Microsoft Entra ID Reviews

I am using Azure AD to assist a client with COCC level one and level two certifications. The primary use of the solution is its conditional access feature to enforce fine-tuned and adaptive access controls. The robustness of a zero-trust strategy to verify users has helped in implementing zero trust right now.

The client has to have a clone network storage and manage the services it provides to the handful of people he works for. The control and identify data do what it is supposed to do, as advertised, but the client is not utilizing those features.

The security and compliance features are very helpful. The online information on the site is well documented.

One thing I would like to see is when you're doing control measures if you could globally apply them instead of going through every user individually. I looked at this problem twenty years ago, and it has stayed the same. In twenty years, it's still the same one by one. The default is whether you get group permissions or role-based assignments, you still have to go in individually to everyone every time, which is cumbersome to me. My problem with Azure AD is that it's designed for medium to large systems, and we're not that large.

I rate it an eight out of ten.

I have been using the solution for less than a year, and the client that I'm consulting with has been using it for about four and a half, five years.

It is a stable solution.

Since we're starting with three people, it's probably not going to grow to more than ten people in the next five years. So the scalability is fine for my client's needs.

We have not contacted Azure's technical support.

The initial setup was straightforward. The client has got three people working for him.

For a small business buying individual licenses, it is an affordable solution.

We are a Microsoft-oriented company. All our main infrastructure for user systems and productivity, like Microsoft Office and email, are from Microsoft. So we use Microsoft products and we use Active Directory on-premises. We have also built a cloud infrastructure and we now have a completely hybrid architecture. As a result, it was mandatory to configure Azure Active Directory to synchronize with the on-premises Active Directory.

We have finished that project and now we use Azure Active Directory for users who are on the cloud.

Entra is very good for the organization because we now have many users, due to COVID, who are working from a distance. With Microsoft, we can give them the opportunity to download all the applications on their personal PCs, like Teams, OneDrive, et cetera. They have a single sign-on and they can log on from everywhere.

The solution has improved things a lot for our organization because it has improved productivity. One specific effect is that we used to use a lot of VPN access, but we have decreased that access by 80 percent because they don't need the VPN anymore. And productivity has also improved very much, because users can do their jobs from everywhere, even on their mobile phones, because they have their files on OneDrive. With Azure Active Directory, we don't have security issues thanks to the added security on the cloud, such as MFA and also Defender for Endpoint. 

But it's not only productivity tools that we have on Azure, we have other applications as well that we have set up for our users, like SAP. We have also diminished our telecom costs.

We have saved a lot of money, I'm very sure about that. We pay for the solution but because it is in the pricing agreement, we have more tools available and we don't have to buy more. I would estimate it has saved us more than 40 percent.

In addition, before, we had to work through all the horizontal firewalls and security sensors in the company. Now, we have separated the productivity tools like Word, Excel, OneDrive, and Teams. That means our users are very pleased with the user experience. They like using it. They can work from home or at the company and their files are synchronized. 

Overall, we feel our security has improved and we are confident.

I like the fact that I can manage the users, but it's also a security resource. Let's say we decide that our users need to have MFA - multi-factor authentication. It is very easy to implement that with Azure Active Directory.

What could be improved is the environment. It still has administration centers in Office 365, and the same is true for Azure in general. You can manage the users from the Office 365 administration center, and you can manage them from Azure Active Directory. Those are two different environments, but they do the same things. They can gather the features in one place, and it might be better if that place were Azure.

I have been using Azure Active Directory for five years.

The stability is very good. We don't have incidents. The only issues we had were to do with synchronization that took some time between Active Directory on-prem and Azure Active Directory. But that might have had something to do with other issues.

It is a 100-percent scalable solution and that is one of the reasons we chose it. 

We have installations on-premises, and people all over the country, including the islands, the north, and everywhere. Our users are in multiple locations. It's used across different departments with different applications and needs. At this moment, we have about 2,300 users.

Microsoft's technical support needs to be improved. It's a bit bureaucratic, to put it in one word.  The procedure for opening a case is that someone sends you an email to give them all they need. I would like the technical support proceedings to be faster. Sometimes, my company doesn't have this time. We need to find a solution very quickly. 

Neutral

We used on-premises products like System Center Configuration Manager. We used Microsoft's products, but for on-prem administration, not on the cloud.

Due to the fact that we have a hybrid architecture, not a clean cloud solution, it took us a lot of time. We had to consider how everything, all the applications, was going to work. Active Directory is also involved in emails and there were many procedures to consider and test. There were also many users who were staying on-prem. We also had to consider external cooperation with other European and domestic energy companies. So it took us about one year. Our company is not a simple company, like a sales company or a manufacturer. We deal with critical infrastructure and we have to control and operate the power for the whole country. We had to think about every step of the journey.

We had 10 to 12 people involved. I was the project manager and there were three groups of people, in addition. One was from telecom and security. There were a few people from infrastructure and technical support, and there were some people from the application side, to test that all our applications were active.

We also have teams for projects, like when we do a large construction for something like power lines. We form teams between departments and these special teams may work for a year on a specific project. We also needed to consider them because they have different needs and work from different places and are mobile.

Because we have on-premises firewalls in our company, we had to do some work before we implemented AAD to arrange access between the company's security system and the Microsoft cloud system so that they could cooperate and communicate. We had to open the protocols, et cetera. As a result, we don't have any problem with the consistency of our security policies.

In the beginning, it was a matter of getting used to the procedures. We needed to explain things to the users so we sent them a guide. We rolled it out to our 2,500 users in many batches over about four months.

There is periodical maintenance, such as upgrades, as well as ad hoc maintenance. For example, if we modify public folders, we need to do some work because, on one occasion, cloud users couldn't see a public folder that was on-premises.

We can see a return on the investment by comparing the prices we know from previous years. We don't use so many data centers now and we don't need as many installations and to pay as much rent.

Our return on investment is that the costs are very small, like one-tenth what they were, by going from owning on-premises data centers to what we have now. Over a period of five years, our return on investment is 100 percent. The money we pay for this contract is not much compared to the money you need for buildings, data centers, power, and technicians.

The price is also very good if you consider the money you save by not having to pay for many contracts with different companies to create a corporate solution. You pay one company, like Microsoft, and you have the whole solution. We have saved a lot of money by doing that. 

Of course, you need to give it time and in-house resources. People have to be trained. Otherwise, if you have many environments and many products that you don't know very well... 

Maybe using multiple companies is good. That's why we do use some other products, but not many.

The price is fair. It's not very expensive given what they offer. Of course, we did some negotiating with Microsoft. We didn't pay the list price. We have been a Microsoft customer for many years, so when the contract comes due every three years, we discuss it. Afterward, there are some discounts.

We evaluated Amazon and Google. We chose Microsoft mainly because it has the whole package, meaning it has the security, the applications, and the infrastructure, so it's a more holistic approach compared to the others. It's not that Google and Amazon don't offer something like that, but they need more time to improve because they were not on-premises companies.

Microsoft gives you the space, the data centers on the cloud, and backups; it gives you everything. From the others, something was always missing. Microsoft may not be perfect, but it has everything you need.

It's a very good solution, an excellent solution. It's very stable and robust. You don't need to do a proof of concept unless you have a special case, like, for example, fleet management, and have a very specialized application.

We use Entra’s Conditional Access feature but we also use other tools from other vendors. From our experience so far, we haven't had problems. Entra seems robust enough. We haven't even had one incident of malware. Of course, we have added some more tools to our cloud infrastructure for the mail applications in the network. So although it's robust enough, because we're handling critical infrastructure, as a company we decided to have more tools.

We use Intune and Endpoint Manager. Any device that is connected, even if it is a personal device, needs to be registered via Intune. We do not accept non-registered devices. 

Azure Active Directory, and Azure in general, is a very big solution that we are developing further. It takes a lot of time, but by using it, we don't need so many other resources from outside companies. We can manage everything in-house. It takes a lot of time, but it's better than other options. It has more tools and better monitoring. Those extra tools mean more time spent on it by the administrators. But it has dashboards that they didn't have before. So the administration is easier and more centralized, but you need time with all these tools.

We use Azure Active Directory for the user rules, identity management, user rule validation, authorization, and authentication.

The most valuable features of this solution are definitely the authorization and authentication, and the rule-based user validation.

Azure Active Directory is quite easy to use.

We are quite happy with the Azure Active Directory services we are utilizing.

Definitely, the price could be lower. When we moved from AWS to Azure, we started paying more. The licensing fees were more expensive.

I have been using Azure Active Directory for the last 10 to 15 years.

Azure Active Directory is quite stable.

Azure Active Directory is a scalable solution.

We have approximately 100 users in our company.

We have plans to increase our usage.

Technical support is quite good, they are awesome.

Previously, we were using an open-source solution, but we are happy with the Azure Active Directory solution.

We received the migrations as a direct value add because we are a part of Microsoft MSP.

The Azure Active Directory migration took ten days to complete.

This solution is maintained by a team of three to four people.

We had assistance from a consultant.

We pay an annual subscription fee.

I would recommend this solution to others who are considering using it.

I would rate Azure Active Directory a ten out of ten.

We primarily use the solution with our customers that use it.

We're using the solution for a lot of all different things. We have used it to support. We have something called BankID here in Sweden, where you identify yourself to your internet bank and lots of other areas and we have based our connection to BankID using Active Directory. 

It's user-friendly and easy to understand. It's doing work great so far.

We're mainly using templates and using the APIs rather than using the GUI. That's the easiest way to do things.

The initial setup is pretty easy.

The solution scales well.

It's a stable product for the most part.

Something that can be improved is their user interface. It needs to be better.

It's always a good idea to have some kind of expert GUI that you can turn on/off. There are a lot of settings to work through. If you are not that experienced, then maybe you might not want to use them. 

There should be an easier way to set up the regular things and then switch to a more expert kind of wizard to set things up.

We've used the product for many, many years at this point. 

The solution is stable. There aren't issues with bugs or glitches. it doesn't crash or freeze. Its performance is good.

We can scale the solution if we need to.

It is my understanding that support is not as good as Cloudflare, however, I haven't been using the support that much for Azure. There is lots of information out there on the internet. If you search, you don't need to contact support often.

The solution has been straightforward to set up. It's simple. It's not overly complex. 

We have a handful of people involved in the initial setup. You don't need very many. They are mostly specialists and technicians. 

While I don't directly deal with tracking ROI, our customers are satisfied with the way we are billing them when we're setting things up. 

The pricing seems to be fine for our clients.

We are an integrator. We are using the latest versions of the product.

New users should know that it's quite easy to set up a sandbox environment and a free account in order to play with it. It's fairly easy to kind of set up the proof of concept.

I would rate the solution an eight out of ten.

The solution is deployed on a public cloud. We are using Microsoft Azure.

There is on-premises AD and cloud AD. We are able to sync the solution and use the load technology and password management features.

The most valuable features in Active Directory are the password writeback product and the MDM technology.

The on-premises AD comes with a lot of options and group policies. With the group policies, we are using screen saver a lot, and it is messing up Azure AD and isn't working effectively. We are also using MDM technology through Azure. For Android the MDM technology is okay, but it doesn't work properly on iPhones.

When we do a screen share and screenshots, it doesn't work on the iPhone. For Android, it will only work for Outlook, which is provided in the company portal.

I would like to see the group policies on the same platform on cloud.

We have been using this solution for almost two years.

The solution is stable and everything is working. In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal.

The solution is scalable. We haven't had any issues.

We have 500 people using this solution in our company. We have increased usage, and we have plans to increase more. 

Technical support is very good. They work quickly to resolve any issues.

We are using an earlier non-premises AD, but we want to move to the cloud setup, which is easier for end users and everyone else due to the pandemic situation.

Setup was straightforward. Implementation took three months.

For the deployment process, we had a technical team of two people who did everything. They are engineers.

We used a consultant for deployment. I think we used a Microsoft partner.

It was a good experience and not very complicated. I think I realized that they are not seeing many implementations. There's a tool in Microsoft Azure called an endpoint security tool, and they don't know how to implement it.

We have a yearly license.

I would rate this solution 9 out of 10.

This product is very nice. It's a legacy application, so the people using it are very familiar with it.

We use Active Directory to manage our main database and control students and staff access with rules and passwords. Usernames, emails, etc., are all integrated with Active Directory. Office 365 is also integrated with our Active Directory.

The best thing about Active Directory is its compatibility. It works with lots of third-party vendors. We're using multiple products, and they're all integrated with our Active Directory.

Active Directory could always be more secure. Right now, we've got two-factor authentications. All services based on Active Directory have a username and password. If somebody hacked our username, they could easily get all the data from our side. So I want two-factor authentication and a stronger password policy from Active Directory. The domain controllers should be more secure as well.

We've been using Microsoft Active Directory for more than 10 years. 

Active Directory is a stable, scalable product.

Microsoft technical support is very good. They call us back and resolve the problem.

The setup is effortless because we've been using this solution for a while. We are familiar with the setup now, so it's easier.

We get a discount because we're working in the education sector. 

I rate Active Directory eight out of 10. I think this is a good product. Most enterprises are using this. We don't currently have any plans to switch, but we're planning to migrate more into the cloud. However, cloud service is still costly, so we are working on the premiums. I would recommend Active Directory for any large-scale company, organization, or university. 

We use this and Microsoft Intune. Azure Active Directory is an identity solution and a mandatory requirement. Without Azure Active Directory, Intune would not work.

Within Azure Active Directory, the single sign-on feature is the best aspect. Right now, the world is moving to the cloud. Nowadays, every vendor is developing their cloud. With this, I can have a single sign-on and move around from place to place easily.

The technical support is pretty good.

The initial setup is pretty straightforward. 

I have found the solution to be stable so far.

The scalability potential is good. 

The pricing of the product is reasonable. 

The interface, in general, looks okay. 

The solution has built-in backup capabilities. 

So far, the solution has worked well for us. there are no missing features. 

The monitoring dashboard could be a bit better.

The solution is stable. the performance and reliability are good. There aren't issues with bugs or glitches. It doesn't crash or freeze. 

You can scale this solution if you need to. It's not a problem. 

We haven't dealt much with technical support, as we haven't really needed it, however, if we did need assistance, they have been helpful. Overall, it's been a positive experience. 

The initial setup is very, very easy. It's not complex or difficult at all.

There are multiple options for pricing. One is standalone. Another is within a package. If we consider an F1 package, I'm getting Azure Active Directory, Intune, and Microsoft Information Protection. If I'm taking the Azure Active Directory virtual feature under the plan, under the package, it's affordable. They offer a very good price.

I would rate the solution at a perfect ten out of ten overall. It's the best product. I'm really happy with it. 

We're using Azure AD as a centralized identity management tool, to keep all identities in one place. For example, if we have an application that needs authentication, we use Azure AD. It is not only for user authentication and authorization.

We also use Azure AD as a synchronization tool from on-premises instances to the cloud, and we are using Azure ID Join to join machines directly to the cloud. We use it for access policies, as well as the registration of services.

With MFA, if there has been a password leak and someone tries to access the system, Azure AD will send a notification to the real user's cell phone and ask, "Are you trying to login? Please approve or decline this login." If the user declines the login, he can send a report to IT and the IT guys can automatically block the account, change the password, and review everything else. That helps us prevent unauthorized access to the system, and that's just through the use of MFA.

Through access policies, if my account was stolen and the guy got his hands on the MFA information for some reason, if the real user is in one country and the thief is in another country, the account will be blocked by our geolocation policy, even when the password is right and the MFA has been approved. We can lock it down using geolocation.

If we're talking about applications, one of the most valuable features is the administration of enterprise applications. It helps us to keep them working. We don't always need to authenticate a user to make an application work, but we do need some kind of authorization. We use service principal names for that. Managed identities for applications are very useful because we can control, using roles, what each resource can do. We can use a single identity and specify what an application can do with different resources. For example, we can use the same managed identity to say, "Hey, you can read this storage account." We can control access, across resources, using a single managed identity.

When it comes to users who have a single account, the most valuable feature is the authorization across applications. In addition, access policies help us to keep things safe. If we have a suspicious login or sign-on, we can block the account and keep the environment safe. It's also important, regarding users, to have a centralized place to put everything.

The user functionality enables us to provide different levels of access, across many applications, for each user. We can customize the access level and set a security level in connection with that access. For instance, we can require MFA. That is a feature that helps enhance our security posture a lot. And through access policies we can say, "If you just logged in here in Brazil, and you try to log in from Europe five or 10 minutes later, your login will be blocked."

One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD.

I have been using Azure AD for the last five or six years. I have been using the on-premises solution, Active Directory, since 2005 or 2006.

We have never faced an outage situation with Azure AD. The stability is great, very reliable.

The scalability is okay for us. While there are limitations on the number of users, it's a very huge limitation. We have not hit that limitation so far. No matter how many users or groups or SPNs (service principal names) we have, it works fast. The response takes two to three seconds if we use the API.

Currently, we have more than 5,000 users. We are at 100 percent adoption. All our users from on-premises are synced to the cloud and they are fully using the features available.

The technical support is not going in the right direction. Sometimes the first-level support agents don't have the proper knowledge. Some of them take a lot of time to discover simple things because of that lack of knowledge. Sometimes a guy takes three or four days to give up and to ask for help from a higher level of support. The technical support can be improved in that area.

Neutral

Before Azure AD, we either used Active Directory for on-premises or a Linux solution, but it was almost a miracle finding Linux solutions for identities. In our location, the majority of enterprises and companies are using Active Directory. The free Linux solution is basic. You can choose a user, a password, and a level of access, but it does not go as deep as Active Directory.

The initial setup of Azure AD is very straightforward. There is even a wizard for it, making it very simple. The wizard guided us and pointed us to articles in the Microsoft Knowledge Base, in case we had any doubts about what was going on. It was a matter of "next, next, and finish."

Deployment took less than 60 minutes. It was very fast.

There are almost always issues when it comes to synching on-premises instances because they almost never follow best practices. When migrating to the cloud, there is a tool that Microsoft provides to run in your environment that tells you, "Hey, you need to fix this and this about these users, before you initiate the migration." It's complicated because on-premises solutions are like that. But if you want to have identities in Azure AD, you must have a proper set of User Principal Names, because these will be the anchor for the synchronization. If my on-premises instance has a bad UPN, it will not be able to properly sync to the cloud. But once we finished fixing the irregularities in the on-premises accounts, the migration was easy. We just installed the synchronization server and it did the job.

We have seen ROI using Azure Active Directory in the fact that we don't need to have four or five local servers. We can have just one local server and the heavy jobs can be run over the cloud. There is some money saved on that.

The pricing for companies and businesses is okay, it's fair. 

But if you are trying to teach someone about Azure AD, there is no licensing option for that. There is a trial for one month to learn about it, but there is a need for some kind of individual licensing. For instance, I personally have an Azure tenant with Azure AD and I use this tenant to study things. It's a place where I can make a mess. But sometimes I want to do things that are blocked behind the licensing. If I were to buy that license it would be very expensive for me as an individual. It would be nice to have a "learning" license, one that is cheaper for a single person.

Plan what you want. Think about whether you want native authentication and authorization in Azure AD. And if you want to have servers on-prem, you have to plan the kind of synchronization you want. Do you want passwords synced to the cloud or not? Instead of going headlong into using Azure AD and running into issues, the kind that require a change in access which could be problematic, plan before doing the deployment.