Microsoft Entra ID Reviews

We use Entra for things like, multifactor authentication, user backups, registrations, and other identity management tasks. 

We use Entra ID for 3,000 users, and there are multiple third parties integrated into it. The solution is part of the fabric of our company, so it's essential. 

The solution has saved IT administrators and HR staff time. We build Power BI dashboards on top of it to provide some insights. We're feeding all of the users into that. We've built an aggregator that takes all the sign-in logs and all of that data available in Entra and surfaces it through Power BI, so we can reuse it in different parts of our organization. It makes sense to build the dashboards in Power BI, so that it's centrally available and part of a bigger data set. 

Entra's license management features have saved us money because we can allocate licenses to groups and users. We've built reports on top of that license group user information. We can see how many licenses are being used and whether it's over-provisioned. 

I like Entra's ability to integrate the Active Directory with third-party solutions. It's straightforward. I like the ability to define third-party systems and make the AD the primary identity provider.

Entra offers a single pane of glass that helps us keep our security policies consistent. It helps to drive behavior through security and role-based groups. We use privileged identity management for elevated roles in security groups. 

I started using Entra when it was still called Azure Active Directory. It has been about 10 years. 

No one would say Entra isn't scalable. Some of our deployments were for large UK government projects. One of the largest Azure Active Directory deployments was at NHS which has 2.4 million users. We run and manage the identity part of that service for the NHS and a bunch of other things. 

We're involved with some massive deployments of that critical national infrastructure, including the governance and compliance around it. That's tens of thousands of endpoints. It's the NHS, so that includes people's local doctors, hospitals, and people in the supply chain. 

I rate Microsoft support five out of 10. It's just okay. 

Neutral

Entra isn't too difficult to set up. We follow the Microsoft cloud adoption framework. There's a phase that involves aligning with best practices and making sure it's secured appropriately.

Entra includes things like multifactor authentication, conditional access, etc., so I think it justifies the cost. 

Entra is fairly priced. We get it through an E5 license, so it isn't an issue.  It also costs nothing to our customers. 

I rate Microsoft Entra ID 10 out of 10. I would recommend it if you're using Microsoft or Azure. If not, I would still think about it because creating a tenant is free. There's only a licensing cost once you start putting users on it. 

I use Microsoft Entra ID in my company for provisioning and deprovisioning identities and access.

In the organization where I work, Microsoft Entra ID helps automate the process of creating accounts and purging multiple accounts when they are no longer needed.

The most valuable components of the solution are provisioning and deprovisioning since both features work.

My organization is less familiar with some of the new tools in the market, so I don't know whether I can speak about what needs improvement in Microsoft Entra ID presently.

I have to absorb whatever I have learned about Microsoft Entra ID. I don't know if I can say what additional features need to be introduced in the product, but I can say that the product looks promising based on what I have learned about Microsoft Entra ID.

Attempts to simplify hooks to perform access management are not always easy, but in my organization, we might be able to make some progress in the future.

Microsoft's technical support has shortcomings where improvements are required.

I have been using Microsoft Entra ID since 2005. My organization plans to enter into a partnership with Microsoft, but presently, we are just a customer.

Microsoft Entra Verified ID is a very stable solution.

I have not had any issues with Microsoft Entra Verified ID's scalability feature.

There are 1,50,000 end users of the solution in my organization.

I rate the technical support a seven out of ten.

Neutral

My company has been using Microsoft Entra ID since the release of its earliest version, which was in the mid-2000s.

I was involved in the original deployment or initial setup of Microsoft Entra ID in my organization, and we found it to be a complex process. In the past, my organization was involved in the migration process from a custom Oracle-based solution to Microsoft Entra ID. Microsoft Entra ID was a product that was a new acquisition for Microsoft at the time, in which some custom development work by our company's team was required.

The product is used for our enterprise, an academic medical center with many different hospitals, owing to which the tool is deployed centrally.

The solution is deployed on hybrid cloud services offered by Microsoft Azure Cloud.

The product's deployment phase was carried out with the help of my organization's in-house personnel.

My company has not used many of the new features available with the product's new prices, so I cannot speak if I have seen an ROI from the use of the product in my organization.

I have seen an ROI from the use of the solution if I consider its past usage in our organization since we were able to eliminate work that a lot of people had to do manually, like the creation or deletion of identities.

I work for an academic medical center, where there is a watch kept over every dollar spent. I do have concerns about the micro charges for different levels or features of the product.

My company did consider a product from IBM against Microsoft Entra ID during the evaluation phase. My company chose Microsoft Entra ID since we were involved with Microsoft Active Directory Domain Services. Microsoft Active Directory Domain Services was a nicely tied product with Microsoft Entra ID.

Microsoft Entra ID provides almost a single pane of glass for managing user access, but not in my organization's environment because we have a little bit of custom work to do at our end. It looks like my organization might be able to see how the solution provides a single pane of glass for managing user access in the future.

A single pane of glass affects the consistency of the security policies, as it helps reduce a lot of confusion for the IT professionals who need to work with Microsoft Entra ID. It is very confusing when IT professionals have to bounce to different URLs to find access to tools needed to do their jobs, which was an issue for me, but it looks like there have been some improvements.

I don't use Microsoft Entra Verified ID.

I do use Microsoft Entra Permissions Management, but probably not the way it is designed to be used.

The solution has helped my organization's IT admins and the HR department save a lot of time.

The solution has helped my organization save money, but I cannot quantify it.

I ardently carry out processes where I build out and test a solution and then run a proof of concept before moving to a particular product. I suggest that others who plan to use Microsoft Entra ID consider the aforementioned aspects.

I rate the overall product a nine out of ten.

I have a total of fifteen years of experience in the IT industry, and I have worked with multiple technologies including, Exchange, Office 365, and Intune, and then a little bit of SharePoint. I have excellent experience with Entra ID. We have handled a lot of migrations from on-prem to the cloud. We've also done reverse migrations.

We can centralize and manage everything much more effectively with this tool. We are able to leverage role-based access controls and maintain IAM (identity actions management).   

We can also leverage Defender from a policy and security perspective so we can protect against vulnerabilities of all types. 

For remote workers, when they try to log in with the domain username and password, the device will get synchronized to the Azure Active Directory using the device identification method and it will enter an identification letter based on the policy we have derived. This helps us maintain a modern workforce organization. From our modern work workspace configuration, we can centralize and manage everything - even for off-site employees. It doesn't matter the device. It can be a laptop, iPhone device, or Android device - any mobile phone device. Everything is now centralized.

Entra ID Connect is good. If you are migrating your office environment or data center environment, to the cloud, it will do the handshake between the local director and the cloud. Based on that, the objects will be synchronized from the local active directory to the Azure active directory, and that way the users can access both the cloud-related resources, as well as on-prem applications. They can do everything through a single sign-on object. 

It provides us with a single pane of glass for managing user access. We can log onto the Azure portal and maintain all Azure objects. We can enable features so that the user can access everything using the same username and password. If the company needs an MFA license, it can use the Authenticator or any phone or DB PIN of third-party feeder keys. The product allows for a lot of security features. 

As a vendor, we do also have the Defender tool which can help with security robustness.

They have a good feature called conditional access. We have a lot of conditional access policies. For example, MFA. For each application, we can specify access. We can also search for the conditional access policy in Azure Active Directory. We've used it with Endpoint Manager. We can make it so a device can only authenticate within a specific region and any other region would get blocked. We've deployed a lot of conditional access. It reduces the risk of unpatched devices gaining access to our network.

We've used Verified ID. It's good for verification purposes.

We've also used Permission Management. It helps with role-based access. We can create separate role-based access policies for distinct departments. We'll only give specific permissions to specific groups, for example, and they'd only have limited access to certain areas. We can really customize the policy to make the access very granular. We gain good visibility and control over identity permissions. We can configure and deploy down to specific locations or devices based on a customer's needs.

The product has helped us save time for IT admins and the HR department. It's easy to do a password reset. Instead of having to raise a case with every tool, IT can write a ticket for users and do it all from one spot.

Active Directory has saved our organization money. When you deploy the virtual machine, initially, if you are you have a data center server, the server will be kept online in the data center environment. However, nowadays, in the cloud environment, if you have the virtual machine for the application and you can autoscale the server, you can perform on that. If it is off-peak hours, the server will not need to function. It will be shut down based on the rules we define. During that time, the cost is minimal.

We don't have as much control. It's all Microsoft. If any service is down, it can affect a whole region. We would need to wait on a ticket and get word from Microsoft to understand the issues. If it takes longer to resolve the issue on Microsoft's side, all we can do is wait for them to fix it. If it was under our data center, we'd be able to give it immediate attention directly.

I've used the solution for almost five years. 

The stability is fine, although we cannot do anything about it. We cannot directly specify the gateway. That's decided on Microsoft's side, depending on where the user connects from. I'd rate the stability eight out of ten.

I'd rate the scalability eight out of five. Nowadays, we do not need to procure physical hardware, so it's easy to scale up. We can add new virtual machines with ease based on the application support from the OEMs. If you want to increase RAM, this is automatically done via autoscaling.

We've dealt with technical support. Whenever we have issues, we'll write a ticket. We have a premium license and we'll write tickets under that. They'll coordinate with us for any major issues.

Support used to be better. We'd prefer to fix the issue ourselves rather than go through Microsoft. However, they are still helpful and responsive under the license we have.

Neutral

Previously, I did not use anything. I've always relied on Windows-related technology. We had used Windows 2008 and 2012 servers in the past. Now we use 2019 and 2022 servers as well as the latest environment. 

I have used Okta in the past, however, I don't remember much about it. I've used previous versions of it. 

I was not directly involved in initial setup tasks, however, when they migrated the user's object from the local active directory to the cloud, then we used a third-party tool called Cluster Migration Manager, and we used the tool to migrate the object user and object functionality to Azure.

We have continuity load balancers and we have also deployed VMs and SQL databases. we've configured a lot under this product.

We do use premium licenses. One has limited access and the other has more features. Users might also have Office 365 licenses in order to use Exchange. If a company has a large number of employees, like 2,000 or so, they should look at enterprise-level licensing. Educational instituations can access educational licenses. 

We tend to use Windows, however, users may also use AWS or Google if they want and align on that. We work based on the customer's needs and align with whatever they may be.

We usually work for customers that deal with Microsoft. We're consultants, not direct Microsoft partners. 

I'd rate the solution seven out of ten.

We are a university using Azure AD to authenticate staff, faculty, and students. Our organization completely depends on Azure Active Directory for authentication and identity-related features. All cloud activities and third-party services are validated with Azure Active Directory.

We also have an on-premises Active Directory, and the data is synced periodically to the cloud. Most of the services done on-premises are reflected in the cloud at once. We can also do the same handling features from the cloud to write back to the on-premises AD. This is the architecture.

We are implementing more and more services in the cloud on Azure and AWS, so we need to monitor our data security thoroughly. It's always a concern. Azure Active Directory enables us to easily validate the identity of anyone who connects to a particular server. We need to validate our data properly. For example, we must ensure our research data is going to the right person and place. Microsoft Azure Active Directory provides the easiest way to do that.

The Conditional Access feature lets us restrict access to a group of people on specific servers. We create a group in the Azure Active Directory and put only the necessary members there. For example, we can easily set up conditional access to SSH, Telnet, SSH, HTTPS, or any service with Azure Active Directory. 

We plan to implement Zero Trust in many of our other devices. It is an essential feature because users from multiple countries are accessing our research servers. We can provide a highly secure environment with minimum services without compromising productivity with a Zero Trust strategy.

We have wireless units deployed across the campus and use Microsoft AD services to authenticate all wireless activities. Many of the use cases are covered by wireless. After authentication, some users need to be redirected to the cloud. Their identities can be easily validated and captured with Microsoft AD. It gives us excellent control over our on-premise infrastructure.

Verified ID has helped us with our remote workforce. We provide VPNs to our remote employees so they can connect to our cloud services, authenticate with Azure, and be granted the necessary access. We provide policies for each user basis. Users in each category connect to the VPN, authenticate with their Azure credentials, and securely access all the cloud services.

We give provisioned laptops to our remote employees. With the help of this VPN, they spend less time coming to work in person because they have full-time access from home. So that way, we could reduce most of our official requirements concerning our employees. 

Privacy is a crucial security concern for our organization. With Verified ID, we can ideally authenticate Microsoft services without worrying about compromised identities. We used to have these issues with on-premise Active Directory, but this is less of a problem since we migrated to Azure Active Directory.

Our HR department can easily get a complete report on our users. HR can see specific fields, like designation, school, businesses, etc., if they need it from the Azure AD. They can also get the usage logs. They don't need to store all this manually for each person. They can easily get all the reporting parameters from this.

Azure AD saves us a lot of time. On any given day, it will save around four hours. It also saves us money because we don't need to pay for the resources required to have Active Directory on-premises. If we relied on on-premises Active Directory, it would require data center resources, like air-conditioning, power,  hardware, etc. We save considerable money by deploying it on the cloud. Percentage-wise, I think we could save around 40 percent. 

Azure Active Directory has improved our overall user experience. I would rate it a nine out of ten. Our users are delighted.

Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure handles everything. We haven't experienced any errors or security-related issues in the past four years. Many people use our protection servers from outside, requiring multi-factor authentication. Each authentication is logged precisely.

In addition to the SSO, Azure AD is entirely flexible. We have other Microsoft services running on-premises, so Microsoft Azure AD allows us to sync other Microsoft services completely. This is perfect for us.

Microsoft Entra offers a single pane of glass for managing users and cloud services on multiple platforms. It all requires authentication and validation of user data, so Azure AD helps us to authenticate each user's identity without any security compromises. 

Microsoft has an excellent administration portal that enables us to sync our on-premise Active Directory automatically with the cloud. Any on-premise policy changes are reflected on the cloud. There are various options for each user on the admin portal. You can change user passwords and other attributes or configure a policy for forgotten passwords. A writeback feature can also reflect changes from the cloud to the on-premise environment. If you change the password from the cloud admin center, it gets reflected here.

Microsoft Azure AD Connect has a multi-factor authentication. Multi-factor authentication is a crucial feature, but we only require MFA for specific servers in the cloud. With Microsoft Azure AD Connect, we can specify the users and servers that require multi-factor authentication.

Azure Active Directory integrates well with other third-party applications. Third-party hosted solutions have the option. We can even create applications with Microsoft Azure AD. When users log in to Microsoft Azure AD, their credentials are stored in the application, and we don't need to get them on-premise Active Directory. So, it is an essential feature for us.

Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications.

We have been using Azure Active Directory for four years. 

Microsoft services have a reputation for complete reliability, so we expect the same from Microsoft Azure AD. It doesn't disappoint because most of the on-premise features extend to the cloud. Plus, Microsoft Azure AD has additional features, configuration, and single sign-on capabilities. It's a complete package for this authentication and validation purpose. Most of our users are pretty happy with this product.

Azure AD is completely scalable. We can add unlimited users.

I rate Microsoft's support a ten out of ten. Microsoft technical support is excellent

Positive

Previously, we have used on-premise Active Directory.

Setting up Azure Active Directory was a bit complex. The migration process is somewhat challenging because we don't want to lose any on-premise data. Each user has many parameters and access policies already set. Without even changing the password, we were able to sync all this data to Microsoft Azure AD. It was a complex procedure because Azure AD Connect has to be deployed correctly. We required help from Microsoft's technical support to do this.

Our initial deployment required three system admins and took around one week, but it took around six months to import all our users and get everything working properly. After deployment, Azure AD doesn't require any maintenance because everything happens in the cloud. We don't need to bother with anything.

The return on investment is pretty massive. We save time and money. It helps us even if we opt for a subscription. We save a considerable amount of time with the cloud version because it has various features unavailable in the on-premises Active Directory that save time for the system administrators. We can concentrate resources on hiring other staff instead of system administrators. All the features are within the cloud itself, so it reduces the maintenance costs of an on-premise server. 

Active Directory is bundled with a package of Microsoft services, so it doesn't cost much. I don't know about the individual license of Active Directory. 

I rate Azure Active Directory a ten out of ten. I would prefer Azure AD to have multiple application scenarios requiring a single sign-on facility and complete authentication, validation, and security tracking. 

If they require it in their application, even if it is an on-premise or a host application, I would prefer Microsoft Azure AD because it handles all this simultaneously. No other application covers a complete range of activities in an all-in-one solution. 

We use it for the single sign-on to different products that we have, and it works pretty well.

In general terms, we use it as an admin tool. If we want to set up accounts for people, it's easier for us to do it like this because everything is connected to different groups.

It's a very intuitive platform. It's easy to create groups and add people.

I have used Okta in the past. Okta is easy to use, and it's also very friendly. Even users who have no tech experience would be able to use Okta.

When it comes to Azure, creating certain things or getting different resources isn't very clear. You need a certain level of knowledge of the system. It could be a little bit more friendly so that some of the things can be done easily, but after everything is created, it's easy to use.

I've been using this solution for five years. In this company, I've been using it for two years, and before that, I used it for about three years.

It's good. It has never hung up.

They're good. We don't have issues with scalability because we are not like Amazon or other companies that are super huge and have got tons of traffic.

I don't handle it directly now, but based on my previous experience, they're pretty fast. I'd rate them a 10 out of 10.

Positive

There was probably the Google management system, but it works similarly to Azure AD. 

I was not involved in its deployment.

In terms of our environment, it's a private cloud. We have the infrastructure within the platform, but all the software, all the usage, and other things are handled by us. We're private because we're a big company, so we're able to afford it. We're not an IT company, so we don't need so much processing power. So, we use Azure as a PaaS solution.

We use it as a connector for different applications. We have Adobe Sign and applications on AWS. AWS has a translation solution, and people have accounts over there. They have their translations of different products and things like that. That's how we use it.

In terms of maintenance, everything is done by Microsoft. We are just the end users.

The return on investment is easier to calculate with Okta. It's a bit complicated to calculate in the case of Azure. Of course, Azure is already a trusted platform. It's pretty big, and it's handled by Microsoft, so there are no issues with that, but it's easier to check the return on investment with Okta.

I'd recommend Azure Active Directory if you are a big company. For small or medium companies, it's probably not the best idea in the world because of the pricing. If you are a small company, you can probably deploy your own solutions because you're not handling a website with tons of traffic. If you are not like Adidas, Nike, or Walmart, you can do it in a way that is more localized than handling everything through a big price solution. However, Azure tends to provide you with solutions that are easier to use. If it was cheaper, I'd definitely recommend going for it.

I didn't evaluate any other solution. 

I'd rate Azure Active Directory a 10 out of 10.

We use the solution to cover Microsoft 365 licenses.

We strive to provide our users with the easiest and fastest way possible to access. Most users view the single pane of glass as a feature that is beneficial. However, the security policy is more difficult to implement and must be managed and measured by the administration.

I give Entra Admin Center for managing all identity and access tasks in our organization an eight out of ten.

We use the Apple environment. When we tried to implement Azure Active Directory in our service, it was a bit difficult. So, we chose to use an alternative such as Okta. However, Azure Active Directory is very valuable because it connects with Apple School Manager itself. I would rate Azure Active Directory an eight out of ten.

Entra saved us about one hour per month.

The overall employee user experience with Entra is a seven out of ten.

We use Active Directory to manage our Microsoft 365 licenses. The solution is very easy to use. We conducted some tests to connect this with our MBM through the identity tools, which was also very easy. We just had to follow a few steps, but we needed to be more technically prepared.

Active Directory is easy to maintain due to our control of identities. We have a controller in place to maintain and clean the Active Directory, providing new identities and removing those no longer in use.

The most valuable feature of Azure AD is its ability to connect with services outside of Microsoft, although documentation is necessary to properly implement these connections. Azure AD is a reliable and well-tested solution, so it is arguably the most popular of its kind. While Azure AD may not be the easiest to use, it covers a wide range of areas.

Using Microsoft Endpoint Manager is not difficult. We must select two out of six or eight options for Entra's conditional access. To avoid invading privacy, such as requesting a phone number or personal email, we must opt for validation via an app.

Microsoft Entra Verified ID is straightforward, but the only option to apply is to install it on our mobile device.

Microsoft Entra Verified ID is an option we offer to employees, but most of them opt to use other identification methods instead of installing the app on their devices.

I give Microsoft Entra Verified ID's privacy and control of identity data a six out of ten.

I don't feel the Entra admin center offers a single pane of glass for managing user access because we have to use more resources and it is not user-friendly.

The user sign-on experience was ultimately satisfactory, but the process of finding the best configuration was somewhat arduous due to the protection of licenses or access; the users were confronted with strict instructions on how to log on and were required to select two options to do so, such as providing a cell number or personal email or using an app to connect and verify the two steps. This was not easy for the users to feel comfortable with.

The implementation of the conditional access feature was challenging due to our users' unfamiliarity with this type of login. Managing it was difficult.

The solution can improve the educational portion because it is an administration cost.

I have been using the solution for two years.

The solution is extremely stable. I give the stability a ten out of ten.

The solution is easily scalable. I give the scalability a nine out of ten.

The technical support is good.

Positive

The initial setup was straightforward. We had Microsoft's support within our company, and the local provider in Mexico was very easy to use. We only used this part for Microsoft 365. Connecting with our MBM provider was the same process and easy to do due to all the documentation; we simply followed the steps.

One person was used for the deployment.

The implementation was completed through a reseller.

We have seen a return on investment.

The pricing for Azure Active Directory is affordable; I would rate the cost a six out of ten. As an educational company, we have access to very good discounts on the solution, making it even more affordable.

When comparing Okta and Entra as authentication services, Okta is the market leader and is my preferred choice.

I give the solution a nine out of ten.

We must go through the test and assess how users can be more comfortable using the combination. The administration area is the most difficult, as our users have to install an application on their personal cell phones or provide a number, which is challenging. Our staff is quite particular about privacy.

New employees may not be aware of the backend efforts to protect licenses and secure information when we ask them to use Microsoft Entra Verified ID. This is not intended to be intrusive, but when we ask a user to install the Endpoint on their personal cell phone, they may be hesitant and not want to be inconvenienced on a personal level. They would prefer the onboarding process to be easy and not involve these methods. They just want to enter a simple password and move on.

I recommend looking for documentation on Azure, as it is a huge service with great potential and can connect to many other services. Learning about Azure is very interesting.

We are using Azure Active Directory to secure our identity and applications throughout our corporate. All the authentication is done automatically.

It provides a single pane of glass for managing user access. It streamlines the IT access management process and improves the security of the IT systems. If there are any configuration changes in the software, they are taken care of automatically.

The integration of Azure Active Directory with other Microsoft services is very easy. We can integrate it with Teams, 365, or any other Microsoft solution.

Azure Active Directory provides a seamless and secure way for employees to access work resources that have been assigned to them. They can access the resources from anywhere and work from anywhere.

Azure Active Directory provides a robust set of features. Features such as multifactor authentication and conditional access policies are in-built. These features enhance the security of the IT systems and protect sensitive information from potential threats.

Conditional Access helps to enforce fine-tuned and adaptive access controls. Conditional Access provides more secure authentication for us. We also use multifactor authentication to secure our enterprise from any potential threats.

Permission Management helps to bifurcate the users based on various roles, such as administrator.

Azure Active Directory has saved us time. It has helped to save four hours a day. It has also saved us money. There is about a 10% saving.

Azure Active Directory has affected the employee user experience in our organization. It is seamless. They do not get to feel it is there.

It is very simple. The Active Directory functions are very easy for us. Its integration with anything is very easy. We can easily do third-party multifactor authentication. Automating IT governance is also easy. These are the advantages that we have.

The role-based access control can be improved. Normally, the role-based access control has different privileges. Each role, such as administrator or user, has different privileges, and the setup rules for them should be defined automatically rather than doing it manually.

I have been using this solution for six years.

It is stable.

It is scalable. We have 1,500 users and two admins, and we plan to continue using Azure Active Directory.

Their technical support is very good. I would rate them a nine out of ten.

Positive

We were using Oracle Database. We moved to Azure Active Directory because it is a higher access management solution. It is more secure and helps to manage entities across hybrid and multi-cloud environments.

Its initial setup is very easy. We had to do policy configuration and user configuration. That was it.

It does not require any maintenance from our end.

We had one person for the initial setup.

It is worth the money.

Overall, I would rate Azure Active Directory a nine out of ten. It is a complete identity access management solution for security and managing all types of multi-cloud environments.

The primary use in my organization is for identity and identity security management. In our case, it's in our hybrid infrastructure, where it's not the cloud-native option; it's based on on-prem identity infrastructure on the cloud. We use it to manage our identity in a multi-cloud scenario. 

We use it also for our software developers for credentialing. They use a single credential, and they can use multiple platforms, like, GitHub, Google Cloud, AWS, et cetera. 

The product is connected to our security operation setups.

We also use it in our organization to on and off-board the users constantly. It helps strengthen our permission management and privilege access management. For example, if one of our engineers or users needs temporary sole permission to perform an action, we use the product to temporarily grant that security role, or that extra permission that will last a certain amount of time. After the desktop is completed, the permissions are revoked. That way, users do not have a sensitive role constantly enabled.  

The overall identity management and lifecycle management capabilities are great. We can support our entire operation. For example, we can create an onboarding package for the users so that at the right moment they have everything that they need and access to exactly what they need when they need it, and this will help our transition team when new users start. They can have the password, credentials, et cetera, all accelerated while making sure there are no security gaps. 

Entity management is great. We can provide access for short amounts of time as needed. 

When we develop applications, we leverage Entra ID to create an application like an identity so we can tailor the security posture of an application that is often used or exposed on the public internet for customers. 

To summarize, identity lifecycle management, privileged access management, and identity and credential management for developers and applications are all the best aspects of the product, in a nutshell.

Entra ID provides a single pane of glass for managing user access as well HRID of API capability for third-party integration. The single pane of glass positively affects the consistency of the user's sign-on experience. That is one of the strongest points. Using a single pane of glass and then adding HID, like a gatekeeper for identity, is very helpful. The user now knows what they expect when they authenticate an application or they authenticate a portal or simply consume Microsoft Office since the experience is very consistent. It's always the same. Our support knows when, in which scenario, and what could be a problem and then quickly can help the user to overcome an issue. The single pane of glass actually is the beauty of the product.

Security policies can now be very consistent and very granular and can be completed in specific ways for individual users. For example, there is a way to tailor your security experience for certain container reviews. A sensitive user, a high-risk user, or a developer, can have a custom mail detail or security policy that will impact only them while the rest of the standard users will not be affected by an end security policy since their workloads wouldn't require that.

The portal is really handy. It's exactly what you would expect it to be. The management center is very comprehensive. We've had no problems with the useability of the admin access and the capability of the product offering. 

This solution removes a lot of burdens, especially for us as cyber engineers. With a few clicks, we can create and target certain users. It will provide inputs and insights on scenarios and security settings. It will send warnings before we enable policies to let us know what might be affected. It helps us on the front end to avoid security configuration mistakes. That's for the sake of security as well as the user, who could otherwise be blocked every now and then by an incorrect security policy. 

We use Entra ID's conditional access feature to enforce fine tune and adaptive access controls. We use that for user identity and to protect workflows. In EntraID, an application in the directory, it's considered an identity, even if it is an application. Therefore, we can create a policy for users as well as for applications where it will authorize access only if certain conditions are made. We use that extensively.

The conditional access feature positively affects the robustness of a zero-trust strategy to verify users. We use the conditional access feature in conjunction with the Microsoft Endpoint Manager.

We can use combined security products that fit with the product. It's very effective. It ensures security overlap.

I'm working with a verified ID as well. Users can use that single identity to access what they need and to configure the software developer pipeline to use that Microsoft-managed ID to push and pull code from restart to the application. If you have multiple other solutions, for instance, GCP, you can use that federated credential to manage software and code regardless of the cloud provider that is used by using the unique identity. This makes the work of developers more secure since they only need one ID. Otherwise, they will put on a piece of paper, their username and password for each application that requires access. With this solution, you have one identity secured to move them all, and it's easier for the developer who can be more productive while staying more secure.

We've used the product to onboard or move new employees. That's part of the identity lifecycle workflow that we are experiencing. It's probably the number one product for HR management when it comes to user onboarding. It helps onboard and offboard remote workers with ease. After all, not all departments require the same applications, for instance. With this product, we create the prerequisites by creating an access package. 

Verified ID is good when it comes to privacy and control of identity data. Privacy control is a mix of responsibilities between the organization and Microsoft Cloud, of course. There is full transparency with Microsoft covering this data, however, nothing is perfect. If Microsoft changes something, since they are linked, it may affect performance.

The visibility and control for permission management are excellent. Integrations are becoming more and more native. It helps reduce our surface risk when it comes to identity permissions. When in combination with Microsoft Sentinel, it's really feature-rich. I can also create reports for when management wants to assess problem areas.

It's helped to save time for your IT admin waiters or HR department. There is a reduction of recurring tasks by up to 50% to 70% compared to the legacy solution. It's tricky to contemplate how much money is being saved, however. 

The product has affected the employee user experience in a positive way. The organization is very happy with it.

Sometimes with this solution, since our old API can have some latency and short links if you want to enable permission on a system application can be some delays. For example, sometimes, when a user requires their access, sometimes it's not happening in real-time; they just wait a couple of minutes before the TCI really provides it. Sometimes this can create confusion if a user an engineer or a developer believes that the solution is broken. The solution is not broken. It just sometimes has a delay. That is something that I encourage Microsoft to fix. During the pandemic, we had a lot of conditions with the remote workers. So when the capacity increased, there could be latency. However, that is a Microsoft scalability problem that they have to address at a certain point. That said, it's not a dealbreaker.

It would be good to have more clarity around licensing. It's a bit technical for those strictly dealing with budgets. 

I would like to see a little bit of improvement in the resiliency of the platform. Entra ID has a global point of presence worldwide, however, if one node goes down in a geographical location, it has a global impact. Sometimes even a simple certificate that is not renewed on time can cause global issues. Microsoft should improve global operations and sandboxing. So if one of the nodes is down in Asia, it won't take down the United States as well. The redundancy and the resiliency of the product should be improved over the global geographical scale of the product.

In terms of features, at the moment, the solution is covering everything. I don't see a new feature needed aside from improving their API.

I've been using the solution since 2015 or 2016. I've used it since before the name change.

Overall, the product is stable. It's 99.9% stable. 

In my current organization, we have around 100 users on the solution. However, we have B2B integrations that include 3,000 to 4,000 users.

Microsoft does scale up to hundreds of thousands of objects. The solution scales well.

If you need more than fifty thousand objects that can be created in a single tenant they can be created within an additional directory.

Microsoft offers different tiers of support according to the licensing model. The support is great. Generally, at first, you get a general engineer. They'll tell you to go and check an article. I tend to tell them the issue and lay out the problem and ask them not to send me an article since I am an expert. then I'll get to a second-phase engineer that can help. However, once you get to the right person, support is excellent. 

Positive

I have experience with One Identity, SharePoint, SharePointIQ, and InsightID.

I like how this product has a view on a single pane of glass. Out of the box, it can serve multiple types of organizations that may have multi-cloud strategies. It also has good third-party integration and reporting capabilities. Everything we need to start is right in one solution. 

We do have Okta, which we are phasing out. We use it for some B2C scenarios. It's an excellent product and has solved problems for us over the years.

When you set it up the product, there's always a combination of business people, decision-makers, and IT people, and I always encourage business and decision-makers to read the Microsoft adoption framework for Entra VNS Ready. So that way the decision makers have an idea of how to use the product and which features are required. Then we start with the technical part. 

We should basically start always with an assessment. How many users do you have? Which one is the office license model? And so on and so forth. When the assessment is done and when we have an idea of the topology of the user, we can start the design. We ask, okay, would you like to be cloud native? Would you like to have a hybrid model where you have an on-prem identity shipped to the cloud? And based on the decision, we'll start by usually setting up Azure AD Connect. 

Azure AD Connect is a solution that's on-prem. We'll onboard the identity on the cloud and all the security tokens that come with it. Then, of course, we start to plan the identity migration.

Based on the call on existing users, the next design is to onboard a lifecycle identity for the new commerce that will join and for people that will lead. It's important to read the Microsoft architecture and adoption framework for InsightID. And based on that, then we go into the nitty gritty technical decisions. 

The setup can be handled by one person. However, once you begin to integrate it with 95% of the organization and need to touch messaging systems and mail systems, you'll need to collaborate with others. If you are using the Internet and SharePoint, you need an Internet engineer. You likely need a few people to assist.

The maintenance aspect is not difficult. It's a SaaS and Microsoft handles most of the burden. You just need to perform hygiene rather than maintenance, for example, removing people you no longer need. While maintenance is mostly taken care of, people should pay attention to the Azure cloud as Azure can cause security holes with changes. 

We have witnessed a return on investment, however, it's hard to quantify. Definitely, in the long run, there's a benefit to leveraging the product.

Decision-makers dealing with budgets will sometimes struggle to really understand the kind of license that's needed. When you are doing multi-cloud the costs can be a little bit higher. It may not be cost-effective if you do not how to use the platform.

The price point is pretty high.

However, for Android and Office users, it's very useful to have.

We use a hybrid approach on-prem. We have some log applications and some legacy applications that require us to have an active directory as a primary identity source of view. This means that we ship our identity to the cloud, however, we don't have a vice-versa mechanism. 

I'd advise potential new users should investigate by creating a POC free of charge. Microsoft offers free credits for POCs. These can be extended for a certain amount of time.

I'd encourage anyone to contact a Microsoft representative and set up a POC and get training material and really evaluate the product first. Once you use it, there's no going back.

I'd rate the solution eight out of ten.