Microsoft Entra ID Reviews

We use it for various things in the organization:

1. Provisioning access to systems in the cloud for either internal teams or our partners' external teams. 
2. We use Azure AD for Windows device management with Azure AD Intune. We use them for the management of devices. We have company devices, laptops, or tablets all using Azure AD. 
3. Within Microsoft Azure, we use various services, e.g., Office 365, for granting the right level of access to the right people.

I am directly involved in the project. I know what is happening and being done by developers. I have also done some hands-on work in a test environment, using my own account, just to learn.

In our previous organization, we had to give continuous system access to users from external teams, who were not employed by our organization. This solution certainly helped with provisioning access to them, providing them with single sign-on access. It also monitored giant movers and leavers, which was helpful. 

Azure AD has massively affected our end-user experience. It provided a single sign-on for all our partners. They don't have to remember their password. They might be accessing 10 of our systems and don't really need to remember all 10 different user IDs and passwords. In most of cases, they are accessing our systems with their own organization's identity, so they don't need to remember a second user ID and password in addition to their organization's credentials. Requesting access is much better since it is all automated.

Their connection to the on-prem AD is a strong point. A lot of organizations already use on-prem Active Directory. That easily lends to using Azure AD compared to other providers. 

I like the automated provisioning of access, either for internal teams or external teams.

It has things like conditional access. For example, if someone is accessing sensitive information, then we could force them to do multi-factor authentication. Therefore, we can stop access if it is coming from a location that we did not expect. 

Compared to what we can do on-prem, Azure AD lacks a feature for multiple hierarchical groups. For example, Group A is part of group B. Group B is part of group C. Then, if I put someone into group A, which is part of already B, they get access to any system that group B has access to, and that provisioning is automatically there.

Geo-filtering is not that strong in Azure AD, where we need it to identify and filter out if a request is coming unexpectedly from a different country.

I have been using it for five and a half years on multiple projects.

It is very stable. In the last five years, we only had two major incidents on Azure AD. This is key for Azure services. If your Azure AD is down, then it brings down a lot of other services within Azure. 

It is very scalable.

My previous organization, which did power plant construction, had hundreds of partners at any time and about 10,000 internal staff. 

The product is extensively used. Many times, we have changed the way that we design based on new features introduced by Azure AD, so that drives what we do and how we design. Therefore, if they introduce a new feature, we send it straight on to be researched, then determine where we can use it. 

I am not directly in touch with technical support. I have never been on the other end calling Microsoft for technical support.

We didn't use another solution prior to Active Directory, which has been in place for a long time (20 to 30 years).

When we started using this feature, it saved time when provisioning access to users. Critically, it removed access to users who did not need access to the system. That was a significant improvement. Time-wise, we saved about tenfold. Its day-to-day maintenance is also much easier than without it.

We chose Azure AD when going to the cloud. It was key for us to maintain security within the organization. I don't think we could imagine securing our cloud without identity management as strong and rich as Azure AD. It is a key player in anything that we do on the cloud to secure resources and a critical element that determines our security.

I have set up test environments. The setup is easy, not difficult at all. This is one of the solution's strong points.

A lot of people already have on-prem Active Directory. It is a natural step to extend it to Azure.

Compared to other products in the market, the Azure AD deployment is the fastest. Depending on the size of the organization, it could take weeks or months to deploy.

For an organization of 10,000 users, there might be a team of five to six people supporting AD for day-to-day things.

Pricing-wise, they offer a stepladder approach. You can start with the lowest level features, then start increasing based on new requirements.

I have not really tried any other products, so I wouldn't be able to compare it with other stuff.

Start small, then expand it. When your organization wants to add Azure AD, you can try it on a smaller scale first.

I would rate it as eight out of 10. I am unfamiliar with other products in this market. That is why I am compelled to give it eight out of 10.

We use this solution to authenticate to the portal. There are also some VMs that are not domain-joined, so we use Azure users that we create natively in the portal.

We also use it for our applications. The accounts that we create natively in Azure are used for application authentication.

We have a hybrid deployment model where some accounts are primarily native in Azure, whereas others are on-premises. We also have accounts that are synchronized between our on-premises servers and Azure.

Azure AD has features that have helped to improve our security posture. We have a service called Azure AD Privileged Identity Management, where instead of our administrators having permanent access or permanent admin assignment, they can now activate admin roles only when they need to perform administrative-level tasks.

This means that instead of using permanent assignments, our administrators activate the specific roles that they need at the moment that they need them. After the task is complete, the administrative access expires. This has definitely improved our security posture.

Using this product has also had a positive effect on our end-user experience. The self-service password reset is something that has definitely improved our end-user experience. Instead of having to call our service desk, users can now reset their own passwords.

This is important because due to our multi-factor authentication, we no longer have policies where we have to have periodic password changes. We have three and four-factor stages of authentication, which makes our logins more secure. This is why users don't have to change or reset their passwords on a regular basis.

One of the ways that Azure AD has improved the way our organization functions is to help cut down on service desk requests. If I have an issue with my password, in the past, I would have had to log a ticket with the service desk. With most of us working remotely, this would've posed a challenge. It would have required the service desk to verify that I am who I say I am, for example. Now, because users set up their own profiles and are able to change passwords for themselves, at any moment that their account is compromised, they're able to change their own password.

Overall, this solution has definitely improved our organization's security posture. We no longer have permanent administrative permission assignments, and we are also able to restrict who is able to log in to certain applications. Finally, we are able to see and review any risky or suspicious sign-ins.

Specifically, in the infrastructure team, we now have managed identities. Instead of having to create service accounts, we have managed identities that are directly linked to our resources that support them. All of that is managed by Azure Active Directory.

Another way that this solution has improved how we do our work is that we no longer have to keep a record of all service accounts or use one service account for multiple services. Now, each service that supports managed identities can have its own service account, and that is managed by Azure AD.

The most valuable feature is the conditional access policies. This gives us the ability to restrict who can access which applications or the portal in specific ways. We are able to define access based on job roles. For example, I'm primarily in the infrastructure team and only certain people should be able to connect to the Resource Manager. We can also define which IP addresses or locations those people can connect from before they can access the portal.

If your organization requires additional security then the subscription will be more expensive.

I have been using Azure Active Directory for approximately five years, since 2016.

In terms of stability, Azure Active Directory is definitely an improvement from what we used in the past. I'm happy so far with the offerings and we hardly ever have any service disruptions.

We have a lot of different people using this solution. We have normal users and we have administrators. It's a large organization.

So far, I've been happy with the technical support.

There are very few service disruptions and also, because of our agreement with Microsoft, we are able to get escalated support.

We hardly ever have any downtime. When we do need support, it's normally escalated and our service is restored in a reasonable timeframe.

I would rate the technical support a nine out of ten.

Prior to this solution, we used the on-premises version of Active Directory.

The switch was part of our cloud migration strategy. For us to be able to use our apps and workloads in the cloud, we had to have Identity Management as part of our migration scope. It's linked to our cloud migration strategy.

I was not involved with the initial setup but I assume that it was not complex because we have Microsoft consultants assisting us.

We specifically work with Microsoft directly. We don't use a reseller or service provider. All of the assistance that we get is directly from the vendor.

Our technical team is responsible for deployment and maintenance. I'm not sure how many people are in that team. Somebody from security is involved, but I'm not sure what other roles are required for maintenance tasks.

We have definitenly seen a return on investment from using this product. We have seamless authentication, quicker response times, more robust security, access from anywhere without having to set up VPN links, and federated models.

If we had similar services on-premises, I assume that it would be expensive, especially given that we used to have a perpetual licensing model. Now that we are able to have a subscription-based service, it has not only improved our security posture but also cut down on costs.

My advice concerning the pricing and licensing would vary depending upon the stage of maturity of the organization. I've been with companies that are using the Office 365 license for Active Directory, whereas others are able to use the free version of it.

For organizations such as the one that I'm at now, where we require more security and have services like the Conditional Access Policies or Privileged Identity management, you have to upgrade to a higher level of the solution.

I'm not sure about the specific costs or how they're calculated, but essentially, the costs go up based on the level of security that is required by the organization.

I can't say for certain what our future plans are for Azure AD but I see it being used long-term. It has helped our organization to grow because of what we are able to do. Also, it has greatly improved our security posture because of the services that are available.

I would rate this solution an eight out of ten.

We primarily use the solution for our AD. Azure AD and Microsoft Entra ID are basically the same, they are currently rebranding. I basically manage users and permissions.

It's made it easy to manage our users. It's also easy to deploy across the company. It pulls over the Exchange and does everything together in one go. You just have to get the licenses.

The login process is easy. It's very user-friendly for users. We can check the logins and handle user management. It's quite simple and easy to use.

It provides a single pane of glass for managing users and access. It's easy for users to handle multiple devices. It makes the sign-on experience better. It can easily teach users how to use the authenticator app.

I'm able to get reports on the database to help give visibility to security. I don't handle security, however. I'm there for support. People can use the data to perform investigations. 

The ID is quite useful. The Azure ID admin center can manage all identity access tasks across an organization. We can easily set up users. It's something you need in every company. Most of the basic stuff is done for users.

The Verified ID is useful for authentication. You can set it in your privacy settings. 

The solution has helped us save time.

The experience overall has been good for employees when they need to get an ID. If you need an extra license, it's just a matter of clicking one button.

We'd like to be able to link to non-Mircosft products, like Linux. There isn't much open source that links up with Azure. Most open source, however, can link up with AWS.

I've been using the solution for four years now. 

The solution is stable. it's dependable. 

We have about 100 users on the solution. 

It's easy to scale up or down. It does what it needs to do. You can always edit or delete resources as well. 

We haven't had any issues. Therefore, I have not really dealt with technical support. 

Positive

I was also working with Microsoft Active Directory on-prem. I'm new to this company; I've worked with other things in other companies before. 

I've used Okta in the past. I find the Azure pricing more user-friendly and I find it's better in terms fo team collaboration. For example, with this, you can also implement Microsoft Defender which can help you monitor users as well.

We have it deployed to the cloud; it's too expensive to maintain on-prem hardware. 

I was not directly involved in the deployment of the solution. 

Only two people have to maintain the product. 

The pricing is expensive. It's in US dollars. I'd rate the affordability of pricing six out of ten. 

I'm not sure if the company evaluated other options. 

I'd rate the solution eight out of ten. My advice would be to stay virtual and not on-prem or you'll have to pay more.

We used Azure AD for a role-based customer access mechanism. We implemented a single tenant, single sign-on for users of the application. We gave them a sign-on feature with OpenID Connect.

Previously we had to manually create the authentication server, but when we used Azure AD, we got the server directly from Azure. I didn't have to design the server.

We were also able to filter on the domain for the client I was working for.

In addition, we used Azure AD's Conditional Access feature to enforce fine-tuned and adaptive access controls. That was pretty useful because we didn't have to do much because we had attributes like authorized tags. And we configured scope, meaning who can access what, in the manifest. It was not very complicated.

And Azure ID has definitely helped save us time. Earlier, we had to depend on the infrastructure team, a different team, to manage the Active Directory permissions. But now, most of the time, the developers have access in the portal. It is saving us about 40 percent of our time.

The most valuable features of Azure ID are the single sign-on and OpenID Connect authentication.

Also, it was very nice that the documentation, the articles and help, on how to implement what we were trying to do, were available freely on the site, making it easy to develop. We did two or three sprints because things worked. Most of the time was spent on development and testing. But the deployment was easy.

Maybe I don't have enough experience, but when you fix the rules and permissions, working directly on the manifest, you really need to have in-depth knowledge. If there were a graphical user interface to update the manifest, that would be good. For example, if I want to grant access to HR versus an admin, I have to specifically write that in the manifest file to create the various roles. That means I'm coding in the manifest file. A graphical user interface would really help.

I have been using Azure AD for two-plus years.

The stability is 95 percent. We don't have any issues with it.

Of course it's scalable and that's why we choose the platform. We only have two regions in the load balancer. We have not gone beyond that, so we have not faced an issue.

We deployed it in multiple locations for our customer.

We haven't contacted Microsoft support.

I have played a small role in deploying Azure AD, but I have not been involved in the migration process. Overall, the deployment is easy. It took us 20 to 25 days, including fixing issues. That was normal, nothing unusual.

Regarding maintenance, the team I'm on does application maintenance. For Azure, we have a cloud admin who looks at the Azure portal for things like billing, access management, and admin work.

Some people use SAML technology for single sign-on. Although I haven't used it, it seems a bit complex. I started working directly with Azure AD OpenID Connect to a single tenant, or Azure AD B2B or B2C, and it was very smooth. It was not much of a challenge. Most of the complex things are taken care of by the Azure AD login. Usually, you don't need to do a deep dive into what is happening internally. 

Microsoft is like a "hovercraft", as opposed to scuba diving. With Microsoft, you can use the "hovercraft". Without touching the river you can cross it.

I have not explored many other competitive products, like GCP or AWS. I am a supporter of Microsoft products.

With Verified ID, things were secure. In recent news, there has been some hacking due to some developer using an email ID as opposed to OpenID, but our team did not use email IDs. Even if we were using email IDs for single sign-on, the user still needed to sign up with a password, so it was not possible to impersonate someone else.

The user experience, the interface, is very smooth. We have never had any problems with the single sign-on.

When applications are hosted on Azure, you should use the advantages of Azure AD.

We use the solution for sign-on authentication to our devices.

During the pandemic, we were able to smoothly shift our employees to work from home. Azure Active Directory played a crucial role in ensuring the security of our systems by verifying the identity of the authorized personnel logging in.

We started using Azure Active Directory because it helped our IT administrators and department save time, which was one of the main reasons.

Azure Active Directory saved our organization money.

Azure Active Directory significantly enhanced the user experience for our employees. We observed a notable increase in employee usage and positive communication regarding their experience, particularly after the pandemic.

The two-step authentication is the most valuable.

I would like to have an additional security option to prevent spam.

The price has room for improvement.

I have been using the solution for five years.

The solution is extremely stable.

The solution is highly scalable. We are a school district that is compromised of seven schools. The solution is implemented in multiple locations, and we have over 200 employees and 1,600 students.

The technical support is good. They are always responsive and provide quick resolutions.

Positive

We were using Office 365 but all of the employees started to use their personal emails which affected security so we added Azure AD.

We obtained certification for the deployment of the solution. Microsoft provided a document outlining all the deployment rules and steps, as well as a planning team that provided instructions for all email templates. The deployment required three people.

The implementation was completed in-house.

We have seen a return on investment using Azure AD.

We are currently on the education plan, so the price is slightly better than the development plan. However, I believe there is room for even better pricing.

We assessed Google Cloud Identity but ultimately chose Azure AD due to the Microsoft product familiarity among our team. We believed the transition would be smoother, which has been confirmed. Moreover, since not everyone was using Gmail, it would have been challenging for them to learn a new system. However, at that time, everyone in our school was using Microsoft products.

I give the solution a nine out of ten.

We have a full-time IT staff and part of their role is to maintain the solution.

Azure AD is an excellent and highly stable product. Its user interface is intuitive for those who have prior experience with Microsoft products. With some training, deployment can be carried out successfully. Our deployment experience was hassle-free, but the pre-training we received proved to be very helpful.

We use the solution to cover Microsoft 365 licenses.

We strive to provide our users with the easiest and fastest way possible to access. Most users view the single pane of glass as a feature that is beneficial. However, the security policy is more difficult to implement and must be managed and measured by the administration.

I give Entra Admin Center for managing all identity and access tasks in our organization an eight out of ten.

We use the Apple environment. When we tried to implement Azure Active Directory in our service, it was a bit difficult. So, we chose to use an alternative such as Okta. However, Azure Active Directory is very valuable because it connects with Apple School Manager itself. I would rate Azure Active Directory an eight out of ten.

Entra saved us about one hour per month.

The overall employee user experience with Entra is a seven out of ten.

We use Active Directory to manage our Microsoft 365 licenses. The solution is very easy to use. We conducted some tests to connect this with our MBM through the identity tools, which was also very easy. We just had to follow a few steps, but we needed to be more technically prepared.

Active Directory is easy to maintain due to our control of identities. We have a controller in place to maintain and clean the Active Directory, providing new identities and removing those no longer in use.

The most valuable feature of Azure AD is its ability to connect with services outside of Microsoft, although documentation is necessary to properly implement these connections. Azure AD is a reliable and well-tested solution, so it is arguably the most popular of its kind. While Azure AD may not be the easiest to use, it covers a wide range of areas.

Using Microsoft Endpoint Manager is not difficult. We must select two out of six or eight options for Entra's conditional access. To avoid invading privacy, such as requesting a phone number or personal email, we must opt for validation via an app.

Microsoft Entra Verified ID is straightforward, but the only option to apply is to install it on our mobile device.

Microsoft Entra Verified ID is an option we offer to employees, but most of them opt to use other identification methods instead of installing the app on their devices.

I give Microsoft Entra Verified ID's privacy and control of identity data a six out of ten.

I don't feel the Entra admin center offers a single pane of glass for managing user access because we have to use more resources and it is not user-friendly.

The user sign-on experience was ultimately satisfactory, but the process of finding the best configuration was somewhat arduous due to the protection of licenses or access; the users were confronted with strict instructions on how to log on and were required to select two options to do so, such as providing a cell number or personal email or using an app to connect and verify the two steps. This was not easy for the users to feel comfortable with.

The implementation of the conditional access feature was challenging due to our users' unfamiliarity with this type of login. Managing it was difficult.

The solution can improve the educational portion because it is an administration cost.

I have been using the solution for two years.

The solution is extremely stable. I give the stability a ten out of ten.

The solution is easily scalable. I give the scalability a nine out of ten.

The technical support is good.

Positive

The initial setup was straightforward. We had Microsoft's support within our company, and the local provider in Mexico was very easy to use. We only used this part for Microsoft 365. Connecting with our MBM provider was the same process and easy to do due to all the documentation; we simply followed the steps.

One person was used for the deployment.

The implementation was completed through a reseller.

We have seen a return on investment.

The pricing for Azure Active Directory is affordable; I would rate the cost a six out of ten. As an educational company, we have access to very good discounts on the solution, making it even more affordable.

When comparing Okta and Entra as authentication services, Okta is the market leader and is my preferred choice.

I give the solution a nine out of ten.

We must go through the test and assess how users can be more comfortable using the combination. The administration area is the most difficult, as our users have to install an application on their personal cell phones or provide a number, which is challenging. Our staff is quite particular about privacy.

New employees may not be aware of the backend efforts to protect licenses and secure information when we ask them to use Microsoft Entra Verified ID. This is not intended to be intrusive, but when we ask a user to install the Endpoint on their personal cell phone, they may be hesitant and not want to be inconvenienced on a personal level. They would prefer the onboarding process to be easy and not involve these methods. They just want to enter a simple password and move on.

I recommend looking for documentation on Azure, as it is a huge service with great potential and can connect to many other services. Learning about Azure is very interesting.

We are a university using Azure AD to authenticate staff, faculty, and students. Our organization completely depends on Azure Active Directory for authentication and identity-related features. All cloud activities and third-party services are validated with Azure Active Directory.

We also have an on-premises Active Directory, and the data is synced periodically to the cloud. Most of the services done on-premises are reflected in the cloud at once. We can also do the same handling features from the cloud to write back to the on-premises AD. This is the architecture.

We are implementing more and more services in the cloud on Azure and AWS, so we need to monitor our data security thoroughly. It's always a concern. Azure Active Directory enables us to easily validate the identity of anyone who connects to a particular server. We need to validate our data properly. For example, we must ensure our research data is going to the right person and place. Microsoft Azure Active Directory provides the easiest way to do that.

The Conditional Access feature lets us restrict access to a group of people on specific servers. We create a group in the Azure Active Directory and put only the necessary members there. For example, we can easily set up conditional access to SSH, Telnet, SSH, HTTPS, or any service with Azure Active Directory. 

We plan to implement Zero Trust in many of our other devices. It is an essential feature because users from multiple countries are accessing our research servers. We can provide a highly secure environment with minimum services without compromising productivity with a Zero Trust strategy.

We have wireless units deployed across the campus and use Microsoft AD services to authenticate all wireless activities. Many of the use cases are covered by wireless. After authentication, some users need to be redirected to the cloud. Their identities can be easily validated and captured with Microsoft AD. It gives us excellent control over our on-premise infrastructure.

Verified ID has helped us with our remote workforce. We provide VPNs to our remote employees so they can connect to our cloud services, authenticate with Azure, and be granted the necessary access. We provide policies for each user basis. Users in each category connect to the VPN, authenticate with their Azure credentials, and securely access all the cloud services.

We give provisioned laptops to our remote employees. With the help of this VPN, they spend less time coming to work in person because they have full-time access from home. So that way, we could reduce most of our official requirements concerning our employees. 

Privacy is a crucial security concern for our organization. With Verified ID, we can ideally authenticate Microsoft services without worrying about compromised identities. We used to have these issues with on-premise Active Directory, but this is less of a problem since we migrated to Azure Active Directory.

Our HR department can easily get a complete report on our users. HR can see specific fields, like designation, school, businesses, etc., if they need it from the Azure AD. They can also get the usage logs. They don't need to store all this manually for each person. They can easily get all the reporting parameters from this.

Azure AD saves us a lot of time. On any given day, it will save around four hours. It also saves us money because we don't need to pay for the resources required to have Active Directory on-premises. If we relied on on-premises Active Directory, it would require data center resources, like air-conditioning, power,  hardware, etc. We save considerable money by deploying it on the cloud. Percentage-wise, I think we could save around 40 percent. 

Azure Active Directory has improved our overall user experience. I would rate it a nine out of ten. Our users are delighted.

Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure handles everything. We haven't experienced any errors or security-related issues in the past four years. Many people use our protection servers from outside, requiring multi-factor authentication. Each authentication is logged precisely.

In addition to the SSO, Azure AD is entirely flexible. We have other Microsoft services running on-premises, so Microsoft Azure AD allows us to sync other Microsoft services completely. This is perfect for us.

Microsoft Entra offers a single pane of glass for managing users and cloud services on multiple platforms. It all requires authentication and validation of user data, so Azure AD helps us to authenticate each user's identity without any security compromises. 

Microsoft has an excellent administration portal that enables us to sync our on-premise Active Directory automatically with the cloud. Any on-premise policy changes are reflected on the cloud. There are various options for each user on the admin portal. You can change user passwords and other attributes or configure a policy for forgotten passwords. A writeback feature can also reflect changes from the cloud to the on-premise environment. If you change the password from the cloud admin center, it gets reflected here.

Microsoft Azure AD Connect has a multi-factor authentication. Multi-factor authentication is a crucial feature, but we only require MFA for specific servers in the cloud. With Microsoft Azure AD Connect, we can specify the users and servers that require multi-factor authentication.

Azure Active Directory integrates well with other third-party applications. Third-party hosted solutions have the option. We can even create applications with Microsoft Azure AD. When users log in to Microsoft Azure AD, their credentials are stored in the application, and we don't need to get them on-premise Active Directory. So, it is an essential feature for us.

Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications.

We have been using Azure Active Directory for four years. 

Microsoft services have a reputation for complete reliability, so we expect the same from Microsoft Azure AD. It doesn't disappoint because most of the on-premise features extend to the cloud. Plus, Microsoft Azure AD has additional features, configuration, and single sign-on capabilities. It's a complete package for this authentication and validation purpose. Most of our users are pretty happy with this product.

Azure AD is completely scalable. We can add unlimited users.

I rate Microsoft's support a ten out of ten. Microsoft technical support is excellent

Positive

Previously, we have used on-premise Active Directory.

Setting up Azure Active Directory was a bit complex. The migration process is somewhat challenging because we don't want to lose any on-premise data. Each user has many parameters and access policies already set. Without even changing the password, we were able to sync all this data to Microsoft Azure AD. It was a complex procedure because Azure AD Connect has to be deployed correctly. We required help from Microsoft's technical support to do this.

Our initial deployment required three system admins and took around one week, but it took around six months to import all our users and get everything working properly. After deployment, Azure AD doesn't require any maintenance because everything happens in the cloud. We don't need to bother with anything.

The return on investment is pretty massive. We save time and money. It helps us even if we opt for a subscription. We save a considerable amount of time with the cloud version because it has various features unavailable in the on-premises Active Directory that save time for the system administrators. We can concentrate resources on hiring other staff instead of system administrators. All the features are within the cloud itself, so it reduces the maintenance costs of an on-premise server. 

Active Directory is bundled with a package of Microsoft services, so it doesn't cost much. I don't know about the individual license of Active Directory. 

I rate Azure Active Directory a ten out of ten. I would prefer Azure AD to have multiple application scenarios requiring a single sign-on facility and complete authentication, validation, and security tracking. 

If they require it in their application, even if it is an on-premise or a host application, I would prefer Microsoft Azure AD because it handles all this simultaneously. No other application covers a complete range of activities in an all-in-one solution. 

We are a Microsoft-oriented company. All our main infrastructure for user systems and productivity, like Microsoft Office and email, are from Microsoft. So we use Microsoft products and we use Active Directory on-premises. We have also built a cloud infrastructure and we now have a completely hybrid architecture. As a result, it was mandatory to configure Azure Active Directory to synchronize with the on-premises Active Directory.

We have finished that project and now we use Azure Active Directory for users who are on the cloud.

Entra is very good for the organization because we now have many users, due to COVID, who are working from a distance. With Microsoft, we can give them the opportunity to download all the applications on their personal PCs, like Teams, OneDrive, et cetera. They have a single sign-on and they can log on from everywhere.

The solution has improved things a lot for our organization because it has improved productivity. One specific effect is that we used to use a lot of VPN access, but we have decreased that access by 80 percent because they don't need the VPN anymore. And productivity has also improved very much, because users can do their jobs from everywhere, even on their mobile phones, because they have their files on OneDrive. With Azure Active Directory, we don't have security issues thanks to the added security on the cloud, such as MFA and also Defender for Endpoint. 

But it's not only productivity tools that we have on Azure, we have other applications as well that we have set up for our users, like SAP. We have also diminished our telecom costs.

We have saved a lot of money, I'm very sure about that. We pay for the solution but because it is in the pricing agreement, we have more tools available and we don't have to buy more. I would estimate it has saved us more than 40 percent.

In addition, before, we had to work through all the horizontal firewalls and security sensors in the company. Now, we have separated the productivity tools like Word, Excel, OneDrive, and Teams. That means our users are very pleased with the user experience. They like using it. They can work from home or at the company and their files are synchronized. 

Overall, we feel our security has improved and we are confident.

I like the fact that I can manage the users, but it's also a security resource. Let's say we decide that our users need to have MFA - multi-factor authentication. It is very easy to implement that with Azure Active Directory.

What could be improved is the environment. It still has administration centers in Office 365, and the same is true for Azure in general. You can manage the users from the Office 365 administration center, and you can manage them from Azure Active Directory. Those are two different environments, but they do the same things. They can gather the features in one place, and it might be better if that place were Azure.

I have been using Azure Active Directory for five years.

The stability is very good. We don't have incidents. The only issues we had were to do with synchronization that took some time between Active Directory on-prem and Azure Active Directory. But that might have had something to do with other issues.

It is a 100-percent scalable solution and that is one of the reasons we chose it. 

We have installations on-premises, and people all over the country, including the islands, the north, and everywhere. Our users are in multiple locations. It's used across different departments with different applications and needs. At this moment, we have about 2,300 users.

Microsoft's technical support needs to be improved. It's a bit bureaucratic, to put it in one word.  The procedure for opening a case is that someone sends you an email to give them all they need. I would like the technical support proceedings to be faster. Sometimes, my company doesn't have this time. We need to find a solution very quickly. 

Neutral

We used on-premises products like System Center Configuration Manager. We used Microsoft's products, but for on-prem administration, not on the cloud.

Due to the fact that we have a hybrid architecture, not a clean cloud solution, it took us a lot of time. We had to consider how everything, all the applications, was going to work. Active Directory is also involved in emails and there were many procedures to consider and test. There were also many users who were staying on-prem. We also had to consider external cooperation with other European and domestic energy companies. So it took us about one year. Our company is not a simple company, like a sales company or a manufacturer. We deal with critical infrastructure and we have to control and operate the power for the whole country. We had to think about every step of the journey.

We had 10 to 12 people involved. I was the project manager and there were three groups of people, in addition. One was from telecom and security. There were a few people from infrastructure and technical support, and there were some people from the application side, to test that all our applications were active.

We also have teams for projects, like when we do a large construction for something like power lines. We form teams between departments and these special teams may work for a year on a specific project. We also needed to consider them because they have different needs and work from different places and are mobile.

Because we have on-premises firewalls in our company, we had to do some work before we implemented AAD to arrange access between the company's security system and the Microsoft cloud system so that they could cooperate and communicate. We had to open the protocols, et cetera. As a result, we don't have any problem with the consistency of our security policies.

In the beginning, it was a matter of getting used to the procedures. We needed to explain things to the users so we sent them a guide. We rolled it out to our 2,500 users in many batches over about four months.

There is periodical maintenance, such as upgrades, as well as ad hoc maintenance. For example, if we modify public folders, we need to do some work because, on one occasion, cloud users couldn't see a public folder that was on-premises.

We can see a return on the investment by comparing the prices we know from previous years. We don't use so many data centers now and we don't need as many installations and to pay as much rent.

Our return on investment is that the costs are very small, like one-tenth what they were, by going from owning on-premises data centers to what we have now. Over a period of five years, our return on investment is 100 percent. The money we pay for this contract is not much compared to the money you need for buildings, data centers, power, and technicians.

The price is also very good if you consider the money you save by not having to pay for many contracts with different companies to create a corporate solution. You pay one company, like Microsoft, and you have the whole solution. We have saved a lot of money by doing that. 

Of course, you need to give it time and in-house resources. People have to be trained. Otherwise, if you have many environments and many products that you don't know very well... 

Maybe using multiple companies is good. That's why we do use some other products, but not many.

The price is fair. It's not very expensive given what they offer. Of course, we did some negotiating with Microsoft. We didn't pay the list price. We have been a Microsoft customer for many years, so when the contract comes due every three years, we discuss it. Afterward, there are some discounts.

We evaluated Amazon and Google. We chose Microsoft mainly because it has the whole package, meaning it has the security, the applications, and the infrastructure, so it's a more holistic approach compared to the others. It's not that Google and Amazon don't offer something like that, but they need more time to improve because they were not on-premises companies.

Microsoft gives you the space, the data centers on the cloud, and backups; it gives you everything. From the others, something was always missing. Microsoft may not be perfect, but it has everything you need.

It's a very good solution, an excellent solution. It's very stable and robust. You don't need to do a proof of concept unless you have a special case, like, for example, fleet management, and have a very specialized application.

We use Entra’s Conditional Access feature but we also use other tools from other vendors. From our experience so far, we haven't had problems. Entra seems robust enough. We haven't even had one incident of malware. Of course, we have added some more tools to our cloud infrastructure for the mail applications in the network. So although it's robust enough, because we're handling critical infrastructure, as a company we decided to have more tools.

We use Intune and Endpoint Manager. Any device that is connected, even if it is a personal device, needs to be registered via Intune. We do not accept non-registered devices. 

Azure Active Directory, and Azure in general, is a very big solution that we are developing further. It takes a lot of time, but by using it, we don't need so many other resources from outside companies. We can manage everything in-house. It takes a lot of time, but it's better than other options. It has more tools and better monitoring. Those extra tools mean more time spent on it by the administrators. But it has dashboards that they didn't have before. So the administration is easier and more centralized, but you need time with all these tools.