IT Central Station is now PeerSpot: Here's why

Azure Active Directory (Azure AD) Valuable Features

David Grain - PeerSpot reviewer
Founder, CEO at a computer software company with 11-50 employees

Being able to integrate with third-party solutions is the most valuable feature. These are solutions that produced software as a service and we haven't then had to bring that service to our own data or in our own directory. We can use our Azure identity to connect to their solution. Being able to connect to third-party applications in these identities is the best thing we've found.

Being able to use Azure AD means that you can use some of the Azure AD security features like Advanced Password Protection. As well as querying your normal password requirements like lengths and complexity, Azure AD has a feature in which you can put specific words. It can be words to do with your company, words to do with your company location, or words that a lot of your employees would otherwise use. You can disallow them. It's very good at making more obvious passwords, ones they're not allowed to use anymore. That's a good feature.

It has something called Dynamic Groups so that when a user joins the company and they get added to specific groups, Azure AD will add them dynamically to other groups that will give them access to some of the base applications.

We have certain sets of software that they have to be able to access. Instead of somebody who deals with new users having to add them into 20 different application groups, you need access to this, this, and this. The Dynamic Group update feature from Azure AD means that you can just put them in one group and say that they have a role, and it will automatically then add them to about six or seven other groups, giving them default access to other things as well, instead of having to do that. It means there's a lot less manual work when you get new employees.

View full review »
Luis Diego Quiros Calvo - PeerSpot reviewer
Microsoft Azure Active Directory Support Engineer at Tek-Experts

The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.

For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory. 

For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.

The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them. 

Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.

View full review »
Martijn Verbrugge - PeerSpot reviewer
Manager Infrastructure & Architecture at BDO Global

In our scenario, we use a lot of the business-to-business (B2B) features in Azure AD, which allows us to tie multiple Azure AD instances together. That is what we heavily use because every firm or country has their own Azure AD instance. We tie those together by using the B2B functionality in Azure AD. So, that is the most valuable part for us right now.

It has been very instrumental towards a lot of services we run, especially on the single sign-on side. For example, we have 160 countries that all run their own IT but we still are able to provide users with a single sign-on experience towards global applications. So, they have a certain set of accounts that they get from their local IT department, then they use exactly the same account and credentials to sign into global services. For the user, it has been quite instrumental in that space. It is about efficiency, but also about users not having to remember multiple accounts and passwords since it is all single sign-on. Therefore, the single sign-on experience for us has been the most instrumental for the end user experience.

We are using a whole bunch of features:

  • We are using privileged identity management, which is also an Azure AD feature. This allows us to give just-in-time, just enough access to privileged accounts. For example, normally you have a named account and you get a few roles based on that named account. If that is a very privileged role, that role always sits on your account all the time. When your account is compromised and the role is on the account, the people that compromise your account have that role. With privileged identity management, I can assign a role to a certain account for a specific amount of time and also for a specific amount of privileges, e.g., I can give somebody global administrator access, then revoke that after an hour automatically. So, when his/her account gets compromised, that role is not present anymore. 
  • We use conditional access. 
  • We use access reviews, which is basically a mechanism to access reviews on Azure AD groups automatically. So, the group owner gets a notification that they need to review their group member access, and they use that to do reviews. That is all audited and locked. For our ISO process, this is a very convenient mechanism to audit your group access.
View full review »
Buyer's Guide
Azure Active Directory (Azure AD)
August 2022
Learn what your peers think about Azure Active Directory (Azure AD). Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,645 professionals have used our research since 2012.
Tom Aafloen - PeerSpot reviewer
IT Security Consultant at Onevinn AB

Passwordless sign-in, which is one of the new features where you no longer need to have a password, is one of the great features. Passwords have always been hard for end-users, but not so hard to bypass for bad guys. It often doesn't matter how complex or long your password is. If a bad guy can trick you into giving it to him or can sniff your keyboard or your network, or access it through malware, your password doesn't matter anyway. So all the complexity, length of the password, and having to regularly change it is hard for users, but it doesn't stop hackers. And that's what makes passwordless so valuable.

Multi-factor authentication is good as it allows you to answer a notification or even an SMS or a phone call, but that has become more unsecure now because the bad guys are learning new way to bypass these methods. But using passwordless technology, you're not even using a password anymore. You're basically just signing a logon request without actually sending, typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple.

It also stops phishing, which is amazing. If someone tricks a user into going into the "Macrosoft" store or some other site that looks like the real site, they can trick the user into signing in there and then they can steal the password. But if the user is using passwordless, the passwordless solution would say, "Sorry, I don't have a relationship here. I can't sign in." In that way, it can stopping phishing, which is one of the most common attack vectors right now.

Another feature that has improved our security posture is Conditional Access where we can not only say "yes" or "no" to a sign-in, but we can also have conditions. We can say, "Sure, you can sign in, but you need to be part of the right group. You need to come from a managed client. You can't come in with a risky sign-in. You need to come in from a certain platform or a certain network." You can have a really complex set of rules and if those rules are not fulfilled you will not be able to sign in, or we can require MFA or even control the session. That is also a really good security feature.

The B2B feature is another good one where, if I want to give someone access to my my apps or data, instead of creating an account and a password and giving that info to the user, I can invite that user so he or she can use their own existing account. That way, I don't need to manage password resets and the like. The B2B feature enables collaborating with anyone, anytime, anywhere.

View full review »
Jonathan Stewart - PeerSpot reviewer
Director, Infrastructure at a retailer with 10,001+ employees

This product is easy to use.

The features that we use day in and day out are single sign-on, group capabilities, and provisioning capabilities. All of these are very useful.

This product has features such as Conditional Access that improve our security posture. Conditional access gives access only through a timeframe. We have certain policies that we set up, which could be a certain amount of time or it could be a certain type of access. These are examples of types of conditional access.

Another example of a security feature that helps us is Identity Protection, which will perform the automatic detection and remediation of risks.

We also have the ability to go in and investigate any risks using data within the portal, and it's all automated. It's nice in that sense.

These features have significantly improved our security posture and time for remediation. It would be difficult to estimate a time improvement in terms of a percentage, but being that it's automated and there is a portal that displays the risks in real-time, it's a very significant change. Previously, we had to go through and look at logs and those types of things, which was time-consuming compared to using the portal.

We also use multi-factor authentication, which is very useful because that gives another layer of security protection for our users. You have to have some sort of device that you can use to provide that second factor, and not just your username and password.

View full review »
Product Manager/Architect at a consumer goods company with 5,001-10,000 employees
  • Azure Application Proxy
  • Single sign-on capabilities for SAML
  • OAuth integrated applications
  • The multi-factor authentication piece was desirable.
  • Defender for Identity, as of recently.
  • Some of the services, like Microsoft MCAS solution. 

These features offer additional layers of security, which is kind of what we were looking for. 

Some of the self-service password utilities certainly helped, given the scenario of the world today with COVID-19 and lockdowns. We certainly benefited from being able to say, "Have our users changed their password remotely." When they connect to the VPN, then sync them back up with the domain. So, that was very beneficial for us as well.

View full review »
Bharat Halai - PeerSpot reviewer
Global Head of Identity and Access Management at Adecco
  • Single sign-on is the most useful at the onset. 
  • The dashboards offered are very granular, in terms of usages. 
  • We find the Conditional Access element and Multi-Factor Authentication side of things very useful. 

These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.

Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.

It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.

View full review »
NadeemAkhtar1 - PeerSpot reviewer
Principal Service Engineer at a energy/utilities company with 10,001+ employees

The single sign-on is an amazing product. Its integration with the back-end, like MFA and conditional access, is very helpful for enterprise class companies because of changing dynamics as well as how companies and workers interact. Traditionally, companies used to have their own premises, networks, network-level VPN and proxy settings, and networks to access company systems. Now, anyone can work from anywhere within our company. We are a global company who works across more than 60 countries, so it is not always possible to have secure networks. So, we need to secure our applications and data without having a network parameter-level security. 

Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company.

The analytics are very helpful. They give you very fine grain data around patterns of usage, such as, who is using it, sign-in attempts, or any failed logins. It also provides detailed analytics, like the amount of users who are using which applications. The application security features let you drill-down reports and generate reports based on the analytics produced via your Active Directory, which is very helpful. This can feed into security operation centers and other things.

View full review »
Solutions Owner at a manufacturing company with 10,001+ employees

Many of its features are valuable, including: 

  • facilitating application authentication 
  • privileged access management 
  • processes for attestation
  • access reviews.

The multi-factor authentication, similar to when you use your mobile banking application when you want to do a transaction, doesn't rely only on your username and password. It triggers a second factor, like an SMS to your mobile. It requires another factor for authentication. This is one of the standard services Microsoft offers with Azure AD Directory.

Privileged identity management is also a standard feature of Azure AD for privileged accounts. We make sure we do privileged role activation when it's needed so that we do not have sensitive roles active every day.

View full review »
HUGOMARTINEZ - PeerSpot reviewer
IT Manager at a renewables & environment company with 201-500 employees

Implementation of single sign-on with other vendors is quite easy. It might take a couple of hours and everything is running.

View full review »
IAM / IT Security Technical Consultant at a retailer with 10,001+ employees

The features I normally use are for authentication and authorization.

Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.

For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.

View full review »
hugodpereira - PeerSpot reviewer
Computer engineering student at a educational organization with 501-1,000 employees

The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.

The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.

One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.

It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.

View full review »
ManojNair2 - PeerSpot reviewer
Founder/Director at Augesys Solutions Pvt Ltd

We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune. As a user, I rarely go into Azure AD. I would rather go to Intune and work from there.

View full review »
Robertas Tamosaitis - PeerSpot reviewer
Cloud Architect at a financial services firm with 10,001+ employees

The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.

View full review »
SunilKumar14 - PeerSpot reviewer
Information Technology Specialist at Self-Employed

The most valuable feature is Identity and Access Management. As an IT administrator, this feature allows me to manage access for users and groups.

This product is easy to use and easy to manage.

The application policies, licensing, and AD Connect options are valuable.

Multifactor authentication provides more security. Having a user ID and password is compulsory but after that, you can add different security features. For example, it can work with biometrics such as fingerprints, retinal scans, and facial recognition. There are many more options that may suit you better, as per your requirements.

When you log in to the Azure portal, there is an option available called Resource Groups. Here, you can add multiple things including printers and different servers. There are Windows servers available, as well as servers hosting many different flavors of Linux. Once a server is created, you can add in a database, for instance.

View full review »
Flavio Neves - PeerSpot reviewer
Azure Cloud Architect at a manufacturing company with 10,001+ employees

If we're talking about applications, one of the most valuable features is the administration of enterprise applications. It helps us to keep them working. We don't always need to authenticate a user to make an application work, but we do need some kind of authorization. We use service principal names for that. Managed identities for applications are very useful because we can control, using roles, what each resource can do. We can use a single identity and specify what an application can do with different resources. For example, we can use the same managed identity to say, "Hey, you can read this storage account." We can control access, across resources, using a single managed identity.

When it comes to users who have a single account, the most valuable feature is the authorization across applications. In addition, access policies help us to keep things safe. If we have a suspicious login or sign-on, we can block the account and keep the environment safe. It's also important, regarding users, to have a centralized place to put everything.

The user functionality enables us to provide different levels of access, across many applications, for each user. We can customize the access level and set a security level in connection with that access. For instance, we can require MFA. That is a feature that helps enhance our security posture a lot. And through access policies we can say, "If you just logged in here in Brazil, and you try to log in from Europe five or 10 minutes later, your login will be blocked."

View full review »
Suryakant-Kale - PeerSpot reviewer
Chief Technology Officer at a healthcare company with 5,001-10,000 employees
  • The authentication process, e.g., multi-factor authentication.
  • Directory Domain Services.
  • Azure AD Connect (sync services).
View full review »
Adewale Oluwaseyi - PeerSpot reviewer
Technical Lead at Freelance Consultant

The most valuable aspect of the solution is the ability to create users and host them in Azure AD. That is the bedrock - whatever it is you are doing, you're building on the fact that you have users created. We have Microsoft Teams to manage users and also to manage groups which allow us to manage collaborations and do all sorts of things.

Azure AD has features that have helped improve our security posture. It contains the Azure audit logs that allow you to also audit activities in the organization including those that have happened over a period of time. There is Azure sign-in that allows you to check for sign-in over a period of time for users.

From Azure Active Directory you can actually identify the IP address and run checks or maybe block the IP to improve the security posture of the organization.

The Azure sign-on and audit logs are very handy for a regular admin. They offer the most basic admin solutions to carry out activities on Azure security settings to identify potential threats and carry out some corrective actions on it.

We can use Azure Active Directory to deploy enterprise applications to incorporate third-party applications into the organization and make them available to users. You can put in place multilingual authentications and you can specify the kind of authentication you want to be available for your organization.

Most recently, you can use password-based authentication and multi-factor authentication, which allows for the ability to bring on third-party applications and to incorporate them and deploy them for users.

With Azure Conditional Access you can specify network locations where you want some of the services in the organization to be available to users, and where you don't want users to have access. You can customize and define conditional access to whatever suits the organization and based on what you want, including information protection. You can get conditional access depending on the license you have.

View full review »
Khadim Ali - PeerSpot reviewer
Dynamics 365 CRM / Power Apps Developer at Get Dynamics

The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.  

I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.

The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.

The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.

View full review »
Cloud Architect

The most valuable feature is the conditional access policies. This gives us the ability to restrict who can access which applications or the portal in specific ways. We are able to define access based on job roles. For example, I'm primarily in the infrastructure team and only certain people should be able to connect to the Resource Manager. We can also define which IP addresses or locations those people can connect from before they can access the portal.

View full review »
Senior Infrastructure Security Engineer at a tech services company with 51-200 employees

Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.

Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user. 

You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.

There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.

Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.

View full review »
Delivery Practice Director at a computer software company with 201-500 employees

The solution's ease of use is one of its most valuable features. You can access it anywhere and the integration into existing and some legacy applications is good. You can plug into single sign-on self-service, password reset, or conditional access. If you're inside, you don't need to do multi-factor authentication, MFA's, built-in. 

View full review »
Jitender Singh - PeerSpot reviewer
Consultant at Upwork Freelancer
  • Conditional Access
  • Geofencing
  • Azure Multi-Factor Authentication

are the major security features to secure resources.

For example, if I don't want users using the company resources outside of India, I will add managed countries within Conditional Access. Only the people from the managed country will be able to access things. If an employee goes out of India and tries to access the resources that have been restricted, they will not be able to open the portal to access the resources.

View full review »
Principal Consultant at a tech services company with 51-200 employees

The most valuable feature is the possibility to create multi-tenant applications alone, or in combination with Azure Active Directory B2C. So, you can provide access to applications for your external partners without having to care about the accounts of external partners, because they will stick it in there as an AD tenant. That is the feature that I like the most.

The solution has features that have helped improve our security posture: 

  • A tagging mechanism that we use for identifying who is the owner of an application registration. 
  • Conditional access and multi-factor authentication, which are adding a lot to security. 
  • The privileged identity management feature that has arisen off privileged access management. This is helping a lot when providing access to certain roles just-in-time. 

They are also still developing several other features that will help us.

It does affect the end user experience. It depends on where they are. When they are within the corporate network, then they already have a second factor that is automatically assigned to them. When they are outside of the company, that is when they have to provide a second factor. That is mostly a SMS message. Now, with the Microsoft Authenticator app that you can install on your mobile phone, we are shifting towards that. This has reduced errors because you may just say that you confirm a message on your mobile phone instead of typing the six-digit code, hoping that you are still in time, and that you entered it correctly. So, it does affect our employees. We try to be up-to-date there.

Mostly, it affects security. It is an obstacle that you have to climb. For example, if you have to enter the code in from the SMS message, then you have to wait for the SMS message to arrive and copy the code, or you have to transfer the code from the SMS message into the field. We reduce that workload for employees by having them be able to receive a message on their phone, then confirm that message. So, security is less of an obstacle, and it is more natural.

View full review »
Senior DevOps engineer at a tech vendor with 51-200 employees

We've benefited from all the security or AD features of this solution. Azure Active Directory is the only directory we've been using, and we make use of pretty much all the features, including the user identity protection features such as MFA. The way it allows us to audit who is logging in and do our work in a secure manner is one of the best features of it.

Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory.

View full review »
Senior Support Engineer at a tech services company with 1,001-5,000 employees

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

View full review »
Systems Manager at a financial services firm with 10,001+ employees

The multi-factor authentication (MFA) is one of the best aspects of the product. 

The security features are great. They will report in advance to you in the case of suspicious activity. 

The GUI is pretty enhanced. You can configure applications or do whatever they need to do. 

View full review »
Timileyin Olaleye - PeerSpot reviewer
Technical Support Engineer at Freelancer

The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.

The authentication, the SSO and MFA, are cool. 

It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment. 

The user management and application management are okay.

View full review »
Cloud Architect at a hospitality company with 1-10 employees

Azure AD has features that have helped improve our security posture. That's one of the basic fundamentals of having an Active Directory. The whole concept of Azure Active Directory came from the Active Directory on-prem version. There’s this tunnel of authentication that it has.

When you migrate, you can migrate your Active Directory on-prem onto the Azure Active Directory which has tightly integrated features due to the fact that they both are from Microsoft. Based on that, you can give access based on what privileges are needed. Basically, if you're talking about security, everything is related to role-based access. The security aspect is linked to providing the proper access.

View full review »
Pankaj Singh Chandel - PeerSpot reviewer
Sr. System Administrator at FST Information Technology Pvt Ltd

The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features. 

There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users. 

Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.

Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.

View full review »
M365 enterprise Advisor(Azure) at a tech services company with 501-1,000 employees

In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.

View full review »
Saurabh Shelke - PeerSpot reviewer
Technical Specialist

Overall, the solution is quite good. 

There are a few additional functionalities that are very compatible. For example, device management is there and creating a custom role, which reduces the task of restricting the user from AD, if the person is on the on-premise AD. If they're using on-premise, they have to create a distribution list, then apply Azure to that. It's simplified in Azure AD, making it easy to create roles and assign them to the users. 

In fact, the device management and role assignments are great. These two features I found very compatible. For device management, if you are using an on-prem AD, you have to use some other software like Google admin to manage the devices. However, here, it is integrated into Azure AD. That's a positive aspect of the solution.

Regarding the role assignments, it's a very flexible way to restrict the user, or, if you want to customize access, that can be done as well.

The activity log, which is a way to see who made what changes, is quite useful.

Azure AD has features that helped improve our security posture. It is SSO - Single Sign-On. We can manage the users very easily and we can apply SSO and MFA to them. 

I'll give it a score of four out of five for the security posture on offer.

For whatever company I'm working for, we cannot fully put the data on the cloud due to compliance. Rather, you have to keep some data on-premises. That’s why it’s great that we can use the hybrid approach with Microsoft.

Azure AD  has not affected our end-user experience in any way. The transition is also quite smooth. If you're using an AD Connect to sync from your on-premises to your Azure AD, nothing has come up from the end-users in terms of issues or problems.

It has made our work easier in that it’s simplified everything for us. It has eliminated a few of the third-party tools, which we used to use. For example, we had a dependency on Google admin due to the fact that we could see where we could manage the devices of the user. That has been integrated directly to Azure AD.

View full review »
Microsoft Azure Engineer at a tech services company with 10,001+ employees

The single sign-on is the most valuable aspect of the solution. It allows for storing passwords in secure vaults. For developers, we use a vault for SSH. Mainly, we have replication from all services on-prem to the cloud.

With a single sign-on, in the case something happens on-premises, users can still use a single sign-on to a PC to access the cloud.

We can deploy policies, which improves our security posture. It's mainly very similar to on-premises, however, some new features can be used on the cloud as well, such as labs and password rotation. Some features have improved, which has been great.

The solution improves the way our organization functions. I can deploy a policy that will search for unused accounts, for example, and delete or just move them to a different organization unit that handles unused accounts. We can change unsecured passwords. We can detect intrusion and inform a security group on how to disable that account immediately. We can also perform security checks on services.

We can easily migrate services and improve the quality and improvement of bandwidth of the service. It's easy to scale.

There are some searches, such as a global search, which have powerful query capabilities if you configure it in a certain way.

It's easy to use. The portal experience provides a dashboard of what's happening. With the dashboard, you can see what's happening with the service faster. Of course, I’m talking about the cloud. On-prem you don't have that dashboard.

Active Directory has affected our end-user experience. It has improved it as we have centralized management now and we have centralized administration, and things can be automated easily. You can have most tasks automated. It's good.

View full review »
NuwanPerera - PeerSpot reviewer
Head, IT Infrastructure at a comms service provider with 201-500 employees

We are using Conditional Access, MFA, and AIP. We have integrated it with Intune, and we already have DLPs.

Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data. 

The audit logs are very good for seeing everything.

View full review »
Leandro Oliveira - PeerSpot reviewer
Infrastructure Manager at trt18

The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.

View full review »
Senior Information Technology Manager at a manufacturing company with 10,001+ employees

The scalability of the solution is good.

Technical support can be helpful.

View full review »
Rohan Basu - PeerSpot reviewer
IT Manager at a tech services company with 10,001+ employees

The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in.

I like the SCIM provisioning, where Azure is the single database and it can push to Google cloud, as well as Oracle cloud. This means that the user directory is synchronized across platforms, so if I am managing Azure AD then my other platforms are also managed.

View full review »
Executive Director at a financial services firm with 1,001-5,000 employees

The single sign-on across multiple platforms is really the true advantage here. That gives you one ID and password for access to all your systems. You don't need to manage a plethora of different user IDs and passwords to all the systems that you're going to access. 

View full review »
Fernando_Aranda - PeerSpot reviewer
Desarrollador de .NET at Banco Azteca

The most important thing about this solution is the capabilities for multifactor authentication and single sign-on that it offers for native Microsoft solutions and non-native Microsoft solutions.

The solution has features that have helped improve our security posture. Azure Active Directory works with some technologies around security such as mobile device management, mobile application management, and Azure Information Protection as well as Conditional Access and multifactor authentication. These capabilities give us a good level of security.

The solution has affected our end-user experience. For example, we work with several technologies in the Cloud, such as Salesforce. Azure Active Directory allows us to work within a single sign-on model. This allows us to work more easily, and not have to remember a bunch of different passwords for various applications. With a single sign-on, we can work in a more transparent way and we can be more productive, having direct access to our applications in the cloud.

View full review »
Chandra Guddati - PeerSpot reviewer
IT specialist at BMO Financial Group

This is a feature-rich solution.

It offers features that improve our security posture such as multifactor authentication, which is the second layer of protection that is used when we log into the cloud.

View full review »
DanielNdiba - PeerSpot reviewer
Technology Security Specialist at a financial services firm with 5,001-10,000 employees

It is quite stable. Being a Microsoft product, it easily integrates with most of the Microsoft solutions. It is very easy to integrate with most of the Microsoft solutions, such as Windows, Microsoft Office, etc. If you have your own internal web applications or you want to integrate with other solutions from other providers, such as AWS or Google, you can link those to Azure AD. If you want to integrate with on-prem resources, you can use your Azure AD on the cloud as the authentication point to give people access to the resources and so on.

It can be used to grant access at a granular level. It provides secure access and many ways to offer security to your user resources. It provides a good level of security for any access on Azure. It gives you options like multi-factor authentication where apart from your password, you can use other factors for authentication, such as a code is sent to your phone or the authenticator app that you can use login. 

It even offers the next level of access management, which gives a password for authentication, and you just use the authenticator app to log in. It enables you to configure things like identity risk awareness to detect if someone logs in from a suspicious location from where they don't normally log in. So, it provides a good level of security features for controlling access to your resources.

View full review »
Principal Security Architect at a computer software company with 51-200 employees

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

View full review »
Joseph Chandrasekaram - PeerSpot reviewer
Identity Engineer at a pharma/biotech company with 10,001+ employees

The most valuable features of this solution are security, the conditional access feature, and multifactor authentication.

The conditional access policies allow us to restrict logins based on security parameters. It helps us to reduce attacks for a more secure environment.

Multifactor authentication is for a more secure way of authenticating our use.

All our on-premises identities are synchronized to Azure Active Directory. We have an advanced license that enables conditional access based on logins, and suspicious behaviors. 

Active Directory is able to determine if a particular user signing in from a trusted IP or if there are two different sign-ins from two different locations. It will flag this latter incident as a potential compromise of a user's account. 

In terms of security, it provides us with the features to alert us if there are any fraudulent attempts from a user identity perspective.

It provides access to our Azure infrastructure and allows us to assign roles and specific aspects to different subscriptions. It has several built-in roles that you can assign to individual users based on their job scope. It allows for granular provisioning.

With onboarding applications, you are able to register applications in Azure Active Directory, which allows you to use it as a portal for access as well.

Azure Active Directory enhances the user experience because they do not have various IDs for different applications. They are using one single on-premises ID to synchronize and they are able to access various different applications that are presented to them.

If you have a new application, you will export the application within Azure AD and we add access to those who need that application and you are able to use the corporate ID and password to access it.

Azure Active Directory is a good platform for us. We rely heavily on providing our users a good system and interface that we seldom have issues with.

View full review »
manager at a retailer with 10,001+ employees

It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.

The product has helped to improve our security posture. The Azure stack has built out a lot of analytics features. Now, we can more effectively investigate issues. 

The solution has positively affected our end-user experience by improving our usability and reducing friction.

View full review »
Lead Global Cloud Architect at a transportation company with 10,001+ employees
  • There is tech support to help with any OIDC-based setups between organizations.
  • It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.

The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access. 

View full review »
YasirMehmood - PeerSpot reviewer
Solution Architect at Komatsu

The best feature is the single sign-on provision for the various type of users. That is our sole purpose for working on that and utilizing that service as creating a custom solution for a single sign-on would be difficult when we have around 50 applications within our company that has been used by users across the globe. That includes North America plus Europe, Russia, and the Middle East. It is very difficult and complicated to do things on our own. Instead of doing that, we just acquired the service from Microsoft for single sign-on, and for that purpose, we are using the Microsoft Azure Active Directory authentication.

View full review »
Solution architect at a insurance company with 5,001-10,000 employees

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

View full review »
Jeff Woltz - PeerSpot reviewer
Principal at a computer software company with 51-200 employees

I like Azure AD's single sign-on and identity federation features. It allows us to issue a single credential to every employee and not worry about managing a lot of passwords. Microsoft Entra provides a single pane of glass for managing user access, and we're pleased with it.

Entra's conditional access feature enables us to set policies up based on the location and risk score of the account and the device they use to access the network. Permission management lets us assign roles for various Azure functions based on functions people perform in the company. It helps us bundle access to different things by associating it with a given role at the company.

View full review »
Cloud Admin at a tech services company with 10,001+ employees

The security and infrastructure management features are the most valuable ones for us.

It offers multifactor authentication for setting up development pipelines.

View full review »
KishanRamiah - PeerSpot reviewer
Managing Director at KRsolns LTD

I have no issues with Azure Active Directory.

Our users and clients are migrating from on-premises solutions to cloud-based solutions. As a result, they do not require on-premise service. 

What I like is that I can go anywhere, at any time, and to any client premise, and I can simply log in to the admin panel and can serve any of my clients.

Instead of using Team Viewer, you connect to their local service, which is centralized. I have got the Microsoft exchange, and have access to Microsoft Azure. I can check the workstations, and perhaps soon I will be using Microsoft Intune and the Microsoft Defender enterprise. Even if I am not on the premises, I will be able to check and secure my workstations.

View full review »
Nazim Kabiri - PeerSpot reviewer
IT Manager at EPC Power Corp.

In terms of the features that I have found most valuable, it is cloud based so it is always updated, that part you don't have to take care of. It is public cloud. It is actually AD as a service, so it's a kind of an infrastructure. It is more infrastructure as a service.

View full review »
John Gbigbi-Jackson - PeerSpot reviewer
Cloud Systems Administrator (Servers and Storage) at University of Bath

We use all of the services that are offered by Azure AD. We use Azure AD Connect, SSPR, app registration, application proxy, and more. We use everything for different services that include conditional access, authentication methods, etc.

Conditional Access is a helpful feature because it allows us to provide better security for our users.

View full review »
Mohammed Alahdal - PeerSpot reviewer
Cyber Security architect at Avanade

The solution has many valuable aspects, including:

  • Password policy enforcement
  • Conditional access policies
  • Self-service password reset for could users and on-premises
  • Azure Active Directory Identity Protection
  • Privileged Identity Management
  • Multi-factor authentication 
  • Passwordless authentication and sign-in
  • Business to business and client to business support
  • Support for SAML and OAuth

There are many more features that are very useful and can be used as part of the P2 package. There is no need to install any agent or tool to utilize those features except when extending advanced features to the on-premises active directory.

View full review »
IT Consultant at a tech services company with 1-10 employees

The most valuable features are authentication, authorization, and identity access.

Conditional access is a very important feature where a specific user can be restricted such that they cannot connect to the application if they travel outside of the US.

Multifactor authentication is very important.

They have a velocity check, powered by artificial intelligence and machine learning, where if you have been logging in at a location in the US but suddenly you try to log in from a different country, it flags it as an unusual amount of travel in a short time and it will ask you to prove your identity. This is a security feature that assumes it is a phishing attack and is one of the important protections in the product.

View full review »
SunilKumar12 - PeerSpot reviewer
Sr Engineer IT at Hical Technologies Pvt Ltd

Among the valuable features are MDM and Microsoft Endpoint Manager. They are very useful. Intune is built-in. And deploying to MDM has features that are very advanced. It reduces the administration work. And security-wise, it has very advanced technology.

It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security. And in the COVID situation, MDM is very helpful for us due to work-from-home. It enables us to very easily connect to our domain and align new systems with the end-users. That is very helpful for us.

View full review »
Info Security Manager at a tech services company with 501-1,000 employees

We are satisfied with this solution because we use all of its features.

View full review »
Sr. Cloud Engineer at a tech services company with 1,001-5,000 employees

Azure AD, overall, is quite good for securing your applications as well as the infrastructure. 

I like that they provide most of the authentication flows out-of-the-box, so you do not need to do anything specific to tackle any authentication flows.

Azure AD has affected our organization's security positively. In terms of the application, it's quite good. There was very minimal leakage. We had a single instance and that user was already compromised. Otherwise, it's quite good.

View full review »
Matt Hudson - PeerSpot reviewer
Enterprise Solution Architect - Security at a insurance company with 10,001+ employees

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

View full review »
Amgad Soliman - PeerSpot reviewer
Senior System & Security Administrator at a legal firm with 51-200 employees

We're satisfied with the product in general.

The most valuable aspect of the solution is the connectivity with our on-premise Active Directory.

We've found the performance to be very good.

The stability is good.

The scalability of the product is decent.

The installation process is straightforward.

View full review »
Minghao Li - PeerSpot reviewer
Technical Manager at a non-profit with 201-500 employees

The most valuable feature is Conditional Access. As there are more and more people working from home, security is a challenge for a lot of companies. To build a general trust solution, we need Conditional Access to make sure the right people use the right device and access the right content.

In our company, we use Conditional Access with Trend to make sure that our employees can use the device from the company. We can make sure that there is higher security. We can also use Trend to set up a group policy and to set up Windows Defender as well.

Microsoft Azure AD is easy to install and is a stable solution.

View full review »
Senior System Administrator at a financial services firm with 1,001-5,000 employees

It is very usable and easy to use.

It is easy to manage. I can manage systems with policies and automate our systems. Any professional system can be easily integrated with Azure Active Directory. It is widely used with Windows versions. 

View full review »
Sr.Piping Engineer Construction at a energy/utilities company with 10,001+ employees

The most valuable features in Active Directory are the password writeback product and the MDM technology.

View full review »
IT Senior Consultant and trainer at a tech vendor with 51-200 employees

Active Directory Federation Services (ADFS) stores the identities of our customers.

View full review »
Manager, Technology Delivery at a educational organization with 11-50 employees

Having access to Azure Active Directory on the cloud gives us speed and use of the latest technology. The application services are very good, such as GitHub.

View full review »
Powershell IT Admin Cert at a tech services company with 10,001+ employees

The advantage of Azure Active Directory is that it's a cloud environment, so just about anybody can get to it. As long as you can get to the cloud, you can get to the internet. You can authenticate offshore resources to client services, which is what my present company does. That kind of authentication is much more advantageous as an Active Directory solution.

If you want to replicate a website at the frontend in Azure, it's very easy to do it globally.

As soon as you authenticate to the web storage, where you hit the frontend, then you can redirect to whatever resources locally that are duplicated.

View full review »
Anders Johansson - PeerSpot reviewer
Senior Specialist at Tieto Estonia

It's user-friendly and easy to understand. It's doing work great so far.

We're mainly using templates and using the APIs rather than using the GUI. That's the easiest way to do things.

The initial setup is pretty easy.

The solution scales well.

It's a stable product for the most part.

View full review »
Michael Ogunlade - PeerSpot reviewer
Head of enterprise systems at Fidelity Bank Plc

The most valuable feature is the ability to set up conditional access, where you can enforce users to connect using multifactor authentication. This is one of the things that we are using it for. It means that users who are accessing the applications remotely are authentic.

View full review »
Dhiraj Verma - PeerSpot reviewer
Global Information Technology Manager at Kaleyra

The solution has some great features, such as identity governance, and user self-service. The Outlook application is very good and is used by a lot of people even if they are using Google services.

View full review »
Integration Manager at a healthcare company with 10,001+ employees

The solution is stable.

It's a very easy product to set up.

The product can scale well.

Technical support has been great.

It's an affordable solution.

View full review »
Ozgur Kolukisa - PeerSpot reviewer
Infrastructure and Cloud Principle Specialist at a tech services company with 1,001-5,000 employees

Multi-factor authentication really secures our environments and gives us the flexibility to use location-based policies. Azure AD also gives us a lot of flexibility in our scope of integration.

It's easy to configure Microsoft products with Azure AD. It is almost an instant integration. In hybrid installations it is a bit more complex to configure, but not that much. In short, it is good for most Microsoft customers and the products they use.

View full review »
Head of IT at a non-profit with 51-200 employees

The ability to see and control PCs and mobile devices is the most valuable. I can see where they are and how many we have. I can also see the age and retention of PCs.

View full review »
TariqMuhammad - PeerSpot reviewer
Assistant General Manager at ELEVATE Solutions Limited

Within Azure Active Directory, the single sign-on feature is the best aspect. Right now, the world is moving to the cloud. Nowadays, every vendor is developing their cloud. With this, I can have a single sign-on and move around from place to place easily.

The technical support is pretty good.

The initial setup is pretty straightforward. 

I have found the solution to be stable so far.

The scalability potential is good. 

The pricing of the product is reasonable. 

The interface, in general, looks okay. 

The solution has built-in backup capabilities. 

View full review »
Manager at a non-profit with 1,001-5,000 employees

What I like most about Azure Active Directory is its SSO (single sign-on) feature, as we have a community of users with different IDs and passwords, and this feature helps integrate all these. 

View full review »
Sr. System Engineer at PT Smartfren Telecom Tbk

Azure Active Directory has useful policy assigning and management.

View full review »
Systems Administrator at a tech services company with 11-50 employees

Azure Active Directory is a very simple utility to use, it has very good visibility and transparency, and an easy-to-use panel.

View full review »
Ajay Kuamr - PeerSpot reviewer
Network and Computer Systems Administrator at bahwan

The best thing about Active Directory is its compatibility. It works with lots of third-party vendors. We're using multiple products, and they're all integrated with our Active Directory.

View full review »
Cyberecurity and Compliance Specialist at a manufacturing company with 10,001+ employees

We're using the whole suite: device management, user credentials, everything that's possible.

View full review »
Security Architect at a hospitality company with 10,001+ employees

Its ability to provide secure connections to people at all locations is the most valuable. It is mostly used by enterprises.

View full review »
Anteneh Asnake - PeerSpot reviewer
Modern Data Center and Cloud Engineer II at IE Network Solutions PLC

It's very smooth and very easy to use. 

The performance is good. 

The product is stable.

It's quite scalable.

The initial setup is not complex.

View full review »
YawKusiappiah - PeerSpot reviewer
Sr Systems Engineer at a tech services company with 10,001+ employees

The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.

View full review »
VamsiMohan - PeerSpot reviewer

The most valuable features of this solution are definitely the authorization and authentication, and the rule-based user validation.

Azure Active Directory is quite easy to use.

We are quite happy with the Azure Active Directory services we are utilizing.

View full review »
User at Aura Advanced Tech

It's something we have to deal with every day. It is present. If you're in a domain environment, you'll need it to log in. If you work in a Microsoft-centric environment, you can't avoid it.

It's in the background and anyone who is a member of a Windows domain must have it.

View full review »
HakanCengiz - PeerSpot reviewer
IT Security Manager at a construction company with 1,001-5,000 employees

The central authentication server is most valuable. GPOs are useful for user and computer policies.

View full review »
Mike  Sax - PeerSpot reviewer
Vice President, Product Engineering at Logitix

The portal version of the Azure active directory is pretty robust.

The solution is very good for different types of management, including, user, group and policy management requirements.

View full review »
Associate Technical Lead at SoftwareONE

The solution has a variety of tools. Two of the most valuable features are the ability to create users and to replicate the user account from on-premise to the cloud. 

View full review »
Mohamed El-Sherbini - PeerSpot reviewer
IT Manager at Mada Insurance

I like that you can run it on-premises. I also like that I can use Azure at any time as the main one.

View full review »
Advisor at a tech services company with 201-500 employees

All of the features are amazing, such as identity governance and privileged identity management.

View full review »
Solutions Specialist at Software One Indonesia

I like Intune's MDM and MI.

View full review »
Michael Collins - PeerSpot reviewer
Head of Technology Service Operations at Macmillan Cancer Support

It's a very scalable solution.

View full review »
NASSER ALY - PeerSpot reviewer
Computer Chief Specialist Engineer at a university with 1,001-5,000 employees

Overall the solution functions very well, such as the ability to access it from the cloud.

View full review »
Systems and Networks Engineer at a insurance company with 1,001-5,000 employees

The scalability is quite good.

It's a very necessary product in today's technological landscape. 

View full review »
Rafael Forcini - PeerSpot reviewer
IT Coordinator at Zignet

With Azure Active Directory we were able to manage with different options the access for different users.

View full review »
IT Functional Analyst at a energy/utilities company with 1,001-5,000 employees

Azure Active Directory has been very useful for our company, it is not difficult to use.

View full review »
Muhammad_Irfan - PeerSpot reviewer
Sr. Network Administrator at ACMC

It's user friendly.

View full review »
Buyer's Guide
Azure Active Directory (Azure AD)
August 2022
Learn what your peers think about Azure Active Directory (Azure AD). Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,645 professionals have used our research since 2012.