Microsoft Entra ID Reviews

Most of my customers use Active Directory Premium for condition and access scenarios that they need to comply with my conditions to access my resources. They also build new environments, virtual machines, and some other products like SQL on the infrastructure as a service. There are some customers that use Microsoft Intune, which is mobile device management. Microsoft Intune is a cloud.

The most valuable feature is that it is very easy to implement, you don't need a lot of effort to set up the solution. This is the most advantageous point, that you can do anything on Azure without taking too much time.

Microsoft has a feedback page, in which if anyone has any suggestions or feedback, you can send them to them. They have all of the technical resources available on the internet, on their website. In case you need the support, you can easily open a ticket with them because you already have a subscription and you are eligible to open a ticket.

I've been working with Active Directory for twelve years. I have experience with Microsoft Active Directory Virtualization like Hyper-V systems in the family for Microsoft. So, this is a 12-year journey, it has been 12 years of experience with this product.

It's currently on-premise but because of COVID, a lot of our clients are moving to the cloud. 

I have contacted technical support many times for the cloud. They are good. But for on-prem, they have recently started becoming delayed. Maybe the technical resources are not very good. I know Microsoft, they are focusing on the cloud solutions more than the on-premise solutions. The support for on-premises has become not as at previous times. But for cloud solutions, they are good.

The initial setup complexity is based on the scenario. If it's infrastructure as a service where you are building VMs, it could take you one day to complete your setup for virtual machines. 

Whether or not I would recommend this solution, would depend on the users' needs. If their use cases fit what Microsoft provides, then I would recommend it. 

I would rate it an eight out of ten. The price plays a factor in the rating. Customers are not oriented with a cloud solution, they move forward very slowly towards the cloud, because maybe in my country big sectors, like the banking sectors, don't deal with the cloud. So customers see this and don't want to use the cloud either. They fear for their security and privacy. Although Microsoft assures that they protect their customer's data and privacy.

The primary use case of this solution is single sign-on, and if a company is going to use Azure AD, a lot of what they are looking for is to manage those sign-ins and logins and have a single place for it to be.

I've been in the Azure space since it started out and in the Microsoft Cloud AD since the BPOS days in the early 2000s, and it's just a product that made life simpler for my clients to be able to integrate everything.

The self-password reset if its enabled and configured properly, really helps a company be able to reset rather than getting IT involved. 

Additionally, the capability of adding that single sign-on for other pieces that you might want to run through Azure Active Directory, such as Office 365 or Salesforce or any number of different third party authentications that you need can be done through Azure Directory Premium.

One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece.

Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.

Three to five years.

My impressions of the stability of the product are that it is a pretty good product. I have seen one outage in the last three years, where it just would not work. It only lasted an hour. It was a pretty big deal, but other than that it has been very dependable.

It scales really easy. It's just adding more scales. It is eally easily as far as number of users are concerned, if you're talking about scaling into other apps or other things that you have. Again, there's a configuration curve there. But, if you're scaling applications or services, then there can be a little more difficulty in that.

It's hit or miss. I've had more success in the last probably eight months than I had prior to that. If there's one downfall to their tech support, it's too compartmentalized. So if you're talking AD Premium, and again, with all of the different pieces to it. If you have a single sign-on issue, you might get a different technician than you would get for a joining a VM to Azure AD or whatever. They compartmentalize their tech support, and I will say to myself, "Well, just give me a guy that knows what's going on." But, then they get very compartmentalized in their tech support. They have to bring somebody else in, or have to research or do whatever. So, that's the one criticism that I have. Response has been excellent. They get you well within their SOAs, depending on what you've got paid for tech support.

It's pretty straightforward depending on what your needs are.

Licensing is easy.

The biggest piece of advice is if you're planning for all applications that need authentication, and making sure that all applications that need authentication or that you're going against, that you're using the premium parts of Active Directory for, are compliant with the solution and not finding out afterwards.

We are using Microsoft Entra ID for Microsoft services and cloud services such as email and Teams.

We have seen benefits like user authentication and multifactor authentication, which are advantageous for us.

The most valuable feature is the ability to authenticate users using Microsoft Entra ID.

I would like to see some additional attributes for user objects in Microsoft Entra, especially for tasks such as users and account validation, including guest users and guest accounts.

I have been using the solution for approximately three years.

We experienced some performance issues with the solution.

Technical support experiences can vary. Sometimes the support is good, and sometimes it requires escalation of the problem. Usually, we have a good experience. I would rate their technical support seven out of ten.

Neutral

We did not have any similar solutions before Microsoft Entra ID.

Starting to work with it was straightforward, and the deployment process was okay.

I am not aware of the details regarding the implementation strategy as I need to ask our security engineers.

I'd rate the solution nine out of ten.

I set up Azure Active Directory for many customers of the company I work for. I'm an implementer. It is the basis of identity and access for all the tenants we are using for our customers.

Microsoft Entra helps our clients save a lot of time, especially with the many automation processes that we can leverage to facilitate our work. The amount of time saved depends on the customer's needs. In general, on average I would estimate it saves them 40 percent in terms of time. But in some cases, it could be up to 70 percent.

It also helps them save money because they can work with fewer employees, or they don't have to hire more employees to do tasks that can be automated.

Another benefit is that it provides satisfaction at the administration level. On the user level, the ease of use makes it easy to understand without any limitations.

And it provides quite a good level of security for all users.

All the features of the solution are helpful. Among them, one of the most important is the Conditional Access. It helps affect a Zero Trust strategy positively.

Also, I use Entra Permission Management to distribute the roles among all users according to management requests. Microsoft provides reports for visibility and all kinds of controls where you can see the users and their access. Permission Management helps reduce the risk surface when it comes to identity permissions. It supports adaptive controls and that helps me in defining the right controls for users.

I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better.

I have been using Azure Active Directory for about three years.

It's stable. I haven't experienced any downtime or breakdowns with the product.

It's scalable.

I'm satisfied with their support. 

Neutral

It's easy to set up. 

The amount of time needed to set up Azure Active Directory depends on each customer's use case. It will take at least three to four hours for a small organization, and in that scenario you wouldn't need more than one person to set it up. For larger organizations, it may take a week and we would need two to three persons.

Our customers are looking for advanced features and processes for it to be cost-effective for their organizations. They see it as an overpriced product. They are enjoying using Azure Active Directory, but they are looking for better prices.

Just follow the book.

When a customer is trying to synchronize user information from their on-premises environment to the cloud, they might be encountering a series of errors or they may not be able to achieve what they are trying to achieve. They will raise a ticket so that somebody can help resolve the problem or clarify the situation and explain what the workflow should be like. That's where I often come in.

My support scope is focused on the synchronization aspect of Azure Active Directory. My specialty covers scenarios where customers have information in their on-premises environment and they want to synchronize their Active Directory information into the cloud with Azure Active Directory.

In addition to getting on calls and assisting customers to resolve issues, we also try to help educate customers on how to achieve the best results with Microsoft products.

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. 

The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.

I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

I've been using the Azure Active Directory platform for a little over three years. I started supporting the product in October of 2018.

Our company is a Microsoft partner. When Microsoft customers raise tickets, most of these tickets get routed to partners like us. I follow up on and assist customers when they have issues that relate to my area of expertise.

Azure AD is solid because of the way the product is designed and because the people who support it are very good.

Microsoft is a very big organization. Whenever they put products on the market, they take things like scalability into consideration. They make sure the life cycle of the product matches the demands and the usage of customers. This product should have a long life in the market.

Microsoft technical support is great. Fantastic. Microsoft is looking to push the capabilities of its products, to enable customers to achieve more.

In general, there has been improvement in the way the technology can be used by end-users. Their feedback has been taken into consideration and that has helped a great deal.

Azure AD has features that have been developed purely for the security of users. It has things like Conditional Access policies and MFA. But the nature of the support that I provide in Azure AD doesn't focus on security. While Azure AD gives a company a holistic way to manage user profiles, I don't usually work on security aspects. But I do know that, to a large extent, the solution is built using the latest security.

The provisioning service I support has authentication methods. There has been a push by Microsoft to move customers away from certain authentication mechanisms that are not very strong in terms of security, and to make sure that secure standards are being enforced. I have looked at integrations set up by customers where they have only done the basic minimum in terms of security. Microsoft had to push those customers towards a much more secure setup. So customers are getting better security.

Overall, the effect of the product on my customers' experience has been good. I generally come into the picture when customers are having an issue. Most customers I've interacted with don't understand some information or why the product is designed the way it is. When I explain that it has to be this way so that they can do what they need to do, the customer feedback comes in at about an eight out of 10.

We're using Azure Active Directory for MFA.

It is very usable and easy to use.

It is easy to manage. I can manage systems with policies and automate our systems. Any professional system can be easily integrated with Azure Active Directory. It is widely used with Windows versions. 

Four years ago, we had an issue with Azure AD. We wanted to reverse sync from Azure AD to on-prem Active Directory, but we couldn't achieve this. Azure AD could connect only in one way, for example, from your site to Azure. If you needed to do the reverse and connect from Azure to on-prem, there was no way to achieve it. We asked Microsoft, and they told us that they don't support it.

Their support should be faster and more knowledgeable and customer-friendly.

I have been using this solution for maybe four years.

It is very stable.

It is very scalable. I don't know about the number of users that we have currently, but at the time I managed its synchronization, there were maybe 800 users. 

We're not satisfied with their support. We couldn't get support from Microsoft directly, and we made an agreement with a company. We weren't satisfied with their support. They were very slow and not friendly. They couldn't solve our problems because our program was very complex.

I didn't use any other solution. I only use Active Directory and Azure AD.

I installed hybrid Exchange. It was very easy for us. Its installation took a very short time. There was a connector system on Exchange, and we just had to set up the connection. It was very easy.

I installed it myself.  

Its maintenance is very cheap and easy. We have only two engineers to manage Azure AD and Azure Exchange.

We have an agreement with Microsoft, and my company pays yearly.

It is a very good product. I plan to keep using it because it is very easy to manage.

If you use an application in Azure and you want single sign-on for Azure products, you should prefer using Azure AD. You should synchronize your on-premise Active Directory to Azure AD. We synchronized Active Directory with Azure AD for single sign-on. For example, if a worker wants to sign in on your computer with the same user ID and password, he or she can connect to Azure services. Azure AD provides support for this.

I would rate Azure Active Directory a nine out of 10. 

We use it to have better security and better control over PCs and clients.

The ability to see and control PCs and mobile devices is the most valuable. I can see where they are and how many we have. I can also see the age and retention of PCs.

The only issue with Azure AD is that it doesn't have control over the wifi network. You have to do something more to have a secure wifi network. To have it working, you need an active directory server on-premises to take care of the networks.

I have been using Microsoft products for a really long time. I have been using cloud solutions for a couple of years.

It is stable and working for us.

They don't give support to the end users in Sweden. We always have to go to a reseller, which is a bad thing.

The initial setup was straightforward.

We didn't do it ourselves. A company did it for us.

We are a non-profit organization, so we get good prices from Microsoft for their products. It is working well, but it could be cheaper. For the type of organization we are, it would be good if they could give a little bit more and be more generous like Google, which has completely free services. Microsoft has free versions or web services called Office 365 E1, which is free for use, but we want to have it with more qualified clients.

I would advise getting some help from professionals to implement it. You have to implement it in a very planned way with a very detailed roadmap.

I would rate Microsoft Azure Active Directory Premium an eight out of ten. It is quite good, and we are quite pleased with this solution.

This product manages access for our compute space that includes Office 365, Salesforce, and other solutions.

The most valuable features are the B2B connector and the external identity connection functionality. These are helpful.

User group management works well.

The interface is well laid out and it is easy to navigate. You can get to things quickly and it works.

The portal allows you to create reports, which is a nice feature.

My only pain point in this solution is creating group membership for devices. This is something that could be improved. Essentially, I want to be able to create collection groups, or organizational units and include devices in there. I should be able to add them in the same way that we can add users.

We want to be able to create members as devices in groups, without having to leverage a dynamic group membership with queries. I want to be able to just pick machines, create a group, and add them.

We have been using Active Directory Premium for four years.

This is a stable product.

I have only used technical support on one occasion and I found it to be pretty good.

The initial setup is straightforward.

I have not used this product to its full extent but from what I have used, I find that it works well.

My advice for anybody who is implementing AD Premium is to understand what it is that they're going to use and how they're going to manage identity. I suggest doing a lot more in terms of identity governance.

I would rate this solution a nine out of ten.