Microsoft Entra ID Reviews

We primarily use the solution for most of our enterprise identity management. 

It's improved our company through the security policies. It's helped improve our security posture. 

It's pretty easy to implement. In most of the apps nowadays, it has the ability to use multifactor authentication, SSO.

The control is great. It offers good conditional access.

It helps with managing user access via one pane of glass in most cases. 

The security policies we are applying are pretty well structured. 

The solution is nice to use. Microsoft did a good job.

My assessment on Microsoft EntraID admin center for managing all identity and access as our organization. It's great. It's very well organized, pretty straightforward, and easy to use. It's not just that it's easy to use, it's very intuitive. Everything is easy to find. 

We use Microsoft Entra ID conditional access features and improve the robustness of our zero-trust strategy to verify users. 

The permission management feature is good. 

The visibility and control are very good. The whole intro ID concept is pretty intuitive. Even if you have never used this and you have some experience in IT, you will be able to handle the solution easily.

It's helped our IT department save time. It also helps with speeding up processes. I can't speak to the exact amount of time saved per week, however.

The solution helps the company save money. 

It's positively affected the employee user experience. 

It's just been renamed. That said, I can't speak of room for improvement. There may be areas that could be better, however, I haven't thought too much about that. 

I would change the device access a bit. It's very difficult. I would add some features. I would like to be able to authenticate Wi-Fi users using the Azure ID. However, my understanding is it needs to be from both sides, from the vendor that is creating devices for the Wi-Fi and for the networking part and Microsoft. 

The company has been using the solution since before I arrived. I have used it for around four or five years. 

The solution is stable. I've never seen big issues. It's pretty much a stable product. 

Sometimes Microsoft has small issues, however, nothing that would cause the entire company to not be able to work for a whole day. 

More than 1,000 people are currently using the solution. 

It is a scalable solution for sure. 

I've never used technical support. 

I've used a few different solutions. Mostly I've used Active Directory. It does the same thing; it has just been renamed. 

I was not a part of the implementation. It was done before I joined the company. 

It may require a bit of maintenance, however, it's not a task that is part of my department. 

I don't deal with pricing. It may state the cost online. 

I did not evaluate other options. 

I'm a user.

I'd rate the solution nine out of ten. I'd advise others to use it. Even the free tier has a lot of features that even a small company would benefit from. 

We use it as the Active Directory on the cloud. We have the systems on-premises and on the cloud. We connect the AD data to Azure. We have a single sign-on service on multi-cloud. We use the single sign-on feature on, for example, AWS.

In terms of the version, we use it as a service, and it is always updated to the latest version. 

Microsoft Entra ID helps to synchronize information from on-premise Active Directory. There are security features such as multifactor authentication. We can also use a single sign-on to connect with the other application on the cloud. 

It helps our admins to have more security. It is helpful for authentication methods, log checking, and audit trails in case of security concerns. However, it has not saved them time.

Microsoft Entra ID has not helped to save our organization money, but it helps to improve security.

The security features, multi-factor authentication, and service management features are valuable.

Microsoft Entra ID provides a single pane of glass for managing user access. Its menus are properly categorized, and they make it easy to use for our work and processes.

One thing that they need to improve is the cost. It already has a lot of features, but more protection of the identity would be beneficial for customers.

I have been using this solution for three years.

It is stable.

It is scalable. In our environment, we mostly have Microsoft solutions such as Microsoft 365, email, OneDrive, SharePoint, Power Apps, etc. Entra ID is deployed across multiple locations for multiple users. We have a Microsoft 365 license for all employees. We have two admins who take care of configuration and monitoring for security and data loss prevention. 

We have plans to increase its usage.

I have not contacted their support.

We did not use any other similar solution previously.

I was not involved in its deployment. 

It is costly.

I would recommend this solution to others. Overall, I would rate Microsoft Entra ID an eight out of ten.

It's something that we use every day. We're migrating all of our customers over to it.

We use it for Office 365 and Azure services.

It's a cloud service. You do not depend on local identities. You can just synchronize the identities. It gives you the opportunity to use the security services that come with Office 365 and Azure. 

It does offer a single pane of glass for getting into all applications. However, we have some customers that have a hybrid environment and it depends on what applications and if the client wants them authenticated with Azure or not. In general, it's been positive for the final user experience.

We do have to manage identities on-premises in Azure and have one point of entry and the solution allows for that.

We use conditional access. That's a must for customers - to be able to verify users and devices. It helps with initiating a zero-trust policy. It's one of the main functionalities we really like. You can get granular with the policies in terms of access. 

We use conditional access in conjunction with Endpoint Manager. We also push Endpoint Manager as a solution to work with devices. That's also something that we try to push to the customers in any project. Most of the time, they go with it and like the idea of being merged with which are Endpoint Manager. Sometimes there are some customers, small customers, that maybe don't want to use that. Our position is to always use an endpoint manager.

It's helped out IT managers a lot in terms of the features on offer. I'm not sure of the exact amount of time that has been saved in general. I'm not involved in the day-to-day management from a customer's perspective. 

It's had a positive effect on the user experience. I'd rate the improvement nine out of ten. 

Support could be improved.

Okta has had more time in the business than Microsoft. I hope, in the roadmap, Microsoft eventually offers the same features as Okta. It will take some more time to mature. 

I've been using the solution for five years.

The solution is scalable. 

Customer support is good. However, it could be better sometimes. They do answer fast, however, the resolution itself is not fast. The first level of support will most likely have to move the issue to level two or three technicians and that process makes the resolution take longer.

Positive

I did not previously use a different solution. I deal strictly with Microsoft. I don't deal with any other companies. I'm dedicated to Microsoft. 

I was involved in the deployment process. It's easy for someone who's done it many times. 

In my department, we have ten to 15 colleagues that can handle these migrations or synchronizations. 

It's an easy product to maintain. 

We do have a customer that has Okta, and while we don't deal with it directly, we know what it does. We don't use it. Okta has specific features that are different from this product, however, it's not something we sell. For example, Microsoft can synchronize users from local to Azure, and not vice versa. Okta can do that, however. Also, the management lifecycle feature in Microsoft isn't as robust as Okta. 

Okta does have a lot of models, as does Microsoft. In both cases, depending on what you need, there would be a different license. 

There are not too many companies that have Okta in Spain, however, those that have would have many environments across AWS, Google, et cetera - not just Microsoft.

We're integrators. We don't use the solution ourselves. 

We do not use Permissions Management. I'm not sure if it is one functionality or a combination of several. 

I'd rate the solution eight out of ten. 

We sync up our on-premise Active Directory with Azure AD and use it for app registration. All of our cloud-based DevOps activities use Azure Active Directory.

Azure Active Directory has many automation capabilities, and you can apply policies on top. You can do a lot of things with these combinations and integrate other tools like PingFederate. We've likely saved some money, but I don't know how much. 

The solution has made our environment more controlled and robust. At the same time, functions become more challenging for users when you add more controls and multi-factor authentication. However, these measures are essential when you're dealing with a complex environment that crosses multiple regions and cloud platforms. 

I like Azure Active Directory's integration with GT Nexus, and it improves our overall security. Azure AD enables us to manage user access from a single pane of glass. We use single sign-on and multifactor authentication. Teams are required to have Authenticator downloaded on their devices. 

We use Azure AD's conditional access feature to fine-tune access controls and implement a zero-trust policy using authentication tokens. The calling application needs to verify those tokens. The tokens contain information that the application needs to verify. Every application or user needs to be registered in the system to access it.

In Azure AD, applications either use the managed identity or ARBAC for permission control, and we use SaaS on top of that. Policies can be used if there is anything else infrastructure or access-related. 

Permission management works the same way across all cloud platforms. You can have granular or course-grade permissions. It depends on what you want to use and how you want to use it. I'm on Azure, so I know how they use it. 

Azure AD could be more robust and adopt a saturated model, where they can offer unlimited support for a multi-cloud environment.

I have used Azure AD for two years. 

I rate Microsoft's support a nine out of ten. We are preferred partners, so we get high-priority support. 

Positive

I rate Azure Active Directory an eight out of ten.

I am using Azure AD to assist a client with COCC level one and level two certifications. The primary use of the solution is its conditional access feature to enforce fine-tuned and adaptive access controls. The robustness of a zero-trust strategy to verify users has helped in implementing zero trust right now.

The client has to have a clone network storage and manage the services it provides to the handful of people he works for. The control and identify data do what it is supposed to do, as advertised, but the client is not utilizing those features.

The security and compliance features are very helpful. The online information on the site is well documented.

One thing I would like to see is when you're doing control measures if you could globally apply them instead of going through every user individually. I looked at this problem twenty years ago, and it has stayed the same. In twenty years, it's still the same one by one. The default is whether you get group permissions or role-based assignments, you still have to go in individually to everyone every time, which is cumbersome to me. My problem with Azure AD is that it's designed for medium to large systems, and we're not that large.

I rate it an eight out of ten.

I have been using the solution for less than a year, and the client that I'm consulting with has been using it for about four and a half, five years.

It is a stable solution.

Since we're starting with three people, it's probably not going to grow to more than ten people in the next five years. So the scalability is fine for my client's needs.

We have not contacted Azure's technical support.

The initial setup was straightforward. The client has got three people working for him.

For a small business buying individual licenses, it is an affordable solution.

We use the solution for single sign-on, provisioning, de-provisioning, conditional access, and identity governance.

The access governess feature improves our compliance.

Privilege Identity Management is the most valuable feature.

The licensing and support are expensive and have room for improvement.

I have been using the solution for five years.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

The support is really good.

Positive

The initial setup was straightforward. The time required for deployment will vary depending on the features that we plan to use. Typically, two to three weeks should be sufficient for deployment.

The implementation was completed in-house.

We have seen a return on investment.

I give the cost a three out of ten. The licensing is expensive.

We evaluated Google Cloud Identity.

I give the solution a nine out of ten.

Two to three engineers are required for the Maintenance. The majority of the maintenance is completed by Microsoft.

I recommend the solution to others.

We deployed the solution across multiple geographical areas.

Azure AD is primarily used as the backend for all Microsoft Office 365 user accounts and licensing, as well as for securing those accounts. Endpoint Manager is also utilized, which is part of domain control in the cloud, even though it is not Azure AD.

Azure AD has enabled the organization to set up single sign-on to all applications and has consolidated everything to a single cloud authentication for users. This saved a lot of time by not having to administer accounts in multiple systems, and it has also made it easy to control user identity for all cloud and internal applications. Security features such as attack surface rules and conditional access rules are also highly valuable and help the organization feel safe with all its user accounts. The Entra conditional access feature is used to enforce fine-tuned and adaptive access controls, and it is perfect for verifying users in line with the Zero Trust strategy. Overall, Azure AD enabled the organization to control one set of accounts and policies for everything, providing a huge benefit.

The security features, such as attack surface rules and conditional access rules, are the most valuable aspects of Azure AD.

The only improvement would be for everything to be instant in terms of applying changes and propagating them to systems.

I've been using this solution since 2017.

The stability of Azure AD is perfect.

Azure AD is highly scalable and enables the organization to control everything from one office.

The support channel for Azure AD is probably pretty good, although there was a strange experience with technical support once. Overall, the customer service and support would be rated as positive, with an eight out of ten rating.

Positive

I have never used any other products except Google Workspace, which is very intuitive but not comparable to an identity system.

The initial setup of Azure AD was quick and took just a workday or two, although tweaking it took about a week. The implementation of Azure AD probably took about 48 hours. In terms of maintenance, Azure AD doesn't require any maintenance as it is a cloud service that is always up to date.

At the time, we used contractors to set it up because it was new to us. If I was going to do it today, it wouldn't be that complex for me because I now know the ins and outs of it, but at that time, we contracted people to help us set it up so that we could do it with the best practice. We probably had just one contractor and then we just helped out.

For those looking to implement Azure AD in their organization for the first time, it would be recommended to get rid of the legacy Active Directory right away and go straight to Azure AD instead of starting out hybrid and having to wind that down. If local Active Directory isn't needed, it's best to move all authentication over to the cloud and scrap the Active Directory domain controllers. The Entra portal is a huge benefit as it provides a consolidated view of everything and makes it easier to navigate security, users, conditional access, and identity protection.

Microsoft has been consolidating the view to provide a single pane of glass. It has been more and more down to that. They're now out with something called Entra. It's the Entra portal, and it has a very consolidated view of everything I need to do. Microsoft Entra is basically Endpoint Manager, Microsoft Defender, and Azure Active Directory pulled together for an easy view and ease of navigation. I've started to use Entra a little bit. It has only been out for a little while, but it was created to simplify finding everything. So, instead of navigating through the portal at Azure, I've started using Entra. I like it a lot. At first glance, it looks very intuitive, especially based on how I've been navigating until now. 

What Entra is doing is a huge benefit. If you're starting up today, it's much easier to get into security, users and conditional access, and identity protection. They've consolidated most of the important things there. You can navigate to everything from there, but they draw forth the most important ones in a more intuitive way. They've done that, and what they've done with Entra is what was missing.

Overall, I'd rate Azure Active Directory an eight out of ten. 

We use it for identity and access management for cloud-based applications.

A couple of features are valuable, but the one that comes across the most to me is multi-factor authentication. That is huge because, with the promise of cloud—the ease and flexibility—comes a challenge of security. That means organizations are quite susceptible to cyber security threats and attacks. Nowadays, because assets have moved from the on-premises environment to the cloud, identity has become a new parameter. 

MFA is the most valuable feature because it only takes threat actors who keep guessing the password—even a password with a high degree of complexity, given all the tools available to crack them—to gain access. Then they are able to steal identity information and all the digital assets of an organization. 

We, ourselves, experienced a "near miss" but we were able to detect it at a very early stage and then immediately implement multi-factor authentication, which of course means that in addition to the regular user ID and password, there's another key requirement for validating and verifying the true identity. That's been very valuable to us and to our clients.

We also use Entra’s Conditional Access feature to enforce fine-tuned and adaptive access controls. It's all about taking a further step and layering additional controls to prevent unwanted access. It helps with Zero Trust, ensuring that we can protect assets. The entire paradigm is to make sure that you do not grant access to any potential user without verifying and properly validating who that entity is. That's most invaluable because you can identify a set of conditions that are unique to the organization. They can be related or linked to the profile of the organization and, based on that, you can grant access. Microsoft, from what we've seen, is at the forefront. They're actually spot-on with that.

Using wild imagination, I am thinking about to what extent AAD can integrate with products in a seamless way, such as applications that are running on-premises and making use of on-premises directory services. The most common, of course, is Azure Active Directory Domain Services. To what extent can it be used to replace the on-premises Active Directory Domain Services? Even though they are similar in concept, they are totally separate products. 

I would like to see applications that make use of on-premises Active Directory Domain Services have the ability to also seamlessly make use of Azure Active Directory.

And when it comes to identity and access life cycle management for applications that are run on-premises, as well as access governance, if those kinds of capabilities could be built into Azure Active Directory, that would be good.

I have been using Azure Active Directory since 2015.

It's very stable. I don't think I can recall a major outage of Microsoft's products or services. 

There could be outages impacting other services, and over time, you do experience degradation. But what makes it work is that Microsoft has a lot of resilience built into its cloud architecture.

It's highly scalable. I've worked on projects where we have to deploy Active Directory for in excess of 12,000 users.

More than 90 percent of the people in our organization are using Azure Active Directory.

Overall, I'm satisfied. In some cases, there are incidents that take some time to resolve, but those are more exceptions than they are the rule. We seem to find such cases when we have situations with on-premises workloads, technologies that are not yet in the cloud.

But for the most part, in recent times, on average we tend to have quicker resolutions, relatively speaking, for issues that have to do with the cloud product. 

What I consider to be the aspect that makes the experience good for us is that we get support for all the products. We have access to Premier Support and that enhances the quality of our experience.

Neutral

It's quite easy to set up.

The time needed to set up Azure Active Directory is a function of the environment. For simple deployments, it can be done within hours or within a day. But for complex environments, it might take anywhere from two weeks and up. You need to go through an environment assessment and make use of a project delivery framework.

For example, suppose a customer already has on-premises Active Directory services, and the requirement is to deploy or implement a hybrid identity architecture. That means there are workloads on-premises and in the cloud, and the customer wants to use the same identity scheme or single sign-on. Those are the type of requirements that determine how long it will take to get Azure Active Directory set up.

Deployment generally requires a project manager, an engagement manager, and an architect; a minimum of three people. And if there are other specific solution domains that require specialist skills, it could be four.

There is zero maintenance. The focus, in my own experience, is typically around security: how you're monitoring the environment to ensure that it's still secure. And when there are incidents, to what extent, and how quickly, you can triage and pinpoint and remediate to keep the infrastructure secure? But the actual is maintenance is zero.

It will save us money eventually, even though that's not the case now. For example, for HR, with onboarding and exits, we're beginning to see that this is an area where Entra can help us manage the life cycle of identities. The convenience that comes with that, and how that also helps ensure security and compliance, are areas that Entra can help us with.

The pricing of Azure Active Directory is competitive. By default, the product exists in almost every Microsoft cloud product. But it then depends on the features that a customer really wants to make use of. The extent of the security requirements will inform what kind of plan will be suitable for the customer's situation.

As a business, we have always been cloud-native, so we've always been making use of Azure Active Directory. The very fact that that's what drives our productivity platform, both for ensuring that employees are well engaged and they can deliver on productivity, and meet customer requirements and demands, means we haven't looked at alternatives.

Regarding Entra, the expectation is that when it is deployed, the employee experience should be better. We haven't started exploiting all the features of Entra. It makes use of the core Active Directory: identity and access management, conditional access, et cetera. But we're not making use of all its features at the moment. We hope to implement them in the near future.

Overall, I'm satisfied.