Microsoft Entra ID Reviews

When I started using Microsoft Entra ID I was an identity and access management technical support engineer at an organization that was a Microsoft partner. I use Microsoft Entra ID primarily to reproduce customer scenarios or challenges they are facing to help them resolve issues on their end. 

Microsoft Entra ID offers a single pane of glass for managing user access. This unified interface provides essential notifications and guidance if further actions are needed within Entra ID. While all features can't be displayed simultaneously due to potential clutter making it visually unappealing, the centralized view efficiently directs us toward managing user access and other identity and access management tasks.

The single pane of glass affects the user's experience positively. Microsoft Entra ID makes necessary innovations when it comes to the GUI interface.

In my overall assessment, the admin center seems effective in consolidating all the responsibilities and duties that admins should be able to perform. This centralization makes it efficient for users like us global admins and user administrators to find everything we need to do in one place, adhering to the principle of least privilege. While I appreciate the admin center's functionality, I prefer working with the Entra portal for its more robust view.

Microsoft Entra ID has significantly improved our organization's security posture. One key feature is what we call privilege identity management, specifically designed to manage sensitive administrative credentials. For example, imagine a CEO with an account in Entra ID. We might also have an IT technician or support person with an admin role, like a Security Admin. We call these privileged identity accounts. While the CEO holds the highest position, they don't need admin access. privilege identity management has been instrumental in enhancing our overall security in several ways including, Robustly securing privileged identity accounts: PIM implements stringent controls and access restrictions, minimizing the risk of unauthorized access to sensitive data and systems. Enforcing the principle of least privilege: PIM ensures users have only the minimum permissions necessary to perform their duties, reducing the attack surface and potential for misuse. Adding extra layers of security: Entra ID integrates multi-factor authentication and conditional access policies, further strengthening access control and mitigating security risks.

Entra ID's conditional access feature strengthens the zero-trust principle, which emphasizes continuous verification and never granting automatic trust. This policy has significantly improved our overall security posture by implementing specific controls that grant access only when users meet defined conditions.

The visibility and control provided by Entra ID permission management across Microsoft, Google, and Amazon Cloud is impressive. Microsoft has a long history in the identity and access management space, starting with Active Directory and subsequently adapting to the cloud. Their cloud expertise has served them well in developing Entra ID, a comprehensive IAM solution. I believe Entra ID represents a significant improvement, offering clear visibility and control over permissions. While I haven't used other third-party products for comparison, I feel Microsoft has delivered a top-notch feature within the IAM landscape.

Using permission management has helped reduce risk surfaces regarding identity permissions.

Entra ID has significantly reduced the time burden on our IT administrators and HR department. Take, for example, its built-in self-service password reset feature. Imagine I've forgotten my password and need to reset it. Previously, I'd have to log a request with IT, potentially waiting for assistance if they were unavailable. SSPR empowers users to reset their passwords independently, freeing up valuable time for our IT team. For our HR department, Entra ID offers integrations with third-party apps, also known as user provisioning. This comes in two flavors: outbound and inbound. Outbound provisioning specifically applies here. In this scenario, Entra ID acts as the source system, creating user accounts in the target third-party SaaS app which is like a tag assistant. For example, if an HR employee needs access to Dropbox or G Suite, we can create those accounts automatically in Entra ID and then provision them into the corresponding SaaS apps using user flows. This eliminates the need for manual user creation in each app. Furthermore, we can implement single sign-on, removing the hassle of juggling multiple passwords for different resources.

Microsoft Entra ID has significantly impacted the employee user experience, particularly through its single sign-on functionality. SSO eliminates the need for multiple passwords to access different resources. Previously, when a user was created in Entra ID, accessing other applications developed outside of Microsoft required separate credentials and logins for each platform. This created a fragmented and cumbersome experience. However, with Entra ID's SSO, user authentication and authorization for these third-party applications now seamlessly occur through a single sign-on process. This grants secure access to all integrated applications without the need for additional logins, streamlining the user experience and enhancing security.

Every feature in Microsoft Entra ID plays a crucial role in overall security. It's like the human body – we might underestimate the importance of seemingly insignificant parts. They might appear small or seemingly irrelevant, but their absence can have significant consequences. When a fingernail breaks or a hair falls out, we suddenly appreciate their role in the body's function. Similarly, with Entra ID, I wouldn't prioritize one feature over another. Each contributes significantly to the platform's robust security posture. They all work together to provide the best possible approach to cloud security. Therefore, highlighting a single feature as more valuable wouldn't be accurate.

Microsoft Entra ID can make improvements in two key areas. The first is to upgrade Workday and SuccessFactors integration to OAuth 2.0. Currently, these HR applications use basic authentication for inbound provisioning to Entra ID, while integration with other IDPs utilizes OAuth 2.0. Many organizations request the adoption of OAuth 2.0 for Entra ID as well, considering its enhanced security. The second is to provide clearer communication about features under public review. Features under public review should have comprehensive documentation outlining their capabilities and limitations. While user feedback is crucial, deploying incomplete features in production environments can lead to frustration and blame. Customers should be informed that public review features are not intended for production use.

I have been using Microsoft Entra ID for three years. 

The technical support team is always readily available 24/7. Regardless of when we raise a support ticket, someone will promptly reach out and try to resolve our specific issue. I understand that the support experience can vary depending on the agent we connect with. Some may not have extensive product knowledge, while others have hands-on experience and offer quick, helpful solutions. Overall, I'd give them a solid ten out of ten. Their constant availability and dedication to resolving our problems are commendable. Even with agents new to our organization, we can feel their effort to assist us. They escalate issues if needed, consistently check back with us for satisfaction, and demonstrate empathy while reassuring us that any limitations or problems we face will be addressed.

Positive

With the rise of cloud computing, Microsoft's exceptional hybrid identity capabilities proved invaluable for our organization. We were able to seamlessly integrate our on-premises users with the cloud through Entra ID. This implementation involved leveraging both Entra ID Connect and the cloud sync agent. While I'm unsure of their identity management setup before Entra ID, I can confidently say that the organization already relied on Active Directory on-premises before I joined.

Deploying Entra ID is generally straightforward. Once we create our Entra tenant, we gain access to Entra ID. Similarly, if we subscribe to Office 365, Entra ID is automatically created for us. This default setup meets most basic operational needs. Therefore, we don't typically need to make any further configuration unless we want to adjust security settings based on our specific organizational needs. Overall, using Entra ID is seamless and can be started directly from our tenant or Office 365 site.

The cost of Entra ID depends entirely on our organization's specific needs and use cases. For smaller organizations, like a local supermarket, it might be quite affordable with the basic free tier or a lower-tiered license. However, larger, multi-national companies with complex requirements may incur higher costs due to the need for additional features and advanced licensing tiers like P1 or P2. Instead of simply labeling it as cheap or expensive, it's important to consider our specific scenario and what functionalities we require. Different models and licenses cater to different needs, so the best approach is to carefully evaluate our organization's specific situation and choose the most suitable option.

I would rate Microsoft Entra ID a ten out of ten.

In the global identity management space, roughly 70 percent of organizations, in my experience, utilize Entra ID. One key reason for this adoption stems from the prevalence of on-premises Active Directory. Many organizations have long relied on this on-premises solution, and Microsoft's decision to replicate its functionality in the cloud, resulting in Entra ID, made the transition seamless for existing users. This familiar interface and consistent experience significantly eased adoption, leading to the 80 percent user utilization rate for Entra ID within my organization.

The main use case for Entra ID is to move from on-premises to the cloud. I have been doing a lot of cloud transformation work, and I have seen that most organizations that move to the cloud see a lot of benefits in terms of monitoring and IAM. In those cases, we move to Entra ID.

Entra ID provides a single pane of glass for access management. Microsoft Identity confirms users and the access management grants access. In terms of IT and access management, Entra ID provides better management and monitoring solutions that can be used effectively. Entra ID can be used by IT administrators and app developers. It offers a wide range of options for onboarding applications to the cloud. For example, enabling single sign-on for an on-premises application can be time-consuming. However, moving the application to Entra ID is straightforward. App developers can use Entra ID APIs to build personalized experiences, set up single sign-on, customize applications, and monitor them.

The single pane of glass consistency for user sign-on experience is very good because Entra ID is a solution from Microsoft that is available in different regions around the globe. This means that we always have better visibility and management of user sign-on, and now Microsoft apps also moved to Microsoft Entra. This provides a unified experience where we can manage access and permissions from a single location.

The consistency of our security policy is excellent. It is very granular, allowing us to scope it to groups or access it via the API. We also have Entra ID PIM, which allows us to granularly control access to resources. This is a very good option for access management.

Active Directory's Admin Center is a very good tool for managing all identity and access tasks in our organization. It provides a single pane of glass for managing users, groups, external identities, and roles. It also allows us to create administrative units, which can be used to scope access to a set of users, groups, and devices. We can also use Admin Center to view licenses, company branding, user settings, security settings, sign-in logs, provisioning logs, usage, and insights. Admin Center also makes it easy for admins to troubleshoot problems. For example, if we need to debug something, we can log into Admin Center and check the sign-in logs.

There were many benefits to moving to Entra ID. The main benefit was that it was a game-changer, especially for monitoring. When we were using Active Directory, everything was local. This meant that we had to build our own monitoring solution for each application that was onboarded into AD. This was a time-consuming and expensive process. With Entra ID, we can use Microsoft Sentinel or Entra ID Monitor to monitor all of our applications from a single location. This is a huge time and cost savings. Another benefit of Entra ID is that it makes it easy to onboard new applications. With AD, we had to deploy the application on-premises and then configure IT and access management. This was a complex and time-consuming process. With Entra ID, we can simply onboard the application and then grant Identity Access Management to the application. This is a much simpler and faster process.

Conditional access is a powerful feature that allows us to define a set of conditions that must be met in order for users to access our applications. This can help us to improve security by ensuring that only authorized users can access our data, regardless of where they are or what device they use. For example, we could create a policy that requires users to be located in a specific country or to use a specific device type in order to access our applications. We could also require users to use multi-factor authentication in order to access our applications. Conditional access policies can be applied to all of our applications, including those in Entra ID and Office 365.

Conditional access policy plays a key role in zero trust security. In the conditional access policy, there is a feature called named locations, which allows us to exclude devices from a condition if they are coming from a trusted location. For example, if we add an exclusion for trusted locations to our conditional access policy, it will directly impact our zero trust policy. The main driver for any organization to move to zero trust security is to reduce the number of named locations in their conditional access policies. By reducing the number of named locations, we can increase the security of our organization by making it more difficult for attackers to gain access to our systems.

I have been using the conditional access feature in conjunction with the endpoint manager for a long time. This is a great feature because it helps us to monitor threats and direct users accordingly. It is a very useful feature for monitoring our endpoints. For example, if a user tries to access a service, the check can be done and the endpoint manager will be able to provide us with all the findings.

Microsoft Defender for Endpoint can identify any PaaS devices that connect to a network. This includes any unpacked devices that are trying to use an application that is onboarded in Entra ID or any persistent Office 365 application, such as Microsoft Teams, Outlook, or OneDrive.

I have been using Entra Verified ID on the proof of concept. It is one of the best ways to onboard a remote employee. Since COVID in 2020, we have all been working remotely. It is better to onboard an employee who is present remotely in a different location than to ask them to come to the office, collect a laptop, and then onboard them. Verified ID makes this process easier by using preset, already-known information that is present in our company directory. For example, when an employee is interviewed, they are given face verification through a government ID. The ID is collected and a photograph is taken, which is then stored in the HR database. With this information, we can onboard employees remotely and grant them access to all of the company's resources. This is a much easier option than asking everyone to come to the office and ask for help from the overloaded service desk team.

The speed at which we can onboard a remote employee depends on how we define it in the initial planning. If we set the correct standards, such as the type of information we need to verify the employee's identity, we can streamline the process. For example, if we require the employee to provide a government ID and a photograph, the HR department can collect this information in advance and process it in the company's database. This will make it easier for the employee to complete the onboarding process remotely.

When it comes to controlling and prioritizing the privacy of identity data, there are multiple ways to do so. One way is to onboard remote employees with information that is already present in the company directory. This information can be verified by HR, who has already obtained the employee's consent to share their personal information. Another way to onboard remote employees is to ask them to provide a photo and government ID. This information is also stored in the company's database and is not shared with Microsoft. Microsoft only creates a digital identity for the employee and uses this identity to validate the employee's remote onboarding. In both cases, the employee's personal information is not exposed to the Internet. Microsoft and the company have a secure channel for exchanging this information, so there is no problem with data privacy.

The permission manager in Entra ID is very good. Microsoft improved it a lot. Microsoft Entra is the new permission manager solution. It provides comprehensive visibility into the permissions assigned to all identities, such as user identities. It also allows us to check the current permissions that are given to users. This is a better way to manage permissions. Permission management is a really good option that has a lot of benefits and improvements, especially when moving to the Microsoft enterprise.

When it comes to identity and permission management, the risk is relatively low when using a cloud-managed solution. This is because cloud-managed solutions provide full visibility and the option to automate permission management. One of the benefits of cloud-managed identity and permission management is that it allows us to implement the principle of least privileges. This means that we can give users and workloads only the permissions they need to do their jobs. This helps to reduce our attack surface and makes it more difficult for attackers to gain access to our systems. Another benefit of cloud-managed identity and permission management is that it provides us with visibility into our user and workload identities. This allows us to quickly identify and remediate any security issues that may arise.

Entra ID helps our IT administrators and HR department save time. It reduces the custom task of deploying and onboarding any application. This means that administrators can easily onboard applications to Entra ID and provide users with a single sign-on experience. As a result, administrators have more time to focus on improving their skills and deploying new Entra ID features. Entra IDoffers a wide range of features, including artificial intelligence capabilities such as Chat GPT. This frees up a lot of time that was previously spent managing the local active directory. Entra ID has freed up most of my weekends. When I was previously working with on-premises data centers, I had to patch my servers every weekend, which was a time-consuming and tedious task. However, now that all of my applications have been moved to Entra ID, these tasks have been drastically reduced. As a result, I would say that my weekends are now almost free.

Entra ID saved lot of organization money. I see previously organizations investing in expensive solutions for data centers, which required a lot of maintenance and the need to find the right talent to manage them. However, with Microsoft Entra ID, we no longer have to worry about maintaining data centers, as they are completely managed by the cloud. This has made our operations easier and more efficient, as we can now deploy changes quickly and easily, and receive alerts when any issues are found.

Entra ID positively affected our user experience.

Microsoft Entra ID Protection and Microsoft Sentinel are both excellent monitoring features for Microsoft Entra ID.

Beneficial of Entra Monitor and Log Analytics to monitor the secure operation of Entra ID services.

Great improvements in the Modern Authentication Strategy Passwordless FIDO2 improvements & Entra ID verification 

In terms of licensing - being able to pick some premium features without purchasing a package is advantageous.

Increasing the free log retention period might be more beneficial.

Compatibility features for legacy systems integration with new features will be challenging at times.

I have been using Microsoft Entra ID for ten years. Microsoft Entra ID has been a critical component of Microsoft cloud offerings since the time it was introduced.

Entra ID is extremely stable and Microsoft absolutely brings new improvements to this feature.

Entra ID is highly scalable. I have seen multiple organizations over 80,000 people in use Entra ID worldwide.

The technical support is good but sometimes it can be difficult to connect with the right engineer when you are working in a complex enterprise environment.

Neutral

Out of all my experiences i have seen organizations using  Microsoft Active Directory before switching to Entra ID.

The initial setup is straightforward. I completed most of the deployment myself with excellent support from the Microsoft support Team.

In most of the cases the implementation was completed in-house with support from the Microsoft support Team.

We have seen a return on our investment with Microsoft through improved performance, better management, and enhanced features.

Entra ID's pricing is comprehensive and affordable. The prices are easy to understand, and the licenses include a variety of security monitoring and additional features.

I have evaluated Google Cloud Identity and AWS Directory Service, but I felt more comfortable with Entra ID.

I give Microsoft Entra ID a nine out of ten.

Entra ID does not require maintenance from our end.

For someone evaluating Entra ID, it is important to understand their use case, business requirements, current solution, and expectations. The current solution is important to understand because it will help to identify any gaps that Entra ID could potentially fill.

I have had multiple use cases for Entra ID during my previous position as a system administrator. In that role, I was responsible for managing around three thousand users within our organization, including some external parties, which brought the total user count to approximately ten thousand. Entra ID is a cloud-based solution designed for identity and access management. In our organization, we primarily employed it to maintain user groups for authentication purposes. Additionally, we had on-premises applications that required registration within Entra ID, enabling us to provide a single sign-on solution for these applications, granting access to our users.

Entra ID boasts several other features as well. For instance, we utilized a security feature called NFA to enhance user security. We also implemented a conditional access policy, tightly integrated with Microsoft Intune. This policy allowed us to define specific access rules based on user locations. This means that if a user was located in a particular branch, they would be granted access to certain services while others would not. Such configurations were established within our conditional access policy in Entra ID.

At times, we needed to provide temporary access to certain users as administrators. For instance, our compliance team might require access to check compliance reports or logs for a limited period, which we facilitated by granting access for one or two hours. Within Entra ID, we have a functionality known as Security Score, which we utilize to assess and benchmark the security of our organization. This helps us identify potential risks and areas for security enhancement.

Among the tools we employ, Intune plays a crucial role. With Intune, we effectively managed our Windows, iOS, and Android devices. We could establish compliance policies and configuration settings for both Entra ID and Intune, ensuring a consistent and secure user experience across different devices and platforms.

Entra ID can be deployed using a hybrid model for organizations with a significant on-premises presence, or in a fully cloud-based setup for those that do not.

Entra ID offers a unified interface for managing user access.

In addition to the Single Sign-On provided by Entra ID, we also offer a biometric option through Windows Hello.

In the admin center, we can locate the dashboard. Recently, Microsoft has made significant improvements. Previously, searching for a username required navigating to the user test section. However, presently, I've observed that Microsoft has enhanced the search scenario. Now, by simply searching for the username on our web page, it will display the username along with all associated details. Furthermore, we have password identity management, group management, and application registration options available. We also support on-prem authentication, specifically rescoping authentication like NTLM, which is an older authentication method. However, if we register our application with Entra ID, we can easily enhance the security of our authentication through modern authentication methods. These security features are available within the admin center.

Verified ID, in fact, is obtained when we create or subscribe within Entra for the initial time. Therefore, it is a default setting on Microsoft that provides us with a default domain. However, if we perform this on Microsoft.com, we need to append that tenant and subsequently verify it. This, of course, necessitates the addition of certain DNS entries to incorporate our customized domain into Entra ID. Consequently, we have the capacity to include up to 500 domains within a single tenant.

We are three global admin users. As such, we are responsible for maintaining our company's tenants. Occasionally, the security or compliance teams need to assess the current status. For instance, we might have a project requiring a vendor to have access for a specific duration. In such cases, we can readily grant customized access to that user for the designated period. Post this duration, access will be automatically revoked. Hence, we can manage these settings through permission management.

Microsoft has indeed introduced new features. For instance, we now have the ability to create a multitude of users or add members to a group all at once. To facilitate this, they have developed a custom script. By including the object ID of the user in an Excel or CSV file and importing that file, the system will automatically add the users. Entra ID is particularly time-saving, as it allows us to add 100 users in just 30 seconds using the group method. If we were to create the group manually, it would take one to two hours per user.

In my situation, not all users are motivated. The IT division and the technicians might be up to date with the latest technology. However, when we consider the finance or sales personnel, their primary focus is on their business sales. They lack knowledge of IT or technologies. As a result, when we introduce a new solution and onboard their users to that system, we encounter certain issues. Nevertheless, through integration and training, we established the necessary procedures for logging in and working, which eventually became acceptable. Entra ID has played a significant role in making the user experience more seamless.

As an administrator, we sometimes observe a discrepancy between Microsoft Intune and Entra ID – these are distinct solutions, each with its own licensing subscription. On occasion, these two solutions are combined into a single service, or conversely, certain services might be removed. Such situations can create conflicts for administrators. A few days ago, I noticed that certain aspects like the Microsoft Compliance and Microsoft Security tabs were missing when accessing Entra ID. It appears that some services have been removed from Entra ID and new ones have been introduced, which wasn't communicated to us. I would appreciate receiving notifications regarding the removal of services from specific tabs, along with information about their replacements. This would allow us to plan our logins accordingly. Microsoft offers two portals – the classic portal and the modern portal. When using the classic portal, we promptly receive notifications about its upcoming transition to the modern portal after a designated date. However, no such notifications were provided for Entra ID. In my quest to locate security and compliance checking features within Entra ID, I discovered that the options were seemingly absent. Subsequent Google searches revealed that these features had been consolidated under a single solution.

We are receiving false security alerts on the dashboard. We have set up a conditional access policy that restricts access based on the user's location. However, we have observed that there are instances when Microsoft's AI might be generating these false alerts. This is causing users to be blocked from accessing their accounts. When we reached out to these users, they confirmed that they hadn't visited the specified area or country in the last seven to ten days. Despite this, they are receiving notifications to reset their passwords, with a warning of being locked out. Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users.

I have been using Microsoft Entra ID for five years.

Entra ID is a cloud-based solution. Microsoft, in fact, operates multi-zone data centers which greatly reduce the possibility of service outages. However, this year we have experienced a significant amount of downtime. For instance, we encountered Exchange Online issues in Bangladesh. They source their authentication from either the Singapore or Indian data centers. Unfortunately, there were several instances of problems in this area this year, about two or three times. We faced communication as well as mail-sending problems. While their Service Level Agreement is supposed to be 99.99 percent uptime, it seems to be closer to 99.98 percent. Interestingly, for the past four years, we did not encounter any such issues. Strangely, this year, these problems began around the time of the Russian incident. It's possible that backend issues, perhaps related to cybersecurity, contributed. Additionally, Microsoft laid off ten thousand employees this year, and after this restructuring, we started facing these issues.

I would give the scalability a ten out of ten.

The quality of technical support depends on both the issue at hand and the expertise of the assisting engineer. In certain cases, they might be unable to provide assistance, leading us to resolve the issues on our own.

Positive

We previously used the on-premise version of Active Directory before switching to Entra ID.

The initial setup for Entra ID is simple when opting for a full cloud deployment. We only need to onboard the users and enter the license. However, in a hybrid scenario, we require network connectivity from on-premises to the cloud. Additionally, a separate server is necessary to synchronize the users with the cloud. This process is time-consuming and intricate to manage.

I implemented Entra ID for three to four companies in Bangladesh. Additionally, for on-premises Active Directory deployments, I handled more than ten to fifteen projects. In the capacity of a vendor, I collaborated with a company that served as a local partner of Microsoft.

The deployment involves four or five teams, including IT, Networking, and Security.

To facilitate hybrid implementations, we need the support of an architect to design the servers.

As Entra ID is a subscription service, a payment is required for each user every month. To access its features, purchasing the license is necessary. Initially, upon creating the tenant, a complimentary subscription for either 30 or 90 days is provided. After this trial period, it's mandatory to choose a subscription. Entra ID is relatively expensive compared to other solutions. There are free alternatives available for managing and providing authentication. However, considering a comprehensive range of solutions under one umbrella, Entra ID stands out. It offers additional benefits such as one terabyte of OneDrive and SharePoint storage, along with Microsoft Teams integration. The cost covers various applications and extra features, providing good value for the investment.

Entra has P1 and P2 licenses that are bundled with lots of applications.

I would rate Entra ID a nine out of ten.

Since Entra ID is cloud-based, remote users or branches need to ensure that they have a stable internet connection to access our environment.

Maintenance for cloud solutions is generally not obligatory. This is due to the automatic functionality that activates when users are enabled. However, if a license expires, we must either seek assistance from Microsoft or renew all licenses, subsequently testing the new licenses. Occasionally, for maintenance, especially when dealing with our own custom applications and enabling single sign-on with Entra ID users, we require assistance both from Microsoft and our mitigation team. This is because each application has its own authentication method, often resulting in compliance issues. To address this, discussions with the mitigation personnel are necessary, and we may need to allocate time for aid from a Microsoft engineer. In certain instances, collaboration with Microsoft vendors from the integration team is essential. Apart from these situations, the process remains fairly straightforward.

I am the Microsoft solution architect for our organization and we are in the process of testing Microsoft Entra ID. 

Microsoft Entra ID will serve as the identity provider for all services, including on-premises and other sources. For instance, it can be utilized to authenticate our in-house phone application, replacing the need for local active directory authentication. With Microsoft Entra ID, the local active directory becomes unnecessary for authentication purposes. As an illustration, even in services like Gmail, authentication through Microsoft Entra ID is possible. This presents an excellent option that is also user-friendly. 

Moreover, the system is uncomplicated, featuring a lightweight and non-hierarchical schema. In contrast to the conventional active directory with its organizational and sub-organizational structure, Microsoft Entra ID adopts a flat directory model, streamlining operations without hierarchies. While this approach offers advantages, it also comes with its drawbacks, such as its reliance on the cloud platform.

Microsoft Entra ID provides a unified interface where we can manage all of our entities. It utilizes a flat directory structure, allowing us to assign user access and group them using tags. For instance, when we create a user for the sales team, we simply apply a tag such as "sales," automatically adding that specific user to the sales group. This eliminates the need for the manual creation of containers and the manual grouping of users within a specific container. Everything is achieved through tagging, and streamlining the process, and is facilitated by the singular interface offered by Microsoft Entra ID.

We can easily apply security policies through a unified interface. Everything in Microsoft Azure can be utilized for server storage. Although it's within a single interface, there are options for differentiation. For instance, by clicking on the Microsoft Entra ID, we can access a distinct interface. Here, we have the ability to create, apply, and manage policies for various aspects, all from this specific interface.

The admin center helps us identify where there are issues and easily take action.

In Microsoft Azure, there is a tool called Intune, which serves as a device management tool. In the past, we encountered issues while managing all end devices through SSCM. This involved a constraint where any updates or policies could only be pushed if the device was connected to the office network. Essentially, users needed to physically connect their devices to the office network to receive updates or policy changes. However, with the introduction of Intune, a Microsoft Azure product, we transitioned all our devices to this platform. This allows us to create and directly push policies without the necessity of the device being on the corporate network. Users can now receive security updates, as well as different antivirus updates, even while working from home. This streamlined approach greatly simplifies endpoint maintenance, which also extends to mobile devices.

We do not utilize the Microsoft Entra ID conditional access feature for endpoint devices. Instead, we apply conditional access to specific groups. For instance, we have a team that requires access for a defined period. Additionally, certain types of vendors need access ranging from, for instance, two days to a few hours. In such cases, we employ the conditional access feature to grant the necessary access. We have employed this approach, and it has proven to be highly advantageous.

While we don't typically utilize the conditional access feature in combination with Microsoft Endpoint Manager from the user's standpoint, there are certain groups for which we do implement conditional access. For instance, within multiple teams, not all members are granted identical access. Various team levels enjoy distinct levels of access. It is in such scenarios that we employ the conditional access feature.

We have an access group where we define the access that each team will receive. Additionally, we have the Tier One, Tier Two, and Tier Three support teams, for which we have defined privileges based on their respective roles and responsibilities.

Microsoft Entra ID assists in saving several hours for our IT administrators and HR departments daily. This is particularly due to its unified interface. For instance, when we need to review certain logs, we can grant access to the HR team. They can easily retrieve logs detailing specific employee activities. This includes information such as individual browser usage duration and system activation records. These types of logs encompass the range of data generated on a daily basis from this platform.

Microsoft Entra ID has undoubtedly assisted in saving money for our organization. This is because we are not only utilizing the solution itself, but we can also incorporate our application server along with products such as software and solutions, including emails. Microsoft Entra ID is included as part of the package fee, which unequivocally contributes to cost and time savings. This is primarily due to the elimination of the necessity for an additional identity provider, as it is already encompassed within the package.

Our employees' user experience has improved with Microsoft Entra ID compared to the local Active Directory, which was occasionally slow, depending on the availability of our log-on server at the time. If it was unavailable, logging in was significantly slower, and we could get logged out. This is no longer the case, and now we can easily log in. 

The group assessment policy stands out as the most valuable feature. It allows us to create numerous groups and add multiple users to those specific groups. Managing these groups can become quite complex within the standard active directory procedures. For instance, when it comes to tasks like adding or removing users, especially if a user is checked out, it can be unclear whether someone needs to manually remove them from the active directory.

However, there exists an option that streamlines this process. This option automatically sends a notification to the user. We have the ability to define the email user in the designated field. Subsequently, the system will prompt us to confirm if continued access to this specific group is required for a few users. If this is a routine request, the system will retain the user in the group, ensuring their ongoing access. This particular feature proves to be incredibly useful in managing these scenarios.

The group policy structure options continue to change, and the naming conventions remain confusing when we access the cloud. 

The support is a bit slow. This is particularly challenging for the service engineers. For instance, opening a ticket takes a considerable amount of time to pinpoint the underlying issue. While high-severity tickets are resolved quickly, there are instances of lower-severity issues that still impact a specific group of users. Addressing these problems is taking longer than usual.

I would like to have the option if needed to use the hierarchy when setting up groups.

I have been using Microsoft Entra ID for three years.

Microsoft has really good SLAs and I can not remember the last time they went down. I would rate the stability of Microsoft Entra ID nine out of ten.

Scalability is quite simple, and the primary advantage of the cloud solution is its scalability; there isn't much to manage in this regard. Our growth remains unhindered because we don't have to impose limitations on ourselves when embarking on new projects or endeavors. Scalability is inherent, requiring only payment for additional resources if necessary. As there's no hardware involved, both scaling up and scaling down are easily achievable.

The support is slow to respond to and resolve minor issues.

Neutral

We are still using our standard Active Directory locally in our on-premises data center.

The complexity of the initial setup depends on the technique used. While it may seem a bit complicated, with the proper design, it becomes a non-issue. Each module has different procedures. For instance, the Defender module, which is a Microsoft service, serves as a part of the Entra ID, allowing us to block and control websites and provide security antivirus solutions. We have onboarded all our devices to Defender. Thus, the machine doesn't need to be part of Microsoft Entra ID, but migration is still possible.

Currently, we are in the midst of a project to onboard the devices to Microsoft Intune. We are transferring the devices from the local active directory, and this process is ongoing. For each device, specific scripts need to be executed, which can be a bit complex. The complexity often arises due to existing policies and applications. When everything is well-prepared, the onboarding process is smooth. This might be an easy task for a new organization, but for those already using a different solution, the migration process becomes a bit complex. Thorough testing is necessary, especially considering that policies tend to change over time.

This project has been running for more than two years and is still ongoing. The pilot phase alone is estimated to take about one and a half years due to various commitments. Unlike a company like Google, my organization operates differently; it encompasses multiple entities like the United Nations across various locations. Since the user count exceeds five thousand, we're being cautious and gradual in our migration. At present, we have migrated only around a hundred users for testing purposes. The migration of the remaining users is scheduled to occur soon.

The price is good, and we have no complaints.

I would rate Microsoft Entra ID nine out of ten.

Microsoft Entra ID is utilized throughout our entire environment. It serves as a singular identity provider for all aspects of our operations, including servers, applications, endpoints, and even external applications. For instance, we can authenticate third-party applications using Microsoft Entra ID.

The required number of personnel for maintenance depends on the size of the organization and the quantity of Microsoft products in simultaneous use. For instance, if we have Microsoft Entra ID solely for email and SharePoint online teams, and there are around five thousand users. In this scenario, I believe that dedicating approximately three to four individuals to Microsoft maintenance would be reasonable.

I recommend Microsoft Entra ID. Microsoft Entra ID can be utilized for third-party applications like AWS and Google as well. It's user-friendly, allowing us to authenticate the products or applications of our interest, even if they are not located in the same place as our origin; nonetheless, they will function seamlessly.

It has allowed us to use other SaaS products that will authenticate with Office 365 as well as other Microsoft products and non-Microsoft products, so we can have a single sign-on experience for our users. Rather than them needing to have multiple usernames and passwords, they just use whatever they have as their main username and password to log onto their machine.

It is SaaS based, but we sync up from our on-prem into Azure AD.

With COVID-19 at the moment, this solution is a good example of where we needed to move a lot of our traffic from our on-prem authentication into the cloud. Last year, before I joined the company, we had to setup our VPN differently. It was easy enough for us to do because our machines were already joined to Azure AD. We just split the traffic and stopped having to rely on our on-prem VPN for our Office 365 traffic. We were just good to go into the Internet because we had all the features setup, e.g., MFA and Conditional Access, which made life a lot easier.

It has made our security posture better. There are always improvements to be made, but we feel more secure because of the way that things have been setup and how everything integrates together.

• Single sign-on is the most useful at the onset. 
• The dashboards offered are very granular, in terms of usages. 
• We find the Conditional Access element and Multi-Factor Authentication side of things very useful. 

These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.

Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.

It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.

The one area that we are working on at the moment is the business-to-consumer (B2C) element. It is not as rich as some of the other competitors out there. The B2C element of Azure AD is quite niche. Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing.

In my previous role, there would have been a few things that I would have liked added, but they have already introduced them. Those are already in the roadmap. 

I have been using the product for many years. I have only been at Adecco for six months, but I had experience with it at my prior role as well. Overall, I have used it in excess of five years.

The stability is fantastic. It is a big step from using Active Directory on-premise to now moving to something that has been completely rethought in the cloud. It is very impressive and fits into the whole Microsoft ecosystem, making life easier.

We have had some downtime, but I think a lot of that has been unavoidable from Microsoft's side of things. Microsoft made some changes in some instances which caused certain features to be unavailable, like Azure AD became unavailable a few weeks ago. I love that they were very frank, open, and honest as to what happened. However, the bottom line is that we prefer downtime not to happen. 

We have had no problems with it. We are not exactly the biggest organization, i.e., 30,000 accounts. IT makes up probably 5,000 of those accounts, or less. If we were an organization of hundreds of thousands, then we might be questioning scalability. However, I have never known it not to be scalable. For medium- to large-organizations, it is fine. I think it is when you get into multiple companies with multiple complexities then it becomes a struggle. For us, it is more than scalable for our purposes.

We still have many applications that need to be onboarded to Azure AD. Because we are moving to the cloud, there is a lot more that we need onboarded into Azure AD, but it is working well so far.

The technical support is great. We have a dedicated resource who understands our environment. We have regular meetings with them once a week where we get to discuss the current status of various tickets as well as our questions. The support that we get is very good.

We have Premier Support. We also have Premier Mission Critical Support on Azure AD, which is where we have someone who is dedicated to our setup and knows how our environment's setup. Therefore, if we do have a major issue, then they would be brought in to help resolve those issues.

It was a given that we would use Microsoft. To use Microsoft 365, you need to use Azure AD, so that is what we did.

I have always used AD and Azure AD.

In my previous role, the initial setup was quite simple. It was a simple case of install and follow some wizards, then you pretty much had it setup and synced to your Azure AD from the on-prem. Minimum effort was required.

The deployment was about three weeks, which was mainly the change process and getting it through our internal changes. It was quite quick. 

We did it ourselves internally with some help from Microsoft. There were four people involved in the deployment: the service owner, a Microsoft product engineer, and two internal engineers.

We have the maintenance outsourced to a partner. However, we have had trouble with this partner because of their lack of delivery.

Ideally, I would like around five people to work with the partner and maintain the environment. At the moment, we have one person and are recruiting two others. For our scale, three to five people would be great as well as working with a partner to do the operations. That is the model that I am using.

It is one of those costs where you can't really quantify a return on investment. In the grand scheme of things, if we didn't have it, we would probably have a lot more breaches. It would be a lot harder to detect issues because we would have people using static usernames and passwords for various sites, making us open to a lot more attacks. The amount of security and benefit that we get out of it is not quantifiable but the return of investment from a qualitative point of view is much higher than not having it. 

It is the one platform that should be used for all authentication. Azure AD allows you to have one username and password to access all of your sites, which makes life a lot easier. Therefore, the return on investment is good because people have to use the one ID and password.

Be sure:

1. You know your userbase, e.g., how many users you have. 
2. You choose the right license and model that suit your business requirements.

In the future, I would maybe like better integration with competitive products. Obviously, Microsoft would be selective on that anyway. For example, working alongside Okta as a competitor, their product seems to be a bit richer in its offerings. From what I have seen, Okta has a bit more of an edge, which is something that might benefit Azure AD.

Be prepared to learn. It is a massive area. There are a lot of features offered by Azure AD. It works well within the Microsoft realm but also it can work very well with non-Microsoft realms, integrating with other parties. The fact it is Microsoft makes life so much easier, because everyone integrates with Microsoft. Just be prepared to absorb because it is a big beast. It is also a necessary evil that you need to have it. The advantages outweigh the disadvantages of having it.

The learning curve is both steep and wide. You can only focus on what you can focus on with the resources you have in your organization. It is such a big product and changing all the time. This means that you need dedicated people to be on it. There is a lot of keeping up with what Microsoft puts out there with Azure AD, which is great. This makes its feature-rich, but you need to be able to learn how it integrates into your business as well.

What Azure AD does for my current organization is sufficient, but we are probably not adopting most of what Azure AD has. We do not have it at a mature place at the moment, but we hope (over the next couple of years) to get it up to the latest and greatest.

It is an integral part of using Microsoft stuff, so we are not going to move away from it any time soon. If anything, we will ensure that everything is on Azure AD and authenticating users use Azure AD. That part will still take some time to do. Like most large organizations who have been around for a long time, we have legacy to deal with and some of that legacy does not support Azure AD. So, we are working towards that.

If you come from a company with legacy technology, then there will be a lot of business and technological changes for you to make.

The adoption of Azure AD B2C is progressing somewhat well. That is something that we just started in the last couple of months. We are having more of our products being onboarded into it. We will be moving other implementations of Azure AD into the one Azure AD implementation, and it has been great so far.

I would rate it as a nine out of 10. I would have given it a 10, but it is impossible for something to be perfect. The product does itself a disservice when there is an impact due to downtime, which we have had over the years. Because you rely on it so heavily, you can't afford for it to go down for a few minutes because then there will be user impact. 

I use it to manage users and devices in my environment. 

I'm also using it to control access to different services that we have and to manage and register applications. It is used to control access to applications that we use in our company. I do a lot of applications in Azure Active Directory, and then I also have a hybrid configuration in my environment. I'm able to sync my on-premise users in the cloud so they can have the benefit of cloud infrastructure while maintaining access control to provide them access to the services that they need in Azure.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

We have an unlimited number of users that we can register. We can register more than five hundred thousand objects. That is wonderful for us.

We can have an audit and we can easily audit logs. I'm able to know when the user logged in and what program they used. I can track everything. I can see activities and denial of access. 

I can create many users at one time using Excel. When we have a lot of people that join, I can just use Excel to perform the deployment of the platform by creating a user. It makes onboarding easier. 

We can manage access and onboarding by teams. It allows us to maintain privilege identity management.

The Entra admin center is also fabulous. 

The product provides a single pane of glass for managing user access. Everything is there. I can monitor from there. I can create a single sign on from there. I can create MFA (multifactor authentication) directly from the portal. I have more than two thousand devices that I manage and I can do everything centrally. 

The single pane of glass affects the consistency of the security policies we apply. It is easy for me to have access to the panel, and I can have a great view of what is going on in my Active Directory. I have a security score. I have the number of groups, number of applications, and number of devices right in front of me, in one place. This makes it easy for me to monitor it and check everything. 

There are good tutorials available for learning more about the product.

We are using the conditional access feature. We also leverage multi-factor authentication so that we can verify users by phone number, for example. It helps us verify effectively. The conditional access feature works well with Microsoft Endpoint Manager.

We use the verified ID to onboard new employees efficiently. We can now onboard in less than 30 minutes. It's also great for privacy and control.

The employee user experience has been positive. When they submit a ticket, it gets resolved in less than 15 minutes. It's very impressive.

I haven't had any issues with the product.

I've been using the product for three years.

The stability is wonderful. I'd rate it 9.5 out of ten. It's the best.

The scalability is good. It's very scalable. 

I've only reached out to technical support once when I was trying to access our agreement account. They set up a meeting and guided me through how to connect to it. I had a positive experience. 

I have used other cloud technologies like AWS or Google Cloud and they don't have the type of active directory where I can control everything. Azure is very powerful.

Previously, all of our active directory was on a Windows Server on-prem. Managing it was not easy. Finding user accounts, going to log in to the Windows server, going to log in to the active directory, et cetera, that previous process was too long. Now, it's easy. Now, you can log in and you have everything in front of you. 

With the old system, we needed to configure it and we were using Okta and we had a combination of many, many tools to be able to get results. Now, we can assign the role directly from OneClick, and we can also use the PowerShift LiveGuard template and it's easy. 

The product is easy to set up. You can set up an entire organization in one day. 

There is no maintenance needed. Microsoft takes care of everything. We just make sure that we check the synchronization. Even if there is a sync error, we will receive a notification. Usually, it fixes itself and syncs every hour.  

We handled the setup in-house.

We've saved more than 20 hours per week. The product is saving us a lot of time. It cut time spent by 45% to 50%. It's also saved us money as we only pay for what we use.

We pay monthly, and we only pay for what we use.

We are a Microsoft customer. 

I'd advise potential new users to read the documentation and make sure that they know what they are doing before they begin providing access to users. If they don't follow the requirements of their company before creating users, they could have a data breach or provide the wrong access.

You can have a centralized solution that provides secure access. You can manage everything from one portal. Azure makes it easy.

I'd rate the product ten out of ten.

My company provides different types of support for different products. I am a Microsoft Azure support engineer for Azure Active Directory.

We work with multifactor authentication, federation, synchronization of on-premise services to the cloud, migrations from on-premises to the cloud, and role-based access to company services. I also work with the identity services of Azure. I work with certain cases where customers have issues with Office 365. That's because the administration and the role-based access come from the Azure platform. 

We're in the middle of the transition to unify more services. There are many services in terms of networking with the machines and storage accounts.

Azure is a platform, so it doesn't have a version.

Microsoft 365 is a part of the service of Active Directory. Currently, all the people and institutions, such as schools and universities, working from home are getting the benefits of Microsoft 365 in Azure Active Directory. They are indirect users of Azure Active Directory. That's because all the services are with the Azure platform, and all these identities are managed from the cloud. This service is providing a huge contribution to the whole world at this time. For example, my nephew is not going to school currently, but he has to connect every day through Microsoft Teams. I know that it is Active Directory that's managing this authentication, but he doesn't know that.

Azure provides many services related to security, data protection, identity, key networking, and management of the storage accounts with encryption. The whole environment is very secure. Azure works with the security of the services. It is in the backend, and it is the same platform as Microsoft 365 or Office 365. So, if you have Office 365, you're using Azure. The platform source is the same for Azure and Office 365 or Microsoft 365. It is the same platform to manage the users. At a certain point, I guess everything will be together because even though there are too many services, all of them rely on the same platform.

There is a secure way of managing the security and access to your services. If you use Azure in your company, you can manage the type of authentication that you want to use for security. For example, you can manage your company from on-premises and also use the cloud in a hybrid environment. This way the services that Azure provides on the cloud are available for the users that exist on-premises, and this is actually where I'm working right now.

The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.

For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory. 

For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.

The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them. 

Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.

I have been working with Azure Active Directory for two years.

Scalability is one of the main features of Azure. You can adjust the services that you have., You can increase them anytime, and if you are not using them, you can downgrade the services to the minimum. The scalability and elasticity are the key features of Azure. They allow you to manage all the resources that you have according to your needs. For example, if you are a big company that is going to have a lot of customers during a period and needs to duplicate or triplicate resources, you can get all those created immediately. When you don't need that many virtual machines, storage accounts, or web services, you can downgrade to the minimum. The pricing will be according to the service that you are using. This is one of the most attractive things for the customers because if you were on-premises, what would you do with all those desktops once you don't need them. On the cloud, it is different. If you don't need it, just remove the service, and you won't be charged. It is very flexible.

I provide support for Azure AD. This is my area of support currently, but sometimes customers have questions about different products or services. Because I'm working on Azure Active Directory, it doesn't mean that I only know about this specific product. We are constantly learning and getting trained. There are too many things to learn more about the Azure platform. I have worked for the billing and subscriptions team, which is a totally different type of support. If a customer has questions about billing, subscriptions, pricing, and discounts available on the platform, I can provide support. If a customer needs help with creating a virtual machine, I can tell the customer to work with another team. If I have the knowledge, I go the extra mile and help them. 

There have been situations where the customers had a ten-year-old server that was no longer supported, and all the services were very old. They were from the time when Azure started, and those services are called classic services. Most of those services are not compatible with today's technologies. In such cases, we had to let the customers know that they need to migrate the services, which can get tough for some of them because not all users have the resources to move services to new technology. In such cases, we work with other teams within our own company and try to find a solution. We always try to find a solution. We are not limited to one solution. We'll research for options and do some brainstorming with other teams, and most of the time, there are no cases that we can't close or are unsolved. Of course, customers might have been expecting a different solution, or they are not open to change, but at a certain point, they will need to accept that some of the resources that they have been using for more than 10 years are now obsolete. 

It is very simple. All you need to do is to create a subscription. When you create an Azure subscription, you will be creating an Azure account. If you are using Office 365, you already have an Azure Active Directory account.

If you go to Azure.com and use your credentials, you would be able to log in. So, you have a basic panel with services related to Active Directory, but if you need to deploy virtual machines or other paid services, you will need to purchase a subscription. I have my own environment, but I only use it for testing and for making records of customer issues to see what's happening or why the problem is coming.

It is a very easy-to-manage platform. There are many guides. As soon as you enter the portal, you will see all products and services. Every time you click on any specific service, you will find information about the service, its pricing, etc. You will get the required information needed on the platform. I also have experience with IBM's platform, but it was not as easy to handle as the Azure platform. 

The basic tier of Azure Active Directory is free, so many users use the service for free. For a small company having the security and compliance that Azure offers is a great benefit. For small companies that are using the basic services, not having to pay for Azure Active Directory is the main asset because they can manage their users and have authentications tools and security. 

You just need to create an Azure account to get a free trial or subscription. If you sign up for a free subscription, you will have $200 that you can use for a month on any services that you want to try or test. If you're planning to use a paid subscription, you can't have the first month for free until you spend those $200. At that point, you can decide if you want to continue using the platform. You will be paying only for the services that you use. If you have a virtual machine, but you don't use the virtual machine, you won't be charged for that virtual machine. There are, however, some limitations. If you choose to have storage linked to the virtual machine, the storage is charged differently. 

Azure has different tiers. You can use the standard free version. You can have the B1 license that gives you more services. There is a B2 license that extends to even more objects, more users, and more services. So, depending on the license that you have for the product, the capacity changes. The basic tier allows you to manage a certain number of objects, which can be users, groups, permissions, etc. The number is limited because you are using the free version. If you want to manage a bigger company or more objects, you can just purchase a B1 license. If you need more, you can change to the B2 license that's a top tier. 

If the size of your company changes or you need to reduce the number of licenses or services, you can always cancel licenses. You can go back to the lower tier at any time depending on your needs. Most of the big companies use the higher tiers because they have many employees. In domains like education, there are many students, so they need to use more licenses, but most of the small companies or users who are using it for a project use the free version.

If you need to purchase a service, for each and every service that Azure offers, there are different pricing tiers. For example, you don't have to purchase a virtual machine that is too expensive. There are basic virtual machines that may cost you $40 for one month. If you need a very specific machine to do a deployment, you can use it just for the deployment and then delete the virtual machine. You have to pay it only for the hours for which you used that machine, which is a great advantage. If you work with data processing or you're a developer who needs to test new software or a game, you don't need to pay a huge amount of money for a specific virtual machine. You will only be paying for the hours that you need to do the testing. You don't have to pay $6,000 for high-end technology. I know that the idea is to keep people using the virtual machine, the storage account, or any service they have, but if their needs are just limited for a few hours of the month, that's what they will be paying for. So, it is very flexible.

I would recommend Azure Active Directory to everybody. I would recommend others to use it to easily manage all the users. If you are dependent on an on-premises server, those servers may fail. Some people have too many old servers. If you move to the cloud, you don't have to worry about hardware maintenance.

Microsoft offers several ways to keep your data safe on the cloud. For example, you can choose replication. That means that your data will be at two different data centers. You can have your information at two different locations, such as in the east of the USA and in the west of the USA. If you are paying for higher services, all your information can also be in another country or region. So, all the information that a company may have in Azure will be protected if something catastrophic happens, which is something very important, especially for large companies. 

The improvements to the platform are constant, and the feedback that the customers provide to Microsoft is taken very seriously. They have a feedback page where the users can request new features or existing features that they are not happy about. Microsoft takes into account all these requests, and I see the response from the backend team or developers. I can see how they provide new products or good information about what they are doing right now to improve the services. Most of the requests are for new services and ideas, and most of those ideas are seriously reviewed. I can see that over the last few years, how many of these requests have become a part of the platform. So, you see improvements everywhere. There is also a change in Office 365, which will be soon known as Microsoft 365. They're changing the experience, and they are also changing the licenses to include more products. So, changes are constant. I am not saying this because I work for Microsoft. I have also worked for Amazon, and I see similar structures. They are making changes all the time.

Every day, I see the requests of customers and the response from Microsoft to those requests. When all these improvements are added to the platform, for those of us who are on support, the cases become easier to manage. It gets easier to provide solutions because we have more options to resolve the problems, and the customers also have more options. 

There are times when customers don't realize that the platform has changed and the services they used don't exist anymore. Usually, we provide support through Microsoft Teams and remote sessions. So, we go there, and we explain to the customer that they can do this because the platform allows them to select this and then do customization. So, everything is flexible. The customers sometimes are very surprised because they don't know that the platform has changed so fast. The experience of providing support becomes very nice when a customer is amazed by all the new features. They had been working in the old way, and they didn't know that they now have many options on the platform. In such cases, it is a very satisfactory experience for the customer and also for us. In some cases, it takes about 10 minutes, and the problem is solved. The customer becomes very satisfied with the solution.

I would rate it a 10 out of 10. I can't tell how happy people are when they call and are looking for such a service, and they realize that it already exists. They just didn't know about it. This rating is not based on the experience that I have in working with Microsoft; it is based on the experience of the customers I work with.

Microsoft Entra ID is used for user management and directory governance, including conditional access management, sync user management, group management, and application and SSO connections. In short, it is a user, policy, and access management solution for environments with 10,000 to 50,000+ users.

Microsoft Entra ID provides a single pane of glass for user management.

Originally, it was just an integration within Entra ID with limited governance and scalability. Over time, more and more features such as Certificate Authority and Privileged Identity Management have been added, and the amount of governance and controls has increased. As a result, we can now control more aspects within Azure AD. For example, in the beginning, we could not review sign-ins. We could only see simplified final messages. Now, we have more insight into sign-ins, and the overall service has improved. It is now more stable and reliable, which is most important.

Microsoft Entra ID's conditional access feature to enforce fine-tuned and adaptive access controls work. 

When Microsoft Entra ID is implemented properly it can help save our staff time.

If the implementation was done properly, the user experience was seamless. It may have even improved the experience, given that it supports single sign-on and cross-platform access. For example, signing on to enterprise applications was even better. So, it depends on the engineers who implement the product, not the product itself.

Microsoft Entra ID's valuable features include integration capabilities, a simplified Active Directory approach, scalability, conditional access, and privileged identity management.

The single pane of glass has limited filtering options within the directory.

The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive. This means that it is still possible to deceive conditional access.

The group management and group capabilities have room for improvement.

I have been using Microsoft Entra ID for over five years.

Microsoft Entra ID is mostly stable, but we had some issues with MSA. We must have a backup plan when using a cloud provider. If we put all our trust in one provider, that's on us, but most of the time, the service is stable.

Microsoft Entra ID is scalable. When we provision more and more users, we do not notice any impact. User management may be more difficult due to the portal, loading times, and so on, but provisioning the users themselves is not a problem. We have service limitations, but based on those, we can have a large number of users and work on them smoothly.

The quality of technical support depends on the engineer assigned. I've been working with Microsoft One, and while they have some awesome engineers, I've also had situations where they didn't seem to know what they were talking about.

Neutral

In my previous role, I worked with Google for enterprise, and it was a nightmare. I also worked with Okta, which is not as seamless as Microsoft Entra ID when it comes to MSA and policy management. However, maybe that's the feature, the improvement that can be done. Even though Okta has more errors and is more annoying as a product, it does have one positive: it is a cross-platform product. We can integrate it with non-Microsoft products, while Microsoft works really well with its own products. So, if we use Endpoint, enterprise apps, and 365 services, it will work most of the time, ten out of ten. But if we try to integrate anything else that is not a Microsoft service, it will be a disaster or we will not be able to onboard the service. That is something that Microsoft could improve: make it cross-platform.

The deployment time depends on the knowledge of the engineers and the cloud approach. Therefore, it can take from a few months to a few years, and sometimes it may result in the provisioning of everything because of a gap in knowledge of the people deploying. I have seen really bad deployments because the people were not cloud-ready.

We have seen a ten percent return on investment.

I think the pricing is efficient, but the licensing is overly complicated and difficult to understand. There are many tricks in the licensing that weigh against us.

I would give Microsoft Entra ID seven out of ten.

Conditional Access works well with Microsoft Endpoint Manager, but there are better options, as Endpoint Manager is not the best service.

Microsoft Entra ID is an enterprise-level solution.

Microsoft Entra ID does not require maintenance, but the conventional access policy, AD Connect, and server-related ATSs all do.