Microsoft Entra ID Reviews

I use Entra to log into systems and applications, mainly within the office for work-related tasks and for other applications that accept Microsoft Authentication. I always use my work ID to log in when I can. Within the organization, everyone has an ID, so I'm engaged with the onboarding process, but I don't create the IDs.

I don't know what they had before Entra, but if we didn't have the solution, we wouldn't have a security model for Microsoft 365 products like Outlook, Excel, and all the other Office stuff. We wouldn't have a secondary way to identify people. Entra hooks into everything else that Microsoft does, making it much easier to manage security across systems and platforms.

Entra has made securing our apps and resources more straightforward. Microsoft has updated security methods to make its authentication more secure. The solution has facilitated our Zero Trust Model. You can't use the computers without authenticating. There is no public access, so unless you sneak up behind someone and take over their computer, you can't do anything without an ID.

I'm not on the security team, so I don't know the effect of Entra on the number of security incidents. Anecdotally, I know that some people at my organization don't like passwords, and they've had to get over that. Those people have likely seen a drastic decrease in identity theft incidents.

I love how it uniquely identifies a person universally. If you have the email address, it will be the same account across most platforms. If everything is set up correctly, it's easy to identify a person and get all kinds of information about them from Azure or whichever system. 

Microsoft support has some room for improvement. I avoid contacting them because it can be time-consuming. They don't necessarily find the solution, but you have to be on call for them to connect and do things on your system remotely. You have to schedule a time to meet with them, and it's somewhat inconvenient.

I've been using Entra ID for about 12 years.

Entra has never gone down as far as I know, so it's 100 percent stable.

It's stable for our organization of about three hundred people and can handle scalability.

I rate Microsoft support six out of 10. 

Neutral

The biggest return on investment on Entra is improved security, ensuring our organization is less of a target. It works how it's intended and does a good job.

It's the most basic Azure service available, and I understand it's cost-effective. You need a tenant to use Entra to authenticate.

I would rate Microsoft Entra ID a solid 10 out of 10.

I have been employed as a subject matter expert for Microsoft Entra ID, as well as other Microsoft projects. Presently, my organization is collaborating closely with the Microsoft product team. This involves handling end-to-end customer scenarios connected to the products. In cases where there are issues related to configuration or operational scenarios, I provide assistance by configuring based on the organizational requirements. Additionally, I ensure end-to-end security through Microsoft Entra ID. I have dedicated the past 22 months to working within my organization on various Microsoft projects.

Microsoft Entra ID is a cloud-only service. However, if a customer has existing on-premises resources, they can integrate them using Azure Ready Connect to Microsoft Entra ID. It can be used in a hybrid mode depending on the organization's requirements.

Microsoft Entra ID provides a unified interface for managing user access. The user's sign-on experience relies on several factors, including the specific service or resource they are attempting to reach. The initial sign-on process involves first-factor authentication, which typically entails entering the username and password. Depending on the user's assigned security level, multi-factor authentication may be required. If the user is attempting to access an application and Single Sign-On is enabled, they can also enjoy a seamless sign-on experience for accessing both on-premises and cloud-only resources.

The admin center assists us in managing everything, from global administrators to Role-Based Access Control provisions. If a specific admin needs to be assigned to access all user authentication methods, an authentication administrator will be made available. Similarly, a conditional access administrator can assume this role if needed. We have a variety of roles accessible for performing tasks such as accessing, reading, writing, and editing operations, all based on specific requirements. Alternatively, there's the global administration role, which holds the capability to perform various actions and possesses full control over the tenant. This control can be exercised through the admin center.

When the COVID-19 pandemic emerged, all of our employees across various organizations worldwide began working from home. This trend of remote work continues significantly. Users operate from diverse networks, which might vary in terms of security levels. In order to safeguard resources, Microsoft Entra ID plays a pivotal role for all organizations, not solely for mine. Microsoft Entra ID provides essential security features, such as continuous access evaluation, multifactor authentication, IP restriction, and device-based blocking. These features constitute a device registration scenario that organizations can adopt. Whether an organization chooses to manage devices through Microsoft Entra ID or one of the other device registration scenarios available depends on the specific context, particularly the industrial location for an IT engineer. In this setup, an organization can impose restrictions or temporary blocks on users directly, contributing to the assurance of secure logins. This approach aids organizations in preventing unauthorized access to user accounts and organizational data from potentially malicious actors like hackers or unauthorized exporters. Microsoft Entra ID has been designed to enhance the security of both users and organizational information, aligning with Microsoft's commitment to safeguarding user data.

Conditional access is among the most reliable and secure features enhancing the performance of Microsoft Enterprise ID. This functionality enables us to execute various actions, as I have previously indicated. These statements are straightforward and comprehensive. To prevent access for specific users, we must apply logs based on specific requirements. If there is a need to restrict a user, we can implement a pause. This means that if a user is accessing from a certain location or utilizing a particular device, they will be granted access. Conversely, if these conditions are not met, the user's access will be denied. Therefore, conditional access policies can be employed as the organization's primary line of defense. In the past 22 months, updates have been made to the conditional access framework, incorporating conditional access policies from both session management and control management. This enhancement enables organization administrators to apply more refined filters, thereby enhancing user security. These updates include the potential enforcement of app protection procedures through Entra ID. Alternatively, administrators may create custom policies for specific applications or websites using the Defender of products. In the past, the option to merge different Entra apps and conditional access was not available. Presently, conditional access policies offer heightened security, allowing the creation of policies from various Microsoft services, including different apps. This capability empowers us to restrict users or employees from actions like copying certain data or transferring information to other locations. It prevents downloading of company information from untrusted devices as well. Additionally, our implementation of app protection policies aligns various Microsoft services with conditional access policies, further fortifying overall security.

The three factors for implementing a zero-trust framework are verifying the users, checking their privileges, and aiding in identifying any breaches. Conditional access assists with this process.

We can establish application restrictions and enforcement policies based on the Entra ID. These policies can then be aligned with conditional access policies across various locations. Additionally, we have the ability to formulate policies, such as designating trusted and untrusted locations for device data. This ensures that specific applications will only be accessible if they meet the conditional access prerequisites both from Entra and within the Endpoint Manager policies. This encompasses all first-party Microsoft applications as well.

The Verified ID feature is one of the most impressive functionalities I have encountered. Although I haven't used it personally, my role involves working as a technical support engineer for Microsoft. My responsibilities include handling support requests for Microsoft and assisting customers worldwide, whether they are utilizing premier or personal support services. To the best of my understanding, the Verified ID offers one of the most secure methods for organizations to store their data via the Decentralized Identifier framework. This enables them to manage their setup autonomously and perform DID verifications. Through this process, organizations can issue credentials to users using the Microsoft Authenticator app. This ensures that a web server is set up and a decentralized ID is created. Importantly, all organizational data remains confined within the organization; Microsoft does not retain user credentials or passwords. Consequently, all organizational data becomes integrated into the decentralized ID. This process is carried out by administrators responsible for onboarding users into the organization. When an employee joins the organization, they are issued credentials using the Verified ID feature through the authenticator app. Subsequently, these credentials are passed on to the user. The authenticator app then verifies the legitimacy of the request.

Microsoft Entra ID has proven invaluable in saving time for both our IT administrators and HR departments. Prior to Entra ID, we were required to generate individual user IDs sequentially. However, with Entra ID, we now have the convenience of producing them in bulk. This includes the ability to furnish these user access IDs temporarily, along with corresponding temporary passwords. This is achieved through a CSV-formatted Excel sheet. This process is particularly advantageous when juxtaposed with onboarding new users. For our existing users, determinations are made based on their user activity and potential risk status. In this regard, our IT administrators or global admins are promptly alerted if any user is flagged as risky. These notifications and identity protection features are integral components of Microsoft Entra ID, especially in relation to potential users. Furthermore, our system incorporates the latest workflow feature. This functionality closely resembles Identity Protection, although the latter exclusively pertains to users and objects. Conversely, virtual IDs oversee services, including applications and various other resources that have been generated via web apps, SQL, or SharePoint instances.

Microsoft Entra ID has significantly contributed to cost savings within our organization. Prior to implementing Entra ID, substantial financial resources were dedicated to various investments. Particularly in the realm of licensing, any learning initiative incurred substantial expenses. However, there has been a notable transformation in Azure, now rebranded as Entra, accompanied by the incorporation of numerous features under the Microsoft Entra ID umbrella. Undoubtedly, this has greatly enhanced cost management for our organization. Moreover, we now possess the capability to effectively manage subscriptions. We receive regular alerts from the cost management infrastructure, providing insights into our resource consumption. A distinct 'pay-as-you-go' option empowers us to select and pay solely for the resources we utilize. This approach enables us to forego committing to a fixed amount of virtual machines for a predetermined period. Instead, we can opt for resources as needed, paying only for their actual usage. Indeed, the cloud plays a pivotal role in cost savings when compared to the complexities of managing on-premises servers and resources.

The Microsoft Entra ID has significantly enhanced our user experience. In our daily scenarios, there is no need to log in every time. This is especially beneficial for user authentication and accessing various resources. Entra offers features that simplify our daily tasks and the use of dynamic applications that we host. One remarkable feature is the ability to utilize single sign-on, which is both cool and highly effective. Additionally, we have the option of Windows Hello for Business, including field authentication for Windows Hello for Business. These authentication features streamline the login process and contribute to the ease of our work. 

The most valuable feature of Microsoft Entra ID is its security options, where we can provide highly effective security for user accounts during authentication. We have a conditional access policy in place, along with modern authentication methods that can be configured in various ways to meet organizational requirements. These methods may include phone calls, SMS, or even passwordless authentication, which is the most convenient and secure method introduced by Microsoft. This includes Windows Hello for business and certification-based authentication as well.

There are several limitations that Microsoft is currently facing. Since I work with global customers daily, they often come up with new ideas. However, these ideas are sometimes hindered by Microsoft's limitations. As a result, many people are turning to third-party tools or services, even from vendors that are not as reputable as AWS or GCP.

I have personally made similar suggestions to my product team, especially regarding the vendors that users are attempting to rely on. For instance, certain organizations prefer to restrict the use of mobile phones, particularly in countries like India. These organizations are very strict about security and prohibit the use of Android or camera-enabled mobile devices for their employees. Consequently, these users cannot utilize Microsoft Authentication, and instead, they must resort to other password authentication methods such as Fido or Windows Hello for Business.

Among these options, we have only one choice, which is Fido, a security key. However, when users need to use Fido, they are required to also use multifactor authentication. This means that a user can only register for Fido after they have registered for the Authenticator, which is not an ideal scenario. If an organization has already decided not to use mobile phones and has opted for Fido authentication with security keys, it's not advisable to then ask them to use Microsoft Authenticator.

Recently, Microsoft introduced an alternative solution known as the temporary access pass. This pass allows users to log in temporarily, but its effectiveness is limited. This is especially true for Fido authentication with security keys, although it is included in the Entra IDs CBA, particularly for Android and mobile devices. Unfortunately, these secure options are not available when logging in from devices like iPads or iOS-based mobiles, other operating systems, laptops, mobile devices, Chrome, or Linux machines.

Microsoft needs to make improvements in this regard and extend its services to other operating systems as well, especially when considering their widespread usage.

I have been using Microsoft Entra ID for almost two years.

The solution is continuously being updated and enhanced with new features. As we are involved in Microsoft projects, we get a sneak peek into the upcoming release of Microsoft Entra ID, and I am confident it will be exceptionally stable.

Microsoft Entra ID is scalable.

I have been employed as a tech support engineer, assisting with Microsoft products since the inception of my career. As a result, I have not required the services of their customer support.

I have utilized Okta solely for federation services in some testing capacities within my laboratory environment. Okta proves advantageous for establishing federated connections between Azure instances across different clouds. To illustrate, imagine that Microsoft employs local active directory federation services. This duplication seems inevitable, given Microsoft's explicit intentions conveyed through the Microsoft Ignite channel.

Consequently, Microsoft ought to develop federation services akin to Okta's, which offers exclusive cloud-based federation services. This offering would greatly assist users and organizations habituated to utilizing federated authentication protocols. It would be prudent for Microsoft to integrate a cloud-exclusive federation service into Azure Cloud.

Furthermore, Microsoft contends that, in terms of security and trustworthiness in authentication service identity providers, Entra reigns supreme compared to other options. In this regard, I concur that Entra boasts superior security when contrasted with Okta.

Azure Cloud refrains from provisioning specific federation endpoints for certain applications due to the persistent usage of on-premises or federated applications by numerous organizations. This gap is where Okta has capitalized, effectively occupying the market space that Entra commands in such scenarios.

The initial setup is straightforward. The deployment is simple. We possess Microsoft learning documents and public articles from Microsoft, along with community channels. If we aim to adhere to these instructions, the process is quite simple. Even a college graduate attempting to configure from the Entra web portal will find it easy to follow. The procedure is particularly straightforward for specific scenarios and the specific topics that Entra provides.

I completed the implementation in-house using the documentation provided by Microsoft and by following the Microsoft YouTube channels.

Entra's pricing is somewhat higher compared to AWS. With AWS, we have the ability to access EC2 servers, which are essentially virtual machines, for free for a duration of up to one year, specifically the basic virtual machine instances. However, Entra does not offer a similar option. If we are utilizing any form of virtual machine on Entra, we must begin payment after one month of complimentary usage. Unlike AWS, Entra does not provide access to basic virtual machine instances for educational or testing purposes. Furthermore, there is a discernible difference in pricing and licensing when we compare AWS Identity Access Management with Entra's ID system.

I would rate Microsoft Entra ID eight out of ten. I deducted two points due to the limitations concerning the connectivity of services for Android and other operating systems.

I was a consultant. I recently changed my job (seven days ago). Most of my customers did everything in Azure. They used Azure Active Directory Domain Services (AD DS) as well as Active Directory Federation Services (ADFS) to sync a user's profile using AD Connect and a federated model. So, they could access an application on-premises as well as in a cloud. 

I am now a CTO for a big hospital. I manage Azure AD for all hospitals as the CTO. They also use Office 365 across all four of their hospitals. 

The solution is hybrid cloud. We have the Active Directory on-premises and Active Directory Domain services in Azure. This is where I use AD Connect (or sync server) to sync the user's profile.

Azure AD has features that have helped improve security posture. From a security point of view, they integrated with Okta, which is one of the integrations that we used for a customer's use case. From there, their entire security posture is managed and integrated with Azure.

It gave better visibility on our customers' security posture - the way that they configure users, configure their end user computing, and multi-factor authentication. This is where they get better visibility and manageability through this particular solution.

A use case that we did for an end user in a manufacturing organization: We used WVD with biometric authentication because 1,500 processes need to happen in a process. The user didn't want to use a login using their credentials. They wanted to use fingerprinting or tap their ID. That is where we integrated with the authentication. Now, they can process in a couple of hours, and they run those 1,500 processes every day. This changed their login process, which improved the manufacturing process. This helped a lot for their high deployment.

In my current organization, it is connected only for Office 365. We are getting into other services that Azure has to offer, but that has not yet started. The first use case that we are going to do is backup and recovery through Azure AD.

We are trying to do backup for some Tier 1 applications through Commvault. We will use that data to restore within the Azure environment or Azure Virtual Network (VNet), recovering all the applications. We then make sure that we have the capability for recovering those applications end-to-end. This is where Azure AD will play a huge role, so we don't have to come down to on-premises for authentication.

• The authentication process, e.g., multi-factor authentication.
• Directory Domain Services.
• Azure AD Connect (sync services).

The biggest thing is if they could integrate with their IPS/IDS processes as well as have integration with another app, like a third-party application. Varonis was another solution that my customers are trying to integrate with ADFS. For some reason, they were seeing some difficulties with the integration. There is a case open with Microsoft on this particular thing.

The only issue is the OU is not properly synced. Therefore, you have to do a manual sync sometimes or you might lose the connector due to AD Connect or sync servers.

I have been using it for a couple of years.

I haven't seen any major issues. 

We had a customer with roughly around 80,000 users. They had three SMEs or FTEs managing their Active Directory environment or solution.

Maintenance-wise, we need at least two FTEs for backup, making sure that we have the right coverage 24/7.

I think we can add more systems to make sure that we can connect. The documentation provides more detail about the sizing information for OVA files or AD Connect files on the server. So, you have those kinds of capabilities built into the scalability.

Before, we used to manage most technical issues. For example, if there was a critical thing that had to happen, then we would open a case. The support that we used to get from Microsoft was great because we were a Gold partner with Microsoft, so we had good access for the technical team.

We don't use the technical support too much because we have engaged a partner for my current organization. 

The initial setup was so straightforward. The documentation is good. There were no problems deploying it. We did the deployment for one customer in less than an hour. Another customer took some time because it is more like a process for change management. Otherwise, the actual installation, download, and configuration took less than a couple of hours.

My previous company's focus was on how to integrate a customer's Active Directory with Okta, how to integrate it with MFAs, and how to integrate with security IMs.

The deployment was easy to do and integrate with on-premises. So if it was a small- or medium-sized customer, we could bring them into the cloud in no time. Also, we could start looking into other applications that the customer could use: Docker containers or DevOps. This is where we spent most of the time, i.e., with customer design.

Every hospital with Office 365 comes with Active Directory Domain Services so you need to sync all your users. That is how the implementation is done today.

At my previous employer, most of our customers' application deployment used Ruby on Rails in their AWS environment and were looking for an authentication process. So, we installed Active Directory or ADFS in Azure for a specific client. Then, all applications would get authenticated to Azure Active Directory and synced from their on-premises environment. 

There was another client for whom we installed Azure Directory Domain Services, which synced with their on-premises data and federated model so we could get the single sign-on. We then installed Azure VMware Solution in Azure for their expanding or extending their on-premises VMware architecture.

We created a questionnaire where we documented the customer's current environment. For example, customers wanted to sync the amount of users. We then used that questionnaire to take care of the prerequisite before we even started deploying this solution.

The whole deployment process should take less than one FTE.

It provides an organization flexibility to move towards the public cloud, so their workload can be upstream. They can see that they don't have to come down to their on-premises for any authorization authentications. That is where we were seeing more development environments, staging environments, and DevOps environments, as most of our customers were pushing towards the public cloud, which would then be integrated with their Azure Active Directory.

The licensing model is straightforward. I don't think there are any issues with the E3 license or E5 license.

We had a customer with very traditional architecture in AWS. We spun up the ECP instance, then installed and replicated the Active Directory. Other than that, I don't think we had another customer who was going in a different direction.

We have a budget for Q4 2021. By Q1 2022, we are hoping to get one hospital completely in Azure by 2022.

The only way to learn about the value that Azure brings to the table is if a customer can use as an evaluation copy or license. Then, they can integrate and push the development OUs or the test OU to make sure that they can integrate with the MFAs.

I would rate this solution as an eight or nine (out of 10).

We use Microsoft Entra ID for multi-factor authentication (MFA) and users logging in for any Microsoft applications, especially for Microsoft 365.

Microsoft Entra ID has helped make our company more secure. Conditional access policies have assisted our users in logging in from various locations, not just on-premises.

Microsoft Entra ID makes the apps or resources in our environment more secure, especially with conditional access policies.

We use the cloud sync, so we can sync up with our Active Directory user accounts with the on-premise AD. There is a single password for the user, so we can put all the policy requirements and password complexities around it. It helps when the user does not have all these separate passwords, and we can make passwords more complex for better security.

We have not used the device-bound passkeys, but the Microsoft Authenticator app has helped a lot in terms of proving that the users are who they say they are, helping with the MFA authentication. It is a pretty easy-to-use app, especially with the number verification. It provides an extra later when someone is not just accepting an MFA prompt on their phone in the middle of the night.

Microsoft Entra ID has helped us defend against token theft and nation-state attacks. We were at more risk without it. It has helped us to better secure our environment and our users.

When we implemented it many moons ago, it increased our incidents, but Microsoft has gotten a lot better and the incident count has dropped dramatically. When you put in your users' ability to log into the cloud, if anyone has an email address of a user, they can just go to Microsoft.com and try to log in. That increases incidents, but the MFA and contextual policies help reduce the incident count.

I find the conditional access policies to be the most valuable. They provide a lot of granularity in determining where the users can log in from, how they log in, and what they have access to.

Having a little bit more logging would be beneficial. Better user sign-in logging is needed. We work with Okta, and the two of them do not always work well together. We can have more insight into some of the user information and how it interacts.

I have been using Microsoft Entra ID for about six years.

Microsoft Entra ID is a stable solution. We rarely had significant problems or crashes. We have had very few issues over the years.

We have never had any issues with the scalability of Microsoft Entra ID.

I would rate their technical support a six out of ten. It requires starting at the bottom and working our way up, which is time-consuming. The tech support model or the person we are working with is not always knowledgeable to the level we need help. 

Before we call support, we would have already exhausted many possibilities. Having to start at the bottom and go through it all over again is frustrating because time is very critical. When working with support, it can be frustrating because we have to go over things that we have already tried to resolve.

The time they take to get back to us is also sometimes longer. They have their SLAs, but when you are back and forth with the rep, it sometimes takes a lot of time.

Neutral

We were a Novell shop before migrating to Microsoft. The decision to migrate happened many years ago before my time at the company.

We have a hybrid setup. We had a partner to help us. It was fairly easy. I have since done smaller implementations on my own, and it is fairly straightforward and easy.

Our partner had an implementation strategy for us. We worked with them to implement the solution.

Our implementation team was assisted by a partner named Araya. Working with them was a good experience. We were able to get everything migrated and launched in Microsoft Azure. Overall, it was a good experience, enabling us to launch in Microsoft Azure successfully.

I would rate Microsoft Entra ID a nine out of ten. You have to do a lot to get a ten.

It is the primary ID platform that we use. It is where all our users are homed. We have Intune integrated with it as well. We use it for authentication. We still have some on-prem infrastructure, which uses legacy or traditional on-premises Active Directory, but all the endpoints and all the users are homed in there.

We integrate with single sign-on for a lot of applications, such as Monday.com and ConnectWise. There are a lot of other tools there, and we use Entra ID for them as well. We use the multifactor authentication functionality in there and then Intune as well, which technically is not a part of Entra ID, but they are very close-knit. We use that for software deployment onto devices, and then we have been on Autopilot for device building and everything like that. It is the center of a lot of what we do.

Years ago, we had on-premises Active Directory, and we still got some clients out with the on-premises Active Directory. On-premises Active Directory worked well when everyone was in the office, but you had to be on the network to log in. If you took a computer home, you could not log in. Microsoft Entra ID definitely accommodates remote working. It is in the cloud. It is a lot more flexible. Someone can just eat out of the box now. They can log into a device, and it sets itself up and deploys the apps with supporting services. It is definitely a lot more flexible, and because it is in the cloud, it is evergreen. New functionality and features are coming out to it all the time, which is great. Previously, every three years or so, you would upgrade your server and you get new functionality, whereas now, you are getting that all the time. If you want to integrate with automation and AI, it all comes to Entra ID first. It is very powerful, and the flexibility to upgrade indefinitely and allow people to work from anywhere is a big push of it.

Microsoft Entra provides a single pane of glass for managing user access. Having that as your single source of truth is very helpful. That directory can be accessed from anywhere without a VPN or anything else. When you are applying a security policy through Intune and Entra ID, you can be sure that it is applying to all devices, whereas with an on-premises directory, you might have a group policy to apply security, and you might change that policy, but if someone was not in the office or using VPN, that policy might not update on their device, so you could never be sure if it worked. There was no way to look at your 500 machines and see which machines had the policy applied and which did not. You could not do that, whereas, with Entra ID, you can. You can even do things in Intune where, for example, if a security policy is not applied or if a device does not have the necessary threshold of security policies and security software, the device is no longer compliant, and it cannot access any resources and things like that. It is much more powerful.

It works very well. Conditional access is probably one of the best features of Entra ID for the ability to control what can be accessed from where and by whom. In the zero trust model, it is very good. We are an IT managed services provider. We are a massive target, and it is a huge risk because if someone breached us, they breached our 2,000 downstream clients because we have got access to their systems. Within Microsoft 365 or Entra ID tenant, you cannot even log in to that tenant unless you are on a compliant IT device. It is a powerful feature.

It has definitely helped to save time for our IT administrators. When I speak to clients, I always work on a rule of about two or three percent of the headcount for IT. It is normal IT when you are a reasonable-sized company, but with 500 people, we have got three people in that team now, which is much lower than that. When you buy a new device, you can log in with the IT credentials. It sets it all up. All your policies and all your software are ready to go. There are no humans building that manually. A lot of it is sort of self-service now as well. So, it cuts down on a lot of time and that thing where people have to come to the office to update their software. The way it was five years ago, if you got an issue with a new laptop, you had to take it to the office and log in yourself for the first time before you went home. You do not have to do any of that now. With Entra ID, the access is via the cloud, so you do not have that issue where years ago, your password would get out of sync with the office. You do not have to deal with all of that. Compared to an on-prem device years ago, the support required is much less. You can now deploy the software centrally and remotely. We are an SMB. Our customers are SMBs. If you are a big company, you probably had a technology platform or a team waiting to deploy software remotely even years ago, but SMBs did not have that. A lot of work was manual, and it was time-consuming, whereas now, with Entra ID and some of the functionality around it, those small businesses almost have a corporate-size business service that they can provide, and it is whatever pounds per user a month.

The cost savings are probably quite high. There is a lot of efficiency for the IT team. There are a less number of issues, so the users are more productive. A typical IT function is a 2% to 3% headcount for a 500 people organization. You would expect ten people to be on our IT team, but we have got two to three people. We have six heads less than we might have had years ago. We are an IT company, so everything should be running slick. We are also using a lot of bleeding-edge technology, so there are some more issues with that, but we have fewer people to support the business. People are more productive. It is hard to quantify the savings, but it is a lot. I have been around long enough to know what the world was like before and how painful it was, but I do not have any stats. I have customers who invest in a lot of technology, and I have ones that do not. We are producing some metrics around that, and it is really interesting to see that the customers who spend a lot do not have major outages. They log fewer tickets and things like that.

Coming from a traditional on-premises Active Directory infrastructure, it is purely a SaaS platform. It is global. It is evergreen. It is always evolving. It is core to the Microsoft Ecosystem. We are just starting to get involved with Power Automate. Because it is all hooked into Entra ID, it is all integrated in there, so the same security, governance, and controls are a part of that. It drives that ecosystem, and we can just keep adding services on top of that, which we do and sell.

They have had a few outages, so stability is a little bit of an issue. It is global. That is the thing. I know some of the other competitors are regionalized ID platforms, but Entra ID is global, so when something goes wrong, it is a problem because it underpins everything, whether you are logging in to M365 or you have single sign-on to Azure, Autopilot, Intune, Exchange mailbox or another application. If there is a problem with Entra ID, all of that falls apart, so its great strength and weakness is the global single tenant for it. Stability is a key area for me. Otherwise, it is generally pretty good. 

We are getting away from the hybrid experience where we used to have devices connected to Entra ID and on-premises directory. That was painful because the on-prem version was probably developed 30 years ago, and it was not designed for a cloud world. It is not too bad now, but getting there can be quite painful in terms of synchronous users and things. It is not very seamless, but if you are fully in Entra ID only, it is a good experience. The stability and the hybrid state can be very problematic and complicated.

It was formerly called Azure Active Directory. We have probably been using it since it was launched.

I have been a Microsoft partner for 15 years. I have been a partner since I have had our business. It has been quite a long time. 

We are a managed service provider, so one of our core solutions is managed IT support. Microsoft's technical support is not great. We are a partner. We are not an end customer. We have a partner premium support agreement. We have a very strong technical team, and when we go to Microsoft, it is pretty serious. 

We have 2,000 clients for a 70 million turnover. We probably escalate 10 to 15 tickets a year to them. When we raise a ticket, the first person asks the basic things such as if we have restarted the device. With Microsoft, when you get to the right person in technical support, it works, but that is a few layers up, and you have to push hard to get there. However, they have saved us a couple of times. 

We spend 15 million pounds a year on Microsoft, but I would pay to have a better direct channel to someone senior because, by the time we are escalating an issue, it is pretty serious. It needs to go to someone senior, not junior.

Even when I was querying about coming to this conference because we get some marketing funds, they said that I cannot claim it. I had to escalate it, and then eventually, they confirmed it was right. It took about a month.

Neutral

We have got a couple of customers who use Okta as their ID platform for authentication. That was not our choice. That was their choice.

Okta started the Cloud or SaaS ID platform authentication. They were the real pioneers of that. A lot of the features of Azure or Entra ID were in Okta first. Sometimes, Microsoft does not innovate in some areas initially, but they certainly catch up. Okta is probably the market leader in terms of Cloud or SaaS ID. 

The two customers that we have now are very painful to move to Entra ID. If we were deciding it now, they probably would not use it because Entra ID has caught up so much. It is better. One customer has 500 people and 100 grand a year for Okta. Okta is seen as the thought leader, and it is a good product. My boss is not technical, but he always says to me, "Is that like the Rolls Royce solution? Do you need a Rolls Royce?"

I am not an Okta expert, but it has automation capabilities such as user life cycle management where if you have a new staff, it will go through and add them to all the necessary systems and get them all set up and ready to go. Entra ID offers some of that automation now. I have not really looked at it, but it is not as powerful. Some of the governance features in Okta are very good as well. Okta looks a lot better, and it is a much nicer interface than Entra ID, even though Entra ID has become better. In the case of Entra ID, for most of our customers, Entra ID is included in the license they bought anyway. If they stop using Entra ID and start using Okta, they are not going to save money. They are just going to incur more costs. A Microsoft solution is integrated into the Microsoft ecosystem. It is easy. It is there. It is the default. You can use Okta with it, but that conditional access piece is almost like the real USP. That is the real winning feature in Entra ID. You probably do not get it with Okta, so that would be the real winner.

Entra ID is not too bad, but Microsoft licensing generally is insane. Most customers normally buy a bundle license with Microsoft 365, E3, or E5. Out of our 2,000 customers, for 99.9% of our customers, the Entra ID license that they are getting through the part of that would be sufficient. There are some more advanced ones that give you a bit more functionality, but we probably have not had a customer for that. We do not even internally use that ourselves.

When you buy the Entra ID license on its own, it is probably three or four pounds. You just get it included in the license. Most people buy it anyway because it comes with conditional access and Intune and all such things that they might use, so that is straightforward. Okta is not cheap. For a customer with 400 or 500 users, it is about 100 grand a year. It is like a premium product in price point comparison. When you move to Okta, you are not saving money on the Microsoft side, so it is not worth it for most companies.

Overall, I would rate Entra ID an eight out of ten.

We run in a hybrid model. We have our Active Directory on-premise directory services that we provide. We basically went to Azure so we could provide additional capabilities, like single sign-on and multi-factor authentication.

We are running in a hybrid environment. It is not completely cloud-native. We sync our on-premise directory to the cloud.

It definitely has improved our security posture, certainly from providing that second factor of authentication. It provides more visibility. We can see all facets of the business, e.g., when people are logging into our resources. This solution makes it highly visible to us.

It enhanced our end user experience quite a bit. Instead of the days of having to contact the service desk with challenges for choosing their password, users can go in and do it themselves locally, regardless of where they are in the world. This has certainly made it a better experience accessing their applications. Previously, a lot of times, they had to remember multiple usernames and passwords for different systems. This solution brings it all together, using a single sign-on experience. 

Is this specific to Azure? No. We have had other IdPs that gave us that same experience, but we have more apps that are integrated into Azure today from single sign-on than we had previously. Having that one handy "my apps" page for folks to go to as their one source for being able to gain access to all their apps is a much better experience from my point of view.

• Azure Application Proxy
• Single sign-on capabilities for SAML
• OAuth integrated applications
• The multi-factor authentication piece was desirable.
• Defender for Identity, as of recently.
• Some of the services, like Microsoft MCAS solution. 

These features offer additional layers of security, which is kind of what we were looking for. 

Some of the self-service password utilities certainly helped, given the scenario of the world today with COVID-19 and lockdowns. We certainly benefited from being able to say, "Have our users changed their password remotely." When they connect to the VPN, then sync them back up with the domain. So, that was very beneficial for us as well.

The thing that is a bit annoying is the inability to nest groups. Because we run an Azure hybrid model, we have nested groups on-premise which does not translate well. So, we have written some scripts to kind of work around that. This is a feature request that we have put in previously to be able to use a group that is nested in Active Directory on-premise and have it handled the same way in Azure. That is something that is actively being worked on. 

One of the other things that we felt could be improved upon is from an Application Proxy perspective. We have applications native to SSH, and we want to be able to do app proxy to TCP/IP. It sounds like that is actively on the roadmap now, which was amazing. It makes us very excited that it is coming, because we do have use cases with that as well.

I have been using it for a few years now.

The stability has been pretty rock solid. For the first time, we have seen some instability over the last month. I know there were some issues with Microsoft in terms of one of their stacks. That was something that they addressed pretty quickly though. We were appraised of the issues by our technical account manager, so we were in the know. We weren't left in the dark when something happened, and it was remediated pretty quickly.

We have about five to six folks whose main role is to manage identity, and that is my team at the company. However, we also have administrators all over the globe, handling service desk tickets, e.g., resetting passwords. There are about 30 or 40 people, if you include that level of things. However, from a global admin perspective, we probably have a total of eight people.

It is certainly scalable. Whether you are connecting to a local on-premise directory services organization, or if you are using B2B and B2C. This is part of the vision: At some point, leverage some of the B2B features that we have appointed to us in Azure, which we don't do today. This is certainly something that we are looking at internally as a potential for moving forward. 

We are managing 7,000 to 8,000 users within Azure AD.

This is room for growth.  

We are part of the DPP program. So, we talk to the identity folks at Microsoft on a weekly basis, who are amazing. It has been such a great experience with those folks.

The technical support that we get through the GTP program is amazing. Microsoft Premier Support is pretty good as well. We have called them, but typically we don't have the type of issues that we are calling all the time for. We have a pretty savvy team, and just being plugged into the GTP team has helped us understand new features which are coming out, whether we are part of an active preview or attending an evening where they are doing a webinar to introduce new features to us. The cool thing about that is you do have that line of sight if you need to ask questions or get technical answers. Between our technical account manager and our GTP partner, we do relatively well without having to open too many cases.

We had a different identity provider at one point in time. At the time that we were looking at identity providers, Microsoft really wasn't there from a technical perspective. They are there now, far surpassing some of the things that we have done in the past. So, it was a no-brainer for us. We are very much a Microsoft organization. Primarily, it is the operating system of choice, not only for endpoint service, but it was a pretty good deal to move over and leverage some of the licensing and whatnot for our end users.

From an IdP perspective, we had Okta for quite some time. We had some limitations with Okta that we were looking at Azure to handle. I got pulled in kind of mid-project. I am not really sure when the decision was made, or how it was made, but certainly cost was a factor. We were already licensed for a lot of what was needed to go with Azure, where we were paying Okta separate licensing fees. So, we saved money by switching from Okta to Azure.

The initial setup would have been complex if it had not been for being part of the GTP program. We have gotten a lot of value out of that program in terms of cross-training our team members, catching up on any new features that come out as well as any of the gotchas that the Microsoft team has seen. So, those have benefited us quite a bit.

The deployment probably took six to eight months. Standing up Azure and sinking your directory services, like creating a connector, takes minutes. We could stand that up in the day. What took time was taking all of the applications that we have throughout the environment, migrating them across and doing integrations with single sign-on. You need to have conversations with different application owners as well as potentially pulling in some vendors to do some of the configuration. There may be some apps which are not as straightforward as others, but we thought that the experience was pretty straightforward (to a point) where we can handle a lot of the work ourselves.

When we needed Microsoft, we were able to reach out, talk to them, and get the assistance that we needed. That was super beneficial to us.

There are a lot less calls to our service desk. For some of the traditional, "Hey, I need to reset my password," or "Hey, I'm locked out." So, we're seeing a lot of that self-service, gaining access to the different apps, and having it all be integrated with Azure will take away some of the headache. For example, "I don't know what my password is for GitHub," or, "I don't know what password is for Slack." We are like, "Well, it's the same password that you use every day." So, that has dropped call volume.

If you have a different IdP today, I would take a close look at what your licensing looks like, then reevaluate the licensing that you have with Microsoft 365, and see if you're covered for some of this other stuff. Folks sometimes don't realize that, "Oh, I'm licensed for that service in Azure." This becomes one of those situations where you have the "aha" moment, "Oh, I didn't know we can do that. Alright, let's go down this road." Then, they start to have conversations with Microsoft to see what they can gain. I would recommend that they work closely with their TAM, just to make sure that they are getting the right level of service. They may just not be aware of what is available to them.

We look to gain new features when updating licensing. Every time we go to negotiate an enterprise agreement, we are looking at:

• What are the benefits?
• What are we getting back from Microsoft?
  
  They are very good at working with us to get what we are looking for in terms of working on packaging for pricing.

We did not evaluate other options. The decision was pretty easy. When we initially looked at Okta years ago, Microsoft was also one of the folks that we looked at. Okta was a little more advanced than some of the gallery apps. Then, Microsoft made a huge play and added more gallery-type apps. That helped us quite a bit to move things along.

For others using Azure ID, take cookie online training. They are widely available, free, and give you a very good idea of what path you need to go to. So, if you want to take some professional training to become a guru, then you know what classes to go take and the fundamentals that you need to take before you get into that class. So, I highly recommend taking the video term.

I come from an Active Directory background for more than 20 years. Coming into Azure was actually great. We had somebody leave the company who was managing it, and they said, "Hey David, I know you are working for this other pocket of the business. How would you like to come back to the identity platform?" I said, "Absolutely." So, it was easier for me to come up to speed in several of the advanced areas of Azure, e.g., conditional access policies. We are starting down a zero trust methodology, which has been very exciting for me.

I would give it a solid eight (out of 10). It has a lot of the features that we are looking at. I don't think there are any tools out there that will give you that one magical wand with everything that you are looking for, but certainly this comes close. Microsoft has been working with us to help us through some of the new features and additions that are coming.

Entra ID covers our entire user identity stack, including authentication. Interactive capabilities are particularly useful.

Microsoft Entra ID has helped the company with user identities, user device management, and endpoint management. We use it with other Microsoft products like Defender for Endpoint and Sentinel to improve our security. 

Active Directory has conditional access, so you only log in from a company device. You also have multi-factor authentication and other systems generate tokens. It's well protected.

The integration with all Microsoft services and external applications is crucial. Microsoft Entra ID has helped the company with user identities, user device management, and endpoint management. Integration capabilities are significant.

There should be a clearer separation between objects held in Entra and Azure, so we don't need to approach the Entra ID team to create rules, policies, and app registrations. It would help if we could make independent IDs on the Azure side to go through that team to create a role, change permissions, or create something for a specific task.

I've used Entra for the last couple of years but have worked with Microsoft solutions for 30 years. Entra ID is the successor to Azure Active Directory

Microsoft Entra ID is a stable platform. There was a big incident with Azure Active Directory a few years ago, but since then, Microsoft has worked to distribute the risk properly.

There is no issue with scalability.

I rate Microsoft support eight out of 10. They respond quickly, but the solutions aren't always satisfactory. Microsoft cannot test some things internally when you face a problem. 

Positive

Before Entra ID, I used the on-prem Active Directory for around 30 years. The foundation of Entra and Azure Active Directory comes from Active Directory.

Initially, we could complete the setup by following the guides, but now the setup is more complicated. 

We try to handle implementation in-house, supported by an external company that acts as an outsourced part of the team.

I am aware of the tier we use and know the pricing per user or account, but I am not in procurement.

I rate Entra ID nine out of 10. 

We are a Microsoft partner, and all our internal computing is on Microsoft 365, managed by Microsoft ID and Intune. Entra ID serves as our directory containing all our users and guest users, and it's managed by Intune.

It simplifies the management of identities in our hybrid environment, covering on-prem and Azure. It streamlines integration with other Microsoft technologies like Authenticator, SSO, and MFA. Entra ID is crucial to our zero-trust model based on Microsoft security.

Entra ID's anti-phishing measures have improved our phishing response. We had phishing tests a month ago, and some employees still fell for it but the number has dropped. I think we've prevented some security incidents using Entra ID with other apps.

Entra ID is our directory that registers all users, guest users, and even labs. It's integrated with Microsoft technologies like Authenticator, SSO, and MFA, streamlining operations and creating a seamless environment.

Entra ID has limited integration with non-Microsoft solutions like iOS or Ubuntu. If it worked across different software and all kinds of devices could be managed under it, that would be great.

We have been using Microsoft Entra ID for quite some time, as it replaced Active Directory when we moved from an on-prem solution.

The platform is stable. We haven't encountered any problems.

It is deployed across all of our employees within the company and group of companies. If we had to deploy it further, it would be straightforward as we frequently deploy it for customers.

I rate Microsoft support four out of 10. Tier 1 and Tier 2 support could be better. It's not timely or professional. They often provide solutions we've already tried. 

Neutral

We previously used Active Directory, which Microsoft Entra ID replaced when we transitioned from on-prem.

Our in-house team handled the implementation.

Compared to other Microsoft products, the cost is not too expensive. There's a free tier available, though it doesn't include all features. Overall, it's well-priced.

We did not evaluate another solution before implementing Entra ID.

I rate Entra ID nine out of 10.