Microsoft Entra ID Reviews

There are many use cases. The main use case is identity synchronization to on-prem with AD Connect. Another main use case is related to conditional access. Automated licensing is also one of the use cases. 

It is also used for identity access management with specific workflows, rules, etc. Permission or role management for applications is another use case, but I have never used that in production. I have demonstrated it to multiple customers, but they were not there yet.

The main benefit is that you have one repository for identities. That is very important for main companies. If you have worked with or are familiar with the concepts of on-prem Active Directory, you can easily start with Microsoft Entra ID. You have everything in one area. You have application identities, workload identities, and other identities in one area. It is very convenient and powerful. It helps with centralized identity management. You can also connect with your partner organizations. It is quite powerful for collaboration with your partners, customers, etc.

Microsoft Entra ID provides a single pane of glass for managing user access. It is pretty good in terms of the sign-on experience of users. It is easy to understand for even non-technical people.

With this single pane of glass, we also have a good view of the security part or security policies. From an admin's perspective, we have complete logs of everything that is happening in almost real time. We have pretty much everything we need. In recent times, I have not come across many use cases that could not be covered.

With conditional access, you can make sure that you have control at any time. It is a part of the zero-trust strategy. Any access is verified. You have a very good grasp on identity and devices for compliance. You can manage any issues through Microsoft Entra ID. Most companies I have worked with let you bring your own device, and device management is very important for them. They have a tight grasp on who can connect and which devices can connect to their network or cloud resources.

There have been improvements in the onboarding and the leaving process. It has always been a challenge to make sure that people are given the right access right at the beginning and that their access is disabled at the right moment. Historically, while auditing clients, I could see people who left the company five years ago, but their access was still active. Permission management has been helpful there. It is a nice thing to implement.

In terms of user experience, we have not received any feedback from the users about Microsoft Entra ID, which is good because it means it is transparent to them. It works as expected.

My two preferred features are conditional access and privileged identity management. They are very powerful. I like conditional access a lot. It is an easy way to secure identities.

Privileged identity management helps to control who is requesting access, when, and what for. It gives you a nice overview of what is happening in your tenant and why people are doing certain things. You can easily detect outliers or if something is wrong. 

They can combine conditional access for user actions and application filtering. Currently, they are separated, and we cannot mix the two. I do not know how it would be possible, but it would be interesting.

For permission access, there can be a bit more granular distinction between Microsoft applications. Currently, you have a pack of things, but sometimes, you only want to allow one of the things and not the whole pack. For example, you just want to allow the Azure portal, not the whole experience. However, such scenarios are rare. Overall, I am pretty happy with where we are today. It is always exciting to do new things, but for the customers I have worked with, it covered 99% of the scenarios.

I have been using it since I started using Azure and M365. It has been almost six years.

It is very stable.

It is very scalable. I have not met any limitations, but I do not have clients with more than 2,000 users. 

I have used their tech support one or two times. It is pretty good. I would rate them a nine out of ten.

Positive

I have worked a bit with Okta and AWS IAM, but they are more expensive than Microsoft Entra ID. I last worked with Okta about two years ago. At that time, Okta was more advanced and intuitive in certain aspects.

Microsoft Entra ID is a no-brainer if you already do not have a solution and if you have on-prem Active Directory. If you already have something, then the choice can be different. Microsoft Entra ID works for various use cases because you have connectors with pretty much every application on the planet. You have a lot of possibilities to integrate. You can also integrate with on-prem. In terms of security, there are a lot of features to protect your identity. It is quite helpful and appealing, so if you do not have anything and you are going to use Microsoft technologies, it is a no-brainer. Similarly, if you are a cloud company just starting, and if you choose Azure, Microsoft Entra ID is a no-brainer. If you choose another cloud, you can go for another solution.

I have been working with cloud and hybrid deployments. There are a few cloud deployments, but I work a lot with hybrid deployments.

Its setup is straightforward. I am very used to it now, and for me, it is pretty straightforward. The deployment duration depends on the features that you want to enable. Features such as conditional access require discussions with the customers. Generally, two weeks are enough. You might also have to train the internal team on it, which could take a bit more time.

You do not require too many people for deployment. One or two people are normally enough.

In terms of maintenance, it is very easy to maintain. You might have to add another business case for your customers or simplify something you put in place. You have to be aware of the new features, etc.

Microsoft Entra ID must have saved organizations money, but I do not have the data.

Its price is okay. It is easy to go from a P1 to P2 license. It is not exactly a bargain, but I would recommend the P2 license.

Make sure to use MFA and conditional access wherever possible.

Overall, I would rate Microsoft Entra ID a nine out of ten.

We primarily use the solution for user integration; we have many users around the globe and use it for authentication syncing in Microsoft 365 and SSO, and the product provides a single point of use. Our environment encompasses many offices around the world. 

As we have a hybrid deployment, providing our engineers access rather than allowing them direct access to our Azure AD server is easier, reducing our security concerns. Our end users can also reset passwords themselves without going through our support or services teams.

The solution saves us a lot of time for our IT department and others. Taking into account onboarding, IT, and HR concerns, Azure AD gives us 50% time savings weekly.

Azure AD saves us a lot of money. 

Overall, the solution positively affects the employee user experience in our organization. We can manage all kinds of activities and other MS products from a single pane of glass, including users, endpoints, roles and permissions, mail, and more. This ease of management ensures a positive experience for our end users.  

Single sign-on, license management, and role management are the most valuable features. Integration with Microsoft 365 is also very valuable. 

Azure AD provides a single pane of glass for managing user access, which makes the user sign-on experience very consistent; users can access multiple applications with the same credentials.  

The single pane of glass makes the security policies we apply consistent.  

We use Azure AD Verified ID to onboard remote employees, and it's pretty quick.  

Verified ID is excellent for privacy and control of identity data; many options, such as multi-factor authentication, are available. 

We have used the solution's Permission Management, which provides good visibility and control over identity permissions. It's an easy feature to operate, and the portal is intuitive.

The custom role creation function could be improved as it's somewhat tricky to use. 

We've been using Azure AD for over five years. 

The product is stable. 

Azure AD is a scalable solution; we have around 10,000 end users managed by 12 to 15 engineers. 

The technical support team is good; I rate them eight out of ten.

Positive

We previously used an in-house Active Directory and Okta Workforce Management. Azure AD is more affordable, has the benefit of being a Microsoft product, and allows single sign-on from the same page. Onboarding products is more manageable with Azure AD, and we prefer to use the Microsoft suite rather than mixing and matching from multiple vendors.  

The initial setup was straightforward. 

Azure AD is worth the money and provides us with an ROI. 

The pricing is good; it's not cheap but very reasonable. 

I rate the solution nine out of ten, and I recommend it. 

The primary use case is as an authentication mechanism or platform for the ISV solution that we offer our customers. When they are authenticating to our application, Azure AD is the solution on the backend the customers are actually using.

I'm a software developer so I write a bunch of integrations between applications and one of them is Azure AD. Our organization itself uses Azure AD for our external solution, which we provide as the authentication mechanism.

The most valuable feature is the authentication platform. Whether that's for users authenticating to applications or for actual applications that we write, authenticating to Microsoft or other applications. We can do app registrations where we're doing client-side or client credential flow authentication from an external app to a hosted Microsoft app or whatever other app within the Microsoft catalog we want to connect to. The focus area has been around being able to integrate and connect to different Microsoft resources using Azure AD to actually provide the authentication piece.

There are a lot of areas where the data from a reporting standpoint is extremely granular. It is great that you're able to get to that data at the same time unless you actually are hands-on with the tool, as it can sometimes be overwhelming to actually be able to decipher what that means. So if you're looking at audit reports or another sort of logging, the amount of information is never the problem within Azure AD, it's trying to distill it down to the information that you want. I think the solution can improve by making the consumption of that data easier for the customers.

I've been working with the solution for five or six years at least. Probably longer. 

The stability is very good. I think it's gone down only a couple of times and when it goes down, there are bigger problems than just us. From my perspective, it is fairly stable.

I think the ease at which you can create new resources and the like from an overarching Azure perspective is phenomenal. I believe Azure AD is scalable. There are some pieces of it that are difficult to use. When assigning layered groups or layered roles to users, trying to figure out the access that a user has can sometimes be a little tricky. But overall I think it follows the Azure model, so it's easy to deploy new pieces as needed.

We have a little over a hundred total users. Azure AD is only accessed by a couple of people within our organization, and they're all based out of our home office in the US. The authentication mechanism is used around the world. We have offices around the US and in Europe that all sign in using Azure AD as the authentication piece. We have 250-ish groups and just over a hundred users.

Previously we used on-prem ADFS. At our organization, we integrate with a whole host of different identity providers; Ping, Okta, and those types, but we've always used a Microsoft product internally for our user setup and access. We switched to Azure AD because our product is also hosted within Azure. As part of that, we actually also switched to a hybrid cloud where we run both on-prem AD and Azure AD online.

There were a couple of hiccups along the way, but the initial setup was fairly straightforward.

The biggest issue for us was getting the sync working from on-prem to the cloud. That was the hardest part. As far as the deployment itself, we went and created an Azure tenant and then created the Azure AD or a portion of it. After that, setting up the sync was really the biggest part.

The implementation was completed in-house, and we integrate it from our product perspective.

Azure AD makes our work a lot easier, but I don't have an actual number to show an ROI.

We're a Microsoft shop, so it basically was the only option that we really had if we wanted to use Azure. Our services host Azure so it made sense for us to use Azure AD.

I give the solution a nine out of ten.

We actually integrate with Microsoft Entra and are able to add additional functionality to it. Entra does everything down to the entitlement level within applications, whereas our organization would go a little bit further and go to the object level. But from an overall user access perspective within our cloud environment, Microsoft Entra does give us visibility into what that user's assigned, based on their roles and group access.

We don't use Microsoft Entra in the way that most other companies are going to use it. We're looking at it from a strategic perspective for the security reporting application that we provide our customers. When a customer of ours would be using Microsoft Entra and they want to extend it to provide additional reporting or to actually go down and assign functions at the object level within their applications, they would use our organization to do that. I don't technically use Microsoft Entra to actually view what our users are looking at from a user access perspective.

I don't know if we use it internally at our organization, but in the majority of cases, the clients want to be able to have a place where they can do enterprise-wide identity management. And so that's what they are trying to get to with Entra. That's a question that a lot of our customers have across the board. The functionality that Entra provides is the ability to span across different either business applications or other third-party applications. The customer then has to be able to do identity-based access control from a single-pane-of-glass within our Azure AD instance.

I don't do the actual assignment within our organization from an Azure AD perspective. We extend what Microsoft Entra provides, from a feature functionality perspective. We have a separate IT team that would actually do the user creation and access assignment within Azure AD and I don't know if they use Microsoft Entra to manage all identity and access tasks within the organization.

We're a Microsoft ISV and we connect with a number of different ERP, CRM, and HDM-type systems, but we do security on compliance reporting and functionality.

We integrate with the solution. Customers that are using Entra, would or could use our organization when they need that extra level of detail. We use it for development purposes to actually create a working solution. We support that as far as when we do our reporting from our organizational perspective. I don't use Entra internally at our organization, so we integrate with it from a coding perspective. As far as features and functionality go, we integrate with it and we support it. 

We run the solution on-prem and then we sync that to Azure AD in the cloud, but it's on a normal public cloud, overall.

I think Azure AD is a no-brainer if you're a Microsoft shop and if you have other Microsoft products already. It boils down to what sort of office you're looking for. Being a development shop, it absolutely made sense to us to use Azure AD because we were already using Azure, so it could be included with that offering. If you're not a technical shop then I think you should have to look to see if it's something that you are going to manage, and how many other applications you manage within your organization from an access perspective. If you're doing that across 25, 50, or 100 different applications, then Azure AD is a great choice. If you don't really sign into too many things, then there may be more cost-effective ways out there. It depends on what your use case is.

I use Microsoft Entra ID to manage and reset user passwords and set their requirements so they can access the environment.

The Entra portal offers a unified interface to oversee user access. Through the Entra portal, I can access my resources. I utilize the quick user and quick group features to assign users to roles according to their permissions, missions, and development tasks. This involves our EBAC and RBAC systems, assigning tools, and linking them to functions required for executing tasks. After completing these assignments, we place these users in groups and grant them access to specific resource environments, aligned with their designated tasks within those environments.

The Entra portal does not affect the consistency of the security policies that we apply.

The administration center for managing identity and accessing tasks within our organization operates according to the established protocols and procedures prior to its implementation. We utilize account provisioning, RBAC, authentication, authorization, password management, security, and incident management. These are all components that we have implemented to facilitate access and development within our environment.

There are certain things that have helped improve our organization. First, security. With Entra ID, we have been able to implement SSO capabilities for our applications and most resources in our environment. This means that we can use a single credential to access all of our resources, which makes it more difficult for hackers to gain access. It also makes it easier for our users to sign in to resources without having to remember multiple passwords. Second, Entra ID allows us to implement multiple authentication factors. This adds an additional layer of security by requiring users to verify their identity in more than one way. For example, they might need to enter their password and then also provide a code from their phone. This makes it much more difficult for unauthorized users to gain access to our systems. Entra ID also makes it possible to define roles and permissions based on each user's needs. This allows us to grant users only the access they need to do their jobs, which helps to protect our data and systems. Finally, Entra ID allows us to implement conditional access controls. This means that we can restrict access to resources based on factors such as the user's location or the device they are using. This helps to protect our data from unauthorized access, even if a user's password is compromised.

Conditional access is a way to make decisions about enforcing security policies. These policies are made up of "if this, then that" statements. For example, if a user wants to access a resource, they might be required to complete a certain action, such as multi-factor authentication. If a user tries to sign in from a risky location, the system will either block them or require them to complete an additional layer of authentication.

The conditional access feature does not compromise the robustness of the zero-trust strategy, which is a good thing. I have configured it in my environment based on primary monitoring. We have certain locations that we do not trust users from. If a user tries to sign in from one of these locations, which the system automatically detects, they will be required to complete an additional layer of authentication. With zero trust, we do not trust anyone by default. Anyone trying to access our environment externally must be verified.

We use conditional access with Endpoint Manager. When configuring conditional access, we consider factors such as the user's location, device, and country. These are the things that we put in place when configuring the policy. We create users, put them in a group, and then decide to apply conditional access to that group. So, this particular group has been configured under conditional access. This means that no matter where they are, what device they use, or what activity they want to perform in the environment, they will be required to meet certain conditions that have been configured in the conditional access policy.

We use Verified ID to onboard remote users. SSO is configured for this purpose so that users do not have to remember multiple IDs, passwords, or usernames. This can be tedious when logging in to multiple applications. Once SSO is configured for our users, we also configure self-service password reset so that they can reset their passwords themselves if they forget them. With SSO, users only need to remember one credential, their Verified ID. When they log in to an application, such as Zoom, they are redirected to the identity trust provider, which is Entra ID. Entra ID requires a sign-in. Once the user enters their Verified ID into Entra ID, they are redirected back to Zoom and are issued an access token, which allows them to access Zoom. In this way, users can automatically access all other applications in the system that they are required to use to carry out their day-to-day tasks in the company.

Verified ID helps protect the privacy and identity data of our users. Data access management is all about the user's identity. The three main components of data access management are identity, authentication, and authorization. Identity access management is about protecting user information and ensuring that they only have access to the resources they need to perform their jobs. Verified ID is an additional layer of security that helps to ensure that users only have access to the right applications and resources. It does this by verifying the user's identity and ensuring that the resources are being accessed by the right person. Verified ID also uses certificates to confirm the trust and security of the system.

Permission management helps with visibility and control over who has access to what resources in the environment. For example, an HR manager should only have access to HR resources. To achieve this, we put users into groups based on their job function, such as the HR department. We then grant permissions to these groups to access the resources they need. This way, no one in the HR department can access resources that are meant for the financial department. Permission management helps to reduce unauthorized access to resources and prevent data breaches. Before we grant access to resources, we perform a role-based access control analysis to determine the permissions that each role needs.

Entra ID has helped us save a lot of time by streamlining our security access process. From time to time we conduct an access review to ensure that only the right people have access to the environment and resources.

Entra ID operates on multiple platforms and devices, which reduces the time spent on manual tasks and increases productivity. Its ability to integrate across our centers worldwide, providing accessibility, has saved us money.

Entra ID has improved the user experience and performance. It has enhanced performance by saving users time from having to log into so many applications, systems, or plug-ins. Now, they can log in using their Entra ID. It has also helped with security by enabling multi-factor authentication, which has cut down on attempted hacks. Entra ID has also made enrollment easier for users.

The valuable features I use daily are enterprise application, conditional access, identity governance, password monitoring, and a password reset.

The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access. It would be more beneficial if Entra ID could be completely passwordless.

I have been using Microsoft Entra ID for six years.

Entra ID is stable. We have never had stability issues.

Entra ID is scalable.

I would rate Microsoft Entra ID a ten out of ten. I enjoy using Entra ID and I see the benefits of using it.

No maintenance is required, except for occasional log reviews.

I use it to access my work applications. When I install Microsoft Teams or Outlook, or I want to access my work applications, I authenticate myself using Microsoft Authenticator.

During the pandemic, one of the challenges for organizations was how to secure their IT networks. People were working remotely, and some of them were working from the remotest locations. It gave confidence to the organization that only the right person was getting access to work applications.

It also improves your customer experience or employee experience. You don't have to rely much on servers. 

Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most.

It does give you the confidence that no one else can access your details or can have access to your account because it does add a second layer of security. Even if someone hacks the server where my details are stored, unless and until I authenticate myself on MSA, even hackers won't be able to get into my account.

It works absolutely fine from the login perspective. You can also configure it on third-party devices, and it works pretty well. I haven't faced any issues from the login point of view.

They can improve how people manage their accounts. They can simplify and provide more information about adding or updating a phone number or email id in the MSA account. A lot of time users do get confused about where to go. For example, if I've changed my mobile number, where do I go and change my mobile number in the MSA account? A lot of time, employees think if they change the phone number in the HR database, it'll automatically get changed on the MSA account, which is not the case. Microsoft can simplify that and add these questions in the FAQ documents as well. They can provide more clarity about how it is different from your organization's database.

Voice recognition could be added going forward. With a smartphone, such as iPhone, as well as with Windows Hello for business, you already have facial recognition. Voice recognition is something that could be added going forward, especially for people with special needs.

I have been using it for a year.

It is quite stable. Coming from Microsoft, you don't question the stability factor at all. I have Microsoft Authenticator installed on my phone, and even when I switched organizations, I could simply add my new workplace email id, and it worked absolutely fine. It is quite stable, and it gives you a good user experience.

Scalability-wise, it is quite good. We were rolling it out to 150,000 people across the globe and different geographies. One of the good things is that Microsoft doesn't need any introduction anywhere. In terms of user experience, it is right up there. It is also right up there in terms of how different work applications align with it. I would rate it quite high.

Technical support was good. We didn't have to rely on Microsoft's technical support big time because the solution worked very well overall. We had our third-party technical support team involved as well.

Positive

Before Microsoft Authenticator, we used Okta Multi-Factor, and prior to Okta, we were totally relying on passwords, which was obviously very risky. 

We switched to Microsoft Authenticator because when you implement the whole Microsoft 365 suite, especially in a large organization, all the work applications sync pretty well with Microsoft, and you already have a good relationship with the vendor. 

It was initially on-prem, but later on, we shifted it to the cloud. When I joined the organization, it was already on-prem, and I helped to shift all the data from on-prem to Azure cloud. The process was a little complex. We had a few on-prem issues, and we had to redo the capability testing to check if those issues will arise on the Azure Cloud as well. It was complex because we were again asking some of the users who had changed their phone numbers to go and re-add their phone numbers. If they had the same phone number, it would have worked fine, but if they had changed the phone number, once it is shifted from on-prem to Azure Cloud, it wouldn’t have worked anymore. So, they had to re-add their phone number. The challenge was to identify those users and convince them to redo the activity. This switchover took about two quarters or six months.

We had a team of about 7 to 10 people from project management, change management, IT, and global IT teams. We are a massive organization. It was being rolled out to 150,000 people across the globe.

We did pilot testing across different functions and across different geographies. That's the standard practice that we follow in our organization.

We have seen an ROI. We were able to secure our IT networks by more than 80%. More than 80% of the audience did subscribe to MSA and used it for logging into their work accounts.

It took us two to three months to realize its benefits from the time of deployment. We did run a pilot batch. We were trying to customize the solution according to our network. Within a quarter, we were able to identify its benefits.

I'm not totally aware of the pricing and licensing, but I do know that the pricing and licensing must be quite balanced. We are a pretty old client of Microsoft, and MSA is just one of the services we use from Microsoft. There's a whole Microsoft 365 suite that's implemented as well. I'm sure it is something that is acceptable to both parties.

We were totally relying on Microsoft. We didn't evaluate any other vendor.

To those looking to evaluate this solution, I would advise doing proper pilot testing to iron out any hurdles later on. It is important to take a call on whether you want to adopt the on-prem model or the cloud model. Obviously, the on-prem model is not sustainable if you're trying to secure your IT networks. The cloud model is more sustainable in that sense. I would advise taking that call right in the beginning.

I would also advise considering how to secure third-party devices. There might be third-party contractors who don't have the company laptops, but they do have company email ids to log into the company accounts from their own devices. You should work out how you are going to add those devices to the secure cloud.

I would rate it a nine out of ten. In the next version, if they can come up with voice recognition, especially for people with special needs, it will be helpful.

We have a variety of use cases. The first thing we use it for is Microsoft 365 services. We utilize the single sign-on capability, for use with other SaaS applications. We use MFA, and use it as an identity provider, in general. We make use of the B2B Federation functionality based on Active Directory, as well.

We use a hybrid Azure Active Directory that works in conjunction with our on-premises Active Directory.

Azure AD has security features that have definitely helped to improve our security posture. Our hybrid environment makes it very easy for us to control when we need to integrate with third-party solutions. Normally, we do not allow integration with our on-premises systems and by requiring the third parties to integrate through Azure Active Directory, it gives us an extra layer of security. There is one-way communication from our on-premises Active Directory, which helps to secure our main controllers.

Another thing that we use extensively is conditional access, on top of the Azure Active Directory multi-factor authentication. We are quite happy with the metrics and reports, as well as the logging of risks, such as attempts to sign in from different areas.

So far, we haven't had any incidents. We've seen some attempts to steal our identities or to log in using our credentials but the security provided by this product, including conditional access and MFA, has stopped these attempts. From a security perspective, we are quite happy.

Overall, our security posture has improved, especially when we are talking about MFA. We have MFA deployed on-premises for all of our critical applications. Moving beyond this, to the cloud, I cannot imagine dealing with all of these different SaaS products without having AD or another cloud identity provider in place. We could use a competing product but definitely, we cannot survive solely with our on-premises solution.

This solution has improved our end-user experience, in particular, because of the single sign-on feature. Our users can quite easily begin working. For example, I've worked with other SaaS solutions and one thing that users complain about is the additional steps required for MFA. Some of the non-tech-savvy end-users sometimes struggle, but overall, I would say the experience is quite good.

We are a group of companies and have different Active Directory Forests and domains. Using Azure Active Directory, collaboration is much easier for us because we are able to configure it at the cloud level.

The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.

The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks.

The MFA has some limitations compared to the legacy version. We still use our on-premises version because it works with our legacy applications using certain protocols. 

I think that as Microsoft is going to the cloud, they are turning off the on-premises features too quickly because the functionality is not yet at par.

I would like to see more features included, such as some surrounding the lifecycle of licenses, and access management for non-Azure cloud applications

We have been using Azure Active Directory for approximately three years.

Prior to working with this company, I worked for Microsoft and I used Azure Active Directory as a user over a period of four to six years.

I'm pretty happy with the stability of this product. In all of the time that I have used it, I do remember a couple of instances where there was downtime. However, these did not last for a significant length of time.

I can recall that it went down one time, for approximately four hours, in several years. SLAs are definitely met by Microsoft.

Scalability-wise, it works for us. We haven't had any problems and it is quite scalable.

Our company has 4,000 employees, so it isn't very large but so far, so good.

There are two people who are administrators that are involved in the managing and administration of Azure AD. I do not have administrative rights. Rather, I am set up for viewing only. 

In general, I would rate Microsoft support a seven out of ten. Sometimes we needed to speak with different people about the same problem, and each time, we had to describe the situation from scratch.

I have no experience with other B2B Federation solutions, so I can't compare Azure Active Directory in this regard.

Our initial setup was complex in some ways and easier in others. The complexity stemmed from the fact that we are a bank, and the security team chose the most complex deployment. Because the security people chose the most complex options, they are missing things. For example, self-service password reset is not working for us because it's one-direction communication.

In summary, our initial setup was complex because it was chosen as such. Although it is the most secure, we are missing some benefits that we would have if we had chosen a different setup.

The deployment itself was not very long. However, the planning stage was lengthy because of the in-depth discussions with the security team. Overall, the deployment took perhaps two weeks or less.

Our deployment strategy was a rather high-level approach and considered that our primary identity provider is on-premises AD, which means that we were able to take some of the details from there. We did not have to consider everything from scratch. For example, our password hash is one-way, so there are no writebacks. We defined it this way because it's quite secure. Similarly, we needed integration with third parties, such as other cloud providers. This meant that we were not afraid if something is breached because there would be no impact on our Active Directory. The only impact from a problem would be at the Azure Active Directory level.

The cost of Azure AD is one of the biggest benefits, as it is available for use free of charge when you start with Office 365. It comes with the basic version of it and you can move to the more expensive plans with additional features, but these are still very competitive compared to other vendors.

By comparison, other vendors offered an independent MFA product but at quite an expensive price. With Microsoft, it was already included in the price. The bundling approach that Microsoft uses is good; although competitors may offer a more compelling solution, we already have access to the one from Microsoft at no additional cost.

We evaluated some other products from an MFA perspective but I have no hands-on experience with them. I received many good recommendations about both Okta and Ping Identity solutions.

My advice for anybody who is considering Azure Active Directory is that if they are going to use other Microsoft services, like Office 365, then it's no brainer. It's the perfect solution for situations like this.

If you're using a different stack, like Google, and you choose a different cloud provider like Google or Amazon, then if you are using Microsoft, it is still good to use Azure Active Directory. The costs are relatively cheap compared to others.

However, if you're not using Microsoft products, then I would suggest that you could look to other vendors like Okta, for example. I had quite a few good references regarding Okta and the Ping Identity products. Ultimately, you are free to choose but from a cost perspective, Microsoft is great.

I would rate this solution a nine out of ten.

We use Office 365 for our emails and Office. As part of that, we have Active Directory on the cloud. We want to safeguard things, keeping in mind the recent upsurge in cyber attacks.

I get a single pane of glass view of all the users. I know who has been registered, who has joined, what their last activity was, and when they logged in. If I extend it, I can purchase Intune from Microsoft and I'll be able to do mobile data management.

Single sign-on is the reason we use AD.

I would like to see a better user interface. Right now, it's not that great. Maybe there could be a dashboard view for Active Directory with some pie or bar charts on who is logged in, who is not logged in, and on the activity of each user for the past few days: whether they're active or not active.

I have been using Azure Active Directory for about a year.

It's definitely stable, a 10 out of 10.

We are a small company so it is scalable, seamlessly. We don't even have 100 users, so we don't have any issues with scalability.

We were previously using Gmail, which didn't have anything of this sort, so we moved to Office 365 which has Azure AD. We have joined the domain controller using Azure AD now.

We were not involved in any deployment. It was automatic. The moment we signed in, we were part of Azure. It was straightforward. We just purchased our license, logged in, and we were automatically onboarded to Active Directory seamlessly.

It doesn't require any maintenance. It's managed by Microsoft.

There is a return on investment for us with Azure AD.

Azure AD comes with Office 365, so we are just paying for the Office 365 license.

We did not evaluate other options because Azure AD seems to be the market leader.

Azure AD is one place where you can manage all users and devices and it's safe and secure.

We are using Azure Active Directory (AD) for:

• Application authentication, which is single sign-on. 
• Multi-factor authentication (MFA). 
• Conditional access for people coming in from non-trusted networks, which are interlinked. 
• Azure AD B2B. 

These are the four big items that we are using.

The flexibility around accessing company systems from anywhere at any time has proven to be very helpful. Organizations decided during the COVID-19 pandemic, on a very short notice, to announce that everyone should be working from home. The good part was that our company was already working under Azure Active Directory, and most of our applications were under Azure at that time. For us, it was a very seamless transition. There were no major impacts on the migration nor did we have to do any special setups or need to configure networks. So, it was a very seamless experience for our users, who used to come into our office, to access systems. They started working from home and there was no difference for them. We did not have to do anything special to support that transition from working from the office to working from home. It was seamless. There was no impact to the end users.

Bringing our many hundreds of applications onto Azure Active Directory single sign-on authentication has had a big impact on users' productivity, usage, and adoption of enterprise applications because they don't need to log in. It is the same credentials and token being used for days and months when people use our systems with hundreds of applications being integrated. From a user perspective, it is quite a seamless experience. They don't need to remember their username, passwords, and other credential information because you are maintaining a single sign-on token. So, it is a big productivity enhancement. Before, we were not using a single sign-on for anything. Now, almost 90 to 95 percent of applications are on Azure Active Directory single sign-on.

The single sign-on is an amazing product. Its integration with the back-end, like MFA and conditional access, is very helpful for enterprise class companies because of changing dynamics as well as how companies and workers interact. Traditionally, companies used to have their own premises, networks, network-level VPN and proxy settings, and networks to access company systems. Now, anyone can work from anywhere within our company. We are a global company who works across more than 60 countries, so it is not always possible to have secure networks. So, we need to secure our applications and data without having a network parameter-level security. 

Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company.

The analytics are very helpful. They give you very fine grain data around patterns of usage, such as, who is using it, sign-in attempts, or any failed logins. It also provides detailed analytics, like the amount of users who are using which applications. The application security features let you drill-down reports and generate reports based on the analytics produced via your Active Directory, which is very helpful. This can feed into security operation centers and other things.

One of the areas where Microsoft is very actively working on enhancing is the capabilities around the B2B and B2C areas.

Microsoft is actively pursuing and building new capabilities around identity governance.

There is a concept of cross-tenant trust relationships, which I believe Microsoft is actively pursuing. That is something which in the coming days and years to come by will be very key to the success of Azure Active Directory, because many organizations are going into mergers and acquisitions or spinning off new companies. They will still have to access the old tenant information because of multiple legal reasons, compliance reasons, and all those things. So, there should be some level of tenant-level trust functionality, where you can bring people from other tenants to access some part of your tenant application. So, that is an area which is growing. I believe Microsoft is actively pursuing this, and it will be an interesting piece.

I have been using it for three and a half years.

We have worked very closely with Microsoft over the past few years. We were one of the early adopters as an enterprise. We worked very closely with Microsoft to develop many products and features.

Looking at our journey over the last three and a half years, there were a few stability incidents, which is understandable from any technology platform provider perspective. However, it was overall a very good experience with a stable platform. There were two or three major incidents in the last three years.

There are about eight people who handle the day-to-day maintenance. These people focus on single sign-on, multi-factor authentication, and Azure B2B.

The scalability is amazing. Microsoft gets billions of logins every day. They are scaling it every day. They announced an increase in the availability that the SLA guarantees from 99.9 to 99.99 percent from April of this year. Overall, it is very stable and scalable. These are things that we don't need to worry about.

It is fully rolled out to everyone in our organization.

Overall, the technical support is very good. Overall, if you follow the customer support route and raise an incident ticket, then they are very prompt. They work very closely and collaboratively with us. We have a dedicated technical account manager (TAM). We have governance in place. We engage with them bi-weekly. So, we have a pretty good working structure with them.

Identity within Microsoft is a separate division, and we work very closely with them.

We didn't use another solution before Azure AD.

The initial setup was straightforward.

How you plan the tenant and set it up is quite key. There are major components that you need to be aware of: 

• Are you planning to implement multi-factor authentication at the tenant level? 
• What type of conditional access policies do you want to implement? 
• What type of access governance do you want to put in? 
• What type of role catalogue do you want to maintain? 
• What type of structure of the AD organization you want to maintain? 
• What type of device registrations do you want? 

There are some prerequisite checklists available from Microsoft. However, these are quite fundamental decisions. If you don't take the lead on them, these decisions will impact you, then you have to go back and fix them later on. So, plan ahead. 

Initial deployment took us a few months across our organization, but we decided to use most of the elements at a very early stage. So, our use case could be different than other companies. Some organizations that I know have chosen not to deploy multi-factor authentication nor do self-service password reset to deployment, then the user community is impacted with that. It can differ organization to organization based on the scale, number of users, locations, etc. So, there are many factors involved. 

We phased out our deployment over a couple of years, focusing on single sign-on and multi-factor authentication, then self-service password reset and other components. So, we did it as a phased deployment with a small team of four or five people.

I strongly recommend the Microsoft GTP Teams, which are with their R&D division. They have a go into production, dedicated team who work with customers from an end-to-end lifecycle perspective. So, they will help you to build the tenant from scratch, following the right standards and guidelines. For us, it was straightforward, but we started this journey in 2017/2018. It is quite a mature product now.

We work with most managed service providers, like Infosys, TCS, Wipro, etc. We have had good experiences with them. Initially, we worked with Infosys.

We are closing all data centers. Therefore, to build or enhance any existing capability in applications, it could have been very a costly effort for us. Rather than building an authentication platform, we are using a standard-based approach where we just need to plug and play. Instead of going in and reinventing the wheel for every application, we are using a standard out-of-the-box service offering from Azure Active Directory, where we just consume that service, then users have a seamless experience.

Having a single supplier saves you loads of headaches from:

• Multiple suppliers and multiple technologies
• Integrating everything.
• Doing upgrades.
• Maintenance.
• In-house deployment
• Having multiple components of those solutions to work together.
• Managing multiple vendors, supplier support teams, contracts, renewals, and licenses. 

If you are dealing with one supplier with an out-of-the-box solution, which provides you end-to-end capabilities, then it is naturally cheaper and less of a headache to manage and operate.

This solution was the natural choice. There is no vendor nor supplier providing this type of capability right now in the market, especially considering people in organizations are using Office 365. So, it is the natural choice to not to go with a third-party supplier, then try to integrate those third-party solutions and technologies into Microsoft. It is one box and the same Office 365 tenant in the same environment where you operate all your settings. Therefore, it is a very natural, out-of-the-box solution.

Look at the market. However, look at it from an end-to-end perspective, especially focused on your applications and how a solution will integrate with your overall security landscape. This is key. Azure Active Directory provides this capability, integrating with your Office 365 tenant, data security elements, classifications, identity protection, device registrations, and Windows operating system. Everything comes end-to-end integrated. While there is no harm evaluating different tools, Azure AD is an out-of-the-box solution from Microsoft, which is very helpful.

Every day we are increasing the number of users and onboarding new applications. Also, we are growing the B2B feature. We try to use any new feature or enhancement coming in from Microsoft, working very closely with them. It is an ongoing journey.

Dealing with a single supplier is easier rather than dealing with five suppliers. Historically, if you have to do anything like that, then you will end up dealing with at least 10 different vendors and 10 different technologies. It is always interesting and challenging to manage different roadmaps, strategies, upgrade parts, licensing, and contracts. The biggest lesson learnt is wherever you can go with native-cloud tools and technologies, then go for it.

I would rate this solution as 10 out of 10.