Microsoft Entra ID Reviews

Microsoft Entra ID acts as the central identity plane for most of our applications, and our customers rely heavily on that. It is the central backbone of everything that gets into their company. The network was the perimeter before, now it is identity, and from an identity standpoint, Microsoft Entra ID stands right up there. It is the gatekeeper for all company resources; anything has to go through Microsoft Entra ID for authentication, authorizations, and all the validation access controls before they get access to any resource.

One of the features of Microsoft Entra ID that is never really spoken about is password protection. We see it is a very easy implementation that provides high value from a customer standpoint. If you are still on that passwordless journey and you are heavily reliant on passwords, password protection within Microsoft Entra ID gives you that extra added protection to ensure your weak passwords are eliminated from your environment.

The implementation of Microsoft Entra ID significantly improves our security and reduces the attack surface from an application standpoint. That is the plane which enforces MFA and all that. Even dynamic risk factors, such as if the user is traveling from different locations or if we see a bad actor signing into their account from a different location, or if the account has been compromised, can be remediated without requiring a human in the loop. It actually can remediate those identity attacks, thereby reducing our admins' administrative efforts to chase down users and get the risk remediated. The remediation aspect of Conditional Access and risk-based Conditional Access really improves the security and reduces the attack surface for our organization.

A critical control plane for us is Conditional Access, which is also the zero trust control plane. Those are the conditions we define, whether internal or external networks; any access goes through these checks and needs to be verified and trusted but still needs to be validated. Whether it is our MFA policy, domain join requirements, or Intune compliance requirements, those conditions help us enforce zero trust principles into reality.

The implementation of Microsoft Entra ID has benefited our organization by providing a central plane for all our applications to utilize single sign-on. This results in a seamless experience for our users since they do not have to remember multiple usernames and passwords; it ensures a single plane of access. From a security perspective, because it is a single plane, every application communicates with Microsoft Entra ID, allowing us to enforce multi-factor authentication across almost all applications that require access. Additionally, it significantly reduces our attack surface and provides high security benefits using built-in automations.

Microsoft Entra ID can improve by focusing more on new passwordless methods and becoming a primary adopter. One feature we would like to see is the ability to have security questions for password resets. I know the current capability is phasing out, so we do not have an alternative method yet. Customers who already use security questions require a smoother transition for that capability to be available.

My experience with the deployment has had some challenges, particularly around the Microsoft MFA campaigns. The hardest part is moving users from a different MFA provider to the Microsoft MFA provider, as it ultimately depends on user activity. In large enterprises with numerous users across various geographies, this transition takes time. If there are ways to exert more control around that process, it would improve the situation.

I have been working in this field for close to 14 years, especially working on Microsoft Entra ID. I have been using Microsoft Entra ID for 14 years.

Apart from a couple of incidents that happened last year around MFA authentication, Microsoft Entra ID has been stable and reliable.

We did experience downtime tied to Microsoft when there was an issue with Front Door. All external identity platform services were down for more than 8 hours, which was a critical incident from a couple of months back.

Microsoft Entra ID scales easily to the growing needs of my organization since it is a SaaS platform. Our organization may not be large, but Microsoft Entra ID can accommodate up to a million accounts if needed. For our requirements, Microsoft Entra ID fits perfectly because of its integration with our other Office applications. Our users depend heavily on those Office applications for their day-to-day work on their work phones, laptops, and personal PCs. Microsoft Entra ID meets our needs better, especially when discussing integration.

I would rate customer service and technical support a seven. I give it a seven because our experience has been a little slow. It often takes a lot of time to reach the appropriate team and solve the actual problem.

Prior to adopting Microsoft Entra ID, I was not using another solution to address similar needs. We try to manage as much as we can within the Microsoft stack. We collaborate with customers who utilize other tools, such as Saviynt for identity governance, Okta, or Ping. Our goal is to help them realize the value Microsoft brings to the table and the integrated platform story, and then transition them to Microsoft Entra ID.

My experience with deploying Microsoft Entra ID has been positive, especially because there are many adoption materials available. When we migrated a customer from Okta, we made heavy use of those materials. One key feature we utilized is staged rollout, which helps us transition customers to the new Microsoft platform without doing a major cutover that could impact their business. This feature is something we leverage highly to demonstrate to customers what their experience would look like when they move to the Microsoft platform.

The process was smooth overall regarding authentication and MFA. My experience with MFA entailed some moments of user confusion on how to configure the Authenticator, which stemmed from the user action required. However, apart from those challenges, everything has proceeded smoothly.

We are a Microsoft partner, so our focus is entirely on Microsoft and we bring customers to the Microsoft platform.

I can share some metrics demonstrating the impact of the integrations. For instance, we migrated a customer from Okta to Azure AD B2C, now part of Microsoft Entra ID, known as External Identities. This customer was paying $2 million annually and, after moving to the Microsoft Entra ID platform, their costs reduced to just $35,000 a year. This was a significant cost reduction that the customer gained by moving to Microsoft Entra ID.

I have seen a return on investment with Microsoft Entra ID. One of our customers spent $2 million on Okta, and now they spend $35,000 per month on the Microsoft External Identity platform. That converts to around $300,000 a year, resulting in approximately $1.5 million in cost savings for them.

Since implementing device-bound passkeys in Microsoft Authenticator, our organization has pushed customers to use more FIDO-based tokens for phishing-resistant authentication. Many of our customers now utilize FIDO token keys for authentication, not only for administrative accounts but also for user accounts. We also have many passwordless methods available, including Windows Hello for Business, FIDO token keys, and Microsoft Authenticator, which serve as our primary phishing-resistant MFA methods implemented today.

We have expanded usage to 100%.

My advice for another organization considering Microsoft Entra ID is simple: if you are utilizing Microsoft Office applications and the Microsoft 365 suite, using Microsoft Entra ID as your primary identity provider is a no-brainer. Moving to another identity provider introduces unnecessary complexity into your authentication chain, which ultimately does not provide a good end-user experience.

We have changed our approach to defending against token theft and nation-state attacks since implementing Microsoft Entra ID. We implement stricter token controls and token lifetimes, requiring guest users and external contractors to sign in frequently. Using sign-in frequency Conditional Access policies is one of our measures to tackle those threats. I rate this review a 10 overall.

Microsoft Entra ID initially launched with Office 365, so it powers all of our identity for all of our users to get into Office 365. From that point forward, it has become our primary identity provider. We have moved off of ADFS locally to handle all of our connections that need to go to third parties or anything that is outside of our specific domain. These connections go through Microsoft Entra ID, which serves as our segue into the rest of the ecosystem.

The features of Microsoft Entra ID that I appreciate the most include the incredible value we have found in the MFA piece along with Conditional Access.

The reason I appreciate these features is that it is fantastic to be able to really lock down our environment to the point where we can specifically target and say we are going to block everyone that is trying to log in from outside the country or require MFA if they are considered off-premises or whatever. It has been a great benefit for us.

The impact of implementing Microsoft Entra ID on our secure access to apps or resources in our environment has been that we have not done a whole lot of on-premises access to allow them to log into Microsoft Entra ID and come back on-premises yet. We are investigating that. We have not moved a lot of our apps to Microsoft Entra ID, so everything is on-premises presently. Anytime that we have tried to allow Microsoft Entra ID to authenticate our users to come back on-premises, we have run into some issues, usually with latency or delay. We have a lot of on-premises apps that are developed and require extremely tight windows of security. We have noticed that whenever we go through and authenticate through Microsoft Entra ID to those apps, because it is Microsoft Entra ID, it could be authenticating to pretty much any part of the country, and that latency has caused some security hiccups. Our dev teams have not necessarily been that happy with Microsoft Entra ID serving as a proxy for that, but I think that could be an onboarding opportunity for our devs to learn some new methodologies.

Microsoft Entra ID can be improved by helping to speed up adoption of the security defaults or making them on by default. We have run into an issue where you have a lot of these tools available to you. Unless you have people going in and properly auditing CIS benchmarks to make sure that those adhere to your entire stack, these tools may not be utilized. It would be nice to see native CIS benchmarks or at least some syncing to alert administrators when new features have been enabled.

More transparency would be great from Microsoft Entra ID. We are on GCC, and the GCC side always seems to get things very much delayed compared to the global side. Transparency has always been a difficult thing for us because we do not even know when we get new features. In the last couple of years, we discovered that Microsoft publishes a Microsoft 365 roadmap, but unless you know what you are looking for, you do not really know if we even have that tool. Oftentimes, we will get employees that say they saw that Clipchamp or something is available. We then have to investigate it only to find out that GCC does not have it. It would be beneficial to have a repository to see which features are GCC-enabled.

I have been using Microsoft Entra ID for about ten years.

Microsoft Entra ID is a stable and reliable platform.

Microsoft Entra ID has been able to scale with the growing needs of my company. We have not found a limit or capacity constraint. Everything has been very seamless.

Regarding customer service and technical support, my experience with Microsoft Entra ID has been that it is delayed. If there is any time that we ever needed to address a particular issue that is very repeatable, we put in a ticket with tech support and might hear back in a day. I had a sysadmin put in a ticket regarding an issue with SharePoint, and it took three weeks to get back to them. We do not purchase extra support and have whatever is built into the normal support plan. We do not pay extra for pro support, so that might be why we are at the bottom of the barrel. The general support contracts are delayed and slow. It is usually quicker to open a ticket, find the answer somewhere else, resolve it outside of the support, and then close the ticket or mention when they get back to us that we fixed it a long time ago.

Positive

I did not use other solutions prior to choosing Microsoft Entra ID. We were using on-premises solutions before.

We used Microsoft's FastTrack team to assist with our onboarding because at the time we were migrating all of our local Exchange out to the cloud. This was ten years ago, so I do not have a whole lot of perspective into all of the details because they held our hands throughout the whole process. From that aspect, it was fine. Microsoft Entra ID is fairly robust and straightforward. I have not complained about anything.

Microsoft Entra ID's integration capabilities have not influenced our Zero Trust model since we have not investigated that yet. We are having a hard time modernizing a lot of our security. In the last six months, we have adopted an immense amount of products in our environment to assist with that. 

The biggest return on investment for me personally when using Microsoft Entra ID is a reduction in on-premises servers and infrastructure. Being able to not have to rely on ADFS or anything to maintain and keep up, ensure our staff is trained up in administering it, and care and feed for is great. It is great to be able to lean on Microsoft Entra ID to be our identity provider for predominantly everything. The biggest ROI is really just time. I would not necessarily say that it saved the county money in any particular form, but it has definitely saved us time.

I have not considered switching from Microsoft Entra ID at all.

Since implementing Microsoft Entra ID, I have observed changes in the frequency and nature of identity-related security incidents in the industry. We have had a few security scares, and a lot of that is related to us not having MFA enabled at the time, so enabling MFA was crucial in reducing our attack surface and Microsoft Entra assisted in rolling that out.  

Being in the cloud is definitely riskier than having everything on-prem, but Microsoft Entra ID offers a lot of tools that help to mitigate any potential compromises or risky activity.

The implementation of device-bound passkeys in Microsoft Authenticator has affected my company's approach to phishing-resistant authentication. We have predominantly enabled Microsoft Authenticator across the board, or at least we have it on offer. We have had some use cases of using YubiKeys for a lot of high-value targets, and those have been great successes. 

Regarding recommendations to other companies that are considering getting Microsoft Entra ID, I would say to do it. It has been a fantastic product. It has accommodated a lot of our needs. There have been a couple of things that we have had to go outside of the environment to handle with third-party tools that handles things Entra doesn't do natively, but it is still very capable. It would be nice to have that functionality built in, but I understand that would be an extra and possibly an additional license. My overall rating for Microsoft Entra ID is ten out of ten.

Our main use cases for Microsoft Entra ID are that we are a completely integrated Microsoft shop and a heavy development shop. We are using .NET and Microsoft servers, and we are completely within the Microsoft ecosystem. We are in Azure DevOps.

I appreciate the features of Microsoft Entra ID the most, especially everything related to conditional access and the security aspect of it. With Microsoft, single sign-on was a significant pain point earlier on. We were in TMG, which was old-school technology, and then ADFS, so bringing everything into single silos on the platforms that we already use was beneficial.

The features of Microsoft Entra ID benefit my company at the end of the day because 10 or 15 years ago, there were 50 or 60 different platforms. Now we are on approximately five, so it is less to manage, the licensing costs are lower, and everything is consolidated with the whole world down to almost three vendors.

The implementation of Microsoft Entra ID has allowed us to focus more on security and less on day-to-day operations and managing multiple different platforms, so we can do more with less.

I think Microsoft Entra ID can be improved with easier integration with the B2B platform and B2B tenants.

We use B2B for customer-type scenarios, so being able to integrate it there and addressing the limitation of licensing non-customers and wanting more analysis, especially on the security front, is important. It is not necessarily Microsoft Entra ID itself where the issue lies; you get basic rudimentary controls, so it is a plan difference.

I have been using Microsoft Entra ID for 15 years.

Microsoft Entra ID is stable and reliable to me, depending on if Azure is up at the time. Just as recent incidents with AWS and Cloudflare affect the whole world, that is just the world we live in now, which is beyond our control.

The scalability of Microsoft Entra ID is good because we are not even close to any of those thresholds, so we are below a 3,000 limit. We could go to 10,000, but there are hundreds of thousands where you really have to get up to, so it is not an issue right now unless agents take over and that becomes a factor.

My experience with customer service and technical support has been adequate, but the biggest complaint is that you have to pay for support. We spend millions of dollars in Azure, and you still have to pay for support, which is frustrating. There is free support and then you can pay for additional tiers, and we even contact our Microsoft representatives, and they cannot do anything; they do not have insights. They say to contact the engineer and get a case in and we will see if we can escalate it, which is the worst experience.

Neutral

The deployment process of Microsoft Entra ID is straightforward because we still have a lot of legacy on-premises infrastructure, so we remain there and are not using Microsoft Entra ID for the on-premises environment; we still use ADFS for that. We are using two systems for authentication even though they serve the same purpose.

The biggest return on investment for me when using Microsoft Entra ID is that it is worldwide recognized and trusted. We know it is going to be improved upon and not just left behind; it is not some third-party solution, so it saves time.

The pricing, setup cost, and licensing of Microsoft Entra ID are all integrated because we are on E5, so we are able to take advantage of just about everything that is available to us, and it works great that way. When dealing with other partners and customers of ours, the biggest pain point has always been that the logs are not long enough, and the retention is not sufficient.

I did not consider other solutions before choosing Microsoft Entra ID or while using it.

The implementation of device-bound passkeys in Microsoft Authenticator has affected my company's approach to phishing-resistant authentications because we use Sentinel and we have a good SOC, which is excellent. We are using automated response on that with Microsoft Entra ID and risky users, being able to respond to it right away.

Since implementing Microsoft Entra ID, it has definitely improved our security posture because we also use Microsoft Sentinel and Defender for Cloud within our whole Azure environment. Everything together in one place makes correlation much easier and response faster. We used to use AlienVault for our SIEM with a separate SOC provider, and now we work closely with the Microsoft partner there, so having everything in one place is beneficial.

My company's approach to defending against token theft and nation-state attacks has not really changed since implementing Microsoft Entra ID.

My advice to other companies that are considering Microsoft Entra ID right now is to get aligned with the rest of the world; there is not a lot I can elaborate on, but it is proven, so that is what I would say. I give this product a rating of 10 out of 10.

My main use cases for Microsoft Entra ID are for authentication and the synchronization of on-premises users with cloud directories. We perform that synchronization from on-premises to cloud.

The features of Microsoft Entra ID that I like the most are the single pane of administration for password synchronization from on-premises to cloud users and simple authentication with applications that are connected to the cloud. Those are the two main ones.

The impact of the implementation of Microsoft Entra ID on my secure access to apps or resources in my environment is that the highest impact is a seamless authentication experience between on-premises and cloud devices. That is the most important one that I can see.

The integration capabilities of Microsoft Entra ID have influenced my Zero Trust model because based on the way we assign access in the cloud, role-based access is one way that we can implement that Zero Trust model in the cloud. We are still in a journey of implementing Zero Trust across all technologies, but Azure provides that functionality, especially when we do operations in the cloud.

I can share metrics that demonstrate the impact of these integrations by mentioning that we used to deal with 150 tickets a month for password changes, and after the migration and integration with those identities, we went to zero.

Since implementing Microsoft Entra ID, I have observed changes in the frequency and nature of identity-related security incidents in my organization, as Microsoft provides good insight regarding who is logging in, the IP addresses, and where the users are located. For example, when we identify someone that is not on campus at the university or is logging in from China or Russia, we have an alert and a policy that can allow us to respond to that. In the past, before the integration, we did not have that visibility, so that allows us to be more secure.

My organization's approach to defending against token theft and nation-state attacks has changed since implementing Microsoft Entra ID. We receive attacks every day or every week from different parts of the world, as there are criminal organizations trying to reach the university.

The impact of features such as token replay detection, attacker-in-the-middle detection, and verified threat actor IP detection in Microsoft Entra ID on defending against these threats has been most felt with the last one.

An example of how these features have benefited my organization is that when we see a bad actor, we identify where the source is and also the failed login attempts to access our resources. That is the way we identify them.

The implementation of the device-bound passkeys in the Microsoft Authenticator has not affected my organization's ability to be phishing resistant.

Microsoft Entra ID can be improved by providing a single pane for administration across the different services that Microsoft offers. At this time, I would say probably improve the administration and the interconnection between Office 365 and other functionalities and services.

I assess the stability and reliability of Microsoft Entra ID as super stable.

I have not experienced any downtime, crashes, or performance issues, except for on-premises devices where they do not synchronize properly.

Microsoft Entra ID scales with my growing needs of the organization very well. I do not see problems with that.

On a scale from one being the worst and 10 being the best, I would rate my customer service and technical support as an eight.

I give it an eight because, to me, excellent is outstanding. There are probably some glitches and sometimes the first level contact tries their best, but they are not the most experienced people. Sometimes we have to go to another level, and that is acceptable.

I would evaluate my customer service and technical support as a seven.

Positive

Prior to adopting Microsoft Entra ID, I was not using another solution to address similar needs because we were not connected to the cloud. We had some connections to Google Cloud, but the identity solution that they provide is not better; it was not that good.

I would describe my experience with deploying Microsoft Entra ID as pretty easy. The tenant was there, and the synchronization was connecting a proxy that synchronized data from on-premises to the cloud. So it was not that bad.

I did face challenges in deploying it related to duplicated identities on-premises, but we got that resolved without problem. We still sometimes have problems, but it is not a big deal.

My experience with the deployment involves deciding the identities that we want to integrate. We installed a connector on-premises and then we synchronized that with the cloud. That was it.

I have seen a return on investment with Microsoft Entra ID.

The only data point I can share is that the amount of tickets that we are resolving is less, so that is translating into operational hours.

My experience with the pricing, setup costs, and licensing has been that it is pretty complex. It always has been a topic with Microsoft. The licensing and understanding what is allowed and what we are not allowed to do has always been a problem. We need to rely on people that work with this every single day, so they know what we can use and what we cannot use. One of the topics that I want to understand or if someone can provide me at this conference is a management dashboard for licensing. Now with AI, there is probably a way to do that in a better way.

I did not consider other solutions before selecting Microsoft Entra ID; that was the only one.

I have expanded usage of Microsoft Entra ID. The process of expanding usage was good.

My advice to another organization that is considering Microsoft Entra ID is to define your strategy, whether it is on-premises, cloud, or hybrid. Clean up your directories and identities, and then contact someone who knows how to integrate to implement this.

I provide this review with an overall rating of 9 out of 10.

My main use cases for Microsoft Entra ID include general identity management, identity protection, identity governance, identity security features, access reviews, logging and auditing, and overall protection. Now that it has been transformed into more of a Zero Trust control plane, I am utilizing the Zero Trust components as well.

The features of Microsoft Entra ID that I appreciate the most are the Conditional Access policies.

Conditional Access policies are my favorite because they provide granular aspects to enable features and offer flexibility across my user base, allowing me to provide the security features and protections needed for complex organizations.

Conditional Access policies deliver security features and protections required for complex organizations. The implementation of Microsoft Entra ID has had a positive impact on my secure access to apps and resources in my environment, ensuring that I am deploying and implementing things in a secure fashion. From a permissions and access control perspective, I am confident that I am giving access only to those who are authorized and providing permissions to those who need to be authenticated into the application.

Microsoft Entra ID can be improved by focusing on the fact that Microsoft is maturing more in their identity governance and access reviews, which is a positive development. I would recommend continuing to improve in that area because the governance of access reviews is becoming an increasingly popular requested feature.

I would assess the stability and reliability of Microsoft Entra ID as being very good based on the public downtime and events that have occurred across the Microsoft cloud organization. The uptime has been in the 99 percentile, and from my recollection over the past two years, I have observed at most 12 hours of downtime.

Microsoft Entra ID scales effectively with the growing needs of my organization. I would say it is right-fitted for my needs. I have experienced very quick and easy onboarding, and it is scalable for my admins to transfer that knowledge across the team. I have been able to onboard and offboard and protect my users across the various services and solutions that they use, both first-party and third-party, making it very successful for growing my Microsoft Entra ID platform.

I have expanded usage, and the process has been smooth. I have expanded from typical Office 365 services to Azure services and third-party enterprise applications, making it easy and familiar for my team to grow the platform.

On a scale from one to ten, I would rate customer service and technical support a seven. This rating depends on who I receive as a support personnel, but overall, their SLAs have been improving over the past few years, and I give this rating based on them meeting more consistently to their SLAs and improving the personnel they are training. It is not perfect, but it can be improved based on how they create their procedures for their new trainees to provide customer support.

I would evaluate customer service and technical support similarly to my previous answer, around seven out of ten, where it depends on the person I receive and the workflows or procedures that they follow. I am aware that they have many vendor-contracted support personnel versus native Microsoft support employees. Depending on who I receive as my technical support person, they may have more historical knowledge about the product. Considering Microsoft Entra ID used to be Azure Active Directory and was more heavily focused on on-premise solutions, the quality of support will depend on the history of that personnel.

Prior to adopting Microsoft Entra ID, I was not using another solution to address similar needs.

Factors that led me to consider Microsoft Entra ID include familiarity with the platform and a scalable approach across the ecosystem.

I would describe my experience with deploying Microsoft Entra ID as streamlined because of legacy knowledge. I felt it was more of a skilled familiarity across the board, making it more streamlined for my organization to roll out Microsoft Entra ID.

What worked well with the deployment of Microsoft Entra ID was that initially when moving from on-premise to the cloud, the Microsoft Active Directory Connect Sync was somewhat glitchy or buggy. That was over ten years ago, but since then, the versioning of Microsoft Entra ID Connect has matured and evolved over the years to allow a more streamlined approach to synchronize identities from on-premise Active Directory into Microsoft Entra ID and ensure a more visible approach to troubleshoot when certain identities were not matching. That was the biggest challenge many years ago.

My experience with the deployment history of Microsoft Entra ID is historical and very long. My biggest challenges were initially the synchronization from on-premise identities to the cloud. Now if I am enabling any new users as a cloud-first approach, it is as simple as either uploading a CSV or having my admins manually input the new user credentials. It has become very streamlined and simple from a deployment perspective.

I have seen a return on investment with Microsoft Entra ID through its integration and platform approach, which has unlocked many good integrations across the applications and features I use.

My experience with pricing, setup costs, and licensing for Microsoft Entra ID is that I think the pricing is straightforward. Microsoft is keeping competitive with their other identity competitors, and their feature bundles are good.

Before selecting Microsoft Entra ID, I considered other solutions based on competitors such as Okta and SailPoint as a competitive analysis. I found that the overall platform approach with Microsoft Entra ID was the most feasible option for my organization.

Microsoft Entra ID's integration capabilities have influenced my Zero Trust model in significant ways. Without the Zero Trust model, I noticed that my users and organization had the doors wide open, making us more vulnerable to user access gaps and weak points in my authentication to my environment. By enabling the Zero Trust components, I have been able to have more visibility, control, and monitoring to right-size, right-fit, and adjust my controls more effectively.

Since implementing Microsoft Entra ID, I have observed changes in the frequency and nature of identity-related security incidents in my organization. It has made it easier to track incidents through the auditing and logging components, which has been crucial to managing it directly within that control plane or sending those logs to a SIEM such as Microsoft Sentinel to provide a more scalable solution to monitor, prevent, and remediate those actions.

Implementing Microsoft Entra ID has changed my organization's approach to defending against token theft and nation-state attacks. It has made it a lot more visible, so the change has been that I feel more at ease knowing that I can find and tune things to prevent and recover a lot faster.

The impact of the features such as token replay detection, attacker-in-the-middle detection, and verified threat actor IP in Microsoft Entra ID Protection on defending against these threats is significant. The real impact is remediation, and if the tool itself did not have the detection or algorithms to find those three components, I would be blind. Having those features built in to provide the type of attacks has given my analysts and operations teams the ability to remediate and trigger a response such as isolating a user, resetting a password, and knowing the actual category and severity of the threat.

These features benefit my organization based on the categories of threat. For example, if I did not know a user was risky or at a certain risk level, I would not know how to respond. If a user is traveling and I am getting unusual travel location alerts for this user because they have not signed into a certain city or country within a time period, or they are in a location that is miles away where they would not have been able to log in in that time window, those metrics and reporting make it more valuable for me to do my response.

The implementation of device-bound passkey in Microsoft Authenticator has affected my organization's approach to phishing-resistant authentication by enabling passkeys. I am following many of the best security frameworks within NIST and CSF, and that implementation was very smooth considering Microsoft has enabled support for various RSA and third-party solutions to integrate. I do feel a lot more protected.

I would advise another organization considering Microsoft Entra ID to ensure that price, budgetary components, and features are aligned and provide future growth for deployment within your organization. I recommend considering all three factors to help make your decision and ensure that you are being protected now and for future innovation. I would rate this review an eight out of ten.

My main use cases for Microsoft Entra ID began with it serving as the authentication back-end for Office 365 investments; now it's starting to function as a federated IDP for us.

The feature of Microsoft Entra ID that I appreciate the most is the level of integration that's available in the partner network.

The implementation of Microsoft Entra ID helps with timely termination controls regarding secure access to apps or resources in my environment.

I believe Microsoft Entra ID can be improved, and I think it's already on the roadmap. We value the selective sync where Microsoft Entra ID is actually the authoritative source and then will provision down to Active Directory. That's a significant priority for us. We're always looking to understand how they're addressing agentic AI, but the primary thing I would prioritize if we could do this again is the ability to keep a SAM account name instead of having to use a UPN. This causes considerable challenges for us as a customer because we have to reissue identities to everybody.

I have been working in my current field since 2020, so almost five years and change.

I would assess the stability and reliability of Microsoft Entra ID as generally pretty good and on par with other cloud providers. Historically, we've seen a major outage occur every other year or so, where those events have significant downtime that wipes out essentially the entire capability of the hyperscale provider.

I have experienced downtime, crashes, or performance issues with Microsoft Entra ID.

I believe Microsoft Entra ID scales pretty well with the growing needs of my organization. Microsoft continues to innovate, so I'm not worried about the number of identities I put in it and the performance by any means. It really comes down to how well the Microsoft vision for agentic AI aligns with what the rest of the world chooses to do and at the pace they choose to do it.

On a scale from one to ten, I would rate customer service and technical support a six.

I give a rating of six because I think this is a trend for every tech provider; support is decreasing in quality categorically across the board, and many organizations are trying to implement AI-based strategies for support agents that simply aren't very good yet. That changes every couple of months, but historically, we have had a hard time going through and getting the right engineer or skill set on a call. The big change seems to be that they want to collect some logs and then go away and come back, rather than joining us on a bridge to work through issues. This is problematic based on how most organizations, ours included, choose to solve problems at scale in real-time.

I would evaluate customer service as usually great; everyone's friendly, nice, and helpful. However, the technical support depends on who you get and how fast you can get them on a call, which can make or break a support experience.

We were using another solution, SiteMinder, to address similar needs before adopting Microsoft Entra ID.

I would describe my experience with deploying Microsoft Entra ID as relatively easy, provided you have applications that support modern authentication protocols. We are a customer that had a number that were not supporting that, so we had to come up with alternative, deeper integrations and capabilities to make that work. Going through and not being able to support SAM account names was a challenge. We don't have publicly routable UPN, so being an alt ID customer and making a bunch of changes is a challenge. I think these would be the things I would have criticisms for regarding feedback.

Regarding my experience with deployment, I think once the system is up and running with the basic integrations back to AD or wherever it needs to be, it's pretty straightforward. I think the catalog of applications to integrate with is very large. For things using modern auth, the setup usually takes a couple of hours depending on the fidelity of the application team that you're working with, and it's relatively smooth and easy once you get the foundational components in place.

I think that I have seen return on investment with Microsoft Entra ID, as I believe it is becoming a commodity.

My experience with pricing, setup cost, and licensing is that going through and being able to use these things is always part of delivering an M365 bundle, so I don't think the experience is great because the only way you can make a deal is with significant takeouts of other platforms to afford it.

In selecting Microsoft Entra ID, we considered everything; it was a massive RFP. We looked at Ping, Okta, CyberArk when they acquired Idaptive, and we surveyed a huge remit of tools.

Microsoft Entra ID's integration capabilities haven't influenced my Zero Trust model.

Since implementing Microsoft Entra ID, we cannot share any changes I have observed in the frequency and nature of my identity-related security incidents in my organization.

My organization's approach to defending against token theft and nation-state attacks has stayed the same since implementing Microsoft Entra ID.

Regarding the features of Microsoft Entra ID, the question is which features and the Entra feature set.

In general, I find Microsoft Entra ID interesting because I don't think there's a great answer for that. It's the bundled set that comes with the M365 SKU sets, and you kind of end up having to use it. Many of the benefits and features we value center around the level of simplicity, as well as the deepest integrations with Microsoft Active Directory as a customer that does sync. I think the opportunity to go through and do connected devices in the field is really the future-looking set of functionality we're most interested in.

I can share that there's not a lot of novel capability from Microsoft Entra ID that isn't being made up from an Okta or a Ping, or other new players to the market. Single sign-on identity provider style capabilities are nothing new or novel or innovative anymore.

Our organization uses different authenticators concerning the implementation of device-bound passkeys in Microsoft Authenticator and how it has affected our approach to phishing-resistant authentication.

What stood out to me in the evaluation process, both positive and negative, was the opportunity for Microsoft to do more with it. Knowing that it was truly the largest identity provider on the planet was also helpful for us. The size and scale, and hopefully the resiliency of the platform, were great talking points.

The factors that led us to consider a change were performance, cost, support, and scalability.

My advice for other organizations considering Microsoft Entra ID is that it makes sense if you're going to go all-in on the Microsoft ecosystem, because you have to make the case for the bundle of at least two or three products to afford it. I would rate my overall experience with this review a seven out of ten.

The main use case for Microsoft Entra ID is the replication of Active Directory, where we manage all of our users. This is the most popular thing that we do, and we use PIM and Conditional Access as well.

The feature of Microsoft Entra ID that I like the most is Conditional Access.

We benefit from using features such as PIM, Conditional Access, and all the features that are most popular in Microsoft Entra ID.

The implementation of Microsoft Entra ID has had a high impact and a good impact on our secure access to the apps or resources in our environment. We need to involve the users, and all the complaints that we have will improve the security, but the impact is very good.

One way Microsoft Entra ID can be improved is through better integration with other platforms.

I have been using Microsoft Entra ID for four or five years.

Regarding the stability and reliability of Microsoft Entra ID, we have some issues regarding a team.

We have experienced downtime, crashes, or performance issues.

Microsoft Entra ID scales well with the growing needs of my organization as it is part of the business.

I have expanded usage.

In expanding, we are planning to move in the implementation of Defender for Endpoint and another tool that is used by Microsoft Entra ID.

I would rate my customer service and technical support as really good on a scale from one being the worst to ten being the best.

Prior to adopting Microsoft Entra ID, I was not really using another solution to address similar needs.

I would describe my experience with deploying Microsoft Entra ID as really good.

I did not face any challenges.

My experience with the deployment of Microsoft Entra ID is that we are ready to replicate our Active Directory identities in Microsoft Entra ID, and we are working to integrate with other Microsoft applications, which is the main issue.

I have not really seen a return on investment with Microsoft Entra ID.

My experience with the pricing, setup costs, and licensing of Microsoft Entra ID is that it is very complex to understand.

I did not consider any other solutions before selecting Microsoft Entra ID; this is our first decision.

Since implementing Microsoft Entra ID, I have not observed any changes in the frequency or nature of identity-related security incidents in my organization.

My organization's approach to defending against token theft and nation-state attacks has changed since implementing Microsoft Entra ID.

The implementation of device-bound passkeys in Microsoft Authenticator has created resistance in my organization as using cell phones is very complicated.

The advice I would give to another organization considering Microsoft Entra ID is that this is the best solution. I would rate this review a nine overall.

My main use cases for Microsoft Entra ID are protecting company data and authentication. We use on-premises Active Directory and sync everything to Microsoft Entra ID, and we protect all of our apps with single sign-on and multi-factor authentication.

The features I value most about Microsoft Entra ID are single sign-on, multi-factor authentication, and Conditional Access. It is easy to use and you can get very granular with the controls.

Microsoft Entra ID has provided my company with visibility into everything that is occurring regarding authentications for any application across all apps. It also helps with user password resets and improves password reset management in general.

One feature I would like to see released for the next generation of Microsoft Entra ID is the ability to set password requirements for cloud-managed accounts. Currently, there is a single password policy set to eight characters, and I cannot modify the policy. Upcoming requirements will necessitate 12-character passwords, and it is impossible to configure this. This capability is needed.

I have been working in my current field for 11 years.

Microsoft Entra ID has good stability and reliability. I generally do not experience crashes or problems, except during global issues, which occur infrequently.

Microsoft Entra ID has influenced my zero trust model through the implementation of very strict Conditional Access policies. We have approximately 100 Conditional Access policies to ensure that only allowed devices can access the applications they should have access to. We have device-based policies and user-based policies, and we are quite advanced in our Conditional Access policy implementation.

I did use Microsoft Customer Service, and it is problematic. The issue with Microsoft Customer Service is that we have many experts in our IT department, including myself as an Entra expert, Exchange experts, and other specialists. When we contact Microsoft Support, it does not matter that we are experts; we must start at the very bottom. It takes considerable back and forth to describe the issue and to convince first-level support that we only contact support when necessary. It is very difficult to convince them that what we are experiencing is actually a problem and not merely a configuration issue or something basic. Therefore, it takes a very long time to get the appropriate level of support.

Neutral

I did not consider other applications or solutions because we purchased Microsoft Entra ID as part of our migration to Microsoft Exchange Online. We were using Microsoft solutions on-premises, so moving to the cloud was the natural progression.

I was not involved in the initial deployment of Microsoft Entra ID. I am currently involved with new features and releases. During the initial deployment, I was managing devices, endpoints, and security.

From the security perspective, I see a return on investment from Microsoft Entra ID. Visibility provides a measurable return.

An example of Microsoft Entra ID's impact is that most of our apps now use single sign-on. Previously, apps used local or application-specific usernames and passwords, which was too much for users to remember. This resulted in frequent password resets and left IT with no visibility into user activities. Microsoft Entra ID has definitely improved this situation.

Integration capability does not influence my zero trust model.

Our deployment is hybrid, with the cloud portion in Microsoft Azure.

I rate this product an 8 out of 10.

Digital Workplace

Cloud Infrastructure Administators

Microsoft Entra ID grows with the needs of our organization. When there's something new, we're usually ready to consider it. It's not too far ahead, but it's not missing major thigns we need either. It's sometimes even bringing ideas for our own identity provider, which creates pressure for our own identity provider to keep up with Microsoft Entra ID.

The main factors that led me to consider Microsoft Entra ID are that on Azure, it's unavoidable. There's no other way. That was an argument sometimes we had to use even internally when people asked why we were using it. The fact that we ended up expanding it to AWS as well for single sign-on was because it's this kind of industry standard that every single sign-on solution supports. We could use some features that were relatively unique to Microsoft Entra ID or in a way that we already had them configured for Azure, so we're getting them for free when we're just expanding the population. When we implemented access reviews, we have the same thing now for AWS as well. There were some things like that which we got almost for free because we had already invested in Azure.

The areas where Microsoft Entra ID could improve include the fact that it is a de facto standard but not a real standard, leading to strong vendor lock-in, which sometimes makes us avoid Microsoft Entra ID for certain purposes. That is number one. Second, I would say it is difficult for us to use it for end-user applications.

The B2C model is quite unworkable in our case. We have a lot of different ecosystems of customers, a big organization doing different things. The end user populations are not the same, and it's becoming really difficult and unwieldy to manage, I don't know how many tenants for a thousand applications. We really have a thousand applications, and I would say maybe fifty different ecosystems. That's why this is a part where we opt for our own identity provider instead of Microsoft Entra ID. Maybe some kind of redesign of B2C would be more interesting, but I don't know exactly how. I would need to go in a design session to know what to propose specifically.

What would make it a ten for me is that I don't know to the extent it's possible, but full infrastructure-as-code management. A little bit more openness and contribution to identity standards would be beneficial. I know that Microsoft Entra ID is doing a lot of things for which there's no equivalent standard, but it would be interesting to see at least the creation of standards or suggestion of standards for the industry to catch up. I understand it's not necessarily the most interesting thing for Microsoft, but it could reduce resistance in our organization.

Prior to adopting Microsoft Entra ID, I have not used another solution to address similar needs. Nothing really comparable.

I assess the stability and reliability of Microsoft Entra ID as having no problems with this. It's good.

I would evaluate Microsoft support for their products on a scale of one to ten, and I think it depends a bit on the product. On Azure, we had some misses sometimes where support was around the clock, and if we're not responding quickly, another person was picking up and we're starting the conversation again. We had a few cases like that, particularly for security products which are quite complicated. Other than that, we had a very good experience with the cloud solution architects and the designated engineers from there. We had a pretty good experience. It's just that sometimes it's difficult to find the right resource. Usually, they are specialized on one thing, and if you go a little bit beyond their domain, it might take some time until you find the right information.

Positive

We have not considered similar solutions before going with Microsoft Entra ID. We know that there are other organizations in our ecosystem that used Okta. Because we didn't have enough central support for this kind of solutions, we could not even consider going to yet another product and doing the procurement, the evaluation, the return on investment, and things like that. We went for something that was already available in our organisation.

I would describe my experience deploying Microsoft Entra ID as generally going well, other than the provisioning of the licenses. There were a few things that were a bit challenging. One thing that's a bit unclear to me to what extent it's still valid since I'm no longer in that team for less than a year, but the fact that some things in Microsoft Entra ID we have to roll out by PowerShell and not by Bicep. This creates a bifurcation in our code. There are things that we have to do in Bicep as we do everything else on Azure, and Microsoft Entra ID, which is a bit its own world where you have to do a few things by PowerShell. That was a thing, but it's manageable and not the end of the world.

It's always difficult to measure return on investment on Microsoft Entra ID since it's about security, which is a philosophical question. What I can say is that among all the cloud security costs we have, Microsoft Entra ID was among the lowest compared, for example, to endpoint protection and container logging and things. Nobody ever put these costs in question because they were low for the assurances we were feeling that we were getting for the management of identities in the cloud. We still have, of course, to be careful about when to use P1, when to use P2 and for which populations, but it didn't create a problem. Other security products where we actually ended up not rolling them out because of their cost.

On the digital workplace side, I was not directly involved. For the whole Microsoft 365, we got it as part of the license, which is fine. We have enough guest accounts, so I could not distinguish Microsoft Entra ID from Microsoft 365 on that side because they go together. On the Azure side, we didn't have any major problem. We had some procurement-related problems because we could not self-provision Microsoft Entra ID licenses the same way we could do it for other Azure resources. We still have to pass through a separate process just to get Microsoft Entra ID licenses, which is inflexible. For example, if I have a new team, I can give them an Azure account and it's really pay as you go. But to get them the licenses, fundamentally, I have to place an order at the beginning of the year, and it follows a completely different, much more old school procurement workflow. I don't know to the extent this is because of my organization or because of Microsoft. I think we kind of ended up mirroring each other because Microsoft has this license and Azure walls which behave very differently, and I think in our organization, we copied this and we ended up doing two different procurement processes for those two different worlds, and one is way more inflexible than the other.

My advice for someone who is considering Microsoft Entra ID is to start early with governance and not leave it for later, as we did. I would say follow the recommendations of Microsoft and not do things your own way because sometimes, if we are coming from another provider or from on-premises, we sometimes end up doing ineffective things. I think that's it, and don't improvise too much. My overall rating for this product is nine out of ten.

The main use cases for Microsoft Entra ID in this company involve granting permissions across different Databricks workspaces or Synapse, and leveraging the same identity across Power BI integration and semantic models.

What I find most valuable about Microsoft Entra ID is centralizing identity. I think that's the power of this. I don't need to worry too much about how to set up the groups. I just need to get access and assign it to the correct place. Centralizing everything and making it more transparent for me while leveraging these groups and users in my applications represents the best difference.

The impact of Microsoft Entra ID on security is that it grants permissions to those who need to see the information. I think that's the main goal of Microsoft Entra ID features.

I'm not sure how Microsoft Entra ID's integration capabilities have influenced my zero-trust model. This one is hard to answer.

Since having Microsoft Entra ID, I have not observed any changes in the frequency and nature of identity-related security incidents in my company.

So far, I've never heard about token theft and nation-state attacks issues since implementing Microsoft Entra ID, but I hope to keep it this way.

I don't see any area of improvement for Microsoft Entra ID for my usage. I think it's perfect for me.

I'm not aware if Microsoft Entra ID could be cheaper, but if it can be cheaper, it's a good way to keep customers linked to it.

Usually when people talk about Azure, they talk about cost. I think Microsoft Entra ID is not as expensive as AWS, but cost is usually the main concern.

I have been using Microsoft Entra ID for a couple of years. Every company that I worked with had the previous Active Directory, now Microsoft Entra ID, so I'm using it for at least ten years. Most of the companies work with Azure.

I have never had any problems with the stability and reliability of Microsoft Entra ID. During the demo today, there was a gap between Microsoft Entra ID and the sync. However, this was the first time that I observed something of this nature. Before it, I never saw any problem.

Regarding scalability, Microsoft Entra ID has been able to scale to the workloads that my company needs. So far, that's the least critical concern about scaling. I think it performs very well. The company is pretty big with a few thousand employees, and it works very well, considering not only the users but the application IDs and other elements.

I think the customer service and technical support for Microsoft Entra ID are great. Every time that I had to get in contact with them, the answers are fast and they are very helpful in trying to solve the problem.

Positive

My company did not consider other tools before choosing Microsoft Entra ID.

With my experience, the deployment process for Microsoft Entra ID is pretty straightforward. Using Azure CLI, it's quite simple to make the assignments and everything else. I don't provision users; I just consume what is ready. So it's quite simple for me.

I guess the biggest return on investment for Microsoft Entra ID is linked with security. Security definitely helps protect the company image from leaking and from issues. I think when we put this on the table, I don't know if the cost to buy something of this nature matters too much because the impact is much more significant.

While using Microsoft Entra ID, we are not considering something else.

I think AI is also connected with Microsoft Entra ID. It acts on behalf of someone. All the features that I'm seeing in the event are already making transparent how AI is connecting or using the data and the artifacts around the cloud that is on behalf of someone. I think that's a great feature.

The implementation of device-bound passkeys in Microsoft Authenticator is a step forward to make things more secure and harder for someone with second intentions to go through your architecture and platform. I think this was an implementation to keep things more secure in general, and it definitely did.

My advice for other companies considering Microsoft Entra ID is that if you want to simplify your identity management and focus on your core business, Microsoft Entra ID is a good option. I would rate this product a nine out of ten.