Microsoft Entra ID Reviews

I'm a computer engineering student in Portugal, and we used it during one of our classes for practically the whole semester. We used both the on-premise solution and the Azure, online one.

While we were learning, we used it primarily for user access management and also to define rules for the organization. For example, we created organizational units and defined domains for enterprise-level organizations. I was able to specify access to, for example, certain folders, including shared folders and shared resources.

We were using it in conjunction with SQL Server 2019.

Azure Active Directory works well to access the resources that the school has set up for the students. We can share between our groups, and we can set up shared assignments or shared project folders very quickly and easily.

We have access to shared storage space, which is great. It is managed through Azure Active Directory and appears to me as a Microsoft OneDrive account.

As an end-user, the access to shared resources that I get from using this product is very helpful. I also use it for my email, which is a domain that is part of the organization. 

The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.

The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.

One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.

It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.

The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing. I had to cancel the subscription because it was using my credits too quickly. For the students, it was not a very cheap way to learn it.

It would be helpful if they provided more credits for students who are performing test cases because we had to be really careful when we were using it. Making it cheaper for students would be great.

I have been using Azure Active Directory for one school semester.

Because we weren't using it on a large scale, it is difficult to estimate how good the stability is. That said, it worked fine for the small number of users that we had. Although it was not a good test, I think that it worked fine. It does have some good monitoring options, so we could watch the performance.

I do not have large-scale experience with this product, as I was using it for practice during my degree program. I don't know at this point whether I will be using it in the future.

In my class, there were half a dozen or fewer users.

In order for the solution to be scalable, it requires some upfront work. You have to well define the users, profiles, and roles that you want to have at your organization. We were already given some advice on that from our teachers, including which roles we should create and so forth. Once you have that done, I think it's pretty straightforward. You just have to add them through the interface that the solution has, and it's not very difficult to do.

I did not have to contact Microsoft technical support.

Our teachers explained what it was that they wanted us to implement and we were left to figure out how to accomplish the tasks on our own. When problems arose, I used Google to search for answers online. I also watched YouTube videos that included explanations and step-by-step tutorials.

Another solution that we learned about was the Apache Web Server. You can do the same things that you do with Azure, but it's more complex. You have to know a little bit more about Linux and you have to do it more manually.

In Azure Active Directory, there are already some default options available. That worked for us. It's easier for someone who doesn't want to have the headaches of understanding some of the more minor details.

For the initial setup, we mainly followed the tutorials that Microsoft has online. Initially, it was a little bit confusing because we discovered that there are many different versions of this same software. There are distinctions between an on-premise way of doing things versus a hybrid approach versus something that is on the cloud exclusively. There are limitations that each one of them has, as well as other differences that include mobile versus desktop solutions.

For a newbie like me, it was a little bit challenging to understand what the best approach would be. In this case, we were oriented by the teachers to implement the hybrid approach. When we were configuring Azure Active Directory for this, and also for the organizational units, we used the Bastion service. It is the one that creates the domains.

The deployment took perhaps half a day to complete the configuration, step by step. We had to make corrections between configurations, where we had made errors, which was part of the learning process. Overall, when you really know what it is that you have to do, it's pretty straightforward and quick to complete. Otherwise, it will take you a little bit longer.

From the documents that Microsoft has available, we understood that there are several ways to deploy this solution. There is an on-premises version, a cloud-based SaaS, and a hybrid option. 

We were using virtual machines with a license that was connected to our educational package. We have a product key, install it locally on the virtual machine, and that's how we worked with it. At that point, it was connected to the cloud.

Our Azure accounts are related to our college email address, and they are also administered by Active Directory.

We deployed it ourselves. With our small group and for the length of time that we used it, we did not perform any maintenance and I don't know how it is normally done on a day-to-day basis. Based on what I have learned, I think that one or two people are sufficient for maintenance if they know the product from head to toe.

Based on my experience, it would be difficult to estimate how long it would take to earn your investment back.

As this was being used in an academic setting, we were using the educational package. Azure has an educational package available for students with a variety of licenses and different software available. One of the applications included with this is the Azure SQL Server.

Each of the student accounts had an opening balance of $100 USD in credits. We used that to implement the solution and the code doesn't change if you are a student or a normal organization. Some of the things that we wanted to do were blocked by the organization, so we had to use our personal accounts. When we used our credits in this way, it was not specifically for students but for anybody who uses the service.

These credits are used on a pay-per-use basis and the price depends on the features that you use. The most expensive one that was relevant to our use case was Bastion, which allowed us to create and configure virtual subnets. Our use case required us to use it to connect our on-premises Windows Server with the cloud AD.

My advice for anybody who is implementing Azure AD is to study the basics. Get to learn how this access management solution works. We used Microsoft Learn and YouTube videos to assist us with doing so.

In summary, this is a complete solution for any company, but it requires some time and practice.

I would rate this solution a nine out of ten.

We use it mainly for our Office 365 files. The integration between the two is interesting. It's been a learning curve.

Overall, it's not a very intuitive solution.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory. We don't have a subscription to Active Directory, but our Active Directory connector puts our credentials into the Azure Active Directory. On the Office 365 side, we're also in the GCC high 365, so it's a lot more locked down. There are a few things that aren't implemented which make things frustrating. I don't blame the product necessarily, but there are links and things within there that still point back to the .com-side and not the .us-side.

There's a security portal and a compliance portal. They're being maintained, but one's being phased in and the others are being phased out. Things continue to change. I guess that's good, but it's just been a bit of a learning curve.

Our Office 365 subscriptions are tied to our on-prem domain — I have a domain admin there. With our Active Directory connector, our on-prem credentials are being pushed to the cloud. We also have domain credentials in the cloud, but there's no Office subscription tied to it, just to do the administration stuff. I moved my sync credential to have a lot more administrative privileges. Some of the documentation I was reading clearly showed that when you have this particular ability right on the Azure side, and then you have another ability on the Office side, that intuitively, the Microsoft cloud knows to give you certain rights to be able to do stuff. They're just kind of hidden in different places.

Some things are in Exchange, and some things are in the Intune section. We had a few extra light subscriptions that weren't being used, so I gave my microsoft.us admin account a whole other subscription. In the big scheme of things, it's roughly $500 a year additionally — it just seems like a lot. I didn't create a mailbox for that and I was trying to do something in Exchange online and it said I couldn't do it because I didn't have a mailbox.

You can expect a different user experience between on-prem and online. Through this cloud period, we have premiere services, we have a premiere agreement and we had an excellent engineer help us with an exchange upgrade where we needed a server. We needed an OS upgrade and we needed the exchange upgrade on the on-prem hybrid server. We asked this engineer for assistance because my CIO wanted to get rid of the on-prem exchange hybrid server, but everything that I was reading was saying that you needed to keep it as long as you had anything on-prem. We asked the engineer about it and he said, "Yeah, you want to keep that." In his opinion, it was at least going to be two years. So at least I got my CIO to stop talking about that. It's just been an interesting time in this transition between on-prem and in the cloud.

In a secure environment, a lot of this stuff is PowerShell, which is fine. It's a learning curve, but if you don't use it all time, then it's a lot of back and forth with looking at the documentation and looking at other blogs. If you're in a secure environment, the Windows RM (remote management) stuff can be blocked, and that's frustrating, too.

I have been using this solution for roughly five months.

It's definitely both stable and scalable. I used to work in an environment where we had a couple of onsite engineers from Microsoft and I worked on Active Directory — I did that for four years. We did the Active Directory health check, so I actually worked with the engineer for a week and went through our Active Directory. At the time, Microsoft said it was one of the top five most complicated forests out there. We had 150,000 users and 18 domains across the globe supporting the military, so it was pretty big. 

We have experience with their premier support. We have a live audit coming up shortly so we don't have a lot of time to waste, waiting for support to get back to us — unless it's very critical. 

I wasn't involved in the initial setup, so I cannot comment on that. 

We used an integrator, however, we don't speak of his name anymore. 

I think we're on the E3 — I think it was about 35 dollars per user. We may go up to the E5, which includes Project Online and the telecom service in TEAMS. We're in the process of rolling out Office 365 internally. We've had really great feedback that people really like TEAMS and we want to move there. 

We had a roadmap meeting with Microsoft a few months ago. Some of the more accessible types of things were on the roadmap for the first quarter of this year. I know that Microsoft's working hard at listening to their customers, especially through COVID. Collaboration has changed. They also have military folks, that's why they created the GCC High. Once they got into the GCC high, they're like, "Oh, we need to collaborate a little bit more." So they've been pushing a little bit more on integration. We're not going to have that kind of clout where I am, but where I used to work, we would've. 

Overall, I would give Microsoft Azure Active Directory Premium a rating of four out of ten. They could really benefit from some better user-training. 

We primarily use the solution only for the employees. It offers a single sign-on to business applications. Internal modern applications also go through Azure Active Directory, however, we use Active Directory for the legacy ones. (Kerberos).

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. 

We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.

We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify. 

One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. 

We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

I've been using the solution for four years at this point.

The solution is relatively stable. The only issue we have is that there's a lot of things on Azure that are synchronous. Sometimes it takes time for changes to apply, and it kind of depends on the time of the day. A lot of the time we're happy with it, however, sometimes it creates a bizarre issue that is difficult to troubleshoot.

The solution is quite stable. If an organization needs to expand it out, they can do so rather easily.

We have about 9,000 people in our organization using the solution.

While the technical support is good, you need premium support. The standard support is more for small enterprises. We have the premium support and with the premium support, it's much better. There's a direct line to the correct type of support. It's very good.

We previously used SiteMinder from Computer Associates. The main reason we migrated to Azure was for the integration with Office 365. It then became our primary authentication source for the employees.

The initial setup is not too complex. It's pretty straightforward.

We didn't need the assistance of an integrator, reseller or consultant for deployment. We were able to handle everything in-house.

The pricing is really great and Office 365 packages are good. We don't pay for it separately. It's included in our package and the APIs are really great. I'm not sure of the exact cost of Azure. It's a package deal.

We've looked into Okta for B2B and B2C clients, not necessarily for our internal employees.

We're just a customer.

We're using the latest version of the solution.

I would recommend the solution for employees. It's a really great tool. However, we tried it also for consumers, for clients for B2B and B2C. For me, it isn't really a great production product. We researched Okta for that.

Overall, I'd rate the solution nine out of ten.

Microsoft Authenticator is a third-party application used to authenticate users in our Microsoft environment, such as accessing emails or applications like Excel, Word, or any other application. It is also used for online login purposes. The configuration process is simple from the admin side; we just need to enable it for the user. The user will receive a notification on their mobile device and then needs to download the Microsoft Authenticator app. They can add their account by entering their username and password. Once this is done, the configuration is complete.

While using any applications in the environment, users need to authenticate using Microsoft Authenticator. They will receive a one-time password that expires in thirty seconds, which they must use for authentication. One advantage of using Microsoft Authenticator is that it ensures the security of user accounts. Even if someone tries to hack or authenticate into another person's Microsoft account, they will be unable to do so without the password. The user will receive a notification if someone attempts to access their account and can choose whether to grant them access or not. If any unauthorized access is detected, we will investigate to identify the person behind the authentication attempt.

Microsoft Authenticator is highly secure. It is connected to its own servers. Using this application employs encryption methods, and the user has the right to access it. Additionally, we can utilize the biometric fingerprint tool for authentication, ensuring that only one person has access to it. This feature is extremely beneficial.

The cost of licensing always has room for improvement.

I have been using Microsoft Authenticator for three years.

Microsoft Authenticator is scalable.

The initial setup is straightforward. We downloaded it from the Google Play store and used a name and password. That's all it takes, and we're ready to go. The configuration duration is set on an admin site, but the actual configuration must be done on the end devices themselves. This can include mobile devices, tablets, or any other device that we can use, and takes about ten minutes to complete.

We have observed a 60 percent return on investment with Microsoft Authenticator, which provides us with peace of mind, knowing that there is no unauthorized access occurring.

Microsoft Authenticator is included in the package when we purchase a license from Microsoft.

I rate Microsoft Authenticator ten out of ten.

We have 120 users. The solution is used daily and is required whenever a Microsoft account needs authentication to ensure that only the data owner or email owner has the proper authentication to access the mailbox or application.

I will advise people to continue using the Microsoft Authenticator because it provides security and data protection. From a cybersecurity perspective, it is beneficial to use the Microsoft Authenticator for the authentication of Microsoft products.

The solution is deployed on a public cloud. We are using Microsoft Azure.

There is on-premises AD and cloud AD. We are able to sync the solution and use the load technology and password management features.

The most valuable features in Active Directory are the password writeback product and the MDM technology.

The on-premises AD comes with a lot of options and group policies. With the group policies, we are using screen saver a lot, and it is messing up Azure AD and isn't working effectively. We are also using MDM technology through Azure. For Android the MDM technology is okay, but it doesn't work properly on iPhones.

When we do a screen share and screenshots, it doesn't work on the iPhone. For Android, it will only work for Outlook, which is provided in the company portal.

I would like to see the group policies on the same platform on cloud.

We have been using this solution for almost two years.

The solution is stable and everything is working. In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal.

The solution is scalable. We haven't had any issues.

We have 500 people using this solution in our company. We have increased usage, and we have plans to increase more. 

Technical support is very good. They work quickly to resolve any issues.

We are using an earlier non-premises AD, but we want to move to the cloud setup, which is easier for end users and everyone else due to the pandemic situation.

Setup was straightforward. Implementation took three months.

For the deployment process, we had a technical team of two people who did everything. They are engineers.

We used a consultant for deployment. I think we used a Microsoft partner.

It was a good experience and not very complicated. I think I realized that they are not seeing many implementations. There's a tool in Microsoft Azure called an endpoint security tool, and they don't know how to implement it.

We have a yearly license.

I would rate this solution 9 out of 10.

This product is very nice. It's a legacy application, so the people using it are very familiar with it.

We primarily use the solution for most of our enterprise identity management. 

It's improved our company through the security policies. It's helped improve our security posture. 

It's pretty easy to implement. In most of the apps nowadays, it has the ability to use multifactor authentication, SSO.

The control is great. It offers good conditional access.

It helps with managing user access via one pane of glass in most cases. 

The security policies we are applying are pretty well structured. 

The solution is nice to use. Microsoft did a good job.

My assessment on Microsoft EntraID admin center for managing all identity and access as our organization. It's great. It's very well organized, pretty straightforward, and easy to use. It's not just that it's easy to use, it's very intuitive. Everything is easy to find. 

We use Microsoft Entra ID conditional access features and improve the robustness of our zero-trust strategy to verify users. 

The permission management feature is good. 

The visibility and control are very good. The whole intro ID concept is pretty intuitive. Even if you have never used this and you have some experience in IT, you will be able to handle the solution easily.

It's helped our IT department save time. It also helps with speeding up processes. I can't speak to the exact amount of time saved per week, however.

The solution helps the company save money. 

It's positively affected the employee user experience. 

It's just been renamed. That said, I can't speak of room for improvement. There may be areas that could be better, however, I haven't thought too much about that. 

I would change the device access a bit. It's very difficult. I would add some features. I would like to be able to authenticate Wi-Fi users using the Azure ID. However, my understanding is it needs to be from both sides, from the vendor that is creating devices for the Wi-Fi and for the networking part and Microsoft. 

The company has been using the solution since before I arrived. I have used it for around four or five years. 

The solution is stable. I've never seen big issues. It's pretty much a stable product. 

Sometimes Microsoft has small issues, however, nothing that would cause the entire company to not be able to work for a whole day. 

More than 1,000 people are currently using the solution. 

It is a scalable solution for sure. 

I've never used technical support. 

I've used a few different solutions. Mostly I've used Active Directory. It does the same thing; it has just been renamed. 

I was not a part of the implementation. It was done before I joined the company. 

It may require a bit of maintenance, however, it's not a task that is part of my department. 

I don't deal with pricing. It may state the cost online. 

I did not evaluate other options. 

I'm a user.

I'd rate the solution nine out of ten. I'd advise others to use it. Even the free tier has a lot of features that even a small company would benefit from. 

We work with Active Directory in our own IT network in our office. We also deploy Active Directory projects in some other clients.

Active Directory is an active directory service from Windows for a Windows Server operating system.

We have synchronized identities on-premise with on-cloud identities in order to work with Microsoft-aligned services such as Office 365 and to work in the middle of hybrid topology for on-prem and cloud identities, as well as to be more productive with other capabilities that Azure Active Directory Premium offers. This includes, for example, single sign-on, multifactor authentication, Conditional Access, privileged access management, and Privileged Identity Management. Our current experience with Azure in the Cloud - Azure Active Directory - is it's very functional and productive in talking about identity and access management solutions.

In the last two years, as COVID has been present worldwide, the Azure Active Directory capabilities have allowed us to work completely in a remote way. It's not fully necessary to work at the office or in only certain locations. We are now fully capable to work from any location, any place in the world.

The most important thing about this solution is the capabilities for multifactor authentication and single sign-on that it offers for native Microsoft solutions and non-native Microsoft solutions.

The solution has features that have helped improve our security posture. Azure Active Directory works with some technologies around security such as mobile device management, mobile application management, and Azure Information Protection as well as Conditional Access and multifactor authentication. These capabilities give us a good level of security.

The solution has affected our end-user experience. For example, we work with several technologies in the Cloud, such as Salesforce. Azure Active Directory allows us to work within a single sign-on model. This allows us to work more easily, and not have to remember a bunch of different passwords for various applications. With a single sign-on, we can work in a more transparent way and we can be more productive, having direct access to our applications in the cloud.

Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite.

I've been using the solution for the last 15 years or so. 

We have the service running all the time and it runs and works without an issue. Up until now, we have not had any problems at all in terms of the availability of the service.

We know that if we need to integrate more than hundreds or thousands of users, we know this won't be a problem. We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem.

We've contacted technical support several times over the last ten or so years. 

Microsoft is a very big, important company. People working in technical support have been very professional and quick to respond. They're very good specialists.

This is the first product that I consider as it is a powerful directory service and better than what any other company offers.

The initial setup was very straightforward. We've worked with Azure Active Directory for the last three or four years and find it very easy to deploy. It might take maybe three days. 

In terms of maintenance, we only have a couple of people dedicated to offering technical support. Once you deploy it, it's not necessary to give too much support after that.

I know that there are several other solutions, for example, Open LDAP, et cetera. I like the functionalities that Microsoft Active Directory offers. Therefore, it was not necessary to test any other technology.

I'm pretty sure that one of the main advantages of Microsoft Active Directory is that not only does it provide user management, it's also a technology component inside of a very big strategy for technology in any environment or company. It's native. Users can have their own mailbox for Exchange or Office 365. Active Directory is integrated as a way of authentication for any other database or web service. The main advantage is that it's integrated into a whole global authentication strategy.

I am a Microsoft-certified systems engineer. I've been doing this for the last 22 years.

I'm a partner and reseller. We work with several specialists for deploying, project management, and development of solutions around Microsoft technologies.

For any customer or any client that is interested in deploying Azure Active Directory to have a full strategy for hybrid environments. They need to take into account users on-premise and users and resources in the cloud in order to have an integrated architecture and solution to best utilize the Azure Active Directory capabilities.

I'd rate the solution at a nine out of ten.

My primary use case with Azure Active Directory is configuring applications, for example Edge, on premises and doing synchronizations with ADFS in a hybrid environment.

I have used it in a lot of application integrations. I set authentication for the hybrid and cloud applications for the services that we acquire.

The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.

In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS.

The services are very clear, but the user admin interface needs to be better. That's all.

I have been using Azure Active Directory for more than five years.

In terms of stability, sometimes the more applications you integrate, the more it becomes a little bit unstable. The synchronization engine is key because that's what 365on-premises is for. The main thing that Azure supports is Microsoft native 365 and the other services that come with it.

It is scalable. It is just that Microsoft likes complex licensing. They should make it more  straightforward.

We just have the admins using it, that's about 20 people.

Microsoft tech support is not the best, but they're okay.

The initial setup is not that complex. Maybe I'm the wrong person to ask, though, because I am already an old AD person and I understand it.

On a scale of one to ten, I would not rate Azure Active Directory as a bad product, I would rate it as an 8.