Microsoft Entra ID Reviews

We provide a pipeline for Azure Active Directory. We are working with premium clients, giving them services, like SaaS application services through Azure Active Directory. Also, we help external clients who are planning to migrate from on-prem to Azure Active Directory. We help them with the setup, etc.

We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.

We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.

The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features. 

There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users. 

Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.

Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.

Azure AD needs to be more in sync. The synchronization can be time-consuming. 

The availability is good. I have never experienced any downtime.

The scalability is great. If we will go with the custom installation version of Azure AD Connect, i.e., for many users, then we can go with the custom settings. 

I have one client with one tenant. We verified their domain and created many users. It was already on-prem, so we synced all the users from on-prem to Azure AD. We gave those users Office 365 permission from the Office 365 admin center. From there, we enabled the MFA and assigned the licenses. 

We have migrated 10,000 to 12,000 objects from on-prem to Azure AD previously.

Whenever I have logged a case with Microsoft, their technical support replies within 24 hours with an email and a call, which is good.

Previously, our clients only had on-premises Active Directory. They migrated to Azure AD because they didn't want to keep their on-prem environment. There are a lot of challenges with maintaining those servers and other costs. 

It is also a good service. From one console, we can manage many things. It is better if we can work with it from a single console, managing it all with fewer resources. With on-prem, there are many domain controllers that we need for various stages, and we have to manage all the domain controllers. Apart from that, we have to back up and monitor the server as well as do everything for the setup. 

It is a very easy process to set up. First, we need to collect all the information, e.g., the custom domain information, user information, and which kinds of applications the users want to access. All this information is needed. Based on that, we can just set up and go to the Azure Portal. We can go to the Azure Active Directory console from there, where we can verify the domain and do the management. It is a very easy process, which is not time-consuming. Though, if you want to design your own application (customize it) and provide access for a particular user or group, then it can be a bit of a time-consuming process.

I don't think more than one or two people are needed for the deployment. If we have all the information, then we can work alone. Not many resources are needed for this.

Azure AD has a good return on investment. We do not need as many servers, electricity, etc. We can save from a cost point of view. Apart from that, if we have a limited set of users, we do not need to go with the extended version of Azure Active Directory, where it costs a lot to enable these services. Azure Active Directory is a good option compared to on-premises. 

This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.

We are working with the Premium P2 licenses, which are reasonable. If you invest in the on-premises environment setup, then it costs so much. However, on-prem AD gives you the ability to manage your organization in a very organized manner, where you can create a group policy.

Azure AD provides identity access. If you have to go with the identity part only, then Azure AD would be the better option. If you will go with the various authentication authorization and security services, like group policy setup, then on-prem Active Directory would be better.

It is good service and easy to use.

I would rate the solution as a nine out of 10. They should be improving the solution all the time.

I have been dealing with Microsoft Entra ID, which is not as an Azure product, since 2000. So, twenty-five years now. It is now known as Microsoft Entra ID.

Microsoft Entra ID is built on a robust database infrastructure for finding objects with specific capabilities, be they users, computers, members of a company, machines, or whatever else. It historically stems from the X.500 system, developed for efficiently finding specialists, as demonstrated with the Apollo project. This historical foundation underpins its effective directory services in the modern context.

Currently, Microsoft Entra ID is a pretty service. It could benefit from implementing a specific large language model instead of LDAP queries to find resources and implementation details in one comprehensive scoop. This could replace existing document references with AI-driven support for faster implementation.

I have been dealing with Microsoft Entra ID since 2000, which is now rebranded to Entra ID as a Software as a Service product of Active Directory.

The infrastructure of Microsoft Entra ID scales to register and manage various resources, including large-scale directory services for users, computers, machines, etc.

I find the support excellent. If I have an investigation and I am not progressing well, contacting support results in responses within one or two days, usually with competent people. Because it takes some time, I rate it a nine out of ten.

Positive

There are different licenses with various capabilities, as with any service Microsoft offers. Microsoft sets pricing based on customer demand, adjusting to find the optimal balance between sales volume and profit per unit, similar to how Costco manages product prices.

I rate Microsoft Entra ID ten out of ten. It can be improved with large language models for better usability, but currently, it is quite efficient. Microsoft CEO Satya Nadella suggested transitioning all Software as a Service systems to agent-based large language model solutions, which seems promising. I am willing to be a reference for Microsoft and I am open to receiving contact from people with questions about my review. The solution is rated ten out of ten.

I use Microsoft Entra ID in my company for provisioning and deprovisioning identities and access.

In the organization where I work, Microsoft Entra ID helps automate the process of creating accounts and purging multiple accounts when they are no longer needed.

The most valuable components of the solution are provisioning and deprovisioning since both features work.

My organization is less familiar with some of the new tools in the market, so I don't know whether I can speak about what needs improvement in Microsoft Entra ID presently.

I have to absorb whatever I have learned about Microsoft Entra ID. I don't know if I can say what additional features need to be introduced in the product, but I can say that the product looks promising based on what I have learned about Microsoft Entra ID.

Attempts to simplify hooks to perform access management are not always easy, but in my organization, we might be able to make some progress in the future.

Microsoft's technical support has shortcomings where improvements are required.

I have been using Microsoft Entra ID since 2005. My organization plans to enter into a partnership with Microsoft, but presently, we are just a customer.

Microsoft Entra Verified ID is a very stable solution.

I have not had any issues with Microsoft Entra Verified ID's scalability feature.

There are 1,50,000 end users of the solution in my organization.

I rate the technical support a seven out of ten.

Neutral

My company has been using Microsoft Entra ID since the release of its earliest version, which was in the mid-2000s.

I was involved in the original deployment or initial setup of Microsoft Entra ID in my organization, and we found it to be a complex process. In the past, my organization was involved in the migration process from a custom Oracle-based solution to Microsoft Entra ID. Microsoft Entra ID was a product that was a new acquisition for Microsoft at the time, in which some custom development work by our company's team was required.

The product is used for our enterprise, an academic medical center with many different hospitals, owing to which the tool is deployed centrally.

The solution is deployed on hybrid cloud services offered by Microsoft Azure Cloud.

The product's deployment phase was carried out with the help of my organization's in-house personnel.

My company has not used many of the new features available with the product's new prices, so I cannot speak if I have seen an ROI from the use of the product in my organization.

I have seen an ROI from the use of the solution if I consider its past usage in our organization since we were able to eliminate work that a lot of people had to do manually, like the creation or deletion of identities.

I work for an academic medical center, where there is a watch kept over every dollar spent. I do have concerns about the micro charges for different levels or features of the product.

My company did consider a product from IBM against Microsoft Entra ID during the evaluation phase. My company chose Microsoft Entra ID since we were involved with Microsoft Active Directory Domain Services. Microsoft Active Directory Domain Services was a nicely tied product with Microsoft Entra ID.

Microsoft Entra ID provides almost a single pane of glass for managing user access, but not in my organization's environment because we have a little bit of custom work to do at our end. It looks like my organization might be able to see how the solution provides a single pane of glass for managing user access in the future.

A single pane of glass affects the consistency of the security policies, as it helps reduce a lot of confusion for the IT professionals who need to work with Microsoft Entra ID. It is very confusing when IT professionals have to bounce to different URLs to find access to tools needed to do their jobs, which was an issue for me, but it looks like there have been some improvements.

I don't use Microsoft Entra Verified ID.

I do use Microsoft Entra Permissions Management, but probably not the way it is designed to be used.

The solution has helped my organization's IT admins and the HR department save a lot of time.

The solution has helped my organization save money, but I cannot quantify it.

I ardently carry out processes where I build out and test a solution and then run a proof of concept before moving to a particular product. I suggest that others who plan to use Microsoft Entra ID consider the aforementioned aspects.

I rate the overall product a nine out of ten.

We use the solution for sign-on authentication to our devices.

During the pandemic, we were able to smoothly shift our employees to work from home. Azure Active Directory played a crucial role in ensuring the security of our systems by verifying the identity of the authorized personnel logging in.

We started using Azure Active Directory because it helped our IT administrators and department save time, which was one of the main reasons.

Azure Active Directory saved our organization money.

Azure Active Directory significantly enhanced the user experience for our employees. We observed a notable increase in employee usage and positive communication regarding their experience, particularly after the pandemic.

The two-step authentication is the most valuable.

I would like to have an additional security option to prevent spam.

The price has room for improvement.

I have been using the solution for five years.

The solution is extremely stable.

The solution is highly scalable. We are a school district that is compromised of seven schools. The solution is implemented in multiple locations, and we have over 200 employees and 1,600 students.

The technical support is good. They are always responsive and provide quick resolutions.

Positive

We were using Office 365 but all of the employees started to use their personal emails which affected security so we added Azure AD.

We obtained certification for the deployment of the solution. Microsoft provided a document outlining all the deployment rules and steps, as well as a planning team that provided instructions for all email templates. The deployment required three people.

The implementation was completed in-house.

We have seen a return on investment using Azure AD.

We are currently on the education plan, so the price is slightly better than the development plan. However, I believe there is room for even better pricing.

We assessed Google Cloud Identity but ultimately chose Azure AD due to the Microsoft product familiarity among our team. We believed the transition would be smoother, which has been confirmed. Moreover, since not everyone was using Gmail, it would have been challenging for them to learn a new system. However, at that time, everyone in our school was using Microsoft products.

I give the solution a nine out of ten.

We have a full-time IT staff and part of their role is to maintain the solution.

Azure AD is an excellent and highly stable product. Its user interface is intuitive for those who have prior experience with Microsoft products. With some training, deployment can be carried out successfully. Our deployment experience was hassle-free, but the pre-training we received proved to be very helpful.

We use it for various things in the organization:

1. Provisioning access to systems in the cloud for either internal teams or our partners' external teams. 
2. We use Azure AD for Windows device management with Azure AD Intune. We use them for the management of devices. We have company devices, laptops, or tablets all using Azure AD. 
3. Within Microsoft Azure, we use various services, e.g., Office 365, for granting the right level of access to the right people.

I am directly involved in the project. I know what is happening and being done by developers. I have also done some hands-on work in a test environment, using my own account, just to learn.

In our previous organization, we had to give continuous system access to users from external teams, who were not employed by our organization. This solution certainly helped with provisioning access to them, providing them with single sign-on access. It also monitored giant movers and leavers, which was helpful. 

Azure AD has massively affected our end-user experience. It provided a single sign-on for all our partners. They don't have to remember their password. They might be accessing 10 of our systems and don't really need to remember all 10 different user IDs and passwords. In most of cases, they are accessing our systems with their own organization's identity, so they don't need to remember a second user ID and password in addition to their organization's credentials. Requesting access is much better since it is all automated.

Their connection to the on-prem AD is a strong point. A lot of organizations already use on-prem Active Directory. That easily lends to using Azure AD compared to other providers. 

I like the automated provisioning of access, either for internal teams or external teams.

It has things like conditional access. For example, if someone is accessing sensitive information, then we could force them to do multi-factor authentication. Therefore, we can stop access if it is coming from a location that we did not expect. 

Compared to what we can do on-prem, Azure AD lacks a feature for multiple hierarchical groups. For example, Group A is part of group B. Group B is part of group C. Then, if I put someone into group A, which is part of already B, they get access to any system that group B has access to, and that provisioning is automatically there.

Geo-filtering is not that strong in Azure AD, where we need it to identify and filter out if a request is coming unexpectedly from a different country.

I have been using it for five and a half years on multiple projects.

It is very stable. In the last five years, we only had two major incidents on Azure AD. This is key for Azure services. If your Azure AD is down, then it brings down a lot of other services within Azure. 

It is very scalable.

My previous organization, which did power plant construction, had hundreds of partners at any time and about 10,000 internal staff. 

The product is extensively used. Many times, we have changed the way that we design based on new features introduced by Azure AD, so that drives what we do and how we design. Therefore, if they introduce a new feature, we send it straight on to be researched, then determine where we can use it. 

I am not directly in touch with technical support. I have never been on the other end calling Microsoft for technical support.

We didn't use another solution prior to Active Directory, which has been in place for a long time (20 to 30 years).

When we started using this feature, it saved time when provisioning access to users. Critically, it removed access to users who did not need access to the system. That was a significant improvement. Time-wise, we saved about tenfold. Its day-to-day maintenance is also much easier than without it.

We chose Azure AD when going to the cloud. It was key for us to maintain security within the organization. I don't think we could imagine securing our cloud without identity management as strong and rich as Azure AD. It is a key player in anything that we do on the cloud to secure resources and a critical element that determines our security.

I have set up test environments. The setup is easy, not difficult at all. This is one of the solution's strong points.

A lot of people already have on-prem Active Directory. It is a natural step to extend it to Azure.

Compared to other products in the market, the Azure AD deployment is the fastest. Depending on the size of the organization, it could take weeks or months to deploy.

For an organization of 10,000 users, there might be a team of five to six people supporting AD for day-to-day things.

Pricing-wise, they offer a stepladder approach. You can start with the lowest level features, then start increasing based on new requirements.

I have not really tried any other products, so I wouldn't be able to compare it with other stuff.

Start small, then expand it. When your organization wants to add Azure AD, you can try it on a smaller scale first.

I would rate it as eight out of 10. I am unfamiliar with other products in this market. That is why I am compelled to give it eight out of 10.

We mainly use Azure Active Directory for authentication, identity management, and single sign-on. A user can use a local Active Directory password to sign into other platforms, like Zendesk or Zoom. These on-premise users are synced to Azure Active Directory. We have some other users who only use cloud, so they don't have instances on-premise, i.e., they are pure cloud. Both of these types of users can authenticate their credentials with other applications and single sign-on. 

We use Microsoft solutions, such as Microsoft Endpoint Manager for mobile device management (MDM), Microsoft Defender, and Advanced Threat Protection (ATP). For our customers and clients, we do something similar. We also send logs from Microsoft 365 to different SIEMs.

We sync users from on-premise using AD Connect sync. We sync them to Azure Active Directory, where we have some instances. 

We have secure scores and compliance scores. These scores tell you your standpoint in terms of recommendations, vulnerabilities, etc. So, it can tell you what you need to configure to increase your security posture, then you can tell where you are. With the compliance scores, it will tell you what you need to do to improve it. The secure scores will tell you that maybe you should enable MFA for all users or that all admins should have MFA. It gives you a lot of suggestions and recommendations to improve your security posture. 

Microsoft Endpoint Manager acts as a mobile device management tool. It focuses on the firewall and does device compliance policy. There are a lot of policies that you can use to align your organization in regards to compliance and regulations. Also, there are security settings that you can enable.

In Microsoft Defender, it accesses the devices onboarded to your Microsoft Defender so you can see the vulnerabilities in terms of the applications installed on a system as well as the version of the OS that you are using. It shows you the patch management that you need to do for vulnerabilities. 

Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.

Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user. 

You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.

There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.

Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.

Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.

I have been using it for four years.

It is very simple to manage.

The scalability is massive. When you get your licenses, those should give you the limits of what you can do, but the limits are considerable. It should scale automatically as your workloads increase.

If enough customers have questions about something, the Microsoft product engineering team will pick it up, document, and design it, then publish it in Microsoft.

At a previous company, I was the technical lead and expert. We were Microsoft partners. So, we picked up tickets for Microsoft 365, working on different issues from eCommerce, Exchange, SharePoint, and OneDrive. 

You can maintain your previous investment in identity management solutions by just integrating them with Azure Active Directory. You can also integrate other solutions with Azure Active Directory, then use Azure Active Directory as a single sign-on.

The initial setup is straightforward. 

Active Directory is a place where all your instances, users, identities are being stored. You can create users and identities, then they are stored in Active Directory. Then, Azure Active Directory is just like a cloud-based scenario. When you create users, they are there. You can join devices to your Active Directory.

You need to have the user's information: their password, email, location and ID. All those things are being stored in Azure Active Directory. 

Deployment time depends on the scope of work. For example, a single user could take about 10 minutes to deploy, if you know what you are doing.

Deployment needs just one person to do it.

It protects your identity and keeps you secure. The return on investment is that it keeps your identity from being compromised or you being scammed. That is the investment that customers pay for.

Previously, only building and global administrators could purchase subscriptions or licenses. Mid-last year, Microsoft made it so users can purchase the license online.

Microsoft business subscription is for 200 to 300 users. If you have more than 300 users, you can't purchase the business plan. You have to purchase the enterprise plan. The enterprise plan is for 301 users and above. 

Pay as you go is also available. If you pay as you go in Azure, you will be billed for whatever you use.

I know AWS has something similar.

It is an excellent solution. I would advise going for it.

I have received several complaints from different people and customers too, "Why do I have to do it two times? I want to do it just one time." However, there is a reason for it - we are increasing the security layer. That is why it takes two times, because it is organizational policy. So, they just have to comply.

Previously, admins could only release quarantined emails, so you would need to speak to the admin to release them. Now, if a user's message gets quarantined, then the end user releases it.

If you have Microsoft 365, then you have Azure AD. They go hand in hand.

I would rate this solution as 10 out of 10.

We use Entra for things like, multifactor authentication, user backups, registrations, and other identity management tasks. 

We use Entra ID for 3,000 users, and there are multiple third parties integrated into it. The solution is part of the fabric of our company, so it's essential. 

The solution has saved IT administrators and HR staff time. We build Power BI dashboards on top of it to provide some insights. We're feeding all of the users into that. We've built an aggregator that takes all the sign-in logs and all of that data available in Entra and surfaces it through Power BI, so we can reuse it in different parts of our organization. It makes sense to build the dashboards in Power BI, so that it's centrally available and part of a bigger data set. 

Entra's license management features have saved us money because we can allocate licenses to groups and users. We've built reports on top of that license group user information. We can see how many licenses are being used and whether it's over-provisioned. 

I like Entra's ability to integrate the Active Directory with third-party solutions. It's straightforward. I like the ability to define third-party systems and make the AD the primary identity provider.

Entra offers a single pane of glass that helps us keep our security policies consistent. It helps to drive behavior through security and role-based groups. We use privileged identity management for elevated roles in security groups. 

I started using Entra when it was still called Azure Active Directory. It has been about 10 years. 

No one would say Entra isn't scalable. Some of our deployments were for large UK government projects. One of the largest Azure Active Directory deployments was at NHS which has 2.4 million users. We run and manage the identity part of that service for the NHS and a bunch of other things. 

We're involved with some massive deployments of that critical national infrastructure, including the governance and compliance around it. That's tens of thousands of endpoints. It's the NHS, so that includes people's local doctors, hospitals, and people in the supply chain. 

I rate Microsoft support five out of 10. It's just okay. 

Neutral

Entra isn't too difficult to set up. We follow the Microsoft cloud adoption framework. There's a phase that involves aligning with best practices and making sure it's secured appropriately.

Entra includes things like multifactor authentication, conditional access, etc., so I think it justifies the cost. 

Entra is fairly priced. We get it through an E5 license, so it isn't an issue.  It also costs nothing to our customers. 

I rate Microsoft Entra ID 10 out of 10. I would recommend it if you're using Microsoft or Azure. If not, I would still think about it because creating a tenant is free. There's only a licensing cost once you start putting users on it. 

We're using the solution for our customers. It's for those that may have been on-premises and moved to the cloud when it started to become mainstream. Users wanted to transfer their users and permissions and so on to the cloud and onto Azure.

Azure is the most comfortable cloud to work with. One company we worked with had infrastructure that needed to go to the cloud, and with Microsoft, it's very easy to move. The company is flexible in terms of how you want to handle a migration or configuration. There are a lot of features that help to implement different solutions and that makes it very easy to work with. 

We are using the solution on different projects. Depending on the project, we use different features. It's great for handling user groups and security policies.

We can use it with Office 365 and Exchange. 

It provides a single pane of glass.

It's given us good consistency in terms of the user's sign-on experience.

Microsoft makes a very good product. It makes the policies quite easy and everything is quite understandable. It provides different tools to implement the same scenario.

The admin center for managing all identity and access risks across an organization is very cool. 

Verified ID is very useful for onboarding remote employees. It helps with privacy control of identity data. It makes security very easy. It makes it simple to protect the client. This feature helps IT and other teams protect the business.

We used permission management about a year ago. I had some experience with AWS. I didn't use GCP. Mostly we use Azure. In our case, when we implemented it with the current client, we didn't have any issues with it. It was clear and very simple. It has helped us in a few cases reduce risk when it comes to identity permissions.

Sometimes the client doesn't need the full functionality; they just need a small part of it - and it still works in those cases.

The product has helped us save time in IT and HR. If you create your directory with some logic, it allows you to streamline tasks. It can help more quickly handle requests. The management aspect helps simplify user interactions with various departments.

Azure has very good services that showcase how much money you are spending. It gives you advice on how to protect yourself from spending too much money. It's helpful when we have new clients. You can show them the financials from Microsoft and it will help illustrate how much it costs, and how much it will cost if you scale. It's very transparent on how much money you would spend depending on the setup. 

It's had a positive effect on the employee user experience. 

Sometimes it is difficult to understand the structure of the menu. Sometimes they make some changes in the configuration structure and you might have trouble finding a button or some functionality based on a UI update. That can be annoying. Too many interface changes can make it confusing. 

The documentation could be better. Microsoft documentation is confusing. We do not like working with documents. There is not one big website where you can find whatever you want. Instead, there are thousands of websites that cover certain parts or services. On top of that, they often have old, out-of-date information that hasn't been checked. This is the most difficult part of dealing with Microsoft. 

I've used the solution for almost four and a half years.

The solution hasn't had any downtime. Everything works perfectly.

We've had some issues with performance around scalability. When we tried to deploy in certain areas, we didn't have enough scalability. This was an unusual situation. Typically, scalability is not an issue, however. 

Sometimes we contact technical support, however, not usually during the initial setup. We tend to fix any issues by ourselves. 

Microsoft has different support teams in different countries. Who you speak to depends on what service you are using.

Automatically, your request is sent to a certain team or location. We have had a lot of issues with the Azure DevOps team, which is routed to India and the level of support is much lower. We had to have multiple calls to close a very simple task.

Positive

I have not used any other different solution previously. 

I was involved in the initial deployment. The setups are always complex. 

How long it takes to deploy depends on the client. We've done it in two days or one week. However, the main work is typically done across two days.

We tend to have two to three people involved in the implementation. 

It doesn't require any maintenance on our side. 

Typically, we always do the setup by ourselves. We handle the setups for the clients. We sometimes ask Microsoft for input.

Microsoft has various pricing tiers. 

I've read about Okta, however, I have never used it or evaluated it.

We are a Microsoft gold partner. 

I've used the conditional access feature, however, not very often.

If your company has more than ten users, you need this service. It gives you a lot of features to help manage your organization. A small startup with a handful of employees likely won't need it. However, if you have an organization with a financial department, a developer department, et cetera, it will get complicated handling access and permissions. Without this solution, you can't be sure you'll be safe - especially as you scale up your employees.

We use different models, including on-premises and cloud.

If you are a regular user, you don't need any special knowledge. However, if you are a technician, you can take exams from Microsoft and find materials about the product and really learn about it. That said, anyone can get a sense of the product simply by searching for it on YouTube.

I'd rate the solution nine out of ten.