Microsoft Entra ID Reviews

We use Azure Active Directory for quite a few things. We use it for security group management of authorized principals who need access to get SSH-signed certificates for user logins. We use it for automated jot-based (JSON Web Token) self sign-on for our lowest, least privileged credentials on certain products. We also use AAD for B2B coordination of SSO when we're bringing users onto our platform, where they have Active Directory on their side. We use the OIDC-based SSO flows through AAD to merge project-level AADs back to our corporate AAD for internal single sign-on flows.

• There is tech support to help with any OIDC-based setups between organizations.
• It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.

The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access. 

I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up.

Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to.

Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.

I have been using Azure Active Directory for a couple of years now.

The stability is great.

The scalability is also great.

We have an enterprise agreement with Microsoft, so we aren't typical folks. Through that agreement, we get a dedicated technical account manager and that person is able to escalate tickets when necessary. I have found Microsoft to be very responsive when needed, although we haven't really needed them that often.

We use Azure a lot, and therefore, AAD was an obvious choice and we thought, "Why not use it?"

They've done a good job on OIDC. That was a pretty simple, seamless setup. We've done that with multiple remote IdPs now, and I don't recall too many issues there.

There is much less cost investment going into it now. We didn't have to do a volume buy to get onto the platform. When it comes to ROI, there is low friction and a high, immediate return on investment.

It's relatively inexpensive in comparison with third-party solutions. It's highly available and supported by Microsoft Azure in our enterprise agreements. With the addition of their B2C tenants, it's hard to beat from a cost perspective now.

They changed their pricing for B2B access. You used to need shared licenses so that, if you were paying for a Premium AAD on your side, that would allow you to have five shared external mapped users. They've blown that all up and it's now dirt cheap. It works out to pennies per user per month, instead of dollars. A P1 user license in their system was $6 per user per month, which is cost-prohibitive for a lot of B2B SSO flows, but now it's down in the pennies range.

We have integrated our internal applications and cloud applications with Azure AD. We also have a few external applications for which we need to implement a self-service portal and handle requests such as password reset.

We have external applications such as Cloudspace, and we have integrated Azure AD with Cloudspace. We mainly use a single sign-on. Our main target is to go through all single sign-on applications and integrate them with Azure AD. We also need to audit everything in Office 365. Our mail system is Office 365, and we also do some auditing.

We are also implementing Intune. We have deployed some basic policies for mobile devices, and we are working on improving those policies. We need to configure conditional access and improve policies for the applications and devices. We are doing some testing, and it is in progress.

In terms of deployment, we have a hybrid deployment of Azure AD. We have the 2019 version of AD on-prem.

We are able to do complete onboarding through AD. The users have access through the AD login, which is synced with Azure AD. We have a hybrid environment, and every cloud application is accessed through AD. We have defined AD policies related to password expiration, limitations, etc. It has provided smoother accessibility.

Previously, when we had on-premise AD, to reset their own passwords, users had to use a VPN or bring their laptop to the office. With self-service, users can easily change their passwords. This reduces the workload for IT support. If their password gets locked, they can unlock it themself by using Azure AD. Previously, it was also difficult to integrate with external applications, but with Azure AD, integration with external applications is easier. 

Azure AD makes it easier to see and monitor everything in terms of access. We can see sign-in logs or audit logs, and we can also integrate devices by using Intune. So, we can manage BYOD devices inside the organization.

We are using Conditional Access, MFA, and AIP. We have integrated it with Intune, and we already have DLPs.

Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data. 

The audit logs are very good for seeing everything.

We started using it at the end of last year.

It is stable. I haven't faced any issues. There could be some issues related to syncing because of on-prem, but overall, it is quite stable.

I don't have much experience with scalability. I only use tier one or Premium P1, and I want to move to Premium P2 that has more security levels and more advantages.

In my previous companies, there were a thousand users. In my current company, we have less than 500 users. It is working fine, and there are no issues.

We plan to expand our usage. If it is possible, we plan to upgrade our subscription to Premium P2. We have introduced it to one or two companies who were looking for such a solution. We have already introduced the Azure AD hybrid platform for companies that had only an on-prem setup.

Sometimes, there are issues, but they are usually because of user mistakes. We are able to fix such issues. We are able to find the issue and do troubleshooting. We are able to find information about what is wrong and how to fix it. 

Their support is okay. They are able to resolve the issue, but sometimes, there is a delay because the ticket goes to the wrong person or the wrong time zone. I would rate them an eight or a nine out of 10.

We have only been using Microsoft solutions.

It is easy to deploy and not complex, but it also depends on your requirements. We have tenants and subscriptions, and we connect AD to Azure AD through Azure AD Connect, and they are periodically synced.

The connectivity took a day or two. It doesn't take long. Sometimes, there could be issues with on-prem because of not having a standardized setup or because of parameter duplication, but after we resolve the issues, it doesn't take long. For its setup, only one person is generally required.

It was implemented by me, and I also had one guy's support. 

Our infrastructure team takes care of the maintenance part. They are taking care of monitoring. If there is an alert or something happens, they take care of it. It doesn't require much maintenance. One person can manage it.

We have been able to achieve our target and requirements for security. After the move to Azure AD, the security level is high. The users have to change passwords and do MFA a few times if something goes wrong, and if they can't, the device is going to block them. Sometimes, users are not happy, but at the organizational level, it is good. It is costly, but the improvement is good in terms of performance and security.

It is a packaged license. We have a Premium P1 subscription of Office 365, and it came with that.

Two or three years ago, we were looking at some open-source solutions.

I would rate Azure Active Directory a nine out of 10.

We use Azure AD for user access and control.

Our deployment is a hybrid of on-premises and cloud.

We can see user activity and analyze user interaction between the websites and log files. It gives us a single point of control. Overall it has helped place our security posture in a good position.

In addition, using Microsoft Endpoint Manager, new laptops can easily connect to the MDM solution, making for a very good user experience, particularly for new systems. Users just log in with their email ID and multifactor authentication. Once they are logged in, they connect automatically to the back end and that helps make the user experience for configuration very good.

Among the valuable features are MDM and Microsoft Endpoint Manager. They are very useful. Intune is built-in. And deploying to MDM has features that are very advanced. It reduces the administration work. And security-wise, it has very advanced technology.

It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security. And in the COVID situation, MDM is very helpful for us due to work-from-home. It enables us to very easily connect to our domain and align new systems with the end-users. That is very helpful for us.

There are some difficulties in the hybrid version, things to do with firewall security, inside the organization. They need to work on that more.

In addition, everything should be in one package. There are so many different packages. They need to provide guidance because there are so many features and we don't know how to implement them in our organization.

I'm also expecting a Windows 365 virtual desktop. I would be interested in that feature.

I have been using Azure Active Directory for four years.

It's 100 percent stable.

The scalability is unlimited.

I would rate Microsoft's support at nine out of 10. It's not a 10 because in some cases they don't answer a call because they are engaged with other calls.

We tried ManageEngine but it was not useful for us. It was not up to the requirements of our organization. Azure AD is a very flexible solution. It is used in most of the organization.

It is very easy to configure if you are configuring a completely new cloud deployment. But with the on-premises deployment, there are some difficulties due to security issues, like credentials required.

It doesn't take more time to install AD Connect on-premises. The installation itself takes one hour and, within one to two days, we can take all the data over to it. But we then need to monitor it for at least two days to make sure everything is fine.

We have almost 400 users in our AD and we have six people involved in maintaining and administering it, including me in my role as senior IT engineer. I take care of Active Directory monitoring, as well as installation and configuration. We also handle patches and upgrades. One person takes care of the billing part.

We set it up with the help of a consultant from KPMG and our experience with him was good.

With COVID going on, part of our ROI from using the solution is that we can view the access of all the employees who are working from home. In these circumstances, that has been a notable return on our investment. 

The pricing, in the context of the COVID situation, is very high because the overseas aerospace industry, to which we supply products, has been hugely impacted. There are no projects coming in. 

The pricing should also be less for smaller organizations.

We use the Authenticator app on our mobile phones and to authenticate for Office 365. We also provide consulting services and recommend Microsoft Authenticator to clients looking for an MFA solution.

The solution improved our and our clients' security; end users are more confident knowing that their information is confidential. Strategic users, VIPs, and admins are protected from potential attacks because their authentication goes through Microsoft Authenticator.

The product has significantly increased our security maturity and gives us comfort knowing we have security in a good, affordable solution.

We have a history of all our authentications and excellent integration with the Microsoft solutions we use at our company. It runs smoothly in Windows and macOS.

I want to see more features to improve security, such as integrated user behavior analysis.

We have been using the solution for two years. 

The tool is stable, we haven't had any issues regarding stability. 

Scaling is easy as the product is hosted in the cloud; it's a robust and trustworthy solution.

Currently, we have 100 end users in our company, and we have some clients with around 1000 end users of Microsoft Authenticator.

We never needed to contact technical support as we have never had any problems, so I can't comment on that.

We previously used JumpCloud before migrating to Microsoft Authenticator, and we did that because it's more affordable and has better integration with Office 365 and the other Microsoft products we implement.

The setup was straightforward. We made an implementation plan and transitioned from using MFA via email and SMS messages to using Microsoft Authenticator.

Our security team is responsible for all our security solutions, and they take care of the maintenance, which I understand to be relatively light.

We have a Security Operation Center in our company. Another company using the same solution without a team like ours may require several hours a month to manage the solution.

We implemented it in-house since we are a consulting services company.

We think the solution is excellent and provides a return on our investment.

I would advise implementing the solution to VIPs and admins; it's affordable, effective, and efficient. I would say training staff on properly using the tool is also essential.

We decided to go straight for the Microsoft offering since we use Office 365.

I would rate this solution a nine out of ten.

When we deployed Microsoft Authenticator for our clients, we initially had some requests for training. We delivered the training, and the end users could adapt to it; the transition was smooth.

The solution is extensively used within our organization.

When we are deploying cloud applications we avail ourselves of the services of Azure AD. At the moment, we are mostly getting the data from on-premises to the cloud, as far as user entities go. We're trying to define policies based upon the company's and our projects' requirements, such as whether we need to make something public or private. This all has to be defined. We also use it for access management.

We have protected the entire tenant itself, as a federation. AAD has also become a great source of research.

Previously there were many tenants and many subscriptions within each tenant. We have been able to separate Office 365 as a separate tenant and not welcome any other applications into that. We are only using SaaS with that tenant. Later, we had different tenants, and we welcomed all types of PaaS and IaaS.

Recently, managed identities came into the market, and we are trying to adhere to automations and customization, the automation of groups, which is a major advantage. That way, people don't have to wait for a long time for manual intervention. If they raise a ticket, within a few minutes the answer can be in their mailbox with all the details.

The features I normally use are for authentication and authorization.

Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.

For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.

An area where there is room for improvement is the ease of use of the dashboards.

Also, if a user is working in India, and we suddenly see a login from the US, Australia, or New Zealand, we should be alerted, because we wouldn't expect that application would be used by that user in those locations at that time.

An area for improvement is that there is so much dependence on on-premises databases, in the on-premises directory services.

In terms of features we would like to see, we don't have domain controllers in Azure AD. We are also looking at how we can best migrate users from on-premises to Azure AD, and how we can welcome B2B users. We would like to see improvement in the B2B functionality. We hope that is already in the roadmap. We'd also like to see some functionality for how we can set boundaries for tenants. We have multiple tenants that we're trying to consolidate. It's definitely going to be a big challenge to consolidate two tenants, so we're looking for help in that area.

I have been using Azure AD for the last three years.

In terms of the solution's availability, I haven't seen anything negative. It's always available. There have been no issues.

I haven't seen any room for improving the scalability or performance. The capacity is good. We are managing about 5,000 users in Azure AD. We have an Ops team and there are about 10 people who maintain and manage users and groups for the production tenant. But in five months, with SaaS and PaaS services, that might go higher.

We have had many discussions with tech support for Azure AD. We are trying to install read-only domain controllers or ODCs into the cloud platform. We have had many challenges with that in terms of the network side and the business requirements. Another issue we have spoken with them about is how to do automation of service principles and of groups.

Support has been great, but there is a little room for improvement. We have had to go through many iterations and we have had to wait for a long time until the next version of the solution comes out. Overall, we get good support, but their timelines could be better.

We were using Microsoft AD, on-premises. We are now syncing all the users who are in the on-premises version to Azure AD. We are not directly creating users in Azure AD because of the dependencies. Many legacy applications are talking to the on-premises directory services. When a user is created, we are sending that user from the on-premises to the cloud through Azure AD Connect.

We are using the Premium P2 licensing. 

To explore the solution, I had to create a personal version, because I can't play with the access that we get from the company. We explore those services in the personal version first, to see how it reacts.

From the company side, we haven't had issues because the licensing works well. But on a personal level, if I could enable more trial services, at least for a year, it would be much easier to explore and suggest the best solutions.

It's an easy tool to explore if you have already worked with the on-premises data services. There is good documentation available on the Microsoft website. If Microsoft provided more time for new users to explore new features, that would help. Everyone could learn more and contribute more to their companies or to the projects that they're working on. But it is easy to learn.

Just be careful, because you are in the cloud. You have to be aware of access, AM, how the user is coming into their account, where the user is going and what the user actions are, and what access they have. Always try to enable single sign-on, so that if any fraudulent user comes into the picture, you can remove them as soon as possible. So enable those features for admin accounts and use privileged IT management, vaulting the password. You have to strictly follow the security standards, because it's open to the public when it is on the cloud. You have to be very careful about the project requirements, the end-user requirements, and what the business stakeholders need.

When we started with Azure AD, we didn't restrict much. Later, we restricted a few possibilities, such as users logging in with their social accounts, or email accounts like Yahoo accounts or Outlook. Initially it was open to all. Any user could invite a guest user and provide access, but later we restricted things with conditional management, and restricted users so that they could not connect to their Gmail accounts. We are coming up with more policies as well.

We have ongoing discussions with Microsoft Azure AD regarding how we can best protect our entities and what the behaviors should be. We have some more specific requirements in the company, related to project behavior. With IaaS, you have to welcome everyone. You have to put virtual machines in the cloud. You can use the password services and develop custom APIs and deploy them. 

We are trying to define our security policies as much as we can, as we are seeing many changes in the market and are trying to restrict as much as we can. Only users who are least privileged can have an all-access. The most privileged will have additional authentication. We're trying to differentiate.

We have to be very careful about the administrative part, so that operations can easily manage without any hassle. Because we don't have natural restrictions, we are trying to implement our own rules.

As we are moving to the cloud, we have to be very careful when it comes to Azure Active Directory. If there is a mistake and a random user can log in to the directory, they could have access to everything. A user should not have access to whatever he wants, so setting up the right level of authentication and authorization is important. Use IAM very effectively. Identity and access management is a powerful space where one has to be very careful in choosing and configuring policies and standard procedures. We're trying to define that and be careful when with all platforms, whether IaaS, SaaS, or PaaS. At the moment it's going well.

We are merging many things in the tenant. Before, we only had SaaS. We are trying to welcome PaaS and IaaS to use the same production tenant. We have to exercise caution for everyone, all the individual policies, groups, and service principles. We have to enable all the features that you are capable of, such as user sign-in permissions, and application sign-ins. That has to be continuously monitored.

We have a good rapport with Microsoft. We have good support. We'll be exploring all the new services, like the managed entities and their other services that have come up. We are trying our best to explore and use the latest features that are available.

My primary use case is for our business directory, we have integrated everything into Azure into the Active Directory. 

We basically use this for Skype. We are using the cloud environment and we need the Active directory to be ticketed so if we can call and they can log in at the moment. Apart from that, we use it for video connections. If people are working from home, it is helpful that it is in the cloud. At the moment, we do not need to go for the VPN, and then we can connect. For this purpose, we use the Azure. We run quite a big business, and it is helpful with the electrodata we have used. 

I like the way it communicates to the cloud.

Whatever business requirements we needed in the past three years, users were created, with the name of the user and they were not connected with the Active Directory. We were trying to in house in three years and with directory, but we were not able to achieve it. Based on that we have informed Microsoft. And now we have created the things that are connected to the  cloud.

In Africa, we do not have the same bandwidth with internet speed. This slows the connectivity and it provides challenges for our business.

Three to five years.

Yes, it is a stable product. But, sometimes we had problems due to the network. We are running in more than 24 countries. In Africa we were having issues, but I would say that 80% of our users are happy as a result of us switching to Azure. 

The scalability of the product is fine. 

First, we create a ticket. Then it is assigned to the technical support team. Afterwards, there is a number assigned to the request by the Microsoft team. We then upload the report of the log, or the case that is required. We then wait for the solution. Then, we can test it and implement the correction for the solution.

It was a bit complex. We initially had an issue with our IP address, but it was resolved.

I believe that this solution has simplified our work environment. We have over 13,000 users and this is very helpful to connect everything. 

It is a really nice tool and we have a license for the more complex model. It is not too expensive.

Be aware that it may not work perfectly globally yet. There are still glitches with the solution in Africa.

We primarily use the solution for most of our enterprise identity management. 

It's improved our company through the security policies. It's helped improve our security posture. 

It's pretty easy to implement. In most of the apps nowadays, it has the ability to use multifactor authentication, SSO.

The control is great. It offers good conditional access.

It helps with managing user access via one pane of glass in most cases. 

The security policies we are applying are pretty well structured. 

The solution is nice to use. Microsoft did a good job.

My assessment on Microsoft EntraID admin center for managing all identity and access as our organization. It's great. It's very well organized, pretty straightforward, and easy to use. It's not just that it's easy to use, it's very intuitive. Everything is easy to find. 

We use Microsoft Entra ID conditional access features and improve the robustness of our zero-trust strategy to verify users. 

The permission management feature is good. 

The visibility and control are very good. The whole intro ID concept is pretty intuitive. Even if you have never used this and you have some experience in IT, you will be able to handle the solution easily.

It's helped our IT department save time. It also helps with speeding up processes. I can't speak to the exact amount of time saved per week, however.

The solution helps the company save money. 

It's positively affected the employee user experience. 

It's just been renamed. That said, I can't speak of room for improvement. There may be areas that could be better, however, I haven't thought too much about that. 

I would change the device access a bit. It's very difficult. I would add some features. I would like to be able to authenticate Wi-Fi users using the Azure ID. However, my understanding is it needs to be from both sides, from the vendor that is creating devices for the Wi-Fi and for the networking part and Microsoft. 

The company has been using the solution since before I arrived. I have used it for around four or five years. 

The solution is stable. I've never seen big issues. It's pretty much a stable product. 

Sometimes Microsoft has small issues, however, nothing that would cause the entire company to not be able to work for a whole day. 

More than 1,000 people are currently using the solution. 

It is a scalable solution for sure. 

I've never used technical support. 

I've used a few different solutions. Mostly I've used Active Directory. It does the same thing; it has just been renamed. 

I was not a part of the implementation. It was done before I joined the company. 

It may require a bit of maintenance, however, it's not a task that is part of my department. 

I don't deal with pricing. It may state the cost online. 

I did not evaluate other options. 

I'm a user.

I'd rate the solution nine out of ten. I'd advise others to use it. Even the free tier has a lot of features that even a small company would benefit from. 

The solution is our main identity provider and federation platform. We use it for authentication and for federations, for some provisioning, and a little bit of governance.

It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.

The product has helped to improve our security posture. The Azure stack has built out a lot of analytics features. Now, we can more effectively investigate issues. 

The solution has positively affected our end-user experience by improving our usability and reducing friction.

The solution has certain limitations. For example, it has very little governance functionality. This is, of course, a choice made by Microsoft to see which areas they want to have deep functionality, and which areas they believe are more profitable for them. 

We've been using the solution probably since the mid-'90s when it was invented.

The solution has generally been quite stable. They've had some problems with the MFA and other things, however, they are a lot better at keeping the system stable than we are.

What we have seen is that we are running into some of the limitations of scalability. That said, we are more than half a million or 700,000 internal users at the moment. There are relatively few organizations globally that are as big as we are.

We're seeing, for example, that the parcel reset, to sync parcel reset from on-premise into the system is challenging. It's more than the 30 seconds that you typically want. It's even sometimes more than the two minutes that Microsoft promises in their SLAs.

We see that our syncing is slow. We have to run it every three hours, which causes problems with being able to service our business efficiently.

Those are the main problems I've seen. On top of that, there are certain features that have run into challenges, for example, the AEDS is not fast enough.

Technical support is actually quite good. It's rather rare that we have problems with support.

They have been very good at informing us about when they have outages. That's something we really appreciate as it saves us a lot of time. If something on their side is broken, they tell us so that we don't have to look to find any problems in our systems. That's one reason I really like the way they've been handling things.

The system we used before was IBM ISAM.

The ISAM setup was on-premise and it's very expensive to run and maintain. The support for Microsoft is much better, which is an additional advantage for us.

The initial setup was complex.

We have half a million users from 20 different offices. They've all got different ways of wanting to do things, including the way we have to build the federation infrastructure, for example.

This has been a four-year project, and we're probably going to continue with it for the next year or as long as we'll be using the product.

The initial build we did was a six-month build.

Our implementation strategy was to delegate sections, including delegating identity and federation setup.

We have five full-time personnel that handle the maintenance aspect of the solution. We have outsourced the actual hands-on maintenance. This firm has a couple of engineers, an architect, and an engagement lead. We have three solution delivery managers on hand, however, they do other tasks as well and are not necessarily dedicated to AD.

We used a systems integrator to assist with the initial setup. 

The product is priced quite well. The way that Microsoft prices per user and month is quite attractive to us. The level of the license cost is quite good as well.

We did not evaluate other options. Choosing Active Directory was a management choice. 

We are just a customer and an end-user.

I'd advise those considering the solution to find a good partner to work with. You do need to have an experienced system integrator with you when you do the implementation. The integrator we brought on did a good job on our side.

I'd rate the solution at a nine out of ten.