Microsoft Entra ID Reviews

I am a cloud engineer, and I do a lot of administrative work that involves creating new infrastructure for our applications. Whenever I create infrastructure, I have to install it on our Active Directory and then set it up. This is how it was that I started working with Azure Active Directory.

Once the infrastructure is set up, I usually proceed to create user groups and user IDs inside Active Directory. After they are created, I set up and configure them based on the requirements of the organization, including the access required for different groups and users.

We deal with a lot of health information that we have to keep confidential, so having the Azure cloud security policies in place, such that nothing is exposed to the outside world, is helpful for us.

The security and infrastructure management features are the most valuable ones for us.

It offers multifactor authentication for setting up development pipelines.

Better deployment management and visibility functionality would be helpful. There is a lot of room for improvement in our infrastructure, and in particular, when we create something, we have to visit a lot of websites. This makes life more difficult for us.

When we deploy new infrastructure, it begins with a lengthy approval process. For example, as an administrator, I may receive an infrastructure request from one of our developers. The developer might need access to our front-end, where all of the servers are deployed. The problem is that we don't know exactly what has been deployed within our servers, so better visibility would be helpful.

It's a closed infrastructure, and every developer gets an individualized container. We don't know exactly which features have been provided to them and it's a roundabout process to log back into Active Directory and see exactly what permissions have been assigned. It requires returning to a specific feature and looking at the specific user.

I have been working with Azure Active Directory for just over three and a half years.

This is a highly reliable solution and we plan to continue using it.

Right now, we have 5,000 users that are deployed on Azure Active Directory. Every internal user account that's been created has some sort of multifactor authentication attached to it.

Right now, there isn't a plan to increase our usage. I think we have reached our maximum capacity and if we have to add on something else, then we have to use another tenant or figure out a different way to do it.

We have a team of 15 people who deal with tickets related to this solution.

We constantly have the chance to engage with Microsoft regarding Azure Active Directory. They provide full-time support, so for any issues that we face, we just create a ticket. When we have issues, we quickly get someone from the Azure support team to help us out.

Prior to using Azure Active Directory, we had our own Active Directory. Once we started migrating our applications to Azure, we began moving away from our traditional implementation.

The initial deployment process takes a couple of days for us, although exactly how long depends upon the type of deployment. If you have new deployments then I suggest creating an automated script that will kick it off because this will save time. If on the other hand, there is something that is already deployed and it needs to be redeployed, it doesn't take longer than a couple of hours.

It only takes one person to deploy. It is done on a ticket basis, as requested by people like our developers.

This product provides added value to the company.

In summary, this is a good product and it has been helpful for us, but without doing the proper research, I wouldn't recommend starting with Azure Active Directory. Migrating all of your user accounts and then your resources from different domains to an Azure Active Directory is a huge task. It means that you have set up to create everything from scratch, so without doing proper research, you may run into problems.

I would rate this solution an eight out of ten.

The primary use case of this solution is single sign-on, and if a company is going to use Azure AD, a lot of what they are looking for is to manage those sign-ins and logins and have a single place for it to be.

I've been in the Azure space since it started out and in the Microsoft Cloud AD since the BPOS days in the early 2000s, and it's just a product that made life simpler for my clients to be able to integrate everything.

The self-password reset if its enabled and configured properly, really helps a company be able to reset rather than getting IT involved. 

Additionally, the capability of adding that single sign-on for other pieces that you might want to run through Azure Active Directory, such as Office 365 or Salesforce or any number of different third party authentications that you need can be done through Azure Directory Premium.

One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece.

Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.

Three to five years.

My impressions of the stability of the product are that it is a pretty good product. I have seen one outage in the last three years, where it just would not work. It only lasted an hour. It was a pretty big deal, but other than that it has been very dependable.

It scales really easy. It's just adding more scales. It is eally easily as far as number of users are concerned, if you're talking about scaling into other apps or other things that you have. Again, there's a configuration curve there. But, if you're scaling applications or services, then there can be a little more difficulty in that.

It's hit or miss. I've had more success in the last probably eight months than I had prior to that. If there's one downfall to their tech support, it's too compartmentalized. So if you're talking AD Premium, and again, with all of the different pieces to it. If you have a single sign-on issue, you might get a different technician than you would get for a joining a VM to Azure AD or whatever. They compartmentalize their tech support, and I will say to myself, "Well, just give me a guy that knows what's going on." But, then they get very compartmentalized in their tech support. They have to bring somebody else in, or have to research or do whatever. So, that's the one criticism that I have. Response has been excellent. They get you well within their SOAs, depending on what you've got paid for tech support.

It's pretty straightforward depending on what your needs are.

Licensing is easy.

The biggest piece of advice is if you're planning for all applications that need authentication, and making sure that all applications that need authentication or that you're going against, that you're using the premium parts of Active Directory for, are compliant with the solution and not finding out afterwards.

We use it for access and identity management.

Microsoft Entra ID has improved the way we administer the technology. One strong capability is our ability to use single sign-on. Using identity is an important component of our security, so we have been able to consolidate. Instead of having to manage users for different applications, we use single sign-on. We use Microsoft Entra ID to be the core of identity management across all applications. We have the capability to do so, so it reduces the burden of onboarding, offboarding, and giving different permissions because we have a centralized way to handle that.

Microsoft Entra ID does a pretty good job of providing a single pane of glass for managing user access. For zero trust and the more modern security approaches, it is key to have a single pane of glass. We are able to be very regimented and have processes that are repeatable and reproducible. It provides that consistency, so it is easier to be very consistent.

Microsoft Entra ID has helped to save time for our IT administrators, but I would have a hard time quantifying that. We do not have a lot of users. We are dealing with hundreds of users and not thousands or tens of thousands of users. We are able to use logic and rules to handle most permissioning versus having to do administrative things manually. There is less touch. We touch it only when we have to troubleshoot. If we have a good set of rules, it handles what we need to handle.

The user management groups are valuable. It is a pretty basic product, but user management, in general, is valuable with the ability to differentiate between business lines and add different policies, group-based management, and dynamic user groups.

Allowing for more customization would be very useful. There is a limited metadata capability. When you look at a user, there are only six pieces of information you can see, but organizations are way more complex, so having that metadata available and being able to use that for dynamic user groups and other policies would be very helpful.

We have been using Microsoft Entra ID for six years.

For the most part, it is very stable. I am not worried about its stability.

It is very scalable.

Typically, the people who provide us support want to provide good service, but overall, there is a lot of room for improvement because the subject matter experts basically follow the script, and sometimes, they neglect to listen to what we are asking for. We would have already gone through the steps, and we explain it, but we have to repeat ourselves multiple times.

In my past experiences, I have used Okta and the other ones. In my current organization, I have not used any other solution. When I came in, thankfully, we had Azure AD. We stuck with it, and we made that the primary. It is not perfect for sure, but it works very well in the Microsoft ecosystem. It works well together with Intune and other Microsoft solutions. Because we have a single stack in Microsoft, it works very well with Intune. In the past, I have had different identity and access management, and then you have interoperability issues. Even though Microsoft Entra ID is not perfect, there is less of that. You get one vendor, and usually, things work out eventually.

I was not involved in its deployment in my current organization, but I was spearheaded into bringing from a basic use case to a lot more security and a lot more automation and manageability.

Initially, the initial setup was very basic, and then we modernized it and improved it. We used a lot more policy, and dynamic user groups were a big aspect of that single sign-on in the app management, app registration, and various other aspects.

We took a little bit of external help to make sure that our approach was optimized.

It is difficult to quantify that. Because there is the cost of switching, usually, it ends up being a wash.

Pricing could always be better. You pay the premium for Microsoft. Sometimes, it is worth it, and at other times, you wish to have more licensing options, especially for smaller companies.

We are currently not evaluating other options.

I would rate Microsoft Entra ID an eight out of ten.

We manage local users in the Microsoft Entra ID environment. 

The tool's most valuable features are security and integration with other tenants. 

The product takes at least ten minutes to activate privilege identity management roles. 

I have been using the product for two years. 

The tool's stability is good. 

Microsoft Entra ID's support is good. 

The tool's deployment is easy. However, documentation is not helpful. 

The product is cheap. It is free for our tenant. 

I rate the product a seven out of ten. 

Azure AD helps us manage application and hybrid identities.

I like Azure AD's conditional access policies. Microsoft Entra provides a single pane of glass for managing user access, improving the overall user experience. 

The workflow management for registering new applications and users could be improved.

I have used Azure AD for about eight years.

Azure AD is stable.

Azure AD is scalable. 

Azure AD is so stable and easy to administer that we don't need to contact support. 

Setting up Azure AD is straightforward. 

I rate Azure Active Directory a nine out of ten. You should use premium licenses or Azure directly whenever possible to take advantage of the new security features since E3. 

We use it for identity and access management for cloud-based applications.

A couple of features are valuable, but the one that comes across the most to me is multi-factor authentication. That is huge because, with the promise of cloud—the ease and flexibility—comes a challenge of security. That means organizations are quite susceptible to cyber security threats and attacks. Nowadays, because assets have moved from the on-premises environment to the cloud, identity has become a new parameter. 

MFA is the most valuable feature because it only takes threat actors who keep guessing the password—even a password with a high degree of complexity, given all the tools available to crack them—to gain access. Then they are able to steal identity information and all the digital assets of an organization. 

We, ourselves, experienced a "near miss" but we were able to detect it at a very early stage and then immediately implement multi-factor authentication, which of course means that in addition to the regular user ID and password, there's another key requirement for validating and verifying the true identity. That's been very valuable to us and to our clients.

We also use Entra’s Conditional Access feature to enforce fine-tuned and adaptive access controls. It's all about taking a further step and layering additional controls to prevent unwanted access. It helps with Zero Trust, ensuring that we can protect assets. The entire paradigm is to make sure that you do not grant access to any potential user without verifying and properly validating who that entity is. That's most invaluable because you can identify a set of conditions that are unique to the organization. They can be related or linked to the profile of the organization and, based on that, you can grant access. Microsoft, from what we've seen, is at the forefront. They're actually spot-on with that.

Using wild imagination, I am thinking about to what extent AAD can integrate with products in a seamless way, such as applications that are running on-premises and making use of on-premises directory services. The most common, of course, is Azure Active Directory Domain Services. To what extent can it be used to replace the on-premises Active Directory Domain Services? Even though they are similar in concept, they are totally separate products. 

I would like to see applications that make use of on-premises Active Directory Domain Services have the ability to also seamlessly make use of Azure Active Directory.

And when it comes to identity and access life cycle management for applications that are run on-premises, as well as access governance, if those kinds of capabilities could be built into Azure Active Directory, that would be good.

I have been using Azure Active Directory since 2015.

It's very stable. I don't think I can recall a major outage of Microsoft's products or services. 

There could be outages impacting other services, and over time, you do experience degradation. But what makes it work is that Microsoft has a lot of resilience built into its cloud architecture.

It's highly scalable. I've worked on projects where we have to deploy Active Directory for in excess of 12,000 users.

More than 90 percent of the people in our organization are using Azure Active Directory.

Overall, I'm satisfied. In some cases, there are incidents that take some time to resolve, but those are more exceptions than they are the rule. We seem to find such cases when we have situations with on-premises workloads, technologies that are not yet in the cloud.

But for the most part, in recent times, on average we tend to have quicker resolutions, relatively speaking, for issues that have to do with the cloud product. 

What I consider to be the aspect that makes the experience good for us is that we get support for all the products. We have access to Premier Support and that enhances the quality of our experience.

Neutral

It's quite easy to set up.

The time needed to set up Azure Active Directory is a function of the environment. For simple deployments, it can be done within hours or within a day. But for complex environments, it might take anywhere from two weeks and up. You need to go through an environment assessment and make use of a project delivery framework.

For example, suppose a customer already has on-premises Active Directory services, and the requirement is to deploy or implement a hybrid identity architecture. That means there are workloads on-premises and in the cloud, and the customer wants to use the same identity scheme or single sign-on. Those are the type of requirements that determine how long it will take to get Azure Active Directory set up.

Deployment generally requires a project manager, an engagement manager, and an architect; a minimum of three people. And if there are other specific solution domains that require specialist skills, it could be four.

There is zero maintenance. The focus, in my own experience, is typically around security: how you're monitoring the environment to ensure that it's still secure. And when there are incidents, to what extent, and how quickly, you can triage and pinpoint and remediate to keep the infrastructure secure? But the actual is maintenance is zero.

It will save us money eventually, even though that's not the case now. For example, for HR, with onboarding and exits, we're beginning to see that this is an area where Entra can help us manage the life cycle of identities. The convenience that comes with that, and how that also helps ensure security and compliance, are areas that Entra can help us with.

The pricing of Azure Active Directory is competitive. By default, the product exists in almost every Microsoft cloud product. But it then depends on the features that a customer really wants to make use of. The extent of the security requirements will inform what kind of plan will be suitable for the customer's situation.

As a business, we have always been cloud-native, so we've always been making use of Azure Active Directory. The very fact that that's what drives our productivity platform, both for ensuring that employees are well engaged and they can deliver on productivity, and meet customer requirements and demands, means we haven't looked at alternatives.

Regarding Entra, the expectation is that when it is deployed, the employee experience should be better. We haven't started exploiting all the features of Entra. It makes use of the core Active Directory: identity and access management, conditional access, et cetera. But we're not making use of all its features at the moment. We hope to implement them in the near future.

Overall, I'm satisfied.

We primarily use the solution for MFA; to access apps such as Teams or Outlook, two-factor authentication with our mobile phones is required.

We also use Authenticator to assist our clients with re-enrolling, moving, and adding new devices. 

The solution helps us keep our data secure and prevents security breaches, malware, etc. The app also provides us with options regarding our authentication preferences.

The two-factor authentication provides an additional layer of security for our organizational data, so Microsoft Authenticator plays a crucial role in making our confidential data more secure.

The solution offers multiple authentication methods via text, call, or the app. This gives us many options and flexibility when it comes to MFA.

Our users sometimes experience issues from having multiple Microsoft accounts, which can cause some confusion and hassle.

It would be good to see the incorporation of fingerprints and Face IDs as authentication options. This would simplify the authentication process for end users, especially those who aren't as tech-savvy. It is also a consideration for visually impaired people, for example.

We have been using the solution for about one and a half years. 

Microsoft Authenticator is a very stable application; our only issue is that we run into the occasional bug.

The solution is highly scalable. Many organizations use it around the world. 

The technical support is very good. 

Positive

I used PingID when working for another organization, which is slightly different from Microsoft Authenticator.

I wasn't involved in the initial setup, but the solution is straightforward to use once installed. 

The solution requires a little maintenance, as we sometimes encounter bugs where the app doesn't recognize a user account, for example.

I am not involved in the pricing or licensing, so I can't speak to that. 

I would rate the solution a 10 out of 10.

I would advise potential users to familiarize themselves with the basics of the solution; how to set up an account, how to use the app etc. It's always a good idea to have a clear reason for using a particular solution, how it functions, and what role it fulfills.

We are using it for authentication. We are using GPOs for user and computer policies.

The central authentication server is most valuable. GPOs are useful for user and computer policies.

Its price should be improved. It is very expensive for Turkish people.

We have been using Azure Active Directory for about six months. This is a new company, and we started to use new IT solutions. We bought a lot of IT solutions, equipment, and tools. 

It is stable. 

At the end of the project, about 1,200 people will use this solution. We don't have any plans to increase its usage.

We didn't use Microsoft's support. We have mostly Turkish or local solution partners for any help. 

I didn't use any other solution.

It was not easy. It was also not difficult. It took about a month.

We used a solution partner for its deployment. For maintenance, we would have about 10 engineers for 1,200 people.

It is very expensive. Its price should be lower. Price is the most important factor for Turkish people. 

This is the best solution for authorization. I would rate it a nine out of 10.