Microsoft Entra ID Reviews

We have an Azure active directory and we also have our own on-prem AD instances.

We basically use the solution for user management, group management, policy management.

The portal version of the Azure active directory is pretty robust.

The solution is very good for different types of management, including, user, group and policy management requirements.

The integration between the Azure active directory and the traditional active directory could be improved upon. We have two active directories that are installed on virtual machines, which are traditional active directories. The interactions between the two are very limited. For example, I could modify users in our own private instances of AD, however, they won't propagate up to the Azure active directory and vice versa. For us, the integrations are the biggie between the on-prem or the self-hosted AD versus Azure AD.

The traditional AD instances that we maintain have UIs that are very archaic and monolithic and very difficult to navigate. They should update the UI to make it easier to navigate and make it overall more modern.

We've been using the solution for a while. We are actively using it now.

We're using the latest version of the solution at this time.

In general, I would rate this solution at an eight out of ten.

If there were better integration capabilities between active directories, I would likely rate this product higher.

I am using this product for user authentication.

I think the documentation and configuration are both areas that need improvement. 

The product changes and gets updated, but the documentation doesn't keep pace.

The initial setup could be simplified.

I would like to see a better UI tool.

The company has been using this solution for approximately four years.

We are using the latest version.

It's a stable solution. We have not experienced any issues.

Microsoft Azure Active Directory Premium is a scalable solution. It scales very well.

We all use this solution daily. We are a team of five the company.

The most valuable feature is the ease of scalability.

The initial setup is fairly complex.

We are a smaller company and it only took us two days to deploy.

We did not use an integrator, we used in-house knowledge.

If you are familiar with Microsoft, this is the product to use.

I would rate Microsoft Azure Active Directory Premium an eight out of ten.

We need it for running MSA protection for most of the users. We need Azure AD Connect because they are highly on primary setup, so they need to sync on primary with Azure AD.

From the beginning when I joined the company, they were already using Azure AD Premium. The most wanted features would be the synchronization between the Windows AD, Azure AD, because there are so many capabilities that just because we can't sync their own from Azure AD.

The most beneficial feature would be the effectiveness of having a hybrid set-up. When we need to create an account, we create it in Auto Activator 3. Even though the users are created and managed in Windows really, we can use all the benefits of the cloud, as well.

Right now I can't point out a particular feature, but sometimes when we work, it evolves.  There are so many features that are out recently, so it'd be hard to set up MSA for obvious remote users, so users who are using Azure are hard to use it remotely. So, while we're setting that up, we have face of issues which show the limitations of Azure.

Initially, we wanted to exclude specific users from MSA. So, we had a condition policy, which forces MSA for all the users. So we wanted to exclude users who are using an NPS extension.  So it was not listed, as a NPS extension was not listed outside an application, in actual, so, we go back and were not able to exclude users using NPS extension from MSA. So that was one limitation that we found and we had to work around that.

We noticed recent additions on display that have been in recent updates. On the board, there are some features that still need help. 

The stability is pretty good. Earlier, there were freezes here and there. But, we overcame it. What w have now is stable, but they are trying to include more features.

We have almost 500 users. So, it is pretty easy. They are including more features, which enhances onboarding and decommissioning users. From an actual perspective, it's pretty easy to scale.

Tech support has its up and downs. So, sometimes it will take one week, and other times two weeks to resolve a case. Sometimes they have to respond fast, and they do so. It is not consistent.

It's really affordable. It does not feel as if it is too costly. It's okay to spend this money for this product or feature. Yeah, I think it's affordable.

If you have connections with a PSP partner, it will be easy, I guess. If you're buying an Azure AD Premium independently, you won't have a helping hand from them. You'll have support  but, not much other than that. With a PSP partner, you will feel like that you can implement or you can quadrate.

Once Azure is developed, and fully established, it will be a perfect product. It is still in the development stage at present. 

We use this solution to extend on-premises Active Directory to the cloud.

This solution will support the expansion of services and servers into the cloud.

This solution serves as the basis to understand the MS SSO and MFA capabilities.

The SSO MyApps interface is very basic and needs better customization capabilities.

I rely on Microsoft Entra ID for syncing customers' on-premises Active Directory to the Microsoft 365 stack. I also use it for managing multi-factor authentication and other enterprise applications for our customers.

Microsoft is at the core of any customer I work with. Microsoft is the core of their identity, communication, and business applications. Microsoft acts as a one-stop shop for calling, meetings, collaboration, AI, and business applications like Dynamics 365 and Outlook. Many services are bundled, providing potential cost savings for organizations.

Conditional access is an additional feature of Entra ID. It allows organizations to say that these devices are allowed to connect without MFA or with MFA and meet certain compliance standards based on what is set in Intune. There are a lot of things that can prevent devices from connecting to your environment unless certain conditions are met. That is a big thing around the security of Entra ID.

It helps allow devices regardless of having an active VPN connection. You can enable your remote employees to access corporate resources without having massive security walls. It not only allows those devices to connect to the network seamlessly, it also allows them to connect securely. It is not that they have unfettered access to your network. You are securing things down where they are only allowed access to certain resources.

The implementation of device-bound passkeys in Microsoft Authenticator helps with phishing-resistant authentication. It helps ensure that every employee that you have is actually that person. It ensures that they are entering the PIN from their phone via the Microsoft Authenticator app and they are who they are. Even if their password is compromised, you still have another level of security for device access. It is not just access to a phone. They have to have pass lock screen access and access to the Microsoft Authenticator app to approve those notifications and type in that secondary code. Requiring a user to enter a two-digit code that is showing on their screen ensures only authorized access. It has been helpful in all cases. I deal with multiple customers, and most of them have hit security issues due to people pressing a random authentication key as approved, not knowing what they are pressing, even though they know it is an authentication prompt. Having that ensures that they are who they say they are.

This constant reauthentication to applications helps with organization security. We are not letting you sign in once and remain signed in for 30 days. If that device gets compromised, your corporate security is at risk. Lowering that authentication threshold to every 24 hours or 12 hours and making a user reauthenticating helps to make sure that they are who they are.

Token Replay detection has a big impact in terms of malware. Some people click on random PDFs in their email attachments and things get through. This is happening even at a larger scale, for example with Linus Tech Tips. Someone clicked an email, and they clicked an application that ran the machine and gathered every authentication token for everything the user had access to. They happen to have access to their YouTube account and other things without MFA. Being able to detect if a token is being reused potentially from another IP, with a snap of a finger, is a great feature. If a token is compromised, you can block it.

Since implementing Entra ID, identity-related security incidents have gone down drastically. 

The most valuable feature for me is enterprise applications. This functionality allows the building of applications that are tied into APIs that we can grant specific permissions and limit the scope of access. This is the most valuable feature for me because I do a lot of automation with PowerShell and APIs. We can secure the applications that we are building and make sure that if the application were to be compromised, there is no full access to a customer's environment causing issues and other security concerns.

Microsoft could improve by stabilizing its branding. I still call it Azure AD. Some of the customers I work with call it Azure AD. Branding makes you stand out in the market, but it is something that also confuses people. The frequent changes in branding cause confusion among customers who struggle to keep track of product names and functions. They get used to things, and then it changes the next day.

I have been using it for about 15 years.

The stability of the solution is very high at 99.999%. There have been some global authentication outages in the past, preventing users from authenticating to business applications, Teams, and other things. It has caused some issues there. Over the past three years, there have not been any major authentication outages. If there have been any, they have been quickly resolved, minimizing any potential business impact.

It is fully scalable.

Overall, I would rate their support an eight out of ten. Their frontline needs some work. Reaching the necessary level of support can take time. It can take multiple days to get through tier-one support, but the assistance received at higher levels is effective. When you get to the tier you need, you do get the right answers and support. The actual support when you get to that level is a ten out of ten.

Positive

Most of my customers previously used on-premises Active Directory with ADFS. ADFS had integration with other platforms for two-factor authentication, but it was not a comprehensive solution. Everything was not under one roof. If the third-party application that was being used for authentication as part of ADFS got compromised, you have a problem, whereas now, everything is under one umbrella of Microsoft. We have more security and fewer components to worry about breaking. We can prevent unfettered access to the environment.

For most of my customers, it is a hybrid environment. Azure AD Connect helps sync their on-prem user attributes to the cloud and vice versa. You have password write-back, group write-back, and other things. You are not just stuck in one environment. You are not just doing one-way synchronization. You are actively making changes in Entra ID that are syncing back to on-prem AD. A lot of the customers I deal with have a very massive on-prem AD environment. It is hard for them to move away from that because there are a lot of things that still require on-prem AD. This allows us to have the best of both worlds, a hybrid cloud environment and also a hybrid on-prem environment.

I would put myself as an expert on it. I am the consultant for deployment.

The return on investment comes from not needing as many IT staff to manage and verify user identity and ensuring seamless device connection without needing to administer device compliance manually. Devices can seamlessly connect and authenticate. Nobody has to manually add serial numbers and other things in Intune for compliance. Entra ID has been very beneficial.

Most features of Entra ID are part of Microsoft's ecosystem and included in Microsoft 365 bundles, which means there are no additional costs associated with pricing and licensing.

We evaluated Duo. Entra ID is a part of Microsoft's ecosystem. You do not have to pay additional for it. It is included. There are additional features out of Entra ID P2 for additional security and other things, but as a base, you get Azure AD P1 as part of most M365 bundles.

I would rate Entra ID a ten out of ten.