Microsoft Entra ID Reviews

The primary use case is as an authentication mechanism or platform for the ISV solution that we offer our customers. When they are authenticating to our application, Azure AD is the solution on the backend the customers are actually using.

I'm a software developer so I write a bunch of integrations between applications and one of them is Azure AD. Our organization itself uses Azure AD for our external solution, which we provide as the authentication mechanism.

The most valuable feature is the authentication platform. Whether that's for users authenticating to applications or for actual applications that we write, authenticating to Microsoft or other applications. We can do app registrations where we're doing client-side or client credential flow authentication from an external app to a hosted Microsoft app or whatever other app within the Microsoft catalog we want to connect to. The focus area has been around being able to integrate and connect to different Microsoft resources using Azure AD to actually provide the authentication piece.

There are a lot of areas where the data from a reporting standpoint is extremely granular. It is great that you're able to get to that data at the same time unless you actually are hands-on with the tool, as it can sometimes be overwhelming to actually be able to decipher what that means. So if you're looking at audit reports or another sort of logging, the amount of information is never the problem within Azure AD, it's trying to distill it down to the information that you want. I think the solution can improve by making the consumption of that data easier for the customers.

I've been working with the solution for five or six years at least. Probably longer. 

The stability is very good. I think it's gone down only a couple of times and when it goes down, there are bigger problems than just us. From my perspective, it is fairly stable.

I think the ease at which you can create new resources and the like from an overarching Azure perspective is phenomenal. I believe Azure AD is scalable. There are some pieces of it that are difficult to use. When assigning layered groups or layered roles to users, trying to figure out the access that a user has can sometimes be a little tricky. But overall I think it follows the Azure model, so it's easy to deploy new pieces as needed.

We have a little over a hundred total users. Azure AD is only accessed by a couple of people within our organization, and they're all based out of our home office in the US. The authentication mechanism is used around the world. We have offices around the US and in Europe that all sign in using Azure AD as the authentication piece. We have 250-ish groups and just over a hundred users.

Previously we used on-prem ADFS. At our organization, we integrate with a whole host of different identity providers; Ping, Okta, and those types, but we've always used a Microsoft product internally for our user setup and access. We switched to Azure AD because our product is also hosted within Azure. As part of that, we actually also switched to a hybrid cloud where we run both on-prem AD and Azure AD online.

There were a couple of hiccups along the way, but the initial setup was fairly straightforward.

The biggest issue for us was getting the sync working from on-prem to the cloud. That was the hardest part. As far as the deployment itself, we went and created an Azure tenant and then created the Azure AD or a portion of it. After that, setting up the sync was really the biggest part.

The implementation was completed in-house, and we integrate it from our product perspective.

Azure AD makes our work a lot easier, but I don't have an actual number to show an ROI.

We're a Microsoft shop, so it basically was the only option that we really had if we wanted to use Azure. Our services host Azure so it made sense for us to use Azure AD.

I give the solution a nine out of ten.

We actually integrate with Microsoft Entra and are able to add additional functionality to it. Entra does everything down to the entitlement level within applications, whereas our organization would go a little bit further and go to the object level. But from an overall user access perspective within our cloud environment, Microsoft Entra does give us visibility into what that user's assigned, based on their roles and group access.

We don't use Microsoft Entra in the way that most other companies are going to use it. We're looking at it from a strategic perspective for the security reporting application that we provide our customers. When a customer of ours would be using Microsoft Entra and they want to extend it to provide additional reporting or to actually go down and assign functions at the object level within their applications, they would use our organization to do that. I don't technically use Microsoft Entra to actually view what our users are looking at from a user access perspective.

I don't know if we use it internally at our organization, but in the majority of cases, the clients want to be able to have a place where they can do enterprise-wide identity management. And so that's what they are trying to get to with Entra. That's a question that a lot of our customers have across the board. The functionality that Entra provides is the ability to span across different either business applications or other third-party applications. The customer then has to be able to do identity-based access control from a single-pane-of-glass within our Azure AD instance.

I don't do the actual assignment within our organization from an Azure AD perspective. We extend what Microsoft Entra provides, from a feature functionality perspective. We have a separate IT team that would actually do the user creation and access assignment within Azure AD and I don't know if they use Microsoft Entra to manage all identity and access tasks within the organization.

We're a Microsoft ISV and we connect with a number of different ERP, CRM, and HDM-type systems, but we do security on compliance reporting and functionality.

We integrate with the solution. Customers that are using Entra, would or could use our organization when they need that extra level of detail. We use it for development purposes to actually create a working solution. We support that as far as when we do our reporting from our organizational perspective. I don't use Entra internally at our organization, so we integrate with it from a coding perspective. As far as features and functionality go, we integrate with it and we support it. 

We run the solution on-prem and then we sync that to Azure AD in the cloud, but it's on a normal public cloud, overall.

I think Azure AD is a no-brainer if you're a Microsoft shop and if you have other Microsoft products already. It boils down to what sort of office you're looking for. Being a development shop, it absolutely made sense to us to use Azure AD because we were already using Azure, so it could be included with that offering. If you're not a technical shop then I think you should have to look to see if it's something that you are going to manage, and how many other applications you manage within your organization from an access perspective. If you're doing that across 25, 50, or 100 different applications, then Azure AD is a great choice. If you don't really sign into too many things, then there may be more cost-effective ways out there. It depends on what your use case is.

We are a Microsoft partner, and all our internal computing is on Microsoft 365, managed by Microsoft ID and Intune. Entra ID serves as our directory containing all our users and guest users, and it's managed by Intune.

It simplifies the management of identities in our hybrid environment, covering on-prem and Azure. It streamlines integration with other Microsoft technologies like Authenticator, SSO, and MFA. Entra ID is crucial to our zero-trust model based on Microsoft security.

Entra ID's anti-phishing measures have improved our phishing response. We had phishing tests a month ago, and some employees still fell for it but the number has dropped. I think we've prevented some security incidents using Entra ID with other apps.

Entra ID is our directory that registers all users, guest users, and even labs. It's integrated with Microsoft technologies like Authenticator, SSO, and MFA, streamlining operations and creating a seamless environment.

Entra ID has limited integration with non-Microsoft solutions like iOS or Ubuntu. If it worked across different software and all kinds of devices could be managed under it, that would be great.

We have been using Microsoft Entra ID for quite some time, as it replaced Active Directory when we moved from an on-prem solution.

The platform is stable. We haven't encountered any problems.

It is deployed across all of our employees within the company and group of companies. If we had to deploy it further, it would be straightforward as we frequently deploy it for customers.

I rate Microsoft support four out of 10. Tier 1 and Tier 2 support could be better. It's not timely or professional. They often provide solutions we've already tried. 

Neutral

We previously used Active Directory, which Microsoft Entra ID replaced when we transitioned from on-prem.

Our in-house team handled the implementation.

Compared to other Microsoft products, the cost is not too expensive. There's a free tier available, though it doesn't include all features. Overall, it's well-priced.

We did not evaluate another solution before implementing Entra ID.

I rate Entra ID nine out of 10. 

I use Entra to log into systems and applications, mainly within the office for work-related tasks and for other applications that accept Microsoft Authentication. I always use my work ID to log in when I can. Within the organization, everyone has an ID, so I'm engaged with the onboarding process, but I don't create the IDs.

I don't know what they had before Entra, but if we didn't have the solution, we wouldn't have a security model for Microsoft 365 products like Outlook, Excel, and all the other Office stuff. We wouldn't have a secondary way to identify people. Entra hooks into everything else that Microsoft does, making it much easier to manage security across systems and platforms.

Entra has made securing our apps and resources more straightforward. Microsoft has updated security methods to make its authentication more secure. The solution has facilitated our Zero Trust Model. You can't use the computers without authenticating. There is no public access, so unless you sneak up behind someone and take over their computer, you can't do anything without an ID.

I'm not on the security team, so I don't know the effect of Entra on the number of security incidents. Anecdotally, I know that some people at my organization don't like passwords, and they've had to get over that. Those people have likely seen a drastic decrease in identity theft incidents.

I love how it uniquely identifies a person universally. If you have the email address, it will be the same account across most platforms. If everything is set up correctly, it's easy to identify a person and get all kinds of information about them from Azure or whichever system. 

Microsoft support has some room for improvement. I avoid contacting them because it can be time-consuming. They don't necessarily find the solution, but you have to be on call for them to connect and do things on your system remotely. You have to schedule a time to meet with them, and it's somewhat inconvenient.

I've been using Entra ID for about 12 years.

Entra has never gone down as far as I know, so it's 100 percent stable.

It's stable for our organization of about three hundred people and can handle scalability.

I rate Microsoft support six out of 10. 

Neutral

The biggest return on investment on Entra is improved security, ensuring our organization is less of a target. It works how it's intended and does a good job.

It's the most basic Azure service available, and I understand it's cost-effective. You need a tenant to use Entra to authenticate.

I would rate Microsoft Entra ID a solid 10 out of 10.

I use Microsoft Entra ID to manage and reset user passwords and set their requirements so they can access the environment.

The Entra portal offers a unified interface to oversee user access. Through the Entra portal, I can access my resources. I utilize the quick user and quick group features to assign users to roles according to their permissions, missions, and development tasks. This involves our EBAC and RBAC systems, assigning tools, and linking them to functions required for executing tasks. After completing these assignments, we place these users in groups and grant them access to specific resource environments, aligned with their designated tasks within those environments.

The Entra portal does not affect the consistency of the security policies that we apply.

The administration center for managing identity and accessing tasks within our organization operates according to the established protocols and procedures prior to its implementation. We utilize account provisioning, RBAC, authentication, authorization, password management, security, and incident management. These are all components that we have implemented to facilitate access and development within our environment.

There are certain things that have helped improve our organization. First, security. With Entra ID, we have been able to implement SSO capabilities for our applications and most resources in our environment. This means that we can use a single credential to access all of our resources, which makes it more difficult for hackers to gain access. It also makes it easier for our users to sign in to resources without having to remember multiple passwords. Second, Entra ID allows us to implement multiple authentication factors. This adds an additional layer of security by requiring users to verify their identity in more than one way. For example, they might need to enter their password and then also provide a code from their phone. This makes it much more difficult for unauthorized users to gain access to our systems. Entra ID also makes it possible to define roles and permissions based on each user's needs. This allows us to grant users only the access they need to do their jobs, which helps to protect our data and systems. Finally, Entra ID allows us to implement conditional access controls. This means that we can restrict access to resources based on factors such as the user's location or the device they are using. This helps to protect our data from unauthorized access, even if a user's password is compromised.

Conditional access is a way to make decisions about enforcing security policies. These policies are made up of "if this, then that" statements. For example, if a user wants to access a resource, they might be required to complete a certain action, such as multi-factor authentication. If a user tries to sign in from a risky location, the system will either block them or require them to complete an additional layer of authentication.

The conditional access feature does not compromise the robustness of the zero-trust strategy, which is a good thing. I have configured it in my environment based on primary monitoring. We have certain locations that we do not trust users from. If a user tries to sign in from one of these locations, which the system automatically detects, they will be required to complete an additional layer of authentication. With zero trust, we do not trust anyone by default. Anyone trying to access our environment externally must be verified.

We use conditional access with Endpoint Manager. When configuring conditional access, we consider factors such as the user's location, device, and country. These are the things that we put in place when configuring the policy. We create users, put them in a group, and then decide to apply conditional access to that group. So, this particular group has been configured under conditional access. This means that no matter where they are, what device they use, or what activity they want to perform in the environment, they will be required to meet certain conditions that have been configured in the conditional access policy.

We use Verified ID to onboard remote users. SSO is configured for this purpose so that users do not have to remember multiple IDs, passwords, or usernames. This can be tedious when logging in to multiple applications. Once SSO is configured for our users, we also configure self-service password reset so that they can reset their passwords themselves if they forget them. With SSO, users only need to remember one credential, their Verified ID. When they log in to an application, such as Zoom, they are redirected to the identity trust provider, which is Entra ID. Entra ID requires a sign-in. Once the user enters their Verified ID into Entra ID, they are redirected back to Zoom and are issued an access token, which allows them to access Zoom. In this way, users can automatically access all other applications in the system that they are required to use to carry out their day-to-day tasks in the company.

Verified ID helps protect the privacy and identity data of our users. Data access management is all about the user's identity. The three main components of data access management are identity, authentication, and authorization. Identity access management is about protecting user information and ensuring that they only have access to the resources they need to perform their jobs. Verified ID is an additional layer of security that helps to ensure that users only have access to the right applications and resources. It does this by verifying the user's identity and ensuring that the resources are being accessed by the right person. Verified ID also uses certificates to confirm the trust and security of the system.

Permission management helps with visibility and control over who has access to what resources in the environment. For example, an HR manager should only have access to HR resources. To achieve this, we put users into groups based on their job function, such as the HR department. We then grant permissions to these groups to access the resources they need. This way, no one in the HR department can access resources that are meant for the financial department. Permission management helps to reduce unauthorized access to resources and prevent data breaches. Before we grant access to resources, we perform a role-based access control analysis to determine the permissions that each role needs.

Entra ID has helped us save a lot of time by streamlining our security access process. From time to time we conduct an access review to ensure that only the right people have access to the environment and resources.

Entra ID operates on multiple platforms and devices, which reduces the time spent on manual tasks and increases productivity. Its ability to integrate across our centers worldwide, providing accessibility, has saved us money.

Entra ID has improved the user experience and performance. It has enhanced performance by saving users time from having to log into so many applications, systems, or plug-ins. Now, they can log in using their Entra ID. It has also helped with security by enabling multi-factor authentication, which has cut down on attempted hacks. Entra ID has also made enrollment easier for users.

The valuable features I use daily are enterprise application, conditional access, identity governance, password monitoring, and a password reset.

The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access. It would be more beneficial if Entra ID could be completely passwordless.

I have been using Microsoft Entra ID for six years.

Entra ID is stable. We have never had stability issues.

Entra ID is scalable.

I would rate Microsoft Entra ID a ten out of ten. I enjoy using Entra ID and I see the benefits of using it.

No maintenance is required, except for occasional log reviews.

I use it to access my work applications. When I install Microsoft Teams or Outlook, or I want to access my work applications, I authenticate myself using Microsoft Authenticator.

During the pandemic, one of the challenges for organizations was how to secure their IT networks. People were working remotely, and some of them were working from the remotest locations. It gave confidence to the organization that only the right person was getting access to work applications.

It also improves your customer experience or employee experience. You don't have to rely much on servers. 

Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most.

It does give you the confidence that no one else can access your details or can have access to your account because it does add a second layer of security. Even if someone hacks the server where my details are stored, unless and until I authenticate myself on MSA, even hackers won't be able to get into my account.

It works absolutely fine from the login perspective. You can also configure it on third-party devices, and it works pretty well. I haven't faced any issues from the login point of view.

They can improve how people manage their accounts. They can simplify and provide more information about adding or updating a phone number or email id in the MSA account. A lot of time users do get confused about where to go. For example, if I've changed my mobile number, where do I go and change my mobile number in the MSA account? A lot of time, employees think if they change the phone number in the HR database, it'll automatically get changed on the MSA account, which is not the case. Microsoft can simplify that and add these questions in the FAQ documents as well. They can provide more clarity about how it is different from your organization's database.

Voice recognition could be added going forward. With a smartphone, such as iPhone, as well as with Windows Hello for business, you already have facial recognition. Voice recognition is something that could be added going forward, especially for people with special needs.

I have been using it for a year.

It is quite stable. Coming from Microsoft, you don't question the stability factor at all. I have Microsoft Authenticator installed on my phone, and even when I switched organizations, I could simply add my new workplace email id, and it worked absolutely fine. It is quite stable, and it gives you a good user experience.

Scalability-wise, it is quite good. We were rolling it out to 150,000 people across the globe and different geographies. One of the good things is that Microsoft doesn't need any introduction anywhere. In terms of user experience, it is right up there. It is also right up there in terms of how different work applications align with it. I would rate it quite high.

Technical support was good. We didn't have to rely on Microsoft's technical support big time because the solution worked very well overall. We had our third-party technical support team involved as well.

Positive

Before Microsoft Authenticator, we used Okta Multi-Factor, and prior to Okta, we were totally relying on passwords, which was obviously very risky. 

We switched to Microsoft Authenticator because when you implement the whole Microsoft 365 suite, especially in a large organization, all the work applications sync pretty well with Microsoft, and you already have a good relationship with the vendor. 

It was initially on-prem, but later on, we shifted it to the cloud. When I joined the organization, it was already on-prem, and I helped to shift all the data from on-prem to Azure cloud. The process was a little complex. We had a few on-prem issues, and we had to redo the capability testing to check if those issues will arise on the Azure Cloud as well. It was complex because we were again asking some of the users who had changed their phone numbers to go and re-add their phone numbers. If they had the same phone number, it would have worked fine, but if they had changed the phone number, once it is shifted from on-prem to Azure Cloud, it wouldn’t have worked anymore. So, they had to re-add their phone number. The challenge was to identify those users and convince them to redo the activity. This switchover took about two quarters or six months.

We had a team of about 7 to 10 people from project management, change management, IT, and global IT teams. We are a massive organization. It was being rolled out to 150,000 people across the globe.

We did pilot testing across different functions and across different geographies. That's the standard practice that we follow in our organization.

We have seen an ROI. We were able to secure our IT networks by more than 80%. More than 80% of the audience did subscribe to MSA and used it for logging into their work accounts.

It took us two to three months to realize its benefits from the time of deployment. We did run a pilot batch. We were trying to customize the solution according to our network. Within a quarter, we were able to identify its benefits.

I'm not totally aware of the pricing and licensing, but I do know that the pricing and licensing must be quite balanced. We are a pretty old client of Microsoft, and MSA is just one of the services we use from Microsoft. There's a whole Microsoft 365 suite that's implemented as well. I'm sure it is something that is acceptable to both parties.

We were totally relying on Microsoft. We didn't evaluate any other vendor.

To those looking to evaluate this solution, I would advise doing proper pilot testing to iron out any hurdles later on. It is important to take a call on whether you want to adopt the on-prem model or the cloud model. Obviously, the on-prem model is not sustainable if you're trying to secure your IT networks. The cloud model is more sustainable in that sense. I would advise taking that call right in the beginning.

I would also advise considering how to secure third-party devices. There might be third-party contractors who don't have the company laptops, but they do have company email ids to log into the company accounts from their own devices. You should work out how you are going to add those devices to the secure cloud.

I would rate it a nine out of ten. In the next version, if they can come up with voice recognition, especially for people with special needs, it will be helpful.

We have a variety of use cases. The first thing we use it for is Microsoft 365 services. We utilize the single sign-on capability, for use with other SaaS applications. We use MFA, and use it as an identity provider, in general. We make use of the B2B Federation functionality based on Active Directory, as well.

We use a hybrid Azure Active Directory that works in conjunction with our on-premises Active Directory.

Azure AD has security features that have definitely helped to improve our security posture. Our hybrid environment makes it very easy for us to control when we need to integrate with third-party solutions. Normally, we do not allow integration with our on-premises systems and by requiring the third parties to integrate through Azure Active Directory, it gives us an extra layer of security. There is one-way communication from our on-premises Active Directory, which helps to secure our main controllers.

Another thing that we use extensively is conditional access, on top of the Azure Active Directory multi-factor authentication. We are quite happy with the metrics and reports, as well as the logging of risks, such as attempts to sign in from different areas.

So far, we haven't had any incidents. We've seen some attempts to steal our identities or to log in using our credentials but the security provided by this product, including conditional access and MFA, has stopped these attempts. From a security perspective, we are quite happy.

Overall, our security posture has improved, especially when we are talking about MFA. We have MFA deployed on-premises for all of our critical applications. Moving beyond this, to the cloud, I cannot imagine dealing with all of these different SaaS products without having AD or another cloud identity provider in place. We could use a competing product but definitely, we cannot survive solely with our on-premises solution.

This solution has improved our end-user experience, in particular, because of the single sign-on feature. Our users can quite easily begin working. For example, I've worked with other SaaS solutions and one thing that users complain about is the additional steps required for MFA. Some of the non-tech-savvy end-users sometimes struggle, but overall, I would say the experience is quite good.

We are a group of companies and have different Active Directory Forests and domains. Using Azure Active Directory, collaboration is much easier for us because we are able to configure it at the cloud level.

The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.

The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks.

The MFA has some limitations compared to the legacy version. We still use our on-premises version because it works with our legacy applications using certain protocols. 

I think that as Microsoft is going to the cloud, they are turning off the on-premises features too quickly because the functionality is not yet at par.

I would like to see more features included, such as some surrounding the lifecycle of licenses, and access management for non-Azure cloud applications

We have been using Azure Active Directory for approximately three years.

Prior to working with this company, I worked for Microsoft and I used Azure Active Directory as a user over a period of four to six years.

I'm pretty happy with the stability of this product. In all of the time that I have used it, I do remember a couple of instances where there was downtime. However, these did not last for a significant length of time.

I can recall that it went down one time, for approximately four hours, in several years. SLAs are definitely met by Microsoft.

Scalability-wise, it works for us. We haven't had any problems and it is quite scalable.

Our company has 4,000 employees, so it isn't very large but so far, so good.

There are two people who are administrators that are involved in the managing and administration of Azure AD. I do not have administrative rights. Rather, I am set up for viewing only. 

In general, I would rate Microsoft support a seven out of ten. Sometimes we needed to speak with different people about the same problem, and each time, we had to describe the situation from scratch.

I have no experience with other B2B Federation solutions, so I can't compare Azure Active Directory in this regard.

Our initial setup was complex in some ways and easier in others. The complexity stemmed from the fact that we are a bank, and the security team chose the most complex deployment. Because the security people chose the most complex options, they are missing things. For example, self-service password reset is not working for us because it's one-direction communication.

In summary, our initial setup was complex because it was chosen as such. Although it is the most secure, we are missing some benefits that we would have if we had chosen a different setup.

The deployment itself was not very long. However, the planning stage was lengthy because of the in-depth discussions with the security team. Overall, the deployment took perhaps two weeks or less.

Our deployment strategy was a rather high-level approach and considered that our primary identity provider is on-premises AD, which means that we were able to take some of the details from there. We did not have to consider everything from scratch. For example, our password hash is one-way, so there are no writebacks. We defined it this way because it's quite secure. Similarly, we needed integration with third parties, such as other cloud providers. This meant that we were not afraid if something is breached because there would be no impact on our Active Directory. The only impact from a problem would be at the Azure Active Directory level.

The cost of Azure AD is one of the biggest benefits, as it is available for use free of charge when you start with Office 365. It comes with the basic version of it and you can move to the more expensive plans with additional features, but these are still very competitive compared to other vendors.

By comparison, other vendors offered an independent MFA product but at quite an expensive price. With Microsoft, it was already included in the price. The bundling approach that Microsoft uses is good; although competitors may offer a more compelling solution, we already have access to the one from Microsoft at no additional cost.

We evaluated some other products from an MFA perspective but I have no hands-on experience with them. I received many good recommendations about both Okta and Ping Identity solutions.

My advice for anybody who is considering Azure Active Directory is that if they are going to use other Microsoft services, like Office 365, then it's no brainer. It's the perfect solution for situations like this.

If you're using a different stack, like Google, and you choose a different cloud provider like Google or Amazon, then if you are using Microsoft, it is still good to use Azure Active Directory. The costs are relatively cheap compared to others.

However, if you're not using Microsoft products, then I would suggest that you could look to other vendors like Okta, for example. I had quite a few good references regarding Okta and the Ping Identity products. Ultimately, you are free to choose but from a cost perspective, Microsoft is great.

I would rate this solution a nine out of ten.

We are using Microsoft Entra ID for single sign-on with our hybrid domain environment and for identity management with multi-factor authentication using Microsoft Authenticator. We plan to migrate our whole user base over to Microsoft Authenticator with MFA capabilities, possibly with certificate-based authentication.

We're still testing Entra and having implemented it on the application side. We'll soon start using application proxies to get into our line-of-sight businesses on-prem. 

We follow a least privileged access model, and Entra ID has helped us to avoid overextending access from the administrative side. And we plan also to implement it with devices. Our administrators are more careful when auditing access and ensuring everyone has access. 

We haven't implemented permission identity management, but we plan to use it. Entitlement management and dynamic grouping of Microsoft 365 groups are features I enjoy. From an administrative perspective, we can now manage users from a single pane of glass, which enhances efficiency. MFA will improve the user experience and increase organizational efficiency.

The implementation of other third-party MFA such as Okta or Duo could be improved, even though Duo is integratable. The response from actual support tickets is a bit laggy, and I would like them to be more responsive.

We have been using Microsoft Entra ID for about two years.

Entra's stability is great and consistently meets our expectations.

The scalability is excellent. We can scale Entra up and down as needed efficiently.

Our consultants are excellent and provide consistent help, but there is room for improvement in the responsiveness of actual support tickets.

Positive

We previously used on-prem Active Directory as our solution.

The initial setup was straightforward.

We did it all in house without any additional team.

We go through a reseller, CDW, who walked us step-by-step through the process. The pricing, setup cost, and licensing have been fairly straightforward.

We use Microsoft Entra ID for risk management of our users and compliance policies. We focus on automating processes, managing user identities, and placing them in appropriate groups with specific access roles. 

We do a lot of risk management for our users. We have a lot of compliance policies and custom assignments. We try to automate as much as possible. There are a lot of policies that take our users, identify where they should be, what back roles they should have, and put them where they need to be.

The management and risk assessments have become much easier. We can identify and address potential security threats quickly, especially given our mobile college student population. We have a lot of college students who are very mobile. It works with our CyFlare and security suite. This integration lets us know right away when we have somebody trying to impersonate. We get the notification right away. We can assess our risk factors and automatically put that user in a high-risk area. We can then initiate a contact to know what is going on. Are they in Mexico and Davenport, Iowa at the same time or did they put a VPN in?

We have a much better level of comfort. Everybody does not have admin rights. We need such a level of control considering the number of users that are out there. We had to get that in a bundle, and they have done a good job with that.

Microsoft Entra ID has allowed us to move forward with the zero-trust model. Unless you have control over your users and your authentication mechanisms, you have no control. It is our main portal coming into our security suite. They would not get to the security suite till they got through Microsoft Entra ID.

We have just stepped into the passkey. We like its simplicity. Our users are much happier that they are not thumbprinting, fingerprinting, and typing code numbers in. We are still a little leery, just because it could be a stolen device or stolen pass. Once they have that device in their hand, they are already halfway there. Between Entra ID, our policies and risk assessments, and the passkey system, we are on our way.

Implementing Microsoft Entra ID has not changed our organization's approach to defending against token theft and nation-state attacks a whole lot. Our security team has things locked down, and we have our network segmented, so you cannot jump. We do penetration testing almost daily. We have Entra ID and Defender. We monitor all that through API connections. We monitor any phishing and risk factors for our users and any anomalies in baselines.

So far, we find it working very well in terms of the detections, the risks, the events, and the logs that it sends us. Intercepting these attacks in the middle, seeing that the keys have been hit, and going into a more managed identity has helped. It gives us a feeling of security.

There has not been any reduction in the incidents. We have the same number of incidents, maybe an increase. However, we are catching them, and we know where they are coming from, so we can be more proactive instead of reactive.

Identity management with policies stands out as the most valuable feature. It offers a hands-off experience, providing full control over user access. The granular control, such as preventing logins from specific locations, enhances security significantly.

They are already improving it on a daily basis. They are all the time taking things away and adding things. I went through Update Manager which has all the automated, hot patching. With all the different things that Microsoft has been doing and adding, they are on the right path. It is moving so fast that keeping the knowledge on the IT side, for the people who have to use it, is going to be a bit difficult. 

Microsoft's biggest challenge is the documentation. The challenge lies in keeping documentation up-to-date due to rapid changes. Troubleshooting requires workarounds and research. I try to convert everything to graphs. There are a lot of commands that they say work in graphs but are not there yet. They are not functioning as expected. So, we have to try a workaround. It takes a little bit more research.

I have been using it for about four years.

It is becoming increasingly stable as time progresses.

Its scalability is impressive, aided by Microsoft's efforts to expand its data centers. It is growing so fast. It is growing faster that they could build the buildings and stuff them full of computers.

Our experience with Microsoft support has been good, despite occasional challenges caused by unexpected deprecations.

Positive

Prior to Entra ID, there were different systems such as Intune and Azure portal. Entra ID was integrated as part of the natural progression.

We are in the process of moving completely to the cloud. We are satisfied with the cloud and going all in. The process has been up and down because things are changing so fast. That is just the nature of IT. I have been in this for 30 to 40 years.

I implemented the system myself, gaining information from Microsoft documentation. At the school, I handled implementation without a reseller.

I have been at this job only a year. I was in the public school district. In the public school district, we had it for three years, and the return on investment was not requiring as many people to monitor and track intrusions. It reduced the need for hands-on monitoring and intrusion tracking, minimizing personnel requirements. We were not watching firewall logs and traffic the way we used to all day long. There has been about a 20% decrease in people required.

I just now started looking at it. Our CIO and CFO have brought us into the fold to show us what we are spending. From a pricing standpoint, with all the services that we get, we are okay. I do not see a problem with the pricing structure. We are getting our money's worth.

Microsoft Entra ID deserves a ten out of ten rating.