Microsoft Entra ID Reviews

When a customer is trying to synchronize user information from their on-premises environment to the cloud, they might be encountering a series of errors or they may not be able to achieve what they are trying to achieve. They will raise a ticket so that somebody can help resolve the problem or clarify the situation and explain what the workflow should be like. That's where I often come in.

My support scope is focused on the synchronization aspect of Azure Active Directory. My specialty covers scenarios where customers have information in their on-premises environment and they want to synchronize their Active Directory information into the cloud with Azure Active Directory.

In addition to getting on calls and assisting customers to resolve issues, we also try to help educate customers on how to achieve the best results with Microsoft products.

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. 

The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.

I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

I've been using the Azure Active Directory platform for a little over three years. I started supporting the product in October of 2018.

Our company is a Microsoft partner. When Microsoft customers raise tickets, most of these tickets get routed to partners like us. I follow up on and assist customers when they have issues that relate to my area of expertise.

Azure AD is solid because of the way the product is designed and because the people who support it are very good.

Microsoft is a very big organization. Whenever they put products on the market, they take things like scalability into consideration. They make sure the life cycle of the product matches the demands and the usage of customers. This product should have a long life in the market.

Microsoft technical support is great. Fantastic. Microsoft is looking to push the capabilities of its products, to enable customers to achieve more.

In general, there has been improvement in the way the technology can be used by end-users. Their feedback has been taken into consideration and that has helped a great deal.

Azure AD has features that have been developed purely for the security of users. It has things like Conditional Access policies and MFA. But the nature of the support that I provide in Azure AD doesn't focus on security. While Azure AD gives a company a holistic way to manage user profiles, I don't usually work on security aspects. But I do know that, to a large extent, the solution is built using the latest security.

The provisioning service I support has authentication methods. There has been a push by Microsoft to move customers away from certain authentication mechanisms that are not very strong in terms of security, and to make sure that secure standards are being enforced. I have looked at integrations set up by customers where they have only done the basic minimum in terms of security. Microsoft had to push those customers towards a much more secure setup. So customers are getting better security.

Overall, the effect of the product on my customers' experience has been good. I generally come into the picture when customers are having an issue. Most customers I've interacted with don't understand some information or why the product is designed the way it is. When I explain that it has to be this way so that they can do what they need to do, the customer feedback comes in at about an eight out of 10.

My primary use case with Azure Active Directory is configuring applications, for example Edge, on premises and doing synchronizations with ADFS in a hybrid environment.

I have used it in a lot of application integrations. I set authentication for the hybrid and cloud applications for the services that we acquire.

The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.

In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS.

The services are very clear, but the user admin interface needs to be better. That's all.

I have been using Azure Active Directory for more than five years.

In terms of stability, sometimes the more applications you integrate, the more it becomes a little bit unstable. The synchronization engine is key because that's what 365on-premises is for. The main thing that Azure supports is Microsoft native 365 and the other services that come with it.

It is scalable. It is just that Microsoft likes complex licensing. They should make it more  straightforward.

We just have the admins using it, that's about 20 people.

Microsoft tech support is not the best, but they're okay.

The initial setup is not that complex. Maybe I'm the wrong person to ask, though, because I am already an old AD person and I understand it.

On a scale of one to ten, I would not rate Azure Active Directory as a bad product, I would rate it as an 8.

The primary use case of the solution is for application security and user access management.

Azure Active Directory has improved our organization because it is one of the key components and is being used by almost most companies for identifying and access management on the cloud or on-premise infrastructure.

The solution has a variety of tools. Two of the most valuable features are the ability to create users and to replicate the user account from on-premise to the cloud. 

The solution could be improved when it comes to monitoring and logging as these are the most critical areas in case something was to go wrong.

Additionally, the available zones should be in all regions, such as in AWS, they have higher availability in all regions.

I have been using Azure Active Directory for approximately ten years. 

I find the stability of the solution to be very good. The solution has improved a lot in this area.

The solution is very scalable and is easy to scale.

The technical support is great. 

I have previously used Amazon Load Balancer and AWS. 

The initial setup of the solution is very easy.  

I rate Azure Active Directory a ten.

We are using it for central management, MDM, SSO, MFA, applying policies.

In terms of the features that I have found most valuable, it is cloud based so it is always updated, that part you don't have to take care of. It is public cloud. It is actually AD as a service, so it's a kind of an infrastructure. It is more infrastructure as a service.

We had some issues with the migration of users from the local user accounts to Azure AD. It was more like a local issue and had nothing to do with the Azure AD itself. It works fine for SSO, the Single Sign On. We were not able to do the integration very easily with ADP, so that was a challenge, but later on it was resolved. We had to do a lot of things to have that on the configuration. Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be, the integration was not very seamless.

Additionally, it would be great if they added support for more applications in terms of integration for SSO. That's the only thing that I find missing for Azure AD.

We have been using Azure Active Directory for the last six months. We didn't do any migration from on-premise Active Directory to Azure AD on the cloud. What we did when we were setting up the computers was to join users to Azure AD and apply some conditional policies and everything works fine. We don't have any issues. The only thing we face are some problems with some computers because they were using it locally and we had a lot of data. So when we did the migration to Azure AD, we also had to move all the user settings data, the complete user profile, to the Azure AD account, as well. That was a challenge, but I was able to use ProfWiz to move data between user profile.

There are not any bugs or glitches that I can recall. So far everything is working well.

Scalability is one of the reasons we selected Azure Active Directory. It scales very well.

For now there are almost a hundred users using it, but we are adding more.

We contacted support only one time and it was not related to SSO. We had some questions about their subscription and it was good.

When I was working with another company, we were using on-premise Azure Active Directory. We didn't want to invest in the infrastructure to maintain it, to get the license, so it was not very cost effective for us. We had a meeting with the management and saw that Azure AD would be very cost effective, scalable, and more secure, especially in terms of SSO and MFA, which were some of our requirements. We didn't want Active Directory on premise. It was not easy to do the migration.

The initial setup is not very difficult, especially if you start using it straight away. But if you do the migration, I think that might be a challenge. Fortunately, we started directly from Azure AD, we didn't have to do any migration from Azure AD On-premise to the cloud. It was pretty straightforward and easy. We didn't face any difficulties.

It depends on their requirements and what they are trying to achieve. One shoe does not fit all feet, so that's why it might be different from company to company. For us, it met all our requirements. It was very scalable, which is huge, and just always available. You don't have to be very worried about maintaining your own hardware, your own infrastructure, updating the servers from time to time or caring about securing your on-premise infrastructure. Azure AD is a good solution. I am satisfied with it so far and everything works great.

On a scale of one to ten, I would give Azure Active Directory a nine.

I'm a computer engineering student in Portugal, and we used it during one of our classes for practically the whole semester. We used both the on-premise solution and the Azure, online one.

While we were learning, we used it primarily for user access management and also to define rules for the organization. For example, we created organizational units and defined domains for enterprise-level organizations. I was able to specify access to, for example, certain folders, including shared folders and shared resources.

We were using it in conjunction with SQL Server 2019.

Azure Active Directory works well to access the resources that the school has set up for the students. We can share between our groups, and we can set up shared assignments or shared project folders very quickly and easily.

We have access to shared storage space, which is great. It is managed through Azure Active Directory and appears to me as a Microsoft OneDrive account.

As an end-user, the access to shared resources that I get from using this product is very helpful. I also use it for my email, which is a domain that is part of the organization. 

The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.

The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.

One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.

It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.

The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing. I had to cancel the subscription because it was using my credits too quickly. For the students, it was not a very cheap way to learn it.

It would be helpful if they provided more credits for students who are performing test cases because we had to be really careful when we were using it. Making it cheaper for students would be great.

I have been using Azure Active Directory for one school semester.

Because we weren't using it on a large scale, it is difficult to estimate how good the stability is. That said, it worked fine for the small number of users that we had. Although it was not a good test, I think that it worked fine. It does have some good monitoring options, so we could watch the performance.

I do not have large-scale experience with this product, as I was using it for practice during my degree program. I don't know at this point whether I will be using it in the future.

In my class, there were half a dozen or fewer users.

In order for the solution to be scalable, it requires some upfront work. You have to well define the users, profiles, and roles that you want to have at your organization. We were already given some advice on that from our teachers, including which roles we should create and so forth. Once you have that done, I think it's pretty straightforward. You just have to add them through the interface that the solution has, and it's not very difficult to do.

I did not have to contact Microsoft technical support.

Our teachers explained what it was that they wanted us to implement and we were left to figure out how to accomplish the tasks on our own. When problems arose, I used Google to search for answers online. I also watched YouTube videos that included explanations and step-by-step tutorials.

Another solution that we learned about was the Apache Web Server. You can do the same things that you do with Azure, but it's more complex. You have to know a little bit more about Linux and you have to do it more manually.

In Azure Active Directory, there are already some default options available. That worked for us. It's easier for someone who doesn't want to have the headaches of understanding some of the more minor details.

For the initial setup, we mainly followed the tutorials that Microsoft has online. Initially, it was a little bit confusing because we discovered that there are many different versions of this same software. There are distinctions between an on-premise way of doing things versus a hybrid approach versus something that is on the cloud exclusively. There are limitations that each one of them has, as well as other differences that include mobile versus desktop solutions.

For a newbie like me, it was a little bit challenging to understand what the best approach would be. In this case, we were oriented by the teachers to implement the hybrid approach. When we were configuring Azure Active Directory for this, and also for the organizational units, we used the Bastion service. It is the one that creates the domains.

The deployment took perhaps half a day to complete the configuration, step by step. We had to make corrections between configurations, where we had made errors, which was part of the learning process. Overall, when you really know what it is that you have to do, it's pretty straightforward and quick to complete. Otherwise, it will take you a little bit longer.

From the documents that Microsoft has available, we understood that there are several ways to deploy this solution. There is an on-premises version, a cloud-based SaaS, and a hybrid option. 

We were using virtual machines with a license that was connected to our educational package. We have a product key, install it locally on the virtual machine, and that's how we worked with it. At that point, it was connected to the cloud.

Our Azure accounts are related to our college email address, and they are also administered by Active Directory.

We deployed it ourselves. With our small group and for the length of time that we used it, we did not perform any maintenance and I don't know how it is normally done on a day-to-day basis. Based on what I have learned, I think that one or two people are sufficient for maintenance if they know the product from head to toe.

Based on my experience, it would be difficult to estimate how long it would take to earn your investment back.

As this was being used in an academic setting, we were using the educational package. Azure has an educational package available for students with a variety of licenses and different software available. One of the applications included with this is the Azure SQL Server.

Each of the student accounts had an opening balance of $100 USD in credits. We used that to implement the solution and the code doesn't change if you are a student or a normal organization. Some of the things that we wanted to do were blocked by the organization, so we had to use our personal accounts. When we used our credits in this way, it was not specifically for students but for anybody who uses the service.

These credits are used on a pay-per-use basis and the price depends on the features that you use. The most expensive one that was relevant to our use case was Bastion, which allowed us to create and configure virtual subnets. Our use case required us to use it to connect our on-premises Windows Server with the cloud AD.

My advice for anybody who is implementing Azure AD is to study the basics. Get to learn how this access management solution works. We used Microsoft Learn and YouTube videos to assist us with doing so.

In summary, this is a complete solution for any company, but it requires some time and practice.

I would rate this solution a nine out of ten.

Usually, it is replicating an on-prem Active Directory environment into Azure. It is usually tied with generic email access and SharePoint Online access and building out provisioning for that. There typically is some sort of synchronization tool that is sometimes used in addition to or as a substitute for the typical Microsoft suite. So, it just depends upon the customers and how they're getting that information up there.

In terms of version, it tends to be a mixed bag. It just depends on the client environment and factors such as the maturity and the rigors of change management. Sometimes, it just lags, and we've dealt with those types of situations, but more often than not, it is more of a greener field Azure environment and tends to be the latest and greatest.

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot. 

For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.

I have been using this solution for probably two and a half years.

It is perfectly stable. I haven't had any concerns or any problems with that.

I have dealt with them. Overall, tech support is great if you have something that was working but it's broken and needs to get fixed. It is a different bucket if you have more of an implementation question like, "Hey, can we do this?", or "How to approach that?" Sometimes, it can be challenging to get the right people on that call to support those conversations.

Its initial setup really depends on the customer. I have one customer right now with a super simple environment. They're just replicating it up. It's all Microsoft stack top to bottom with no real surprises or anything else. They're happy as pie with that. 

I have larger customers who tend to want some sort of management layer on top of it for Active Directory management purposes. This tends to go into the cloud, which introduces its own little challenges. In a more sophisticated enterprise, I start running into custom schema or workflow dependencies that just don't translate well from on-prem to cloud, but it is rare. It usually ends up being a third-party solution that we route them to with that. So, it's not huge. The challenge is more in identifying that. Typically, as much as we try, we rarely get it identified early enough to change our statement of work or our implementation, so it becomes a bad surprise.

Its price is per user. It is also based on the type of user that you're synchronizing up there.

I would advise spending more time on planning and aligning your business processes with Active Directory and Azure in terms of custom schema and separating third-party accounts, external accounts, or customer's accounts from employee accounts. I've run into issues when people take an existing on-prem solution that has third-party entities or maybe external customers and start synchronizing it up. It is not a slam against the service, but that's where I start recommending people to do different instances of Azure Tenants to break that up a little bit and provide that separation. All of these are planning functions. Using this service can be deceptively easy, but you should spend more time on planning. Around 80% of it is planning, and the rest of it is the implementation.

I would rate Azure Active Directory an eight out of 10. It is super solid. I wouldn't say it's the best. I would love to have everything that you could do on-prem. I understand why it can't do that, but I would love that flexibility.

We're using Azure Active Directory for MFA.

It is very usable and easy to use.

It is easy to manage. I can manage systems with policies and automate our systems. Any professional system can be easily integrated with Azure Active Directory. It is widely used with Windows versions. 

Four years ago, we had an issue with Azure AD. We wanted to reverse sync from Azure AD to on-prem Active Directory, but we couldn't achieve this. Azure AD could connect only in one way, for example, from your site to Azure. If you needed to do the reverse and connect from Azure to on-prem, there was no way to achieve it. We asked Microsoft, and they told us that they don't support it.

Their support should be faster and more knowledgeable and customer-friendly.

I have been using this solution for maybe four years.

It is very stable.

It is very scalable. I don't know about the number of users that we have currently, but at the time I managed its synchronization, there were maybe 800 users. 

We're not satisfied with their support. We couldn't get support from Microsoft directly, and we made an agreement with a company. We weren't satisfied with their support. They were very slow and not friendly. They couldn't solve our problems because our program was very complex.

I didn't use any other solution. I only use Active Directory and Azure AD.

I installed hybrid Exchange. It was very easy for us. Its installation took a very short time. There was a connector system on Exchange, and we just had to set up the connection. It was very easy.

I installed it myself.  

Its maintenance is very cheap and easy. We have only two engineers to manage Azure AD and Azure Exchange.

We have an agreement with Microsoft, and my company pays yearly.

It is a very good product. I plan to keep using it because it is very easy to manage.

If you use an application in Azure and you want single sign-on for Azure products, you should prefer using Azure AD. You should synchronize your on-premise Active Directory to Azure AD. We synchronized Active Directory with Azure AD for single sign-on. For example, if a worker wants to sign in on your computer with the same user ID and password, he or she can connect to Azure services. Azure AD provides support for this.

I would rate Azure Active Directory a nine out of 10. 

I am a cloud engineer, and I do a lot of administrative work that involves creating new infrastructure for our applications. Whenever I create infrastructure, I have to install it on our Active Directory and then set it up. This is how it was that I started working with Azure Active Directory.

Once the infrastructure is set up, I usually proceed to create user groups and user IDs inside Active Directory. After they are created, I set up and configure them based on the requirements of the organization, including the access required for different groups and users.

We deal with a lot of health information that we have to keep confidential, so having the Azure cloud security policies in place, such that nothing is exposed to the outside world, is helpful for us.

The security and infrastructure management features are the most valuable ones for us.

It offers multifactor authentication for setting up development pipelines.

Better deployment management and visibility functionality would be helpful. There is a lot of room for improvement in our infrastructure, and in particular, when we create something, we have to visit a lot of websites. This makes life more difficult for us.

When we deploy new infrastructure, it begins with a lengthy approval process. For example, as an administrator, I may receive an infrastructure request from one of our developers. The developer might need access to our front-end, where all of the servers are deployed. The problem is that we don't know exactly what has been deployed within our servers, so better visibility would be helpful.

It's a closed infrastructure, and every developer gets an individualized container. We don't know exactly which features have been provided to them and it's a roundabout process to log back into Active Directory and see exactly what permissions have been assigned. It requires returning to a specific feature and looking at the specific user.

I have been working with Azure Active Directory for just over three and a half years.

This is a highly reliable solution and we plan to continue using it.

Right now, we have 5,000 users that are deployed on Azure Active Directory. Every internal user account that's been created has some sort of multifactor authentication attached to it.

Right now, there isn't a plan to increase our usage. I think we have reached our maximum capacity and if we have to add on something else, then we have to use another tenant or figure out a different way to do it.

We have a team of 15 people who deal with tickets related to this solution.

We constantly have the chance to engage with Microsoft regarding Azure Active Directory. They provide full-time support, so for any issues that we face, we just create a ticket. When we have issues, we quickly get someone from the Azure support team to help us out.

Prior to using Azure Active Directory, we had our own Active Directory. Once we started migrating our applications to Azure, we began moving away from our traditional implementation.

The initial deployment process takes a couple of days for us, although exactly how long depends upon the type of deployment. If you have new deployments then I suggest creating an automated script that will kick it off because this will save time. If on the other hand, there is something that is already deployed and it needs to be redeployed, it doesn't take longer than a couple of hours.

It only takes one person to deploy. It is done on a ticket basis, as requested by people like our developers.

This product provides added value to the company.

In summary, this is a good product and it has been helpful for us, but without doing the proper research, I wouldn't recommend starting with Azure Active Directory. Migrating all of your user accounts and then your resources from different domains to an Azure Active Directory is a huge task. It means that you have set up to create everything from scratch, so without doing proper research, you may run into problems.

I would rate this solution an eight out of ten.