Microsoft Entra ID Protection Reviews

Just for authentication purposes. To authenticate other services on behalf of Microsoft.

We use Microsoft. Everyone uses Windows, and we collaborate on Teams. So sometimes it's necessary to use Microsoft. The only Microsoft features I use are logging in via Microsoft authentication or Microsoft Active Directory. 

We have a ton of services available, like Jenkins or Outline for documentation. It becomes difficult to manage users across all these services. If new developers are onboarded, someone has to add them to each service individually. So we've aligned with Microsoft Active Directory. We've integrated our other software with Microsoft, and we log into other software using Microsoft. That's very helpful. If someone leaves the company, we just block their Microsoft account. If someone joins, we just create their Microsoft account.

Currently, we have limited use of Microsoft AD. We only use it to see if user blocks are available. If they are, we unblock the account and get access accordingly. 

AD has paid access control features. We can add access control over AD. For example, for documentation, we use an Outline tool. It's open source, and we add our company's knowledge base to it. It's an alternative to Confluence. We don't want everyone to have access to all documentation. If I create documentation for my team, only my team should have access, not support or sales. We can add these scopes or access controls over AD. 

Once integrated, the person will get the appropriate access control features upon logging in. Role-based access control is a great feature of Active Directory.

The pricing could be improved. 

I have been using it for six to eight months now. 

It is a stable product. I haven't faced any issues. We use this product very extensively. If someone has to log in to any of the services, we use this product, and we haven't faced any issues with it.

It is a scalable solution. For Entra ID Protection, we are using it for about 100 to 150 people. But I have seen big organizations using this feature as well. So I'm pretty sure it is very scalable.

I haven't called tech support specifically for this feature or issue. But overall, we had a few very technical issues regarding Microsoft, related to SharePoint or something else. Their support wasn't as helpful as we thought they would be. We had to go through the documentation again and find a possible solution ourselves. But the Microsoft customer service and support were reachable and quick to respond, which was great.

If someone has experience with Azure, it's very straightforward. Otherwise, it might take about six to seven hours, not more than that. You can call it straightforward.

Everything was done over the Microsoft Azure user interface. Again, it was pretty straightforward. There's documentation available, and you can use it to do the integration yourself. It depends on how much experience you have with AD. If you are very familiar, it can take about a day or two.

I don't have to remember ten passwords for every software connected to my organization. My access to other software is just one click away. It has good value. If I forget a password, it takes about ten to fifteen minutes to reset it. But Entra ID saves a bunch of time. I don't have to remember the password for every different software I'm using.

It is an expensive product. It's not cheap, but overall, it's fine. We have to pay, but I'm not sure about the exact amounts.

Overall, I would rate it an eight out of ten. I think having a single-user access management control is very beneficial. If you have a ton of other services, you should use a single-user management service. And if you're already on Microsoft and collaborating via Teams, then this is something you should use.

I have been using Microsoft Entra ID Protection primarily for identity and privileged access management. It provides multifactor authentication and accessor capabilities, managing specific conditional access for applications.

The tool offers multifactor authentication, which provides an additional layer of security for authentication.

The valuable features include multifactor authentication, accessory capabilities, and conditional access for specific applications.

There are new features added, such as passwordless protection and passwordless login, which eliminates the need to enter a password.

I have been working with this solution for three years.

The recent CrowdStrike issue affected most systems. That said, 98% of the time, there are no major outages.

Scaling up or down is not a problem since we can choose the respective region and host it there, even get our own private cloud if required.

Microsoft support depends on the subscription. With a good subscription, they respond within three hours.

Positive

When considering costs, having an enterprise subscription with Microsoft Azure can be more economical than other specific SSO identity providers, as it comes with additional MFA and SSO features.

I evaluated other solutions like Okta and CyberArk before choosing Microsoft Entra ID Protection. CyberArk stands out with different features yet at a higher cost.

I'd rate the solution nine out of ten.

We have a lot of applications or workloads leveraging many services. For authentication and authorization, we use Entra Protection.

Multifactor authentication provides an additional layer of security. We also leverage federated identity capability, allowing us to authenticate through external ID providers.

The multifactor authentication feature is effective, providing an additional layer of security. The solution supports federated identity capability and managed identity, which helps prevent passwords from being kept in different applications.

There is a lot of confusion around the user interface. For new users, it can be difficult or confusing to understand the concepts of managed identity and role protection.

I have been working with Azure AD for three to four years.

The stability is usually high. However, there have been occasions where issues arise if Azure goes down.

The solution is highly scalable; I would rate it nine out of ten.

If you opt for paid technical support, it is satisfactory. However, without paid support, service on public forums can be improved.

Neutral

Setting up is straightforward, yet using it fully for business purposes can become complex.

With the high prices compared to other vendors, customers have shown interest in moving to other solutions.

Pricing for Microsoft products is slightly high, and it influences some customers to consider switching to other service providers.

I would recommend this solution to other people.

I'd rate the solution eight out of ten.

We use the product for various purposes, such as implementing conditional access policies and access reviews. These features are available with specific licenses, such as the E3 and E5 licenses, including privileged identity management features.

The platform's pricing and scalability need improvement. 

I have worked with Microsoft Entra ID for about two to three years.

The product is stable and does not exhibit significant glitches or performance issues.

The scalability features are good overall. Depending on the cloud environment and device synchronization, there might be occasional delays, such as updates taking from ten minutes to 45 minutes.

Although support services are generally good, there have been delays in some cases, such as issues with license management.

Positive

The deployment process is straightforward. It takes a few hours to complete. 

The product cost is on the expensive side. For example, a subscription for one user can cost around 4,000 to 5,000 INR per month, plus GST. There is potential for improvement in this area.

I rate the pricing a nine out of ten. 

The platform's conditional access features are satisfactory. For instance, I configured policies to require users to reauthenticate every eight hours and to restrict access through specific browsers.

Based on my limited use cases, the performance seems adequate. However, further testing would be necessary for a more extensive evaluation.

I rate it a nine out of ten. 

I enforce policies to manage the access of users, focusing on their activity, login positions, and security audit logs. It is always based on security and the enforcement of security policies.

The most valuable features are the API apps, which I use to connect to my cloud Protection. The management of the users and the security policies are also crucial. 

The ability to deploy software with Intune, which is integrated, is essential. These features ease the job of security analysts, providing a better vision of user activities and potential risks.

I have set up my Active Directory locally for the same domain. However, Entra ID lacks a function to synchronize from the cloud to the local directory. This is a significant issue since there is no write-back feature from the cloud to local, which would allow me to use my own credentials from the cloud tenant securely.

I have been using it since January 2024.

I rate this product a solid eight out of ten. The function for cloud-to-local synchronization should be implemented as it is crucial for better access management.

We mostly deal with identity management by different vendors. We are a partner of Microsoft, Oracle, and Symantec, among others, and we also deal with open-source solutions like Evolvium ID. We are dealing with Microsoft Identity Manager. They call it Microsoft Entra IntraID.

Microsoft Entra ID Protection has allowed us to manage partners and external users effectively, providing us with trust from these organizations. Access reviews are conducted to ensure that when partners leave their respective organizations, they are also cleaned up on our side.

The features we find most effective for identity security include access reviews, two-factor authentication, and modification.

Microsoft has room for improvement in simplifying their integration with third-party solutions and making the licensing model more understandable.

I have been working with Microsoft ID Protection for five to seven years.

Microsoft Entra ID Protection is stable, and we do not need any technical assistance.

The product is very scalable and works well.

I am very satisfied with the technical support. Microsoft has consolidated their support into one, which has been very effective. However, I have not needed to request any technical support from them.

Positive

We find mostly SailPoint used by big companies, however, we don't use SailPoint at the moment.

The interface is very good, and setting up is easy because it involves SaaS solutions where you click a button and it does everything. It's easy to configure, sign up, and integrate.

Microsoft has various pricing models. Some of them are bundled with the current price, such as E3 and E5. Understanding the pricing model requires familiarity with their fragmented model.

For identity management instead of Symantec, the recommended solutions depend on the environment, features, complexity, user types, and budget.

I'd rate the solution nine out of ten.

We use the solution for single sign-on.

As an end-user, I find the experience to be quite seamless. My main advantage is that I only need to manage one login and one two-factor authentication method to access all the necessary tools. I don't have to set up separate logins and authentication for each application.

As a user, the tool has improved my operational efficiency. Using it is a big advantage because the login is very stable, and I only need one login method. Normally, when I need to log in to multiple applications, I would have to manage separate passwords for each one, potentially changing them all every 30 days.

I only have to manage a single password and login method, which is much easier and faster for me. I don't have to set and update passwords across all my different applications repeatedly. For the company, it's also a big advantage that they only have to manage the login rather than across multiple applications.

I have been using the product for six to eight years. 

In terms of performance and stability, I haven't encountered any issues.The login process is quick, and I haven't experienced any failures or problems logging in. From my perspective as a user, the solution seems to work well, even for large organizations with thousands of users.

I rate the overall product a nine out of ten. I know a customer with 160,000 users who have no problem scaling it. We use it daily. 

I can't rate the technical support as I don't have direct contact with Microsoft support.

I've used PingID before, but the other customers I work with all use Microsoft Entra ID Protection, so that's what I use now.

I rate the solution a nine out of ten. 

Azure Active Directory Identity Protection enables synchronization between my on-premises user accounts and the cloud. By using Azure Active Directory, I can enforce restrictions and create policy rules. I can also identify the devices connected to Azure Directory and apply policies accordingly. The usage of this feature is extensive, with a large number of users utilizing its capabilities. I feel that it forms the core of Microsoft's security infrastructure, acting as a central portal for managing the security of Microsoft solutions.

Most things can be managed through Azure Active Directory, which functions as a security and reporting hub for all Microsoft solutions. This is especially helpful when checking logs or accessing various features within Microsoft. By going directly to Azure Active Directory, I can easily search and utilize any Microsoft feature. It serves as the main entry point for accessing Microsoft solutions.

The single pane of glass, when it comes to administration, is really good and helpful. For example, if there are any cases where I need to check something about user devices, logs, or access management—such as revoking access, giving access, or creating groups—all of these tasks are easily accessible. As an IT infrastructure manager, I mainly work in the cloud, so the Azure Active Directory is my go-to resource. Having the Azure portal open most of the time makes it convenient for me to access the Azure Active Directory directly. Instead of navigating through Office.com and its admin panel, I can have a comprehensive view from Azure Active Directory, which serves as the main pilot for my tasks. This seamless integration is essential because it eliminates the need to switch between different portals. Whether I'm dealing with infrastructure-related matters or user management, I have one centralized portal where I can efficiently switch between tasks. It simplifies my work and enhances my productivity. Regarding security and access control, I also find Azure Active Directory very valuable since I handle security matters. If there are any security logs or incidents, I can easily manage and address them using Azure Active Directory. This capability further streamlines my responsibilities and ensures a smooth workflow.

Initially, there was limited control. However, when we examine the recent features available in Active Directory, for instance, controlling access to company resources from personal devices due to COVID, we find an increased need for such control. Active Directory offers a way to manage this type of access effectively. One of the features that I particularly appreciate is controlled access, which allows us to apply security controls based on whether the device is part of the company directory or not. By combining this feature with cloud app security, we gain even more control over user access at the device level. Using these features, we can decide whether users are allowed to download content on their laptops or restrict access to specific mobile devices. If it's a company device, full access is granted; otherwise, access is limited. This kind of bundled approach is very convenient for security personnel responsible for the company's security, providing a one-stop shop for managing access controls. Moreover, this system allows granular control over individual users as well. For example, higher-level executives like the CEO may require different policies compared to regular users. We can easily create open policies for certain users, granting them unrestricted access to personal devices. Overall, the conditional access module of Active Directory offers a comprehensive and effective solution for managing access controls and security measures within the company.

Traditionally, we used to make a good device compliant by simply adding it to the domain and then applying GPOs from it. However, after Azure Active Directory, there is an additional level of authentication, which occurs with Azure AD joined devices. When a device is Azure AD joined, we can blindly trust it because only company devices can join Azure AD. Nevertheless, there are still potential issues and loopholes that may arise. For example, even if it is a company-managed device, there is a chance that it was mistakenly added by an administrator and later given to an unauthorized person, granting them access to company resources. To address these concerns, we use conditional access policies. With these policies, we can verify multiple steps: Is it an Azure AD joined device? Is it a hybrid joined device? Is it located in the correct area? Is the user associated with the device authorized to access company resources? Based on these checks, we determine which applications the user should have access to. This multi-layered security approach is crucial and is known as zero trust security. We need to authorize users at each level, and this is made possible through the implementation of conditional access policies. This module showcases the beauty and effectiveness of this approach.

Azure Active Directory has helped save time for our IT administrators. It significantly reduces the time required for management tasks. I no longer need to log in to the ADA server or manually disable accounts. Checking the logs is now a simple process. Accessing the Active Directory is easy from anywhere, whether it's through email or from home—it doesn't matter.

Azure Active Directory has had a significant impact on the employee user experience within our organization. One feature that stands out is the password reset process. Previously, whenever I needed to reset an employee's password, I had to go to the ADA server and reset it from there. This process used to take around 15 to 20 minutes, especially if the password had expired or any other issues arose. Additionally, if I wasn't at my computer, I would have to spend at least an hour sitting in front of it to provide access or reset the password and then share the new credentials with the employee. Moreover, the passwords I generated were temporary, which meant employees had to reset them again. However, with the introduction of the password reset portal in Azure Active Directory, our workload has been significantly reduced. This portal allows us to provide users with an option to reset their passwords securely without compromising account security. It has proven to be one of the best features I've experienced in Azure Active Directory.

I use conditional access most of the time. From there, I can access other features, such as Endpoint Device Management. It has been moved to a different module, initially a part of the Active Directory. This conditional access is one of my favorites as it allows us to have more control over application levels and device restrictions if needed. We can set security policies there as well. Previously, I used to handle it from Azure Active Directory. Another useful feature is Access Management, which provides an easy portal to manage user access, privileges, and other related settings.

When it comes to logs, we don't have access to all of them because there's a limitation of 90 days for log retention. It would be a great option to have the ability to increase this duration in the portal itself, either as a paid feature or something similar, as three months of log retention is insufficient. If we want to check someone's log, the challenge is sometimes finding different access points to various portals. However, they have started adding these access points, which is a positive improvement. For example, previously, there was no cloud app security access from Active Directory, but now they have already added the link.

Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar. It doesn't have to be a complete module, but having some logs or notifications for administrators would be very helpful. If they could provide us with the option to receive notifications or something similar, it would significantly enhance the platform.

One more thing to consider is the log retention period in the Active Directory. It would be useful if we could export logs or have access to information about how long the logs can be retained in the Active Directory.

I have been using Azure Active Directory Identity Protection for over eight years.

I have never encountered any stability issues. Active Directory has worked flawlessly since day one.

The scalability is controlled by Microsoft and is adjusted based on our demands. The only thing we may need to do is add more licenses if we exceed what we already possess.

The technical support is always helpful and they try to come up with a quick resolution each time.

Positive

The initial setup is straightforward and not complex at all. All the information is available online including tutorial videos. I completed the deployment myself.

Azure Active Directory Identity Protection is not very expensive. Security is not free, and it comes with a cost but the charge is reasonable.

I give Azure Active Directory Identity Protection an eight out of ten.

We are not heavily using DLP at the moment, but we have started implementing it in our company. Along with Endpoint Manager, we also use Cloud App Security, which functions somewhat like an endpoint manager but is not a complete DLP solution. We have begun testing this feature recently, but we are not currently using it as a protection measure. Only a few people in my company, who are part of the testing team, have access to it. Once the testing is complete, we plan to implement it for broader use.

Our organization utilizes Microsoft solutions because they are convenient and create a complete ecosystem. Active Directory has been our go-to choice because it integrates so well with our other Microsoft solutions.

From day one, if we use any Microsoft solution, it will be available in our tenant. However, if we need to enhance or access other features, we will have to purchase a specific license to unlock the complete set of features beyond the basic ones in Active Directory. When we activate the office suite, the Active Directory will also be available. If we wish to add additional features, such as conditional access, I generally advise users to purchase an Azure Active Directory tier-one license based on their requirements. After obtaining the license, they can activate the desired security features or any other features they need.