Microsoft Entra ID Reviews

We have users, groups, and applications, and the purpose of this product is authentication, authorization, and attestation. We use it for the services connected to those three "A"s. The use cases in all organizations are more or less the same, even if some side services differ. Azure AD is used for authentication and authorization. It's about managing identities and granting access to applications.

It has features that have definitely helped to improve our security posture. The identity and access management, at the end of the day, are about security. It also offers features like multi-factor authentication, Privileged Identity Management, and access review and attestation, and all of these are connected to security and typically help improve security posture.

Many of its features are valuable, including: 

• facilitating application authentication 
• privileged access management 
• processes for attestation
• access reviews.

The multi-factor authentication, similar to when you use your mobile banking application when you want to do a transaction, doesn't rely only on your username and password. It triggers a second factor, like an SMS to your mobile. It requires another factor for authentication. This is one of the standard services Microsoft offers with Azure AD Directory.

Privileged identity management is also a standard feature of Azure AD for privileged accounts. We make sure we do privileged role activation when it's needed so that we do not have sensitive roles active every day.

A lot of aspects can be improved and Microsoft is constantly improving it. If I compare Azure AD today with what it was like five years ago, or even three years ago, a lot of areas have been improved, and from different angles. There have been improvements that offer more security and there have been some improvements in the efficiency domain. Azure AD is not a small product. It's not, say, Acrobat Reader, where I could say, "Okay, if these two features are added, it will be a perfect product." Azure is a vast platform.

But if we look at multi-factor authentication, can it be improved? Yes. Perhaps it could cope with the newest authentication protocols or offer new methods for second or third factors.

I'm also willing to go towards passwordless authentication. I don't want anyone to have passwords. I want them to authenticate using other methods, like maybe biometrics via your fingerprint or your face or a gesture. These things, together with the smart card you have, could mean no more passwords. The trends are moving in that direction.

When it comes to identity governance, the governance features in Azure AD are very focused on Microsoft products. I would like to see those governance and life cycle management features offered for non-Microsoft products connected to Azure AD. Currently, those aspects are not covered. Microsoft has started to introduce Identity Governance tools in Azure AD, and I know they are improving on them. For me, this is one of the interesting areas to explore further—and I'm looking to see what more Microsoft offers. Once they improve these areas, organizations will start to utilize Microsoft more because, in that domain, Microsoft is a bit behind. Right now, we need third-party tools to complete the circle.

In addition, sometimes meeting the principle of least privilege is not easy because the roles are not very granular. That means that if you are an administrator you need to do small things connected to resetting passwords and updating certain attributes. Sometimes I have to grant access for the purposes of user management, but it includes more access than they need. Role granularity is something that can be improved, and they are improving it.

Again, if I compare Azure AD today to what it was like three years ago, there have been a lot of improvements in all these domains. But we could also pick any of these specific feature domains in Azure AD and have in-depth discussions about what could be improved, and how.

We have been using Azure Active Directory for more than five years.`

Azure AD is very scalable. The only concern is around role-based access control limitations at the subscription level. That is something Microsoft is improving on. Currently, per subscription, you can have a maximum 2,000 role assignments. Sometimes big organizations hit the limit and need to implement workarounds to resolve that limitation. But that is something Microsoft has already confirmed it is improving. That is a limitation of the Azure platform, it's not specific to my organization. A smaller organization may never hit the limit, but bigger organizations do.

Apart from that, their application integrations, the service, MFA, and everything else, are quite scalable. It is moving in the right direction.

Setting up Azure AD, is about moving toward the cloud journey. I cannot say setting up Azure AD is easy, but on the other hand, organizations are not moving to the cloud in one go. It's not all or nothing, that you have it or you don't have it. It depends on which services you are receiving from Azure AD. Some organizations, like ours, start with a limited number of services.

You usually start with syncing your identities to the cloud so that you can offer your employees certain cloud services. You want to enable them to use certain SaaS applications, where they are relying on a cloud identity, and that's why you need to have your accounts in the cloud. Without that, you cannot grant them access.

Later, you may offer the ability for business partners to use and benefit from certain cloud applications, and gradually the use cases increase. For example, someone may become a privileged user to take responsibility for an application and manage it. When that happens you start to think about what other features in the Azure platform you can offer to do administration in a more secure way. Or, once you have thousands of users benefiting from cloud applications, how can you make sure that you protect their assets and their data? That leads you to start implementing other security features, such as multi-factor authentication. Over time, you may have users benefiting from Office 365 and they need to collaborate by using Teams and SharePoint. Again, you start to build something else around that.

Whether large or small, organizations are on a journey, where they start from on-premises with servers and all these server rooms and applications in the organization. They then shift workloads to the cloud. That process is still ongoing in my organization and in many organizations. Ten years ago, workloads were all on-premises. Five years ago, maybe 90 percent were on-premises. Today it might be 50 percent cloud and 50 percent on-premises. There is value from the cloud: elasticity and flexibility, even for big organizations. A server on-premises is a different story compared to having it on the cloud. If I need to upgrade a server on the cloud, it takes five minutes. If it's on-premises, I need to order hardware and then change the hardware. The usage of Azure Active Directory is due to the evolution of the cloud.

The bottom line is that the implementation is gradual. It's not difficult or easy, although we started with things that were easy to adopt, and then we continued the journey.

The staff required for maintenance of Azure AD depends on how you organize your support. Some organizations outsource their end-user support to other companies, while other organizations staff that completely internally. It can also depend on the users. Is your organization a global organization or a small, local organization? For us, to make sure we maintain the support and availability and all the services we need, including change management, we need at least 15 to 20 resources for a global application with more than 20,000 users, to maintain the platform.

We worked with a lot of consultants for Azure AD. There are many features and no one expert or professional can help with all aspects. Organizations, during their journeys, have to work with different partners and integrators. It may be that there is a specific application you need to integrate with Azure AD and you need some skills there. It may be that you want to better manage Azure resources, so you would talk to a different type of resource. You may want to increase your identity security scores, depending on how you configure Azure AD, and for that, you would need to talk to an Azure security expert. I think this applies to all big enterprises. We need different skills to better utilize Azure, including Azure AD, and to do processes in a more secure way.

We have Microsoft Professional Services. That's the primary source for many organizations that are utilizing Microsoft services. If you have an enterprise agreement or a unified agreement with Microsoft, they offer you consulting services. Of course, you have to pay for Professional Services, but we get value there. The number-one consulting and integration support provider is Microsoft.

They also work with certified partners like Accenture or Avanade. These organizations are connected with Microsoft and they offer consultancy services to enterprises like ours. Depending on the subject, we may use services from any of these providers. We usually go with Microsoft-certified partners.

Multi-factor authentication means you need to do an extra step, but that is normal because the attack surface is wider. We want to make sure you are who you say you are. That extra step impacts the end-user experience, but it's needed. The way authentication happens today is far different from 10 years ago. It may result in some added difficulty, but it is there to protect employees, organizations, customers, business partners, IT assets, data, et cetera.

Our use case depends on the client, their project, and what they want to deploy. 

1. The solution can be deployed for security purposes. Multi-factor authentication is being deployed as a second layer of authentication, especially during this COVID-19 time, because everything has to stay secure. 
2. Almost every organization uses the software as a service (SaaS) part. Because of the pandemic right now, a lot of companies are moving many things to the cloud, like virtual machines (VMs) and virtual networks. It doesn't invalidate the fact that some companies don't want to have control on-premises. 

Everything depends on the solution or what the client wants.

We use it for PaaS and IaaS.

In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.

In terms of improvement, there should be more flexibility and conditional access. There is a lot of flexibility already, but there are some technologies that should be embedded and integrated into it for a more flexible, customized experience. Also, there should be more tools for analysis for clients, e.g., there should be more flexibility aimed at end users. Regular IT guys for each company should be able to use the tools to troubleshoot a certain level of analysis in their environment.

The security part should be improved overall. 

The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform,  am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly.

I have been using it for four to five years.

Availability for Azure AD as a whole is 99.95 percent. It is simpler and more available than the way technology used to be previously.

It is very scalable. When you talk about licensing, you have the option to scale up or scale down. For example, you purchase 50 seats of licenses and assign 45 licenses, then for some reason, you fire 10 employees. Once you fire them, you will probably block their identity access and single sign-in. After that, you can decide to reduce the number of licenses. On the other hand, if you acquire 10 licenses and employ five new people, then you can scale up by adding more five licenses that month. So, it helps you to scale up or scale down easily.

In another example, if you have acquired five virtual machine instances, then are using more in terms of the processor, you can scale up. It depends on the configuration you have. If you have done the setup and everything from the beginning, then you can say, "If the processor level reaches 80 percent, you want to add another two virtual machine instances." On the other hand, if you deployed five virtual machine instances, but your usage of those processors is lower than 30 percent, then you should scale down. So, if you have five licenses and you want to scale down by one, then you can scale it down so you can reduce your costs.

I would rate the technical support as a nine out of 10.

When I set it up two years ago, it was easy, not complex. It didn't take much time at all to set up.

A lot of people sign in or set it up with a Google account, Yahoo account, or Microsoft account, which is not the global administrator. A lot of people think that this is the global administrator. They don't understand that the account might have an extension and don't see this until that account gets locked out. That is when they have problems signing in. The setup is not that complex. It is just that the user experience overall needs improvement here.

The deployment process depends on what you are trying to achieve and the technology that you are trying to deploy, e.g., are you trying to deploy SSO, set up device writeback, or do a regular AD Connect setup? Everything depends on the objective or the overall goals of what you want to achieve.

Even after it has been deployed, one or two users may have problems with their account in terms of multi-factor authentication or the way it has been set up. I work with them to troubleshoot these issues.

Sometimes, the priority is to set up AD Connect, which integrates your on-premises to Active Directory. You must make sure your server is up and running. Apart from that, you need to set up your tenant, which is your profile admin center. 

If they want to download and install their tools, then we can connect to their on-premises for synchronization. So, it helps collect on-premises data and put it into the cloud. 

You can also install PowerShell. 

Everything needs to be considered for the requirements and if it is within the budget, then you can come up with a solution, whether it is SaaS, PaaS, or IaaS. 

Since people might not be very familiar with the platform, I have developed a system for how to use, deploy, or utilize the technology.

At the end of the day, it is about the overall goal because everything comes with a cost. Azure AD comes in different ways and shapes, e.g., SaaS is different from IaaS or PaaS, though it is still the same platform. 

Whether you are a small business or large business, you can always enjoy a very secure cloud platform. 

I would rate Azure AD as a nine out of 10.

I use it for managing identities, access, and security in a centralized way. I help other people use this product.

Using Azure AD has improved our security posture overall, more than anything I've ever worked with.

It enables end-users to be more secure without it actually affecting their work. Usually, security solutions makes it harder for them, so many start using other solutions instead, solutions that are not managed or monitored by the organization. But when we use Azure AD's Conditional Access, for example, as long as they behave, users don't even notice it.

The passwordless feature means they don't even need to have a password anymore. It's easier for users to be more secure. You can invite anyone to collaborate in a secure way. 

Passwordless sign-in, which is one of the new features where you no longer need to have a password, is one of the great features. Passwords have always been hard for end-users, but not so hard to bypass for bad guys. It often doesn't matter how complex or long your password is. If a bad guy can trick you into giving it to him or can sniff your keyboard or your network, or access it through malware, your password doesn't matter anyway. So all the complexity, length of the password, and having to regularly change it is hard for users, but it doesn't stop hackers. And that's what makes passwordless so valuable.

Multi-factor authentication is good as it allows you to answer a notification or even an SMS or a phone call, but that has become more unsecure now because the bad guys are learning new way to bypass these methods. But using passwordless technology, you're not even using a password anymore. You're basically just signing a logon request without actually sending, typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple.

It also stops phishing, which is amazing. If someone tricks a user into going into the "Macrosoft" store or some other site that looks like the real site, they can trick the user into signing in there and then they can steal the password. But if the user is using passwordless, the passwordless solution would say, "Sorry, I don't have a relationship here. I can't sign in." In that way, it can stopping phishing, which is one of the most common attack vectors right now.

Another feature that has improved our security posture is Conditional Access where we can not only say "yes" or "no" to a sign-in, but we can also have conditions. We can say, "Sure, you can sign in, but you need to be part of the right group. You need to come from a managed client. You can't come in with a risky sign-in. You need to come in from a certain platform or a certain network." You can have a really complex set of rules and if those rules are not fulfilled you will not be able to sign in, or we can require MFA or even control the session. That is also a really good security feature.

The B2B feature is another good one where, if I want to give someone access to my my apps or data, instead of creating an account and a password and giving that info to the user, I can invite that user so he or she can use their own existing account. That way, I don't need to manage password resets and the like. The B2B feature enables collaborating with anyone, anytime, anywhere.

The Azure AD Application Proxy, which helps you publish applications in a secure way, is really good, but has room for improvement. We are moving from another solution into the Application Proxy and the other one has features that the App Proxy doesn't have. An example is where the the role you're signing in as will send you to different URLs, a feature that App Proxy doesn't have (yet).

With Azure AD, if you look in detail on any of the features, you will see 20 good things but it can be missing one thing. All over the place there are small features that could be improved, but these improvement is coming out all the time. It's not like, "Oh, it's been a year since new features came out." Features are coming out all the time and I've even contacted Microsoft and requested some changes and they've been implemented as well.

I have been using Azure Active Directory for close to eight years now.

The stability or availability is incredible. It's super-good. However, just the other week, there was an outage for a few hours, so it's not 100 percent. But in Microsoft's defense, that hasn't happened for a long time.

What I also usually point out to people is that if you host your own solution and things break in the middle of the night, who's going to look at it? With this solution, you know that in the first millisecond that something breaks, 10 people or 100 people are looking at it. You get constant feedback about what's going on and you usually get a full report afterwards about what actually happened and how they will prevent them in the future. They are really good at managing these outages.

I don't know what the uptime is, but it's still 99.999 or something like that. It's super-trustworthy, but it's not 100 percent. What is? Still, it's likely much better than a private on-premises solution could ever be.

In terms of scalability there are no limits. I have customers with 10 people and others with up to 300,000, and everything in between. There is no difference. I haven't had to think about memory or disk space or CPU in a long time because everything just works. It's super-scalable.

We have 100 customers and all of them use Azure AD. They are spread all over the world. In Sweden, where I'm from, we have government municipalities, we have private corporations, hospitals, manufacturing. Everybody needs this. It doesn't matter which market or which area you work in. I don't see a target audience for this. It's everyone.

Their tech support is pretty good, depending on who you end up talking to. If you open a support request, you can be asked quite basic questions at first: "Have you tried turning it on and off again?" Sometimes we need to go through five people to get the correct people, the people who know the problem area really well. We usually dig really deep into the area and learn al lot first. We need someone who is expert in this product and who knows exactly how that area of the product works. Sometimes it takes a while to get to the correct person, but once you get there, they're usually super-knowledgeable, super-friendly and quick to reply. It can be tricky to find the right person. But I suppose that is the same in any company. 

Over the years, we have built up a contact network so we can usually contact the right people right away, as we are a Microsoft partner. But because this review is for everyone, I would suggest that you keep asking until you'll end up at the right people.

Overall, Microsoft is really attentive. Previously, you could say, "Can you show me the roadmap for the next three years?" and they would say "Sure." They don't really do that anymore because they say, "It now depends on what you want." We can help influence Microsoft how to prioritize. They have daily and weekly meetings where they discuss "What do people want now? How should we prioritize?" It's a totally new Microsoft compared with a few years ago. If I see something missing, they usually come up with it pretty quickly.

I see people moving from other solutions into Azure AD because they're not satisfied with the other solutions. 

The initial setup is a straightforward process, for such a complex technology. Although there are a lot of moving parts involved in actually setting it up, it is quite easy.

I've set this up for many and, in general, it takes less than a day to get things up and running. Then, of course, there's tons of optional configuration to improve and secure things, but just getting it up and running takes less than a day.

The implementation strategy used to be helping them get to the cloud, by doing things like making sure that they clean up the accounts in the on-premises solution and setting up the synchronization rules. But nowadays, most of my customers are people who have Azure AD in place already. So now I'm trying to enable and configure and improve security configuration. For example, you don't have to set up the passwordless feature and you don't have to do multi-factor authentication. They are optional. So my task now is more one of improving their configuration and turning on security features. A lot of it is secure by default, but some features require you to configure and set them up.

With the licensing there are so many features involved, and different features for different licensing levels. Those levels include the free version, as well as Premium P1, Premium P2. My approach with my clients is usually, "What kind of licenses do you have? Okay, let's improve this, because you have it already. You're paying for it already. Why not use it?" 

The next step is, "These features are included in the licensing you don't have. Do you think it's worth it?" I talk to them, I explain them, and I demonstrate them. They will usually say, "Yeah, we need that one."

I don't know other solutions really deeply. I know of them, but I'm a specialist who is focused on this one. But I realize, when I talked to other specialists in other areas, that they are solving the same problem, so they usually have similar solutions.

What Microsoft is winning on is that people used to say, "Buy the best product, the best in class or best in breed for each area." But that has changed now. "Buy the best ecosystem" is the better approach. If I have Azure AD as my identity and access solution, and if I also use Microsoft Defender for Endpoint and the Defender for Office 365, and other Microsoft solutions, I can then go to one portal, one place, and see how my apps are doing, how my users are doing, how my devices are doing, and how my data is doing. You get this super-integrated ecosystem where everything talks to each other. That is the strength.

In my opinion Azure AD is a fantasic standalone product, but you have so much more benefit from using it together with other Microsoft solutions.

The user usually doesn't care if we use Microsoft or any other vendor's to protect his identity or his computer or his data. They just want to do their jobs. But as admin, I see the advantage of using the same provider. I can actually create a query saying, "Show me all users who logged in to Azure AD from a device with this operating system, accessing this application, and who have a risk on their device, where a document is classified as sensitive." I can do all of that in one query for identity application devices and the data. That's the strength, having that insight into everything. And when it comes to security and Azure AD, Microsoft has 3,000 full-time security researchers, and they spend over a billion dollars each year on security research alone.

What's amazing is that the CIA, the FBI, and these big companies or organizations are using Azure AD, and they have really high requirements for audits and protection. As a "regular" organization, you can get the same level of security without have to ask for it. You get to ride on the coattails of that amazing security without spending $1 billion yourself.

If another Microsoft customer is hit by something bad, Microsoft is going to stop it for the rest of its customers. If you're the first to get hit by new bad malware, that may be tough, but all of the other customers are instantly protected because different customers share threat intelligence, in a way. You get the benefit of all the security discoveries that Microsoft makes, instantly.

Talk to someone who knows a lot about it. Sure, you can look at everything on the docs.microsoft.com page, but it can be hard to understand what each feature is and the value it give you. Talk to someone who knows both licensing and technology, to understand what's there and what you should pay for and what you should not pay for.

There are also a lot of good videos out there, like sessions from Microsoft Ignite. You also have the Microsoft Mechanics video series on YouTube with a lot of videos. So if you like to learn through video, there's a lot available for you. You can also go to docs of Microsoft.com and search for Azure AD. You will get like a starting page where you can learn the identity and access basics or also how you integrate apps. There is a link collection with everything and anything you would like to know. Or you can call me.

We are Security advisors. We help people, we train people, we implement it for them, we document it, we teach them, and we talk at seminars. We sell our knowledge. We don't sell solutions. There are 25 people in our company and five to 10 people are working with Azure AD. It's not that we need five for our daily operations, it's just that's how many of us are working with it. In general, a company might need one to five people working on it. If I need to set up a feature for five people or 500,000 people I do the same steps. The thing that is different in bigger companies, is that you need to communicate, you need to educate, you need to write Knowledge Base articles, you need to inform the service desk. All of those things are just to prepare users. But that has nothing to do with Azure AD. The technology is super-simple. It's more that the process around it is different in different companies.

Usually, it is replicating an on-prem Active Directory environment into Azure. It is usually tied with generic email access and SharePoint Online access and building out provisioning for that. There typically is some sort of synchronization tool that is sometimes used in addition to or as a substitute for the typical Microsoft suite. So, it just depends upon the customers and how they're getting that information up there.

In terms of version, it tends to be a mixed bag. It just depends on the client environment and factors such as the maturity and the rigors of change management. Sometimes, it just lags, and we've dealt with those types of situations, but more often than not, it is more of a greener field Azure environment and tends to be the latest and greatest.

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot. 

For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.

I have been using this solution for probably two and a half years.

It is perfectly stable. I haven't had any concerns or any problems with that.

I have dealt with them. Overall, tech support is great if you have something that was working but it's broken and needs to get fixed. It is a different bucket if you have more of an implementation question like, "Hey, can we do this?", or "How to approach that?" Sometimes, it can be challenging to get the right people on that call to support those conversations.

Its initial setup really depends on the customer. I have one customer right now with a super simple environment. They're just replicating it up. It's all Microsoft stack top to bottom with no real surprises or anything else. They're happy as pie with that. 

I have larger customers who tend to want some sort of management layer on top of it for Active Directory management purposes. This tends to go into the cloud, which introduces its own little challenges. In a more sophisticated enterprise, I start running into custom schema or workflow dependencies that just don't translate well from on-prem to cloud, but it is rare. It usually ends up being a third-party solution that we route them to with that. So, it's not huge. The challenge is more in identifying that. Typically, as much as we try, we rarely get it identified early enough to change our statement of work or our implementation, so it becomes a bad surprise.

Its price is per user. It is also based on the type of user that you're synchronizing up there.

I would advise spending more time on planning and aligning your business processes with Active Directory and Azure in terms of custom schema and separating third-party accounts, external accounts, or customer's accounts from employee accounts. I've run into issues when people take an existing on-prem solution that has third-party entities or maybe external customers and start synchronizing it up. It is not a slam against the service, but that's where I start recommending people to do different instances of Azure Tenants to break that up a little bit and provide that separation. All of these are planning functions. Using this service can be deceptively easy, but you should spend more time on planning. Around 80% of it is planning, and the rest of it is the implementation.

I would rate Azure Active Directory an eight out of 10. It is super solid. I wouldn't say it's the best. I would love to have everything that you could do on-prem. I understand why it can't do that, but I would love that flexibility.

Our primary use case is to simplify directory deployment and centralize source of management. Within our own consulting business, we choose to use Azure AD.

The centralized management feature is very valuable. Being able to delete stuff in one place, from any location is really great for us. In addition, we do not have to deploy lots of machines all over the place to run things as a service, which is how we like to deploy things, just as a service. So, this makes it easier to deploy, easy to set up, and work with. It is easy to use, and makes quality of life issues a reality for us.

It would be nice if it had some visualization tools. A bit of visualization would be really nice to show your Azure directory structure. It would be very good because you might have sub-domains and odds-and-ends going on. So, a bit of visualization would be really good. Being able to plug it directly into the video to produce models would be a really nice feature.

Less than one year.

The stability is really good. We have not had an issue with it at all. It is always there for us.  As a part of what Microsoft seems to be doing, it is taking away from what dedicated machines that you have to fiddle and tinker with to run services on, and turning them into services you can just access.

My experience with tech support has been really good. I have had a couple of issues where I have logged the ticket with Microsoft, and I had someone on the phone with me regarding the ticket within a half an hour. It was a real technician who really knew what he was talking about. I was very impressed.

We had a problem related to Office 365 and Skype, and not being able to generate a Skype session when everything else seemed to be working. The tech support helped us fix the situation. They have a good depth of knowledge  and it is not just people reading off a script. They are real users, with real experience.

The initial deployment and setup was pretty straightforward. It is pretty easy. It is not that hard to get going, and the thing is that it is quick to integrate well with your Windows.

If you have an existing environment that consists of on-prem AD based environment, then you will want to go with Azure AD. You need to talk to your service provider, or your in-house IT team. Get them involved to help. We did so, and then we just set up a whole new domain and got rid of the old one, and set up the new one on Azure AD. Microsoft will help walk you through the process.

It looks like they're just making everything as a service and it is pay per user, and that just works for me. It's really good. Gets the cost down and lets you scale if you need it.

It is easy to use, straightforward, and in my language. It does exactly what is says, and does not pretend to be anything else.

I use the product for user policy and group management. 

The tool's most valuable feature is auto logs. It helps with user activity and monitoring. It also assists us with GLBA policies and procedures. Microsoft Entra ID gives a 360 view of what the user has access to, what applications are available to them, when they are logging in and out, etc. It makes knowing what is happening to our tenants incredibly powerful. 

I want to be able to identify the audiences effectively and manage them. 

I rate the product's stability a ten out of ten. 

I rate Microsoft Entra ID's scalability a ten out of ten. 

The tool's support is very responsive. 

Positive

We have seen ROI with the tool's use. 

Microsoft Entra ID's pricing is reasonable. 

Microsoft Entra ID is very transparent and easy to access. It is easy to understand, but you shouldn't get lost in the updates. 

The product has helped our IT administrators save time. We will be onboarding the HR team soon. 

My company is loyal to Microsoft products because of its consistency and flexibility. 

I rate the product a ten out of ten. 

The solution grants users access to various apps built on the portal. 

There was a lot of logic and a lot of improvement overall in terms of improvement. On the user access side, it improves the company a lot, specifically in regard to security. It really does help with access and protection.

My experience so far has been amazing. I'm in the intermediate phase of understanding it. Loading users and creating groups and so forth is very easy. We can also run multifactor authentication.

The dashboard is very good. It's outstanding.

It offers very good support.

The virtual machines you can run through it are great.

We are provided with a single pane of glass for managing user access. It helps provide more insights and creates consistency in the user experience. It works perfectly. Only admins can control access. That makes it safe. If a user requests something, only the admin would be able to assign the permissions.

My assessment of Active Directory's admin center managing all of your identities and access tasks is that it is very effective. 

I do use the verified ID at this time to onboard employees. Onboarding new users is very easy. It's very quick and doesn't affect the users. It's simply sped up the process. It also helps with privacy and control of identity data for remote employees. It's good to have and it assists with security. 

Permission management is quite good. The visibility and control in the clouds are good - at least over Microsoft. 

The product has helped save time for our IT administrators and HR department. It's helped a lot of time. It might save around 70% of our time from an IT admin support perspective.

It's very good at not disrupting the user experience. 

I'm still new to the solution. I need to look at the solution more before commenting on what to enhance. 

I do not need any extra features from my side. 

Having more training would be quite helpful. 

Having a faster interface could be helpful.

I've used the solution for two years. 

The solution is stable. 

We use the solution across multiple locations. We have multiple systems and apps that we built that run through Azure. We have about five people actively using the solution. We only have about seven people in our organization. 

The solution can scale well. I'd rate scalability nine out of ten. 

I've never dealt with technical support. My colleagues have used it and I've heard from another user that the turnaround was almost immediate. My understanding is that it is quite good. 

Positive

We did not previously use a different solution. 

The initial setup was straightforward. It does not require any maintenance. 

I'm not sure if we've saved money specifically using the solution, yet, if that wasn't the case, I'm not sure why we would use it.

We have not evaluated other solutions. 

I'm a customer and end-user.

I don't use the conditional access feature. 

I'd personally recommend the solution to anyone. I'd rate the solution ten out of ten. 

Azure AD helps us manage application and hybrid identities.

I like Azure AD's conditional access policies. Microsoft Entra provides a single pane of glass for managing user access, improving the overall user experience. 

The workflow management for registering new applications and users could be improved.

I have used Azure AD for about eight years.

Azure AD is stable.

Azure AD is scalable. 

Azure AD is so stable and easy to administer that we don't need to contact support. 

Setting up Azure AD is straightforward. 

I rate Azure Active Directory a nine out of ten. You should use premium licenses or Azure directly whenever possible to take advantage of the new security features since E3.