We changed our name from IT Central Station: Here's why
Principal Security Architect at a computer software company with 51-200 employees
Real User
Centralizes usernames and credentials, perfectly stable, and good support
Pros and Cons
  • "It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there."
  • "Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot."

What is our primary use case?

Usually, it is replicating an on-prem Active Directory environment into Azure. It is usually tied with generic email access and SharePoint Online access and building out provisioning for that. There typically is some sort of synchronization tool that is sometimes used in addition to or as a substitute for the typical Microsoft suite. So, it just depends upon the customers and how they're getting that information up there.

In terms of version, it tends to be a mixed bag. It just depends on the client environment and factors such as the maturity and the rigors of change management. Sometimes, it just lags, and we've dealt with those types of situations, but more often than not, it is more of a greener field Azure environment and tends to be the latest and greatest.

What is most valuable?

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

What needs improvement?

Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot. 

For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.

For how long have I used the solution?

I have been using this solution for probably two and a half years.

What do I think about the stability of the solution?

It is perfectly stable. I haven't had any concerns or any problems with that.

How are customer service and technical support?

I have dealt with them. Overall, tech support is great if you have something that was working but it's broken and needs to get fixed. It is a different bucket if you have more of an implementation question like, "Hey, can we do this?", or "How to approach that?" Sometimes, it can be challenging to get the right people on that call to support those conversations.

How was the initial setup?

Its initial setup really depends on the customer. I have one customer right now with a super simple environment. They're just replicating it up. It's all Microsoft stack top to bottom with no real surprises or anything else. They're happy as pie with that. 

I have larger customers who tend to want some sort of management layer on top of it for Active Directory management purposes. This tends to go into the cloud, which introduces its own little challenges. In a more sophisticated enterprise, I start running into custom schema or workflow dependencies that just don't translate well from on-prem to cloud, but it is rare. It usually ends up being a third-party solution that we route them to with that. So, it's not huge. The challenge is more in identifying that. Typically, as much as we try, we rarely get it identified early enough to change our statement of work or our implementation, so it becomes a bad surprise.

What's my experience with pricing, setup cost, and licensing?

Its price is per user. It is also based on the type of user that you're synchronizing up there.

What other advice do I have?

I would advise spending more time on planning and aligning your business processes with Active Directory and Azure in terms of custom schema and separating third-party accounts, external accounts, or customer's accounts from employee accounts. I've run into issues when people take an existing on-prem solution that has third-party entities or maybe external customers and start synchronizing it up. It is not a slam against the service, but that's where I start recommending people to do different instances of Azure Tenants to break that up a little bit and provide that separation. All of these are planning functions. Using this service can be deceptively easy, but you should spend more time on planning. Around 80% of it is planning, and the rest of it is the implementation.

I would rate Azure Active Directory an eight out of 10. It is super solid. I wouldn't say it's the best. I would love to have everything that you could do on-prem. I understand why it can't do that, but I would love that flexibility.

Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Flag as inappropriate
Joseph Chandrasekaram
Identity Engineer at a pharma/biotech company with 10,001+ employees
Real User
Top 5Leaderboard
Robust identity platform, reasonably priced, and has responsive support
Pros and Cons
  • "The most valuable features of this solution are security, the conditional access feature, and multifactor authentication."
  • "The management interface has some areas that need improvement."

What is our primary use case?

I use this solution as an identity platform for Microsoft Applications including Office 365. We have found that users have third-party applications for authentication using an integrated identity infrastructure.

What is most valuable?

The most valuable features of this solution are security, the conditional access feature, and multifactor authentication.

The conditional access policies allow us to restrict logins based on security parameters. It helps us to reduce attacks for a more secure environment.

Multifactor authentication is for a more secure way of authenticating our use.

All our on-premises identities are synchronized to Azure Active Directory. We have an advanced license that enables conditional access based on logins, and suspicious behaviors. 

Active Directory is able to determine if a particular user signing in from a trusted IP or if there are two different sign-ins from two different locations. It will flag this latter incident as a potential compromise of a user's account. 

In terms of security, it provides us with the features to alert us if there are any fraudulent attempts from a user identity perspective.

It provides access to our Azure infrastructure and allows us to assign roles and specific aspects to different subscriptions. It has several built-in roles that you can assign to individual users based on their job scope. It allows for granular provisioning.

With onboarding applications, you are able to register applications in Azure Active Directory, which allows you to use it as a portal for access as well.

Azure Active Directory enhances the user experience because they do not have various IDs for different applications. They are using one single on-premises ID to synchronize and they are able to access various different applications that are presented to them.

If you have a new application, you will export the application within Azure AD and we add access to those who need that application and you are able to use the corporate ID and password to access it.

Azure Active Directory is a good platform for us. We rely heavily on providing our users a good system and interface that we seldom have issues with.

What needs improvement?

The management interface has some areas that need improvement. It doesn't give you an overview similar to a dashboard view for Azure Active Directory. The view can be complicated. There are many different tabs and you have to drill down into each individual area to find additional information.

There are too many features available, more than we can use.

For how long have I used the solution?

I have been using Azure Active Directory for three years.

What do I think about the stability of the solution?

It's quite stable. There are no issues with the stability.

The identity platform is quite robust.

What do I think about the scalability of the solution?

It is very scalable. We have deployed it globally for approximately 10,000 users and experienced not many issues. In fact, we have not encountered any issues so far.

How are customer service and technical support?

Generally, we don't have issues that require technical support. We have multiple domains within the Azure AD and we had an issue where SharePoint users were not able to access the domain.

We had a prompt response and were able to identify what the issue was. We were given specific tasks which led to resolving the issue.

I would rate the technical support a nine out of ten.

Which solution did I use previously and why did I switch?

Previously, we did not use another solution. Primarily it was an on-premises Active Directory that we synchronized to the cloud.

How was the initial setup?

The initial setup was completed by a separate team.

We have five global administrators who are primarily responsible for providing access and assigning roles for all the various different groups and teams that have different subscriptions, and they will manage their subscriptions based on the roles that they are assigned.

In terms of deployment, Active Directory ensures that there is express route connectivity from an on-premises data center to Azure and ensures that there are sufficient redundancies in Azure Active Directory Connect Servers and Domain Controllers. 

What was our ROI?

We have seen a return on our investment. I would say that it is one of the key components of our identity solution

What's my experience with pricing, setup cost, and licensing?

The pricing is very flexible. There are a few tiers of licensing, and it is a part of an enterprise contract.

It is bundled with other services and the pricing is quite reasonable.

Which other solutions did I evaluate?

We did not evaluate other solutions.

What other advice do I have?

I would strongly recommend implementing Azure Active Directory.

For new organizations, it would be best to start implementing directly on the cloud, and for our existing organizations who have on-premises solutions, it would be seamless to synchronize the on-premises user with the cloud and use that. 

I would rate Azure Active Directory a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
IAM manager at a retailer with 10,001+ employees
Real User
Top 20
Scales well, improves usability, and reduces friction
Pros and Cons
  • "It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful."
  • "The solution has certain limitations. For example, it has very little governance functionality."

What is our primary use case?

The solution is our main identity provider and federation platform. We use it for authentication and for federations, for some provisioning, and a little bit of governance.

What is most valuable?

It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.

The product has helped to improve our security posture. The Azure stack has built out a lot of analytics features. Now, we can more effectively investigate issues. 

The solution has positively affected our end-user experience by improving our usability and reducing friction.

What needs improvement?

The solution has certain limitations. For example, it has very little governance functionality. This is, of course, a choice made by Microsoft to see which areas they want to have deep functionality, and which areas they believe are more profitable for them. 

For how long have I used the solution?

We've been using the solution probably since the mid-'90s when it was invented.

What do I think about the stability of the solution?

The solution has generally been quite stable. They've had some problems with the MFA and other things, however, they are a lot better at keeping the system stable than we are.

What do I think about the scalability of the solution?

What we have seen is that we are running into some of the limitations of scalability. That said, we are more than half a million or 700,000 internal users at the moment. There are relatively few organizations globally that are as big as we are.

We're seeing, for example, that the parcel reset, to sync parcel reset from on-premise into the system is challenging. It's more than the 30 seconds that you typically want. It's even sometimes more than the two minutes that Microsoft promises in their SLAs.

We see that our syncing is slow. We have to run it every three hours, which causes problems with being able to service our business efficiently.

Those are the main problems I've seen. On top of that, there are certain features that have run into challenges, for example, the AEDS is not fast enough.

How are customer service and support?

Technical support is actually quite good. It's rather rare that we have problems with support.

They have been very good at informing us about when they have outages. That's something we really appreciate as it saves us a lot of time. If something on their side is broken, they tell us so that we don't have to look to find any problems in our systems. That's one reason I really like the way they've been handling things.

Which solution did I use previously and why did I switch?

The system we used before was IBM ISAM.

The ISAM setup was on-premise and it's very expensive to run and maintain. The support for Microsoft is much better, which is an additional advantage for us.

How was the initial setup?

The initial setup was complex.

We have half a million users from 20 different offices. They've all got different ways of wanting to do things, including the way we have to build the federation infrastructure, for example.

This has been a four-year project, and we're probably going to continue with it for the next year or as long as we'll be using the product.

The initial build we did was a six-month build.

Our implementation strategy was to delegate sections, including delegating identity and federation setup.

We have five full-time personnel that handle the maintenance aspect of the solution. We have outsourced the actual hands-on maintenance. This firm has a couple of engineers, an architect, and an engagement lead. We have three solution delivery managers on hand, however, they do other tasks as well and are not necessarily dedicated to AD.

What about the implementation team?

We used a systems integrator to assist with the initial setup. 

What's my experience with pricing, setup cost, and licensing?

The product is priced quite well. The way that Microsoft prices per user and month is quite attractive to us. The level of the license cost is quite good as well.

Which other solutions did I evaluate?

We did not evaluate other options. Choosing Active Directory was a management choice. 

What other advice do I have?

We are just a customer and an end-user.

I'd advise those considering the solution to find a good partner to work with. You do need to have an experienced system integrator with you when you do the implementation. The integrator we brought on did a good job on our side.

I'd rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Lead Global Cloud Architect at a transportation company with 10,001+ employees
Real User
Good support for SAML 2.0 and OIDC-based setups for our remote identity providers
Pros and Cons
  • "The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access."
  • "If somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops... I don't think the solution is quite as third-party-centric as Okta or Auth0."

What is our primary use case?

We use Azure Active Directory for quite a few things. We use it for security group management of authorized principals who need access to get SSH-signed certificates for user logins. We use it for automated jot-based (JSON Web Token) self sign-on for our lowest, least privileged credentials on certain products. We also use AAD for B2B coordination of SSO when we're bringing users onto our platform, where they have Active Directory on their side. We use the OIDC-based SSO flows through AAD to merge project-level AADs back to our corporate AAD for internal single sign-on flows.

What is most valuable?

  • There is tech support to help with any OIDC-based setups between organizations.
  • It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.

The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access. 

What needs improvement?

I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up.

Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to.

Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.

For how long have I used the solution?

I have been using Azure Active Directory for a couple of years now.

What do I think about the stability of the solution?

The stability is great.

What do I think about the scalability of the solution?

The scalability is also great.

How are customer service and support?

We have an enterprise agreement with Microsoft, so we aren't typical folks. Through that agreement, we get a dedicated technical account manager and that person is able to escalate tickets when necessary. I have found Microsoft to be very responsive when needed, although we haven't really needed them that often.

Which solution did I use previously and why did I switch?

We use Azure a lot, and therefore, AAD was an obvious choice and we thought, "Why not use it?"

How was the initial setup?

They've done a good job on OIDC. That was a pretty simple, seamless setup. We've done that with multiple remote IdPs now, and I don't recall too many issues there.

What was our ROI?

There is much less cost investment going into it now. We didn't have to do a volume buy to get onto the platform. When it comes to ROI, there is low friction and a high, immediate return on investment.

What's my experience with pricing, setup cost, and licensing?

It's relatively inexpensive in comparison with third-party solutions. It's highly available and supported by Microsoft Azure in our enterprise agreements. With the addition of their B2C tenants, it's hard to beat from a cost perspective now.

They changed their pricing for B2B access. You used to need shared licenses so that, if you were paying for a Premium AAD on your side, that would allow you to have five shared external mapped users. They've blown that all up and it's now dirt cheap. It works out to pennies per user per month, instead of dollars. A P1 user license in their system was $6 per user per month, which is cost-prohibitive for a lot of B2B SSO flows, but now it's down in the pennies range.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Solution architect at a insurance company with 5,001-10,000 employees
Real User
Top 20
User-friendly with good pricing and easily customizable
Pros and Cons
  • "The single sign-on of the solution is the most valuable aspect."
  • "We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for devices and for applications."

What is our primary use case?

We primarily use the solution only for the employees. It offers a single sign-on to business applications. Internal modern applications also go through Azure Active Directory, however, we use Active Directory for the legacy ones. (Kerberos).

How has it helped my organization?

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

What is most valuable?

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

What needs improvement?

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. 

We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.

We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify. 

One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. 

We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

For how long have I used the solution?

I've been using the solution for four years at this point.

What do I think about the stability of the solution?

The solution is relatively stable. The only issue we have is that there's a lot of things on Azure that are synchronous. Sometimes it takes time for changes to apply, and it kind of depends on the time of the day. A lot of the time we're happy with it, however, sometimes it creates a bizarre issue that is difficult to troubleshoot.

What do I think about the scalability of the solution?

The solution is quite stable. If an organization needs to expand it out, they can do so rather easily.

We have about 9,000 people in our organization using the solution.

How are customer service and technical support?

While the technical support is good, you need premium support. The standard support is more for small enterprises. We have the premium support and with the premium support, it's much better. There's a direct line to the correct type of support. It's very good.

Which solution did I use previously and why did I switch?

We previously used SiteMinder from Computer Associates. The main reason we migrated to Azure was for the integration with Office 365. It then became our primary authentication source for the employees.

How was the initial setup?

The initial setup is not too complex. It's pretty straightforward.

What about the implementation team?

We didn't need the assistance of an integrator, reseller or consultant for deployment. We were able to handle everything in-house.

What's my experience with pricing, setup cost, and licensing?

The pricing is really great and Office 365 packages are good. We don't pay for it separately. It's included in our package and the APIs are really great. I'm not sure of the exact cost of Azure. It's a package deal.

Which other solutions did I evaluate?

We've looked into Okta for B2B and B2C clients, not necessarily for our internal employees.

What other advice do I have?

We're just a customer.

We're using the latest version of the solution.

I would recommend the solution for employees. It's a really great tool. However, we tried it also for consumers, for clients for B2B and B2C. For me, it isn't really a great production product. We researched Okta for that.

Overall, I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cloud Admin at a tech services company with 10,001+ employees
Real User
Secure, highly reliable, quick and responsive technical support
Pros and Cons
  • "The security and infrastructure management features are the most valuable ones for us."
  • "Better deployment management and visibility functionality would be helpful."

What is our primary use case?

I am a cloud engineer, and I do a lot of administrative work that involves creating new infrastructure for our applications. Whenever I create infrastructure, I have to install it on our Active Directory and then set it up. This is how it was that I started working with Azure Active Directory.

Once the infrastructure is set up, I usually proceed to create user groups and user IDs inside Active Directory. After they are created, I set up and configure them based on the requirements of the organization, including the access required for different groups and users.

How has it helped my organization?

We deal with a lot of health information that we have to keep confidential, so having the Azure cloud security policies in place, such that nothing is exposed to the outside world, is helpful for us.

What is most valuable?

The security and infrastructure management features are the most valuable ones for us.

It offers multifactor authentication for setting up development pipelines.

What needs improvement?

Better deployment management and visibility functionality would be helpful. There is a lot of room for improvement in our infrastructure, and in particular, when we create something, we have to visit a lot of websites. This makes life more difficult for us.

When we deploy new infrastructure, it begins with a lengthy approval process. For example, as an administrator, I may receive an infrastructure request from one of our developers. The developer might need access to our front-end, where all of the servers are deployed. The problem is that we don't know exactly what has been deployed within our servers, so better visibility would be helpful.

It's a closed infrastructure, and every developer gets an individualized container. We don't know exactly which features have been provided to them and it's a roundabout process to log back into Active Directory and see exactly what permissions have been assigned. It requires returning to a specific feature and looking at the specific user.

For how long have I used the solution?

I have been working with Azure Active Directory for just over three and a half years.

What do I think about the stability of the solution?

This is a highly reliable solution and we plan to continue using it.

What do I think about the scalability of the solution?

Right now, we have 5,000 users that are deployed on Azure Active Directory. Every internal user account that's been created has some sort of multifactor authentication attached to it.

Right now, there isn't a plan to increase our usage. I think we have reached our maximum capacity and if we have to add on something else, then we have to use another tenant or figure out a different way to do it.

We have a team of 15 people who deal with tickets related to this solution.

How are customer service and technical support?

We constantly have the chance to engage with Microsoft regarding Azure Active Directory. They provide full-time support, so for any issues that we face, we just create a ticket. When we have issues, we quickly get someone from the Azure support team to help us out.

Which solution did I use previously and why did I switch?

Prior to using Azure Active Directory, we had our own Active Directory. Once we started migrating our applications to Azure, we began moving away from our traditional implementation.

How was the initial setup?

The initial deployment process takes a couple of days for us, although exactly how long depends upon the type of deployment. If you have new deployments then I suggest creating an automated script that will kick it off because this will save time. If on the other hand, there is something that is already deployed and it needs to be redeployed, it doesn't take longer than a couple of hours.

It only takes one person to deploy. It is done on a ticket basis, as requested by people like our developers.

What was our ROI?

This product provides added value to the company.

What other advice do I have?

In summary, this is a good product and it has been helpful for us, but without doing the proper research, I wouldn't recommend starting with Azure Active Directory. Migrating all of your user accounts and then your resources from different domains to an Azure Active Directory is a huge task. It means that you have set up to create everything from scratch, so without doing proper research, you may run into problems.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Nazim Kabiri
IT Manager at EPC Power Corp.
Real User
Top 20
Scalable and accessible cloud-based solution.
Pros and Cons
  • "It is cloud based so it is always updated,"
  • "Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be. The integration was not very seamless."

What is our primary use case?

We are using it for central management, MDM, SSO, MFA, applying policies.

What is most valuable?

In terms of the features that I have found most valuable, it is cloud based so it is always updated, that part you don't have to take care of. It is public cloud. It is actually AD as a service, so it's a kind of an infrastructure. It is more infrastructure as a service.

What needs improvement?

We had some issues with the migration of users from the local user accounts to Azure AD. It was more like a local issue and had nothing to do with the Azure AD itself. It works fine for SSO, the Single Sign On. We were not able to do the integration very easily with ADP, so that was a challenge, but later on it was resolved. We had to do a lot of things to have that on the configuration. Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be, the integration was not very seamless.

Additionally, it would be great if they added support for more applications in terms of integration for SSO. That's the only thing that I find missing for Azure AD.

For how long have I used the solution?

We have been using Azure Active Directory for the last six months. We didn't do any migration from on-premise Active Directory to Azure AD on the cloud. What we did when we were setting up the computers was to join users to Azure AD and apply some conditional policies and everything works fine. We don't have any issues. The only thing we face are some problems with some computers because they were using it locally and we had a lot of data. So when we did the migration to Azure AD, we also had to move all the user settings data, the complete user profile, to the Azure AD account, as well. That was a challenge, but I was able to use ProfWiz to move data between user profile.

What do I think about the stability of the solution?

There are not any bugs or glitches that I can recall. So far everything is working well.

What do I think about the scalability of the solution?

Scalability is one of the reasons we selected Azure Active Directory. It scales very well.

For now there are almost a hundred users using it, but we are adding more.

How are customer service and technical support?

We contacted support only one time and it was not related to SSO. We had some questions about their subscription and it was good.

Which solution did I use previously and why did I switch?

When I was working with another company, we were using on-premise Azure Active Directory. We didn't want to invest in the infrastructure to maintain it, to get the license, so it was not very cost effective for us. We had a meeting with the management and saw that Azure AD would be very cost effective, scalable, and more secure, especially in terms of SSO and MFA, which were some of our requirements. We didn't want Active Directory on premise. It was not easy to do the migration.

How was the initial setup?

The initial setup is not very difficult, especially if you start using it straight away. But if you do the migration, I think that might be a challenge. Fortunately, we started directly from Azure AD, we didn't have to do any migration from Azure AD On-premise to the cloud. It was pretty straightforward and easy. We didn't face any difficulties.

What other advice do I have?

It depends on their requirements and what they are trying to achieve. One shoe does not fit all feet, so that's why it might be different from company to company. For us, it met all our requirements. It was very scalable, which is huge, and just always available. You don't have to be very worried about maintaining your own hardware, your own infrastructure, updating the servers from time to time or caring about securing your on-premise infrastructure. Azure AD is a good solution. I am satisfied with it so far and everything works great.

On a scale of one to ten, I would give Azure Active Directory a nine.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
John Gbigbi-Jackson
Cloud Systems Administrator (Servers and Storage) at University of Bath
Real User
Top 20
Straightforward to set up and use, scales well, and MFA improves our security posture
Pros and Cons
  • "Conditional Access is a helpful feature because it allows us to provide better security for our users."
  • "I would like to see improvements made when it comes to viewing audit logs, sign-in logs, and resource tags."

What is our primary use case?

We use the Azure portal to create users, assign rights, build policies, etc. I'm not an administrator for that part of our system but that is basically what we use Azure AD for.

How has it helped my organization?

Conditional access has helped us to better provide more security for our users and MFA has helped us to provide more security for users who are working from home. They use their own personal devices.

Azure AD has helped us to provide security for applications that I didn't have access to.

This product has improved our overall security posture. Everybody is working from home using a VPN. We recently migrated everybody to MFA, which is required to connect using the VPN. People are now more aware of their passwords and overall, gives them better security.

Using the Self Service Password Reset functionality has helped to improve our end-user experience because they no longer have to deal with the service desk to do so. It also helps the service desk because it relieves them of the need to help users when it comes to password changes, allowing them to focus on other things.

What is most valuable?

We use all of the services that are offered by Azure AD. We use Azure AD Connect, SSPR, app registration, application proxy, and more. We use everything for different services that include conditional access, authentication methods, etc.

Conditional Access is a helpful feature because it allows us to provide better security for our users.

What needs improvement?

I would like to see improvements made when it comes to viewing audit logs, sign-in logs, and resource tags.

For how long have I used the solution?

We have been using Azure Active Directory for approximately six years.

What do I think about the stability of the solution?

In my opinion, the on-premises deployment is still king with respect to stability.

We are able to control what's happening there, unlike the cloud instances when the service is down. If Azure AD is down then it will affect the ability of our users to log in.

What do I think about the scalability of the solution?

Both Azure AD and the on-premises Active Directory solutions are scalable.

We have approximately 30,000 objects hosted in Azure AD. Usage will be increased as need be, as we have more users and we have more objects to add.

How are customer service and support?

I would rate Microsoft support and eight out of ten.

Support provides access to good resources and good backend tools that we can use to resolve issues.

Which solution did I use previously and why did I switch?

We migrated to Azure Active Directory from Windows Active Directory.

How was the initial setup?

In my previous organization, I was involved in the implementation and it was very straightforward. It was straightforward in the sense that we didn't encounter any major issues because we were already using Windows Active Directory. The only issue we had was that we had to move people in batches, and not at the same time.

Our deployment took approximately one month.

As part of the implementation strategy, we first moved our Exchange to Office 365. This was the initial migration of users from on-premises to Azure AD. The primary phase was to start using Office 365 for our email instead of Exchange.

What about the implementation team?

We migrated from our on-premises Exchange solution to Azure AD with our in-house team. There are some of us in the infrastructure team, plus my manager.

What was our ROI?

In terms of our overall Azure experience, I can see that this solution yields a return on our investment. However, it is difficult to quantify.

What's my experience with pricing, setup cost, and licensing?

The cost is billed on a per-user licensing basis.

Which other solutions did I evaluate?

We did not evaluate any other options.

What other advice do I have?

I think that overall, using Azure AD is very straightforward.

My advice for anybody who is considering Azure AD is to look at the products, understand the role of AD, and see how it works in their environment. Then, before they roll out, test it well.

The biggest lesson that I have learned from using this product is that it helps with better organization and allocation of rights and security.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate