Microsoft Entra ID Reviews

I'm a computer engineering student in Portugal, and we used it during one of our classes for practically the whole semester. We used both the on-premise solution and the Azure, online one.

While we were learning, we used it primarily for user access management and also to define rules for the organization. For example, we created organizational units and defined domains for enterprise-level organizations. I was able to specify access to, for example, certain folders, including shared folders and shared resources.

We were using it in conjunction with SQL Server 2019.

Azure Active Directory works well to access the resources that the school has set up for the students. We can share between our groups, and we can set up shared assignments or shared project folders very quickly and easily.

We have access to shared storage space, which is great. It is managed through Azure Active Directory and appears to me as a Microsoft OneDrive account.

As an end-user, the access to shared resources that I get from using this product is very helpful. I also use it for my email, which is a domain that is part of the organization. 

The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.

The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.

One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.

It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.

The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing. I had to cancel the subscription because it was using my credits too quickly. For the students, it was not a very cheap way to learn it.

It would be helpful if they provided more credits for students who are performing test cases because we had to be really careful when we were using it. Making it cheaper for students would be great.

I have been using Azure Active Directory for one school semester.

Because we weren't using it on a large scale, it is difficult to estimate how good the stability is. That said, it worked fine for the small number of users that we had. Although it was not a good test, I think that it worked fine. It does have some good monitoring options, so we could watch the performance.

I do not have large-scale experience with this product, as I was using it for practice during my degree program. I don't know at this point whether I will be using it in the future.

In my class, there were half a dozen or fewer users.

In order for the solution to be scalable, it requires some upfront work. You have to well define the users, profiles, and roles that you want to have at your organization. We were already given some advice on that from our teachers, including which roles we should create and so forth. Once you have that done, I think it's pretty straightforward. You just have to add them through the interface that the solution has, and it's not very difficult to do.

I did not have to contact Microsoft technical support.

Our teachers explained what it was that they wanted us to implement and we were left to figure out how to accomplish the tasks on our own. When problems arose, I used Google to search for answers online. I also watched YouTube videos that included explanations and step-by-step tutorials.

Another solution that we learned about was the Apache Web Server. You can do the same things that you do with Azure, but it's more complex. You have to know a little bit more about Linux and you have to do it more manually.

In Azure Active Directory, there are already some default options available. That worked for us. It's easier for someone who doesn't want to have the headaches of understanding some of the more minor details.

For the initial setup, we mainly followed the tutorials that Microsoft has online. Initially, it was a little bit confusing because we discovered that there are many different versions of this same software. There are distinctions between an on-premise way of doing things versus a hybrid approach versus something that is on the cloud exclusively. There are limitations that each one of them has, as well as other differences that include mobile versus desktop solutions.

For a newbie like me, it was a little bit challenging to understand what the best approach would be. In this case, we were oriented by the teachers to implement the hybrid approach. When we were configuring Azure Active Directory for this, and also for the organizational units, we used the Bastion service. It is the one that creates the domains.

The deployment took perhaps half a day to complete the configuration, step by step. We had to make corrections between configurations, where we had made errors, which was part of the learning process. Overall, when you really know what it is that you have to do, it's pretty straightforward and quick to complete. Otherwise, it will take you a little bit longer.

From the documents that Microsoft has available, we understood that there are several ways to deploy this solution. There is an on-premises version, a cloud-based SaaS, and a hybrid option. 

We were using virtual machines with a license that was connected to our educational package. We have a product key, install it locally on the virtual machine, and that's how we worked with it. At that point, it was connected to the cloud.

Our Azure accounts are related to our college email address, and they are also administered by Active Directory.

We deployed it ourselves. With our small group and for the length of time that we used it, we did not perform any maintenance and I don't know how it is normally done on a day-to-day basis. Based on what I have learned, I think that one or two people are sufficient for maintenance if they know the product from head to toe.

Based on my experience, it would be difficult to estimate how long it would take to earn your investment back.

As this was being used in an academic setting, we were using the educational package. Azure has an educational package available for students with a variety of licenses and different software available. One of the applications included with this is the Azure SQL Server.

Each of the student accounts had an opening balance of $100 USD in credits. We used that to implement the solution and the code doesn't change if you are a student or a normal organization. Some of the things that we wanted to do were blocked by the organization, so we had to use our personal accounts. When we used our credits in this way, it was not specifically for students but for anybody who uses the service.

These credits are used on a pay-per-use basis and the price depends on the features that you use. The most expensive one that was relevant to our use case was Bastion, which allowed us to create and configure virtual subnets. Our use case required us to use it to connect our on-premises Windows Server with the cloud AD.

My advice for anybody who is implementing Azure AD is to study the basics. Get to learn how this access management solution works. We used Microsoft Learn and YouTube videos to assist us with doing so.

In summary, this is a complete solution for any company, but it requires some time and practice.

I would rate this solution a nine out of ten.

The solution is a hybrid cloud with connectors into Azure/Microsoft 365 cloud.

I am still figuring out the whole on-prem/Azure Active Directory Premium/Microsoft 365 integrations and administrative connections.

The scalability of the solution is good.

Technical support can be helpful.

It's not intuitive and we use it mainly for our hybrid capability now and are expanding our footprint in Microsoft 365. The integration between on-prem and Online is interesting. However, the learning curve is high.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory, however, you don't have an Azure subscription. Yet, all of our active directory connectors put our credentials into the Azure Active Directory. 

There are enough things that aren't implemented on our side and we are in the middle of this transition.  I don't blame the product necessarily for that. However, there are links and items within Microsoft 365 that still point back to the .com side.

Items seem to continue to move, such as security and compliance. Now there's a security portal and a compliance portal, and all three are still being maintained, however, one's being phased in and the others are being phased out. Things continue to change. It's just been a bit to learn. There's a lot to keep track of. There should be a bit more transparency.

The Office 365 subscriptions are a bit confusing with a hybrid environment with what credential has an Microsoft 365 subscription.  However, then some of the documentation I was reading this week was where I ran into a wall. This particular document clearly showed that when you have a particular ability on the Azure side, and then you have another ability on the Office side, intuitively the Microsoft cloud knows to give you certain other rights, to be able to do stuff. This settings and configurations are in different places. Some things are then in the Exchange Online, some things are in the Intune section, etc.

I am not sure if the intent is to have an Microsoft 365 administrator with a second subscription for a cloud admin account or not.  I was trying to do something in Exchange online and received a message that I couldn't do it because I didn't have a mailbox. It's frustrating and confusing at times. There are things like that just are a different user experience between on-prem and online.

The Microsoft Premier Agreement we have has been very beneficial and we have had an excellent experience with a couple of different short cycle projects.

We've been working with the solution for just over a year and I have been involved for the last five months. It's been under a year, and not very long just yet.

The scalability seems to be there.  We are not a very big shop but we have unique needs and requirements.

The premier services we have are very good. We have a contact that's been with Microsoft a while and that's really saved us. The reach back into field engineers and their amazing ability to get the job done have been hugely beneficial.  The Exchange Online engineer we had was worth double what we paid for. It was amazing. If it weren't for that, I am not sure if we would have made our schedule.  Often the timing hasn't lined up, with short notice compliance requirements and implementation constraints due to configuration or version of technology.  They are very responsive, but depending on if it's break fix or planning, the planning side as longer cycles.   

I wasn't a part of the initial setup. I can't speak to how long the deployment took or how easy or difficult the process was.

We had assistance with the setup. We're actually bringing in some more help as our needs have short turn cycles and some ageing infrastructure that we still have to move online.

I would say to make sure you have a trusted integration partner or someone on staff that has been through this transition.

We're just customers. We don't have a business relationship with the company.

While we use the on-premises model, we also have it synced for hybrid functionality.

With COVID especially, there have been a lot of changes in a lot of companies and a lot of rethinking of processes lately.

We're in the process of rolling out Office 356 internally. We've had really great feedback that people really like Teams, and we want to move more into that area. We had a roadmap meeting with Microsoft a few months ago. It was probably five months ago, four or five months ago.

Some of the more accessible types of items were on the roadmap for the first quarter of this year. However, Microsoft's working hard at listening to customers, especially through the COVID situation that changed a lot of work and priorities. The collaboration stuff has changed. They've been pushing a little bit more on getting some more integrations. We're not going to have that kind of clout where I am, however, where I used to work, we would have. We were the ones that were making sure the Exchange got upgraded and got to the developers.

I would rate the solution at a six out of ten. If the solution offered better transparency/clarity I might rate it higher.

We primarily use the solution only for the employees. It offers a single sign-on to business applications. Internal modern applications also go through Azure Active Directory, however, we use Active Directory for the legacy ones. (Kerberos).

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. 

We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.

We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify. 

One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. 

We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

I've been using the solution for four years at this point.

The solution is relatively stable. The only issue we have is that there's a lot of things on Azure that are synchronous. Sometimes it takes time for changes to apply, and it kind of depends on the time of the day. A lot of the time we're happy with it, however, sometimes it creates a bizarre issue that is difficult to troubleshoot.

The solution is quite stable. If an organization needs to expand it out, they can do so rather easily.

We have about 9,000 people in our organization using the solution.

While the technical support is good, you need premium support. The standard support is more for small enterprises. We have the premium support and with the premium support, it's much better. There's a direct line to the correct type of support. It's very good.

We previously used SiteMinder from Computer Associates. The main reason we migrated to Azure was for the integration with Office 365. It then became our primary authentication source for the employees.

The initial setup is not too complex. It's pretty straightforward.

We didn't need the assistance of an integrator, reseller or consultant for deployment. We were able to handle everything in-house.

The pricing is really great and Office 365 packages are good. We don't pay for it separately. It's included in our package and the APIs are really great. I'm not sure of the exact cost of Azure. It's a package deal.

We've looked into Okta for B2B and B2C clients, not necessarily for our internal employees.

We're just a customer.

We're using the latest version of the solution.

I would recommend the solution for employees. It's a really great tool. However, we tried it also for consumers, for clients for B2B and B2C. For me, it isn't really a great production product. We researched Okta for that.

Overall, I'd rate the solution nine out of ten.

My primary use case is for our business directory, we have integrated everything into Azure into the Active Directory. 

We basically use this for Skype. We are using the cloud environment and we need the Active directory to be ticketed so if we can call and they can log in at the moment. Apart from that, we use it for video connections. If people are working from home, it is helpful that it is in the cloud. At the moment, we do not need to go for the VPN, and then we can connect. For this purpose, we use the Azure. We run quite a big business, and it is helpful with the electrodata we have used. 

I like the way it communicates to the cloud.

Whatever business requirements we needed in the past three years, users were created, with the name of the user and they were not connected with the Active Directory. We were trying to in house in three years and with directory, but we were not able to achieve it. Based on that we have informed Microsoft. And now we have created the things that are connected to the  cloud.

In Africa, we do not have the same bandwidth with internet speed. This slows the connectivity and it provides challenges for our business.

Three to five years.

Yes, it is a stable product. But, sometimes we had problems due to the network. We are running in more than 24 countries. In Africa we were having issues, but I would say that 80% of our users are happy as a result of us switching to Azure. 

The scalability of the product is fine. 

First, we create a ticket. Then it is assigned to the technical support team. Afterwards, there is a number assigned to the request by the Microsoft team. We then upload the report of the log, or the case that is required. We then wait for the solution. Then, we can test it and implement the correction for the solution.

It was a bit complex. We initially had an issue with our IP address, but it was resolved.

I believe that this solution has simplified our work environment. We have over 13,000 users and this is very helpful to connect everything. 

It is a really nice tool and we have a license for the more complex model. It is not too expensive.

Be aware that it may not work perfectly globally yet. There are still glitches with the solution in Africa.

We primarily use the solution for our AD. Azure AD and Microsoft Entra ID are basically the same, they are currently rebranding. I basically manage users and permissions.

It's made it easy to manage our users. It's also easy to deploy across the company. It pulls over the Exchange and does everything together in one go. You just have to get the licenses.

The login process is easy. It's very user-friendly for users. We can check the logins and handle user management. It's quite simple and easy to use.

It provides a single pane of glass for managing users and access. It's easy for users to handle multiple devices. It makes the sign-on experience better. It can easily teach users how to use the authenticator app.

I'm able to get reports on the database to help give visibility to security. I don't handle security, however. I'm there for support. People can use the data to perform investigations. 

The ID is quite useful. The Azure ID admin center can manage all identity access tasks across an organization. We can easily set up users. It's something you need in every company. Most of the basic stuff is done for users.

The Verified ID is useful for authentication. You can set it in your privacy settings. 

The solution has helped us save time.

The experience overall has been good for employees when they need to get an ID. If you need an extra license, it's just a matter of clicking one button.

We'd like to be able to link to non-Mircosft products, like Linux. There isn't much open source that links up with Azure. Most open source, however, can link up with AWS.

I've been using the solution for four years now. 

The solution is stable. it's dependable. 

We have about 100 users on the solution. 

It's easy to scale up or down. It does what it needs to do. You can always edit or delete resources as well. 

We haven't had any issues. Therefore, I have not really dealt with technical support. 

Positive

I was also working with Microsoft Active Directory on-prem. I'm new to this company; I've worked with other things in other companies before. 

I've used Okta in the past. I find the Azure pricing more user-friendly and I find it's better in terms fo team collaboration. For example, with this, you can also implement Microsoft Defender which can help you monitor users as well.

We have it deployed to the cloud; it's too expensive to maintain on-prem hardware. 

I was not directly involved in the deployment of the solution. 

Only two people have to maintain the product. 

The pricing is expensive. It's in US dollars. I'd rate the affordability of pricing six out of ten. 

I'm not sure if the company evaluated other options. 

I'd rate the solution eight out of ten. My advice would be to stay virtual and not on-prem or you'll have to pay more.

The main reason for implementing this solution was to help our customers to access internal or external resources seamlessly while allowing them to have full control over access and permissions. 

This enterprise identity service provided our customers with many security features such as single sign-on, multifactor authentication, and conditional access to guard against multiple cybersecurity attacks. 

Most of the clients have either Office 365 with hybrid solutions, a multi-cloud environment and they want to leverage Azure AD to manage access to those clouds or they have hybrid deployments with legacy apps on-premises and on the cloud as well. 

We have applied this solution to multiple organizations and it has helped them manage their environments efficiently. Moreover, it provided a high level of security and security features that are appreciated by most of our clients.

In hybrid scenarios, this is one of the best products you could have. It helped many of our customers to manage resources on-premises and in the cloud from a single dashboard. 

It helped our client to control permissions and review permissions for employees who have left the organization which kept them on-control over access and permissions granted to their employees.

The solution has many valuable aspects, including:

• Password policy enforcement
• Conditional access policies
• Self-service password reset for could users and on-premises
• Azure Active Directory Identity Protection
• Privileged Identity Management
• Multi-factor authentication 
• Passwordless authentication and sign-in
• Business to business and client to business support
• Support for SAML and OAuth

There are many more features that are very useful and can be used as part of the P2 package. There is no need to install any agent or tool to utilize those features except when extending advanced features to the on-premises active directory.

I believe the product is perfect, however, it could be improved if it could integrate with other clouds with fewer efforts and provide the same functionality it provides to Microsoft products.

Most of the features come with a P1 or P2 license. With the free version, you do not get much.

The objects in Azure AD are not managed in organizational units similar to what you get in the windows server active directory, which makes it more difficult to delegate administrative tasks

Azure AD does not support legacy authentication protocols, such as NTLM or Kerberos.

Azure AD is unaware of group policies. If you would like to use the same on-premises group policies, then you need to use the passthrough authentication method with your existing on-premises AD servers. This would compromise the high availability of the cloud and create a single point of failure.

I have been using this tool for more than five years.

A Very stable solution, I never saw the service down, unavailable, or anything like that.

The solution is highly scalable. There are no worries at all about the bandwidth or any other concerns. 

We've had a very positive experience and our clients are adopting it more as their sole identity and access management solution. 

Positive

We did use the SailPoint Identity Platform. There was no cloud solution at that time which is why we switched.

The ease of setup depends on the scenario and the use cases of your organization. 

We are a vendor team and most of the implementation for enterprise clients is done via us or similar vendors. 

The solution has a high ROI when adopted properly in your organization.

Make sure to check which features your organization requires. Find out if they are applicable to all users or just a bunch of them before deciding on buying a license.

We looked at many products, however, I do not want to mention the products' names. 

I use a Microsoft 365 cloud deployment and I have an organization where users are created. All of these users are hosted in Azure AD. I send emails in Exchange Online. 

For collaboration, we use Teams and SharePoint. Basically, all of these Microsoft products are on Azure AD. This is due to the fact that for you to use any of these products, users have to be created and these users are being hosted in Azure Active Directory. Without the users in the first place, the products are not used. 

The most valuable aspect of the solution is the ability to create users and host them in Azure AD. That is the bedrock - whatever it is you are doing, you're building on the fact that you have users created. We have Microsoft Teams to manage users and also to manage groups which allow us to manage collaborations and do all sorts of things.

Azure AD has features that have helped improve our security posture. It contains the Azure audit logs that allow you to also audit activities in the organization including those that have happened over a period of time. There is Azure sign-in that allows you to check for sign-in over a period of time for users.

From Azure Active Directory you can actually identify the IP address and run checks or maybe block the IP to improve the security posture of the organization.

The Azure sign-on and audit logs are very handy for a regular admin. They offer the most basic admin solutions to carry out activities on Azure security settings to identify potential threats and carry out some corrective actions on it.

We can use Azure Active Directory to deploy enterprise applications to incorporate third-party applications into the organization and make them available to users. You can put in place multilingual authentications and you can specify the kind of authentication you want to be available for your organization.

Most recently, you can use password-based authentication and multi-factor authentication, which allows for the ability to bring on third-party applications and to incorporate them and deploy them for users.

With Azure Conditional Access you can specify network locations where you want some of the services in the organization to be available to users, and where you don't want users to have access. You can customize and define conditional access to whatever suits the organization and based on what you want, including information protection. You can get conditional access depending on the license you have.

From my personal experience, I'd say that the features need to be more visible to make the product easier to explore for new users. They need to make it possible for someone with very little knowledge to come in and find things. The product needs to be more user-friendly. 

The solution needs to update documentation much more regularly. They need to just come out and update the documentation to reflect new features and make sure the updates are included in the already existing documentation so that someone like me can just pick up the documentation, read it, and know that it is very up-to-date listed and has all the new features contained within it.

I have been using Azure Active Directory Office 365 for over two years.

The solution is exceptionally stable. It's just a way to go on another solution, however, that said, I've noticed a 99.9% stability.

It's my understanding that the solution is very scalable. 

In my experience, I've managed hundreds of users on this product.

We can contact and support directly from the Azure Active Directory if we get stuck. As long as you are actually on the most basic billing subscription, you will be able to access assistance. That said, depending on the Azure license you have, you can get access to technical support for Microsoft Azure Active Directory.

My personal experience with using Microsoft support has been positive. I want to be fair, to be very honest, and the Microsoft support has to be one of the most agreeable out there as all you need to do is just submit the ticket and you get someone to contact you very quickly. They are always available. From the perspective of Azure Active Directory, as long as you have the required license you can contact the corresponding level of support. You can be sure of getting corporate support when you need it.

Previously, the organization had an environment where we managed everything locally. Azure Active Directory actually was our first entry into cloud solutions. We have not used other cloud solutions apart from Azure Active Directory.

The difficulty or ease of the initial implementation depends on the company and the level of experience as well as the level of knowledge of the IT team. The experience needed for cloud solutions is relative. I can say it's straightforward and even with a little experience or knowledge it is straightforward. The documentation is available and you can read and follow the documentation to handle the process. Of course, for new users, it could be a bit more straightforward.

For me, provisioning takes a few minutes - maybe between ten to 20 minutes. Normally it should take less than 30 minutes.

For this particular instance, we needed to add multiple users individually and sometimes as a bulk upload in the case of inboxes. Some needed third-party services. The documentation made the process pretty easy, however, when we did have issues, we could reach out to technical support to finish anything up. 

We have seen an ROI. It's actually cut some costs. Initially, we were using a local environment. Now, we've almost rid ourselves of one of our local environments. Moving to the cloud has saved us a lot of costs and actually, it's a very good experience. It's cost-effective compared to what we used before. It's better in terms of lowering our overall expenditure.

The prices are not too out of place. We're just gradually getting out of COVID and Microsoft is actually putting some renewals, licenses, and some products out just to cushion the effect of license costs as companies recover. With Microsoft, some products also offer free trials. 

We'd like to see more of a discount on existing licenses. They also need to consider having some free licenses, some free subscriptions.

I'm actually a customer. I have an environment in my home meaning I have a subscription that I've paid for. However, I also do consultancy based on the knowledge I currently have. I offer my knowledge to other organizations.

I would advise new users to allow open demos of cloud solutions and figure out what is on offer, what is available, or what can be made better. By doing a POC, you'll get to see resources used and what it's like to handle an environment entirely in the cloud. Organizations can consider gradually moving over or they can actually move completely to the cloud depending on what they want to do. 

I'd rate the solution at an eight out of ten. It's a good solution, especially for companies following the trend of moving onto the cloud. There's always room for improvement, however, currently, they are doing very well.

Usually, it is replicating an on-prem Active Directory environment into Azure. It is usually tied with generic email access and SharePoint Online access and building out provisioning for that. There typically is some sort of synchronization tool that is sometimes used in addition to or as a substitute for the typical Microsoft suite. So, it just depends upon the customers and how they're getting that information up there.

In terms of version, it tends to be a mixed bag. It just depends on the client environment and factors such as the maturity and the rigors of change management. Sometimes, it just lags, and we've dealt with those types of situations, but more often than not, it is more of a greener field Azure environment and tends to be the latest and greatest.

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot. 

For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.

I have been using this solution for probably two and a half years.

It is perfectly stable. I haven't had any concerns or any problems with that.

I have dealt with them. Overall, tech support is great if you have something that was working but it's broken and needs to get fixed. It is a different bucket if you have more of an implementation question like, "Hey, can we do this?", or "How to approach that?" Sometimes, it can be challenging to get the right people on that call to support those conversations.

Its initial setup really depends on the customer. I have one customer right now with a super simple environment. They're just replicating it up. It's all Microsoft stack top to bottom with no real surprises or anything else. They're happy as pie with that. 

I have larger customers who tend to want some sort of management layer on top of it for Active Directory management purposes. This tends to go into the cloud, which introduces its own little challenges. In a more sophisticated enterprise, I start running into custom schema or workflow dependencies that just don't translate well from on-prem to cloud, but it is rare. It usually ends up being a third-party solution that we route them to with that. So, it's not huge. The challenge is more in identifying that. Typically, as much as we try, we rarely get it identified early enough to change our statement of work or our implementation, so it becomes a bad surprise.

Its price is per user. It is also based on the type of user that you're synchronizing up there.

I would advise spending more time on planning and aligning your business processes with Active Directory and Azure in terms of custom schema and separating third-party accounts, external accounts, or customer's accounts from employee accounts. I've run into issues when people take an existing on-prem solution that has third-party entities or maybe external customers and start synchronizing it up. It is not a slam against the service, but that's where I start recommending people to do different instances of Azure Tenants to break that up a little bit and provide that separation. All of these are planning functions. Using this service can be deceptively easy, but you should spend more time on planning. Around 80% of it is planning, and the rest of it is the implementation.

I would rate Azure Active Directory an eight out of 10. It is super solid. I wouldn't say it's the best. I would love to have everything that you could do on-prem. I understand why it can't do that, but I would love that flexibility.