Microsoft Entra ID Reviews

We use Azure AD to implement Conditional Access policies and privileged access management.

There are plenty of benefits. First, as we had Microsoft AD on-premises, it was very easy to configure Azure AD. We are using the password hash sync for authentication, so authentication on the cloud is very seamless when users use applications on the cloud. That is very important.

Also, with the help of sign-in logs, we are getting information about every application, such as where a user is trying to log in and from which device, making things very crystal clear. We only get this type of transparency and accuracy only from Azure AD.

We use the Conditional Access feature to fine-tune access. We implement a lot of access policies. For example, we want to get rid of client machines with Windows XP and some legacy applications, so we created access policies to prevent logins from those devices and those applications. We have also created policies to prevent logins from certain areas around the world. These abilities are very helpful in preventing phishing and scams.

In addition, there are so many tasks and activities that are automated in Azure AD. For example, we have enabled the password reset self-service so that users can reset a password themselves and log in to their accounts. That is one way it saves time for our help desk team. It no longer requires the help desk. From an administrative perspective, it's very convenient for us to manage and maintain the users of the organization. Azure AD is saving us 10 to 12 hours per week, and that's for just one person who would otherwise be responsible for resetting passwords.

The solution has also prevented so many potential cyber attacks, and that has saved us money. And by saving man-hours, we have saved money. Thirdly, we have been able to reduce manpower. I would estimate it has saved us 20 percent in terms of costs.

Another benefit is that, from a user perspective, it is very smooth and easy to sign in to all the Microsoft applications with the Azure AD sign-in. The UI is very intuitive for Microsoft accounts, so it's very easy for them to log in. We also have single sign-on enabled for desktops, so whenever a user signs in to an application on their machine, they don't need to sign in again and again. With the help of the same token, all other applications can be opened easily.

Two very important features in terms of security are governance and compliance through the Conditional Access policies and Azure Log Analytics.

Also, Azure AD provides a single pane of glass for managing user access.

I mainly work with the Microsoft Security portal so I can get access and privileges to maintain all the security policies, including Conditional Access policies and privilege access management for just-in-time access, as well as Azure AD sign-in logs. These factors are very important.

When it comes to managing identity, we have E5 licenses. We are using every application from Office 365, so it is very easy for us to manage identity with the help of all those applications. We are also using third-party applications that are integrated with Azure AD and that makes access management easy.

From an admin perspective, I would like to see improvement in the Microsoft Graph API.

I have been using Azure Active Directory for six to seven years.

There are some bugs that we find monthly or quarterly, but all the bugs are fixed by Microsoft.

It is scalable.

We have it deployed in Europe and there are about 15,000 users.

I received good technical support when syncing on-premises users to Azure AD. It was very smooth. But for help with Conditional Access, I got poor support.

Neutral

We had on-premises AD and then we introduced Azure AD. We synced all the users from on-premises to Azure AD. Then, with Office 365, we installed Exchange Online and Teams. For single sign-on we have ADFS [Active Directory Federation Services] on-premises, but now we are migrating our applications to Azure AD SSO for single sign-on.

The initial deployment was very straightforward. It only took a day to deploy. The plan was first to get information about our on-premises Active Directory users, computers, and groups, and then we had to determine how many licenses and which types of licenses we needed for those. We also had to think about which type of authentication method we were going to use.

Our deployment involved three to four people.

Maintenance is just checking for updates.

Personally, I feel Microsoft is very costly compared to other products. That is also what management is thinking. But when we consider security and support, Microsoft is better than any other product. It is somehow justified, but I feel it is costly.

I have worked with Okta but for single sign-on only. It does not provide all the features or meet all our demands.

If you want secure data and secure identities, go for Microsoft Azure AD.

We use it for various things in the organization:

1. Provisioning access to systems in the cloud for either internal teams or our partners' external teams. 
2. We use Azure AD for Windows device management with Azure AD Intune. We use them for the management of devices. We have company devices, laptops, or tablets all using Azure AD. 
3. Within Microsoft Azure, we use various services, e.g., Office 365, for granting the right level of access to the right people.

I am directly involved in the project. I know what is happening and being done by developers. I have also done some hands-on work in a test environment, using my own account, just to learn.

In our previous organization, we had to give continuous system access to users from external teams, who were not employed by our organization. This solution certainly helped with provisioning access to them, providing them with single sign-on access. It also monitored giant movers and leavers, which was helpful. 

Azure AD has massively affected our end-user experience. It provided a single sign-on for all our partners. They don't have to remember their password. They might be accessing 10 of our systems and don't really need to remember all 10 different user IDs and passwords. In most of cases, they are accessing our systems with their own organization's identity, so they don't need to remember a second user ID and password in addition to their organization's credentials. Requesting access is much better since it is all automated.

Their connection to the on-prem AD is a strong point. A lot of organizations already use on-prem Active Directory. That easily lends to using Azure AD compared to other providers. 

I like the automated provisioning of access, either for internal teams or external teams.

It has things like conditional access. For example, if someone is accessing sensitive information, then we could force them to do multi-factor authentication. Therefore, we can stop access if it is coming from a location that we did not expect. 

Compared to what we can do on-prem, Azure AD lacks a feature for multiple hierarchical groups. For example, Group A is part of group B. Group B is part of group C. Then, if I put someone into group A, which is part of already B, they get access to any system that group B has access to, and that provisioning is automatically there.

Geo-filtering is not that strong in Azure AD, where we need it to identify and filter out if a request is coming unexpectedly from a different country.

I have been using it for five and a half years on multiple projects.

It is very stable. In the last five years, we only had two major incidents on Azure AD. This is key for Azure services. If your Azure AD is down, then it brings down a lot of other services within Azure. 

It is very scalable.

My previous organization, which did power plant construction, had hundreds of partners at any time and about 10,000 internal staff. 

The product is extensively used. Many times, we have changed the way that we design based on new features introduced by Azure AD, so that drives what we do and how we design. Therefore, if they introduce a new feature, we send it straight on to be researched, then determine where we can use it. 

I am not directly in touch with technical support. I have never been on the other end calling Microsoft for technical support.

We didn't use another solution prior to Active Directory, which has been in place for a long time (20 to 30 years).

When we started using this feature, it saved time when provisioning access to users. Critically, it removed access to users who did not need access to the system. That was a significant improvement. Time-wise, we saved about tenfold. Its day-to-day maintenance is also much easier than without it.

We chose Azure AD when going to the cloud. It was key for us to maintain security within the organization. I don't think we could imagine securing our cloud without identity management as strong and rich as Azure AD. It is a key player in anything that we do on the cloud to secure resources and a critical element that determines our security.

I have set up test environments. The setup is easy, not difficult at all. This is one of the solution's strong points.

A lot of people already have on-prem Active Directory. It is a natural step to extend it to Azure.

Compared to other products in the market, the Azure AD deployment is the fastest. Depending on the size of the organization, it could take weeks or months to deploy.

For an organization of 10,000 users, there might be a team of five to six people supporting AD for day-to-day things.

Pricing-wise, they offer a stepladder approach. You can start with the lowest level features, then start increasing based on new requirements.

I have not really tried any other products, so I wouldn't be able to compare it with other stuff.

Start small, then expand it. When your organization wants to add Azure AD, you can try it on a smaller scale first.

I would rate it as eight out of 10. I am unfamiliar with other products in this market. That is why I am compelled to give it eight out of 10.

Azure AD is primarily integrated with all of the Microsoft services, such as Microsoft 365, Office 365, and Dynamics 365/Power Apps. Behind the scenes, we are, in one way or another, using Azure AD for our application security, identity management, and to access purpose services. At times, we need to configure some advanced features to provide access and identity to third-party apps to integrate with Dynamic 365. 

Unfortunately, I don't have any numbers and metrics related to organizational improvement off-hand.

That said, using Azure AD app services, we don't have to care about secure access to our Dynamics 365 data. Azure AD performs the authentication on behalf of our application and that's great. We don't have to implement security on our side to secure access for third-party services or third-party software or applications.

Azure B2C has also helped us in providing secure access to the Power Apps portal, or external content.

The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.  

I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.

The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.

The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.

Honestly speaking, I haven't thought about where areas of improvement might be necessary.

Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues.

In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.

I have been using the advanced feature of Azure AD for the last three years or so.

Currently, Azure AD and most of the Azure services are very, very stable. A couple of years ago, I experienced some difficulty in implementing the solutions, the services of Azure AD. In one instance, I was not able to configure Azure AD for a registration. This was two or three years ago. However, currently, the documentation is very clear and there are no loopholes or anything that could hinder even a simple IT administrator to implement these services.

I am just using the product for integration with Dynamics 365 and Power Apps solutions. Right now, we are integrating with Azure AD in a very simple manner. I'm not sure if we plan to expand usage.

In our company, 100 to 200 people are connecting to PowerApps portals using Azure AD B2C.

There are two or three developers right now who use Azure AD for identity and access management purposes. Managers will not be using Azure AD in that it is not used to configure and trigger solutions using Azure.

We haven't used customer support contact up to this point. Everything that we need is already provided through the documentation. So far, we haven't had any need to contact customer support for Azure AD.

We did not use a different solution before we used Azure AD. We only use Microsoft solutions.

The initial setup was very straightforward. The documentation is very good and the steps are very well documented. I remember three years ago I encountered some undocumented feature or maybe a bug when configuring Azure AD for apps registration. However, lately, this is not the case. Currently, the documentation is very up-to-date and very clear, and almost every time I register the user, the apps in Azure AD, and configuration the Azure B2C have helpful documentation. They probably made some form of an update to the system that fixed any past bugs or issues.

The deployment hardly takes 15 to 30 minutes - and that's for app registration. To complete the whole process on the Azure AD side and on our Dynamics 365 side - including Azure B2C - it took, when I implemented it for the first time, one hour to set up everything. That was the first time. Since then, I've gotten faster and it now hardly takes 30 to 40 minutes to configure Azure B2C.

We are an IT company ourselves. A hundred percent of the time we use our own skills and documentation to implement everything related to Azure AD and Dynamics 365 or anything else.

We have seen an ROI due to the fact that it integrates with other Microsoft services very seamlessly. In that sense, it definitely saves time and cost as opposed to implementing something that we don't know, such as other identity systems. 

I don't know much about the pricing. As far as licensing is concerned, there are two options. There is a set of free services that are offered through a free license and if you have a Microsoft tenant or any Microsoft service such as Dynamics 365 or Power Apps, you have access to a free set of services that Azure AD provides. This includes registration and some other items. 

If you want to use Azure AD's advanced features, they are not provided for free. There are two types of premium licenses that are available for anyone who is a registered licensed user.

We did not evaluate different solutions before we chose Azure AD. This is due to the fact that, in the Microsoft ecosystem, Azure AD fits best in terms of providing access and identity management to all of the other Microsoft online services.

We are a Microsoft partner.

I'm not sure which version of the solution we're using. This is an online service. As I'm a Dynamics 365/Power Apps developer, usually I don't bother to check what version of Azure AD is currently hosting on the online services.

I would advise new users, if they are using Microsoft online services, that Azure AD is the best choice for all identity and access management requirements. This is due to the fact that it is in the same ecosystem. It understands the needs of its own vendors much better compared to any other external identity service.

I'd rate the solution a perfect ten out of ten.

BDO is a network of firms and a firm is what we call a country. So, we are present in about 160 countries. I am involved in BDO Global, which is not really a firm in the sense that we don't deal directly with clients, but BDO Global hosts IT services for all those 160 countries. A couple of those solutions are a worldwide audit solution that our firms use for financial audits for customers. We have a globally running portal solution, which firms are using to collaborate with our customers directly. All these services are basically based on Azure AD for authentication and authorization. This has been a lifesaver for us, because BDO firms are legally independent, so, we don't have a single identity store worldwide, like other big companies potentially do. We created an IAM solution based on Azure AD that ties all 160 dispersed identity stores back into one. We use that to give access to our services that we run globally.

Azure AD doesn't really give you a version. You just need to take the version as-is because it is a service that Microsoft delivers as a SaaS service. So, we don't have a lot of influence over the version that we use.

Besides tying together all authentications for our 160 countries, it has also been instrumental in getting the collaboration going between our firm countries since normally they are quite isolated. Also, their IT firms are quite isolated. So, Azure AD has made sure that we can collaborate with each other in multiple different systems: the global portal, the Audit application, and Office 365. This allows us to collaborate closer together, even though we are still separated as different countries.

Because it is an identity store, it handles all our authentication. We also use it with a combination of conditional access, which is a way to limit people's authentication or authorization based on where they are, the compliance of their device, and on a whole bunch of other variables that we can set. So, it definitely has been influential as well on the security side. Because it is a SaaS, you have central management over that. You can see all the logins and get reports on who signs in from where. 

There is a lot of artificial intelligence in Azure AD that can monitor behavior of users. If users behave in a strange way, then the authentication can be blocked. For example, if you have a user logging in from China, but it looks like the same user is logging in from America just a few seconds apart. That is a seemingly risky behavior that Azure AD flags for you, then you can block that behavior or have the user provide you with a second factor of authentication. So, there are a lot of security features that come with Azure AD too.

In our scenario, we use a lot of the business-to-business (B2B) features in Azure AD, which allows us to tie multiple Azure AD instances together. That is what we heavily use because every firm or country has their own Azure AD instance. We tie those together by using the B2B functionality in Azure AD. So, that is the most valuable part for us right now.

It has been very instrumental towards a lot of services we run, especially on the single sign-on side. For example, we have 160 countries that all run their own IT but we still are able to provide users with a single sign-on experience towards global applications. So, they have a certain set of accounts that they get from their local IT department, then they use exactly the same account and credentials to sign into global services. For the user, it has been quite instrumental in that space. It is about efficiency, but also about users not having to remember multiple accounts and passwords since it is all single sign-on. Therefore, the single sign-on experience for us has been the most instrumental for the end user experience.

We are using a whole bunch of features:

• We are using privileged identity management, which is also an Azure AD feature. This allows us to give just-in-time, just enough access to privileged accounts. For example, normally you have a named account and you get a few roles based on that named account. If that is a very privileged role, that role always sits on your account all the time. When your account is compromised and the role is on the account, the people that compromise your account have that role. With privileged identity management, I can assign a role to a certain account for a specific amount of time and also for a specific amount of privileges, e.g., I can give somebody global administrator access, then revoke that after an hour automatically. So, when his/her account gets compromised, that role is not present anymore. 
• We use conditional access. 
• We use access reviews, which is basically a mechanism to access reviews on Azure AD groups automatically. So, the group owner gets a notification that they need to review their group member access, and they use that to do reviews. That is all audited and locked. For our ISO process, this is a very convenient mechanism to audit your group access.

We have a custom solution now running to tie all those Azure ADs together. We use the B2B functionality for that. Improvements are already on the roadmap for Azure AD in that area. I think they will make it easier to work together between two different tenants in Azure AD, because normally one tenant is a security boundary. For example, company one has a tenant and company two has a tenant, and then you can do B2B collaboration between those, but it is still quite limited. For our use case, it is enough currently. However, if we want to extend the collaboration even further, then we need an easier way to collaborate between two tenants, but I think that is already on the roadmap of Azure AD anyway.

I have been using it for about six years.

The stability has been very good because it is an underpinning service for many things that Microsoft does:

• The underpinning identity store for Office 365.
• The underpinning identities over Azure services. 

So, the stability has been very good. We haven't had major issues with Azure AD so far.

On the global side, we have around two to three FTEs aligned to this. On the firm side, in the countries, FTE's are aligned to managing identity as well. These FTE numbers differ per firm. In our case, there are about two to three FTEs who are aligned to this. That is normally probably not what you would need, but since we run some custom code around this to be able to do the B2B process, we need about two to three FTEs.

Scalability is not a problem. We don't have to control that because Microsoft does it as a SaaS. However, we have never seen any real performance issues on the authentication stuff. I think they handle that under the hood. Since it is such an important service for them, they keep the scalability quite well. We don't have any scaling concerns. We also can control the scale. It is basically taken care of because it is a SaaS.

It is fully deployed to about 80,000 people worldwide.

We have Microsoft Premier Support, which has been quite good. It is quick. We are mostly into the engineering group quite quickly, and that has been good. I think they also have non-paid support, which has somewhat lower response time SLAs, but we have Premier Support.

Before, we only used local Active Directories because we were not in the cloud. Currently, in BDO Global, we are 100 percent cloud. So, we use Azure AD only.

We haven't run any other solutions than Azure AD.

The initial setup is a relatively straightforward process because Microsoft gives you a lot of guidance on how to do it. They also have a tie-in with local Active Directory. So, if you are running a local Active Directory, you can easily integrate it with Azure AD. It is also one of the more powerful features of the solution because it is a SaaS solution, but you can still tie it in with your local identity store. That makes it quite powerful because many companies, before they go to the cloud, have a local identity store, e.g., Active Directory. Microsoft has a very easy process and some tooling to make it integrate with Azure AD, so your local identities, you can still be leading, but you can sync all those identities up to Azure AD quite easily and keep the identity storage up to date.

We are exclusively using Azure AD in BDO Global. In other BDO countries, most countries use local Active Directory in combination with Azure AD.

If you look at it from a BDO country perspective, you have everything up and running in about a week, if not quicker. In our global setup, that took a little bit longer, because we had to create a solution to synchronize multiple Azure ADs towards the global one. We did that via B2B, so our setup took a little bit longer as it also involved some custom development. If you only deploy Azure AD from a single company perspective, then it should be a relatively quick process.

Deployment is not that hard because it is a SaaS solution, so you don't have to deploy any infrastructure. All that is taken care of by the solution itself. It is a matter of configuring first-time use, then setting up a sync between your own identity store and Azure AD, which is quite an easy process. If you read through the documentation, then you can have that sync running in about a day.

We mostly did the implementation and the custom coding ourselves in combination with people from Microsoft.

The ROI has been quite good because we looked at competitors as well, Ping and Okta, but their license fees were quite high. Also, Azure AD can meet all our use cases. In the beginning, we only used the free version, so that was quite cheap to run. We had some custom code that we needed to develop, but that was due to our specific use case. Overall, the return on investment has been very positive. The solution is not very expensive to run. It is quite stable. For us, it brings a whole lot of capabilities to provide people with a single sign-on experience across the world.

Compared to other big vendors over the past six years, I think we are close to saving $5 million on FTEs and licensing, which is substantial.

MS has a free version of Azure AD as well. So, if you don't do a lot of advanced stuff, then you can use the free version, which is no cost at all because it is underpinning Office 365. 

Some of the services that I mentioned, like conditional access, privileged identity management, and access reviews, come with a certain premium license per user. We negotiated those license fees in what we call a GEA. This is a global Microsoft contract that we have. So, the pricing seems to be quite fair. If I compare it to its competitors, Azure AD is a lot cheaper.

Because Microsoft gives it to you as a SaaS, so there are no infrastructure costs whatsoever that you need to incur. If you use the free version, then it is free. If you use the advanced features (that we use), it is a license fee per user. 

Premier Support is an added cost, but they do it based on the amount of services that you consume. We don't have it specifically for Azure AD because we run a lot of Microsoft technologies. We have an overall Premier Support contract, which is an additional cost. 

We looked at many different vendors for identity because our identity store is quite complicated within BDO, because you don't have that single identity store across all the countries like you see in many other global companies. So, we had a strategy. We looked at other products that could potentially do the same. However, the features that Azure AD gave us the option to do this as we wanted to do it. The other tools that we looked at, Okta and PingFederate, were not able to do the same thing for us back in the day. This is especially because we have many different identity stores within the BDO countries that have to be under the control of those countries. BDO Global cannot and is not allowed to control those identities. We need to allow the countries to control those identities themselves, but we still need a way to tie those altogether on the global side. Azure AD was the only solution that could do that for us.

From a BDO Global perspective, we don't. The firms and countries own their identities and the management around them, and they also need full control on those identities. We as BDO Global are not even allowed to control those, but we do need to provide them with single sign-on experiences. So, Azure AD is the service that allow us to do that. 

Our primary use case was about that control, which is a very specific use case because countries need to control their own identity stores and we are not allowed to control that from a global perspective. Specifically, the control requirement and still being able to have that single sign-on experience led us to Azure AD. The other big vendors that we looked at couldn't do that.

This solution is a prerequisite with some of the bigger Microsoft services, so if you want to use Office 365, Dynamics, etc., then you need Azure AD. However, it is also quite good to use for other services as well because they are currently supporting tens of thousands of other applications that you can sign into with an Azure account. So, it is not only for Microsoft Office, and I think that is probably a misconception in many people's heads. You can use it for many other cloud services as well as a single sign-on solution. My biggest point would be that it can be used for Microsoft services, but people tend to forget that you can also use it for many other services. In that sense, it is just an identity store that you can use across many services, not only Microsoft.

It continues to be one of our primary fundamental services around authentication, so we will keep using it in the future. We are planning to reduce the amount of custom code that we need to tie all these things together. Microsoft has a few things on the roadmap coming up there. We hope that we can decrease the amount of custom code that we need to run around this. The custom code is mostly about synchronizing identities from 160 countries to us. Microsoft will bring some stuff out-of-the-box there so we can hopefully decrease the custom code. It is a fundamental solution for us for identity and single sign-on, so we definitely plan to keep using it.

The biggest thing we learned is that the security boundaries are shifting from what used to be networks, firewalls, and data centers that you owned yourself. The security boundary is more shifting to identity in these cases because people are using cloud services. They use a single identity, and in this case, Azure identity to sign into those cloud services. You are not always controlling where people are signing in from anymore because those services live in the cloud. Where you used to have servers running in your data center, you had far more control on the network, firewalls, and all that stuff to keep those services secure. You now have to rely much more on the identity because the services are running in the cloud. You don't always have control over the network, so people can sign in from every device.

The security boundary is really shifting towards identity. Azure AD gives you a lot of options to secure your identity in a proper way. We use multifactor authentication, the conditional access piece, and privileged identity management, which are all services that Azure AD provides and quite hard to implement on a traditional Active Directory. 

I would rate this solution as 10 out of 10. It is instrumental to everything that we do.

We primarily use the solution for our AD. Azure AD and Microsoft Entra ID are basically the same, they are currently rebranding. I basically manage users and permissions.

It's made it easy to manage our users. It's also easy to deploy across the company. It pulls over the Exchange and does everything together in one go. You just have to get the licenses.

The login process is easy. It's very user-friendly for users. We can check the logins and handle user management. It's quite simple and easy to use.

It provides a single pane of glass for managing users and access. It's easy for users to handle multiple devices. It makes the sign-on experience better. It can easily teach users how to use the authenticator app.

I'm able to get reports on the database to help give visibility to security. I don't handle security, however. I'm there for support. People can use the data to perform investigations. 

The ID is quite useful. The Azure ID admin center can manage all identity access tasks across an organization. We can easily set up users. It's something you need in every company. Most of the basic stuff is done for users.

The Verified ID is useful for authentication. You can set it in your privacy settings. 

The solution has helped us save time.

The experience overall has been good for employees when they need to get an ID. If you need an extra license, it's just a matter of clicking one button.

We'd like to be able to link to non-Mircosft products, like Linux. There isn't much open source that links up with Azure. Most open source, however, can link up with AWS.

I've been using the solution for four years now. 

The solution is stable. it's dependable. 

We have about 100 users on the solution. 

It's easy to scale up or down. It does what it needs to do. You can always edit or delete resources as well. 

We haven't had any issues. Therefore, I have not really dealt with technical support. 

Positive

I was also working with Microsoft Active Directory on-prem. I'm new to this company; I've worked with other things in other companies before. 

I've used Okta in the past. I find the Azure pricing more user-friendly and I find it's better in terms fo team collaboration. For example, with this, you can also implement Microsoft Defender which can help you monitor users as well.

We have it deployed to the cloud; it's too expensive to maintain on-prem hardware. 

I was not directly involved in the deployment of the solution. 

Only two people have to maintain the product. 

The pricing is expensive. It's in US dollars. I'd rate the affordability of pricing six out of ten. 

I'm not sure if the company evaluated other options. 

I'd rate the solution eight out of ten. My advice would be to stay virtual and not on-prem or you'll have to pay more.

We use Microsoft Entra ID primarily to reconnect all of our Windows laptops. It is our centralized location for access to pretty much anything web-related. Everything you log in is MFA activated. We've worked on conditional access policies in it as well.

Microsoft Entra ID has improved our organization because we now utilize a single source of truth for authentication. We have less management, and I can point everything to Microsoft Entra ID. I have fewer people talking about resetting passwords, the MFA pieces, and more single sign-on.

I'm not attaching or having to authenticate on separate apps, which has greatly benefited us. We are able to route things into Microsoft Entra ID. I create one ID, I create groups that manage the security side of it, we plug that in, and it works great.

The most valuable features of Microsoft Entra ID are the login and the conditional access pieces. The login helps me identify who went where, why, and what problems they may have encountered. The conditional access allows me to control the flow of user access.

The private access is the next big thing for us, and that's one feature I'm going to try in public preview and probably move towards. There is no great solution in the cloud for Conditional Access authentication and RADIUS-type authentication.

I have been using Microsoft Entra ID for four years.

The solution's stability is very good. We've only had one minor outage for a few hours.

The solution's scalability is really good.

The solution's initial setup is fairly straightforward. The biggest issues we had were syncing it to the on-premises Active Directory and doing local things like RADIUS.

We implemented the solution with the help of a consultant named Steeves and Associates, and our experience with them was really good.

We have seen a return on investment with Microsoft Entra ID. The solution has dramatically reduced the amount of time spent on activating accounts. I was the first system administrator at the company, and we've got four now. It's definitely a growing arena, but it's an understanding that I can see that progression. I don't have to teach them all these different things. We just do one thing and move on.

Everything costs money in a tough market. As a nonprofit, we have A5 licenses for nonprofits in education, so we at least have some reduced costs. Looking at Copilot and a bunch of other features that are coming out, we'll have to seriously consider that cost-to-value ratio.

Since we all use Windows laptops, choosing Microsoft Entra ID made sense. I think there's a cohesivity in what Microsoft is trying to do, and Microsoft Entra ID is a very core function of that strategy. It's easier to branch out to other security products, making it easier for us to expand that landscape.

Microsoft Entra provides a single pane of glass for managing user access.

Because of the solution's single pane of glass, we don't have to run around to multiple places, mainly to create or remove accounts. One of our biggest issues, especially in the past few years, is turnover. Removing accounts is a big issue because we don't know where everything lies. Trying to find those little corners where access has been granted and not knowing it for a year or two after the employee has left is a huge security concern for us.

Our HR department doesn't use Microsoft Entra ID yet, but the IT department extensively uses it. It saves all that account creation, and we don't have to run around to different products. The solution has saved our company at least a few hours a week. We can focus on other projects, and I can educate most of my staff who are doing it in other areas.

Microsoft Entra ID has not necessarily helped our organization to save money. As a nonprofit, we didn't have any solutions, so it probably started costing us more. However, I think it's paid off just by this security nature of things and having that single pane of glass.

Overall, I rate Microsoft Entra ID ten out of ten.

We migrated about 3,000 computers from on-prem Active Directory to Azure Active Directory or Azure AD. 

These are still early days, but we are certain that it will improve our organization as we move away from on-prem Active Directory.

It provides a single pane of glass for managing user access, but we have to get more into it to be able to say that for sure. We have got so many different tools. It would be nice to have less tools. We are starting to take a look at how to consolidate tools.

It will definitely help to save time for our IT administrators.

It has not yet helped to save our organization money. It is too early for that.

The way the laptops are joined is valuable. We can take advantage of that in terms of being able to log in and do things. It is easier to change passwords or set things up.

I would like to dive into some of the things that we saw today around the workflows at this Microsoft event. I cannot say that they need to make it better because I do not have much experience with it, but something that is always applicable to Microsoft is that they need to be able to integrate with their competitors. If you look at IDP, they do not integrate with Okta.

I have been using this solution for about six months. It was not called Entra ID then. It was called Azure AD.

Our dealings have been fine. We do not deal with them so much. When we have to open something, our account managers help us out.

We were on on-prem AD. We moved to Azure AD because of a merger. We were purchased by a larger company, so we are moving on to their domain.

It was in the middle of the road. It was not the easiest thing, and it was also not the hardest thing.

We took the help of a company. They did a good job. They helped us to move a huge amount of data.

It is in line. Because we are so early, we have not had to come back on a cycle where we are having to negotiate again.

I would rate Microsoft Entra ID a nine out of ten. It is very good.

We manage local users in the Microsoft Entra ID environment. 

The tool's most valuable features are security and integration with other tenants. 

The product takes at least ten minutes to activate privilege identity management roles. 

I have been using the product for two years. 

The tool's stability is good. 

Microsoft Entra ID's support is good. 

The tool's deployment is easy. However, documentation is not helpful. 

The product is cheap. It is free for our tenant. 

I rate the product a seven out of ten.