Microsoft Entra ID Protection Reviews

We use the solution for single sign-on.

As an end-user, I find the experience to be quite seamless. My main advantage is that I only need to manage one login and one two-factor authentication method to access all the necessary tools. I don't have to set up separate logins and authentication for each application.

As a user, the tool has improved my operational efficiency. Using it is a big advantage because the login is very stable, and I only need one login method. Normally, when I need to log in to multiple applications, I would have to manage separate passwords for each one, potentially changing them all every 30 days.

I only have to manage a single password and login method, which is much easier and faster for me. I don't have to set and update passwords across all my different applications repeatedly. For the company, it's also a big advantage that they only have to manage the login rather than across multiple applications.

I have been using the product for six to eight years. 

In terms of performance and stability, I haven't encountered any issues.The login process is quick, and I haven't experienced any failures or problems logging in. From my perspective as a user, the solution seems to work well, even for large organizations with thousands of users.

I rate the overall product a nine out of ten. I know a customer with 160,000 users who have no problem scaling it. We use it daily. 

I can't rate the technical support as I don't have direct contact with Microsoft support.

I've used PingID before, but the other customers I work with all use Microsoft Entra ID Protection, so that's what I use now.

I rate the solution a nine out of ten. 

Azure Active Directory Identity Protection enables synchronization between my on-premises user accounts and the cloud. By using Azure Active Directory, I can enforce restrictions and create policy rules. I can also identify the devices connected to Azure Directory and apply policies accordingly. The usage of this feature is extensive, with a large number of users utilizing its capabilities. I feel that it forms the core of Microsoft's security infrastructure, acting as a central portal for managing the security of Microsoft solutions.

Most things can be managed through Azure Active Directory, which functions as a security and reporting hub for all Microsoft solutions. This is especially helpful when checking logs or accessing various features within Microsoft. By going directly to Azure Active Directory, I can easily search and utilize any Microsoft feature. It serves as the main entry point for accessing Microsoft solutions.

The single pane of glass, when it comes to administration, is really good and helpful. For example, if there are any cases where I need to check something about user devices, logs, or access management—such as revoking access, giving access, or creating groups—all of these tasks are easily accessible. As an IT infrastructure manager, I mainly work in the cloud, so the Azure Active Directory is my go-to resource. Having the Azure portal open most of the time makes it convenient for me to access the Azure Active Directory directly. Instead of navigating through Office.com and its admin panel, I can have a comprehensive view from Azure Active Directory, which serves as the main pilot for my tasks. This seamless integration is essential because it eliminates the need to switch between different portals. Whether I'm dealing with infrastructure-related matters or user management, I have one centralized portal where I can efficiently switch between tasks. It simplifies my work and enhances my productivity. Regarding security and access control, I also find Azure Active Directory very valuable since I handle security matters. If there are any security logs or incidents, I can easily manage and address them using Azure Active Directory. This capability further streamlines my responsibilities and ensures a smooth workflow.

Initially, there was limited control. However, when we examine the recent features available in Active Directory, for instance, controlling access to company resources from personal devices due to COVID, we find an increased need for such control. Active Directory offers a way to manage this type of access effectively. One of the features that I particularly appreciate is controlled access, which allows us to apply security controls based on whether the device is part of the company directory or not. By combining this feature with cloud app security, we gain even more control over user access at the device level. Using these features, we can decide whether users are allowed to download content on their laptops or restrict access to specific mobile devices. If it's a company device, full access is granted; otherwise, access is limited. This kind of bundled approach is very convenient for security personnel responsible for the company's security, providing a one-stop shop for managing access controls. Moreover, this system allows granular control over individual users as well. For example, higher-level executives like the CEO may require different policies compared to regular users. We can easily create open policies for certain users, granting them unrestricted access to personal devices. Overall, the conditional access module of Active Directory offers a comprehensive and effective solution for managing access controls and security measures within the company.

Traditionally, we used to make a good device compliant by simply adding it to the domain and then applying GPOs from it. However, after Azure Active Directory, there is an additional level of authentication, which occurs with Azure AD joined devices. When a device is Azure AD joined, we can blindly trust it because only company devices can join Azure AD. Nevertheless, there are still potential issues and loopholes that may arise. For example, even if it is a company-managed device, there is a chance that it was mistakenly added by an administrator and later given to an unauthorized person, granting them access to company resources. To address these concerns, we use conditional access policies. With these policies, we can verify multiple steps: Is it an Azure AD joined device? Is it a hybrid joined device? Is it located in the correct area? Is the user associated with the device authorized to access company resources? Based on these checks, we determine which applications the user should have access to. This multi-layered security approach is crucial and is known as zero trust security. We need to authorize users at each level, and this is made possible through the implementation of conditional access policies. This module showcases the beauty and effectiveness of this approach.

Azure Active Directory has helped save time for our IT administrators. It significantly reduces the time required for management tasks. I no longer need to log in to the ADA server or manually disable accounts. Checking the logs is now a simple process. Accessing the Active Directory is easy from anywhere, whether it's through email or from home—it doesn't matter.

Azure Active Directory has had a significant impact on the employee user experience within our organization. One feature that stands out is the password reset process. Previously, whenever I needed to reset an employee's password, I had to go to the ADA server and reset it from there. This process used to take around 15 to 20 minutes, especially if the password had expired or any other issues arose. Additionally, if I wasn't at my computer, I would have to spend at least an hour sitting in front of it to provide access or reset the password and then share the new credentials with the employee. Moreover, the passwords I generated were temporary, which meant employees had to reset them again. However, with the introduction of the password reset portal in Azure Active Directory, our workload has been significantly reduced. This portal allows us to provide users with an option to reset their passwords securely without compromising account security. It has proven to be one of the best features I've experienced in Azure Active Directory.

I use conditional access most of the time. From there, I can access other features, such as Endpoint Device Management. It has been moved to a different module, initially a part of the Active Directory. This conditional access is one of my favorites as it allows us to have more control over application levels and device restrictions if needed. We can set security policies there as well. Previously, I used to handle it from Azure Active Directory. Another useful feature is Access Management, which provides an easy portal to manage user access, privileges, and other related settings.

When it comes to logs, we don't have access to all of them because there's a limitation of 90 days for log retention. It would be a great option to have the ability to increase this duration in the portal itself, either as a paid feature or something similar, as three months of log retention is insufficient. If we want to check someone's log, the challenge is sometimes finding different access points to various portals. However, they have started adding these access points, which is a positive improvement. For example, previously, there was no cloud app security access from Active Directory, but now they have already added the link.

Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar. It doesn't have to be a complete module, but having some logs or notifications for administrators would be very helpful. If they could provide us with the option to receive notifications or something similar, it would significantly enhance the platform.

One more thing to consider is the log retention period in the Active Directory. It would be useful if we could export logs or have access to information about how long the logs can be retained in the Active Directory.

I have been using Azure Active Directory Identity Protection for over eight years.

I have never encountered any stability issues. Active Directory has worked flawlessly since day one.

The scalability is controlled by Microsoft and is adjusted based on our demands. The only thing we may need to do is add more licenses if we exceed what we already possess.

The technical support is always helpful and they try to come up with a quick resolution each time.

Positive

The initial setup is straightforward and not complex at all. All the information is available online including tutorial videos. I completed the deployment myself.

Azure Active Directory Identity Protection is not very expensive. Security is not free, and it comes with a cost but the charge is reasonable.

I give Azure Active Directory Identity Protection an eight out of ten.

We are not heavily using DLP at the moment, but we have started implementing it in our company. Along with Endpoint Manager, we also use Cloud App Security, which functions somewhat like an endpoint manager but is not a complete DLP solution. We have begun testing this feature recently, but we are not currently using it as a protection measure. Only a few people in my company, who are part of the testing team, have access to it. Once the testing is complete, we plan to implement it for broader use.

Our organization utilizes Microsoft solutions because they are convenient and create a complete ecosystem. Active Directory has been our go-to choice because it integrates so well with our other Microsoft solutions.

From day one, if we use any Microsoft solution, it will be available in our tenant. However, if we need to enhance or access other features, we will have to purchase a specific license to unlock the complete set of features beyond the basic ones in Active Directory. When we activate the office suite, the Active Directory will also be available. If we wish to add additional features, such as conditional access, I generally advise users to purchase an Azure Active Directory tier-one license based on their requirements. After obtaining the license, they can activate the desired security features or any other features they need.

We are using Azure AD for many purposes, such as DLP, multifactor authentication security, and linking it with Microsoft Office 365 into software distribution, configurations, and budgets.

A significant portion of my solutions still requires transitioning to the cloud. This is particularly common when attempting to migrate certain infrastructures and taking the initial steps toward adopting cloud technologies. Many companies, particularly those in the healthcare and energy sectors, require a hybrid approach that combines on-premise and cloud services to ensure data residency and meet their specific needs.

The vendor used for the cloud depends on the developer's requirements.

Azure AD offers a unified interface for efficiently managing user access. However, it is important to supplement it with other solutions for areas such as wireless and media communication, physical security, and similar aspects. Relying solely on the default configuration or base solution may not suffice for various requirements, necessitating the inclusion of additional components.

The unified interface provided by Azure AD positively impacts the consistency of the user's sign-on experience. It is possible to achieve this consistency across various platforms such as Google and Amazon. However, it is essential to consider that certain scenarios may require additional solutions that are specifically tailored to about twelve different brands or specialized functionalities like zero-trust or stability measures. These solutions should seamlessly integrate with the custom interfaces, such as SaaS platforms, that are already integrated with identity solutions. By connecting your Azure AD with these complementary solutions, you can effectively combine the three components and bridge the gap between the initial Microsoft solution and the specific requirements of your company and the service provider. It becomes evident that a comprehensive approach is necessary, going beyond the initial solution to meet all the necessary requirements.

The single pane of glass significantly influences the consistency of the security policies you enforce. To maintain compliance and ensure information security, it is necessary to implement frameworks like the seven-zero-one compliance framework. Regularly reviewing the security posture is crucial since circumstances evolve over time, and new threats emerge. It is imperative to continually enhance security tools and automate response mechanisms, allowing you more time to explore new security approaches and stay ahead of potential vulnerabilities.

The assessment of Azure AD's admin center for managing identity and access tasks in an organization is positive. It is considered a good tool that offers simplicity and is not overly complex. However, it requires the use of the Azure client and additional identity solutions for developers. The interface is well-designed and continuously evolving with frequent updates.

The assessment of the Azure AD admin center for managing all identity and access tasks in an organization is positive. It is considered to be a good tool that is user-friendly and not overly complex. However, it is important to utilize the Azure client and explore other identity options, especially for developers. The interface is well-designed, with frequent updates that require testing of previews to implement new solutions and improve the overall experience. In comparison to on-premise solutions, the admin center is much simpler, eliminating the need for multiple consoles and specialized configurations for each user.

The solution has significantly improved my organization by simplifying the configuration process, as now we only need to perform a single-user setup. In comparison to competitors, where user administration and onboarding used to be more complex, the process has become much simpler. Previously, setting up a user involved configuring them in multiple systems such as Exchange, Active Directory, and accounts. However, in the cloud environment, setting up a user involves only a single step, and they instantly gain access to applications like Teams, SharePoint, and OneDrive, as well as cloud storage. Additionally, dynamic groups are available, making the entire process even more streamlined and user-friendly.

We utilize the Azure AD conditional access feature to enforce finely tuned and adaptive access controls. This feature is crucial, especially when dealing with traveling users, as it provides an additional layer of security intelligence within the company. It helps address the issue of hackers gaining unauthorized access to user accounts and allows us to track and monitor their activities. To enhance security and protect against identity theft, we also leverage the licensing for Azure AD P1 and P2, which includes conditional access as a key component. By implementing these measures, we strive to ensure the utmost security for our company's identity infrastructure.

The conditional access feature plays a crucial role in enhancing the robustness of a zero-trust strategy in user verification. It ensures that every access attempt is thoroughly assessed by checking for known or unfamiliar logging locations. Additionally, it prompts users to provide additional authentication factors, such as a code sent to their phone or an email, to ensure proper verification. By implementing these measures, conditional access strengthens the authentication process, making it particularly valuable in situations where stringent security measures are required.

I used the Azure AD conditional access feature in conjunction with the Microsoft Endpoint Manager.

When evaluating Azure AD's verified ID in terms of privacy and identity data controls, it is crucial to ensure that your company has the appropriate applications and data management practices in place. This includes disabling protocols such as SMB version two or NTLMA within the organization. Additionally, it is important to protect legacy applications and protocols by utilizing the pure configuration of the cloud. By taking these measures, you can effectively safeguard privacy and maintain control over identity data within Azure AD.

I use the Azure AD permission management feature.

The level of visibility and control provided by Azure AD in managing identity permissions across Microsoft, Amazon, and Google Cloud is significant. However, it goes beyond simply having a column for testing and user logs. Additional information is often required, especially when generating reports for external identities. The existing capabilities are not sufficient, and there is a need for more detailed segmentation in this area to effectively manage and monitor permissions.

The permission management feature is highly beneficial for reducing the risk surface associated with identity permissions. It addresses the issue of leaving individuals with perpetual access to resources, which is a common problem in many companies. When a user leaves a position, there is often a failure to thoroughly review and revoke their authorizations, creating a security vulnerability. In order to mitigate this risk, it is preferable to create new users and assign fresh permissions, while retaining the old permissions and authorizations for other users. Although this approach requires additional work, it significantly improves security measures.

Azure AD has proven to be a time-saving solution for IT administrators and HR departments. It greatly expedites the onboarding and offboarding processes by automating them, leading to faster and more efficient results. In the best cases, HR departments can take charge of the initial onboarding process, allowing administrators to focus on more critical user configurations instead of being burdened with repetitive tasks. This separation of responsibilities enables HR to initiate the process, while IT can provide templates and support, ensuring that clients are seamlessly integrated into the workflow without the need for direct involvement from the IT department.

In my previous experience, this solution has saved me numerous hours. For example, when a new person was scheduled to join the company, it would typically take me around eight hours to handle tasks such as machine preparation, configuring user permissions, installing the required software, and other related activities. This could easily occupy an entire workday. However, if I delegate those tasks to the solution, I believe I could potentially reclaim approximately eight hours of my time, equivalent to a full workday, and utilize it for other IT administrative responsibilities.

While the solution has helped us save money in terms of user management and improved security through the portal, it hasn't directly impacted licensing or other expenses.

Azure AD has greatly improved the employee user experience in our organization. They now have the convenience of resetting their passwords from anywhere, whether they are within the company premises or working remotely. This eliminates the need for excessive contact with the IT support department or relying on specific personnel, giving users more freedom and independence to access their accounts and perform necessary actions.

The primary and most valuable aspect of Azure AD identity is its ability to function seamlessly on both on-premise and cloud infrastructure, eliminating the need for extensive updates. However, this dual solution can pose vulnerabilities that require substantial support and security measures in the on-premise environment. Despite the challenges, it is currently not feasible to completely abandon AD, especially for companies in the sales and energy sectors. The integration with Microsoft Defender is crucial for enhancing security, making identity and security the primary focus and purpose of Azure AD.

Azure AD could improve by enhancing the availability of specialized courses for security, such as NETSCOUT security or other relevant certifications. It would be beneficial to have specific courses for security, to provide in-depth knowledge and skills related to Azure AD. While there are micro-learning resources available for various concepts, many people in the IT industry may not have the time to go through all the courses to properly configure and utilize Azure AD. Simplifying the implementation process and making it easier for individuals to join a company with Azure AD could also be considered areas for improvement.

I have been using Azure Active Directory (Azure AD) for approximately six years.

Azure AD is stable.

The scalability of Azure AD is great. It is scalable by default.

I have not used the support from the vendor. I used a partner instead.

I did not use another solution similar to Azure AD.

The majority of the process of implementing Azure AD involves creating an Azure account and setting up user administration in the cloud, which essentially encompasses the connection to AD. The whole process was straightforward.

In my implementation, I have both an AD server and a member server. I use AD Connect to establish a connection between the two servers, ensuring redundancy in case of any issues with the primary server. However, I am considering transitioning to a direct syncing approach in the future.

The implementation is relatively small, catering to a team of ninety people in a single location in Mexico. In this scenario, using Azure AD for cloud computing would be more efficient than a regional setup. The implementation primarily focuses on virtualization, storage, and backup solutions.

I did the implementation of the solution in-house with two to three people. It is not complicated.

We have seen a full return on investment after three years. After a short time, there is already value.

The price of Azure AD is not expensive.

I evaluated Okta prior to using Azure AD.

While Microsoft offers fundamental features, there are instances where more specialized needs arise. In such cases, it becomes necessary to turn to third-party solutions, such as Soft Tower, Azure, or Sharepoint to obtain additional functionalities. Programming the onboarding process in Azure, specifically, can require more time and effort. However, platforms, such as Okta simplify the process significantly by providing pre-existing templates for applications and other relevant elements. 

While Okta may incur higher costs, it becomes necessary to consider the situation at hand. When faced with numerous tasks and limited time, investing money in Okta can be a viable solution. By doing so, you can free up your resources and focus on other important tasks. 

The AD Connect needs maintenance but not Azure AD.

Initially, Azure AD offers a free usage tier, allowing users to explore and experiment with its features. It is specifically designed to minimize the need for extensive administration, making it more user-friendly. The cloud environment significantly reduces the administrative burden, enabling streamlined management and the ability to easily track and monitor various aspects of your infrastructure.

I rate Azure AD a nine out of ten.

We use the product for various purposes, such as implementing conditional access policies and access reviews. These features are available with specific licenses, such as the E3 and E5 licenses, including privileged identity management features.

The platform's pricing and scalability need improvement. 

I have worked with Microsoft Entra ID for about two to three years.

The product is stable and does not exhibit significant glitches or performance issues.

The scalability features are good overall. Depending on the cloud environment and device synchronization, there might be occasional delays, such as updates taking from ten minutes to 45 minutes.

Although support services are generally good, there have been delays in some cases, such as issues with license management.

Positive

The deployment process is straightforward. It takes a few hours to complete. 

The product cost is on the expensive side. For example, a subscription for one user can cost around 4,000 to 5,000 INR per month, plus GST. There is potential for improvement in this area.

I rate the pricing a nine out of ten. 

The platform's conditional access features are satisfactory. For instance, I configured policies to require users to reauthenticate every eight hours and to restrict access through specific browsers.

Based on my limited use cases, the performance seems adequate. However, further testing would be necessary for a more extensive evaluation.

I rate it a nine out of ten. 

I enforce policies to manage the access of users, focusing on their activity, login positions, and security audit logs. It is always based on security and the enforcement of security policies.

The most valuable features are the API apps, which I use to connect to my cloud Protection. The management of the users and the security policies are also crucial. 

The ability to deploy software with Intune, which is integrated, is essential. These features ease the job of security analysts, providing a better vision of user activities and potential risks.

I have set up my Active Directory locally for the same domain. However, Entra ID lacks a function to synchronize from the cloud to the local directory. This is a significant issue since there is no write-back feature from the cloud to local, which would allow me to use my own credentials from the cloud tenant securely.

I have been using it since January 2024.

I rate this product a solid eight out of ten. The function for cloud-to-local synchronization should be implemented as it is crucial for better access management.

We mostly deal with identity management by different vendors. We are a partner of Microsoft, Oracle, and Symantec, among others, and we also deal with open-source solutions like Evolvium ID. We are dealing with Microsoft Identity Manager. They call it Microsoft Entra IntraID.

Microsoft Entra ID Protection has allowed us to manage partners and external users effectively, providing us with trust from these organizations. Access reviews are conducted to ensure that when partners leave their respective organizations, they are also cleaned up on our side.

The features we find most effective for identity security include access reviews, two-factor authentication, and modification.

Microsoft has room for improvement in simplifying their integration with third-party solutions and making the licensing model more understandable.

I have been working with Microsoft ID Protection for five to seven years.

Microsoft Entra ID Protection is stable, and we do not need any technical assistance.

The product is very scalable and works well.

I am very satisfied with the technical support. Microsoft has consolidated their support into one, which has been very effective. However, I have not needed to request any technical support from them.

Positive

We find mostly SailPoint used by big companies, however, we don't use SailPoint at the moment.

The interface is very good, and setting up is easy because it involves SaaS solutions where you click a button and it does everything. It's easy to configure, sign up, and integrate.

Microsoft has various pricing models. Some of them are bundled with the current price, such as E3 and E5. Understanding the pricing model requires familiarity with their fragmented model.

For identity management instead of Symantec, the recommended solutions depend on the environment, features, complexity, user types, and budget.

I'd rate the solution nine out of ten.

I use the solution to manage users, groups, access, and license. 

The tool is simple and you can find a lot of tutorials, and videos on YouTube that can help you. 

The solution's sync should be faster since it can take about 30 minutes to two hours to complete a simple sync. The tool needs to sync instantly. It also needs to improve scalability, support, and stability. 

I have been using the product for four years. 

I would rate the solution's stability a nine out of ten. We encountered bugs while integrating with other Microsoft or MDM solutions. 

I would rate the product's scalability a nine out of ten. My company has 200 users.

Support takes longer than expected to revert back. 

I would rate the solution a nine out of ten. 

Our company uses the solution to provide identity protection services to customers. We currently have fifteen developers on our team. 

The solution provides good information security that includes sensitive labeling. 

The sign-in and audit logs work well. 

The reverse proxy feature provides additional security that is not available in other solutions such as SailPoint and Dell. 

Identity labeling and sensitivity needs improvement to be comparable to Dell. 

Password management needs to include a keyword mechanism that blocks or allows generic passwords. 

The auditor tool needs to include SIEM events in addition to sign-in and audit logs. Currently, we have to rely on third-party solutions for our log needs. 

The solution's models need to be centralized instead of having different names and separate platforms. We have to spend a lot of time integrating all the models with the IAM. 

I have been using the solution for four years. 

The solution is stable and reliable.

The solution is scalable to a customer's needs. 

Technical support is very good.

I rate support an eight out of ten. 

Positive

The initial setup is simple. Getting ready for implementation takes time because it requires internal meetings and planning. 

I rate setup an eight out of ten. 

We implemented the solution in-house with a team of twenty technicians. 

Ongoing maintenance is not an issue because we pre-tested all components before implementation. 

The pricing is competitive in the SMA segment and runs $5-$6 per user. 

I rate pricing an eight out of ten. 

We are currently researching applications that will replace our hybrid model and include SIEM management. 

We have looked at the capabilities of Dell and SailPoint. 

The solution needs to be better marketed to the SMA segment because they are not as aware of information security. 

I rate the solution a seven out of ten.