Microsoft Entra ID Reviews

We use Microsoft Authenticator as well as Microsoft SMS Authenticator. Normally, we enable MFA for all users who have email access and application access. Users can choose which authenticator they want to use. Based on their convenience, they enable Microsoft Authenticator or Microsoft SMS Authenticator. Almost 80% to 90% of users use Microsoft SMS Authenticator. Users who travel a lot choose Microsoft Authenticator. 

We are using the latest version. It is updated by default, and we don't have to update the application. It is also automatically updated on mobile.

It has been stable, and we haven't had any issues since we started to use it. 

Microsoft Authenticator is as easy as Google Authenticator, but it is not open to all types of applications. Google Authenticator is integrated with other third-party platforms and applications, whereas Microsoft Authenticator is not. It should have more integration with third-party platforms and applications.

I have been using this solution for the last two years.

It is stable.

We didn't have any issues or concerns. Therefore, we have never raised a ticket for Microsoft Authenticator.

The initial setup is very easy. You have to enable MFA on the portal for a user, and you have to put the user's phone number. The user can then log in with Azure ID. The user is redirected to the second level of code authenticator and receives an SMS on the mobile. The user needs to enter the OTP.

It comes free with the Microsoft account. We have a yearly agreement, and all products are covered under it.

We will keep using Microsoft Authenticator as a secondary solution. We prefer Microsoft SMS Authenticator over Microsoft Authenticator. 

I would recommend this solution to others. I would rate Microsoft Authenticator a nine out of ten.

Typically, we have applications deployed within the office network that we need to make accessible to our staff outside of the bank. Some of them are also our clients, but mainly, this is for people working in the region.

So without having to put them behind firewalls, what we opted to do is publish them to the proxy. This means that they can then come in via a secure port and begin to access the resources as if they were internally and securely within the network.

The most valuable feature is the ability to set up conditional access, where you can enforce users to connect using multifactor authentication. This is one of the things that we are using it for. It means that users who are accessing the applications remotely are authentic.

Technical support could be faster.

I have been using this product for three years.

This solution is stable and we plan to increase our usage.

It is a scalable product. It can be deployed in a highly available manner, where you have to have two or three connectors. We have approximately 7,000 users.

We are satisfied with the technical support from Microsoft, although it could be faster.

This product is part of our enterprise license and we did not previously use a different one.

This is a cloud service, so the initial setup is straightforward. It is not complex.

For each request, it does not take very long.

We deployed this product ourselves.

No staff is required for maintenance.

This product is sold as part of the enterprise package and our licensing fees are paid on a yearly basis. You can get it as an add-on and it's not expensive.

I have not evaluated other solutions, which makes it difficult to tell what additional features I would like to see in the future. It is sufficient and adequate for our current use case.

In our current use case, there is nothing that is lacking. This is definitely a product that I can recommend for other users.

I would rate this solution an eight out of ten.

We primarily use the solution only for the employees. It offers a single sign-on to business applications. Internal modern applications also go through Azure Active Directory, however, we use Active Directory for the legacy ones. (Kerberos).

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. 

We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.

We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify. 

One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. 

We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

I've been using the solution for four years at this point.

The solution is relatively stable. The only issue we have is that there's a lot of things on Azure that are synchronous. Sometimes it takes time for changes to apply, and it kind of depends on the time of the day. A lot of the time we're happy with it, however, sometimes it creates a bizarre issue that is difficult to troubleshoot.

The solution is quite stable. If an organization needs to expand it out, they can do so rather easily.

We have about 9,000 people in our organization using the solution.

While the technical support is good, you need premium support. The standard support is more for small enterprises. We have the premium support and with the premium support, it's much better. There's a direct line to the correct type of support. It's very good.

We previously used SiteMinder from Computer Associates. The main reason we migrated to Azure was for the integration with Office 365. It then became our primary authentication source for the employees.

The initial setup is not too complex. It's pretty straightforward.

We didn't need the assistance of an integrator, reseller or consultant for deployment. We were able to handle everything in-house.

The pricing is really great and Office 365 packages are good. We don't pay for it separately. It's included in our package and the APIs are really great. I'm not sure of the exact cost of Azure. It's a package deal.

We've looked into Okta for B2B and B2C clients, not necessarily for our internal employees.

We're just a customer.

We're using the latest version of the solution.

I would recommend the solution for employees. It's a really great tool. However, we tried it also for consumers, for clients for B2B and B2C. For me, it isn't really a great production product. We researched Okta for that.

Overall, I'd rate the solution nine out of ten.

Most of my customers use Active Directory Premium for condition and access scenarios that they need to comply with my conditions to access my resources. They also build new environments, virtual machines, and some other products like SQL on the infrastructure as a service. There are some customers that use Microsoft Intune, which is mobile device management. Microsoft Intune is a cloud.

The most valuable feature is that it is very easy to implement, you don't need a lot of effort to set up the solution. This is the most advantageous point, that you can do anything on Azure without taking too much time.

Microsoft has a feedback page, in which if anyone has any suggestions or feedback, you can send them to them. They have all of the technical resources available on the internet, on their website. In case you need the support, you can easily open a ticket with them because you already have a subscription and you are eligible to open a ticket.

I've been working with Active Directory for twelve years. I have experience with Microsoft Active Directory Virtualization like Hyper-V systems in the family for Microsoft. So, this is a 12-year journey, it has been 12 years of experience with this product.

It's currently on-premise but because of COVID, a lot of our clients are moving to the cloud. 

I have contacted technical support many times for the cloud. They are good. But for on-prem, they have recently started becoming delayed. Maybe the technical resources are not very good. I know Microsoft, they are focusing on the cloud solutions more than the on-premise solutions. The support for on-premises has become not as at previous times. But for cloud solutions, they are good.

The initial setup complexity is based on the scenario. If it's infrastructure as a service where you are building VMs, it could take you one day to complete your setup for virtual machines. 

Whether or not I would recommend this solution, would depend on the users' needs. If their use cases fit what Microsoft provides, then I would recommend it. 

I would rate it an eight out of ten. The price plays a factor in the rating. Customers are not oriented with a cloud solution, they move forward very slowly towards the cloud, because maybe in my country big sectors, like the banking sectors, don't deal with the cloud. So customers see this and don't want to use the cloud either. They fear for their security and privacy. Although Microsoft assures that they protect their customer's data and privacy.

The primary use case of this solution is single sign-on, and if a company is going to use Azure AD, a lot of what they are looking for is to manage those sign-ins and logins and have a single place for it to be.

I've been in the Azure space since it started out and in the Microsoft Cloud AD since the BPOS days in the early 2000s, and it's just a product that made life simpler for my clients to be able to integrate everything.

The self-password reset if its enabled and configured properly, really helps a company be able to reset rather than getting IT involved. 

Additionally, the capability of adding that single sign-on for other pieces that you might want to run through Azure Active Directory, such as Office 365 or Salesforce or any number of different third party authentications that you need can be done through Azure Directory Premium.

One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece.

Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.

Three to five years.

My impressions of the stability of the product are that it is a pretty good product. I have seen one outage in the last three years, where it just would not work. It only lasted an hour. It was a pretty big deal, but other than that it has been very dependable.

It scales really easy. It's just adding more scales. It is eally easily as far as number of users are concerned, if you're talking about scaling into other apps or other things that you have. Again, there's a configuration curve there. But, if you're scaling applications or services, then there can be a little more difficulty in that.

It's hit or miss. I've had more success in the last probably eight months than I had prior to that. If there's one downfall to their tech support, it's too compartmentalized. So if you're talking AD Premium, and again, with all of the different pieces to it. If you have a single sign-on issue, you might get a different technician than you would get for a joining a VM to Azure AD or whatever. They compartmentalize their tech support, and I will say to myself, "Well, just give me a guy that knows what's going on." But, then they get very compartmentalized in their tech support. They have to bring somebody else in, or have to research or do whatever. So, that's the one criticism that I have. Response has been excellent. They get you well within their SOAs, depending on what you've got paid for tech support.

It's pretty straightforward depending on what your needs are.

Licensing is easy.

The biggest piece of advice is if you're planning for all applications that need authentication, and making sure that all applications that need authentication or that you're going against, that you're using the premium parts of Active Directory for, are compliant with the solution and not finding out afterwards.

We are using Microsoft Entra ID for Microsoft services and cloud services such as email and Teams.

We have seen benefits like user authentication and multifactor authentication, which are advantageous for us.

The most valuable feature is the ability to authenticate users using Microsoft Entra ID.

I would like to see some additional attributes for user objects in Microsoft Entra, especially for tasks such as users and account validation, including guest users and guest accounts.

I have been using the solution for approximately three years.

We experienced some performance issues with the solution.

Technical support experiences can vary. Sometimes the support is good, and sometimes it requires escalation of the problem. Usually, we have a good experience. I would rate their technical support seven out of ten.

Neutral

We did not have any similar solutions before Microsoft Entra ID.

Starting to work with it was straightforward, and the deployment process was okay.

I am not aware of the details regarding the implementation strategy as I need to ask our security engineers.

I'd rate the solution nine out of ten.

I set up Azure Active Directory for many customers of the company I work for. I'm an implementer. It is the basis of identity and access for all the tenants we are using for our customers.

Microsoft Entra helps our clients save a lot of time, especially with the many automation processes that we can leverage to facilitate our work. The amount of time saved depends on the customer's needs. In general, on average I would estimate it saves them 40 percent in terms of time. But in some cases, it could be up to 70 percent.

It also helps them save money because they can work with fewer employees, or they don't have to hire more employees to do tasks that can be automated.

Another benefit is that it provides satisfaction at the administration level. On the user level, the ease of use makes it easy to understand without any limitations.

And it provides quite a good level of security for all users.

All the features of the solution are helpful. Among them, one of the most important is the Conditional Access. It helps affect a Zero Trust strategy positively.

Also, I use Entra Permission Management to distribute the roles among all users according to management requests. Microsoft provides reports for visibility and all kinds of controls where you can see the users and their access. Permission Management helps reduce the risk surface when it comes to identity permissions. It supports adaptive controls and that helps me in defining the right controls for users.

I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better.

I have been using Azure Active Directory for about three years.

It's stable. I haven't experienced any downtime or breakdowns with the product.

It's scalable.

I'm satisfied with their support. 

Neutral

It's easy to set up. 

The amount of time needed to set up Azure Active Directory depends on each customer's use case. It will take at least three to four hours for a small organization, and in that scenario you wouldn't need more than one person to set it up. For larger organizations, it may take a week and we would need two to three persons.

Our customers are looking for advanced features and processes for it to be cost-effective for their organizations. They see it as an overpriced product. They are enjoying using Azure Active Directory, but they are looking for better prices.

Just follow the book.

When a customer is trying to synchronize user information from their on-premises environment to the cloud, they might be encountering a series of errors or they may not be able to achieve what they are trying to achieve. They will raise a ticket so that somebody can help resolve the problem or clarify the situation and explain what the workflow should be like. That's where I often come in.

My support scope is focused on the synchronization aspect of Azure Active Directory. My specialty covers scenarios where customers have information in their on-premises environment and they want to synchronize their Active Directory information into the cloud with Azure Active Directory.

In addition to getting on calls and assisting customers to resolve issues, we also try to help educate customers on how to achieve the best results with Microsoft products.

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. 

The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.

I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

I've been using the Azure Active Directory platform for a little over three years. I started supporting the product in October of 2018.

Our company is a Microsoft partner. When Microsoft customers raise tickets, most of these tickets get routed to partners like us. I follow up on and assist customers when they have issues that relate to my area of expertise.

Azure AD is solid because of the way the product is designed and because the people who support it are very good.

Microsoft is a very big organization. Whenever they put products on the market, they take things like scalability into consideration. They make sure the life cycle of the product matches the demands and the usage of customers. This product should have a long life in the market.

Microsoft technical support is great. Fantastic. Microsoft is looking to push the capabilities of its products, to enable customers to achieve more.

In general, there has been improvement in the way the technology can be used by end-users. Their feedback has been taken into consideration and that has helped a great deal.

Azure AD has features that have been developed purely for the security of users. It has things like Conditional Access policies and MFA. But the nature of the support that I provide in Azure AD doesn't focus on security. While Azure AD gives a company a holistic way to manage user profiles, I don't usually work on security aspects. But I do know that, to a large extent, the solution is built using the latest security.

The provisioning service I support has authentication methods. There has been a push by Microsoft to move customers away from certain authentication mechanisms that are not very strong in terms of security, and to make sure that secure standards are being enforced. I have looked at integrations set up by customers where they have only done the basic minimum in terms of security. Microsoft had to push those customers towards a much more secure setup. So customers are getting better security.

Overall, the effect of the product on my customers' experience has been good. I generally come into the picture when customers are having an issue. Most customers I've interacted with don't understand some information or why the product is designed the way it is. When I explain that it has to be this way so that they can do what they need to do, the customer feedback comes in at about an eight out of 10.