Microsoft Entra ID Reviews

When I started using Microsoft Entra ID I was an identity and access management technical support engineer at an organization that was a Microsoft partner. I use Microsoft Entra ID primarily to reproduce customer scenarios or challenges they are facing to help them resolve issues on their end. 

Microsoft Entra ID offers a single pane of glass for managing user access. This unified interface provides essential notifications and guidance if further actions are needed within Entra ID. While all features can't be displayed simultaneously due to potential clutter making it visually unappealing, the centralized view efficiently directs us toward managing user access and other identity and access management tasks.

The single pane of glass affects the user's experience positively. Microsoft Entra ID makes necessary innovations when it comes to the GUI interface.

In my overall assessment, the admin center seems effective in consolidating all the responsibilities and duties that admins should be able to perform. This centralization makes it efficient for users like us global admins and user administrators to find everything we need to do in one place, adhering to the principle of least privilege. While I appreciate the admin center's functionality, I prefer working with the Entra portal for its more robust view.

Microsoft Entra ID has significantly improved our organization's security posture. One key feature is what we call privilege identity management, specifically designed to manage sensitive administrative credentials. For example, imagine a CEO with an account in Entra ID. We might also have an IT technician or support person with an admin role, like a Security Admin. We call these privileged identity accounts. While the CEO holds the highest position, they don't need admin access. privilege identity management has been instrumental in enhancing our overall security in several ways including, Robustly securing privileged identity accounts: PIM implements stringent controls and access restrictions, minimizing the risk of unauthorized access to sensitive data and systems. Enforcing the principle of least privilege: PIM ensures users have only the minimum permissions necessary to perform their duties, reducing the attack surface and potential for misuse. Adding extra layers of security: Entra ID integrates multi-factor authentication and conditional access policies, further strengthening access control and mitigating security risks.

Entra ID's conditional access feature strengthens the zero-trust principle, which emphasizes continuous verification and never granting automatic trust. This policy has significantly improved our overall security posture by implementing specific controls that grant access only when users meet defined conditions.

The visibility and control provided by Entra ID permission management across Microsoft, Google, and Amazon Cloud is impressive. Microsoft has a long history in the identity and access management space, starting with Active Directory and subsequently adapting to the cloud. Their cloud expertise has served them well in developing Entra ID, a comprehensive IAM solution. I believe Entra ID represents a significant improvement, offering clear visibility and control over permissions. While I haven't used other third-party products for comparison, I feel Microsoft has delivered a top-notch feature within the IAM landscape.

Using permission management has helped reduce risk surfaces regarding identity permissions.

Entra ID has significantly reduced the time burden on our IT administrators and HR department. Take, for example, its built-in self-service password reset feature. Imagine I've forgotten my password and need to reset it. Previously, I'd have to log a request with IT, potentially waiting for assistance if they were unavailable. SSPR empowers users to reset their passwords independently, freeing up valuable time for our IT team. For our HR department, Entra ID offers integrations with third-party apps, also known as user provisioning. This comes in two flavors: outbound and inbound. Outbound provisioning specifically applies here. In this scenario, Entra ID acts as the source system, creating user accounts in the target third-party SaaS app which is like a tag assistant. For example, if an HR employee needs access to Dropbox or G Suite, we can create those accounts automatically in Entra ID and then provision them into the corresponding SaaS apps using user flows. This eliminates the need for manual user creation in each app. Furthermore, we can implement single sign-on, removing the hassle of juggling multiple passwords for different resources.

Microsoft Entra ID has significantly impacted the employee user experience, particularly through its single sign-on functionality. SSO eliminates the need for multiple passwords to access different resources. Previously, when a user was created in Entra ID, accessing other applications developed outside of Microsoft required separate credentials and logins for each platform. This created a fragmented and cumbersome experience. However, with Entra ID's SSO, user authentication and authorization for these third-party applications now seamlessly occur through a single sign-on process. This grants secure access to all integrated applications without the need for additional logins, streamlining the user experience and enhancing security.

Every feature in Microsoft Entra ID plays a crucial role in overall security. It's like the human body – we might underestimate the importance of seemingly insignificant parts. They might appear small or seemingly irrelevant, but their absence can have significant consequences. When a fingernail breaks or a hair falls out, we suddenly appreciate their role in the body's function. Similarly, with Entra ID, I wouldn't prioritize one feature over another. Each contributes significantly to the platform's robust security posture. They all work together to provide the best possible approach to cloud security. Therefore, highlighting a single feature as more valuable wouldn't be accurate.

Microsoft Entra ID can make improvements in two key areas. The first is to upgrade Workday and SuccessFactors integration to OAuth 2.0. Currently, these HR applications use basic authentication for inbound provisioning to Entra ID, while integration with other IDPs utilizes OAuth 2.0. Many organizations request the adoption of OAuth 2.0 for Entra ID as well, considering its enhanced security. The second is to provide clearer communication about features under public review. Features under public review should have comprehensive documentation outlining their capabilities and limitations. While user feedback is crucial, deploying incomplete features in production environments can lead to frustration and blame. Customers should be informed that public review features are not intended for production use.

I have been using Microsoft Entra ID for three years. 

The technical support team is always readily available 24/7. Regardless of when we raise a support ticket, someone will promptly reach out and try to resolve our specific issue. I understand that the support experience can vary depending on the agent we connect with. Some may not have extensive product knowledge, while others have hands-on experience and offer quick, helpful solutions. Overall, I'd give them a solid ten out of ten. Their constant availability and dedication to resolving our problems are commendable. Even with agents new to our organization, we can feel their effort to assist us. They escalate issues if needed, consistently check back with us for satisfaction, and demonstrate empathy while reassuring us that any limitations or problems we face will be addressed.

Positive

With the rise of cloud computing, Microsoft's exceptional hybrid identity capabilities proved invaluable for our organization. We were able to seamlessly integrate our on-premises users with the cloud through Entra ID. This implementation involved leveraging both Entra ID Connect and the cloud sync agent. While I'm unsure of their identity management setup before Entra ID, I can confidently say that the organization already relied on Active Directory on-premises before I joined.

Deploying Entra ID is generally straightforward. Once we create our Entra tenant, we gain access to Entra ID. Similarly, if we subscribe to Office 365, Entra ID is automatically created for us. This default setup meets most basic operational needs. Therefore, we don't typically need to make any further configuration unless we want to adjust security settings based on our specific organizational needs. Overall, using Entra ID is seamless and can be started directly from our tenant or Office 365 site.

The cost of Entra ID depends entirely on our organization's specific needs and use cases. For smaller organizations, like a local supermarket, it might be quite affordable with the basic free tier or a lower-tiered license. However, larger, multi-national companies with complex requirements may incur higher costs due to the need for additional features and advanced licensing tiers like P1 or P2. Instead of simply labeling it as cheap or expensive, it's important to consider our specific scenario and what functionalities we require. Different models and licenses cater to different needs, so the best approach is to carefully evaluate our organization's specific situation and choose the most suitable option.

I would rate Microsoft Entra ID a ten out of ten.

In the global identity management space, roughly 70 percent of organizations, in my experience, utilize Entra ID. One key reason for this adoption stems from the prevalence of on-premises Active Directory. Many organizations have long relied on this on-premises solution, and Microsoft's decision to replicate its functionality in the cloud, resulting in Entra ID, made the transition seamless for existing users. This familiar interface and consistent experience significantly eased adoption, leading to the 80 percent user utilization rate for Entra ID within my organization.

The main use case for Entra ID is to move from on-premises to the cloud. I have been doing a lot of cloud transformation work, and I have seen that most organizations that move to the cloud see a lot of benefits in terms of monitoring and IAM. In those cases, we move to Entra ID.

Entra ID provides a single pane of glass for access management. Microsoft Identity confirms users and the access management grants access. In terms of IT and access management, Entra ID provides better management and monitoring solutions that can be used effectively. Entra ID can be used by IT administrators and app developers. It offers a wide range of options for onboarding applications to the cloud. For example, enabling single sign-on for an on-premises application can be time-consuming. However, moving the application to Entra ID is straightforward. App developers can use Entra ID APIs to build personalized experiences, set up single sign-on, customize applications, and monitor them.

The single pane of glass consistency for user sign-on experience is very good because Entra ID is a solution from Microsoft that is available in different regions around the globe. This means that we always have better visibility and management of user sign-on, and now Microsoft apps also moved to Microsoft Entra. This provides a unified experience where we can manage access and permissions from a single location.

The consistency of our security policy is excellent. It is very granular, allowing us to scope it to groups or access it via the API. We also have Entra ID PIM, which allows us to granularly control access to resources. This is a very good option for access management.

Active Directory's Admin Center is a very good tool for managing all identity and access tasks in our organization. It provides a single pane of glass for managing users, groups, external identities, and roles. It also allows us to create administrative units, which can be used to scope access to a set of users, groups, and devices. We can also use Admin Center to view licenses, company branding, user settings, security settings, sign-in logs, provisioning logs, usage, and insights. Admin Center also makes it easy for admins to troubleshoot problems. For example, if we need to debug something, we can log into Admin Center and check the sign-in logs.

There were many benefits to moving to Entra ID. The main benefit was that it was a game-changer, especially for monitoring. When we were using Active Directory, everything was local. This meant that we had to build our own monitoring solution for each application that was onboarded into AD. This was a time-consuming and expensive process. With Entra ID, we can use Microsoft Sentinel or Entra ID Monitor to monitor all of our applications from a single location. This is a huge time and cost savings. Another benefit of Entra ID is that it makes it easy to onboard new applications. With AD, we had to deploy the application on-premises and then configure IT and access management. This was a complex and time-consuming process. With Entra ID, we can simply onboard the application and then grant Identity Access Management to the application. This is a much simpler and faster process.

Conditional access is a powerful feature that allows us to define a set of conditions that must be met in order for users to access our applications. This can help us to improve security by ensuring that only authorized users can access our data, regardless of where they are or what device they use. For example, we could create a policy that requires users to be located in a specific country or to use a specific device type in order to access our applications. We could also require users to use multi-factor authentication in order to access our applications. Conditional access policies can be applied to all of our applications, including those in Entra ID and Office 365.

Conditional access policy plays a key role in zero trust security. In the conditional access policy, there is a feature called named locations, which allows us to exclude devices from a condition if they are coming from a trusted location. For example, if we add an exclusion for trusted locations to our conditional access policy, it will directly impact our zero trust policy. The main driver for any organization to move to zero trust security is to reduce the number of named locations in their conditional access policies. By reducing the number of named locations, we can increase the security of our organization by making it more difficult for attackers to gain access to our systems.

I have been using the conditional access feature in conjunction with the endpoint manager for a long time. This is a great feature because it helps us to monitor threats and direct users accordingly. It is a very useful feature for monitoring our endpoints. For example, if a user tries to access a service, the check can be done and the endpoint manager will be able to provide us with all the findings.

Microsoft Defender for Endpoint can identify any PaaS devices that connect to a network. This includes any unpacked devices that are trying to use an application that is onboarded in Entra ID or any persistent Office 365 application, such as Microsoft Teams, Outlook, or OneDrive.

I have been using Entra Verified ID on the proof of concept. It is one of the best ways to onboard a remote employee. Since COVID in 2020, we have all been working remotely. It is better to onboard an employee who is present remotely in a different location than to ask them to come to the office, collect a laptop, and then onboard them. Verified ID makes this process easier by using preset, already-known information that is present in our company directory. For example, when an employee is interviewed, they are given face verification through a government ID. The ID is collected and a photograph is taken, which is then stored in the HR database. With this information, we can onboard employees remotely and grant them access to all of the company's resources. This is a much easier option than asking everyone to come to the office and ask for help from the overloaded service desk team.

The speed at which we can onboard a remote employee depends on how we define it in the initial planning. If we set the correct standards, such as the type of information we need to verify the employee's identity, we can streamline the process. For example, if we require the employee to provide a government ID and a photograph, the HR department can collect this information in advance and process it in the company's database. This will make it easier for the employee to complete the onboarding process remotely.

When it comes to controlling and prioritizing the privacy of identity data, there are multiple ways to do so. One way is to onboard remote employees with information that is already present in the company directory. This information can be verified by HR, who has already obtained the employee's consent to share their personal information. Another way to onboard remote employees is to ask them to provide a photo and government ID. This information is also stored in the company's database and is not shared with Microsoft. Microsoft only creates a digital identity for the employee and uses this identity to validate the employee's remote onboarding. In both cases, the employee's personal information is not exposed to the Internet. Microsoft and the company have a secure channel for exchanging this information, so there is no problem with data privacy.

The permission manager in Entra ID is very good. Microsoft improved it a lot. Microsoft Entra is the new permission manager solution. It provides comprehensive visibility into the permissions assigned to all identities, such as user identities. It also allows us to check the current permissions that are given to users. This is a better way to manage permissions. Permission management is a really good option that has a lot of benefits and improvements, especially when moving to the Microsoft enterprise.

When it comes to identity and permission management, the risk is relatively low when using a cloud-managed solution. This is because cloud-managed solutions provide full visibility and the option to automate permission management. One of the benefits of cloud-managed identity and permission management is that it allows us to implement the principle of least privileges. This means that we can give users and workloads only the permissions they need to do their jobs. This helps to reduce our attack surface and makes it more difficult for attackers to gain access to our systems. Another benefit of cloud-managed identity and permission management is that it provides us with visibility into our user and workload identities. This allows us to quickly identify and remediate any security issues that may arise.

Entra ID helps our IT administrators and HR department save time. It reduces the custom task of deploying and onboarding any application. This means that administrators can easily onboard applications to Entra ID and provide users with a single sign-on experience. As a result, administrators have more time to focus on improving their skills and deploying new Entra ID features. Entra IDoffers a wide range of features, including artificial intelligence capabilities such as Chat GPT. This frees up a lot of time that was previously spent managing the local active directory. Entra ID has freed up most of my weekends. When I was previously working with on-premises data centers, I had to patch my servers every weekend, which was a time-consuming and tedious task. However, now that all of my applications have been moved to Entra ID, these tasks have been drastically reduced. As a result, I would say that my weekends are now almost free.

Entra ID saved lot of organization money. I see previously organizations investing in expensive solutions for data centers, which required a lot of maintenance and the need to find the right talent to manage them. However, with Microsoft Entra ID, we no longer have to worry about maintaining data centers, as they are completely managed by the cloud. This has made our operations easier and more efficient, as we can now deploy changes quickly and easily, and receive alerts when any issues are found.

Entra ID positively affected our user experience.

Microsoft Entra ID Protection and Microsoft Sentinel are both excellent monitoring features for Microsoft Entra ID.

Beneficial of Entra Monitor and Log Analytics to monitor the secure operation of Entra ID services.

Great improvements in the Modern Authentication Strategy Passwordless FIDO2 improvements & Entra ID verification 

In terms of licensing - being able to pick some premium features without purchasing a package is advantageous.

Increasing the free log retention period might be more beneficial.

Compatibility features for legacy systems integration with new features will be challenging at times.

I have been using Microsoft Entra ID for ten years. Microsoft Entra ID has been a critical component of Microsoft cloud offerings since the time it was introduced.

Entra ID is extremely stable and Microsoft absolutely brings new improvements to this feature.

Entra ID is highly scalable. I have seen multiple organizations over 80,000 people in use Entra ID worldwide.

The technical support is good but sometimes it can be difficult to connect with the right engineer when you are working in a complex enterprise environment.

Neutral

Out of all my experiences i have seen organizations using  Microsoft Active Directory before switching to Entra ID.

The initial setup is straightforward. I completed most of the deployment myself with excellent support from the Microsoft support Team.

In most of the cases the implementation was completed in-house with support from the Microsoft support Team.

We have seen a return on our investment with Microsoft through improved performance, better management, and enhanced features.

Entra ID's pricing is comprehensive and affordable. The prices are easy to understand, and the licenses include a variety of security monitoring and additional features.

I have evaluated Google Cloud Identity and AWS Directory Service, but I felt more comfortable with Entra ID.

I give Microsoft Entra ID a nine out of ten.

Entra ID does not require maintenance from our end.

For someone evaluating Entra ID, it is important to understand their use case, business requirements, current solution, and expectations. The current solution is important to understand because it will help to identify any gaps that Entra ID could potentially fill.

I have had multiple use cases for Entra ID during my previous position as a system administrator. In that role, I was responsible for managing around three thousand users within our organization, including some external parties, which brought the total user count to approximately ten thousand. Entra ID is a cloud-based solution designed for identity and access management. In our organization, we primarily employed it to maintain user groups for authentication purposes. Additionally, we had on-premises applications that required registration within Entra ID, enabling us to provide a single sign-on solution for these applications, granting access to our users.

Entra ID boasts several other features as well. For instance, we utilized a security feature called NFA to enhance user security. We also implemented a conditional access policy, tightly integrated with Microsoft Intune. This policy allowed us to define specific access rules based on user locations. This means that if a user was located in a particular branch, they would be granted access to certain services while others would not. Such configurations were established within our conditional access policy in Entra ID.

At times, we needed to provide temporary access to certain users as administrators. For instance, our compliance team might require access to check compliance reports or logs for a limited period, which we facilitated by granting access for one or two hours. Within Entra ID, we have a functionality known as Security Score, which we utilize to assess and benchmark the security of our organization. This helps us identify potential risks and areas for security enhancement.

Among the tools we employ, Intune plays a crucial role. With Intune, we effectively managed our Windows, iOS, and Android devices. We could establish compliance policies and configuration settings for both Entra ID and Intune, ensuring a consistent and secure user experience across different devices and platforms.

Entra ID can be deployed using a hybrid model for organizations with a significant on-premises presence, or in a fully cloud-based setup for those that do not.

Entra ID offers a unified interface for managing user access.

In addition to the Single Sign-On provided by Entra ID, we also offer a biometric option through Windows Hello.

In the admin center, we can locate the dashboard. Recently, Microsoft has made significant improvements. Previously, searching for a username required navigating to the user test section. However, presently, I've observed that Microsoft has enhanced the search scenario. Now, by simply searching for the username on our web page, it will display the username along with all associated details. Furthermore, we have password identity management, group management, and application registration options available. We also support on-prem authentication, specifically rescoping authentication like NTLM, which is an older authentication method. However, if we register our application with Entra ID, we can easily enhance the security of our authentication through modern authentication methods. These security features are available within the admin center.

Verified ID, in fact, is obtained when we create or subscribe within Entra for the initial time. Therefore, it is a default setting on Microsoft that provides us with a default domain. However, if we perform this on Microsoft.com, we need to append that tenant and subsequently verify it. This, of course, necessitates the addition of certain DNS entries to incorporate our customized domain into Entra ID. Consequently, we have the capacity to include up to 500 domains within a single tenant.

We are three global admin users. As such, we are responsible for maintaining our company's tenants. Occasionally, the security or compliance teams need to assess the current status. For instance, we might have a project requiring a vendor to have access for a specific duration. In such cases, we can readily grant customized access to that user for the designated period. Post this duration, access will be automatically revoked. Hence, we can manage these settings through permission management.

Microsoft has indeed introduced new features. For instance, we now have the ability to create a multitude of users or add members to a group all at once. To facilitate this, they have developed a custom script. By including the object ID of the user in an Excel or CSV file and importing that file, the system will automatically add the users. Entra ID is particularly time-saving, as it allows us to add 100 users in just 30 seconds using the group method. If we were to create the group manually, it would take one to two hours per user.

In my situation, not all users are motivated. The IT division and the technicians might be up to date with the latest technology. However, when we consider the finance or sales personnel, their primary focus is on their business sales. They lack knowledge of IT or technologies. As a result, when we introduce a new solution and onboard their users to that system, we encounter certain issues. Nevertheless, through integration and training, we established the necessary procedures for logging in and working, which eventually became acceptable. Entra ID has played a significant role in making the user experience more seamless.

As an administrator, we sometimes observe a discrepancy between Microsoft Intune and Entra ID – these are distinct solutions, each with its own licensing subscription. On occasion, these two solutions are combined into a single service, or conversely, certain services might be removed. Such situations can create conflicts for administrators. A few days ago, I noticed that certain aspects like the Microsoft Compliance and Microsoft Security tabs were missing when accessing Entra ID. It appears that some services have been removed from Entra ID and new ones have been introduced, which wasn't communicated to us. I would appreciate receiving notifications regarding the removal of services from specific tabs, along with information about their replacements. This would allow us to plan our logins accordingly. Microsoft offers two portals – the classic portal and the modern portal. When using the classic portal, we promptly receive notifications about its upcoming transition to the modern portal after a designated date. However, no such notifications were provided for Entra ID. In my quest to locate security and compliance checking features within Entra ID, I discovered that the options were seemingly absent. Subsequent Google searches revealed that these features had been consolidated under a single solution.

We are receiving false security alerts on the dashboard. We have set up a conditional access policy that restricts access based on the user's location. However, we have observed that there are instances when Microsoft's AI might be generating these false alerts. This is causing users to be blocked from accessing their accounts. When we reached out to these users, they confirmed that they hadn't visited the specified area or country in the last seven to ten days. Despite this, they are receiving notifications to reset their passwords, with a warning of being locked out. Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users.

I have been using Microsoft Entra ID for five years.

Entra ID is a cloud-based solution. Microsoft, in fact, operates multi-zone data centers which greatly reduce the possibility of service outages. However, this year we have experienced a significant amount of downtime. For instance, we encountered Exchange Online issues in Bangladesh. They source their authentication from either the Singapore or Indian data centers. Unfortunately, there were several instances of problems in this area this year, about two or three times. We faced communication as well as mail-sending problems. While their Service Level Agreement is supposed to be 99.99 percent uptime, it seems to be closer to 99.98 percent. Interestingly, for the past four years, we did not encounter any such issues. Strangely, this year, these problems began around the time of the Russian incident. It's possible that backend issues, perhaps related to cybersecurity, contributed. Additionally, Microsoft laid off ten thousand employees this year, and after this restructuring, we started facing these issues.

I would give the scalability a ten out of ten.

The quality of technical support depends on both the issue at hand and the expertise of the assisting engineer. In certain cases, they might be unable to provide assistance, leading us to resolve the issues on our own.

Positive

We previously used the on-premise version of Active Directory before switching to Entra ID.

The initial setup for Entra ID is simple when opting for a full cloud deployment. We only need to onboard the users and enter the license. However, in a hybrid scenario, we require network connectivity from on-premises to the cloud. Additionally, a separate server is necessary to synchronize the users with the cloud. This process is time-consuming and intricate to manage.

I implemented Entra ID for three to four companies in Bangladesh. Additionally, for on-premises Active Directory deployments, I handled more than ten to fifteen projects. In the capacity of a vendor, I collaborated with a company that served as a local partner of Microsoft.

The deployment involves four or five teams, including IT, Networking, and Security.

To facilitate hybrid implementations, we need the support of an architect to design the servers.

As Entra ID is a subscription service, a payment is required for each user every month. To access its features, purchasing the license is necessary. Initially, upon creating the tenant, a complimentary subscription for either 30 or 90 days is provided. After this trial period, it's mandatory to choose a subscription. Entra ID is relatively expensive compared to other solutions. There are free alternatives available for managing and providing authentication. However, considering a comprehensive range of solutions under one umbrella, Entra ID stands out. It offers additional benefits such as one terabyte of OneDrive and SharePoint storage, along with Microsoft Teams integration. The cost covers various applications and extra features, providing good value for the investment.

Entra has P1 and P2 licenses that are bundled with lots of applications.

I would rate Entra ID a nine out of ten.

Since Entra ID is cloud-based, remote users or branches need to ensure that they have a stable internet connection to access our environment.

Maintenance for cloud solutions is generally not obligatory. This is due to the automatic functionality that activates when users are enabled. However, if a license expires, we must either seek assistance from Microsoft or renew all licenses, subsequently testing the new licenses. Occasionally, for maintenance, especially when dealing with our own custom applications and enabling single sign-on with Entra ID users, we require assistance both from Microsoft and our mitigation team. This is because each application has its own authentication method, often resulting in compliance issues. To address this, discussions with the mitigation personnel are necessary, and we may need to allocate time for aid from a Microsoft engineer. In certain instances, collaboration with Microsoft vendors from the integration team is essential. Apart from these situations, the process remains fairly straightforward.

It has allowed us to use other SaaS products that will authenticate with Office 365 as well as other Microsoft products and non-Microsoft products, so we can have a single sign-on experience for our users. Rather than them needing to have multiple usernames and passwords, they just use whatever they have as their main username and password to log onto their machine.

It is SaaS based, but we sync up from our on-prem into Azure AD.

With COVID-19 at the moment, this solution is a good example of where we needed to move a lot of our traffic from our on-prem authentication into the cloud. Last year, before I joined the company, we had to setup our VPN differently. It was easy enough for us to do because our machines were already joined to Azure AD. We just split the traffic and stopped having to rely on our on-prem VPN for our Office 365 traffic. We were just good to go into the Internet because we had all the features setup, e.g., MFA and Conditional Access, which made life a lot easier.

It has made our security posture better. There are always improvements to be made, but we feel more secure because of the way that things have been setup and how everything integrates together.

• Single sign-on is the most useful at the onset. 
• The dashboards offered are very granular, in terms of usages. 
• We find the Conditional Access element and Multi-Factor Authentication side of things very useful. 

These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.

Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.

It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.

The one area that we are working on at the moment is the business-to-consumer (B2C) element. It is not as rich as some of the other competitors out there. The B2C element of Azure AD is quite niche. Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing.

In my previous role, there would have been a few things that I would have liked added, but they have already introduced them. Those are already in the roadmap. 

I have been using the product for many years. I have only been at Adecco for six months, but I had experience with it at my prior role as well. Overall, I have used it in excess of five years.

The stability is fantastic. It is a big step from using Active Directory on-premise to now moving to something that has been completely rethought in the cloud. It is very impressive and fits into the whole Microsoft ecosystem, making life easier.

We have had some downtime, but I think a lot of that has been unavoidable from Microsoft's side of things. Microsoft made some changes in some instances which caused certain features to be unavailable, like Azure AD became unavailable a few weeks ago. I love that they were very frank, open, and honest as to what happened. However, the bottom line is that we prefer downtime not to happen. 

We have had no problems with it. We are not exactly the biggest organization, i.e., 30,000 accounts. IT makes up probably 5,000 of those accounts, or less. If we were an organization of hundreds of thousands, then we might be questioning scalability. However, I have never known it not to be scalable. For medium- to large-organizations, it is fine. I think it is when you get into multiple companies with multiple complexities then it becomes a struggle. For us, it is more than scalable for our purposes.

We still have many applications that need to be onboarded to Azure AD. Because we are moving to the cloud, there is a lot more that we need onboarded into Azure AD, but it is working well so far.

The technical support is great. We have a dedicated resource who understands our environment. We have regular meetings with them once a week where we get to discuss the current status of various tickets as well as our questions. The support that we get is very good.

We have Premier Support. We also have Premier Mission Critical Support on Azure AD, which is where we have someone who is dedicated to our setup and knows how our environment's setup. Therefore, if we do have a major issue, then they would be brought in to help resolve those issues.

It was a given that we would use Microsoft. To use Microsoft 365, you need to use Azure AD, so that is what we did.

I have always used AD and Azure AD.

In my previous role, the initial setup was quite simple. It was a simple case of install and follow some wizards, then you pretty much had it setup and synced to your Azure AD from the on-prem. Minimum effort was required.

The deployment was about three weeks, which was mainly the change process and getting it through our internal changes. It was quite quick. 

We did it ourselves internally with some help from Microsoft. There were four people involved in the deployment: the service owner, a Microsoft product engineer, and two internal engineers.

We have the maintenance outsourced to a partner. However, we have had trouble with this partner because of their lack of delivery.

Ideally, I would like around five people to work with the partner and maintain the environment. At the moment, we have one person and are recruiting two others. For our scale, three to five people would be great as well as working with a partner to do the operations. That is the model that I am using.

It is one of those costs where you can't really quantify a return on investment. In the grand scheme of things, if we didn't have it, we would probably have a lot more breaches. It would be a lot harder to detect issues because we would have people using static usernames and passwords for various sites, making us open to a lot more attacks. The amount of security and benefit that we get out of it is not quantifiable but the return of investment from a qualitative point of view is much higher than not having it. 

It is the one platform that should be used for all authentication. Azure AD allows you to have one username and password to access all of your sites, which makes life a lot easier. Therefore, the return on investment is good because people have to use the one ID and password.

Be sure:

1. You know your userbase, e.g., how many users you have. 
2. You choose the right license and model that suit your business requirements.

In the future, I would maybe like better integration with competitive products. Obviously, Microsoft would be selective on that anyway. For example, working alongside Okta as a competitor, their product seems to be a bit richer in its offerings. From what I have seen, Okta has a bit more of an edge, which is something that might benefit Azure AD.

Be prepared to learn. It is a massive area. There are a lot of features offered by Azure AD. It works well within the Microsoft realm but also it can work very well with non-Microsoft realms, integrating with other parties. The fact it is Microsoft makes life so much easier, because everyone integrates with Microsoft. Just be prepared to absorb because it is a big beast. It is also a necessary evil that you need to have it. The advantages outweigh the disadvantages of having it.

The learning curve is both steep and wide. You can only focus on what you can focus on with the resources you have in your organization. It is such a big product and changing all the time. This means that you need dedicated people to be on it. There is a lot of keeping up with what Microsoft puts out there with Azure AD, which is great. This makes its feature-rich, but you need to be able to learn how it integrates into your business as well.

What Azure AD does for my current organization is sufficient, but we are probably not adopting most of what Azure AD has. We do not have it at a mature place at the moment, but we hope (over the next couple of years) to get it up to the latest and greatest.

It is an integral part of using Microsoft stuff, so we are not going to move away from it any time soon. If anything, we will ensure that everything is on Azure AD and authenticating users use Azure AD. That part will still take some time to do. Like most large organizations who have been around for a long time, we have legacy to deal with and some of that legacy does not support Azure AD. So, we are working towards that.

If you come from a company with legacy technology, then there will be a lot of business and technological changes for you to make.

The adoption of Azure AD B2C is progressing somewhat well. That is something that we just started in the last couple of months. We are having more of our products being onboarded into it. We will be moving other implementations of Azure AD into the one Azure AD implementation, and it has been great so far.

I would rate it as a nine out of 10. I would have given it a 10, but it is impossible for something to be perfect. The product does itself a disservice when there is an impact due to downtime, which we have had over the years. Because you rely on it so heavily, you can't afford for it to go down for a few minutes because then there will be user impact. 

We primarily use Microsoft Entra ID for application registration, especially for Software as a Service applications, which are prevalent in managing the power grid. These applications support various needs, such as managing contingent workers in our 24/7 operation. While we still utilize some on-premise applications, we prioritize cloud-based solutions for their high availability and accessibility. Furthermore, we are actively exploring B2B collaboration features in Entra ID to manage guest accounts, which offers significant cost savings on licensing and enhances ease of use for external users. Optimizing guest access privileges is a compelling business case for utilizing Entra ID effectively.

Microsoft Entra ID has helped by simplifying our management of permissions for APIs. We are not directly exposing credentials, as we use tokens instead. It has made management easier and more secure, especially in a multi-user environment.

The implementation of Microsoft Entra ID significantly improved secure access to applications and resources in our environment, primarily through the widespread use of single-sign-on. Managing API permissions became much easier, as application registration often involves calling an API to utilize services without directly exposing credentials, relying instead on token-based authentication. This streamlined approach benefits end-users by simplifying access while remaining transparent to them. Ultimately, my role focuses on ensuring a smooth and user-friendly experience, even if the underlying technology remains unseen by the end-users.

Our company strongly emphasizes passwordless authentication, primarily through device-bound passkeys in Microsoft Authenticator. While administrators with high-privileged accounts utilize YubiKeys and passwords for tasks like accessing Microsoft Graph, we are actively transitioning all other users towards passwordless methods such as Windows Hello biometrics. This approach streamlines authentication and enhances security. Though initial deployment in 2022 presented challenges due to hardware limitations and the lingering effects of the COVID-19 pandemic, the technology has significantly improved and provides a simple and effective user experience.

The most valuable feature of Entra ID is having a cloud-based identity, similar to Google's single sign-on. This technology allows for a managed identity in a corporate environment, differentiating between work and personal profiles. Microsoft excels at this distinction, providing a seamless experience akin to signing on with Google across various platforms, streamlining workplace access.

One challenge with Entra ID is its complexity, stemming from integrating many components into a single solution. This complexity can hinder rapid adoption by professionals, suggesting a need for more streamlined, role-specific training to maximize the platform's potential.

I have been using Microsoft Entra ID for four years.

I have used Microsoft Entra ID almost daily for the past few years. Although there have been some minor issues this year, such as with CrowdStrike, it remains a stable platform overall. However, it may not have achieved 99.9 percent availability this year.

Although our company is small, Microsoft Entra ID is a scalable solution that meets our current needs.

Customer service is a mixed bag. Initial responses aren't always great, but once we find the right person, the support can be really good. The initial score is about a six, but with the right assistance, it moves to an eight or nine out of ten.

Positive

In the past, we used Okta and more on-premise solutions. In manufacturing, I used Duo as well.

The initial setup of Entra ID is manageable, especially for those familiar with domain controllers and Active Directory functionality. The straightforward process involves installing an agent on our server, after which Microsoft handles the propagation of information to the cloud.

Regarding my work, the managed identity with consistent feature updates that provide access, ease of use, and security comprises the most significant return on investment for us from Entra ID. While keeping up with updates can be challenging, ensuring security and ease of use makes it worthwhile.

Licensing costs for Microsoft Entra ID remain a concern, especially with the price increases in 2023. While these increases are often attributed to global supply issues or inflation, they still impact everyone. To address this, we are exploring guest accounts to reduce costs. Although many new features are still in preview, we are utilizing them with the understanding that once they are finalized and priced, they will be ready for widespread use. For example, we are implementing Microsoft Copilot, which carries a significant licensing cost. However, beyond the cost, data governance and role-based access control are crucial considerations. AI introduces complexities beyond traditional RBAC, requiring data labelling and different access management strategies.

I rate Microsoft Entra ID an eight out of ten.

Microsoft Entra ID is a great tool, but we face challenges working with numerous vendors and Microsoft Gold partners. Since we manage the power grid, we must proceed cautiously while ensuring effective solutions. Our 24/7 operations necessitate collaboration with other power companies that rely heavily on Microsoft products. To facilitate this, we aim to create a platform for seamless intercompany cooperation, especially since many are establishing data centers.

While I'm not as focused on cybersecurity these days, I believe the zero-trust principle should always prioritize security in its design. This foundational approach applies to everything, from individual tenants to startups. Microsoft, for example, uses default settings, which, while not always ideal, aim to avoid disruptions. I understand their approach, but security should always be paramount.

Our adoption of Entra ID has been slow, particularly with bulk electric management systems. While we desire control over our data center, incidents like the CrowdStrike outage highlight the risks of relying solely on cloud providers. This event sparked discussions among my coworkers and me about Microsoft's ambition to be the World's Computer, as proclaimed at Ignite Keystone. Such aspirations demand greater accountability, especially when outages disrupt global operations. Although Microsoft wasn't directly responsible for the CrowdStrike issue, the perception of their service reliability is still impacted. Ultimately, users will focus on the outcome, regardless of fault.

I use it to manage users and devices in my environment. 

I'm also using it to control access to different services that we have and to manage and register applications. It is used to control access to applications that we use in our company. I do a lot of applications in Azure Active Directory, and then I also have a hybrid configuration in my environment. I'm able to sync my on-premise users in the cloud so they can have the benefit of cloud infrastructure while maintaining access control to provide them access to the services that they need in Azure.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

We have an unlimited number of users that we can register. We can register more than five hundred thousand objects. That is wonderful for us.

We can have an audit and we can easily audit logs. I'm able to know when the user logged in and what program they used. I can track everything. I can see activities and denial of access. 

I can create many users at one time using Excel. When we have a lot of people that join, I can just use Excel to perform the deployment of the platform by creating a user. It makes onboarding easier. 

We can manage access and onboarding by teams. It allows us to maintain privilege identity management.

The Entra admin center is also fabulous. 

The product provides a single pane of glass for managing user access. Everything is there. I can monitor from there. I can create a single sign on from there. I can create MFA (multifactor authentication) directly from the portal. I have more than two thousand devices that I manage and I can do everything centrally. 

The single pane of glass affects the consistency of the security policies we apply. It is easy for me to have access to the panel, and I can have a great view of what is going on in my Active Directory. I have a security score. I have the number of groups, number of applications, and number of devices right in front of me, in one place. This makes it easy for me to monitor it and check everything. 

There are good tutorials available for learning more about the product.

We are using the conditional access feature. We also leverage multi-factor authentication so that we can verify users by phone number, for example. It helps us verify effectively. The conditional access feature works well with Microsoft Endpoint Manager.

We use the verified ID to onboard new employees efficiently. We can now onboard in less than 30 minutes. It's also great for privacy and control.

The employee user experience has been positive. When they submit a ticket, it gets resolved in less than 15 minutes. It's very impressive.

I haven't had any issues with the product.

I've been using the product for three years.

The stability is wonderful. I'd rate it 9.5 out of ten. It's the best.

The scalability is good. It's very scalable. 

I've only reached out to technical support once when I was trying to access our agreement account. They set up a meeting and guided me through how to connect to it. I had a positive experience. 

I have used other cloud technologies like AWS or Google Cloud and they don't have the type of active directory where I can control everything. Azure is very powerful.

Previously, all of our active directory was on a Windows Server on-prem. Managing it was not easy. Finding user accounts, going to log in to the Windows server, going to log in to the active directory, et cetera, that previous process was too long. Now, it's easy. Now, you can log in and you have everything in front of you. 

With the old system, we needed to configure it and we were using Okta and we had a combination of many, many tools to be able to get results. Now, we can assign the role directly from OneClick, and we can also use the PowerShift LiveGuard template and it's easy. 

The product is easy to set up. You can set up an entire organization in one day. 

There is no maintenance needed. Microsoft takes care of everything. We just make sure that we check the synchronization. Even if there is a sync error, we will receive a notification. Usually, it fixes itself and syncs every hour.  

We handled the setup in-house.

We've saved more than 20 hours per week. The product is saving us a lot of time. It cut time spent by 45% to 50%. It's also saved us money as we only pay for what we use.

We pay monthly, and we only pay for what we use.

We are a Microsoft customer. 

I'd advise potential new users to read the documentation and make sure that they know what they are doing before they begin providing access to users. If they don't follow the requirements of their company before creating users, they could have a data breach or provide the wrong access.

You can have a centralized solution that provides secure access. You can manage everything from one portal. Azure makes it easy.

I'd rate the product ten out of ten.

My company provides different types of support for different products. I am a Microsoft Azure support engineer for Azure Active Directory.

We work with multifactor authentication, federation, synchronization of on-premise services to the cloud, migrations from on-premises to the cloud, and role-based access to company services. I also work with the identity services of Azure. I work with certain cases where customers have issues with Office 365. That's because the administration and the role-based access come from the Azure platform. 

We're in the middle of the transition to unify more services. There are many services in terms of networking with the machines and storage accounts.

Azure is a platform, so it doesn't have a version.

Microsoft 365 is a part of the service of Active Directory. Currently, all the people and institutions, such as schools and universities, working from home are getting the benefits of Microsoft 365 in Azure Active Directory. They are indirect users of Azure Active Directory. That's because all the services are with the Azure platform, and all these identities are managed from the cloud. This service is providing a huge contribution to the whole world at this time. For example, my nephew is not going to school currently, but he has to connect every day through Microsoft Teams. I know that it is Active Directory that's managing this authentication, but he doesn't know that.

Azure provides many services related to security, data protection, identity, key networking, and management of the storage accounts with encryption. The whole environment is very secure. Azure works with the security of the services. It is in the backend, and it is the same platform as Microsoft 365 or Office 365. So, if you have Office 365, you're using Azure. The platform source is the same for Azure and Office 365 or Microsoft 365. It is the same platform to manage the users. At a certain point, I guess everything will be together because even though there are too many services, all of them rely on the same platform.

There is a secure way of managing the security and access to your services. If you use Azure in your company, you can manage the type of authentication that you want to use for security. For example, you can manage your company from on-premises and also use the cloud in a hybrid environment. This way the services that Azure provides on the cloud are available for the users that exist on-premises, and this is actually where I'm working right now.

The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.

For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory. 

For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.

The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them. 

Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.

I have been working with Azure Active Directory for two years.

Scalability is one of the main features of Azure. You can adjust the services that you have., You can increase them anytime, and if you are not using them, you can downgrade the services to the minimum. The scalability and elasticity are the key features of Azure. They allow you to manage all the resources that you have according to your needs. For example, if you are a big company that is going to have a lot of customers during a period and needs to duplicate or triplicate resources, you can get all those created immediately. When you don't need that many virtual machines, storage accounts, or web services, you can downgrade to the minimum. The pricing will be according to the service that you are using. This is one of the most attractive things for the customers because if you were on-premises, what would you do with all those desktops once you don't need them. On the cloud, it is different. If you don't need it, just remove the service, and you won't be charged. It is very flexible.

I provide support for Azure AD. This is my area of support currently, but sometimes customers have questions about different products or services. Because I'm working on Azure Active Directory, it doesn't mean that I only know about this specific product. We are constantly learning and getting trained. There are too many things to learn more about the Azure platform. I have worked for the billing and subscriptions team, which is a totally different type of support. If a customer has questions about billing, subscriptions, pricing, and discounts available on the platform, I can provide support. If a customer needs help with creating a virtual machine, I can tell the customer to work with another team. If I have the knowledge, I go the extra mile and help them. 

There have been situations where the customers had a ten-year-old server that was no longer supported, and all the services were very old. They were from the time when Azure started, and those services are called classic services. Most of those services are not compatible with today's technologies. In such cases, we had to let the customers know that they need to migrate the services, which can get tough for some of them because not all users have the resources to move services to new technology. In such cases, we work with other teams within our own company and try to find a solution. We always try to find a solution. We are not limited to one solution. We'll research for options and do some brainstorming with other teams, and most of the time, there are no cases that we can't close or are unsolved. Of course, customers might have been expecting a different solution, or they are not open to change, but at a certain point, they will need to accept that some of the resources that they have been using for more than 10 years are now obsolete. 

It is very simple. All you need to do is to create a subscription. When you create an Azure subscription, you will be creating an Azure account. If you are using Office 365, you already have an Azure Active Directory account.

If you go to Azure.com and use your credentials, you would be able to log in. So, you have a basic panel with services related to Active Directory, but if you need to deploy virtual machines or other paid services, you will need to purchase a subscription. I have my own environment, but I only use it for testing and for making records of customer issues to see what's happening or why the problem is coming.

It is a very easy-to-manage platform. There are many guides. As soon as you enter the portal, you will see all products and services. Every time you click on any specific service, you will find information about the service, its pricing, etc. You will get the required information needed on the platform. I also have experience with IBM's platform, but it was not as easy to handle as the Azure platform. 

The basic tier of Azure Active Directory is free, so many users use the service for free. For a small company having the security and compliance that Azure offers is a great benefit. For small companies that are using the basic services, not having to pay for Azure Active Directory is the main asset because they can manage their users and have authentications tools and security. 

You just need to create an Azure account to get a free trial or subscription. If you sign up for a free subscription, you will have $200 that you can use for a month on any services that you want to try or test. If you're planning to use a paid subscription, you can't have the first month for free until you spend those $200. At that point, you can decide if you want to continue using the platform. You will be paying only for the services that you use. If you have a virtual machine, but you don't use the virtual machine, you won't be charged for that virtual machine. There are, however, some limitations. If you choose to have storage linked to the virtual machine, the storage is charged differently. 

Azure has different tiers. You can use the standard free version. You can have the B1 license that gives you more services. There is a B2 license that extends to even more objects, more users, and more services. So, depending on the license that you have for the product, the capacity changes. The basic tier allows you to manage a certain number of objects, which can be users, groups, permissions, etc. The number is limited because you are using the free version. If you want to manage a bigger company or more objects, you can just purchase a B1 license. If you need more, you can change to the B2 license that's a top tier. 

If the size of your company changes or you need to reduce the number of licenses or services, you can always cancel licenses. You can go back to the lower tier at any time depending on your needs. Most of the big companies use the higher tiers because they have many employees. In domains like education, there are many students, so they need to use more licenses, but most of the small companies or users who are using it for a project use the free version.

If you need to purchase a service, for each and every service that Azure offers, there are different pricing tiers. For example, you don't have to purchase a virtual machine that is too expensive. There are basic virtual machines that may cost you $40 for one month. If you need a very specific machine to do a deployment, you can use it just for the deployment and then delete the virtual machine. You have to pay it only for the hours for which you used that machine, which is a great advantage. If you work with data processing or you're a developer who needs to test new software or a game, you don't need to pay a huge amount of money for a specific virtual machine. You will only be paying for the hours that you need to do the testing. You don't have to pay $6,000 for high-end technology. I know that the idea is to keep people using the virtual machine, the storage account, or any service they have, but if their needs are just limited for a few hours of the month, that's what they will be paying for. So, it is very flexible.

I would recommend Azure Active Directory to everybody. I would recommend others to use it to easily manage all the users. If you are dependent on an on-premises server, those servers may fail. Some people have too many old servers. If you move to the cloud, you don't have to worry about hardware maintenance.

Microsoft offers several ways to keep your data safe on the cloud. For example, you can choose replication. That means that your data will be at two different data centers. You can have your information at two different locations, such as in the east of the USA and in the west of the USA. If you are paying for higher services, all your information can also be in another country or region. So, all the information that a company may have in Azure will be protected if something catastrophic happens, which is something very important, especially for large companies. 

The improvements to the platform are constant, and the feedback that the customers provide to Microsoft is taken very seriously. They have a feedback page where the users can request new features or existing features that they are not happy about. Microsoft takes into account all these requests, and I see the response from the backend team or developers. I can see how they provide new products or good information about what they are doing right now to improve the services. Most of the requests are for new services and ideas, and most of those ideas are seriously reviewed. I can see that over the last few years, how many of these requests have become a part of the platform. So, you see improvements everywhere. There is also a change in Office 365, which will be soon known as Microsoft 365. They're changing the experience, and they are also changing the licenses to include more products. So, changes are constant. I am not saying this because I work for Microsoft. I have also worked for Amazon, and I see similar structures. They are making changes all the time.

Every day, I see the requests of customers and the response from Microsoft to those requests. When all these improvements are added to the platform, for those of us who are on support, the cases become easier to manage. It gets easier to provide solutions because we have more options to resolve the problems, and the customers also have more options. 

There are times when customers don't realize that the platform has changed and the services they used don't exist anymore. Usually, we provide support through Microsoft Teams and remote sessions. So, we go there, and we explain to the customer that they can do this because the platform allows them to select this and then do customization. So, everything is flexible. The customers sometimes are very surprised because they don't know that the platform has changed so fast. The experience of providing support becomes very nice when a customer is amazed by all the new features. They had been working in the old way, and they didn't know that they now have many options on the platform. In such cases, it is a very satisfactory experience for the customer and also for us. In some cases, it takes about 10 minutes, and the problem is solved. The customer becomes very satisfied with the solution.

I would rate it a 10 out of 10. I can't tell how happy people are when they call and are looking for such a service, and they realize that it already exists. They just didn't know about it. This rating is not based on the experience that I have in working with Microsoft; it is based on the experience of the customers I work with.

I have demo tenants where I test lots of features, such as creating test accounts and managing permissions.

Many organizations are shifting to a zero-trust model where nothing is trusted by default, and we explicitly add permissions as needed. Entra has some of those metrics, like risky sign-on. You can set up conditional access policies to ensure users can't access it from unknown locations. 

I can look at the logs to see how often my users are flagged as risky and fine-tune my policies to balance usability and security. The biggest implementation barrier with many test accounts is ensuring passwords aren't shared. Using MFA has also helped us ensure the test account is mapped to a single person. 

A lot of these features from Entra ID were implemented in our tenants. The biggest issue we've seen is that these passwords are leaked because someone shared them in a group when they were not supposed to. I think a lot of the policies that Entra has introduced lately around condition access for access management have helped us mitigate that.

I like how Entra allows you to upload a CSV file with user details for bulk user creation. This is useful for automation. Entra has made it easy to manage identity and access by integrating with all Microsoft services. Everything is managed in a single place, eliminating the need for another application.

It was super easy to understand how the basic functions work. The documentation on learn.Microsoft.com was sufficient to get most tasks done. 

The device-bound IDs in Microsoft Authenticator help us fight phishing, which is traditionally made possible by individual passwords. With passkeys, we eliminated the need for passwords to be stored and remembered. These test accounts aren't used daily, so people write the passwords down, and it's insecure. These phishing-resistant ensure we mitigate those risks. 

We've become more aware of token theft and state attacks. For example, if the demo tenant can access our internal resources and code still in development, we ensure that all these user IDs are authenticated. Entra can delegate and control access to apps, helping to close those attack vectors. 

Entra could be improved by enhancing self-service options for end users, such as making password reset options more accessible. This would simplify the user experience for end users.

I have used Entra ID for about a year.

For both the stability and scalability, it's pretty good. I've never had any issues with users trying to log in.

Both the stability and scalability of Microsoft Entra ID are pretty good with no reported login issues.

We have not needed to contact customer service due to sufficient public documentation. This suggests good technical support.

Positive

We used Keycloak for access management and single sign-on and some of the AWS native IAM solutions. Keycloak is open-source, so it's vendor-agnostic and can be integrated with any custom app you build, whereas you run into vendor lock-in with Entra. However, Entra is natively integrated with all Microsoft products, and we've migrated to using an exclusively Microsoft ecosystem. 

The documentation on Microsoft's website was sufficient to understand the setup for basic functions, making the initial setup straightforward.

We did everything in-house without involving any integrator, reseller, or consultant.

Entra is bundled with every new tenant you set up on Azure, so we don't need to pay for extra solutions to manage the fundamental aspects of user management and accounts.

I rate Microsoft Entra ID nine out of 10. It fits my purpose perfectly, and I seldom need to search for alternatives due to its comprehensive functionality.