Microsoft Entra ID Reviews

We use Azure Active Directory for the user rules, identity management, user rule validation, authorization, and authentication.

The most valuable features of this solution are definitely the authorization and authentication, and the rule-based user validation.

Azure Active Directory is quite easy to use.

We are quite happy with the Azure Active Directory services we are utilizing.

Definitely, the price could be lower. When we moved from AWS to Azure, we started paying more. The licensing fees were more expensive.

I have been using Azure Active Directory for the last 10 to 15 years.

Azure Active Directory is quite stable.

Azure Active Directory is a scalable solution.

We have approximately 100 users in our company.

We have plans to increase our usage.

Technical support is quite good, they are awesome.

Previously, we were using an open-source solution, but we are happy with the Azure Active Directory solution.

We received the migrations as a direct value add because we are a part of Microsoft MSP.

The Azure Active Directory migration took ten days to complete.

This solution is maintained by a team of three to four people.

We had assistance from a consultant.

We pay an annual subscription fee.

I would recommend this solution to others who are considering using it.

I would rate Azure Active Directory a ten out of ten.

We primarily use the solution with our customers that use it.

We're using the solution for a lot of all different things. We have used it to support. We have something called BankID here in Sweden, where you identify yourself to your internet bank and lots of other areas and we have based our connection to BankID using Active Directory. 

It's user-friendly and easy to understand. It's doing work great so far.

We're mainly using templates and using the APIs rather than using the GUI. That's the easiest way to do things.

The initial setup is pretty easy.

The solution scales well.

It's a stable product for the most part.

Something that can be improved is their user interface. It needs to be better.

It's always a good idea to have some kind of expert GUI that you can turn on/off. There are a lot of settings to work through. If you are not that experienced, then maybe you might not want to use them. 

There should be an easier way to set up the regular things and then switch to a more expert kind of wizard to set things up.

We've used the product for many, many years at this point. 

The solution is stable. There aren't issues with bugs or glitches. it doesn't crash or freeze. Its performance is good.

We can scale the solution if we need to.

It is my understanding that support is not as good as Cloudflare, however, I haven't been using the support that much for Azure. There is lots of information out there on the internet. If you search, you don't need to contact support often.

The solution has been straightforward to set up. It's simple. It's not overly complex. 

We have a handful of people involved in the initial setup. You don't need very many. They are mostly specialists and technicians. 

While I don't directly deal with tracking ROI, our customers are satisfied with the way we are billing them when we're setting things up. 

The pricing seems to be fine for our clients.

We are an integrator. We are using the latest versions of the product.

New users should know that it's quite easy to set up a sandbox environment and a free account in order to play with it. It's fairly easy to kind of set up the proof of concept.

I would rate the solution an eight out of ten.

The solution is deployed on a public cloud. We are using Microsoft Azure.

There is on-premises AD and cloud AD. We are able to sync the solution and use the load technology and password management features.

The most valuable features in Active Directory are the password writeback product and the MDM technology.

The on-premises AD comes with a lot of options and group policies. With the group policies, we are using screen saver a lot, and it is messing up Azure AD and isn't working effectively. We are also using MDM technology through Azure. For Android the MDM technology is okay, but it doesn't work properly on iPhones.

When we do a screen share and screenshots, it doesn't work on the iPhone. For Android, it will only work for Outlook, which is provided in the company portal.

I would like to see the group policies on the same platform on cloud.

We have been using this solution for almost two years.

The solution is stable and everything is working. In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal.

The solution is scalable. We haven't had any issues.

We have 500 people using this solution in our company. We have increased usage, and we have plans to increase more. 

Technical support is very good. They work quickly to resolve any issues.

We are using an earlier non-premises AD, but we want to move to the cloud setup, which is easier for end users and everyone else due to the pandemic situation.

Setup was straightforward. Implementation took three months.

For the deployment process, we had a technical team of two people who did everything. They are engineers.

We used a consultant for deployment. I think we used a Microsoft partner.

It was a good experience and not very complicated. I think I realized that they are not seeing many implementations. There's a tool in Microsoft Azure called an endpoint security tool, and they don't know how to implement it.

We have a yearly license.

I would rate this solution 9 out of 10.

This product is very nice. It's a legacy application, so the people using it are very familiar with it.

We use this and Microsoft Intune. Azure Active Directory is an identity solution and a mandatory requirement. Without Azure Active Directory, Intune would not work.

Within Azure Active Directory, the single sign-on feature is the best aspect. Right now, the world is moving to the cloud. Nowadays, every vendor is developing their cloud. With this, I can have a single sign-on and move around from place to place easily.

The technical support is pretty good.

The initial setup is pretty straightforward. 

I have found the solution to be stable so far.

The scalability potential is good. 

The pricing of the product is reasonable. 

The interface, in general, looks okay. 

The solution has built-in backup capabilities. 

So far, the solution has worked well for us. there are no missing features. 

The monitoring dashboard could be a bit better.

The solution is stable. the performance and reliability are good. There aren't issues with bugs or glitches. It doesn't crash or freeze. 

You can scale this solution if you need to. It's not a problem. 

We haven't dealt much with technical support, as we haven't really needed it, however, if we did need assistance, they have been helpful. Overall, it's been a positive experience. 

The initial setup is very, very easy. It's not complex or difficult at all.

There are multiple options for pricing. One is standalone. Another is within a package. If we consider an F1 package, I'm getting Azure Active Directory, Intune, and Microsoft Information Protection. If I'm taking the Azure Active Directory virtual feature under the plan, under the package, it's affordable. They offer a very good price.

I would rate the solution at a perfect ten out of ten overall. It's the best product. I'm really happy with it. 

We're using Azure AD as a centralized identity management tool, to keep all identities in one place. For example, if we have an application that needs authentication, we use Azure AD. It is not only for user authentication and authorization.

We also use Azure AD as a synchronization tool from on-premises instances to the cloud, and we are using Azure ID Join to join machines directly to the cloud. We use it for access policies, as well as the registration of services.

With MFA, if there has been a password leak and someone tries to access the system, Azure AD will send a notification to the real user's cell phone and ask, "Are you trying to login? Please approve or decline this login." If the user declines the login, he can send a report to IT and the IT guys can automatically block the account, change the password, and review everything else. That helps us prevent unauthorized access to the system, and that's just through the use of MFA.

Through access policies, if my account was stolen and the guy got his hands on the MFA information for some reason, if the real user is in one country and the thief is in another country, the account will be blocked by our geolocation policy, even when the password is right and the MFA has been approved. We can lock it down using geolocation.

If we're talking about applications, one of the most valuable features is the administration of enterprise applications. It helps us to keep them working. We don't always need to authenticate a user to make an application work, but we do need some kind of authorization. We use service principal names for that. Managed identities for applications are very useful because we can control, using roles, what each resource can do. We can use a single identity and specify what an application can do with different resources. For example, we can use the same managed identity to say, "Hey, you can read this storage account." We can control access, across resources, using a single managed identity.

When it comes to users who have a single account, the most valuable feature is the authorization across applications. In addition, access policies help us to keep things safe. If we have a suspicious login or sign-on, we can block the account and keep the environment safe. It's also important, regarding users, to have a centralized place to put everything.

The user functionality enables us to provide different levels of access, across many applications, for each user. We can customize the access level and set a security level in connection with that access. For instance, we can require MFA. That is a feature that helps enhance our security posture a lot. And through access policies we can say, "If you just logged in here in Brazil, and you try to log in from Europe five or 10 minutes later, your login will be blocked."

One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD.

I have been using Azure AD for the last five or six years. I have been using the on-premises solution, Active Directory, since 2005 or 2006.

We have never faced an outage situation with Azure AD. The stability is great, very reliable.

The scalability is okay for us. While there are limitations on the number of users, it's a very huge limitation. We have not hit that limitation so far. No matter how many users or groups or SPNs (service principal names) we have, it works fast. The response takes two to three seconds if we use the API.

Currently, we have more than 5,000 users. We are at 100 percent adoption. All our users from on-premises are synced to the cloud and they are fully using the features available.

The technical support is not going in the right direction. Sometimes the first-level support agents don't have the proper knowledge. Some of them take a lot of time to discover simple things because of that lack of knowledge. Sometimes a guy takes three or four days to give up and to ask for help from a higher level of support. The technical support can be improved in that area.

Neutral

Before Azure AD, we either used Active Directory for on-premises or a Linux solution, but it was almost a miracle finding Linux solutions for identities. In our location, the majority of enterprises and companies are using Active Directory. The free Linux solution is basic. You can choose a user, a password, and a level of access, but it does not go as deep as Active Directory.

The initial setup of Azure AD is very straightforward. There is even a wizard for it, making it very simple. The wizard guided us and pointed us to articles in the Microsoft Knowledge Base, in case we had any doubts about what was going on. It was a matter of "next, next, and finish."

Deployment took less than 60 minutes. It was very fast.

There are almost always issues when it comes to synching on-premises instances because they almost never follow best practices. When migrating to the cloud, there is a tool that Microsoft provides to run in your environment that tells you, "Hey, you need to fix this and this about these users, before you initiate the migration." It's complicated because on-premises solutions are like that. But if you want to have identities in Azure AD, you must have a proper set of User Principal Names, because these will be the anchor for the synchronization. If my on-premises instance has a bad UPN, it will not be able to properly sync to the cloud. But once we finished fixing the irregularities in the on-premises accounts, the migration was easy. We just installed the synchronization server and it did the job.

We have seen ROI using Azure Active Directory in the fact that we don't need to have four or five local servers. We can have just one local server and the heavy jobs can be run over the cloud. There is some money saved on that.

The pricing for companies and businesses is okay, it's fair. 

But if you are trying to teach someone about Azure AD, there is no licensing option for that. There is a trial for one month to learn about it, but there is a need for some kind of individual licensing. For instance, I personally have an Azure tenant with Azure AD and I use this tenant to study things. It's a place where I can make a mess. But sometimes I want to do things that are blocked behind the licensing. If I were to buy that license it would be very expensive for me as an individual. It would be nice to have a "learning" license, one that is cheaper for a single person.

Plan what you want. Think about whether you want native authentication and authorization in Azure AD. And if you want to have servers on-prem, you have to plan the kind of synchronization you want. Do you want passwords synced to the cloud or not? Instead of going headlong into using Azure AD and running into issues, the kind that require a change in access which could be problematic, plan before doing the deployment.

We mainly use Azure Active Directory for authentication, identity management, and single sign-on. A user can use a local Active Directory password to sign into other platforms, like Zendesk or Zoom. These on-premise users are synced to Azure Active Directory. We have some other users who only use cloud, so they don't have instances on-premise, i.e., they are pure cloud. Both of these types of users can authenticate their credentials with other applications and single sign-on. 

We use Microsoft solutions, such as Microsoft Endpoint Manager for mobile device management (MDM), Microsoft Defender, and Advanced Threat Protection (ATP). For our customers and clients, we do something similar. We also send logs from Microsoft 365 to different SIEMs.

We sync users from on-premise using AD Connect sync. We sync them to Azure Active Directory, where we have some instances. 

We have secure scores and compliance scores. These scores tell you your standpoint in terms of recommendations, vulnerabilities, etc. So, it can tell you what you need to configure to increase your security posture, then you can tell where you are. With the compliance scores, it will tell you what you need to do to improve it. The secure scores will tell you that maybe you should enable MFA for all users or that all admins should have MFA. It gives you a lot of suggestions and recommendations to improve your security posture. 

Microsoft Endpoint Manager acts as a mobile device management tool. It focuses on the firewall and does device compliance policy. There are a lot of policies that you can use to align your organization in regards to compliance and regulations. Also, there are security settings that you can enable.

In Microsoft Defender, it accesses the devices onboarded to your Microsoft Defender so you can see the vulnerabilities in terms of the applications installed on a system as well as the version of the OS that you are using. It shows you the patch management that you need to do for vulnerabilities. 

Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.

Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user. 

You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.

There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.

Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.

Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.

I have been using it for four years.

It is very simple to manage.

The scalability is massive. When you get your licenses, those should give you the limits of what you can do, but the limits are considerable. It should scale automatically as your workloads increase.

If enough customers have questions about something, the Microsoft product engineering team will pick it up, document, and design it, then publish it in Microsoft.

At a previous company, I was the technical lead and expert. We were Microsoft partners. So, we picked up tickets for Microsoft 365, working on different issues from eCommerce, Exchange, SharePoint, and OneDrive. 

You can maintain your previous investment in identity management solutions by just integrating them with Azure Active Directory. You can also integrate other solutions with Azure Active Directory, then use Azure Active Directory as a single sign-on.

The initial setup is straightforward. 

Active Directory is a place where all your instances, users, identities are being stored. You can create users and identities, then they are stored in Active Directory. Then, Azure Active Directory is just like a cloud-based scenario. When you create users, they are there. You can join devices to your Active Directory.

You need to have the user's information: their password, email, location and ID. All those things are being stored in Azure Active Directory. 

Deployment time depends on the scope of work. For example, a single user could take about 10 minutes to deploy, if you know what you are doing.

Deployment needs just one person to do it.

It protects your identity and keeps you secure. The return on investment is that it keeps your identity from being compromised or you being scammed. That is the investment that customers pay for.

Previously, only building and global administrators could purchase subscriptions or licenses. Mid-last year, Microsoft made it so users can purchase the license online.

Microsoft business subscription is for 200 to 300 users. If you have more than 300 users, you can't purchase the business plan. You have to purchase the enterprise plan. The enterprise plan is for 301 users and above. 

Pay as you go is also available. If you pay as you go in Azure, you will be billed for whatever you use.

I know AWS has something similar.

It is an excellent solution. I would advise going for it.

I have received several complaints from different people and customers too, "Why do I have to do it two times? I want to do it just one time." However, there is a reason for it - we are increasing the security layer. That is why it takes two times, because it is organizational policy. So, they just have to comply.

Previously, admins could only release quarantined emails, so you would need to speak to the admin to release them. Now, if a user's message gets quarantined, then the end user releases it.

If you have Microsoft 365, then you have Azure AD. They go hand in hand.

I would rate this solution as 10 out of 10.

My primary use case with Azure Active Directory is configuring applications, for example Edge, on premises and doing synchronizations with ADFS in a hybrid environment.

I have used it in a lot of application integrations. I set authentication for the hybrid and cloud applications for the services that we acquire.

The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.

In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS.

The services are very clear, but the user admin interface needs to be better. That's all.

I have been using Azure Active Directory for more than five years.

In terms of stability, sometimes the more applications you integrate, the more it becomes a little bit unstable. The synchronization engine is key because that's what 365on-premises is for. The main thing that Azure supports is Microsoft native 365 and the other services that come with it.

It is scalable. It is just that Microsoft likes complex licensing. They should make it more  straightforward.

We just have the admins using it, that's about 20 people.

Microsoft tech support is not the best, but they're okay.

The initial setup is not that complex. Maybe I'm the wrong person to ask, though, because I am already an old AD person and I understand it.

On a scale of one to ten, I would not rate Azure Active Directory as a bad product, I would rate it as an 8.

Entra ID is used to authenticate users and applications. 

Entra ID has helped us implement role-based authentication rather than conditional keys. It has made our entry point and access more secure. Entra has improved our Zero Trust platform, but I can't go into the details about how. 

It has improved our attack response slightly because we now have a better idea of what's happening and what we see in the logs. 

Entra ID provides an excellent overview of the applications and the options applied to them.

There are areas for improvement, particularly when moving between tenants. If we create a new tenant and try to set it up under the same organization, it becomes extremely difficult. A recent incident we dealt with took four months to resolve with a seven-day deadline, which was quite frustrating.

I have used Entra since it was released, and we also used Azure AD before it got renamed.

Stability has been questionable sometimes. We've had a few outages which have caused us some concern, and it's a critical solution that we can't do without.

There isn't much that can be done for scalability other than considering an alternative provider, which we have thought about at times.

I rate Microsoft support eight out of 10 in general, but they let us down when we were moving tenants. We were pretty upset with them.

Positive

We always used Azure AD and then Microsoft Entra ID.

Overall, some areas showed more return on investment, while others less so.

I rate Entra ID eight out of 10.