We changed our name from IT Central Station: Here's why
NuwanPerera
Head, IT Infrastructure at a comms service provider with 201-500 employees
Real User
Top 20
Integrates well with other applications and makes monitoring easy
Pros and Cons
  • "Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data."

    What is our primary use case?

    We have integrated our internal applications and cloud applications with Azure AD. We also have a few external applications for which we need to implement a self-service portal and handle requests such as password reset.

    We have external applications such as Cloudspace, and we have integrated Azure AD with Cloudspace. We mainly use a single sign-on. Our main target is to go through all single sign-on applications and integrate them with Azure AD. We also need to audit everything in Office 365. Our mail system is Office 365, and we also do some auditing.

    We are also implementing Intune. We have deployed some basic policies for mobile devices, and we are working on improving those policies. We need to configure conditional access and improve policies for the applications and devices. We are doing some testing, and it is in progress.

    In terms of deployment, we have a hybrid deployment of Azure AD. We have the 2019 version of AD on-prem.

    How has it helped my organization?

    We are able to do complete onboarding through AD. The users have access through the AD login, which is synced with Azure AD. We have a hybrid environment, and every cloud application is accessed through AD. We have defined AD policies related to password expiration, limitations, etc. It has provided smoother accessibility.

    Previously, when we had on-premise AD, to reset their own passwords, users had to use a VPN or bring their laptop to the office. With self-service, users can easily change their passwords. This reduces the workload for IT support. If their password gets locked, they can unlock it themself by using Azure AD. Previously, it was also difficult to integrate with external applications, but with Azure AD, integration with external applications is easier. 

    Azure AD makes it easier to see and monitor everything in terms of access. We can see sign-in logs or audit logs, and we can also integrate devices by using Intune. So, we can manage BYOD devices inside the organization.

    What is most valuable?

    We are using Conditional Access, MFA, and AIP. We have integrated it with Intune, and we already have DLPs.

    Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data. 

    The audit logs are very good for seeing everything.

    For how long have I used the solution?

    We started using it at the end of last year.

    What do I think about the stability of the solution?

    It is stable. I haven't faced any issues. There could be some issues related to syncing because of on-prem, but overall, it is quite stable.

    What do I think about the scalability of the solution?

    I don't have much experience with scalability. I only use tier one or Premium P1, and I want to move to Premium P2 that has more security levels and more advantages.

    In my previous companies, there were a thousand users. In my current company, we have less than 500 users. It is working fine, and there are no issues.

    We plan to expand our usage. If it is possible, we plan to upgrade our subscription to Premium P2. We have introduced it to one or two companies who were looking for such a solution. We have already introduced the Azure AD hybrid platform for companies that had only an on-prem setup.

    How are customer service and support?

    Sometimes, there are issues, but they are usually because of user mistakes. We are able to fix such issues. We are able to find the issue and do troubleshooting. We are able to find information about what is wrong and how to fix it. 

    Their support is okay. They are able to resolve the issue, but sometimes, there is a delay because the ticket goes to the wrong person or the wrong time zone. I would rate them an eight or a nine out of 10.

    Which solution did I use previously and why did I switch?

    We have only been using Microsoft solutions.

    How was the initial setup?

    It is easy to deploy and not complex, but it also depends on your requirements. We have tenants and subscriptions, and we connect AD to Azure AD through Azure AD Connect, and they are periodically synced.

    The connectivity took a day or two. It doesn't take long. Sometimes, there could be issues with on-prem because of not having a standardized setup or because of parameter duplication, but after we resolve the issues, it doesn't take long. For its setup, only one person is generally required.

    What about the implementation team?

    It was implemented by me, and I also had one guy's support. 

    Our infrastructure team takes care of the maintenance part. They are taking care of monitoring. If there is an alert or something happens, they take care of it. It doesn't require much maintenance. One person can manage it.

    What was our ROI?

    We have been able to achieve our target and requirements for security. After the move to Azure AD, the security level is high. The users have to change passwords and do MFA a few times if something goes wrong, and if they can't, the device is going to block them. Sometimes, users are not happy, but at the organizational level, it is good. It is costly, but the improvement is good in terms of performance and security.

    What's my experience with pricing, setup cost, and licensing?

    It is a packaged license. We have a Premium P1 subscription of Office 365, and it came with that.

    Which other solutions did I evaluate?

    Two or three years ago, we were looking at some open-source solutions.

    What other advice do I have?

    I would rate Azure Active Directory a nine out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Leandro Oliveira
    Infrastructure Manager at trt18
    Real User
    Top 10
    Enables us to apply security policies and manage a large number of users and their hardware
    Pros and Cons
    • "The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera."

      What is our primary use case?

      We are using it for all non-structured data and as an identity manager for all of our accounts. In addition, we use it also to authenticate Google services, because we have Google Workspace for email, and to integrate other tools with our services. We are able to keep it all going, balanced, and synchronized. It's very good. We use it for just about everything that we need to do an identity check on.

      How has it helped my organization?

      We couldn't live without the Active Directory services. It has helped to improve our security posture. We have a lot of users and hardware to manage and we can do that with Active Directory.

      What is most valuable?

      The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.

      For how long have I used the solution?

      I have been using the Active Directory solution for three years. I'm responsible for almost all infrastructure services in our organization.

      What do I think about the stability of the solution?

      It's pretty stable. In the three years, the service has never been down.

      What do I think about the scalability of the solution?

      As far as I know, it works for 10,000 and 100,000. It's just difficult to find current information, such as how much hardware and how many licenses we would need to keep it going. But it's scalable and works really well. We can keep adding servers and scale up or out.

      We don't have another company that provides support for Active Directory. On my team, there are three people who work with it, and we have about 2,000 users in our company.

      How are customer service and support?

      To be honest, I can barely navigate Microsoft's support. Microsoft is so well-known and there is so much information to look up on the internet, that we have never come to the point where we have actually had to open an issue with Microsoft's team. We can almost always find out the information that we need by looking it up with Google or in Microsoft's Knowledge Base.

      Which solution did I use previously and why did I switch?

      We used to use LDAP, a free tool, but since almost all of our hardware needed integration, we had to move to Active Directory. We couldn't apply the policies that we needed, using open source, and we couldn't keep the integration going the way we needed to.

      We are really happy with how the functionality Azure Active Directory gives us. I have a security policy applied to all workstations. Before, all of our users could configure their machines the way they wanted to. As a result, we often had to reconfigure and do other things to them as well because the computers were crashing. We almost don't have to do that anymore.

      How was the initial setup?

      The trick was to immigrate from LDAP. We had to get all the properties from the files into Active Directory, so it took some time. When we did that, there were some issues with the system and we had to do it manually. It would be nice if they had a service that would make it easier to migrate from LDAP to Active Directory, keeping all of the properties from files and non-structured data as well.

      What was our ROI?

      It gives a good return on investment. The amount of first-level support we have had to give internally has dropped a lot since we applied the policies and restricted our users. But our users are now more satisfied because their computers don't have the issues that they had before. Before Active Directory, there were many issues that our users complained about, like worms and malware. We don't have those issues anymore. Even with endpoint protection we had some cases of viruses in our company, but now we don't have them either.

      Directly, I couldn't calculate the return on investment, but indirectly we saved by reducing work for our team, and we are keeping our users satisfied.

      What's my experience with pricing, setup cost, and licensing?

      The process for buying licenses from Microsoft is somewhat messy and really hard to do. We have to talk to someone because it's hard to find out how many licenses we need. If I'm applying for 2,000 users, how many Windows licenses do we need?

      They could also charge less for support. You buy the license, but if you want to keep it in good standing, you have to pay for the support, and it is expensive. It's okay to pay for the license itself, but to pay so much for support...

      Which other solutions did I evaluate?

      We were thinking about buying another tool, to be capable of managing and keeping all the identities within our organization current. But we had to go straight to Microsoft because there are no other solutions that I know of. By now, almost all organizations are using Windows 10 or 11, and it would be hard to achieve the possibilities that we have with Active Directory if we used another service.

      What other advice do I have?

      We are integrated with NetApp because we use NetApp storage. It's pretty awesome. We are also integrated with many others, such as our data center hardware with storage from IBM. We're using it for logging switches, as well. It works really well.

      My advice to others would be to look at the options and focus on how you can pay less. Do the research so that you buy just the essential licenses to keep it going. If you don't do the sizing well, you can buy more, but it's expensive to keep it going and pay for support.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Flag as inappropriate
      Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
      564,643 professionals have used our research since 2012.
      Senior Information Technology Manager at a manufacturing company with 10,001+ employees
      Real User
      Top 5
      Has a high learning curve, confusing licensing when users have hybrid deployments, and isn't very intuitive
      Pros and Cons
      • "It's not intuitive and we use it mainly for our Office 365 files. The integration between the two is interesting. However, the learning curve is high."
      • "The scalability of the solution is good."

      What is our primary use case?

      The solution is a hybrid cloud with connectors into Azure/Microsoft 365 cloud.

      How has it helped my organization?

      I am still figuring out the whole on-prem/Azure Active Directory Premium/Microsoft 365 integrations and administrative connections.

      What is most valuable?

      The scalability of the solution is good.

      Technical support can be helpful.

      What needs improvement?

      It's not intuitive and we use it mainly for our hybrid capability now and are expanding our footprint in Microsoft 365. The integration between on-prem and Online is interesting. However, the learning curve is high.

      When you have an Office 365 enterprise subscription, it comes with Azure Active Directory, however, you don't have an Azure subscription. Yet, all of our active directory connectors put our credentials into the Azure Active Directory. 

      There are enough things that aren't implemented on our side and we are in the middle of this transition.  I don't blame the product necessarily for that. However, there are links and items within Microsoft 365 that still point back to the .com side.

      Items seem to continue to move, such as security and compliance. Now there's a security portal and a compliance portal, and all three are still being maintained, however, one's being phased in and the others are being phased out. Things continue to change. It's just been a bit to learn. There's a lot to keep track of. There should be a bit more transparency.

      The Office 365 subscriptions are a bit confusing with a hybrid environment with what credential has an Microsoft 365 subscription.  However, then some of the documentation I was reading this week was where I ran into a wall. This particular document clearly showed that when you have a particular ability on the Azure side, and then you have another ability on the Office side, intuitively the Microsoft cloud knows to give you certain other rights, to be able to do stuff. This settings and configurations are in different places. Some things are then in the Exchange Online, some things are in the Intune section, etc.

      I am not sure if the intent is to have an Microsoft 365 administrator with a second subscription for a cloud admin account or not.  I was trying to do something in Exchange online and received a message that I couldn't do it because I didn't have a mailbox. It's frustrating and confusing at times. There are things like that just are a different user experience between on-prem and online.

      The Microsoft Premier Agreement we have has been very beneficial and we have had an excellent experience with a couple of different short cycle projects.

      For how long have I used the solution?

      We've been working with the solution for just over a year and I have been involved for the last five months. It's been under a year, and not very long just yet.

      What do I think about the scalability of the solution?

      The scalability seems to be there.  We are not a very big shop but we have unique needs and requirements.

      How are customer service and technical support?

      The premier services we have are very good. We have a contact that's been with Microsoft a while and that's really saved us. The reach back into field engineers and their amazing ability to get the job done have been hugely beneficial.  The Exchange Online engineer we had was worth double what we paid for. It was amazing. If it weren't for that, I am not sure if we would have made our schedule.  Often the timing hasn't lined up, with short notice compliance requirements and implementation constraints due to configuration or version of technology.  They are very responsive, but depending on if it's break fix or planning, the planning side as longer cycles.   

      How was the initial setup?

      I wasn't a part of the initial setup. I can't speak to how long the deployment took or how easy or difficult the process was.

      What about the implementation team?

      We had assistance with the setup. We're actually bringing in some more help as our needs have short turn cycles and some ageing infrastructure that we still have to move online.

      What's my experience with pricing, setup cost, and licensing?

      I would say to make sure you have a trusted integration partner or someone on staff that has been through this transition.

      What other advice do I have?

      We're just customers. We don't have a business relationship with the company.

      While we use the on-premises model, we also have it synced for hybrid functionality.

      With COVID especially, there have been a lot of changes in a lot of companies and a lot of rethinking of processes lately.

      We're in the process of rolling out Office 356 internally. We've had really great feedback that people really like Teams, and we want to move more into that area. We had a roadmap meeting with Microsoft a few months ago. It was probably five months ago, four or five months ago.

      Some of the more accessible types of items were on the roadmap for the first quarter of this year. However, Microsoft's working hard at listening to customers, especially through the COVID situation that changed a lot of work and priorities. The collaboration stuff has changed. They've been pushing a little bit more on getting some more integrations. We're not going to have that kind of clout where I am, however, where I used to work, we would have. We were the ones that were making sure the Exchange got upgraded and got to the developers.

      I would rate the solution at a six out of ten. If the solution offered better transparency/clarity I might rate it higher.

      Which deployment model are you using for this solution?

      Hybrid Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Microsoft Azure
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Rohan Basu
      IT Manager at a tech services company with 10,001+ employees
      Real User
      Responsive and knowledgeable support, good documentation available online, and single sign-on integrates seamlessly
      Pros and Cons
      • "The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in."
      • "In a hybrid deployment, when we update a license by changing the UPN or email address of a user, it does not get updated automatically during normal sync. This means that we have to update it manually from Azure, which is something that needs to be corrected."

      What is our primary use case?

      My primary use case is Azure SSO. Then, it is a hybrid synchronization of users and computers, and also for SCIM provisioning.

      How has it helped my organization?

      Using this product has helped improve our security posture. I don't handle security directly, but I know that our security team was able to identify logs containing erratic behavior, such as logins that were not authentic. They were able to identify and solve those problems.

      This solution has improved our end-user experience a lot because previously, users had to remember different passwords for different applications. Sometimes, the integration with on-premises AD was a little bit difficult over the firewall. However, with Azure, that integration has become seamless. The users are also happy with the additional security afforded by multifactor authentication.

      One of the benefits that we get from this solution is the Azure hybrid join, where my presence of the domains is both on-premises and on the cloud. It has allowed us to manage the client machines from the cloud, as well as from the on-premises solution. We are currently building upon our cloud usage so that we can manage more from the Azure instance directly.

      Our cloud presence is growing because most people are working from home, so the management of end-users and workstations is becoming a little challenging with the current on-premises system. Having cloud-based management helps us to manage end-users and workstations better. This is because, with an on-premises solution, you need a VPN connection to manage it. Not all users have a VPN but for a cloud-based solution, you just need the internet and almost everyone now has an internet connection.

      What is most valuable?

      The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in.

      I like the SCIM provisioning, where Azure is the single database and it can push to Google cloud, as well as Oracle cloud. This means that the user directory is synchronized across platforms, so if I am managing Azure AD then my other platforms are also managed.

      What needs improvement?

      In a hybrid deployment, when we update the UPN or email address of a user who has license assigned, it does not get updated automatically during normal sync. This means that we have to update it manually from Azure, which is something that needs to be corrected. Essentially, if it's a hybrid sync then it should happen automatically and we shouldn't have to do anything manually.

      Azure AD DS allows only one instance in a particular tenant, which is something that could be improved. There are people that want to have AD DS on a per-subscription basis.

      For how long have I used the solution?

      I have been using Azure Active Directory for more than three years.

      What do I think about the stability of the solution?

      Other than a few global outages, I have not seen any specific outages to the tenant that we use. In the typical case, we haven't faced any issues.

      What do I think about the scalability of the solution?

      The scalability has been good. For the infrastructure that we have developed, there were no issues. We have nothing in terms of abnormal outages or any abnormal spikes that we have observed. Overall, scalability-wise, we are happy with it.

      We have thousands of users on the Azure platform. The entire organization is on Azure AD, and everyone has a different, specific role assigned to them. Some people are using the database, whereas somebody else is using other infrastructure service, and the same is true for all of the different features. We have different teams using different features and I am part of managing identities, which involves using Azure AD and its associated features.

      How are customer service and technical support?

      The support from Microsoft is very good. I would rate them a nine out of ten. They are responsive and very knowledgeable.

      Which solution did I use previously and why did I switch?

      Prior to Azure AD, we used on-premises Active Directory.

      How was the initial setup?

      The initial setup was not very complicated because there are very good articles online, published by Microsoft. They give detailed steps on the process and including what challenges you may face. In our setup, the articles online were sufficient but suppose you run into any issues, you simply reach out to Microsoft for support.

      Taking the purchases, planning, and everything else into account, it took between three and four months to complete the deployment.

      What about the implementation team?

      Our in-house team was responsible for deployment. In a few cases, we reached out to Microsoft for support.

      Which other solutions did I evaluate?

      We have not evaluated other options. The reason is that the integration between Azure AD and on-premises Active Directory is seamless and easy. Both solutions are by Microsoft.

      What other advice do I have?

      My advice for anybody who is implementing Azure AD is to consider the size of their environment. If it's a large on-premises environment then you should consider a hybrid model, but if it's a small environment then it's easy to move to the Azure cloud model directly. If it's a small environment then Azure AD is also available on a free license. This is how I would suggest you start looking at having a cloud presence.

      Azure AD is easy to integrate and manage, and it will reduce your capital cost a lot.

      In summary, this is a good product but there is always scope for improvement.

      I would rate this solution a nine out of ten.

      Which deployment model are you using for this solution?

      Hybrid Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Microsoft Azure
      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      Flag as inappropriate
      Executive Director at a financial services firm with 1,001-5,000 employees
      Real User
      Top 20
      Gives users seamless integration with many products, streamlining user experience, helping them get things done
      Pros and Cons
      • "The single sign-on across multiple platforms is really the true advantage here. That gives you one ID and password for access to all your systems. You don't need to manage a plethora of different user IDs and passwords to all the systems that you're going to access."
      • "The downside is that we now have all our eggs in one basket with Microsoft. We have this great authentication and single sign-on, but if Microsoft has an outage in North America or globally, on Outlook or Teams, we're dead in the water... We get some type of hiccup once a quarter."

      What is our primary use case?

      Active Directory is used for authentication and provisioning for users and devices and granting them access.

      We're in a hybrid mode where we still have on-prem controllers as well.

      How has it helped my organization?

      The beauty is that it affords us more of an anytime, anywhere operation because we're not tied to an on-prem solution. From a customer experience standpoint, users don't really care about what goes on behind the scenes technically. They just want their lives to be easier. Now that they can access Office 365 globally, anywhere from any device, that's huge. That helps productivity and gives them the ability to get work done. And having to manage fewer passwords and user IDs is another true advantage.

      The solution gives users seamless integration to all these products and streamlines the user experience. That's definitely been a pro.

      In this completely upside-down world that we're in these days, with most people elsewhere and very few people in the office, it gives us tremendous flexibility for keeping people productive and providing them with access to the data and tools that they need to perform their jobs. It has given us the opportunity to move to this more mobile environment.

      Also, the SSO aspect improves our security posture because people aren't writing down or creating a list of all their passwords. Now they only have to remember one. It has definitely made it easier for them to manage. In addition, we've introduced MFA so that whenever you sign in, you're also challenged for approval on your mobile device. That adds to the security.

      What is most valuable?

      The single sign-on across multiple platforms is really the true advantage here. That gives you one ID and password for access to all your systems. You don't need to manage a plethora of different user IDs and passwords to all the systems that you're going to access. 

      What needs improvement?

      The downside is that we now have all our eggs in one basket with Microsoft. We have this great authentication and single sign-on, but if Microsoft has an outage in North America or globally, on Outlook or Teams, we're dead in the water. There is no drop-back-and-punt. There is no "Plan B." The bottom line is that if their services go down, our productivity goes with it. Working with them when we have outages can be very frustrating. We get some type of hiccup once a quarter.

      We get service notifications from them all the time that the services are under investigation or that there is some type of issue. More than the headache of not completely understanding the severity, we have to make sure that we communicate with our end-users. We get to the point where we're potentially "crying wolf." We're telling them there's a problem but some people don't have the problem. Then they get to the point where they just ignore our communication.

      Outages can last hours, but never more than a day. They can be regional outages where one area is affected and other areas aren't. The advantage is that it could be evening or night in the area that is down, so it's less impactful.

      For how long have I used the solution?

      I've been using Azure Active Directory at my current company for just about four years.

      What do I think about the stability of the solution?

      My impression of the stability is mixed. If it were really working correctly, it should be able to digest these outages by rerouting us to other areas. But that doesn't happen.

      What do I think about the scalability of the solution?

      We have a global footprint, so it scales globally, no doubt.

      How are customer service and support?

      Tech support from Microsoft has been cumbersome for Office 365. We don't really get the answers we want in a timely manner. There are times that we get the runaround, and that's the downside to being an early adopter and being on the leading edge. Sometimes we have to sometimes QA and work out issues with their products, which I'd rather not have to do.

      A larger shop, like a Goldman Sachs or a JP Morgan, is not going to adopt this stuff until it's mature. And that means that smaller companies, like ours, have worked out the kinks.

      How would you rate customer service and support?

      Neutral

      Which solution did I use previously and why did I switch?

      Before AAD we used the on-prem version with on-prem controllers. We went with AAD because there was no other option. We had their on-prem solution, and in the evolution directed by our CTO, everything is moving to the cloud. The next logical next step was to move to AAD.

      How was the initial setup?

      I didn't set it up, the guys who work for me did it. I think it was fairly complex because we're about to go through an acquisition and we are going to merge them into our tenant. We have to outsource some of that work to a third party to assist us with that because we don't have the in-house skills.

      What's my experience with pricing, setup cost, and licensing?

      Costs are constantly being managed. We don't really have a choice. It's the one shop in town. If you want this, you have to pay for it. We have an E5 license, which I believe is the most expensive license.

      What other advice do I have?

      From an AAD standpoint, I don't think we've had any issues. The data replicates correctly and no one really has a problem with their credentials from AAD. It's meeting our expectations.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      Flag as inappropriate
      Fernando_Aranda
      Desarrollador de .NET at Banco Azteca
      Reseller
      Great for multi-factor authentication and single sign-on capabilities with good scalability
      Pros and Cons
      • "We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem."
      • "Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite."

      What is our primary use case?

      We work with Active Directory in our own IT network in our office. We also deploy Active Directory projects in some other clients.

      Active Directory is an active directory service from Windows for a Windows Server operating system.

      We have synchronized identities on-premise with on-cloud identities in order to work with Microsoft-aligned services such as Office 365 and to work in the middle of hybrid topology for on-prem and cloud identities, as well as to be more productive with other capabilities that Azure Active Directory Premium offers. This includes, for example, single sign-on, multifactor authentication, Conditional Access, privileged access management, and Privileged Identity Management. Our current experience with Azure in the Cloud - Azure Active Directory - is it's very functional and productive in talking about identity and access management solutions.

      How has it helped my organization?

      In the last two years, as COVID has been present worldwide, the Azure Active Directory capabilities have allowed us to work completely in a remote way. It's not fully necessary to work at the office or in only certain locations. We are now fully capable to work from any location, any place in the world.

      What is most valuable?

      The most important thing about this solution is the capabilities for multifactor authentication and single sign-on that it offers for native Microsoft solutions and non-native Microsoft solutions.

      The solution has features that have helped improve our security posture. Azure Active Directory works with some technologies around security such as mobile device management, mobile application management, and Azure Information Protection as well as Conditional Access and multifactor authentication. These capabilities give us a good level of security.

      The solution has affected our end-user experience. For example, we work with several technologies in the Cloud, such as Salesforce. Azure Active Directory allows us to work within a single sign-on model. This allows us to work more easily, and not have to remember a bunch of different passwords for various applications. With a single sign-on, we can work in a more transparent way and we can be more productive, having direct access to our applications in the cloud.

      What needs improvement?

      Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite.

      For how long have I used the solution?

      I've been using the solution for the last 15 years or so. 

      What do I think about the stability of the solution?

      We have the service running all the time and it runs and works without an issue. Up until now, we have not had any problems at all in terms of the availability of the service.

      What do I think about the scalability of the solution?

      We know that if we need to integrate more than hundreds or thousands of users, we know this won't be a problem. We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem.

      How are customer service and support?

      We've contacted technical support several times over the last ten or so years. 

      Microsoft is a very big, important company. People working in technical support have been very professional and quick to respond. They're very good specialists.

      Which solution did I use previously and why did I switch?

      This is the first product that I consider as it is a powerful directory service and better than what any other company offers.

      How was the initial setup?

      The initial setup was very straightforward. We've worked with Azure Active Directory for the last three or four years and find it very easy to deploy. It might take maybe three days. 

      In terms of maintenance, we only have a couple of people dedicated to offering technical support. Once you deploy it, it's not necessary to give too much support after that.

      Which other solutions did I evaluate?

      I know that there are several other solutions, for example, Open LDAP, et cetera. I like the functionalities that Microsoft Active Directory offers. Therefore, it was not necessary to test any other technology.

      I'm pretty sure that one of the main advantages of Microsoft Active Directory is that not only does it provide user management, it's also a technology component inside of a very big strategy for technology in any environment or company. It's native. Users can have their own mailbox for Exchange or Office 365. Active Directory is integrated as a way of authentication for any other database or web service. The main advantage is that it's integrated into a whole global authentication strategy.

      What other advice do I have?

      I am a Microsoft-certified systems engineer. I've been doing this for the last 22 years.

      I'm a partner and reseller. We work with several specialists for deploying, project management, and development of solutions around Microsoft technologies.

      For any customer or any client that is interested in deploying Azure Active Directory to have a full strategy for hybrid environments. They need to take into account users on-premise and users and resources in the cloud in order to have an integrated architecture and solution to best utilize the Azure Active Directory capabilities.

      I'd rate the solution at a nine out of ten.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company has a business relationship with this vendor other than being a customer:
      Flag as inappropriate
      Chandra Guddati
      IT specialist at BMO Financial Group
      Real User
      Top 20
      Supports multifactor authentication, scales well, good technical support
      Pros and Cons
      • "It offers features that improve our security posture such as multifactor authentication, which is the second layer of protection that is used when we log into the cloud."
      • "The documentation, and the way that people are notified of updates, are things that can be improved. I'm a big fan of Microsoft products but the way they document is not that great."

      What is our primary use case?

      Azure Active Directory is similar to an on-premises access control system, but the service and data are hosted in the Azure cloud. Previously, everyone used to have Windows servers built as domain controllers for Active Directory to store their employee data. This assumed the role of a database for their employees.

      With Azure Active Directory, which is in the cloud, you have the same functionality and there isn't much of a difference. The defining point is that you have access to online, cloud-based resources, such as Office 365.

      In my company, as well as others, we had already implemented the on-premises Active Directory for our infrastructure. We leverage Azure Active Directory to synchronize the existing on-premises details to the cloud so that it creates an identity in Azure, which allows it to be used for other SaaS-based solutions.

      How has it helped my organization?

      This is the kind of solution that I feel you cannot run an organization without using.

      Going forward, I expect that this solution will help to eliminate our on-premises infrastructure. Perhaps in the next few years, many companies will question their need for on-premises infrastructure and implement a purely cloud-based position. It will be a pay-as-you-go service.

      Using this solution has affected our end-user experience because it enables and supports the Office 365 products that Azure provides. It is indirectly linked to all of the Office 365 solutions.

      What is most valuable?

      This is a feature-rich solution.

      It offers features that improve our security posture such as multifactor authentication, which is the second layer of protection that is used when we log into the cloud.

      What needs improvement?

      The documentation, and the way that people are notified of updates, are things that can be improved. I'm a big fan of Microsoft products but the way they document is not that great.

      For how long have I used the solution?

      I have been using Azure Active Directory for the past four years.

      This solution was implemented approximately five years ago, before I joined the company.

      What do I think about the stability of the solution?

      We use this product on a daily basis. In fact, it is constantly being used and we don't have any problems with stability.

      What do I think about the scalability of the solution?

      The scalability is good, and it is one of the reasons that we opted for a cloud solution.

      We have more than 60,000 employees in the company and it scales very nicely. If more employees join the company then our usage will increase.

      There are a variety of roles including administrators and different users. We have between 200 and 300 administrators.

      How are customer service and technical support?

      Technical support from Microsoft is excellent.

      We have had multiple issues where technical support has been needed. For example, the other day, we had a problem with synchronization. One of the user licenses was not synchronized properly and when we identified the root cause, it showed that the profile was not linked to the Active Directory Account. That was the main problem.

      For us, it's constant improvement. Once a problem has been resolved, we document it accordingly so that it doesn't reoccur. Essentially, we don't want to have the same story again.

      Which solution did I use previously and why did I switch?

      We also have Active Directory implemented on-premises, and it synchronizes with our cloud solution. The traditional Active Directory is what we used before this.

      How was the initial setup?

      I was not responsible for the initial setup but my feeling is that it is not very straightforward. From a technical perspective, I expect that it is somewhat complex.

      The deployment took approximately six weeks. We are a large company with more than 60,000 employees and I expect that for a smaller company, with perhaps 100 or 200 employees, it might take a day or two to complete.

      What about the implementation team?

      One of the senior engineers in my organization was responsible for deployment. We also had assistance from Microsoft consultants. Between five and ten people were required for the deployment because it's a larger company.

      There is no maintenance that needs to be done on our part. However, we have between 10 and 15 people who closely work on Azure Active Directory. 

      What was our ROI?

      Everyone uses a cloud solution to reduce the on-premises infrastructure cost and maintenance. In the coming years, there will be a lot of returns or a lot of cost-cutting that will happen.

      What's my experience with pricing, setup cost, and licensing?

      The licensing is good and it is really easy to manage. We make sure that we only enable the licenses that are needed for the users, rather than enabling licenses in a blanket fashion. Basically, we only enable the features that are required for each of the users.

      There are no costs in addition to the standard licensing fees.

      What other advice do I have?

      Microsoft is a vendor that is always one step ahead.

      The biggest lesson that I have learned is to read the documentation properly and thoroughly. Microsoft is great, but the documentation is sometimes updated and we aren't notified. This means that anytime you apply any solution, just make sure that you follow the proper guidance and always test before deployment.

      I would rate this solution a nine out of ten.

      Which deployment model are you using for this solution?

      Public Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Microsoft Azure
      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      Flag as inappropriate
      DanielNdiba
      Technology Security Specialist at a financial services firm with 5,001-10,000 employees
      Real User
      Top 5
      Offers good security features for controlling access to your resources, and easily integrates with Microsoft solutions and on-premise resources
      Pros and Cons
      • "It can be used to grant access at a granular level. It provides secure access and many ways to offer security to your user resources. It provides a good level of security for any access on Azure. It gives you options like multi-factor authentication where apart from your password, you can use other factors for authentication, such as a code is sent to your phone or the authenticator app that you can use login."
      • "Its integration with open-source applications can be improved. I know that they are working on open-source authentication methods for integration with open-source applications, but they can make it more open."

      What is our primary use case?

      There are a number of use cases. You can use it as a central point of authentication for giving access to most of your cloud and on-prem resources. For example, you can use Azure AD to give access to a Microsoft 365 application, such as Outlook or Microsoft Teams.

      What is most valuable?

      It is quite stable. Being a Microsoft product, it easily integrates with most of the Microsoft solutions. It is very easy to integrate with most of the Microsoft solutions, such as Windows, Microsoft Office, etc. If you have your own internal web applications or you want to integrate with other solutions from other providers, such as AWS or Google, you can link those to Azure AD. If you want to integrate with on-prem resources, you can use your Azure AD on the cloud as the authentication point to give people access to the resources and so on.

      It can be used to grant access at a granular level. It provides secure access and many ways to offer security to your user resources. It provides a good level of security for any access on Azure. It gives you options like multi-factor authentication where apart from your password, you can use other factors for authentication, such as a code is sent to your phone or the authenticator app that you can use login. 

      It even offers the next level of access management, which gives a password for authentication, and you just use the authenticator app to log in. It enables you to configure things like identity risk awareness to detect if someone logs in from a suspicious location from where they don't normally log in. So, it provides a good level of security features for controlling access to your resources.

      What needs improvement?

      Its integration with open-source applications can be improved. I know that they are working on open-source authentication methods for integration with open-source applications, but they can make it more open.

      It can be a bit expensive for an organization. There should be a better pricing plan for the license.

      For how long have I used the solution?

      I have been using this solution for about four years.

      What do I think about the stability of the solution?

      It is quite stable.

      What do I think about the scalability of the solution?

      It is scalable. In my current organization, we have about 6,000 users on Azure Active Directory.

      How are customer service and support?

      We are satisfied with their support. They provide different levels of support. They have Level 1, Level 2, and Level 3 engineers, and the response time depends on the kind of agreement you have. Some agreements will guarantee you a faster response time 24/7, such as within four hours, so it all depends on your license.

      How was the initial setup?

      Considering that it runs on the cloud, the setup is quite easy unless you're doing integration with your on-prem Active Directory. For integration with your on-prem Active Directory, you need someone who is technically competent, and then it would be rather straightforward. They do provide engineers who can assist in that deployment, and they also do knowledge transfer to enable you to proceed with the deployment.

      The initial deployment of the product usually takes about three months because you have to ensure all the prerequisites have been met. So, if it is a project for a big organization, we can do it in probably three months. If it is something simple, then it doesn't take much time because the only thing that you're doing is to plug into it. It is already running because it is a cloud service. So, the deployment comes in only if you're integrating it with your on-prem resources and, of course, with other applications. Otherwise, it is very straightforward. It is a cloud service, so it is just plug-and-play.

      What about the implementation team?

      For deployment, we work with Microsoft. We work with them directly, but for enhancements, we use Microsoft partners.

      For maintenance, we have a team of about five engineers who run it. Internally, we have about two engineers and a manager in charge, and then we have two engineers in our infrastructure team. It is not that intensive in terms of day-to-day management because it is a cloud service, so everything is running from Microsoft Azure servers. Therefore, the day-to-day administration is not that much.  

      What's my experience with pricing, setup cost, and licensing?

      It can be a bit expensive for organizations, but they do have different pricing models. Their free tier can be used on a personal level, but for an organization, the licenses might be a bit expensive. In general, the licenses can become cheaper, which will make it accessible for more people.

      Currently, where I am working, we use an enterprise agreement. The license is renewed after every two or three years. So, we make an agreement with Microsoft to give us a license for a number of products, including Azure Active Directory, for two or three years.

      What other advice do I have?

      I would highly recommend this solution. We plan to keep using it for the long term.

      It is among the best in the industry, but there is room for improvement. I would rate it an eight out of 10. 

      Which deployment model are you using for this solution?

      Public Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Microsoft Azure
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Flag as inappropriate