Microsoft Entra ID Reviews

The primary use cases are task tracking and technical documentation, but I'm a project manager, so I also use the product for other jobs.

We have around 15 total users, with a couple of admins.

The boards for task tracking are a valuable feature. 

Azure AD is a turnkey solution; it provides many features for developers to use in one place.

Many of the features are outdated, so the UI and UX could be improved. 

The wiki is hard to use as it's more of a repository for technical information, but when I'm writing a PRD, I need more tools for writing. 

It would be good if the UI were more visually appealing, as it looks dated compared to other products on the market. It works fine for the dev team, but the navigation could be improved, especially for managers.

I've been using the solution for around two years. 

The stability is okay overall. 

The product is highly scalable; it's enormous and has many features.

I previously used a variety of solutions for task management, including Asana, Teamwork from Microsoft, Jira, and so on. 

I wasn't involved in the deployment; the solution was already in place when I arrived. It doesn't require any maintenance that I'm aware of. 

The product is relatively affordable, especially compared to Okta, a pricey solution.

Azure AD helped save my organization money, as it's a turnkey solution for dev management, though I can't say precisely how much as I'm not involved in the financial side.  

I rate the solution six out of ten. 

I don't use Azure AD's Verified ID, but I'm considering an identity management solution. I'm hesitant about which one to choose, and the choice is between a product from Okta and the one from Azure AD.

I use the Permission Management feature, which I look for when choosing an identity management product, but I'm still in the research phase with this feature.

Most of our staff are okay with the quality of the end-user experience within our organization, but it could be more comfortable to use for managers. It's a challenging solution to implement for every department or team because not everyone likes the UX, and it's pretty outdated when it comes to product document writing. I had an unpleasant experience when we had a power cut, and I lost two pages of documentation, as there is no autosave feature. This is important from a manager's perspective but less so for developers.

For those considering the solution, talk to your dev team to determine if it covers their needs. If so, use it, as it has many features and is very scalable.

The solution strengthened our security posture by providing fine-grained access based on attributes, standardized names, and values. Azure AD reduced our time to market for products based on improved security.

The product also improved our service desk overhead.

Azure AD positively affected our end-user experience via reduced time to market, being an identity product for our workforce.

Privileged Identity Management (PIM), managed identities, dynamic groups, and extension and security attributes are all great features.

Better integration with external governance products would be a welcome addition to Azure AD. 

We've been using the solution for four years.

The solution is stable but can be improved, especially regarding response times.

Azure AD is a cloud-based solution operating from a worldwide tenant, so scalability isn't an issue, especially from an identity perspective. We have 300,000 total end users. 

We have yet to interact with technical support, so I can't speak to that.

We previously used standard AD. 

The setup is mixed; the startup is fast, but configuring requires the knowledge of a consultant or technical resource. Basic deployment can be completed in a day, but our greenfield deployment took a relatively long time as we're a large organization. A greenfield deployment should take at most two weeks, but implementing Azure AD into a functional environment is a project unto itself. It could take months, depending on the use cases.

Regarding maintenance, we're a global organization, and each feature has its own operating team. At our scale, a group of 25 is responsible for managing and maintaining the identity part of the solution.

The pricing depends on the use case and can be negotiated based on volume. 

I rate the solution eight out of ten. 

My advice to others evaluating the product is to do good due diligence beforehand to determine a clear set of requirements, as with any identity tool or access management solution.  

We use the Authenticator app on our mobile phones and to authenticate for Office 365. We also provide consulting services and recommend Microsoft Authenticator to clients looking for an MFA solution.

The solution improved our and our clients' security; end users are more confident knowing that their information is confidential. Strategic users, VIPs, and admins are protected from potential attacks because their authentication goes through Microsoft Authenticator.

The product has significantly increased our security maturity and gives us comfort knowing we have security in a good, affordable solution.

We have a history of all our authentications and excellent integration with the Microsoft solutions we use at our company. It runs smoothly in Windows and macOS.

I want to see more features to improve security, such as integrated user behavior analysis.

We have been using the solution for two years. 

The tool is stable, we haven't had any issues regarding stability. 

Scaling is easy as the product is hosted in the cloud; it's a robust and trustworthy solution.

Currently, we have 100 end users in our company, and we have some clients with around 1000 end users of Microsoft Authenticator.

We never needed to contact technical support as we have never had any problems, so I can't comment on that.

We previously used JumpCloud before migrating to Microsoft Authenticator, and we did that because it's more affordable and has better integration with Office 365 and the other Microsoft products we implement.

The setup was straightforward. We made an implementation plan and transitioned from using MFA via email and SMS messages to using Microsoft Authenticator.

Our security team is responsible for all our security solutions, and they take care of the maintenance, which I understand to be relatively light.

We have a Security Operation Center in our company. Another company using the same solution without a team like ours may require several hours a month to manage the solution.

We implemented it in-house since we are a consulting services company.

We think the solution is excellent and provides a return on our investment.

I would advise implementing the solution to VIPs and admins; it's affordable, effective, and efficient. I would say training staff on properly using the tool is also essential.

We decided to go straight for the Microsoft offering since we use Office 365.

I would rate this solution a nine out of ten.

When we deployed Microsoft Authenticator for our clients, we initially had some requests for training. We delivered the training, and the end users could adapt to it; the transition was smooth.

The solution is extensively used within our organization.

Azure AD is primarily integrated with all of the Microsoft services, such as Microsoft 365, Office 365, and Dynamics 365/Power Apps. Behind the scenes, we are, in one way or another, using Azure AD for our application security, identity management, and to access purpose services. At times, we need to configure some advanced features to provide access and identity to third-party apps to integrate with Dynamic 365. 

Unfortunately, I don't have any numbers and metrics related to organizational improvement off-hand.

That said, using Azure AD app services, we don't have to care about secure access to our Dynamics 365 data. Azure AD performs the authentication on behalf of our application and that's great. We don't have to implement security on our side to secure access for third-party services or third-party software or applications.

Azure B2C has also helped us in providing secure access to the Power Apps portal, or external content.

The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.  

I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.

The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.

The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.

Honestly speaking, I haven't thought about where areas of improvement might be necessary.

Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues.

In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.

I have been using the advanced feature of Azure AD for the last three years or so.

Currently, Azure AD and most of the Azure services are very, very stable. A couple of years ago, I experienced some difficulty in implementing the solutions, the services of Azure AD. In one instance, I was not able to configure Azure AD for a registration. This was two or three years ago. However, currently, the documentation is very clear and there are no loopholes or anything that could hinder even a simple IT administrator to implement these services.

I am just using the product for integration with Dynamics 365 and Power Apps solutions. Right now, we are integrating with Azure AD in a very simple manner. I'm not sure if we plan to expand usage.

In our company, 100 to 200 people are connecting to PowerApps portals using Azure AD B2C.

There are two or three developers right now who use Azure AD for identity and access management purposes. Managers will not be using Azure AD in that it is not used to configure and trigger solutions using Azure.

We haven't used customer support contact up to this point. Everything that we need is already provided through the documentation. So far, we haven't had any need to contact customer support for Azure AD.

We did not use a different solution before we used Azure AD. We only use Microsoft solutions.

The initial setup was very straightforward. The documentation is very good and the steps are very well documented. I remember three years ago I encountered some undocumented feature or maybe a bug when configuring Azure AD for apps registration. However, lately, this is not the case. Currently, the documentation is very up-to-date and very clear, and almost every time I register the user, the apps in Azure AD, and configuration the Azure B2C have helpful documentation. They probably made some form of an update to the system that fixed any past bugs or issues.

The deployment hardly takes 15 to 30 minutes - and that's for app registration. To complete the whole process on the Azure AD side and on our Dynamics 365 side - including Azure B2C - it took, when I implemented it for the first time, one hour to set up everything. That was the first time. Since then, I've gotten faster and it now hardly takes 30 to 40 minutes to configure Azure B2C.

We are an IT company ourselves. A hundred percent of the time we use our own skills and documentation to implement everything related to Azure AD and Dynamics 365 or anything else.

We have seen an ROI due to the fact that it integrates with other Microsoft services very seamlessly. In that sense, it definitely saves time and cost as opposed to implementing something that we don't know, such as other identity systems. 

I don't know much about the pricing. As far as licensing is concerned, there are two options. There is a set of free services that are offered through a free license and if you have a Microsoft tenant or any Microsoft service such as Dynamics 365 or Power Apps, you have access to a free set of services that Azure AD provides. This includes registration and some other items. 

If you want to use Azure AD's advanced features, they are not provided for free. There are two types of premium licenses that are available for anyone who is a registered licensed user.

We did not evaluate different solutions before we chose Azure AD. This is due to the fact that, in the Microsoft ecosystem, Azure AD fits best in terms of providing access and identity management to all of the other Microsoft online services.

We are a Microsoft partner.

I'm not sure which version of the solution we're using. This is an online service. As I'm a Dynamics 365/Power Apps developer, usually I don't bother to check what version of Azure AD is currently hosting on the online services.

I would advise new users, if they are using Microsoft online services, that Azure AD is the best choice for all identity and access management requirements. This is due to the fact that it is in the same ecosystem. It understands the needs of its own vendors much better compared to any other external identity service.

I'd rate the solution a perfect ten out of ten.

We mainly use Azure Active Directory for authentication, identity management, and single sign-on. A user can use a local Active Directory password to sign into other platforms, like Zendesk or Zoom. These on-premise users are synced to Azure Active Directory. We have some other users who only use cloud, so they don't have instances on-premise, i.e., they are pure cloud. Both of these types of users can authenticate their credentials with other applications and single sign-on. 

We use Microsoft solutions, such as Microsoft Endpoint Manager for mobile device management (MDM), Microsoft Defender, and Advanced Threat Protection (ATP). For our customers and clients, we do something similar. We also send logs from Microsoft 365 to different SIEMs.

We sync users from on-premise using AD Connect sync. We sync them to Azure Active Directory, where we have some instances. 

We have secure scores and compliance scores. These scores tell you your standpoint in terms of recommendations, vulnerabilities, etc. So, it can tell you what you need to configure to increase your security posture, then you can tell where you are. With the compliance scores, it will tell you what you need to do to improve it. The secure scores will tell you that maybe you should enable MFA for all users or that all admins should have MFA. It gives you a lot of suggestions and recommendations to improve your security posture. 

Microsoft Endpoint Manager acts as a mobile device management tool. It focuses on the firewall and does device compliance policy. There are a lot of policies that you can use to align your organization in regards to compliance and regulations. Also, there are security settings that you can enable.

In Microsoft Defender, it accesses the devices onboarded to your Microsoft Defender so you can see the vulnerabilities in terms of the applications installed on a system as well as the version of the OS that you are using. It shows you the patch management that you need to do for vulnerabilities. 

Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.

Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user. 

You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.

There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.

Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.

Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.

I have been using it for four years.

It is very simple to manage.

The scalability is massive. When you get your licenses, those should give you the limits of what you can do, but the limits are considerable. It should scale automatically as your workloads increase.

If enough customers have questions about something, the Microsoft product engineering team will pick it up, document, and design it, then publish it in Microsoft.

At a previous company, I was the technical lead and expert. We were Microsoft partners. So, we picked up tickets for Microsoft 365, working on different issues from eCommerce, Exchange, SharePoint, and OneDrive. 

You can maintain your previous investment in identity management solutions by just integrating them with Azure Active Directory. You can also integrate other solutions with Azure Active Directory, then use Azure Active Directory as a single sign-on.

The initial setup is straightforward. 

Active Directory is a place where all your instances, users, identities are being stored. You can create users and identities, then they are stored in Active Directory. Then, Azure Active Directory is just like a cloud-based scenario. When you create users, they are there. You can join devices to your Active Directory.

You need to have the user's information: their password, email, location and ID. All those things are being stored in Azure Active Directory. 

Deployment time depends on the scope of work. For example, a single user could take about 10 minutes to deploy, if you know what you are doing.

Deployment needs just one person to do it.

It protects your identity and keeps you secure. The return on investment is that it keeps your identity from being compromised or you being scammed. That is the investment that customers pay for.

Previously, only building and global administrators could purchase subscriptions or licenses. Mid-last year, Microsoft made it so users can purchase the license online.

Microsoft business subscription is for 200 to 300 users. If you have more than 300 users, you can't purchase the business plan. You have to purchase the enterprise plan. The enterprise plan is for 301 users and above. 

Pay as you go is also available. If you pay as you go in Azure, you will be billed for whatever you use.

I know AWS has something similar.

It is an excellent solution. I would advise going for it.

I have received several complaints from different people and customers too, "Why do I have to do it two times? I want to do it just one time." However, there is a reason for it - we are increasing the security layer. That is why it takes two times, because it is organizational policy. So, they just have to comply.

Previously, admins could only release quarantined emails, so you would need to speak to the admin to release them. Now, if a user's message gets quarantined, then the end user releases it.

If you have Microsoft 365, then you have Azure AD. They go hand in hand.

I would rate this solution as 10 out of 10.

We use  Azure Active Directory to provide all the identity services for all of our applications.

As a company, you want effective identity and access management. You are able to achieve this with Azure Active Directory, you are able to manage everything, such as building user provisioning into third-party applications, or single sign-on, and tools to mitigate threats or risky sign-ins. There are a lot of features that are provided.

The solution has some great features, such as identity governance, and user self-service. The Outlook application is very good and is used by a lot of people even if they are using Google services.

Azure Active Directory could improve by having an authentication service for laptops or desktop computers running Mac and Linux operating systems. They currently have authentication capabilities for Microsoft Windows. Having this capability would benefit people because in today's world everybody is working from the home environment.

I have been using Azure Active Directory within the past 12 months.

The solution is stable. There was one global outage that lasted approximately four hours in the past year.

Microsoft has different kinds of support you can have. If you pay then you will receive premium support which is very good.

I have previously used Google G Suite.

The initial setup is straightforward.

Azure Active Directory is more expensive than Google, but the capabilities they provide are superior.

I have evaluated SalePoint which is another very good product for collaboration that is available on the B2C platform.

The people who are considering Azure Active Directory should look at it as a whole because even if their company is using G Suite, they will still have to go to Office 365 for accounting and finance users who are very familiar with MS Excel and still want to use it. I see most of the companies that are using G Suite will have Office 365 for certain services. There is no need to have two services, a single Office 365 platform will provide all the capabilities needed.

I rate Azure Active Directory a nine out of ten.

BDO is a network of firms and a firm is what we call a country. So, we are present in about 160 countries. I am involved in BDO Global, which is not really a firm in the sense that we don't deal directly with clients, but BDO Global hosts IT services for all those 160 countries. A couple of those solutions are a worldwide audit solution that our firms use for financial audits for customers. We have a globally running portal solution, which firms are using to collaborate with our customers directly. All these services are basically based on Azure AD for authentication and authorization. This has been a lifesaver for us, because BDO firms are legally independent, so, we don't have a single identity store worldwide, like other big companies potentially do. We created an IAM solution based on Azure AD that ties all 160 dispersed identity stores back into one. We use that to give access to our services that we run globally.

Azure AD doesn't really give you a version. You just need to take the version as-is because it is a service that Microsoft delivers as a SaaS service. So, we don't have a lot of influence over the version that we use.

Besides tying together all authentications for our 160 countries, it has also been instrumental in getting the collaboration going between our firm countries since normally they are quite isolated. Also, their IT firms are quite isolated. So, Azure AD has made sure that we can collaborate with each other in multiple different systems: the global portal, the Audit application, and Office 365. This allows us to collaborate closer together, even though we are still separated as different countries.

Because it is an identity store, it handles all our authentication. We also use it with a combination of conditional access, which is a way to limit people's authentication or authorization based on where they are, the compliance of their device, and on a whole bunch of other variables that we can set. So, it definitely has been influential as well on the security side. Because it is a SaaS, you have central management over that. You can see all the logins and get reports on who signs in from where. 

There is a lot of artificial intelligence in Azure AD that can monitor behavior of users. If users behave in a strange way, then the authentication can be blocked. For example, if you have a user logging in from China, but it looks like the same user is logging in from America just a few seconds apart. That is a seemingly risky behavior that Azure AD flags for you, then you can block that behavior or have the user provide you with a second factor of authentication. So, there are a lot of security features that come with Azure AD too.

In our scenario, we use a lot of the business-to-business (B2B) features in Azure AD, which allows us to tie multiple Azure AD instances together. That is what we heavily use because every firm or country has their own Azure AD instance. We tie those together by using the B2B functionality in Azure AD. So, that is the most valuable part for us right now.

It has been very instrumental towards a lot of services we run, especially on the single sign-on side. For example, we have 160 countries that all run their own IT but we still are able to provide users with a single sign-on experience towards global applications. So, they have a certain set of accounts that they get from their local IT department, then they use exactly the same account and credentials to sign into global services. For the user, it has been quite instrumental in that space. It is about efficiency, but also about users not having to remember multiple accounts and passwords since it is all single sign-on. Therefore, the single sign-on experience for us has been the most instrumental for the end user experience.

We are using a whole bunch of features:

• We are using privileged identity management, which is also an Azure AD feature. This allows us to give just-in-time, just enough access to privileged accounts. For example, normally you have a named account and you get a few roles based on that named account. If that is a very privileged role, that role always sits on your account all the time. When your account is compromised and the role is on the account, the people that compromise your account have that role. With privileged identity management, I can assign a role to a certain account for a specific amount of time and also for a specific amount of privileges, e.g., I can give somebody global administrator access, then revoke that after an hour automatically. So, when his/her account gets compromised, that role is not present anymore. 
• We use conditional access. 
• We use access reviews, which is basically a mechanism to access reviews on Azure AD groups automatically. So, the group owner gets a notification that they need to review their group member access, and they use that to do reviews. That is all audited and locked. For our ISO process, this is a very convenient mechanism to audit your group access.

We have a custom solution now running to tie all those Azure ADs together. We use the B2B functionality for that. Improvements are already on the roadmap for Azure AD in that area. I think they will make it easier to work together between two different tenants in Azure AD, because normally one tenant is a security boundary. For example, company one has a tenant and company two has a tenant, and then you can do B2B collaboration between those, but it is still quite limited. For our use case, it is enough currently. However, if we want to extend the collaboration even further, then we need an easier way to collaborate between two tenants, but I think that is already on the roadmap of Azure AD anyway.

I have been using it for about six years.

The stability has been very good because it is an underpinning service for many things that Microsoft does:

• The underpinning identity store for Office 365.
• The underpinning identities over Azure services. 

So, the stability has been very good. We haven't had major issues with Azure AD so far.

On the global side, we have around two to three FTEs aligned to this. On the firm side, in the countries, FTE's are aligned to managing identity as well. These FTE numbers differ per firm. In our case, there are about two to three FTEs who are aligned to this. That is normally probably not what you would need, but since we run some custom code around this to be able to do the B2B process, we need about two to three FTEs.

Scalability is not a problem. We don't have to control that because Microsoft does it as a SaaS. However, we have never seen any real performance issues on the authentication stuff. I think they handle that under the hood. Since it is such an important service for them, they keep the scalability quite well. We don't have any scaling concerns. We also can control the scale. It is basically taken care of because it is a SaaS.

It is fully deployed to about 80,000 people worldwide.

We have Microsoft Premier Support, which has been quite good. It is quick. We are mostly into the engineering group quite quickly, and that has been good. I think they also have non-paid support, which has somewhat lower response time SLAs, but we have Premier Support.

Before, we only used local Active Directories because we were not in the cloud. Currently, in BDO Global, we are 100 percent cloud. So, we use Azure AD only.

We haven't run any other solutions than Azure AD.

The initial setup is a relatively straightforward process because Microsoft gives you a lot of guidance on how to do it. They also have a tie-in with local Active Directory. So, if you are running a local Active Directory, you can easily integrate it with Azure AD. It is also one of the more powerful features of the solution because it is a SaaS solution, but you can still tie it in with your local identity store. That makes it quite powerful because many companies, before they go to the cloud, have a local identity store, e.g., Active Directory. Microsoft has a very easy process and some tooling to make it integrate with Azure AD, so your local identities, you can still be leading, but you can sync all those identities up to Azure AD quite easily and keep the identity storage up to date.

We are exclusively using Azure AD in BDO Global. In other BDO countries, most countries use local Active Directory in combination with Azure AD.

If you look at it from a BDO country perspective, you have everything up and running in about a week, if not quicker. In our global setup, that took a little bit longer, because we had to create a solution to synchronize multiple Azure ADs towards the global one. We did that via B2B, so our setup took a little bit longer as it also involved some custom development. If you only deploy Azure AD from a single company perspective, then it should be a relatively quick process.

Deployment is not that hard because it is a SaaS solution, so you don't have to deploy any infrastructure. All that is taken care of by the solution itself. It is a matter of configuring first-time use, then setting up a sync between your own identity store and Azure AD, which is quite an easy process. If you read through the documentation, then you can have that sync running in about a day.

We mostly did the implementation and the custom coding ourselves in combination with people from Microsoft.

The ROI has been quite good because we looked at competitors as well, Ping and Okta, but their license fees were quite high. Also, Azure AD can meet all our use cases. In the beginning, we only used the free version, so that was quite cheap to run. We had some custom code that we needed to develop, but that was due to our specific use case. Overall, the return on investment has been very positive. The solution is not very expensive to run. It is quite stable. For us, it brings a whole lot of capabilities to provide people with a single sign-on experience across the world.

Compared to other big vendors over the past six years, I think we are close to saving $5 million on FTEs and licensing, which is substantial.

MS has a free version of Azure AD as well. So, if you don't do a lot of advanced stuff, then you can use the free version, which is no cost at all because it is underpinning Office 365. 

Some of the services that I mentioned, like conditional access, privileged identity management, and access reviews, come with a certain premium license per user. We negotiated those license fees in what we call a GEA. This is a global Microsoft contract that we have. So, the pricing seems to be quite fair. If I compare it to its competitors, Azure AD is a lot cheaper.

Because Microsoft gives it to you as a SaaS, so there are no infrastructure costs whatsoever that you need to incur. If you use the free version, then it is free. If you use the advanced features (that we use), it is a license fee per user. 

Premier Support is an added cost, but they do it based on the amount of services that you consume. We don't have it specifically for Azure AD because we run a lot of Microsoft technologies. We have an overall Premier Support contract, which is an additional cost. 

We looked at many different vendors for identity because our identity store is quite complicated within BDO, because you don't have that single identity store across all the countries like you see in many other global companies. So, we had a strategy. We looked at other products that could potentially do the same. However, the features that Azure AD gave us the option to do this as we wanted to do it. The other tools that we looked at, Okta and PingFederate, were not able to do the same thing for us back in the day. This is especially because we have many different identity stores within the BDO countries that have to be under the control of those countries. BDO Global cannot and is not allowed to control those identities. We need to allow the countries to control those identities themselves, but we still need a way to tie those altogether on the global side. Azure AD was the only solution that could do that for us.

From a BDO Global perspective, we don't. The firms and countries own their identities and the management around them, and they also need full control on those identities. We as BDO Global are not even allowed to control those, but we do need to provide them with single sign-on experiences. So, Azure AD is the service that allow us to do that. 

Our primary use case was about that control, which is a very specific use case because countries need to control their own identity stores and we are not allowed to control that from a global perspective. Specifically, the control requirement and still being able to have that single sign-on experience led us to Azure AD. The other big vendors that we looked at couldn't do that.

This solution is a prerequisite with some of the bigger Microsoft services, so if you want to use Office 365, Dynamics, etc., then you need Azure AD. However, it is also quite good to use for other services as well because they are currently supporting tens of thousands of other applications that you can sign into with an Azure account. So, it is not only for Microsoft Office, and I think that is probably a misconception in many people's heads. You can use it for many other cloud services as well as a single sign-on solution. My biggest point would be that it can be used for Microsoft services, but people tend to forget that you can also use it for many other services. In that sense, it is just an identity store that you can use across many services, not only Microsoft.

It continues to be one of our primary fundamental services around authentication, so we will keep using it in the future. We are planning to reduce the amount of custom code that we need to tie all these things together. Microsoft has a few things on the roadmap coming up there. We hope that we can decrease the amount of custom code that we need to run around this. The custom code is mostly about synchronizing identities from 160 countries to us. Microsoft will bring some stuff out-of-the-box there so we can hopefully decrease the custom code. It is a fundamental solution for us for identity and single sign-on, so we definitely plan to keep using it.

The biggest thing we learned is that the security boundaries are shifting from what used to be networks, firewalls, and data centers that you owned yourself. The security boundary is more shifting to identity in these cases because people are using cloud services. They use a single identity, and in this case, Azure identity to sign into those cloud services. You are not always controlling where people are signing in from anymore because those services live in the cloud. Where you used to have servers running in your data center, you had far more control on the network, firewalls, and all that stuff to keep those services secure. You now have to rely much more on the identity because the services are running in the cloud. You don't always have control over the network, so people can sign in from every device.

The security boundary is really shifting towards identity. Azure AD gives you a lot of options to secure your identity in a proper way. We use multifactor authentication, the conditional access piece, and privileged identity management, which are all services that Azure AD provides and quite hard to implement on a traditional Active Directory. 

I would rate this solution as 10 out of 10. It is instrumental to everything that we do.

We use Microsoft Entra ID primarily to reconnect all of our Windows laptops. It is our centralized location for access to pretty much anything web-related. Everything you log in is MFA activated. We've worked on conditional access policies in it as well.

Microsoft Entra ID has improved our organization because we now utilize a single source of truth for authentication. We have less management, and I can point everything to Microsoft Entra ID. I have fewer people talking about resetting passwords, the MFA pieces, and more single sign-on.

I'm not attaching or having to authenticate on separate apps, which has greatly benefited us. We are able to route things into Microsoft Entra ID. I create one ID, I create groups that manage the security side of it, we plug that in, and it works great.

The most valuable features of Microsoft Entra ID are the login and the conditional access pieces. The login helps me identify who went where, why, and what problems they may have encountered. The conditional access allows me to control the flow of user access.

The private access is the next big thing for us, and that's one feature I'm going to try in public preview and probably move towards. There is no great solution in the cloud for Conditional Access authentication and RADIUS-type authentication.

I have been using Microsoft Entra ID for four years.

The solution's stability is very good. We've only had one minor outage for a few hours.

The solution's scalability is really good.

The solution's initial setup is fairly straightforward. The biggest issues we had were syncing it to the on-premises Active Directory and doing local things like RADIUS.

We implemented the solution with the help of a consultant named Steeves and Associates, and our experience with them was really good.

We have seen a return on investment with Microsoft Entra ID. The solution has dramatically reduced the amount of time spent on activating accounts. I was the first system administrator at the company, and we've got four now. It's definitely a growing arena, but it's an understanding that I can see that progression. I don't have to teach them all these different things. We just do one thing and move on.

Everything costs money in a tough market. As a nonprofit, we have A5 licenses for nonprofits in education, so we at least have some reduced costs. Looking at Copilot and a bunch of other features that are coming out, we'll have to seriously consider that cost-to-value ratio.

Since we all use Windows laptops, choosing Microsoft Entra ID made sense. I think there's a cohesivity in what Microsoft is trying to do, and Microsoft Entra ID is a very core function of that strategy. It's easier to branch out to other security products, making it easier for us to expand that landscape.

Microsoft Entra provides a single pane of glass for managing user access.

Because of the solution's single pane of glass, we don't have to run around to multiple places, mainly to create or remove accounts. One of our biggest issues, especially in the past few years, is turnover. Removing accounts is a big issue because we don't know where everything lies. Trying to find those little corners where access has been granted and not knowing it for a year or two after the employee has left is a huge security concern for us.

Our HR department doesn't use Microsoft Entra ID yet, but the IT department extensively uses it. It saves all that account creation, and we don't have to run around to different products. The solution has saved our company at least a few hours a week. We can focus on other projects, and I can educate most of my staff who are doing it in other areas.

Microsoft Entra ID has not necessarily helped our organization to save money. As a nonprofit, we didn't have any solutions, so it probably started costing us more. However, I think it's paid off just by this security nature of things and having that single pane of glass.

Overall, I rate Microsoft Entra ID ten out of ten.