Microsoft Entra ID Reviews

We are using Microsoft Entra ID for single sign-on with our hybrid domain environment and for identity management with multi-factor authentication using Microsoft Authenticator. We plan to migrate our whole user base over to Microsoft Authenticator with MFA capabilities, possibly with certificate-based authentication.

We're still testing Entra and having implemented it on the application side. We'll soon start using application proxies to get into our line-of-sight businesses on-prem. 

We follow a least privileged access model, and Entra ID has helped us to avoid overextending access from the administrative side. And we plan also to implement it with devices. Our administrators are more careful when auditing access and ensuring everyone has access. 

We haven't implemented permission identity management, but we plan to use it. Entitlement management and dynamic grouping of Microsoft 365 groups are features I enjoy. From an administrative perspective, we can now manage users from a single pane of glass, which enhances efficiency. MFA will improve the user experience and increase organizational efficiency.

The implementation of other third-party MFA such as Okta or Duo could be improved, even though Duo is integratable. The response from actual support tickets is a bit laggy, and I would like them to be more responsive.

We have been using Microsoft Entra ID for about two years.

Entra's stability is great and consistently meets our expectations.

The scalability is excellent. We can scale Entra up and down as needed efficiently.

Our consultants are excellent and provide consistent help, but there is room for improvement in the responsiveness of actual support tickets.

Positive

We previously used on-prem Active Directory as our solution.

The initial setup was straightforward.

We did it all in house without any additional team.

We go through a reseller, CDW, who walked us step-by-step through the process. The pricing, setup cost, and licensing have been fairly straightforward.

We've been using Entra ID in a hybrid scenario. We have an on-premise Active Directory that replicates to the cloud.

Scalability has been the biggest benefit. Moving more to a cloud footprint and leveraging Azure resources provides increased scalability and security. Entra helps us drill down into who can access our secure apps using resource groups, etc. We haven't had a security incident in the past two years, so we've been secure since going hybrid with Entra.  

The most valuable feature is the ability to establish resource groups and set permissions through RBAC across these groups.

The device-bound passkeys have helped us implement phishing-resistant authentication. We moved everybody to the authenticator app through Microsoft Entra and integrated that with our Azure applications.

We're more secure than we've been in the past. Our security score was poor when we implemented Entra ID. It was about 30 percent. We increased it significantly using recommendations from Microsoft about the authenticator app and other identity measures.

The transition from on-prem Active Directory to the Azure Cloud was difficult because there aren't group policy objectives. This is handled differently in the Azure cloud environment.

I've been using Entra ID for a little over two years.

We haven't had any issues since moving to the platform. It has been one hundred percent reliable without outages.

The scalability is perfect, allowing us to easily move more functions to the cloud.

I've never had to reach out to Microsoft support, which I consider a positive aspect. From what I've heard from colleagues, they'd rate Microsoft's technical support around an eight.

Positive

We previously used strictly on-premise Active Directory.

It was rough because we didn't have much experience in cloud space. It was pretty seamless after a couple of days of researching and powering through it.

We used Insight for the implementation. Their cloud engineers were amazing and helped us through many challenges.

The biggest return on investment is peace of mind, knowing I won't receive phone calls in the night.

The licensing model was straightforward initially. However, it has become more complex. It's not bad. The price has gone up a bit, but it's still affordable. 

We evaluated Amazon Web Services but chose Entra due to seamless integration, primarily because we are a Microsoft shop.

I'd rate Microsoft Entra ID as a 10 out of 10.

My company provides different types of support for different products. I am a Microsoft Azure support engineer for Azure Active Directory.

We work with multifactor authentication, federation, synchronization of on-premise services to the cloud, migrations from on-premises to the cloud, and role-based access to company services. I also work with the identity services of Azure. I work with certain cases where customers have issues with Office 365. That's because the administration and the role-based access come from the Azure platform. 

We're in the middle of the transition to unify more services. There are many services in terms of networking with the machines and storage accounts.

Azure is a platform, so it doesn't have a version.

Microsoft 365 is a part of the service of Active Directory. Currently, all the people and institutions, such as schools and universities, working from home are getting the benefits of Microsoft 365 in Azure Active Directory. They are indirect users of Azure Active Directory. That's because all the services are with the Azure platform, and all these identities are managed from the cloud. This service is providing a huge contribution to the whole world at this time. For example, my nephew is not going to school currently, but he has to connect every day through Microsoft Teams. I know that it is Active Directory that's managing this authentication, but he doesn't know that.

Azure provides many services related to security, data protection, identity, key networking, and management of the storage accounts with encryption. The whole environment is very secure. Azure works with the security of the services. It is in the backend, and it is the same platform as Microsoft 365 or Office 365. So, if you have Office 365, you're using Azure. The platform source is the same for Azure and Office 365 or Microsoft 365. It is the same platform to manage the users. At a certain point, I guess everything will be together because even though there are too many services, all of them rely on the same platform.

There is a secure way of managing the security and access to your services. If you use Azure in your company, you can manage the type of authentication that you want to use for security. For example, you can manage your company from on-premises and also use the cloud in a hybrid environment. This way the services that Azure provides on the cloud are available for the users that exist on-premises, and this is actually where I'm working right now.

The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.

For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory. 

For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.

The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them. 

Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.

I have been working with Azure Active Directory for two years.

Scalability is one of the main features of Azure. You can adjust the services that you have., You can increase them anytime, and if you are not using them, you can downgrade the services to the minimum. The scalability and elasticity are the key features of Azure. They allow you to manage all the resources that you have according to your needs. For example, if you are a big company that is going to have a lot of customers during a period and needs to duplicate or triplicate resources, you can get all those created immediately. When you don't need that many virtual machines, storage accounts, or web services, you can downgrade to the minimum. The pricing will be according to the service that you are using. This is one of the most attractive things for the customers because if you were on-premises, what would you do with all those desktops once you don't need them. On the cloud, it is different. If you don't need it, just remove the service, and you won't be charged. It is very flexible.

I provide support for Azure AD. This is my area of support currently, but sometimes customers have questions about different products or services. Because I'm working on Azure Active Directory, it doesn't mean that I only know about this specific product. We are constantly learning and getting trained. There are too many things to learn more about the Azure platform. I have worked for the billing and subscriptions team, which is a totally different type of support. If a customer has questions about billing, subscriptions, pricing, and discounts available on the platform, I can provide support. If a customer needs help with creating a virtual machine, I can tell the customer to work with another team. If I have the knowledge, I go the extra mile and help them. 

There have been situations where the customers had a ten-year-old server that was no longer supported, and all the services were very old. They were from the time when Azure started, and those services are called classic services. Most of those services are not compatible with today's technologies. In such cases, we had to let the customers know that they need to migrate the services, which can get tough for some of them because not all users have the resources to move services to new technology. In such cases, we work with other teams within our own company and try to find a solution. We always try to find a solution. We are not limited to one solution. We'll research for options and do some brainstorming with other teams, and most of the time, there are no cases that we can't close or are unsolved. Of course, customers might have been expecting a different solution, or they are not open to change, but at a certain point, they will need to accept that some of the resources that they have been using for more than 10 years are now obsolete. 

It is very simple. All you need to do is to create a subscription. When you create an Azure subscription, you will be creating an Azure account. If you are using Office 365, you already have an Azure Active Directory account.

If you go to Azure.com and use your credentials, you would be able to log in. So, you have a basic panel with services related to Active Directory, but if you need to deploy virtual machines or other paid services, you will need to purchase a subscription. I have my own environment, but I only use it for testing and for making records of customer issues to see what's happening or why the problem is coming.

It is a very easy-to-manage platform. There are many guides. As soon as you enter the portal, you will see all products and services. Every time you click on any specific service, you will find information about the service, its pricing, etc. You will get the required information needed on the platform. I also have experience with IBM's platform, but it was not as easy to handle as the Azure platform. 

The basic tier of Azure Active Directory is free, so many users use the service for free. For a small company having the security and compliance that Azure offers is a great benefit. For small companies that are using the basic services, not having to pay for Azure Active Directory is the main asset because they can manage their users and have authentications tools and security. 

You just need to create an Azure account to get a free trial or subscription. If you sign up for a free subscription, you will have $200 that you can use for a month on any services that you want to try or test. If you're planning to use a paid subscription, you can't have the first month for free until you spend those $200. At that point, you can decide if you want to continue using the platform. You will be paying only for the services that you use. If you have a virtual machine, but you don't use the virtual machine, you won't be charged for that virtual machine. There are, however, some limitations. If you choose to have storage linked to the virtual machine, the storage is charged differently. 

Azure has different tiers. You can use the standard free version. You can have the B1 license that gives you more services. There is a B2 license that extends to even more objects, more users, and more services. So, depending on the license that you have for the product, the capacity changes. The basic tier allows you to manage a certain number of objects, which can be users, groups, permissions, etc. The number is limited because you are using the free version. If you want to manage a bigger company or more objects, you can just purchase a B1 license. If you need more, you can change to the B2 license that's a top tier. 

If the size of your company changes or you need to reduce the number of licenses or services, you can always cancel licenses. You can go back to the lower tier at any time depending on your needs. Most of the big companies use the higher tiers because they have many employees. In domains like education, there are many students, so they need to use more licenses, but most of the small companies or users who are using it for a project use the free version.

If you need to purchase a service, for each and every service that Azure offers, there are different pricing tiers. For example, you don't have to purchase a virtual machine that is too expensive. There are basic virtual machines that may cost you $40 for one month. If you need a very specific machine to do a deployment, you can use it just for the deployment and then delete the virtual machine. You have to pay it only for the hours for which you used that machine, which is a great advantage. If you work with data processing or you're a developer who needs to test new software or a game, you don't need to pay a huge amount of money for a specific virtual machine. You will only be paying for the hours that you need to do the testing. You don't have to pay $6,000 for high-end technology. I know that the idea is to keep people using the virtual machine, the storage account, or any service they have, but if their needs are just limited for a few hours of the month, that's what they will be paying for. So, it is very flexible.

I would recommend Azure Active Directory to everybody. I would recommend others to use it to easily manage all the users. If you are dependent on an on-premises server, those servers may fail. Some people have too many old servers. If you move to the cloud, you don't have to worry about hardware maintenance.

Microsoft offers several ways to keep your data safe on the cloud. For example, you can choose replication. That means that your data will be at two different data centers. You can have your information at two different locations, such as in the east of the USA and in the west of the USA. If you are paying for higher services, all your information can also be in another country or region. So, all the information that a company may have in Azure will be protected if something catastrophic happens, which is something very important, especially for large companies. 

The improvements to the platform are constant, and the feedback that the customers provide to Microsoft is taken very seriously. They have a feedback page where the users can request new features or existing features that they are not happy about. Microsoft takes into account all these requests, and I see the response from the backend team or developers. I can see how they provide new products or good information about what they are doing right now to improve the services. Most of the requests are for new services and ideas, and most of those ideas are seriously reviewed. I can see that over the last few years, how many of these requests have become a part of the platform. So, you see improvements everywhere. There is also a change in Office 365, which will be soon known as Microsoft 365. They're changing the experience, and they are also changing the licenses to include more products. So, changes are constant. I am not saying this because I work for Microsoft. I have also worked for Amazon, and I see similar structures. They are making changes all the time.

Every day, I see the requests of customers and the response from Microsoft to those requests. When all these improvements are added to the platform, for those of us who are on support, the cases become easier to manage. It gets easier to provide solutions because we have more options to resolve the problems, and the customers also have more options. 

There are times when customers don't realize that the platform has changed and the services they used don't exist anymore. Usually, we provide support through Microsoft Teams and remote sessions. So, we go there, and we explain to the customer that they can do this because the platform allows them to select this and then do customization. So, everything is flexible. The customers sometimes are very surprised because they don't know that the platform has changed so fast. The experience of providing support becomes very nice when a customer is amazed by all the new features. They had been working in the old way, and they didn't know that they now have many options on the platform. In such cases, it is a very satisfactory experience for the customer and also for us. In some cases, it takes about 10 minutes, and the problem is solved. The customer becomes very satisfied with the solution.

I would rate it a 10 out of 10. I can't tell how happy people are when they call and are looking for such a service, and they realize that it already exists. They just didn't know about it. This rating is not based on the experience that I have in working with Microsoft; it is based on the experience of the customers I work with.

We have a variety of use cases. The first thing we use it for is Microsoft 365 services. We utilize the single sign-on capability, for use with other SaaS applications. We use MFA, and use it as an identity provider, in general. We make use of the B2B Federation functionality based on Active Directory, as well.

We use a hybrid Azure Active Directory that works in conjunction with our on-premises Active Directory.

Azure AD has security features that have definitely helped to improve our security posture. Our hybrid environment makes it very easy for us to control when we need to integrate with third-party solutions. Normally, we do not allow integration with our on-premises systems and by requiring the third parties to integrate through Azure Active Directory, it gives us an extra layer of security. There is one-way communication from our on-premises Active Directory, which helps to secure our main controllers.

Another thing that we use extensively is conditional access, on top of the Azure Active Directory multi-factor authentication. We are quite happy with the metrics and reports, as well as the logging of risks, such as attempts to sign in from different areas.

So far, we haven't had any incidents. We've seen some attempts to steal our identities or to log in using our credentials but the security provided by this product, including conditional access and MFA, has stopped these attempts. From a security perspective, we are quite happy.

Overall, our security posture has improved, especially when we are talking about MFA. We have MFA deployed on-premises for all of our critical applications. Moving beyond this, to the cloud, I cannot imagine dealing with all of these different SaaS products without having AD or another cloud identity provider in place. We could use a competing product but definitely, we cannot survive solely with our on-premises solution.

This solution has improved our end-user experience, in particular, because of the single sign-on feature. Our users can quite easily begin working. For example, I've worked with other SaaS solutions and one thing that users complain about is the additional steps required for MFA. Some of the non-tech-savvy end-users sometimes struggle, but overall, I would say the experience is quite good.

We are a group of companies and have different Active Directory Forests and domains. Using Azure Active Directory, collaboration is much easier for us because we are able to configure it at the cloud level.

The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.

The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks.

The MFA has some limitations compared to the legacy version. We still use our on-premises version because it works with our legacy applications using certain protocols. 

I think that as Microsoft is going to the cloud, they are turning off the on-premises features too quickly because the functionality is not yet at par.

I would like to see more features included, such as some surrounding the lifecycle of licenses, and access management for non-Azure cloud applications

We have been using Azure Active Directory for approximately three years.

Prior to working with this company, I worked for Microsoft and I used Azure Active Directory as a user over a period of four to six years.

I'm pretty happy with the stability of this product. In all of the time that I have used it, I do remember a couple of instances where there was downtime. However, these did not last for a significant length of time.

I can recall that it went down one time, for approximately four hours, in several years. SLAs are definitely met by Microsoft.

Scalability-wise, it works for us. We haven't had any problems and it is quite scalable.

Our company has 4,000 employees, so it isn't very large but so far, so good.

There are two people who are administrators that are involved in the managing and administration of Azure AD. I do not have administrative rights. Rather, I am set up for viewing only. 

In general, I would rate Microsoft support a seven out of ten. Sometimes we needed to speak with different people about the same problem, and each time, we had to describe the situation from scratch.

I have no experience with other B2B Federation solutions, so I can't compare Azure Active Directory in this regard.

Our initial setup was complex in some ways and easier in others. The complexity stemmed from the fact that we are a bank, and the security team chose the most complex deployment. Because the security people chose the most complex options, they are missing things. For example, self-service password reset is not working for us because it's one-direction communication.

In summary, our initial setup was complex because it was chosen as such. Although it is the most secure, we are missing some benefits that we would have if we had chosen a different setup.

The deployment itself was not very long. However, the planning stage was lengthy because of the in-depth discussions with the security team. Overall, the deployment took perhaps two weeks or less.

Our deployment strategy was a rather high-level approach and considered that our primary identity provider is on-premises AD, which means that we were able to take some of the details from there. We did not have to consider everything from scratch. For example, our password hash is one-way, so there are no writebacks. We defined it this way because it's quite secure. Similarly, we needed integration with third parties, such as other cloud providers. This meant that we were not afraid if something is breached because there would be no impact on our Active Directory. The only impact from a problem would be at the Azure Active Directory level.

The cost of Azure AD is one of the biggest benefits, as it is available for use free of charge when you start with Office 365. It comes with the basic version of it and you can move to the more expensive plans with additional features, but these are still very competitive compared to other vendors.

By comparison, other vendors offered an independent MFA product but at quite an expensive price. With Microsoft, it was already included in the price. The bundling approach that Microsoft uses is good; although competitors may offer a more compelling solution, we already have access to the one from Microsoft at no additional cost.

We evaluated some other products from an MFA perspective but I have no hands-on experience with them. I received many good recommendations about both Okta and Ping Identity solutions.

My advice for anybody who is considering Azure Active Directory is that if they are going to use other Microsoft services, like Office 365, then it's no brainer. It's the perfect solution for situations like this.

If you're using a different stack, like Google, and you choose a different cloud provider like Google or Amazon, then if you are using Microsoft, it is still good to use Azure Active Directory. The costs are relatively cheap compared to others.

However, if you're not using Microsoft products, then I would suggest that you could look to other vendors like Okta, for example. I had quite a few good references regarding Okta and the Ping Identity products. Ultimately, you are free to choose but from a cost perspective, Microsoft is great.

I would rate this solution a nine out of ten.

The use case for this solution is the access to Office 365, Azure subscriptions, and several software as a service platforms as well as other SaaS-developed applications that we provide access to, such as, OpenID Connect, OAuth, or SAML.

It is a central point where we provide the cloud lock-in for our company. We focus the multi-factor authentication within Azure AD before jumping to other clouds or software as a service offerings. So, it is the central point when you need to access something for our company within the cloud. You go to Azure AD and can authenticate there, then you move from there to the target destination or the single sign-on.

Azure AD added a different layer. We were able to add multi-factor authentication for cloud applications, which was not possible before. We also may reduce our VPN footprint due to the Azure AD application proxy. We have a central point where we have registered our software as a service applications that we obtain from other providers or the applications that we host ourselves.

The most valuable feature is the possibility to create multi-tenant applications alone, or in combination with Azure Active Directory B2C. So, you can provide access to applications for your external partners without having to care about the accounts of external partners, because they will stick it in there as an AD tenant. That is the feature that I like the most.

The solution has features that have helped improve our security posture: 

• A tagging mechanism that we use for identifying who is the owner of an application registration. 
• Conditional access and multi-factor authentication, which are adding a lot to security. 
• The privileged identity management feature that has arisen off privileged access management. This is helping a lot when providing access to certain roles just-in-time. 

They are also still developing several other features that will help us.

It does affect the end user experience. It depends on where they are. When they are within the corporate network, then they already have a second factor that is automatically assigned to them. When they are outside of the company, that is when they have to provide a second factor. That is mostly a SMS message. Now, with the Microsoft Authenticator app that you can install on your mobile phone, we are shifting towards that. This has reduced errors because you may just say that you confirm a message on your mobile phone instead of typing the six-digit code, hoping that you are still in time, and that you entered it correctly. So, it does affect our employees. We try to be up-to-date there.

Mostly, it affects security. It is an obstacle that you have to climb. For example, if you have to enter the code in from the SMS message, then you have to wait for the SMS message to arrive and copy the code, or you have to transfer the code from the SMS message into the field. We reduce that workload for employees by having them be able to receive a message on their phone, then confirm that message. So, security is less of an obstacle, and it is more natural.

The user administration has room for improvement because some parts are not available within the Azure AD portal, but they are available within the Microsoft 365 portal. When I want to assign that to a user, it would be great if that would be available within the Azure AD portal.

It would be awesome to have a feature where you can see the permissions of a user in all their Azure subscriptions. Right now, you have to select a user, then you have to select the subscription to see which permissions the user has in their selected subscriptions. Sometimes, you just want to know, "Does that user have any permissions in any subscriptions?" That would be awesome if that would be available via the portal.

I have been using it for more than two years now.

The stability is very good. They had a problem recently that was hopefully the exception. 

I am looking forward to the adjustment of the SLA that they increased from 99.9 percent to 99.99 percent. With this increase, which should happen on the first of April (not an April joke), this should be a huge improvement for the visibility towards the world because this is a commitment by Microsoft, saying, "We are taking care of Azure AD." I think that is a very good thing.

From my point of view, it scales very well. There are different possibilities to take care of it, depending on what you want to achieve. Lately, they introduced something like administration units, where you can achieve that even a bit further to restrict the access of your administrator to a certain group. So, that should be really helpful for even better scaling.

One company has around 50,000 users and another company has around 200 users. For the bigger company, there are several people involved, three to four people. They are taking care of application registrations as well as the Azure AD Connect synchronization to see if there are any errors, then clear those errors. However, it is mostly the application, registration, and configuration of the Azure AD.

The technical support is great. We have access to a special unit within Microsoft where we have additional support besides the technical support. So, it has been really good working with Microsoft.

We have other tools: 

• Red Hat SSO
• OpenID Connect
• OAuth
• Azure Domain Federation.

We just removed the Azure Domain Federation (AD FS), thanks to the Azure AD.

Deployment time really depends on how you set up your Azure AD. You might: 

• Want to set up Azure AD Connect, then the process takes longer. 
• Just use Azure AD, then the process is much faster. 
• Directly connect to another source of truth, then there is something in-between. 

It really depends on your situation. I would say it takes between an hour and a week.

For the company, I didn't set it up. I did set it up for myself, but that was a simplified situation and I found the process to be straightforward.

Make sure that you get the most out of your Office 365 licenses for Azure AD. If you have additional concerns for users who don't have an Office 365 license, consider Azure AD Premium P1 and P2. Be aware that you have to evaluate your license usage beforehand.

Consider the usage of Azure AD Premium P1 and P2 when you are not assigning Microsoft or Office 365 licenses. This is really important to get access to good features, like conditional access, privilege identity management, and accessory use.

I would rate Azure AD as a nine out of 10.

It underpins our application authentication and security requirements for internal users.

During the pandemic, it helped us carry on working securely as a business.

Azure Active Directory hugely improved our organization’s security posture. The ability to control access to resources has vastly improved.

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

On-premise capabilities for information and identity management need improvement but I know these are in pipeline.

I have been using it for five or six years.

The stability has improved over the last two to three years.

It has fantastic scalability. Globally, we have about 80,000 users. 

In each territory there are on average around 40 people managing the solution on the admin side. We also have SMEs for the harder tasks. Then you have people, like me, who are architects and determine approach and create designs.

Microsoft Premier Support is very good. We make good use of it. 

The free support is okay.

For mobile device management we used to have MobileIron and Blackberry. Those products have been removed in favour of Intune and Azure AD features. Other legacy security services will be removed in preference for the Azure equivalents. Strategically, Azure AD makes more sense for us. Cloud first is the strategic direction within my company.

It is a predeployed solution, creating the links between the on-premise system and SaaS system is moderately easy.

Our deployment took a month.

For a non-complex organization, the deployment process would be a lot easier than it is for a complex organization. There are a lot of business processes that need to be determined as well as a lot of conversations. The technology side of things is the easy bit. It is the design that takes awhile.

It was all done internally and using Microsoft Partners

We have only really bought into the solution over the last 12 months or so. We expect to see cost returns in the next 12 months.

If you get rid of all the products providing features that Azure suite can provide, then it makes sense cost-wise.

Microsoft Premier Support is an additional cost to the standard licensing fees.

Azure Active Directory and its feature set under a single vendor are unique in our market.

Compared to how it was five years ago, the solution is has really matured.

Make sure that business requirements are understood upfront and a design is in place before any services are deployed. Ensure the people deploying it understand the capabilities and implications of choices.

I would rate this solution as a nine out of 10.

We use Entra ID for single sign-on to all of our internal IT systems and public SaaS offerings within the company.

Entra ID streamlines permission management and authentication for most systems. It also unifies IDs, simplifies IT operations internally, and enhances security by enforcing a better security posture across the organization.

We like the ease of app registrations and single sign-on with Entra ID. It offers an easy way to add multi-factor authentication to nearly any application and system. 

We've used it within AKS clusters to do pod identities. That has greatly reduced the number of static credentials we have running around and drastically improved our security. Combining Entra ID with the amazing work of our AKS team has enabled us to shrink the blast radius of credentials given to applications instead of only at the node level. This has allowed us to scope down permissions to an application level instead of the Kubernetes cluster, making it more secure and much closer to a full zero-trust solution.

Entra has helped us fight token theft. We almost always use short-lived tokens, which help us address many of these challenges. They still exist for certain use cases, but they've been drastically reduced due to our ability to use short-lived tokens.

We have never had an identity-related attack because we're lucky. However, that's just a matter of time until we do in this industry. Not having them before does not mean that we're not better protected now

The automation aspects of Entra ID could be improved, particularly when automating through different providers and SDKs. It's somewhat clunky to automate ID management, but it's great once it's set up. I would also like to see better Terraform support. 

I have used Entra ID for the last three years.

The stability has been great. I haven't had any issues.

The scalability is great. I've hit no issues in terms of scalability.

I rate Microsoft support 10 out of 10. Microsoft customer service is the best in the industry. There are immediate answers to any issues that arise with great knowledge and a deep understanding of the product and business needs.

Positive

I've used multiple solutions in the past, including Google authentication and Okta. I switched mostly to consolidate and for a better feature set that integrated better with the rest of our Microsoft products.

The setup is one of the easiest I've seen in the industry. It's very easy to onboard.

We used ourselves since we're an integration company.

We have seen a return on investment. We already have Entra ID, and like many customers, we haven't used it to its fullest potential. We get a return from not needing to pay other vendors to do what we already had from Microsoft, which was better than the competition.

We evaluated Workspace ONE, Google, and Okta before switching.

I rate Microsoft Entra ID nine out of 10. Without good Terraform support, it will stay below a 10, but everything else is so great.

We have it synced to our on-premises Active Directory environment where we have some Active Directory servers. We use it for authentication into our cloud apps. We use it for SSO. Because it is connected to our Office 365 tenant, we use it for single sign-on for applications that support it. 

We also use it to evaluate risky sign-ins or risky activity for users. If there are user sign-ins from a geographic location that they would not normally sign in from, we get a notification for it, and we can investigate what is going on with a user's ID, if the person is actually there or not, and if we need to take any action on it.

Entra ID has primarily helped with security and some level of organization of our user environment and application access for staff.

Entra provides a single pane of glass for managing user access to some degree. We still have to use local Active Directory management for certain items or troubleshooting. It does not seem to extend management and troubleshooting down to the endpoint level or have the same sort of granularity as managing Active Directory directly from an Active Directory server.

Entra ID has helped to save time. It has saved four to eight hours of staff member's time per week.

In some ways, Entra ID has saved us money because using it for single sign-on for third-party applications means that we do not have to use a third-party solution such as Okta or OneLogin. It is a default solution. It comes out of the box, and it works with multiple applications, which means that we do not have to go the route of having a third party to have that same type of solution for us. In that sense, it does save us money, but I do not know how much it has saved because I have not priced out Okta or any of the other solutions. I imagine it is a fairly substantial amount that they would charge per user per month times the number of our users.

Syncing with our on-prem Active Directory is valuable because we do not have to keep multiple identities for each of our staff members. We can easily evaluate login risks and provide access for SSO via 365 into applications, such as Salesforce, and other things that we run our business on.

Certain aspects of the user interface can be rather clunky and slow. It can sometimes be circular in terms of clicking a link for a risky user sign-in and seeing what the risky login attempts were. It takes you in a circle back to where you started, so drilling down into details, especially if you are not in it every day and it is one of many tools that you use, can be difficult. It can be difficult to track down the source of an issue.

There should be better integration or support for FSMO roles and cross-tenant force management. If you want to enable it, it is tricky when you add Entra ID into the mix for domain sync or directory sync.

I have been using this solution for five years.

The Entra ID and Azure Active Directory support is quite good. Sometimes, it may take a little bit of time to get past tier one basic questions and basic pointing to support articles and talk to somebody who looks at your configuration and starts to understand what your specific challenges are, but once you get to that next tier of support, it seems like you are able to get answers very quickly.

I would rate their support an eight out of ten. A ten out of ten would be where you make one phone call and all solutions are given.

Positive

We did not have single sign-on capabilities for our SaaS apps. Prior to implementing our Azure environment, we did not have a cloud identity provider. It was all on-premises.

I was involved in the deployment and initial setup of Entra ID. It was not that difficult. It had medium difficulty. There is a Microsoft way of doing things. Microsoft certainly seems to have made things easier since then. Whenever I go back into the system, it looks like some of the usability improvements are there. 

I believe that we also contacted Azure support a number of times during our deployment, and they were quite helpful. They were helpful up to the point where I got contacted by a product manager for Azure Active Directory at the time, and they were able to walk us through some of the implementation challenges we had, so Microsoft, at least for us as we were adopting Azure and Azure Active Directory, had a lot of hands on help with getting set up. They are open to feedback as well. The implementation was about as difficult as I expected an implementation to be. It was not certainly a turnkey where it just works right out of the box, but I have had more difficulty implementing other Microsoft solutions.

It is good. We have Office 365 E3, and then that is tied in with Azure Active Directory. I believe that we only have to pay for our technician-level access or IT department access for Azure Active Directory Premium, which I am sure they call Entra Premium P2 licensing, so it is not a very large cost. We just adopted that, and that gives us a lot of insights into user security that we would not otherwise have. 

We looked at Okta. We looked at Cisco Duo. We looked at OneLogin. I believe that there was some cost that we would have to bear if we had adopted them. Okta looked like a very good solution, but Azure AD came integrated out of the box with our Azure environment and our 365 environment, so we decided to move forward with it instead.

We have started using Permission Management. We have not fully rolled it out yet. We have also not used Verified ID. It is something that is a little tough to implement because the documentation is not necessarily there yet. We have just started touching the surface of it.

I would rate Entra ID an eight out of ten. It is a good product. It works out well for an organization of our size. We are fairly small, and we have limited IT resources. We are able to use Entra ID for permissions management and access management. I am trying to learn more about secure access and secure edge type of solutions that Entra has. At this Microsoft event, the demos in Demo Theater 3 have been overflowing and overcrowded to some crazy degrees, so there is definitely demand for it. Microsoft can put these demos in a larger room because there is a lot of demand for it.