We use Azure AD for user access and control.
Our deployment is a hybrid of on-premises and cloud.
We use Azure AD for user access and control.
Our deployment is a hybrid of on-premises and cloud.
We can see user activity and analyze user interaction between the websites and log files. It gives us a single point of control. Overall it has helped place our security posture in a good position.
In addition, using Microsoft Endpoint Manager, new laptops can easily connect to the MDM solution, making for a very good user experience, particularly for new systems. Users just log in with their email ID and multifactor authentication. Once they are logged in, they connect automatically to the back end and that helps make the user experience for configuration very good.
Among the valuable features are MDM and Microsoft Endpoint Manager. They are very useful. Intune is built-in. And deploying to MDM has features that are very advanced. It reduces the administration work. And security-wise, it has very advanced technology.
It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security. And in the COVID situation, MDM is very helpful for us due to work-from-home. It enables us to very easily connect to our domain and align new systems with the end-users. That is very helpful for us.
There are some difficulties in the hybrid version, things to do with firewall security, inside the organization. They need to work on that more.
In addition, everything should be in one package. There are so many different packages. They need to provide guidance because there are so many features and we don't know how to implement them in our organization.
I'm also expecting a Windows 365 virtual desktop. I would be interested in that feature.
I have been using Azure Active Directory for four years.
It's 100 percent stable.
The scalability is unlimited.
I would rate Microsoft's support at nine out of 10. It's not a 10 because in some cases they don't answer a call because they are engaged with other calls.
We tried ManageEngine but it was not useful for us. It was not up to the requirements of our organization. Azure AD is a very flexible solution. It is used in most of the organization.
It is very easy to configure if you are configuring a completely new cloud deployment. But with the on-premises deployment, there are some difficulties due to security issues, like credentials required.
It doesn't take more time to install AD Connect on-premises. The installation itself takes one hour and, within one to two days, we can take all the data over to it. But we then need to monitor it for at least two days to make sure everything is fine.
We have almost 400 users in our AD and we have six people involved in maintaining and administering it, including me in my role as senior IT engineer. I take care of Active Directory monitoring, as well as installation and configuration. We also handle patches and upgrades. One person takes care of the billing part.
We set it up with the help of a consultant from KPMG and our experience with him was good.
With COVID going on, part of our ROI from using the solution is that we can view the access of all the employees who are working from home. In these circumstances, that has been a notable return on our investment.
The pricing, in the context of the COVID situation, is very high because the overseas aerospace industry, to which we supply products, has been hugely impacted. There are no projects coming in.
The pricing should also be less for smaller organizations.
We use the Authenticator app on our mobile phones and to authenticate for Office 365. We also provide consulting services and recommend Microsoft Authenticator to clients looking for an MFA solution.
The solution improved our and our clients' security; end users are more confident knowing that their information is confidential. Strategic users, VIPs, and admins are protected from potential attacks because their authentication goes through Microsoft Authenticator.
The product has significantly increased our security maturity and gives us comfort knowing we have security in a good, affordable solution.
We have a history of all our authentications and excellent integration with the Microsoft solutions we use at our company. It runs smoothly in Windows and macOS.
I want to see more features to improve security, such as integrated user behavior analysis.
We have been using the solution for two years.
The tool is stable, we haven't had any issues regarding stability.
Scaling is easy as the product is hosted in the cloud; it's a robust and trustworthy solution.
Currently, we have 100 end users in our company, and we have some clients with around 1000 end users of Microsoft Authenticator.
We never needed to contact technical support as we have never had any problems, so I can't comment on that.
We previously used JumpCloud before migrating to Microsoft Authenticator, and we did that because it's more affordable and has better integration with Office 365 and the other Microsoft products we implement.
The setup was straightforward. We made an implementation plan and transitioned from using MFA via email and SMS messages to using Microsoft Authenticator.
Our security team is responsible for all our security solutions, and they take care of the maintenance, which I understand to be relatively light.
We have a Security Operation Center in our company. Another company using the same solution without a team like ours may require several hours a month to manage the solution.
We implemented it in-house since we are a consulting services company.
We think the solution is excellent and provides a return on our investment.
I would advise implementing the solution to VIPs and admins; it's affordable, effective, and efficient. I would say training staff on properly using the tool is also essential.
We decided to go straight for the Microsoft offering since we use Office 365.
I would rate this solution a nine out of ten.
When we deployed Microsoft Authenticator for our clients, we initially had some requests for training. We delivered the training, and the end users could adapt to it; the transition was smooth.
The solution is extensively used within our organization.
The primary use case is for the authentication of the users. We actually onboarded around 3000 to 4000 users at our go live, which are various application users from across the US and the other regions.
The best feature is the single sign-on provision for the various type of users. That is our sole purpose for working on that and utilizing that service as creating a custom solution for a single sign-on would be difficult when we have around 50 applications within our company that has been used by users across the globe. That includes North America plus Europe, Russia, and the Middle East. It is very difficult and complicated to do things on our own. Instead of doing that, we just acquired the service from Microsoft for single sign-on, and for that purpose, we are using the Microsoft Azure Active Directory authentication.
From our utilization perspective, they are providing almost everything. That said, the customization, like the data sharing between the application, is something that needs to be improved from their side. For example, we are sharing certain types of data. We have a container application structure, so we have a single sign-on application where we are using the Active Directory authentication, and when the user clicks on that application, the information of that user is passed to the child application, and the child application does not authenticate the user again. That is a single sign-on concept, which is available across 50 applications within that container. We pass a lot of various types of data, therefore, there's a limited capability of doing that in Microsoft Azure as, on the Azure Active Directory, we may be able to create some additional attributes, however, there are certain limitations.
Technical support could be better.
I haven't explored all aspects of the solution just yet. There's still more to look at.
We've been using the solution for as far as our last project, in which is currently being used. We have been using it for the last four years.
This is a stable solution. Since our product went live in 2017, we never got an issue with respect to authentication.
The product is scalable. It is not even region-specific. You can change the region. For example, if you want to target European users, you can simply purchase a plan for a European server or something like that. Currently, I know that our application is running in the United States region, and our targeted users are from the United States, so our application is working in the North American region, the east area.
Technical support is a thing they need to improve a lot from their side.
The engineers from the Microsoft side are professional, however, the thing is they're working on the shifts. For example, if you encountered an issue which is affecting our production application, and we talk to a guy from Microsoft in Central Standard Time. While he will be available then if the issue is ongoing for more than eight hours, which exceeds their standard working hours, he will just put a hold on the call and will say that my next representative will get back to you on this issue, and when the next representative arrives you kind of need to start over.
Neutral
The Active Directory just plays a role in authenticating the user, and it doesn't do anything else, just authentication. The services where the deployment is being done, that is a different thing. It is an application service in itself. We have an Azure Active Directory service. Besides that, we have application deployments or application services on Azure as well. That is a separate service, which is used for the deployment of the application, so when a user is accessing the application, he is redirected to the Microsoft Azure authentication application where the authentication is being performed. So far, the authentication has been performed, and that user is being redirected to our actual application, which has been deployed on the Azure service. Therefore, there isn't really a direct deployment per se for this product.
I'm not familiar with the pricing aspect of the solution. The client deals with that end of things. My general understanding is that it is quite expensive.
I'd rate the solution an eight out of ten. They do have an outstanding service compared to the competition.
When we are deploying cloud applications we avail ourselves of the services of Azure AD. At the moment, we are mostly getting the data from on-premises to the cloud, as far as user entities go. We're trying to define policies based upon the company's and our projects' requirements, such as whether we need to make something public or private. This all has to be defined. We also use it for access management.
We have protected the entire tenant itself, as a federation. AAD has also become a great source of research.
Previously there were many tenants and many subscriptions within each tenant. We have been able to separate Office 365 as a separate tenant and not welcome any other applications into that. We are only using SaaS with that tenant. Later, we had different tenants, and we welcomed all types of PaaS and IaaS.
Recently, managed identities came into the market, and we are trying to adhere to automations and customization, the automation of groups, which is a major advantage. That way, people don't have to wait for a long time for manual intervention. If they raise a ticket, within a few minutes the answer can be in their mailbox with all the details.
The features I normally use are for authentication and authorization.
Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.
For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.
An area where there is room for improvement is the ease of use of the dashboards.
Also, if a user is working in India, and we suddenly see a login from the US, Australia, or New Zealand, we should be alerted, because we wouldn't expect that application would be used by that user in those locations at that time.
An area for improvement is that there is so much dependence on on-premises databases, in the on-premises directory services.
In terms of features we would like to see, we don't have domain controllers in Azure AD. We are also looking at how we can best migrate users from on-premises to Azure AD, and how we can welcome B2B users. We would like to see improvement in the B2B functionality. We hope that is already in the roadmap. We'd also like to see some functionality for how we can set boundaries for tenants. We have multiple tenants that we're trying to consolidate. It's definitely going to be a big challenge to consolidate two tenants, so we're looking for help in that area.
I have been using Azure AD for the last three years.
In terms of the solution's availability, I haven't seen anything negative. It's always available. There have been no issues.
I haven't seen any room for improving the scalability or performance. The capacity is good. We are managing about 5,000 users in Azure AD. We have an Ops team and there are about 10 people who maintain and manage users and groups for the production tenant. But in five months, with SaaS and PaaS services, that might go higher.
We have had many discussions with tech support for Azure AD. We are trying to install read-only domain controllers or ODCs into the cloud platform. We have had many challenges with that in terms of the network side and the business requirements. Another issue we have spoken with them about is how to do automation of service principles and of groups.
Support has been great, but there is a little room for improvement. We have had to go through many iterations and we have had to wait for a long time until the next version of the solution comes out. Overall, we get good support, but their timelines could be better.
We were using Microsoft AD, on-premises. We are now syncing all the users who are in the on-premises version to Azure AD. We are not directly creating users in Azure AD because of the dependencies. Many legacy applications are talking to the on-premises directory services. When a user is created, we are sending that user from the on-premises to the cloud through Azure AD Connect.
We are using the Premium P2 licensing.
To explore the solution, I had to create a personal version, because I can't play with the access that we get from the company. We explore those services in the personal version first, to see how it reacts.
From the company side, we haven't had issues because the licensing works well. But on a personal level, if I could enable more trial services, at least for a year, it would be much easier to explore and suggest the best solutions.
It's an easy tool to explore if you have already worked with the on-premises data services. There is good documentation available on the Microsoft website. If Microsoft provided more time for new users to explore new features, that would help. Everyone could learn more and contribute more to their companies or to the projects that they're working on. But it is easy to learn.
Just be careful, because you are in the cloud. You have to be aware of access, AM, how the user is coming into their account, where the user is going and what the user actions are, and what access they have. Always try to enable single sign-on, so that if any fraudulent user comes into the picture, you can remove them as soon as possible. So enable those features for admin accounts and use privileged IT management, vaulting the password. You have to strictly follow the security standards, because it's open to the public when it is on the cloud. You have to be very careful about the project requirements, the end-user requirements, and what the business stakeholders need.
When we started with Azure AD, we didn't restrict much. Later, we restricted a few possibilities, such as users logging in with their social accounts, or email accounts like Yahoo accounts or Outlook. Initially it was open to all. Any user could invite a guest user and provide access, but later we restricted things with conditional management, and restricted users so that they could not connect to their Gmail accounts. We are coming up with more policies as well.
We have ongoing discussions with Microsoft Azure AD regarding how we can best protect our entities and what the behaviors should be. We have some more specific requirements in the company, related to project behavior. With IaaS, you have to welcome everyone. You have to put virtual machines in the cloud. You can use the password services and develop custom APIs and deploy them.
We are trying to define our security policies as much as we can, as we are seeing many changes in the market and are trying to restrict as much as we can. Only users who are least privileged can have an all-access. The most privileged will have additional authentication. We're trying to differentiate.
We have to be very careful about the administrative part, so that operations can easily manage without any hassle. Because we don't have natural restrictions, we are trying to implement our own rules.
As we are moving to the cloud, we have to be very careful when it comes to Azure Active Directory. If there is a mistake and a random user can log in to the directory, they could have access to everything. A user should not have access to whatever he wants, so setting up the right level of authentication and authorization is important. Use IAM very effectively. Identity and access management is a powerful space where one has to be very careful in choosing and configuring policies and standard procedures. We're trying to define that and be careful when with all platforms, whether IaaS, SaaS, or PaaS. At the moment it's going well.
We are merging many things in the tenant. Before, we only had SaaS. We are trying to welcome PaaS and IaaS to use the same production tenant. We have to exercise caution for everyone, all the individual policies, groups, and service principles. We have to enable all the features that you are capable of, such as user sign-in permissions, and application sign-ins. That has to be continuously monitored.
We have a good rapport with Microsoft. We have good support. We'll be exploring all the new services, like the managed entities and their other services that have come up. We are trying our best to explore and use the latest features that are available.
We primarily use the solution for most of our enterprise identity management.
It's improved our company through the security policies. It's helped improve our security posture.
It's pretty easy to implement. In most of the apps nowadays, it has the ability to use multifactor authentication, SSO.
The control is great. It offers good conditional access.
It helps with managing user access via one pane of glass in most cases.
The security policies we are applying are pretty well structured.
The solution is nice to use. Microsoft did a good job.
My assessment on Microsoft EntraID admin center for managing all identity and access as our organization. It's great. It's very well organized, pretty straightforward, and easy to use. It's not just that it's easy to use, it's very intuitive. Everything is easy to find.
We use Microsoft Entra ID conditional access features and improve the robustness of our zero-trust strategy to verify users.
The permission management feature is good.
The visibility and control are very good. The whole intro ID concept is pretty intuitive. Even if you have never used this and you have some experience in IT, you will be able to handle the solution easily.
It's helped our IT department save time. It also helps with speeding up processes. I can't speak to the exact amount of time saved per week, however.
The solution helps the company save money.
It's positively affected the employee user experience.
It's just been renamed. That said, I can't speak of room for improvement. There may be areas that could be better, however, I haven't thought too much about that.
I would change the device access a bit. It's very difficult. I would add some features. I would like to be able to authenticate Wi-Fi users using the Azure ID. However, my understanding is it needs to be from both sides, from the vendor that is creating devices for the Wi-Fi and for the networking part and Microsoft.
The company has been using the solution since before I arrived. I have used it for around four or five years.
The solution is stable. I've never seen big issues. It's pretty much a stable product.
Sometimes Microsoft has small issues, however, nothing that would cause the entire company to not be able to work for a whole day.
More than 1,000 people are currently using the solution.
It is a scalable solution for sure.
I've never used technical support.
I've used a few different solutions. Mostly I've used Active Directory. It does the same thing; it has just been renamed.
I was not a part of the implementation. It was done before I joined the company.
It may require a bit of maintenance, however, it's not a task that is part of my department.
I don't deal with pricing. It may state the cost online.
I did not evaluate other options.
I'm a user.
I'd rate the solution nine out of ten. I'd advise others to use it. Even the free tier has a lot of features that even a small company would benefit from.
The solution acted as a source of truth for everyone internally and those we collaborated with externally. We deployed it in the cloud, so many of our users are remote and spread across the country.
The features around permissions are excellent.
The general usability of the site could be improved.
The ease of use regarding finding audit information for users could also be improved.
We want to see better integration with other Microsoft 365 products; it's a separate tool, but they all need to work together.
We've been using Azure Active Directory for about four years.
The product is very stable; I rate it nine out of ten for stability.
Azure AD is very scalable; I rate it nine out of ten for scalability.
The customer service needs improvement; it takes a long time to open a ticket and get it resolved.
Neutral
We previously used Google G Suite and switched to Azure AD for better security, and to match the platform our clients are using to allow easier collaboration with them.
The initial deployment was straightforward, although we initially found it challenging to understand how to use Azure AD to manage access and permissions with external parties. We carried out the setup using three staff; myself and the IT team.
We have seen an ROI with the solution; the ability to collaborate with external partners provided tremendous value.
I evaluated Okta some years ago, so that information isn't fresh.
I rate the product nine out of ten, and I recommend it.
The solution is our main identity provider and federation platform. We use it for authentication and for federations, for some provisioning, and a little bit of governance.
It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.
The product has helped to improve our security posture. The Azure stack has built out a lot of analytics features. Now, we can more effectively investigate issues.
The solution has positively affected our end-user experience by improving our usability and reducing friction.
The solution has certain limitations. For example, it has very little governance functionality. This is, of course, a choice made by Microsoft to see which areas they want to have deep functionality, and which areas they believe are more profitable for them.
We've been using the solution probably since the mid-'90s when it was invented.
The solution has generally been quite stable. They've had some problems with the MFA and other things, however, they are a lot better at keeping the system stable than we are.
What we have seen is that we are running into some of the limitations of scalability. That said, we are more than half a million or 700,000 internal users at the moment. There are relatively few organizations globally that are as big as we are.
We're seeing, for example, that the parcel reset, to sync parcel reset from on-premise into the system is challenging. It's more than the 30 seconds that you typically want. It's even sometimes more than the two minutes that Microsoft promises in their SLAs.
We see that our syncing is slow. We have to run it every three hours, which causes problems with being able to service our business efficiently.
Those are the main problems I've seen. On top of that, there are certain features that have run into challenges, for example, the AEDS is not fast enough.
Technical support is actually quite good. It's rather rare that we have problems with support.
They have been very good at informing us about when they have outages. That's something we really appreciate as it saves us a lot of time. If something on their side is broken, they tell us so that we don't have to look to find any problems in our systems. That's one reason I really like the way they've been handling things.
The system we used before was IBM ISAM.
The ISAM setup was on-premise and it's very expensive to run and maintain. The support for Microsoft is much better, which is an additional advantage for us.
The initial setup was complex.
We have half a million users from 20 different offices. They've all got different ways of wanting to do things, including the way we have to build the federation infrastructure, for example.
This has been a four-year project, and we're probably going to continue with it for the next year or as long as we'll be using the product.
The initial build we did was a six-month build.
Our implementation strategy was to delegate sections, including delegating identity and federation setup.
We have five full-time personnel that handle the maintenance aspect of the solution. We have outsourced the actual hands-on maintenance. This firm has a couple of engineers, an architect, and an engagement lead. We have three solution delivery managers on hand, however, they do other tasks as well and are not necessarily dedicated to AD.
We used a systems integrator to assist with the initial setup.
The product is priced quite well. The way that Microsoft prices per user and month is quite attractive to us. The level of the license cost is quite good as well.
We did not evaluate other options. Choosing Active Directory was a management choice.
We are just a customer and an end-user.
I'd advise those considering the solution to find a good partner to work with. You do need to have an experienced system integrator with you when you do the implementation. The integrator we brought on did a good job on our side.
I'd rate the solution at a nine out of ten.
I'm a computer engineering student in Portugal, and we used it during one of our classes for practically the whole semester. We used both the on-premise solution and the Azure, online one.
While we were learning, we used it primarily for user access management and also to define rules for the organization. For example, we created organizational units and defined domains for enterprise-level organizations. I was able to specify access to, for example, certain folders, including shared folders and shared resources.
We were using it in conjunction with SQL Server 2019.
Azure Active Directory works well to access the resources that the school has set up for the students. We can share between our groups, and we can set up shared assignments or shared project folders very quickly and easily.
We have access to shared storage space, which is great. It is managed through Azure Active Directory and appears to me as a Microsoft OneDrive account.
As an end-user, the access to shared resources that I get from using this product is very helpful. I also use it for my email, which is a domain that is part of the organization.
The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.
The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.
One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.
It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.
The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing. I had to cancel the subscription because it was using my credits too quickly. For the students, it was not a very cheap way to learn it.
It would be helpful if they provided more credits for students who are performing test cases because we had to be really careful when we were using it. Making it cheaper for students would be great.
I have been using Azure Active Directory for one school semester.
Because we weren't using it on a large scale, it is difficult to estimate how good the stability is. That said, it worked fine for the small number of users that we had. Although it was not a good test, I think that it worked fine. It does have some good monitoring options, so we could watch the performance.
I do not have large-scale experience with this product, as I was using it for practice during my degree program. I don't know at this point whether I will be using it in the future.
In my class, there were half a dozen or fewer users.
In order for the solution to be scalable, it requires some upfront work. You have to well define the users, profiles, and roles that you want to have at your organization. We were already given some advice on that from our teachers, including which roles we should create and so forth. Once you have that done, I think it's pretty straightforward. You just have to add them through the interface that the solution has, and it's not very difficult to do.
I did not have to contact Microsoft technical support.
Our teachers explained what it was that they wanted us to implement and we were left to figure out how to accomplish the tasks on our own. When problems arose, I used Google to search for answers online. I also watched YouTube videos that included explanations and step-by-step tutorials.
Another solution that we learned about was the Apache Web Server. You can do the same things that you do with Azure, but it's more complex. You have to know a little bit more about Linux and you have to do it more manually.
In Azure Active Directory, there are already some default options available. That worked for us. It's easier for someone who doesn't want to have the headaches of understanding some of the more minor details.
For the initial setup, we mainly followed the tutorials that Microsoft has online. Initially, it was a little bit confusing because we discovered that there are many different versions of this same software. There are distinctions between an on-premise way of doing things versus a hybrid approach versus something that is on the cloud exclusively. There are limitations that each one of them has, as well as other differences that include mobile versus desktop solutions.
For a newbie like me, it was a little bit challenging to understand what the best approach would be. In this case, we were oriented by the teachers to implement the hybrid approach. When we were configuring Azure Active Directory for this, and also for the organizational units, we used the Bastion service. It is the one that creates the domains.
The deployment took perhaps half a day to complete the configuration, step by step. We had to make corrections between configurations, where we had made errors, which was part of the learning process. Overall, when you really know what it is that you have to do, it's pretty straightforward and quick to complete. Otherwise, it will take you a little bit longer.
From the documents that Microsoft has available, we understood that there are several ways to deploy this solution. There is an on-premises version, a cloud-based SaaS, and a hybrid option.
We were using virtual machines with a license that was connected to our educational package. We have a product key, install it locally on the virtual machine, and that's how we worked with it. At that point, it was connected to the cloud.
Our Azure accounts are related to our college email address, and they are also administered by Active Directory.
We deployed it ourselves. With our small group and for the length of time that we used it, we did not perform any maintenance and I don't know how it is normally done on a day-to-day basis. Based on what I have learned, I think that one or two people are sufficient for maintenance if they know the product from head to toe.
Based on my experience, it would be difficult to estimate how long it would take to earn your investment back.
As this was being used in an academic setting, we were using the educational package. Azure has an educational package available for students with a variety of licenses and different software available. One of the applications included with this is the Azure SQL Server.
Each of the student accounts had an opening balance of $100 USD in credits. We used that to implement the solution and the code doesn't change if you are a student or a normal organization. Some of the things that we wanted to do were blocked by the organization, so we had to use our personal accounts. When we used our credits in this way, it was not specifically for students but for anybody who uses the service.
These credits are used on a pay-per-use basis and the price depends on the features that you use. The most expensive one that was relevant to our use case was Bastion, which allowed us to create and configure virtual subnets. Our use case required us to use it to connect our on-premises Windows Server with the cloud AD.
My advice for anybody who is implementing Azure AD is to study the basics. Get to learn how this access management solution works. We used Microsoft Learn and YouTube videos to assist us with doing so.
In summary, this is a complete solution for any company, but it requires some time and practice.
I would rate this solution a nine out of ten.