Microsoft Entra ID Reviews

Our primary use case for this solution is identity and access management within our organization's hybrid cloud environment. We have a multinational presence across 12 countries, with around three thousand employees worldwide. Entra ID plays a pivotal role in streamlining user onboarding and offboarding processes, ensuring secure access to our resources.

Our environment is characterized by a blend of on-premises and cloud-based services, and Entra ID seamlessly integrates with our Azure tenant. It allows us to efficiently manage user identities, enforce authentication and authorization policies, and implement multifactor authentication for enhanced security.

Moreover, we leverage Entra ID's capabilities to maintain compliance with specific regulations, such as those in Germany, where mailbox access for departed employees requires careful management. Entra ID's security features, including Azure Information Protection integration, provide an additional layer of protection against evolving cyber threats.

Microsoft Azure Entra ID has been a transformative addition to our organization, bringing a multitude of benefits and enhancements across various facets of our operations. Here are the key ways in which Entra ID has made a significant difference:

Unified User Access and Seamless Experience:

Entra ID provides a unified interface for managing user access, offering an exceptionally user-friendly experience. Users can effortlessly access a wide range of applications, both cloud-based and on-premises, using a single set of credentials. The Azure portal serves as a true portal, creating a distinct realm for users while maintaining a user-friendly interface. Single Sign-On (SSO) configuration simplifies the login process, allowing users to use a single ID for multiple applications. This streamlined approach, coupled with multifactor authentication, ensures a secure and convenient login experience, especially important in today's remote work environment.

Efficient Policy Management:

One of the standout features of Entra ID is the ease with which Azure policies and conditional access can be applied to enhance security. The EntraID admin center serves as a central hub for cloud-based identity and access management, offering a wide array of features that not only enhance security but also promote collaboration and productivity within the organization.

Modern Authentication Protocols:

Entra ID employs modern authentication protocols like OpenID Connect, which are well-suited for web and mobile users. This is especially crucial in an era where remote work and mobile device usage are prevalent. It represents a significant improvement over the traditional Windows Active Directory, which relied solely on Kerberos and NTLM.

Hybrid Capabilities:

Entra ID's support for hybrid scenarios is invaluable. It caters to the preferences of employees who still rely on on-premises solutions while leveraging the advantages of the cloud. This flexibility in a hybrid environment is a substantial benefit.

Conditional Access for Enhanced Security:

Conditional access policies, akin to "if-then" scenarios, provide granular control over access conditions. These policies evaluate login attempts based on factors such as user location, device health, and more. This ensures that access is granted only under specific, predefined conditions, significantly bolstering security.

Role-Based Access Control (RBAC):

Entra ID offers a robust RBAC system that allows precise management of access permissions. Custom roles can be created, granting users only the necessary permissions, enhancing security without overexposure.

Cost-Effective Scalability:

The cost-effectiveness of Entra ID is notable. It offers a free option, making it accessible to organizations of various sizes. Premium plans unlock advanced features, such as identity protection and advanced threat detection, providing excellent value for the investment.

Enhanced User Experience:

Entra ID has substantially improved the user experience. Account creation and provisioning are straightforward, even more streamlined than traditional Windows Active Directory. This inclusive process involves licensing, role, and permission configuration, all within a unified interface.

Microsoft Azure Entra ID has significantly enhanced our organization's security, user experience, and efficiency. Its modern authentication, conditional access, and RBAC capabilities, along with its support for hybrid environments, make it a valuable addition to our IT ecosystem. Moreover, the cost-effectiveness of Entra ID and its role in simplifying identity and access management have further solidified its value proposition. Our users are more satisfied than ever, thanks to the improvements brought about by this powerful solution.

The standout features of Microsoft Entra ID, for me, revolve primarily around its robust security measures. As someone deeply invested in cloud security, these aspects have proven to be exceptionally valuable.

Conditional Access Policies: The ability to formulate and enforce conditional access policies is a game-changer. It allows us to implement highly granular access control, considering factors like user location, device health, and authentication methods. This level of flexibility ensures that access to critical resources is granted only under the appropriate circumstances, enhancing our security posture significantly.

Identity Protection: Microsoft Entra ID's identity protection capabilities are commendable. They assist us in safeguarding user identities, reducing the risk of unauthorized access and identity-related security breaches. The peace of mind that comes with knowing our identities are well-protected is invaluable.

Threat Intelligence: Real-time threat intelligence provided by Entra ID equips us with the necessary tools to stay ahead of emerging security threats and vulnerabilities. In a rapidly evolving threat landscape, having this information at our fingertips is indispensable.

These security features, coupled with a user-friendly interface and seamless integration, make Microsoft Entra ID an exhilarating solution for those of us who prioritize cloud security. It not only enhances our security posture but also empowers us to adapt and respond effectively to evolving cybersecurity challenges.

Privileged Identity Management (PIM) Performance: Improvements in the performance and reliability of PIM are crucial. Users occasionally encounter issues where roles are elevated, but the assigned roles do not function as expected. Enhancing the consistency and responsiveness of PIM is essential for a seamless privilege management experience.

Portal Speed and Responsiveness: Addressing occasional slowdowns, particularly on Fridays, within the Azure Entra ID portal is important. Consistent portal performance ensures efficient user access management and administration.

Cross-Tenant Synchronization and Collaboration: Simplifying cross-tenant synchronization and collaboration is essential for organizations working in multi-tenant environments. Enhancements in this area can streamline identity and access management processes across tenants, reducing complexity and improving collaboration.

User Offboarding and SharePoint Permissions: Streamlining the offboarding process for former employees is critical. After disabling or deleting a former employee's account, there should be an automatic mechanism to remove associated permissions in SharePoint. Currently, these permissions often remain in SharePoint as stale entries, requiring manual removal. Automating this process can improve security and reduce administrative overhead.

I have been using Microsoft Entra ID for six and a half years.

The Entra ID system has consistently demonstrated a high level of stability. Throughout our usage, I can't recall a single instance when the service experienced downtime. This underscores Microsoft's commitment to ensuring the continuous functionality of the service for its customers.

The stability of Entra ID is crucial for our operations, and its reliability has greatly contributed to our confidence in the platform. Microsoft's dedication to maintaining a stable environment aligns with the expectations of organizations relying on their services.

In summary, the stability of the Entra ID system has been commendable, and it reflects Microsoft's emphasis on delivering a reliable experience to its users.

Scalability in the context of Entra ID has been a significant advantage, particularly when compared to traditional on-premises solutions. The scalability of Entra ID is dependent on both the hardware and the underlying infrastructure. In the case of on-premises servers, organizations are tasked with maintaining and upgrading the hardware, which can be resource-intensive.

What I've observed with Entra ID is that it offers exceptional scalability and reliability. This scalability is achieved through a combination of factors, including built-in redundancy and automatic updates. Microsoft takes on the responsibility of managing the underlying infrastructure, alleviating the maintenance burden on organizations.

This level of scalability allows us the flexibility to easily scale our resources up or down based on our specific requirements. Whether we need to accommodate growth or adjust resources to optimize costs, Entra ID provides the agility needed to achieve our goals.

In essence, the scalability of Entra ID is of the highest quality, and it's a testament to the benefits of utilizing a cloud solution like Azure. The cloud-based approach simplifies resource management and ensures that we can efficiently adapt to changing demands.

We've encountered occasional issues, and Microsoft's customer service and support have consistently been friendly and responsive. Whenever we've reached out to them, they've promptly assisted us in resolving our problems.

One notable aspect is that Microsoft support typically prefers phone calls or emails for communication. While their support is effective, we've found that using Microsoft Teams for support calls would be much more convenient. Teams provides an efficient and collaborative platform for communication, making it a valuable tool for resolving issues.

This highlights the opportunity for Microsoft to enhance customer support by utilizing Teams for more convenient and efficient interactions.

Positive

The initial setup of Entra ID is remarkably straightforward. The system seamlessly integrates within our existing infrastructure, requiring nothing more than an Azure tenant.

In terms of the migration process, we prioritize quality over quantity. We don't need a large workforce for the migration; instead, we value individuals who possess a clear understanding of their roles and responsibilities. This approach is supported by a well-established product line and effective risk management strategies. Additionally, our past experiences and insights gained from previous projects significantly contribute to our confidence and comprehension of the necessary actions.

In collaboration with our partners, our team consists of five members dedicated to the migration process. Our partners, on the other hand, have a smaller team comprising three individuals providing assistance. This collaborative effort ensures a smooth and efficient transition to Entra ID.

We worked with a Cloud Solution Provider (CSP) with many years of experience with the product to successfully implement Entra ID

Our investment in Entra ID has undoubtedly yielded a significant return. Those familiar with its capabilities and accompanying features are confident in the tangible benefits it brings. In a landscape where cloud advancements have revolutionized IT, Entra ID stands out as a crucial component of our infrastructure.

Without this cloud product and the transformative developments in cloud technology, navigating the IT landscape would be challenging. We'd likely find ourselves exploring various products from different companies, potentially incurring higher costs than our current investment in Entra cloud products.

Therefore, I have full confidence that we've achieved a substantial return on investment through our adoption of Entra ID and other cloud solutions. It's a testament to the value and cost-efficiency that modern cloud technologies offer to organizations.

When it comes to setup cost, pricing, and licensing for Entra ID, I would advise others to carefully assess their organization's specific needs and requirements. It's essential to have a clear understanding of the features and capabilities needed to support your business operations effectively.

Consider the scalability of your organization and how Entra ID aligns with your growth plans. Microsoft offers various licensing options, so it's worth exploring the most suitable licensing model that fits your budget and operational demands.

Additionally, keep in mind that while initial setup costs may vary, the long-term benefits of a secure and efficient identity management solution like Entra ID can significantly outweigh the initial investment. It's an investment in both security and productivity.

Lastly, stay updated with Microsoft's licensing updates and pricing changes to ensure that your organization remains compliant and optimized in terms of cost-effectiveness."

This advice provides a general guideline for organizations considering Entra ID, encouraging them to conduct a thorough evaluation of their needs and resources.

Our organization has a strong Microsoft orientation, which naturally led us to align our infrastructure with Microsoft standards. Entra ID serves as our identity provider, handling crucial processes like onboarding, offboarding, and managing departed employees' accounts and devices.

One challenge we've encountered is dealing with "stale devices" connected to Entra ID when employees have left the company. To address this, we regularly execute scripts to identify and manage both dormant accounts and devices. Compliance policies, especially in countries like Germany, necessitate specific mailbox access rules for departed employees. This involves granting the manager access to the mailbox for three months before archiving it. Deleting the user account isn't an option in such cases.

Entra ID offers a health dashboard that helps us track maintenance activities and pending implementations. Key updates, recommended every three months by Microsoft, are currently performed on a monthly basis to maintain robust security.

As a multinational company and a global workforce, security is paramount. Multifactor authentication is a crucial process for all Entra ID users, given the increasing sophistication of cyber threats. We highly recommend exploring the security features of Entra ID and its integration with Azure Information Protection—a cost-effective, AI-driven solution that enhances security.

The primary use in my organization is for identity and identity security management. In our case, it's in our hybrid infrastructure, where it's not the cloud-native option; it's based on on-prem identity infrastructure on the cloud. We use it to manage our identity in a multi-cloud scenario. 

We use it also for our software developers for credentialing. They use a single credential, and they can use multiple platforms, like, GitHub, Google Cloud, AWS, et cetera. 

The product is connected to our security operation setups.

We also use it in our organization to on and off-board the users constantly. It helps strengthen our permission management and privilege access management. For example, if one of our engineers or users needs temporary sole permission to perform an action, we use the product to temporarily grant that security role, or that extra permission that will last a certain amount of time. After the desktop is completed, the permissions are revoked. That way, users do not have a sensitive role constantly enabled.  

The overall identity management and lifecycle management capabilities are great. We can support our entire operation. For example, we can create an onboarding package for the users so that at the right moment they have everything that they need and access to exactly what they need when they need it, and this will help our transition team when new users start. They can have the password, credentials, et cetera, all accelerated while making sure there are no security gaps. 

Entity management is great. We can provide access for short amounts of time as needed. 

When we develop applications, we leverage Entra ID to create an application like an identity so we can tailor the security posture of an application that is often used or exposed on the public internet for customers. 

To summarize, identity lifecycle management, privileged access management, and identity and credential management for developers and applications are all the best aspects of the product, in a nutshell.

Entra ID provides a single pane of glass for managing user access as well HRID of API capability for third-party integration. The single pane of glass positively affects the consistency of the user's sign-on experience. That is one of the strongest points. Using a single pane of glass and then adding HID, like a gatekeeper for identity, is very helpful. The user now knows what they expect when they authenticate an application or they authenticate a portal or simply consume Microsoft Office since the experience is very consistent. It's always the same. Our support knows when, in which scenario, and what could be a problem and then quickly can help the user to overcome an issue. The single pane of glass actually is the beauty of the product.

Security policies can now be very consistent and very granular and can be completed in specific ways for individual users. For example, there is a way to tailor your security experience for certain container reviews. A sensitive user, a high-risk user, or a developer, can have a custom mail detail or security policy that will impact only them while the rest of the standard users will not be affected by an end security policy since their workloads wouldn't require that.

The portal is really handy. It's exactly what you would expect it to be. The management center is very comprehensive. We've had no problems with the useability of the admin access and the capability of the product offering. 

This solution removes a lot of burdens, especially for us as cyber engineers. With a few clicks, we can create and target certain users. It will provide inputs and insights on scenarios and security settings. It will send warnings before we enable policies to let us know what might be affected. It helps us on the front end to avoid security configuration mistakes. That's for the sake of security as well as the user, who could otherwise be blocked every now and then by an incorrect security policy. 

We use Entra ID's conditional access feature to enforce fine tune and adaptive access controls. We use that for user identity and to protect workflows. In EntraID, an application in the directory, it's considered an identity, even if it is an application. Therefore, we can create a policy for users as well as for applications where it will authorize access only if certain conditions are made. We use that extensively.

The conditional access feature positively affects the robustness of a zero-trust strategy to verify users. We use the conditional access feature in conjunction with the Microsoft Endpoint Manager.

We can use combined security products that fit with the product. It's very effective. It ensures security overlap.

I'm working with a verified ID as well. Users can use that single identity to access what they need and to configure the software developer pipeline to use that Microsoft-managed ID to push and pull code from restart to the application. If you have multiple other solutions, for instance, GCP, you can use that federated credential to manage software and code regardless of the cloud provider that is used by using the unique identity. This makes the work of developers more secure since they only need one ID. Otherwise, they will put on a piece of paper, their username and password for each application that requires access. With this solution, you have one identity secured to move them all, and it's easier for the developer who can be more productive while staying more secure.

We've used the product to onboard or move new employees. That's part of the identity lifecycle workflow that we are experiencing. It's probably the number one product for HR management when it comes to user onboarding. It helps onboard and offboard remote workers with ease. After all, not all departments require the same applications, for instance. With this product, we create the prerequisites by creating an access package. 

Verified ID is good when it comes to privacy and control of identity data. Privacy control is a mix of responsibilities between the organization and Microsoft Cloud, of course. There is full transparency with Microsoft covering this data, however, nothing is perfect. If Microsoft changes something, since they are linked, it may affect performance.

The visibility and control for permission management are excellent. Integrations are becoming more and more native. It helps reduce our surface risk when it comes to identity permissions. When in combination with Microsoft Sentinel, it's really feature-rich. I can also create reports for when management wants to assess problem areas.

It's helped to save time for your IT admin waiters or HR department. There is a reduction of recurring tasks by up to 50% to 70% compared to the legacy solution. It's tricky to contemplate how much money is being saved, however. 

The product has affected the employee user experience in a positive way. The organization is very happy with it.

Sometimes with this solution, since our old API can have some latency and short links if you want to enable permission on a system application can be some delays. For example, sometimes, when a user requires their access, sometimes it's not happening in real-time; they just wait a couple of minutes before the TCI really provides it. Sometimes this can create confusion if a user an engineer or a developer believes that the solution is broken. The solution is not broken. It just sometimes has a delay. That is something that I encourage Microsoft to fix. During the pandemic, we had a lot of conditions with the remote workers. So when the capacity increased, there could be latency. However, that is a Microsoft scalability problem that they have to address at a certain point. That said, it's not a dealbreaker.

It would be good to have more clarity around licensing. It's a bit technical for those strictly dealing with budgets. 

I would like to see a little bit of improvement in the resiliency of the platform. Entra ID has a global point of presence worldwide, however, if one node goes down in a geographical location, it has a global impact. Sometimes even a simple certificate that is not renewed on time can cause global issues. Microsoft should improve global operations and sandboxing. So if one of the nodes is down in Asia, it won't take down the United States as well. The redundancy and the resiliency of the product should be improved over the global geographical scale of the product.

In terms of features, at the moment, the solution is covering everything. I don't see a new feature needed aside from improving their API.

I've been using the solution since 2015 or 2016. I've used it since before the name change.

Overall, the product is stable. It's 99.9% stable. 

In my current organization, we have around 100 users on the solution. However, we have B2B integrations that include 3,000 to 4,000 users.

Microsoft does scale up to hundreds of thousands of objects. The solution scales well.

If you need more than fifty thousand objects that can be created in a single tenant they can be created within an additional directory.

Microsoft offers different tiers of support according to the licensing model. The support is great. Generally, at first, you get a general engineer. They'll tell you to go and check an article. I tend to tell them the issue and lay out the problem and ask them not to send me an article since I am an expert. then I'll get to a second-phase engineer that can help. However, once you get to the right person, support is excellent. 

Positive

I have experience with One Identity, SharePoint, SharePointIQ, and InsightID.

I like how this product has a view on a single pane of glass. Out of the box, it can serve multiple types of organizations that may have multi-cloud strategies. It also has good third-party integration and reporting capabilities. Everything we need to start is right in one solution. 

We do have Okta, which we are phasing out. We use it for some B2C scenarios. It's an excellent product and has solved problems for us over the years.

When you set it up the product, there's always a combination of business people, decision-makers, and IT people, and I always encourage business and decision-makers to read the Microsoft adoption framework for Entra VNS Ready. So that way the decision makers have an idea of how to use the product and which features are required. Then we start with the technical part. 

We should basically start always with an assessment. How many users do you have? Which one is the office license model? And so on and so forth. When the assessment is done and when we have an idea of the topology of the user, we can start the design. We ask, okay, would you like to be cloud native? Would you like to have a hybrid model where you have an on-prem identity shipped to the cloud? And based on the decision, we'll start by usually setting up Azure AD Connect. 

Azure AD Connect is a solution that's on-prem. We'll onboard the identity on the cloud and all the security tokens that come with it. Then, of course, we start to plan the identity migration.

Based on the call on existing users, the next design is to onboard a lifecycle identity for the new commerce that will join and for people that will lead. It's important to read the Microsoft architecture and adoption framework for InsightID. And based on that, then we go into the nitty gritty technical decisions. 

The setup can be handled by one person. However, once you begin to integrate it with 95% of the organization and need to touch messaging systems and mail systems, you'll need to collaborate with others. If you are using the Internet and SharePoint, you need an Internet engineer. You likely need a few people to assist.

The maintenance aspect is not difficult. It's a SaaS and Microsoft handles most of the burden. You just need to perform hygiene rather than maintenance, for example, removing people you no longer need. While maintenance is mostly taken care of, people should pay attention to the Azure cloud as Azure can cause security holes with changes. 

We have witnessed a return on investment, however, it's hard to quantify. Definitely, in the long run, there's a benefit to leveraging the product.

Decision-makers dealing with budgets will sometimes struggle to really understand the kind of license that's needed. When you are doing multi-cloud the costs can be a little bit higher. It may not be cost-effective if you do not how to use the platform.

The price point is pretty high.

However, for Android and Office users, it's very useful to have.

We use a hybrid approach on-prem. We have some log applications and some legacy applications that require us to have an active directory as a primary identity source of view. This means that we ship our identity to the cloud, however, we don't have a vice-versa mechanism. 

I'd advise potential new users should investigate by creating a POC free of charge. Microsoft offers free credits for POCs. These can be extended for a certain amount of time.

I'd encourage anyone to contact a Microsoft representative and set up a POC and get training material and really evaluate the product first. Once you use it, there's no going back.

I'd rate the solution eight out of ten.

We use Microsoft Entra ID to secure Boulevard by Density.

Entra's multifactor authentication has kept our organization secure. We've decreased the number of password resets and extended the length of passwords, which has kept users happy and improved security.

Entra's conditional access policies allow us to fine-tune how we allow people into the environments and secure them. Microsoft Entra ID has also massively improved secure access to apps or resources compared to our previous setup. We've rolled out Microsoft Authenticator. That went pretty well, pretty smooth. The users seem to enjoy ID. And, yeah, we're starting on passwordless soon.

There are no specific areas where improvement is needed at the moment. Everything has been good so far.

I have been using Microsoft Entra ID for about six years.

There have been a couple of outages so that I would rate the stability around a seven out of 10.

I rate Microsoft support nine out of 10. Customer service and technical support have been pretty good.

Positive

We did not use any different solutions before implementing Microsoft Entra ID.

The initial setup and experience with deploying Microsoft Azure ID was straightforward.

We used an integrated reseller or consultant for the deployment.

We have seen a return on investment because Entra is included in licenses we already own. Deploying it was a no-brainer. 

The solution was included in the licenses we already had, so it presented a no-brainer setup cost.

I rate Entra ID nine out of 10. 

I have been employed as a subject matter expert for Microsoft Entra ID, as well as other Microsoft projects. Presently, my organization is collaborating closely with the Microsoft product team. This involves handling end-to-end customer scenarios connected to the products. In cases where there are issues related to configuration or operational scenarios, I provide assistance by configuring based on the organizational requirements. Additionally, I ensure end-to-end security through Microsoft Entra ID. I have dedicated the past 22 months to working within my organization on various Microsoft projects.

Microsoft Entra ID is a cloud-only service. However, if a customer has existing on-premises resources, they can integrate them using Azure Ready Connect to Microsoft Entra ID. It can be used in a hybrid mode depending on the organization's requirements.

Microsoft Entra ID provides a unified interface for managing user access. The user's sign-on experience relies on several factors, including the specific service or resource they are attempting to reach. The initial sign-on process involves first-factor authentication, which typically entails entering the username and password. Depending on the user's assigned security level, multi-factor authentication may be required. If the user is attempting to access an application and Single Sign-On is enabled, they can also enjoy a seamless sign-on experience for accessing both on-premises and cloud-only resources.

The admin center assists us in managing everything, from global administrators to Role-Based Access Control provisions. If a specific admin needs to be assigned to access all user authentication methods, an authentication administrator will be made available. Similarly, a conditional access administrator can assume this role if needed. We have a variety of roles accessible for performing tasks such as accessing, reading, writing, and editing operations, all based on specific requirements. Alternatively, there's the global administration role, which holds the capability to perform various actions and possesses full control over the tenant. This control can be exercised through the admin center.

When the COVID-19 pandemic emerged, all of our employees across various organizations worldwide began working from home. This trend of remote work continues significantly. Users operate from diverse networks, which might vary in terms of security levels. In order to safeguard resources, Microsoft Entra ID plays a pivotal role for all organizations, not solely for mine. Microsoft Entra ID provides essential security features, such as continuous access evaluation, multifactor authentication, IP restriction, and device-based blocking. These features constitute a device registration scenario that organizations can adopt. Whether an organization chooses to manage devices through Microsoft Entra ID or one of the other device registration scenarios available depends on the specific context, particularly the industrial location for an IT engineer. In this setup, an organization can impose restrictions or temporary blocks on users directly, contributing to the assurance of secure logins. This approach aids organizations in preventing unauthorized access to user accounts and organizational data from potentially malicious actors like hackers or unauthorized exporters. Microsoft Entra ID has been designed to enhance the security of both users and organizational information, aligning with Microsoft's commitment to safeguarding user data.

Conditional access is among the most reliable and secure features enhancing the performance of Microsoft Enterprise ID. This functionality enables us to execute various actions, as I have previously indicated. These statements are straightforward and comprehensive. To prevent access for specific users, we must apply logs based on specific requirements. If there is a need to restrict a user, we can implement a pause. This means that if a user is accessing from a certain location or utilizing a particular device, they will be granted access. Conversely, if these conditions are not met, the user's access will be denied. Therefore, conditional access policies can be employed as the organization's primary line of defense. In the past 22 months, updates have been made to the conditional access framework, incorporating conditional access policies from both session management and control management. This enhancement enables organization administrators to apply more refined filters, thereby enhancing user security. These updates include the potential enforcement of app protection procedures through Entra ID. Alternatively, administrators may create custom policies for specific applications or websites using the Defender of products. In the past, the option to merge different Entra apps and conditional access was not available. Presently, conditional access policies offer heightened security, allowing the creation of policies from various Microsoft services, including different apps. This capability empowers us to restrict users or employees from actions like copying certain data or transferring information to other locations. It prevents downloading of company information from untrusted devices as well. Additionally, our implementation of app protection policies aligns various Microsoft services with conditional access policies, further fortifying overall security.

The three factors for implementing a zero-trust framework are verifying the users, checking their privileges, and aiding in identifying any breaches. Conditional access assists with this process.

We can establish application restrictions and enforcement policies based on the Entra ID. These policies can then be aligned with conditional access policies across various locations. Additionally, we have the ability to formulate policies, such as designating trusted and untrusted locations for device data. This ensures that specific applications will only be accessible if they meet the conditional access prerequisites both from Entra and within the Endpoint Manager policies. This encompasses all first-party Microsoft applications as well.

The Verified ID feature is one of the most impressive functionalities I have encountered. Although I haven't used it personally, my role involves working as a technical support engineer for Microsoft. My responsibilities include handling support requests for Microsoft and assisting customers worldwide, whether they are utilizing premier or personal support services. To the best of my understanding, the Verified ID offers one of the most secure methods for organizations to store their data via the Decentralized Identifier framework. This enables them to manage their setup autonomously and perform DID verifications. Through this process, organizations can issue credentials to users using the Microsoft Authenticator app. This ensures that a web server is set up and a decentralized ID is created. Importantly, all organizational data remains confined within the organization; Microsoft does not retain user credentials or passwords. Consequently, all organizational data becomes integrated into the decentralized ID. This process is carried out by administrators responsible for onboarding users into the organization. When an employee joins the organization, they are issued credentials using the Verified ID feature through the authenticator app. Subsequently, these credentials are passed on to the user. The authenticator app then verifies the legitimacy of the request.

Microsoft Entra ID has proven invaluable in saving time for both our IT administrators and HR departments. Prior to Entra ID, we were required to generate individual user IDs sequentially. However, with Entra ID, we now have the convenience of producing them in bulk. This includes the ability to furnish these user access IDs temporarily, along with corresponding temporary passwords. This is achieved through a CSV-formatted Excel sheet. This process is particularly advantageous when juxtaposed with onboarding new users. For our existing users, determinations are made based on their user activity and potential risk status. In this regard, our IT administrators or global admins are promptly alerted if any user is flagged as risky. These notifications and identity protection features are integral components of Microsoft Entra ID, especially in relation to potential users. Furthermore, our system incorporates the latest workflow feature. This functionality closely resembles Identity Protection, although the latter exclusively pertains to users and objects. Conversely, virtual IDs oversee services, including applications and various other resources that have been generated via web apps, SQL, or SharePoint instances.

Microsoft Entra ID has significantly contributed to cost savings within our organization. Prior to implementing Entra ID, substantial financial resources were dedicated to various investments. Particularly in the realm of licensing, any learning initiative incurred substantial expenses. However, there has been a notable transformation in Azure, now rebranded as Entra, accompanied by the incorporation of numerous features under the Microsoft Entra ID umbrella. Undoubtedly, this has greatly enhanced cost management for our organization. Moreover, we now possess the capability to effectively manage subscriptions. We receive regular alerts from the cost management infrastructure, providing insights into our resource consumption. A distinct 'pay-as-you-go' option empowers us to select and pay solely for the resources we utilize. This approach enables us to forego committing to a fixed amount of virtual machines for a predetermined period. Instead, we can opt for resources as needed, paying only for their actual usage. Indeed, the cloud plays a pivotal role in cost savings when compared to the complexities of managing on-premises servers and resources.

The Microsoft Entra ID has significantly enhanced our user experience. In our daily scenarios, there is no need to log in every time. This is especially beneficial for user authentication and accessing various resources. Entra offers features that simplify our daily tasks and the use of dynamic applications that we host. One remarkable feature is the ability to utilize single sign-on, which is both cool and highly effective. Additionally, we have the option of Windows Hello for Business, including field authentication for Windows Hello for Business. These authentication features streamline the login process and contribute to the ease of our work. 

The most valuable feature of Microsoft Entra ID is its security options, where we can provide highly effective security for user accounts during authentication. We have a conditional access policy in place, along with modern authentication methods that can be configured in various ways to meet organizational requirements. These methods may include phone calls, SMS, or even passwordless authentication, which is the most convenient and secure method introduced by Microsoft. This includes Windows Hello for business and certification-based authentication as well.

There are several limitations that Microsoft is currently facing. Since I work with global customers daily, they often come up with new ideas. However, these ideas are sometimes hindered by Microsoft's limitations. As a result, many people are turning to third-party tools or services, even from vendors that are not as reputable as AWS or GCP.

I have personally made similar suggestions to my product team, especially regarding the vendors that users are attempting to rely on. For instance, certain organizations prefer to restrict the use of mobile phones, particularly in countries like India. These organizations are very strict about security and prohibit the use of Android or camera-enabled mobile devices for their employees. Consequently, these users cannot utilize Microsoft Authentication, and instead, they must resort to other password authentication methods such as Fido or Windows Hello for Business.

Among these options, we have only one choice, which is Fido, a security key. However, when users need to use Fido, they are required to also use multifactor authentication. This means that a user can only register for Fido after they have registered for the Authenticator, which is not an ideal scenario. If an organization has already decided not to use mobile phones and has opted for Fido authentication with security keys, it's not advisable to then ask them to use Microsoft Authenticator.

Recently, Microsoft introduced an alternative solution known as the temporary access pass. This pass allows users to log in temporarily, but its effectiveness is limited. This is especially true for Fido authentication with security keys, although it is included in the Entra IDs CBA, particularly for Android and mobile devices. Unfortunately, these secure options are not available when logging in from devices like iPads or iOS-based mobiles, other operating systems, laptops, mobile devices, Chrome, or Linux machines.

Microsoft needs to make improvements in this regard and extend its services to other operating systems as well, especially when considering their widespread usage.

I have been using Microsoft Entra ID for almost two years.

The solution is continuously being updated and enhanced with new features. As we are involved in Microsoft projects, we get a sneak peek into the upcoming release of Microsoft Entra ID, and I am confident it will be exceptionally stable.

Microsoft Entra ID is scalable.

I have been employed as a tech support engineer, assisting with Microsoft products since the inception of my career. As a result, I have not required the services of their customer support.

I have utilized Okta solely for federation services in some testing capacities within my laboratory environment. Okta proves advantageous for establishing federated connections between Azure instances across different clouds. To illustrate, imagine that Microsoft employs local active directory federation services. This duplication seems inevitable, given Microsoft's explicit intentions conveyed through the Microsoft Ignite channel.

Consequently, Microsoft ought to develop federation services akin to Okta's, which offers exclusive cloud-based federation services. This offering would greatly assist users and organizations habituated to utilizing federated authentication protocols. It would be prudent for Microsoft to integrate a cloud-exclusive federation service into Azure Cloud.

Furthermore, Microsoft contends that, in terms of security and trustworthiness in authentication service identity providers, Entra reigns supreme compared to other options. In this regard, I concur that Entra boasts superior security when contrasted with Okta.

Azure Cloud refrains from provisioning specific federation endpoints for certain applications due to the persistent usage of on-premises or federated applications by numerous organizations. This gap is where Okta has capitalized, effectively occupying the market space that Entra commands in such scenarios.

The initial setup is straightforward. The deployment is simple. We possess Microsoft learning documents and public articles from Microsoft, along with community channels. If we aim to adhere to these instructions, the process is quite simple. Even a college graduate attempting to configure from the Entra web portal will find it easy to follow. The procedure is particularly straightforward for specific scenarios and the specific topics that Entra provides.

I completed the implementation in-house using the documentation provided by Microsoft and by following the Microsoft YouTube channels.

Entra's pricing is somewhat higher compared to AWS. With AWS, we have the ability to access EC2 servers, which are essentially virtual machines, for free for a duration of up to one year, specifically the basic virtual machine instances. However, Entra does not offer a similar option. If we are utilizing any form of virtual machine on Entra, we must begin payment after one month of complimentary usage. Unlike AWS, Entra does not provide access to basic virtual machine instances for educational or testing purposes. Furthermore, there is a discernible difference in pricing and licensing when we compare AWS Identity Access Management with Entra's ID system.

I would rate Microsoft Entra ID eight out of ten. I deducted two points due to the limitations concerning the connectivity of services for Android and other operating systems.

I have had multiple use cases for Entra ID during my previous position as a system administrator. In that role, I was responsible for managing around three thousand users within our organization, including some external parties, which brought the total user count to approximately ten thousand. Entra ID is a cloud-based solution designed for identity and access management. In our organization, we primarily employed it to maintain user groups for authentication purposes. Additionally, we had on-premises applications that required registration within Entra ID, enabling us to provide a single sign-on solution for these applications, granting access to our users.

Entra ID boasts several other features as well. For instance, we utilized a security feature called NFA to enhance user security. We also implemented a conditional access policy, tightly integrated with Microsoft Intune. This policy allowed us to define specific access rules based on user locations. This means that if a user was located in a particular branch, they would be granted access to certain services while others would not. Such configurations were established within our conditional access policy in Entra ID.

At times, we needed to provide temporary access to certain users as administrators. For instance, our compliance team might require access to check compliance reports or logs for a limited period, which we facilitated by granting access for one or two hours. Within Entra ID, we have a functionality known as Security Score, which we utilize to assess and benchmark the security of our organization. This helps us identify potential risks and areas for security enhancement.

Among the tools we employ, Intune plays a crucial role. With Intune, we effectively managed our Windows, iOS, and Android devices. We could establish compliance policies and configuration settings for both Entra ID and Intune, ensuring a consistent and secure user experience across different devices and platforms.

Entra ID can be deployed using a hybrid model for organizations with a significant on-premises presence, or in a fully cloud-based setup for those that do not.

Entra ID offers a unified interface for managing user access.

In addition to the Single Sign-On provided by Entra ID, we also offer a biometric option through Windows Hello.

In the admin center, we can locate the dashboard. Recently, Microsoft has made significant improvements. Previously, searching for a username required navigating to the user test section. However, presently, I've observed that Microsoft has enhanced the search scenario. Now, by simply searching for the username on our web page, it will display the username along with all associated details. Furthermore, we have password identity management, group management, and application registration options available. We also support on-prem authentication, specifically rescoping authentication like NTLM, which is an older authentication method. However, if we register our application with Entra ID, we can easily enhance the security of our authentication through modern authentication methods. These security features are available within the admin center.

Verified ID, in fact, is obtained when we create or subscribe within Entra for the initial time. Therefore, it is a default setting on Microsoft that provides us with a default domain. However, if we perform this on Microsoft.com, we need to append that tenant and subsequently verify it. This, of course, necessitates the addition of certain DNS entries to incorporate our customized domain into Entra ID. Consequently, we have the capacity to include up to 500 domains within a single tenant.

We are three global admin users. As such, we are responsible for maintaining our company's tenants. Occasionally, the security or compliance teams need to assess the current status. For instance, we might have a project requiring a vendor to have access for a specific duration. In such cases, we can readily grant customized access to that user for the designated period. Post this duration, access will be automatically revoked. Hence, we can manage these settings through permission management.

Microsoft has indeed introduced new features. For instance, we now have the ability to create a multitude of users or add members to a group all at once. To facilitate this, they have developed a custom script. By including the object ID of the user in an Excel or CSV file and importing that file, the system will automatically add the users. Entra ID is particularly time-saving, as it allows us to add 100 users in just 30 seconds using the group method. If we were to create the group manually, it would take one to two hours per user.

In my situation, not all users are motivated. The IT division and the technicians might be up to date with the latest technology. However, when we consider the finance or sales personnel, their primary focus is on their business sales. They lack knowledge of IT or technologies. As a result, when we introduce a new solution and onboard their users to that system, we encounter certain issues. Nevertheless, through integration and training, we established the necessary procedures for logging in and working, which eventually became acceptable. Entra ID has played a significant role in making the user experience more seamless.

As an administrator, we sometimes observe a discrepancy between Microsoft Intune and Entra ID – these are distinct solutions, each with its own licensing subscription. On occasion, these two solutions are combined into a single service, or conversely, certain services might be removed. Such situations can create conflicts for administrators. A few days ago, I noticed that certain aspects like the Microsoft Compliance and Microsoft Security tabs were missing when accessing Entra ID. It appears that some services have been removed from Entra ID and new ones have been introduced, which wasn't communicated to us. I would appreciate receiving notifications regarding the removal of services from specific tabs, along with information about their replacements. This would allow us to plan our logins accordingly. Microsoft offers two portals – the classic portal and the modern portal. When using the classic portal, we promptly receive notifications about its upcoming transition to the modern portal after a designated date. However, no such notifications were provided for Entra ID. In my quest to locate security and compliance checking features within Entra ID, I discovered that the options were seemingly absent. Subsequent Google searches revealed that these features had been consolidated under a single solution.

We are receiving false security alerts on the dashboard. We have set up a conditional access policy that restricts access based on the user's location. However, we have observed that there are instances when Microsoft's AI might be generating these false alerts. This is causing users to be blocked from accessing their accounts. When we reached out to these users, they confirmed that they hadn't visited the specified area or country in the last seven to ten days. Despite this, they are receiving notifications to reset their passwords, with a warning of being locked out. Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users.

I have been using Microsoft Entra ID for five years.

Entra ID is a cloud-based solution. Microsoft, in fact, operates multi-zone data centers which greatly reduce the possibility of service outages. However, this year we have experienced a significant amount of downtime. For instance, we encountered Exchange Online issues in Bangladesh. They source their authentication from either the Singapore or Indian data centers. Unfortunately, there were several instances of problems in this area this year, about two or three times. We faced communication as well as mail-sending problems. While their Service Level Agreement is supposed to be 99.99 percent uptime, it seems to be closer to 99.98 percent. Interestingly, for the past four years, we did not encounter any such issues. Strangely, this year, these problems began around the time of the Russian incident. It's possible that backend issues, perhaps related to cybersecurity, contributed. Additionally, Microsoft laid off ten thousand employees this year, and after this restructuring, we started facing these issues.

I would give the scalability a ten out of ten.

The quality of technical support depends on both the issue at hand and the expertise of the assisting engineer. In certain cases, they might be unable to provide assistance, leading us to resolve the issues on our own.

Positive

We previously used the on-premise version of Active Directory before switching to Entra ID.

The initial setup for Entra ID is simple when opting for a full cloud deployment. We only need to onboard the users and enter the license. However, in a hybrid scenario, we require network connectivity from on-premises to the cloud. Additionally, a separate server is necessary to synchronize the users with the cloud. This process is time-consuming and intricate to manage.

I implemented Entra ID for three to four companies in Bangladesh. Additionally, for on-premises Active Directory deployments, I handled more than ten to fifteen projects. In the capacity of a vendor, I collaborated with a company that served as a local partner of Microsoft.

The deployment involves four or five teams, including IT, Networking, and Security.

To facilitate hybrid implementations, we need the support of an architect to design the servers.

As Entra ID is a subscription service, a payment is required for each user every month. To access its features, purchasing the license is necessary. Initially, upon creating the tenant, a complimentary subscription for either 30 or 90 days is provided. After this trial period, it's mandatory to choose a subscription. Entra ID is relatively expensive compared to other solutions. There are free alternatives available for managing and providing authentication. However, considering a comprehensive range of solutions under one umbrella, Entra ID stands out. It offers additional benefits such as one terabyte of OneDrive and SharePoint storage, along with Microsoft Teams integration. The cost covers various applications and extra features, providing good value for the investment.

Entra has P1 and P2 licenses that are bundled with lots of applications.

I would rate Entra ID a nine out of ten.

Since Entra ID is cloud-based, remote users or branches need to ensure that they have a stable internet connection to access our environment.

Maintenance for cloud solutions is generally not obligatory. This is due to the automatic functionality that activates when users are enabled. However, if a license expires, we must either seek assistance from Microsoft or renew all licenses, subsequently testing the new licenses. Occasionally, for maintenance, especially when dealing with our own custom applications and enabling single sign-on with Entra ID users, we require assistance both from Microsoft and our mitigation team. This is because each application has its own authentication method, often resulting in compliance issues. To address this, discussions with the mitigation personnel are necessary, and we may need to allocate time for aid from a Microsoft engineer. In certain instances, collaboration with Microsoft vendors from the integration team is essential. Apart from these situations, the process remains fairly straightforward.

I use it for managing identities, access, and security in a centralized way. I help other people use this product.

Using Azure AD has improved our security posture overall, more than anything I've ever worked with.

It enables end-users to be more secure without it actually affecting their work. Usually, security solutions makes it harder for them, so many start using other solutions instead, solutions that are not managed or monitored by the organization. But when we use Azure AD's Conditional Access, for example, as long as they behave, users don't even notice it.

The passwordless feature means they don't even need to have a password anymore. It's easier for users to be more secure. You can invite anyone to collaborate in a secure way. 

Passwordless sign-in, which is one of the new features where you no longer need to have a password, is one of the great features. Passwords have always been hard for end-users, but not so hard to bypass for bad guys. It often doesn't matter how complex or long your password is. If a bad guy can trick you into giving it to him or can sniff your keyboard or your network, or access it through malware, your password doesn't matter anyway. So all the complexity, length of the password, and having to regularly change it is hard for users, but it doesn't stop hackers. And that's what makes passwordless so valuable.

Multi-factor authentication is good as it allows you to answer a notification or even an SMS or a phone call, but that has become more unsecure now because the bad guys are learning new way to bypass these methods. But using passwordless technology, you're not even using a password anymore. You're basically just signing a logon request without actually sending, typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple.

It also stops phishing, which is amazing. If someone tricks a user into going into the "Macrosoft" store or some other site that looks like the real site, they can trick the user into signing in there and then they can steal the password. But if the user is using passwordless, the passwordless solution would say, "Sorry, I don't have a relationship here. I can't sign in." In that way, it can stopping phishing, which is one of the most common attack vectors right now.

Another feature that has improved our security posture is Conditional Access where we can not only say "yes" or "no" to a sign-in, but we can also have conditions. We can say, "Sure, you can sign in, but you need to be part of the right group. You need to come from a managed client. You can't come in with a risky sign-in. You need to come in from a certain platform or a certain network." You can have a really complex set of rules and if those rules are not fulfilled you will not be able to sign in, or we can require MFA or even control the session. That is also a really good security feature.

The B2B feature is another good one where, if I want to give someone access to my my apps or data, instead of creating an account and a password and giving that info to the user, I can invite that user so he or she can use their own existing account. That way, I don't need to manage password resets and the like. The B2B feature enables collaborating with anyone, anytime, anywhere.

The Azure AD Application Proxy, which helps you publish applications in a secure way, is really good, but has room for improvement. We are moving from another solution into the Application Proxy and the other one has features that the App Proxy doesn't have. An example is where the the role you're signing in as will send you to different URLs, a feature that App Proxy doesn't have (yet).

With Azure AD, if you look in detail on any of the features, you will see 20 good things but it can be missing one thing. All over the place there are small features that could be improved, but these improvement is coming out all the time. It's not like, "Oh, it's been a year since new features came out." Features are coming out all the time and I've even contacted Microsoft and requested some changes and they've been implemented as well.

I have been using Azure Active Directory for close to eight years now.

The stability or availability is incredible. It's super-good. However, just the other week, there was an outage for a few hours, so it's not 100 percent. But in Microsoft's defense, that hasn't happened for a long time.

What I also usually point out to people is that if you host your own solution and things break in the middle of the night, who's going to look at it? With this solution, you know that in the first millisecond that something breaks, 10 people or 100 people are looking at it. You get constant feedback about what's going on and you usually get a full report afterwards about what actually happened and how they will prevent them in the future. They are really good at managing these outages.

I don't know what the uptime is, but it's still 99.999 or something like that. It's super-trustworthy, but it's not 100 percent. What is? Still, it's likely much better than a private on-premises solution could ever be.

In terms of scalability there are no limits. I have customers with 10 people and others with up to 300,000, and everything in between. There is no difference. I haven't had to think about memory or disk space or CPU in a long time because everything just works. It's super-scalable.

We have 100 customers and all of them use Azure AD. They are spread all over the world. In Sweden, where I'm from, we have government municipalities, we have private corporations, hospitals, manufacturing. Everybody needs this. It doesn't matter which market or which area you work in. I don't see a target audience for this. It's everyone.

Their tech support is pretty good, depending on who you end up talking to. If you open a support request, you can be asked quite basic questions at first: "Have you tried turning it on and off again?" Sometimes we need to go through five people to get the correct people, the people who know the problem area really well. We usually dig really deep into the area and learn al lot first. We need someone who is expert in this product and who knows exactly how that area of the product works. Sometimes it takes a while to get to the correct person, but once you get there, they're usually super-knowledgeable, super-friendly and quick to reply. It can be tricky to find the right person. But I suppose that is the same in any company. 

Over the years, we have built up a contact network so we can usually contact the right people right away, as we are a Microsoft partner. But because this review is for everyone, I would suggest that you keep asking until you'll end up at the right people.

Overall, Microsoft is really attentive. Previously, you could say, "Can you show me the roadmap for the next three years?" and they would say "Sure." They don't really do that anymore because they say, "It now depends on what you want." We can help influence Microsoft how to prioritize. They have daily and weekly meetings where they discuss "What do people want now? How should we prioritize?" It's a totally new Microsoft compared with a few years ago. If I see something missing, they usually come up with it pretty quickly.

I see people moving from other solutions into Azure AD because they're not satisfied with the other solutions. 

The initial setup is a straightforward process, for such a complex technology. Although there are a lot of moving parts involved in actually setting it up, it is quite easy.

I've set this up for many and, in general, it takes less than a day to get things up and running. Then, of course, there's tons of optional configuration to improve and secure things, but just getting it up and running takes less than a day.

The implementation strategy used to be helping them get to the cloud, by doing things like making sure that they clean up the accounts in the on-premises solution and setting up the synchronization rules. But nowadays, most of my customers are people who have Azure AD in place already. So now I'm trying to enable and configure and improve security configuration. For example, you don't have to set up the passwordless feature and you don't have to do multi-factor authentication. They are optional. So my task now is more one of improving their configuration and turning on security features. A lot of it is secure by default, but some features require you to configure and set them up.

With the licensing there are so many features involved, and different features for different licensing levels. Those levels include the free version, as well as Premium P1, Premium P2. My approach with my clients is usually, "What kind of licenses do you have? Okay, let's improve this, because you have it already. You're paying for it already. Why not use it?" 

The next step is, "These features are included in the licensing you don't have. Do you think it's worth it?" I talk to them, I explain them, and I demonstrate them. They will usually say, "Yeah, we need that one."

I don't know other solutions really deeply. I know of them, but I'm a specialist who is focused on this one. But I realize, when I talked to other specialists in other areas, that they are solving the same problem, so they usually have similar solutions.

What Microsoft is winning on is that people used to say, "Buy the best product, the best in class or best in breed for each area." But that has changed now. "Buy the best ecosystem" is the better approach. If I have Azure AD as my identity and access solution, and if I also use Microsoft Defender for Endpoint and the Defender for Office 365, and other Microsoft solutions, I can then go to one portal, one place, and see how my apps are doing, how my users are doing, how my devices are doing, and how my data is doing. You get this super-integrated ecosystem where everything talks to each other. That is the strength.

In my opinion Azure AD is a fantasic standalone product, but you have so much more benefit from using it together with other Microsoft solutions.

The user usually doesn't care if we use Microsoft or any other vendor's to protect his identity or his computer or his data. They just want to do their jobs. But as admin, I see the advantage of using the same provider. I can actually create a query saying, "Show me all users who logged in to Azure AD from a device with this operating system, accessing this application, and who have a risk on their device, where a document is classified as sensitive." I can do all of that in one query for identity application devices and the data. That's the strength, having that insight into everything. And when it comes to security and Azure AD, Microsoft has 3,000 full-time security researchers, and they spend over a billion dollars each year on security research alone.

What's amazing is that the CIA, the FBI, and these big companies or organizations are using Azure AD, and they have really high requirements for audits and protection. As a "regular" organization, you can get the same level of security without have to ask for it. You get to ride on the coattails of that amazing security without spending $1 billion yourself.

If another Microsoft customer is hit by something bad, Microsoft is going to stop it for the rest of its customers. If you're the first to get hit by new bad malware, that may be tough, but all of the other customers are instantly protected because different customers share threat intelligence, in a way. You get the benefit of all the security discoveries that Microsoft makes, instantly.

Talk to someone who knows a lot about it. Sure, you can look at everything on the docs.microsoft.com page, but it can be hard to understand what each feature is and the value it give you. Talk to someone who knows both licensing and technology, to understand what's there and what you should pay for and what you should not pay for.

There are also a lot of good videos out there, like sessions from Microsoft Ignite. You also have the Microsoft Mechanics video series on YouTube with a lot of videos. So if you like to learn through video, there's a lot available for you. You can also go to docs of Microsoft.com and search for Azure AD. You will get like a starting page where you can learn the identity and access basics or also how you integrate apps. There is a link collection with everything and anything you would like to know. Or you can call me.

We are Security advisors. We help people, we train people, we implement it for them, we document it, we teach them, and we talk at seminars. We sell our knowledge. We don't sell solutions. There are 25 people in our company and five to 10 people are working with Azure AD. It's not that we need five for our daily operations, it's just that's how many of us are working with it. In general, a company might need one to five people working on it. If I need to set up a feature for five people or 500,000 people I do the same steps. The thing that is different in bigger companies, is that you need to communicate, you need to educate, you need to write Knowledge Base articles, you need to inform the service desk. All of those things are just to prepare users. But that has nothing to do with Azure AD. The technology is super-simple. It's more that the process around it is different in different companies.

I use it to manage users and devices in my environment. 

I'm also using it to control access to different services that we have and to manage and register applications. It is used to control access to applications that we use in our company. I do a lot of applications in Azure Active Directory, and then I also have a hybrid configuration in my environment. I'm able to sync my on-premise users in the cloud so they can have the benefit of cloud infrastructure while maintaining access control to provide them access to the services that they need in Azure.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

We have an unlimited number of users that we can register. We can register more than five hundred thousand objects. That is wonderful for us.

We can have an audit and we can easily audit logs. I'm able to know when the user logged in and what program they used. I can track everything. I can see activities and denial of access. 

I can create many users at one time using Excel. When we have a lot of people that join, I can just use Excel to perform the deployment of the platform by creating a user. It makes onboarding easier. 

We can manage access and onboarding by teams. It allows us to maintain privilege identity management.

The Entra admin center is also fabulous. 

The product provides a single pane of glass for managing user access. Everything is there. I can monitor from there. I can create a single sign on from there. I can create MFA (multifactor authentication) directly from the portal. I have more than two thousand devices that I manage and I can do everything centrally. 

The single pane of glass affects the consistency of the security policies we apply. It is easy for me to have access to the panel, and I can have a great view of what is going on in my Active Directory. I have a security score. I have the number of groups, number of applications, and number of devices right in front of me, in one place. This makes it easy for me to monitor it and check everything. 

There are good tutorials available for learning more about the product.

We are using the conditional access feature. We also leverage multi-factor authentication so that we can verify users by phone number, for example. It helps us verify effectively. The conditional access feature works well with Microsoft Endpoint Manager.

We use the verified ID to onboard new employees efficiently. We can now onboard in less than 30 minutes. It's also great for privacy and control.

The employee user experience has been positive. When they submit a ticket, it gets resolved in less than 15 minutes. It's very impressive.

I haven't had any issues with the product.

I've been using the product for three years.

The stability is wonderful. I'd rate it 9.5 out of ten. It's the best.

The scalability is good. It's very scalable. 

I've only reached out to technical support once when I was trying to access our agreement account. They set up a meeting and guided me through how to connect to it. I had a positive experience. 

I have used other cloud technologies like AWS or Google Cloud and they don't have the type of active directory where I can control everything. Azure is very powerful.

Previously, all of our active directory was on a Windows Server on-prem. Managing it was not easy. Finding user accounts, going to log in to the Windows server, going to log in to the active directory, et cetera, that previous process was too long. Now, it's easy. Now, you can log in and you have everything in front of you. 

With the old system, we needed to configure it and we were using Okta and we had a combination of many, many tools to be able to get results. Now, we can assign the role directly from OneClick, and we can also use the PowerShift LiveGuard template and it's easy. 

The product is easy to set up. You can set up an entire organization in one day. 

There is no maintenance needed. Microsoft takes care of everything. We just make sure that we check the synchronization. Even if there is a sync error, we will receive a notification. Usually, it fixes itself and syncs every hour.  

We handled the setup in-house.

We've saved more than 20 hours per week. The product is saving us a lot of time. It cut time spent by 45% to 50%. It's also saved us money as we only pay for what we use.

We pay monthly, and we only pay for what we use.

We are a Microsoft customer. 

I'd advise potential new users to read the documentation and make sure that they know what they are doing before they begin providing access to users. If they don't follow the requirements of their company before creating users, they could have a data breach or provide the wrong access.

You can have a centralized solution that provides secure access. You can manage everything from one portal. Azure makes it easy.

I'd rate the product ten out of ten.

We primarily use the solution for user integration; we have many users around the globe and use it for authentication syncing in Microsoft 365 and SSO, and the product provides a single point of use. Our environment encompasses many offices around the world. 

As we have a hybrid deployment, providing our engineers access rather than allowing them direct access to our Azure AD server is easier, reducing our security concerns. Our end users can also reset passwords themselves without going through our support or services teams.

The solution saves us a lot of time for our IT department and others. Taking into account onboarding, IT, and HR concerns, Azure AD gives us 50% time savings weekly.

Azure AD saves us a lot of money. 

Overall, the solution positively affects the employee user experience in our organization. We can manage all kinds of activities and other MS products from a single pane of glass, including users, endpoints, roles and permissions, mail, and more. This ease of management ensures a positive experience for our end users.  

Single sign-on, license management, and role management are the most valuable features. Integration with Microsoft 365 is also very valuable. 

Azure AD provides a single pane of glass for managing user access, which makes the user sign-on experience very consistent; users can access multiple applications with the same credentials.  

The single pane of glass makes the security policies we apply consistent.  

We use Azure AD Verified ID to onboard remote employees, and it's pretty quick.  

Verified ID is excellent for privacy and control of identity data; many options, such as multi-factor authentication, are available. 

We have used the solution's Permission Management, which provides good visibility and control over identity permissions. It's an easy feature to operate, and the portal is intuitive.

The custom role creation function could be improved as it's somewhat tricky to use. 

We've been using Azure AD for over five years. 

The product is stable. 

Azure AD is a scalable solution; we have around 10,000 end users managed by 12 to 15 engineers. 

The technical support team is good; I rate them eight out of ten.

Positive

We previously used an in-house Active Directory and Okta Workforce Management. Azure AD is more affordable, has the benefit of being a Microsoft product, and allows single sign-on from the same page. Onboarding products is more manageable with Azure AD, and we prefer to use the Microsoft suite rather than mixing and matching from multiple vendors.  

The initial setup was straightforward. 

Azure AD is worth the money and provides us with an ROI. 

The pricing is good; it's not cheap but very reasonable. 

I rate the solution nine out of ten, and I recommend it.