and to add users. There are several options for dynamic groups.

Microsoft Entra ID influences our zero trust model because we need to make sure that we give the right user permissions.

To improve Microsoft Entra ID, it should be made simpler because there is a lot of stuff to do in the platform, which could be reduced to fewer buttons.

I have been using Microsoft Entra ID for two years.

Microsoft Entra ID is pretty stable.

I don't know about scalability, but I assume it is suitable because it is used for huge organizations.

Customer service and technical support for Microsoft Entra ID are very good because I open many tickets with the support and get straight answers. If I don't get an answer, they update me all the time that they will provide an answer, and they work on that.

Positive

Microsoft Entra ID is pretty easy to deploy. The speed of deploying Microsoft Entra ID depends on the organization and its structure, but building new users is very simple.

There is a return on investment when using this platform, though I am uncertain about the specifics.

I haven't observed any problems or changes in the frequency and nature of identity-related security incidents after using Microsoft Entra ID in my company.

I would rate Microsoft Entra ID a nine out of ten.

We are a small consultant company, and we help customers to build hybrid environments. We synchronize on-premises AD to Azure AD and help our customers decide which one they want to use.

In our own company, we use Office 365, so we use Activity Directory directly for authentication and authorization.

The most valuable feature is Conditional Access. As there are more and more people working from home, security is a challenge for a lot of companies. To build a general trust solution, we need Conditional Access to make sure the right people use the right device and access the right content.

In our company, we use Conditional Access with Trend to make sure that our employees can use the device from the company. We can make sure that there is higher security. We can also use Trend to set up a group policy and to set up Windows Defender as well.

Microsoft Azure AD is easy to install and is a stable solution.

There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail.

More documentation on some complete scenarios, such as best practices to integrate forests into Azure AD when a customer has several on-premises forests, would be helpful.

I've been using it for four years.

In my experience, it has been working fine.

Scalability is a pain point. There is no documentation about how Microsoft will scale Azure AD for customers. We do, however, plan to increase usage.

We used on-premises Active Directory before using Azure Active Directory.

The initial setup is pretty simple. Microsoft Azure AD can be deployed in one or two minutes.

If you have an Office 365 subscription, Microsoft will build Azure AD for you.

Microsoft Azure AD has P1 or P2 licensing options, and it depends on the customer's needs. To use Conditional Access, you need to have the P1 license, and to use the PIN features, you need the P2 license. We use the P1 license as we use Conditional Access.

It will be a very good solution if your company is already using on-premises Windows Active Directory. Microsoft has provided a useful tool called Azure AD Connect. So, you can easily sync your on-premises Active Directory to Azure Active Directory, and you can easily implement the SSO.

Overall, we are satisfied with the solution and the features provided, and on a scale from one to ten, I would rate this solution at nine.