Microsoft Entra ID Reviews

We use Azure AD to implement Conditional Access policies and privileged access management.

There are plenty of benefits. First, as we had Microsoft AD on-premises, it was very easy to configure Azure AD. We are using the password hash sync for authentication, so authentication on the cloud is very seamless when users use applications on the cloud. That is very important.

Also, with the help of sign-in logs, we are getting information about every application, such as where a user is trying to log in and from which device, making things very crystal clear. We only get this type of transparency and accuracy only from Azure AD.

We use the Conditional Access feature to fine-tune access. We implement a lot of access policies. For example, we want to get rid of client machines with Windows XP and some legacy applications, so we created access policies to prevent logins from those devices and those applications. We have also created policies to prevent logins from certain areas around the world. These abilities are very helpful in preventing phishing and scams.

In addition, there are so many tasks and activities that are automated in Azure AD. For example, we have enabled the password reset self-service so that users can reset a password themselves and log in to their accounts. That is one way it saves time for our help desk team. It no longer requires the help desk. From an administrative perspective, it's very convenient for us to manage and maintain the users of the organization. Azure AD is saving us 10 to 12 hours per week, and that's for just one person who would otherwise be responsible for resetting passwords.

The solution has also prevented so many potential cyber attacks, and that has saved us money. And by saving man-hours, we have saved money. Thirdly, we have been able to reduce manpower. I would estimate it has saved us 20 percent in terms of costs.

Another benefit is that, from a user perspective, it is very smooth and easy to sign in to all the Microsoft applications with the Azure AD sign-in. The UI is very intuitive for Microsoft accounts, so it's very easy for them to log in. We also have single sign-on enabled for desktops, so whenever a user signs in to an application on their machine, they don't need to sign in again and again. With the help of the same token, all other applications can be opened easily.

Two very important features in terms of security are governance and compliance through the Conditional Access policies and Azure Log Analytics.

Also, Azure AD provides a single pane of glass for managing user access.

I mainly work with the Microsoft Security portal so I can get access and privileges to maintain all the security policies, including Conditional Access policies and privilege access management for just-in-time access, as well as Azure AD sign-in logs. These factors are very important.

When it comes to managing identity, we have E5 licenses. We are using every application from Office 365, so it is very easy for us to manage identity with the help of all those applications. We are also using third-party applications that are integrated with Azure AD and that makes access management easy.

From an admin perspective, I would like to see improvement in the Microsoft Graph API.

I have been using Azure Active Directory for six to seven years.

There are some bugs that we find monthly or quarterly, but all the bugs are fixed by Microsoft.

It is scalable.

We have it deployed in Europe and there are about 15,000 users.

I received good technical support when syncing on-premises users to Azure AD. It was very smooth. But for help with Conditional Access, I got poor support.

Neutral

We had on-premises AD and then we introduced Azure AD. We synced all the users from on-premises to Azure AD. Then, with Office 365, we installed Exchange Online and Teams. For single sign-on we have ADFS [Active Directory Federation Services] on-premises, but now we are migrating our applications to Azure AD SSO for single sign-on.

The initial deployment was very straightforward. It only took a day to deploy. The plan was first to get information about our on-premises Active Directory users, computers, and groups, and then we had to determine how many licenses and which types of licenses we needed for those. We also had to think about which type of authentication method we were going to use.

Our deployment involved three to four people.

Maintenance is just checking for updates.

Personally, I feel Microsoft is very costly compared to other products. That is also what management is thinking. But when we consider security and support, Microsoft is better than any other product. It is somehow justified, but I feel it is costly.

I have worked with Okta but for single sign-on only. It does not provide all the features or meet all our demands.

If you want secure data and secure identities, go for Microsoft Azure AD.

We had the need to integrate the solution that we had on-premise and the email-based identities, so we looked for a solution from the same provider that could establish us and provide a synchronized identity (what we know today as SSO) in our resources and thus be able to log in with the same identities we had on-premise and in the cloud. 

We wanted to take advantage of that synchronized identity quickly, simply, and safely. It was important to understand that users today want to have a single password for all resources, be they applications, or devices, in order to help them so that they are not constantly learning different credentials and can thus be faster and more efficient when establishing a single login.

It has given us the ability to be able to establish single sign-on identities in which we can establish credentials no matter where we are, whether it is on-premises or in the cloud, in a hybrid cloud, or in an additional connection from another cloud where we share equipment or host. 

Additionally, we enabled more protection functions so that it is well protected even though it is a single credential for each environment and established for any environment it could be safely protected.

Its most outstanding feature is the ability to integrate, segment, establish, add and configure an identity for multiple domains in different regions, locations, or types of clouds. It is one of the hybrid solutions that can be used the most to establish an entity configuration in multiple environments. It is a tool that has given us the ability to establish identity security issues to share and perimeter segment the security of an organization, a domain, and multiple clouds in a fast, simple, and well-established way, which has allowed us to be more efficient.

I want to see new functionalities for the active directory. I would like to be able to establish that when you log into computers locally, it is installed on a laptop and you can enable the MFA feature that is currently not available for local computers or Windows on-or off-premise - thus being one of the characteristics that can give greater added value to information security issues. 

If this feature was available on computers, it would help us in the future to avoid security breaches, information loss, or data backup vulnerabilities. In many cases, this could generate a complication. However, we always want to innovate, and the Innovation part is always to ensure that any place, device, or management that we are going to establish at the computational level is 100% secure.

We've used the solution for one year and two months.

Identity verification would be the number one use case. It also factors into mobile device management for devices that aren't registered to the company. We use MFA, and the Authenticator app is a component for multifactor authentication. So, that's why we use it.

You can set policies to specify where users will have to use the Authenticator app to log into particular applications. 

It makes all junior users accountable. There is no excuse for someone else logging into anything because of the multifactor authentication and Authenticator app. You have to verify your identity to log in to specific applications that contain confidential information, especially in a HIPAA-compliant environment.

It enhances security, especially for unregistered devices. It 1000% has security features that help to improve our security posture. It could be irritating at times, but improving the security posture is exactly what the Authenticator app does.

For the end users, it can be confusing if they have worked for another company that had the Authenticator app. It is tricky if they have already had the Authenticator app and then work somewhere else. If they have to download it again and use it again on their phone, it is something that gets complicated. I know how to get through it. They just need to uninstall and reinstall the application, but for them, sometimes, it is confusing. You can have the Authenticator app for multiple services on your phone, and that's what drives them crazy. They get a code and say "I'm using the code for the Authenticator app, but I can't get in." I tell them that it is because they already had it in, but it is for something else. They now have to add. They don't like that at all. You could be on the phone for 45 minutes trying to figure out what their problem is because they don't.

Instead of authenticating by getting a passcode or answering the phone, fingerprint identification should be added to the Authenticator app. Currently, with the Authenticator app, you have to reply to the email, enter a code, or answer the phone. It can just call my phone and then I just press the button to verify that this is me.

I have been using this solution for at least six years. 

It is very stable. If the Authenticator app is set up, you're not going to get into anything without it. It definitely works.

I'm not aware of any bugs or glitches. We usually run updates for the whole environment at a time. I'm not familiar with having run into specific bugs with the Authenticator app. I haven't had any problems over the years.

I've managed over a hundred thousand users in total, but right now, there are about 10,000 users. We are HIPAA compliant. So, everybody has to use it for everything. They have to use it to log into everything under the Office 365 environment, but in other companies or other places where I worked, it was only for specific applications. So, that's based on company needs.

I never had to call technical support for this.

We were using normal MFA, which is similar. The Authenticator app is for mobile devices per se, but normal multifactor authentication doesn't have to focus on mobile devices. You can try and log in to, for example, SharePoint Online, and if MFA is activated, you would have to just scroll to your email and click, "Hey. Yeah, this is me." The Authenticator app is just for mobile devices in my eyes.

It is straightforward for the admins, but end users hate it. On the admin side, it takes 20 minutes at the most.

The Authenticator app wants you to have all your prerequisites designed for whatever environment you want. If you're going through Azure, you can pick the particular applications on which you want this. You can also pick the users for whom you want it to be effective. You can pick the type of ways they authenticate through the Authenticator app. Those are the simple steps.

One person is enough for its deployment and maintenance. I do that. That's not even a role. It depends on who you are, but that's not a role. That's not something for which I would employ a person. I wouldn't employ an IT person or an administrator just to focus on this.

I don't pay for it. Going by how I feel, I see the prices for any MFA solution going down because the more different alternatives there are, the cheaper things should be. Microsoft Authenticator app would be the preferred application, but there are too many ways to implement MFA. I don't know how much it cost, but the price should go down.

It is pretty seamless for the end users, besides the end users having an issue setting up at times.

It is a seamless transition. It is straightforward on the admin side to set up. As a consultant, my advice to any company is that when it comes to big changes, manage end-user pain or frustration. Communicate with the end users and let them know what's going to happen. Explain to them that they're going to be frustrated, but explain why this exists. 

I understand why it exists. So, it doesn't bother me, but our end users just hate it. I understand that they don't like it. Nobody likes it, but it is needed. You are never going to meet an end user who likes any type of MFA, but you need to be more clear about its purpose.

I would rate it an eight out of ten.

The primary use case is collaboration. So it's all about federation of identity and permissions.

Identity is one of those things that you need to be separate from your actual tenant. There's a benefit for it being separated from your actual tenant for reasons of security and containerization. 

It's very easy to run and it's part of their ecosystem and I don't think it's going anywhere anytime soon.

Back in '96, '97, '98, nobody was doing intake. So that was a new thing that came in 2000. And it created the container based inherited permissions, which was new for that stage. Before that it was very static, there wasn't inheritance, there wasn't assertions. Then they introduced that and they've slowly built it, and then it just got too big and old, and really the database that MT's on is just vulnerable to all these attacks. And that's primarily why they want people to get off it. There's about four or five open attacks that make it very easy to both intercept the credential requests, and also attack the database itself.

The ability to speed up delivery is a nice benefit, because rather than having external dependencies there's a certain guarantee that if you use anything within that technology platform. Whether it's full of applications, or various other things, there havee already been regression tests by the vendor. And you don't see the same defects that you get when you have integrated systems.

The fact that it's an ecosystem in itself is probably the best one. It fits into the whole Microsoft stack. Everything this year is all about stacks, and I tend to agree. The inter-operability  and complexity of things these days is just too big. These things change too much. So you don't really want to be stuck between three technology stacks that are changing. If there's a defect, you won't know which one it's in. Trying to hold the service provider to account is quite hard. I'd probably say, yeah, stay with the stack if you can.

I guess price would be the thing, and some of the proprietary lock-in. But, I guess documentation and support would be good.

The features are fine. I wouldn't suggest any features because you can keep adding to it. But, its simplicity is that it works under its own ecosystem. It's nice and reliable. If you start adding all these extra things to it, it'll probably cause complications with some of the legacy things that are still slowly just hanging onto them. But, to look at more documentation, engineering, or an open standard would be nice.

It's like any technology. It appears that if it did have stability problems they don't really exist anymore in the same way. It's like any introductory development technology. Because its identity, it has to be perfect. It is either secure, or it's not, and unfortunately there's a million ways for things to go wrong and there's only one way for things to go right when there's no give. You do see a lot of issues with it at the beginning.

It is mathematical. So, it's like most things. Took a while to get the XAML certificates and all that sort of stuff working. But,now it's a very common thing. You get a session certificate on your phone when you're doing things. When you join a session on your browser on your mobile phone. It's just very common things now.

I'd say there's about 5,600 users of this solution in our organization.

There are set rules. But, it's a security mechanism. If you try and get your swipe card pass for your office, and then you try and integrate it with one across the road, they're literally being designed not to integrate with each other by design. This is because if you want it secure, you don't want to have it integrate. The same thing works with changing the posture of something after you've initiated it. Expect this sort of behavior.

The tech support is OK. I'm talking more about the engineering structure of it. As I said, you can understand why security things have a tendency to not document it, because it's one of those things. Do you want more people to review it and make it harder, or do you want to covet it and reduce the exposure of it?  It's catch 22. You're damned if you do, damned if you don't. Doesn't matter which way you go.

We have prior experiene with Novell. 

It's easy in its essence, but part of the ease is like anything that seems easy is generally complex when you try and fix it because you've skipped over so many configurations. It's like a wizard that you go, "Yep, it's done." And then it breaks, and you say to yourself, "Oh, hang on, I clicked one button. How could I have done that differently?" It's a lot more stable than it used to be. They've got into a maturity plateau where they're not developing it anymore within for reasons of functionality and the product doesn't really break much.

There's no such thing as a "free lunch." If you'd save money here, it costs money there. If you pay more upfront, you pay less when you get off. The market equals itself out, like a free market. So, it generally does. It's more about convenience at the end of the day.

As a user, I'm not an owner of the tech, so as a consumer, even if I am a specialist, I still don't own the technology. I just want to lease it, subscribe it and make sure that the owners of it are able to meet the facilities of it in its life-cycle.

There's a couple of other options on the market like Okta, and a few things like that. They're quite simple, and because they're separate from the whole Microsoft ecosystem, they do have some benefits in that they're completely focused on only that product and only that requirement. With Microsoft, they're like an octopus. They have so many different requirements and priorities that sometimes they don't invest all their energy into the products that you have expectations to investigate.

Last year Microsoft had said that the onsite Active Directory ,as we know it, is going to be deprecated. So that means group policy, that means security groups, the NTLM and all that  we've relied on for so long is going to come to an end with this modern management philosophy. That's why I did those group policy changes. From group policy, which is essentially the ability to control the operating environments of managed devices, rather than that, Microsoft wants only a mobile device management policy. So it's pretty much a HTTPS or SSL assertion to manage devices off the domain, and they will all come from Intune.

So, they're not going to be managed by a set of static policies. They're going to be set by a whole heap of compliances. Does that make more sense? It's not conforming. It's when you assert yourself, and us for a particular requirement from the domain. They check your requirements per request, which takes the load off the environment quite a bit. So they only validate you when you ask.

It's a lot easier to get an engineer to understand the Microsoft stack then some esoteric random "Joe." There's just are not enough people in the field.

You're better off creating a pilot tenant on your own. You can set up one that's free using one of their 30 day trials, and while you're doing that try and make it as realistic as you can to the environment you're coming from. Make sure that it is true in terms of network, commissuib and integration. If you're going to use a MDN for mobile device management, or you're going to use applications for the federated sign-ons. Try and get as much as you can in it. You've got 30 days and they're quite liberal with allowing you to trial it.

Most of the capabilities are there internally. You can't expose external DNS names or anything and use it as an external platform, but internally you can. So spin up a VM or something internally and do the same things you would. I'd dare say: test it and prove it. You've got to prove it to yourself before anybody. I wouldn't trust anything from a brochure or anything else. Your reputation's on the line. You're doing something important for someone else and you've got to verify it yourself and put it through the paces. Spend enough time doing proof of concepts and pilots.

It's a very good solution.  You can manage your entity's enterprise identity using Azure Active Directory, and again, you can do several administrative activities. You can also use your Power Shares sorting and interfacing the endpoint.

It helps us with maintaining enterprise identities and integrating enterprise in those applications are some of the assignments.

We do have an expanded feature. We have captured video, so that other people can get their hands on getting used to it. That is, they can get used to the platform and implement it from the beginning.

We find the Integration accessory integration the most valuable feature. You can have your application integrated with an actual directory. You don't need to do much code, you can use interfaces and it's a direct integration. So, no need to worry about the requirements of your application.

The licensing cost is a bit prohibitive.

Less than one year.

I have not encountered any issues of stability with the product.

It scales as far as it depends on the contract. So, it is useful, with plenty of management capabilities. It is pretty flexible, scaling, you can scale in or out as per your requirements.

I have not contacted tech support.

It is a very straightforward implementation, and you pay as you go. It depends on your number of users, number of applications integrated, and how you prepare your topologies (the arrangements of the network). So, it is pretty much flexible. You can custom tailor it as per your business and target , business implementation and requirement. 

I have some prior experience with Oracle Unified Directory, as well. It is a less compliant directory service. 

In comparison, Azure Active Directory is mostly used with tighter integration. In most of the cases, enterprises are using Office 365 for the communication site online. If you have a requirement like integration with Office 365, then Azure Active Directory is a perfect solution. If you want to integrate other applications or workstations, you can use any compliant directory that works.

We primarily use this solution for tracking authentication.

The quantum we are using is probably the authentication The security-based factor of authentication.

The most valuable feature is the factor identification. I find that it is natural integration, and it is just a natural step. I do not need to do anything else.

I think there is room for improvement with actually discussing, and advertising Microsoft as a an authenticator. Many people just get confused and use Google. It's weird because it's exactly the same way that it works. But it's there, it's definite region to start the people is more used to use their the Google authenticator instead of the Microsoft authentication. I think if Microsoft would make more of an effort to penetrate the market, that would be key.

In addition, it would be nice to have a biometric authentication like voice ID, or any of your medical ID. This would be a nice additional feature for Azure to have.

We experienced the aset surge that happened a month or so ago. There was a storm that broke one of the data centers in south-central. The functionality of active directive for Microsoft support was in shortage.  It took a day to return back to functional use.

The solution is scalable for our needs.

I have not needed to request technical support. All of the Microsoft guides are really good and are very helpful.

I know more about Microsoft than any other technology, that's why I didn't look for any other competitors.

It was a very straightforward initial setup. To be honest, we are a pretty small company so for us it's one portal and everything is there. It's not that complicated.

I like it, I love it and it works fine.

The active directory on Microsoft Azure is similar to the corresponding system for an on-premise active directory.

I have no issues with Azure Active Directory.

Our users and clients are migrating from on-premises solutions to cloud-based solutions. As a result, they do not require on-premise service. 

What I like is that I can go anywhere, at any time, and to any client premise, and I can simply log in to the admin panel and can serve any of my clients.

Instead of using Team Viewer, you connect to their local service, which is centralized. I have got the Microsoft exchange, and have access to Microsoft Azure. I can check the workstations, and perhaps soon I will be using Microsoft Intune and the Microsoft Defender enterprise. Even if I am not on the premises, I will be able to check and secure my workstations.

I don't have any major problems. I don't use it in a way that requires a lot of resources.

The main issue is that because Active Directory is in the cloud, it will inevitably be dependent on internet connectivity.

It would be beneficial if Microsoft could make it lighter so that it requires fewer resources.

Better pricing will help us market it more than having it on-premises.

Azure Active Directory was implemented one year ago.

For the time being it has been stable. I have a small number of clients, and no hybrid system. We chose those clients with a maximum of twenty users. We don't want large clients so that we can implement one system in one location, and roll it out the same way to all of the clients.

In total, I have 10 clients, five of those are now users of Azure Active Directory.

By the end of the year, we hope to have all of our clients using Microsoft Azure.

New clients are immediately placed on Microsoft Azure.

The Microsoft team in Mauritius has been extremely helpful in implementing systems and resolving issues. We have small clients who have not been faced with many issues.

We deploy the M365 business premium services and a couple of months ago we started to implement 365 Defender. It is a cloud-based solution.

We're new to it. For the time being, we are only using the antivirus component. We haven't used Intune yet. We are not using the entire package. We are only now going to put such solutions into action.

Microsoft Azure was implemented a year ago, and is only used for the creation of users and emails, group emails, and shared boxes, but my clients are mostly lawyers. So, the primary uses are online email exchange and word processing.

We are trying to implement Microsoft Azure more and more.

Azure is the central point. Microsoft Azure is replacing my on-premises service.

The installation is rather straightforward.

We had some assistance from the local Microsoft team.

Licensing fees are paid on a monthly basis.

When I calculated the price, it appeared to be nearly the same as the on-premise server. 

Better pricing would attract customers to use the cloud.

We haven't had to deal with any major recovery issues.

We have had Excel and Word files that were simply recoverable. We backup the server, but nothing more serious than that.

We are Microsoft centric solution providers.

We have very small clients, companies with 20 to 30 users of Excel, Word, and the internet. We deploy Microsoft 365 platforms, not much in the way of large software applications.

I would recommend this solution to others, and I am already promoting it. 

I am suggesting that all of my clients migrate from on-premise active directory to a Microsoft view because, with the current COVID, many of our users work from home. I just wanted to point out that almost all of our users work from home. They are currently working on the roaster. Half of the company works from home, while the other half works on-site. Having active and SharePoint, is really assisting them in working from home.

I would rate Azure Active Directory a nine out of ten.

We are using it for authentication. We are using GPOs for user and computer policies.

The central authentication server is most valuable. GPOs are useful for user and computer policies.

Its price should be improved. It is very expensive for Turkish people.

We have been using Azure Active Directory for about six months. This is a new company, and we started to use new IT solutions. We bought a lot of IT solutions, equipment, and tools. 

It is stable. 

At the end of the project, about 1,200 people will use this solution. We don't have any plans to increase its usage.

We didn't use Microsoft's support. We have mostly Turkish or local solution partners for any help. 

I didn't use any other solution.

It was not easy. It was also not difficult. It took about a month.

We used a solution partner for its deployment. For maintenance, we would have about 10 engineers for 1,200 people.

It is very expensive. Its price should be lower. Price is the most important factor for Turkish people. 

This is the best solution for authorization. I would rate it a nine out of 10.