Cloud Consultant at a tech vendor with 11-50 employees
Consultant
2018-11-12T09:12:00Z
Nov 12, 2018
Right now I can't point out a particular feature, but sometimes when we work, it evolves. There are so many features that are out recently, so it'd be hard to set up MSA for obvious remote users, so users who are using Azure are hard to use it remotely. So, while we're setting that up, we have face of issues which show the limitations of Azure. Initially, we wanted to exclude specific users from MSA. So, we had a condition policy, which forces MSA for all the users. So we wanted to exclude users who are using an NPS extension. So it was not listed, as a NPS extension was not listed outside an application, in actual, so, we go back and were not able to exclude users using NPS extension from MSA. So that was one limitation that we found and we had to work around that. We noticed recent additions on display that have been in recent updates. On the board, there are some features that still need help.
The natural evolution of things because obviously Azure Active Directory has a way to authenticate against on-prem normally you would need to have a Domain Controller on-premise and have either SSO or or Federation Services to be able to engage those two components and be able to allow authentication. But, having everything on the cloud as this customer didn't want anything on-prem only their network devices and some security devices and the limited applications, apart from that, they don't have anything to authenticate users on-prem. Having everything in the cloud and Active Directory, Azure AD is not able to provide Kerberos or Kerberos authentication if you're running only Azure AD it is a limitation. I think it's the next evolution of things. That's what the future is going to look like. There will barely be a be a need for any stuff on-prem. Everything will be on the cloud.
I guess price would be the thing, and some of the proprietary lock-in. But, I guess documentation and support would be good. The features are fine. I wouldn't suggest any features because you can keep adding to it. But, its simplicity is that it works under its own ecosystem. It's nice and reliable. If you start adding all these extra things to it, it'll probably cause complications with some of the legacy things that are still slowly just hanging onto them. But, to look at more documentation, engineering, or an open standard would be nice.
Whatever business requirements we needed in the past three years, users were created, with the name of the user and they were not connected with the Active Directory. We were trying to in house in three years and with directory, but we were not able to achieve it. Based on that we have informed Microsoft. And now we have created the things that are connected to the cloud. In Africa, we do not have the same bandwidth with internet speed. This slows the connectivity and it provides challenges for our business.
One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece. Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.
Senior Technical Consultant at a tech services company with 51-200 employees
Consultant
2018-11-11T13:13:00Z
Nov 11, 2018
We found the ADFS being a redundant part of the solution. But, it was removed. The licensing is a bit confusing if you are not going into the premium model.
I think there is room for improvement with actually discussing, and advertising Microsoft as a an authenticator. Many people just get confused and use Google. It's weird because it's exactly the same way that it works. But it's there, it's definite region to start the people is more used to use their the Google authenticator instead of the Microsoft authentication. I think if Microsoft would make more of an effort to penetrate the market, that would be key. In addition, it would be nice to have a biometric authentication like voice ID, or any of your medical ID. This would be a nice additional feature for Azure to have.
Principle consultant at Active Data Consulting Services Pty Ltd
Real User
2018-10-28T09:34:00Z
Oct 28, 2018
It would be nice if it had some visualization tools. A bit of visualization would be really nice to show your Azure directory structure. It would be very good because you might have sub-domains and odds-and-ends going on. So, a bit of visualization would be really good. Being able to plug it directly into the video to produce models would be a really nice feature.
Microsoft Entra ID is used for extending on-premises Active Directory to the cloud, managing application access, enabling multi-factor authentication, and single sign-on. It facilitates policy enforcement and secure access, ensuring centralized identity management across cloud and on-premises resources.
Organizations utilize Microsoft Entra ID for robust user and group management, identity synchronization, and conditional access. Its seamless integration with third-party apps,...
The SSO MyApps interface is very basic and needs better customization capabilities.
Role-based access controls.
Right now I can't point out a particular feature, but sometimes when we work, it evolves. There are so many features that are out recently, so it'd be hard to set up MSA for obvious remote users, so users who are using Azure are hard to use it remotely. So, while we're setting that up, we have face of issues which show the limitations of Azure. Initially, we wanted to exclude specific users from MSA. So, we had a condition policy, which forces MSA for all the users. So we wanted to exclude users who are using an NPS extension. So it was not listed, as a NPS extension was not listed outside an application, in actual, so, we go back and were not able to exclude users using NPS extension from MSA. So that was one limitation that we found and we had to work around that. We noticed recent additions on display that have been in recent updates. On the board, there are some features that still need help.
The natural evolution of things because obviously Azure Active Directory has a way to authenticate against on-prem normally you would need to have a Domain Controller on-premise and have either SSO or or Federation Services to be able to engage those two components and be able to allow authentication. But, having everything on the cloud as this customer didn't want anything on-prem only their network devices and some security devices and the limited applications, apart from that, they don't have anything to authenticate users on-prem. Having everything in the cloud and Active Directory, Azure AD is not able to provide Kerberos or Kerberos authentication if you're running only Azure AD it is a limitation. I think it's the next evolution of things. That's what the future is going to look like. There will barely be a be a need for any stuff on-prem. Everything will be on the cloud.
I guess price would be the thing, and some of the proprietary lock-in. But, I guess documentation and support would be good. The features are fine. I wouldn't suggest any features because you can keep adding to it. But, its simplicity is that it works under its own ecosystem. It's nice and reliable. If you start adding all these extra things to it, it'll probably cause complications with some of the legacy things that are still slowly just hanging onto them. But, to look at more documentation, engineering, or an open standard would be nice.
Whatever business requirements we needed in the past three years, users were created, with the name of the user and they were not connected with the Active Directory. We were trying to in house in three years and with directory, but we were not able to achieve it. Based on that we have informed Microsoft. And now we have created the things that are connected to the cloud. In Africa, we do not have the same bandwidth with internet speed. This slows the connectivity and it provides challenges for our business.
One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece. Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.
We found the ADFS being a redundant part of the solution. But, it was removed. The licensing is a bit confusing if you are not going into the premium model.
I think there is room for improvement with actually discussing, and advertising Microsoft as a an authenticator. Many people just get confused and use Google. It's weird because it's exactly the same way that it works. But it's there, it's definite region to start the people is more used to use their the Google authenticator instead of the Microsoft authentication. I think if Microsoft would make more of an effort to penetrate the market, that would be key. In addition, it would be nice to have a biometric authentication like voice ID, or any of your medical ID. This would be a nice additional feature for Azure to have.
The licensing cost is a bit prohibitive.
It would be nice if it had some visualization tools. A bit of visualization would be really nice to show your Azure directory structure. It would be very good because you might have sub-domains and odds-and-ends going on. So, a bit of visualization would be really good. Being able to plug it directly into the video to produce models would be a really nice feature.