Microsoft Entra ID Reviews

Microsoft Entra ID is used for user management and directory governance, including conditional access management, sync user management, group management, and application and SSO connections. In short, it is a user, policy, and access management solution for environments with 10,000 to 50,000+ users.

Microsoft Entra ID provides a single pane of glass for user management.

Originally, it was just an integration within Entra ID with limited governance and scalability. Over time, more and more features such as Certificate Authority and Privileged Identity Management have been added, and the amount of governance and controls has increased. As a result, we can now control more aspects within Azure AD. For example, in the beginning, we could not review sign-ins. We could only see simplified final messages. Now, we have more insight into sign-ins, and the overall service has improved. It is now more stable and reliable, which is most important.

Microsoft Entra ID's conditional access feature to enforce fine-tuned and adaptive access controls work. 

When Microsoft Entra ID is implemented properly it can help save our staff time.

If the implementation was done properly, the user experience was seamless. It may have even improved the experience, given that it supports single sign-on and cross-platform access. For example, signing on to enterprise applications was even better. So, it depends on the engineers who implement the product, not the product itself.

Microsoft Entra ID's valuable features include integration capabilities, a simplified Active Directory approach, scalability, conditional access, and privileged identity management.

The single pane of glass has limited filtering options within the directory.

The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive. This means that it is still possible to deceive conditional access.

The group management and group capabilities have room for improvement.

I have been using Microsoft Entra ID for over five years.

Microsoft Entra ID is mostly stable, but we had some issues with MSA. We must have a backup plan when using a cloud provider. If we put all our trust in one provider, that's on us, but most of the time, the service is stable.

Microsoft Entra ID is scalable. When we provision more and more users, we do not notice any impact. User management may be more difficult due to the portal, loading times, and so on, but provisioning the users themselves is not a problem. We have service limitations, but based on those, we can have a large number of users and work on them smoothly.

The quality of technical support depends on the engineer assigned. I've been working with Microsoft One, and while they have some awesome engineers, I've also had situations where they didn't seem to know what they were talking about.

Neutral

In my previous role, I worked with Google for enterprise, and it was a nightmare. I also worked with Okta, which is not as seamless as Microsoft Entra ID when it comes to MSA and policy management. However, maybe that's the feature, the improvement that can be done. Even though Okta has more errors and is more annoying as a product, it does have one positive: it is a cross-platform product. We can integrate it with non-Microsoft products, while Microsoft works really well with its own products. So, if we use Endpoint, enterprise apps, and 365 services, it will work most of the time, ten out of ten. But if we try to integrate anything else that is not a Microsoft service, it will be a disaster or we will not be able to onboard the service. That is something that Microsoft could improve: make it cross-platform.

The deployment time depends on the knowledge of the engineers and the cloud approach. Therefore, it can take from a few months to a few years, and sometimes it may result in the provisioning of everything because of a gap in knowledge of the people deploying. I have seen really bad deployments because the people were not cloud-ready.

We have seen a ten percent return on investment.

I think the pricing is efficient, but the licensing is overly complicated and difficult to understand. There are many tricks in the licensing that weigh against us.

I would give Microsoft Entra ID seven out of ten.

Conditional Access works well with Microsoft Endpoint Manager, but there are better options, as Endpoint Manager is not the best service.

Microsoft Entra ID is an enterprise-level solution.

Microsoft Entra ID does not require maintenance, but the conventional access policy, AD Connect, and server-related ATSs all do.

We use Entra for things like, multifactor authentication, user backups, registrations, and other identity management tasks. 

We use Entra ID for 3,000 users, and there are multiple third parties integrated into it. The solution is part of the fabric of our company, so it's essential. 

The solution has saved IT administrators and HR staff time. We build Power BI dashboards on top of it to provide some insights. We're feeding all of the users into that. We've built an aggregator that takes all the sign-in logs and all of that data available in Entra and surfaces it through Power BI, so we can reuse it in different parts of our organization. It makes sense to build the dashboards in Power BI, so that it's centrally available and part of a bigger data set. 

Entra's license management features have saved us money because we can allocate licenses to groups and users. We've built reports on top of that license group user information. We can see how many licenses are being used and whether it's over-provisioned. 

I like Entra's ability to integrate the Active Directory with third-party solutions. It's straightforward. I like the ability to define third-party systems and make the AD the primary identity provider.

Entra offers a single pane of glass that helps us keep our security policies consistent. It helps to drive behavior through security and role-based groups. We use privileged identity management for elevated roles in security groups. 

I started using Entra when it was still called Azure Active Directory. It has been about 10 years. 

No one would say Entra isn't scalable. Some of our deployments were for large UK government projects. One of the largest Azure Active Directory deployments was at NHS which has 2.4 million users. We run and manage the identity part of that service for the NHS and a bunch of other things. 

We're involved with some massive deployments of that critical national infrastructure, including the governance and compliance around it. That's tens of thousands of endpoints. It's the NHS, so that includes people's local doctors, hospitals, and people in the supply chain. 

I rate Microsoft support five out of 10. It's just okay. 

Neutral

Entra isn't too difficult to set up. We follow the Microsoft cloud adoption framework. There's a phase that involves aligning with best practices and making sure it's secured appropriately.

Entra includes things like multifactor authentication, conditional access, etc., so I think it justifies the cost. 

Entra is fairly priced. We get it through an E5 license, so it isn't an issue.  It also costs nothing to our customers. 

I rate Microsoft Entra ID 10 out of 10. I would recommend it if you're using Microsoft or Azure. If not, I would still think about it because creating a tenant is free. There's only a licensing cost once you start putting users on it. 

I have a total of fifteen years of experience in the IT industry, and I have worked with multiple technologies including, Exchange, Office 365, and Intune, and then a little bit of SharePoint. I have excellent experience with Entra ID. We have handled a lot of migrations from on-prem to the cloud. We've also done reverse migrations.

We can centralize and manage everything much more effectively with this tool. We are able to leverage role-based access controls and maintain IAM (identity actions management).   

We can also leverage Defender from a policy and security perspective so we can protect against vulnerabilities of all types. 

For remote workers, when they try to log in with the domain username and password, the device will get synchronized to the Azure Active Directory using the device identification method and it will enter an identification letter based on the policy we have derived. This helps us maintain a modern workforce organization. From our modern work workspace configuration, we can centralize and manage everything - even for off-site employees. It doesn't matter the device. It can be a laptop, iPhone device, or Android device - any mobile phone device. Everything is now centralized.

Entra ID Connect is good. If you are migrating your office environment or data center environment, to the cloud, it will do the handshake between the local director and the cloud. Based on that, the objects will be synchronized from the local active directory to the Azure active directory, and that way the users can access both the cloud-related resources, as well as on-prem applications. They can do everything through a single sign-on object. 

It provides us with a single pane of glass for managing user access. We can log onto the Azure portal and maintain all Azure objects. We can enable features so that the user can access everything using the same username and password. If the company needs an MFA license, it can use the Authenticator or any phone or DB PIN of third-party feeder keys. The product allows for a lot of security features. 

As a vendor, we do also have the Defender tool which can help with security robustness.

They have a good feature called conditional access. We have a lot of conditional access policies. For example, MFA. For each application, we can specify access. We can also search for the conditional access policy in Azure Active Directory. We've used it with Endpoint Manager. We can make it so a device can only authenticate within a specific region and any other region would get blocked. We've deployed a lot of conditional access. It reduces the risk of unpatched devices gaining access to our network.

We've used Verified ID. It's good for verification purposes.

We've also used Permission Management. It helps with role-based access. We can create separate role-based access policies for distinct departments. We'll only give specific permissions to specific groups, for example, and they'd only have limited access to certain areas. We can really customize the policy to make the access very granular. We gain good visibility and control over identity permissions. We can configure and deploy down to specific locations or devices based on a customer's needs.

The product has helped us save time for IT admins and the HR department. It's easy to do a password reset. Instead of having to raise a case with every tool, IT can write a ticket for users and do it all from one spot.

Active Directory has saved our organization money. When you deploy the virtual machine, initially, if you are you have a data center server, the server will be kept online in the data center environment. However, nowadays, in the cloud environment, if you have the virtual machine for the application and you can autoscale the server, you can perform on that. If it is off-peak hours, the server will not need to function. It will be shut down based on the rules we define. During that time, the cost is minimal.

We don't have as much control. It's all Microsoft. If any service is down, it can affect a whole region. We would need to wait on a ticket and get word from Microsoft to understand the issues. If it takes longer to resolve the issue on Microsoft's side, all we can do is wait for them to fix it. If it was under our data center, we'd be able to give it immediate attention directly.

I've used the solution for almost five years. 

The stability is fine, although we cannot do anything about it. We cannot directly specify the gateway. That's decided on Microsoft's side, depending on where the user connects from. I'd rate the stability eight out of ten.

I'd rate the scalability eight out of five. Nowadays, we do not need to procure physical hardware, so it's easy to scale up. We can add new virtual machines with ease based on the application support from the OEMs. If you want to increase RAM, this is automatically done via autoscaling.

We've dealt with technical support. Whenever we have issues, we'll write a ticket. We have a premium license and we'll write tickets under that. They'll coordinate with us for any major issues.

Support used to be better. We'd prefer to fix the issue ourselves rather than go through Microsoft. However, they are still helpful and responsive under the license we have.

Neutral

Previously, I did not use anything. I've always relied on Windows-related technology. We had used Windows 2008 and 2012 servers in the past. Now we use 2019 and 2022 servers as well as the latest environment. 

I have used Okta in the past, however, I don't remember much about it. I've used previous versions of it. 

I was not directly involved in initial setup tasks, however, when they migrated the user's object from the local active directory to the cloud, then we used a third-party tool called Cluster Migration Manager, and we used the tool to migrate the object user and object functionality to Azure.

We have continuity load balancers and we have also deployed VMs and SQL databases. we've configured a lot under this product.

We do use premium licenses. One has limited access and the other has more features. Users might also have Office 365 licenses in order to use Exchange. If a company has a large number of employees, like 2,000 or so, they should look at enterprise-level licensing. Educational instituations can access educational licenses. 

We tend to use Windows, however, users may also use AWS or Google if they want and align on that. We work based on the customer's needs and align with whatever they may be.

We usually work for customers that deal with Microsoft. We're consultants, not direct Microsoft partners. 

I'd rate the solution seven out of ten.

My job is to manage APIs on the enterprise end. We use Entra ID to limit contact with the end of the portal as much as possible. We have a lot of permissions that we don't want people to have, or we provide them with managed access. We also use Entra to manage application access. It tends to be blanket permissions, allowing an application total access.

Microsoft Entra ID drives our login and security perimeter, which is crucial for our organization. It has helped us implement multifactor authentication for most of our users despite the legacy systems in place. 

It is essential for supporting our aspiration towards a zero-trust model. It's driving our ambition to get serious about zero trust. We still have a lot of legacy systems that require support. 

Entra handles all the anti-phishing capabilities, and it's also helped us implement passwordless sign-in functionality. Now that we have MFA requirements and stuff like that, we're seeing identities flagged as risky because people are traveling. Sometimes people misuse credentials. It may not be malignant, but a group of people might share credentials. 

Delegated permissions and federated credentials are valuable features of Entra ID. We aim for a more secure environment by pushing for minimal use of static secrets. By utilizing delegated permissions, workflows can manage access, and federated credentials allow integration with platforms like GitHub and AWS. Entra ID drives our login and security perimeter, helping with multifactor authentication, despite the legacy systems.

Entra ID needs to improve its application credentials and use of ID permissions. There are challenges with the management layer. We want to create access down to the Graph level while invoking some management logic. That also means that if an application comes in, we cannot send that to the Graph because we would need an ID on behalf of the cloud hook. 

We have to switch contexts and do a lot of custom security checking. Does this application have permission to change these objects? If it does, then we can use our CNC powered by NMC. It botches our entire audit log so we can return to our service log and correct it rather than have it all in the old cloud. That's annoying. 

We also hit a problem with the federated credentials. Every hour, it exchanges a set of credentials from another IDP. For example, if I have a token from GitHub, I can exchange that for an application identity in NFT, which is awesome when you're doing GitHub workflows. However, because we have more than one tenant, we might need to access resources from one tenant to another. 

We do managed identities and federate to get a token and then assume an identity in the other tenant with that token. But for some reason, Microsoft has excluded all of their own IDP endpoints. Everything else is good to go, but if you come with a Microsoft token, you cannot use it. 

I have been using Microsoft Entra ID for the last two to three years.

I've had no issues with Entra ID. The portal could be slow now and then, but we don't have problems with the platform itself.

We have not observed any major scalability issues. However, when dealing with tens of thousands of objects, it requires proper management and best practices to retrieve only necessary data.

We rarely use customer service because we act as tech support. The few cases we have raised received decent support. 

Positive

We previously used Active Directory. While we haven't fully transitioned, we still source users from Active Directory but draw identities into Microsoft EntraID.

The decision to switch was made before I joined the team, so I'm not in a position to discuss ROI specifically. However, Microsoft EntraID is an integral part of our operations.

We face pricing challenges with newer licenses, as newer features often require them. This results in additional expenses for accessing new functionalities.

I rate Microsoft Entra ID seven out of 10. While it's an excellent standard for user sign-in, its open application model and security limitations lower my rating.

We use it for the single sign-on to different products that we have, and it works pretty well.

In general terms, we use it as an admin tool. If we want to set up accounts for people, it's easier for us to do it like this because everything is connected to different groups.

It's a very intuitive platform. It's easy to create groups and add people.

I have used Okta in the past. Okta is easy to use, and it's also very friendly. Even users who have no tech experience would be able to use Okta.

When it comes to Azure, creating certain things or getting different resources isn't very clear. You need a certain level of knowledge of the system. It could be a little bit more friendly so that some of the things can be done easily, but after everything is created, it's easy to use.

I've been using this solution for five years. In this company, I've been using it for two years, and before that, I used it for about three years.

It's good. It has never hung up.

They're good. We don't have issues with scalability because we are not like Amazon or other companies that are super huge and have got tons of traffic.

I don't handle it directly now, but based on my previous experience, they're pretty fast. I'd rate them a 10 out of 10.

Positive

There was probably the Google management system, but it works similarly to Azure AD. 

I was not involved in its deployment.

In terms of our environment, it's a private cloud. We have the infrastructure within the platform, but all the software, all the usage, and other things are handled by us. We're private because we're a big company, so we're able to afford it. We're not an IT company, so we don't need so much processing power. So, we use Azure as a PaaS solution.

We use it as a connector for different applications. We have Adobe Sign and applications on AWS. AWS has a translation solution, and people have accounts over there. They have their translations of different products and things like that. That's how we use it.

In terms of maintenance, everything is done by Microsoft. We are just the end users.

The return on investment is easier to calculate with Okta. It's a bit complicated to calculate in the case of Azure. Of course, Azure is already a trusted platform. It's pretty big, and it's handled by Microsoft, so there are no issues with that, but it's easier to check the return on investment with Okta.

I'd recommend Azure Active Directory if you are a big company. For small or medium companies, it's probably not the best idea in the world because of the pricing. If you are a small company, you can probably deploy your own solutions because you're not handling a website with tons of traffic. If you are not like Adidas, Nike, or Walmart, you can do it in a way that is more localized than handling everything through a big price solution. However, Azure tends to provide you with solutions that are easier to use. If it was cheaper, I'd definitely recommend going for it.

I didn't evaluate any other solution. 

I'd rate Azure Active Directory a 10 out of 10.

Our primary use case is for identity platform and security platform, mainly for multi-factor authentication (MFA), to make all access to our enterprise applications unified for each user.

Our most valuable features are conditional access and Azure application proxy. The passkeys are a significant improvement, giving us the most phishing-resistant MFA.

Entra allows us to provide access to more users without a VPN, especially for our web-based platforms, which are published with the application proxy and MFA. Reducing VPN usage has been beneficial for us. The ability to offer employees access to any platform, including private PCs and tablets, has been a game-changer.

Private access and internet access should be available in a less expensive licensing model.

I was using Active Directory for more than 10 years before we switched to Entra ID.

We have experienced no problems with stability. We have had full uptime at all times.

Entra is a cloud solution, so scalability is not a problem for us.

The technical support has its downsides and upsides. While they are fast, it can take time to get the right person because there are many steps to reach the appropriate team member at Microsoft support, which can be somewhat annoying.

Neutral

We started with Office 365, so there was a clear statement that we would be using this solution.

The initial setup was prompted by the COVID pandemic and was executed as a big bang.

We only used Microsoft with direct workshops, and all the specialists had their work done well.

We are an enterprise customer with an enterprise agreement in place with many of our partner companies, so there are no special questions or issues about pricing, setup cost, or licensing.

I rate Entra ID 10 out of 10. We are fully satisfied. It's a seamless transition from Active Directory. There is no steep learning curve, and our knowledge from Active Directory allows for a fast ramp-up.

We implement standardized conditional access policies for our customers using Microsoft Entra ID, mainly for security, governance, and conditional access. We also sync on-premises Active Directory accounts to Microsoft Entra ID to manage groups and Azure resources like Azure Virtual Desktop.

We started our journey with Entra from a security standpoint, using features like PIM and Microsoft Defender for Cloud. It has improved our security posture, especially in healthcare, where security is paramount. We have to ensure that our data is secure for HIPAA compliance. 

It improves our user account management and initial access. We can see a lot of stuff using Microsoft Lighthouse because we're an MSP, so we use Lighthouse to gain visibility into the tenants and accounts. We can dive into the financial side and get reports. It's highly granular and easier from an organizing standpoint.

We use the Microsoft security stack, including Defender, Purview, etc., so we get a security score and recommendations on ways to fill in the gaps. We get some ideas on how to tweak the Entra tenant or the environment better. But we're following Microsoft's guidelines with reporting or recommendations.

We implemented FIDO 2.08 for phishing resistance, so we use security keys like the UBP. We're passwordless now. It depends on our customers' licensing, such as whether they have an E1 or E3 or whichever Microsoft 365 license they have. We're moving them to a passwordless architecture or, at minimum, improving phishing resistance with an MFA authenticator. 

We primarily use Entra to monitor risky users or detect questionable sign-ons. We get alerts if a user logs in outside a trusted location or from a different IP address we don't recognize. We have recommendations or conditional access policies to detect or block risky sign-ons. 

We had more risky log-ins detected than normal, so we updated our conditional access policies to say that if we see more risky log-ins in the next 24 hours, we'll lock it down in the next 12 hours to fine-tune the conditional access policies and that kind of stuff. We're trying to standardize or make everything the same, depending on pricing or cost. We're trying to move everybody to the standard baseline for just what we try to deploy for the next of this year. 

It's had a tremendous impact on our security. We can set granular permissions and different levels of access for various teams. We can govern the Entra side of the house or the Azure public cloud side and other teams like marketing, HR, finance, or any of those groups as needed. 

Entra helps us advance our zero-trust strategy. We have to follow CIS standards and HIPAA because we're in healthcare and PCI DSS. We're implementing Microsoft's best practices for their security framework. It makes a big difference when we're deploying new infrastructure for new clients and everything.

Microsoft Entra ID provides granular role assignments for Azure permissions or Azure AD roles. Using a privileged identity manager allows us to give specific access to certain groups of employees for a limited time. Entra's ability to integrate Azure Virtual Machines and security benefits has been exceptional, especially for managing infrastructure and applications.

I'm satisfied with the features provided by Microsoft. They are continually improving their offerings, and I don't have any downsides or issues with Microsoft Entra ID. We're integrating a lot of Azure virtual machines and utilizing the Azure side. We love Microsoft licensing, all that stuff. And Yeah. It's just, you know, just using the CSP portal as well has just been a game changer for us too. 

We have been using Microsoft Entra ID for about three years as a Microsoft CSP partner.

The stability of Microsoft Entra ID is very great. It's a high availability solution, and we haven't had any major issues. Even in cases of global outages, Microsoft provides transparency through their health portal.

The scalability of Microsoft Entra ID is excellent. We have no problems scaling virtual machines, and we can tailor solutions based on customer needs and budget, ensuring proper SLA and redundancy.

Whenever we have needed Microsoft support, they have provided fast response times and have been very helpful. Although we've occasionally needed to be transferred between departments, overall, their support service is reliable.

Positive

Before Microsoft, we used various on-premises solutions with Active Directory domains. The shift to Microsoft Entra ID was driven mainly by the convenience and cost benefits of consolidating under a single vendor, a single pane and glass setup.

The initial setup was done through Ingram Micro, and it was smooth. They helped set up our accounts and provided the necessary training for managing CSP.

The implementation was done with the help of Ingram Micro, a third-party vendor. They provided excellent guidance throughout the CSP integration process and conducted seminars for further training.

Our ROI has been strong since becoming a CSP partner. We've seen tremendous growth and attracted many new customers using Microsoft products. We leverage existing licensing, like Windows Server or SQL, and hybrid benefits, and our sales and marketing teams benefit from co-selling and partnership advantages.

Our sales and marketing teams handle licensing, co-selling, and marketplace activities, which makes it easier to centralize and manage our Azure or multi-cloud costs effectively.

Before implementing Microsoft Entra ID, our sales team evaluated other vendors offering similar solutions. However, the benefits of Microsoft licensing and CSP partnership made it an obvious choice.

I rate Microsoft Entra ID a nine out of 10.

At first, we used Entra for Single Sign-On (SSO) purposes, but there are multiple use cases. It is the backbone of managing identities and access to Microsoft 365, for which we have licenses. We were also using it for SSO authentication for third-party applications.

We do not use Microsoft Authenticator. We use ADFS, which is federated with Entra, and we are integrated into that, so we do not use Microsoft Authenticator except for admin accounts.

Entra has had a positive impact by enabling us to synchronize the IDs from on-prem to Entra ID and grant access to applications based on those users and their groups. 

The identity and access management piece is probably the most valuable to us. Since its implementation, synchronizing the identities from on-premise to Entra ID has had a positive impact. This allows us to grant access to applications based on those users and the groups they belong to. 

The conditional access policies are helpful. They let you control access based on what devices they connect from. The conditional access policies prevent people from accessing our environment from outside our domain or non-company computers. We've relied on the verified threat actor feature to identify whether it's a real user or a bad actor based on the source.

The area that needs improvement is integrating IDs between multiple environments and forests. In our case, it's hard to get the identities from multiple forests into one location. This is probably our biggest challenge.

I've used Entra for about eight years since we opened our commercial cloud.

I haven't had any issues with the virtual machine, so it is stable.

It's been great. We have the upgrade support package, but actually, most of the built-in support is the best.

Neutral

We previously used ADFS and switched mainly because of our licensing model and to gain access to Microsoft 365. So it just became an extension of it.

Ultimately, it's the base setup for everything. It's Microsoft 365, so it's a required piece. It's hard to quantify our ROI because it's just something we need. 

I rate Entra ID seven out of 10 because it's hard to have a single tie to integrate all identities within our core curriculum due to multiple forests.