Microsoft Entra ID Reviews

We use it for all of our internal colleagues. Every single user is synced from our internal on-prem directory to Azure AD. Every single user has a presence in Azure AD and that account or identity is then used for at least 10 to 15 different applications. They directly query what groups they're a member of within Azure AD. We use Azure AD for at least 15 different applications.

It has improved our security posture. Not only with the password feature but there were also things like conditional access, applications within Azure that you can use for better access. You can put conditional access rules in front of those applications, which means that either the device that they're accessing it with has to have a certain up-to-date version of antivirus, it has to have all of its Windows updates, or they have to use multi-factor authentication. All of those nice-to-have features help our security posture a lot.

When users are in Active Directory they can use single sign-on, which means once they've signed on to their machine, they then don't have to sign on again when they access things like their email. They can just go to those URLs. Because those applications are attached to our Azure AD and to our Azure tenant, they can just go to the applications. Those applications know who they are because they have a single sign-on enabled. So that has helped them so they don't have to turn on passwords when they have to access all these different applications.

Being able to integrate with third-party solutions is the most valuable feature. These are solutions that produced software as a service and we haven't then had to bring that service to our own data or in our own directory. We can use our Azure identity to connect to their solution. Being able to connect to third-party applications in these identities is the best thing we've found.

Being able to use Azure AD means that you can use some of the Azure AD security features like Advanced Password Protection. As well as querying your normal password requirements like lengths and complexity, Azure AD has a feature in which you can put specific words. It can be words to do with your company, words to do with your company location, or words that a lot of your employees would otherwise use. You can disallow them. It's very good at making more obvious passwords, ones they're not allowed to use anymore. That's a good feature.

It has something called Dynamic Groups so that when a user joins the company and they get added to specific groups, Azure AD will add them dynamically to other groups that will give them access to some of the base applications.

We have certain sets of software that they have to be able to access. Instead of somebody who deals with new users having to add them into 20 different application groups, you need access to this, this, and this. The Dynamic Group update feature from Azure AD means that you can just put them in one group and say that they have a role, and it will automatically then add them to about six or seven other groups, giving them default access to other things as well, instead of having to do that. It means there's a lot less manual work when you get new employees.

The conditional access rules are a little limiting. There's greater scope for the variety of rules and conditions you could put in that rules around a more factual authentication for other users. If you have an Azure AD setup, you can then connect to other people's Azure AD, but you don't have a huge amount of control in terms of what you can do. Greater control over guest users and guest access would be better. It's pretty good as it is but that could be improved.

I have been using Active Directory in my current role for around six months and in a previous role for three years. I recently moved companies about three months ago. Before that, I was working for another company. I was there for about five years and for at least half that time I was using Azure AD. 

We use the latest version. Azure AD doesn't really have version numbers, it's an evolving platform. In my current role, we're on the latest version of it. 

Stability is pretty good. In the lifetime of me using it, there have been outages of certain features within Azure. We use multi-factor authentication. There have been times when that authentication feature has gone down and people couldn't access things that required that when they log on. That has happened maybe twice in the last 15 or so years. So it's pretty good. The uptime is pretty good, but it's not 100%.

The company I used to previously work for had 90,000 users that were synced. That was nothing. There was room for loads more. I think they have a limit of a million or something objects within Azure AD. That's something you can ask to have increased if that's a requirement. Scalability is pretty unlimited. There is no issue there at all.

In the company I used to work for there were 90,000 people connected to Azure AD. As soon as they logged on, they were using Azure AD. In the current company, it's nearer five or 6,000, but all of those accounts have access to Azure AD. 

There are various roles including administrators who will have the ability to change any settings like sync settings and any settings on an individual user. Then we'll have a second line, which will be able to change some of the settings within a user's group and be able to reset their password or add them to different applications. There is a first-line service desk level set of users who will only have the ability to reset passwords, but if there's anything more complicated than that they'll pass it on. There are about three different levels of access that we currently have. There is level three and two access for not too difficult issues and then level one for password resets.

In the last place I worked, there were eight of us who took care of Azure AD which was for 90,000 people in Azure. There were people actively looking at the syncing engine, which does the sync between the two domains and there were four of us who managed that. We were called identity technical experts. So of a company of 90,000, we needed four of us, but that was only so that when people went on holiday, other people could still do the work. 

It's extensively used in that everybody has an account in Azure AD. I'm guessing we don't use all the features that are available. We still have our own mailboxes on-premise rather than in Azure. I would think that would be something in the future that they would look to move some or all of our mailboxes into Azure. But we all have a presence in Azure, so we are using a lot of the features, but I believe there are still a lot more we could use. 

Their support was excellent for the deployment. They were really good. It depends a little bit on who you get at the other end and the nature of your question, but with the Azure AD stuff, we got through to experts who were able to give us the right answer straight away. They were very good at that point.

We didn't use any other cloud solution. That was the first one that we used in the cloud. There's an on-premise Active Directory which is an additional Microsoft Active Directory. And the whole point of Azure AD is that it does connect to that. We haven't used any other directory service apart from those. The on-prem version of Active Directory I've used for 20 years. I haven't used any other active directory service. I'm sure there are others, but these are the main ones.

It's a level of responsibility, which is being passed over to Microsoft, that we no longer have to deal with. Certainly, the companies I've worked with were very happy for those bits of the technology being looked after by someone else. And so we were just in charge of the data that's in there rather than all the other, not-so-interesting things like backup and such.

It's moving the responsibility of the not very exciting bits over to Microsoft and their very good SLA. You can just concentrate on the bits that you're interested in.

The initial setup was pretty straightforward. The only complex thing is syncing your on-premise active directory into Azure AD. It's not overly complicated and they also give you very good support. It's not very difficult to set up.

The deployment took a couple of months in the end because we just wanted to do it at a pace that we were comfortable with. We did some initial tests on users. We synced them into Azure AD, made sure they could access what we thought they could access, and make sure they could still do the same job that they could do before. Then we synced across another set of test users, then a bigger test, and then eventually synced everybody else. We did it over the course of a month. Technically you could do it in less than a week, but we just wanted to be cautious and make sure that it worked as we expected.

In terms of the implementation strategy, we have two different Azure Active Directory setups. We have one in our development area, so we did the development area one first. We sure we worked out how to do the syncing correctly, making sure we can see all the attributes that were on the on-prem AD that were then turning up in Azure AD. And then once we did a development one and that worked as we expected, we then did the production one. We did it in a step-by-step approach. We did a small set of test users, a larger set of test users, and then the entire company. It was a phased approach.

We did the deployment ourselves. We spoke directly to Microsoft when we had a couple of queries because we had an enterprise agreement with them so we can raise a number of support tickets. There were a couple of questions we had about certain features, but the actual setup and deployment of it we did ourselves.

We've certainly seen returns on investment in terms of some of the security features around Azure. We've seen threats that have been detected much earlier. Previously, threat detection and that sort of thing was more of a response rather than doing anything preemptive. Something would happen and we'd then fix it. Whereas now in Azure AD, we've seen recommendations and those sort of things coming through from Microsoft saying, "You've got these accounts, these have all got weak passwords. We recommend getting these changed for end-users before they get hacked." We saw a marked decrease in the number of attacks and breaches against our credentials when we introduced multi-factor authentication for the entire company.

Had anybody, for whatever reason, passed on or shared their username or password, those could then be used to get into our services. Now with multi-factor authentication, we've seen a marked decrease in the number of threats we've seen come through. So there are some marked benefits of the security features.

SSPR, self-service password reset has also realized ROI for us. In the past, 60 to 70% of the calls coming into our help desk guys were for password resets. A large chunk, 50 to 60% of those are gone because people can just go to the URL we've shared with them and reset their password themselves without having to phone us, which means that our service desk guys can deal with real issues rather than just somebody to put on their password. So we saw a large decrease in password resets. We're still trying to get rid of even more of those, trying to make their job even easier, but we've seen a large reduction in the number of password request changes to our service desk.

There are various levels of licenses. There are things called E3 and E5 licenses. E5 licenses come with more features but aren't required for some of the kinds of users who are just using email and Office. They only need an E3 license.

Pricing depends on the size of your organization and the deal you get with Microsoft. If you're a public sector, rather than a private sector, you get a good deal. Academic sectors get very good deals. The vast majority of our users use E5. But we're a Microsoft partner who resells their product so we get favorable rates because of that.

They have various pricing levels and the higher level you buy, the more features you get within Azure. The basic one is perfectly good for most customers. The more advanced and greater security features come with the higher pricing. And so customers who require that like military, banking, government or something are willing to pay that. The private sector generally pays more than the public sector. I know some colleagues who work in the academic sector get extremely good deals because Microsoft is very keen to have academic institutions on board. If you're working in academia or you work in the public sector, you will get a much better deal than you would in the private sector, but that's just business.

An E5 or E3 license is on a per-user basis. So the number of users you sync into Azure AD is the number of licenses you need to report that is going to be consumed by the end-users. It's a per-user per-year license.

The only other cost you get with Microsoft over and above the license cost of using Azure is the cost of using their operating system and software. So if you use Windows, then you can pay for your Windows licenses again through Azure. And if you use Office, meaning Excel, Word, and all that other stuff, you can pay an extra bit and they'll get a 365 license for the entire suite of offices.

If you're buying an E5 Office plus Windows, then you'll get a greater discount than if you were buying those separately. Microsoft will charge you for what you actually use. So if you've got a user who isn't using Office, or isn't using Windows for whatever reason, but they are consuming services within Azure, then you just give them an Azure license. Microsoft will split up and you buy a license based on what you actually use.

There are a couple of other options. There's obviously Amazon AWS and there's now Google GCP. I'm not sure either of those particular cloud providers had a particularly enterprise-level directory service. At the point when we migrated our users to Azure, I believe Azure was the only one that was an enterprise standard. Whilst the other ones have options, they weren't really suitable for the size of enterprise that we were running. 

My advice would be to talk to Microsoft or a partner of Microsoft who will deploy it for you. You can do it yourself, it is absolutely possible but seek advice. Because the more users you sync into Azure, the more you have to pay for their licenses and not everybody has to be using Azure. Sync only accounts you need to, but in all cases, I would seek advice from a Microsoft partner or Microsoft themselves. They'll be able to talk through what you actually need, what you require, and then the best way to implement that. Whether that's syncing your entire user base or whether that's syncing a small subset of them because they're the only ones that are going to consume the services required.

I have learned two main lessons from using Azure AD. First, the introduction of multi-factor authentication. It was such a marked difference in the number of security incidents we had. There was such a reduction. If you have Azure AD, switch on multi-factor authentication, not just for the admin accounts and the highly privileged accounts that can access all the bits, but switch it on for everybody. It is a pain initially, while people get themselves set up. But once it's done the number of incidents you have relating to people losing their credentials is markedly reduced. It's a massive win.

I would rate it a nine out of ten. There are some things they can improve on, but those improvements are pretty small beans compared to what they've done.

It has allowed us to use other SaaS products that will authenticate with Office 365 as well as other Microsoft products and non-Microsoft products, so we can have a single sign-on experience for our users. Rather than them needing to have multiple usernames and passwords, they just use whatever they have as their main username and password to log onto their machine.

It is SaaS based, but we sync up from our on-prem into Azure AD.

With COVID-19 at the moment, this solution is a good example of where we needed to move a lot of our traffic from our on-prem authentication into the cloud. Last year, before I joined the company, we had to setup our VPN differently. It was easy enough for us to do because our machines were already joined to Azure AD. We just split the traffic and stopped having to rely on our on-prem VPN for our Office 365 traffic. We were just good to go into the Internet because we had all the features setup, e.g., MFA and Conditional Access, which made life a lot easier.

It has made our security posture better. There are always improvements to be made, but we feel more secure because of the way that things have been setup and how everything integrates together.

• Single sign-on is the most useful at the onset. 
• The dashboards offered are very granular, in terms of usages. 
• We find the Conditional Access element and Multi-Factor Authentication side of things very useful. 

These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.

Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.

It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.

The one area that we are working on at the moment is the business-to-consumer (B2C) element. It is not as rich as some of the other competitors out there. The B2C element of Azure AD is quite niche. Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing.

In my previous role, there would have been a few things that I would have liked added, but they have already introduced them. Those are already in the roadmap. 

I have been using the product for many years. I have only been at Adecco for six months, but I had experience with it at my prior role as well. Overall, I have used it in excess of five years.

The stability is fantastic. It is a big step from using Active Directory on-premise to now moving to something that has been completely rethought in the cloud. It is very impressive and fits into the whole Microsoft ecosystem, making life easier.

We have had some downtime, but I think a lot of that has been unavoidable from Microsoft's side of things. Microsoft made some changes in some instances which caused certain features to be unavailable, like Azure AD became unavailable a few weeks ago. I love that they were very frank, open, and honest as to what happened. However, the bottom line is that we prefer downtime not to happen. 

We have had no problems with it. We are not exactly the biggest organization, i.e., 30,000 accounts. IT makes up probably 5,000 of those accounts, or less. If we were an organization of hundreds of thousands, then we might be questioning scalability. However, I have never known it not to be scalable. For medium- to large-organizations, it is fine. I think it is when you get into multiple companies with multiple complexities then it becomes a struggle. For us, it is more than scalable for our purposes.

We still have many applications that need to be onboarded to Azure AD. Because we are moving to the cloud, there is a lot more that we need onboarded into Azure AD, but it is working well so far.

The technical support is great. We have a dedicated resource who understands our environment. We have regular meetings with them once a week where we get to discuss the current status of various tickets as well as our questions. The support that we get is very good.

We have Premier Support. We also have Premier Mission Critical Support on Azure AD, which is where we have someone who is dedicated to our setup and knows how our environment's setup. Therefore, if we do have a major issue, then they would be brought in to help resolve those issues.

It was a given that we would use Microsoft. To use Microsoft 365, you need to use Azure AD, so that is what we did.

I have always used AD and Azure AD.

In my previous role, the initial setup was quite simple. It was a simple case of install and follow some wizards, then you pretty much had it setup and synced to your Azure AD from the on-prem. Minimum effort was required.

The deployment was about three weeks, which was mainly the change process and getting it through our internal changes. It was quite quick. 

We did it ourselves internally with some help from Microsoft. There were four people involved in the deployment: the service owner, a Microsoft product engineer, and two internal engineers.

We have the maintenance outsourced to a partner. However, we have had trouble with this partner because of their lack of delivery.

Ideally, I would like around five people to work with the partner and maintain the environment. At the moment, we have one person and are recruiting two others. For our scale, three to five people would be great as well as working with a partner to do the operations. That is the model that I am using.

It is one of those costs where you can't really quantify a return on investment. In the grand scheme of things, if we didn't have it, we would probably have a lot more breaches. It would be a lot harder to detect issues because we would have people using static usernames and passwords for various sites, making us open to a lot more attacks. The amount of security and benefit that we get out of it is not quantifiable but the return of investment from a qualitative point of view is much higher than not having it. 

It is the one platform that should be used for all authentication. Azure AD allows you to have one username and password to access all of your sites, which makes life a lot easier. Therefore, the return on investment is good because people have to use the one ID and password.

Be sure:

1. You know your userbase, e.g., how many users you have. 
2. You choose the right license and model that suit your business requirements.

In the future, I would maybe like better integration with competitive products. Obviously, Microsoft would be selective on that anyway. For example, working alongside Okta as a competitor, their product seems to be a bit richer in its offerings. From what I have seen, Okta has a bit more of an edge, which is something that might benefit Azure AD.

Be prepared to learn. It is a massive area. There are a lot of features offered by Azure AD. It works well within the Microsoft realm but also it can work very well with non-Microsoft realms, integrating with other parties. The fact it is Microsoft makes life so much easier, because everyone integrates with Microsoft. Just be prepared to absorb because it is a big beast. It is also a necessary evil that you need to have it. The advantages outweigh the disadvantages of having it.

The learning curve is both steep and wide. You can only focus on what you can focus on with the resources you have in your organization. It is such a big product and changing all the time. This means that you need dedicated people to be on it. There is a lot of keeping up with what Microsoft puts out there with Azure AD, which is great. This makes its feature-rich, but you need to be able to learn how it integrates into your business as well.

What Azure AD does for my current organization is sufficient, but we are probably not adopting most of what Azure AD has. We do not have it at a mature place at the moment, but we hope (over the next couple of years) to get it up to the latest and greatest.

It is an integral part of using Microsoft stuff, so we are not going to move away from it any time soon. If anything, we will ensure that everything is on Azure AD and authenticating users use Azure AD. That part will still take some time to do. Like most large organizations who have been around for a long time, we have legacy to deal with and some of that legacy does not support Azure AD. So, we are working towards that.

If you come from a company with legacy technology, then there will be a lot of business and technological changes for you to make.

The adoption of Azure AD B2C is progressing somewhat well. That is something that we just started in the last couple of months. We are having more of our products being onboarded into it. We will be moving other implementations of Azure AD into the one Azure AD implementation, and it has been great so far.

I would rate it as a nine out of 10. I would have given it a 10, but it is impossible for something to be perfect. The product does itself a disservice when there is an impact due to downtime, which we have had over the years. Because you rely on it so heavily, you can't afford for it to go down for a few minutes because then there will be user impact. 

We are using Azure Active Directory (AD) for:

• Application authentication, which is single sign-on. 
• Multi-factor authentication (MFA). 
• Conditional access for people coming in from non-trusted networks, which are interlinked. 
• Azure AD B2B. 

These are the four big items that we are using.

The flexibility around accessing company systems from anywhere at any time has proven to be very helpful. Organizations decided during the COVID-19 pandemic, on a very short notice, to announce that everyone should be working from home. The good part was that our company was already working under Azure Active Directory, and most of our applications were under Azure at that time. For us, it was a very seamless transition. There were no major impacts on the migration nor did we have to do any special setups or need to configure networks. So, it was a very seamless experience for our users, who used to come into our office, to access systems. They started working from home and there was no difference for them. We did not have to do anything special to support that transition from working from the office to working from home. It was seamless. There was no impact to the end users.

Bringing our many hundreds of applications onto Azure Active Directory single sign-on authentication has had a big impact on users' productivity, usage, and adoption of enterprise applications because they don't need to log in. It is the same credentials and token being used for days and months when people use our systems with hundreds of applications being integrated. From a user perspective, it is quite a seamless experience. They don't need to remember their username, passwords, and other credential information because you are maintaining a single sign-on token. So, it is a big productivity enhancement. Before, we were not using a single sign-on for anything. Now, almost 90 to 95 percent of applications are on Azure Active Directory single sign-on.

The single sign-on is an amazing product. Its integration with the back-end, like MFA and conditional access, is very helpful for enterprise class companies because of changing dynamics as well as how companies and workers interact. Traditionally, companies used to have their own premises, networks, network-level VPN and proxy settings, and networks to access company systems. Now, anyone can work from anywhere within our company. We are a global company who works across more than 60 countries, so it is not always possible to have secure networks. So, we need to secure our applications and data without having a network parameter-level security. 

Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company.

The analytics are very helpful. They give you very fine grain data around patterns of usage, such as, who is using it, sign-in attempts, or any failed logins. It also provides detailed analytics, like the amount of users who are using which applications. The application security features let you drill-down reports and generate reports based on the analytics produced via your Active Directory, which is very helpful. This can feed into security operation centers and other things.

One of the areas where Microsoft is very actively working on enhancing is the capabilities around the B2B and B2C areas.

Microsoft is actively pursuing and building new capabilities around identity governance.

There is a concept of cross-tenant trust relationships, which I believe Microsoft is actively pursuing. That is something which in the coming days and years to come by will be very key to the success of Azure Active Directory, because many organizations are going into mergers and acquisitions or spinning off new companies. They will still have to access the old tenant information because of multiple legal reasons, compliance reasons, and all those things. So, there should be some level of tenant-level trust functionality, where you can bring people from other tenants to access some part of your tenant application. So, that is an area which is growing. I believe Microsoft is actively pursuing this, and it will be an interesting piece.

I have been using it for three and a half years.

We have worked very closely with Microsoft over the past few years. We were one of the early adopters as an enterprise. We worked very closely with Microsoft to develop many products and features.

Looking at our journey over the last three and a half years, there were a few stability incidents, which is understandable from any technology platform provider perspective. However, it was overall a very good experience with a stable platform. There were two or three major incidents in the last three years.

There are about eight people who handle the day-to-day maintenance. These people focus on single sign-on, multi-factor authentication, and Azure B2B.

The scalability is amazing. Microsoft gets billions of logins every day. They are scaling it every day. They announced an increase in the availability that the SLA guarantees from 99.9 to 99.99 percent from April of this year. Overall, it is very stable and scalable. These are things that we don't need to worry about.

It is fully rolled out to everyone in our organization.

Overall, the technical support is very good. Overall, if you follow the customer support route and raise an incident ticket, then they are very prompt. They work very closely and collaboratively with us. We have a dedicated technical account manager (TAM). We have governance in place. We engage with them bi-weekly. So, we have a pretty good working structure with them.

Identity within Microsoft is a separate division, and we work very closely with them.

We didn't use another solution before Azure AD.

The initial setup was straightforward.

How you plan the tenant and set it up is quite key. There are major components that you need to be aware of: 

• Are you planning to implement multi-factor authentication at the tenant level? 
• What type of conditional access policies do you want to implement? 
• What type of access governance do you want to put in? 
• What type of role catalogue do you want to maintain? 
• What type of structure of the AD organization you want to maintain? 
• What type of device registrations do you want? 

There are some prerequisite checklists available from Microsoft. However, these are quite fundamental decisions. If you don't take the lead on them, these decisions will impact you, then you have to go back and fix them later on. So, plan ahead. 

Initial deployment took us a few months across our organization, but we decided to use most of the elements at a very early stage. So, our use case could be different than other companies. Some organizations that I know have chosen not to deploy multi-factor authentication nor do self-service password reset to deployment, then the user community is impacted with that. It can differ organization to organization based on the scale, number of users, locations, etc. So, there are many factors involved. 

We phased out our deployment over a couple of years, focusing on single sign-on and multi-factor authentication, then self-service password reset and other components. So, we did it as a phased deployment with a small team of four or five people.

I strongly recommend the Microsoft GTP Teams, which are with their R&D division. They have a go into production, dedicated team who work with customers from an end-to-end lifecycle perspective. So, they will help you to build the tenant from scratch, following the right standards and guidelines. For us, it was straightforward, but we started this journey in 2017/2018. It is quite a mature product now.

We work with most managed service providers, like Infosys, TCS, Wipro, etc. We have had good experiences with them. Initially, we worked with Infosys.

We are closing all data centers. Therefore, to build or enhance any existing capability in applications, it could have been very a costly effort for us. Rather than building an authentication platform, we are using a standard-based approach where we just need to plug and play. Instead of going in and reinventing the wheel for every application, we are using a standard out-of-the-box service offering from Azure Active Directory, where we just consume that service, then users have a seamless experience.

Having a single supplier saves you loads of headaches from:

• Multiple suppliers and multiple technologies
• Integrating everything.
• Doing upgrades.
• Maintenance.
• In-house deployment
• Having multiple components of those solutions to work together.
• Managing multiple vendors, supplier support teams, contracts, renewals, and licenses. 

If you are dealing with one supplier with an out-of-the-box solution, which provides you end-to-end capabilities, then it is naturally cheaper and less of a headache to manage and operate.

This solution was the natural choice. There is no vendor nor supplier providing this type of capability right now in the market, especially considering people in organizations are using Office 365. So, it is the natural choice to not to go with a third-party supplier, then try to integrate those third-party solutions and technologies into Microsoft. It is one box and the same Office 365 tenant in the same environment where you operate all your settings. Therefore, it is a very natural, out-of-the-box solution.

Look at the market. However, look at it from an end-to-end perspective, especially focused on your applications and how a solution will integrate with your overall security landscape. This is key. Azure Active Directory provides this capability, integrating with your Office 365 tenant, data security elements, classifications, identity protection, device registrations, and Windows operating system. Everything comes end-to-end integrated. While there is no harm evaluating different tools, Azure AD is an out-of-the-box solution from Microsoft, which is very helpful.

Every day we are increasing the number of users and onboarding new applications. Also, we are growing the B2B feature. We try to use any new feature or enhancement coming in from Microsoft, working very closely with them. It is an ongoing journey.

Dealing with a single supplier is easier rather than dealing with five suppliers. Historically, if you have to do anything like that, then you will end up dealing with at least 10 different vendors and 10 different technologies. It is always interesting and challenging to manage different roadmaps, strategies, upgrade parts, licensing, and contracts. The biggest lesson learnt is wherever you can go with native-cloud tools and technologies, then go for it.

I would rate this solution as 10 out of 10.

Microsoft Authenticator is a third-party application used to authenticate users in our Microsoft environment, such as accessing emails or applications like Excel, Word, or any other application. It is also used for online login purposes. The configuration process is simple from the admin side; we just need to enable it for the user. The user will receive a notification on their mobile device and then needs to download the Microsoft Authenticator app. They can add their account by entering their username and password. Once this is done, the configuration is complete.

While using any applications in the environment, users need to authenticate using Microsoft Authenticator. They will receive a one-time password that expires in thirty seconds, which they must use for authentication. One advantage of using Microsoft Authenticator is that it ensures the security of user accounts. Even if someone tries to hack or authenticate into another person's Microsoft account, they will be unable to do so without the password. The user will receive a notification if someone attempts to access their account and can choose whether to grant them access or not. If any unauthorized access is detected, we will investigate to identify the person behind the authentication attempt.

Microsoft Authenticator is highly secure. It is connected to its own servers. Using this application employs encryption methods, and the user has the right to access it. Additionally, we can utilize the biometric fingerprint tool for authentication, ensuring that only one person has access to it. This feature is extremely beneficial.

The cost of licensing always has room for improvement.

I have been using Microsoft Authenticator for three years.

Microsoft Authenticator is scalable.

The initial setup is straightforward. We downloaded it from the Google Play store and used a name and password. That's all it takes, and we're ready to go. The configuration duration is set on an admin site, but the actual configuration must be done on the end devices themselves. This can include mobile devices, tablets, or any other device that we can use, and takes about ten minutes to complete.

We have observed a 60 percent return on investment with Microsoft Authenticator, which provides us with peace of mind, knowing that there is no unauthorized access occurring.

Microsoft Authenticator is included in the package when we purchase a license from Microsoft.

I rate Microsoft Authenticator ten out of ten.

We have 120 users. The solution is used daily and is required whenever a Microsoft account needs authentication to ensure that only the data owner or email owner has the proper authentication to access the mailbox or application.

I will advise people to continue using the Microsoft Authenticator because it provides security and data protection. From a cybersecurity perspective, it is beneficial to use the Microsoft Authenticator for the authentication of Microsoft products.

We primarily use the solution for most of our enterprise identity management. 

It's improved our company through the security policies. It's helped improve our security posture. 

It's pretty easy to implement. In most of the apps nowadays, it has the ability to use multifactor authentication, SSO.

The control is great. It offers good conditional access.

It helps with managing user access via one pane of glass in most cases. 

The security policies we are applying are pretty well structured. 

The solution is nice to use. Microsoft did a good job.

My assessment on Microsoft EntraID admin center for managing all identity and access as our organization. It's great. It's very well organized, pretty straightforward, and easy to use. It's not just that it's easy to use, it's very intuitive. Everything is easy to find. 

We use Microsoft Entra ID conditional access features and improve the robustness of our zero-trust strategy to verify users. 

The permission management feature is good. 

The visibility and control are very good. The whole intro ID concept is pretty intuitive. Even if you have never used this and you have some experience in IT, you will be able to handle the solution easily.

It's helped our IT department save time. It also helps with speeding up processes. I can't speak to the exact amount of time saved per week, however.

The solution helps the company save money. 

It's positively affected the employee user experience. 

It's just been renamed. That said, I can't speak of room for improvement. There may be areas that could be better, however, I haven't thought too much about that. 

I would change the device access a bit. It's very difficult. I would add some features. I would like to be able to authenticate Wi-Fi users using the Azure ID. However, my understanding is it needs to be from both sides, from the vendor that is creating devices for the Wi-Fi and for the networking part and Microsoft. 

The company has been using the solution since before I arrived. I have used it for around four or five years. 

The solution is stable. I've never seen big issues. It's pretty much a stable product. 

Sometimes Microsoft has small issues, however, nothing that would cause the entire company to not be able to work for a whole day. 

More than 1,000 people are currently using the solution. 

It is a scalable solution for sure. 

I've never used technical support. 

I've used a few different solutions. Mostly I've used Active Directory. It does the same thing; it has just been renamed. 

I was not a part of the implementation. It was done before I joined the company. 

It may require a bit of maintenance, however, it's not a task that is part of my department. 

I don't deal with pricing. It may state the cost online. 

I did not evaluate other options. 

I'm a user.

I'd rate the solution nine out of ten. I'd advise others to use it. Even the free tier has a lot of features that even a small company would benefit from. 

We use it as the Active Directory on the cloud. We have the systems on-premises and on the cloud. We connect the AD data to Azure. We have a single sign-on service on multi-cloud. We use the single sign-on feature on, for example, AWS.

In terms of the version, we use it as a service, and it is always updated to the latest version. 

Microsoft Entra ID helps to synchronize information from on-premise Active Directory. There are security features such as multifactor authentication. We can also use a single sign-on to connect with the other application on the cloud. 

It helps our admins to have more security. It is helpful for authentication methods, log checking, and audit trails in case of security concerns. However, it has not saved them time.

Microsoft Entra ID has not helped to save our organization money, but it helps to improve security.

The security features, multi-factor authentication, and service management features are valuable.

Microsoft Entra ID provides a single pane of glass for managing user access. Its menus are properly categorized, and they make it easy to use for our work and processes.

One thing that they need to improve is the cost. It already has a lot of features, but more protection of the identity would be beneficial for customers.

I have been using this solution for three years.

It is stable.

It is scalable. In our environment, we mostly have Microsoft solutions such as Microsoft 365, email, OneDrive, SharePoint, Power Apps, etc. Entra ID is deployed across multiple locations for multiple users. We have a Microsoft 365 license for all employees. We have two admins who take care of configuration and monitoring for security and data loss prevention. 

We have plans to increase its usage.

I have not contacted their support.

We did not use any other similar solution previously.

I was not involved in its deployment. 

It is costly.

I would recommend this solution to others. Overall, I would rate Microsoft Entra ID an eight out of ten.

It's something that we use every day. We're migrating all of our customers over to it.

We use it for Office 365 and Azure services.

It's a cloud service. You do not depend on local identities. You can just synchronize the identities. It gives you the opportunity to use the security services that come with Office 365 and Azure. 

It does offer a single pane of glass for getting into all applications. However, we have some customers that have a hybrid environment and it depends on what applications and if the client wants them authenticated with Azure or not. In general, it's been positive for the final user experience.

We do have to manage identities on-premises in Azure and have one point of entry and the solution allows for that.

We use conditional access. That's a must for customers - to be able to verify users and devices. It helps with initiating a zero-trust policy. It's one of the main functionalities we really like. You can get granular with the policies in terms of access. 

We use conditional access in conjunction with Endpoint Manager. We also push Endpoint Manager as a solution to work with devices. That's also something that we try to push to the customers in any project. Most of the time, they go with it and like the idea of being merged with which are Endpoint Manager. Sometimes there are some customers, small customers, that maybe don't want to use that. Our position is to always use an endpoint manager.

It's helped out IT managers a lot in terms of the features on offer. I'm not sure of the exact amount of time that has been saved in general. I'm not involved in the day-to-day management from a customer's perspective. 

It's had a positive effect on the user experience. I'd rate the improvement nine out of ten. 

Support could be improved.

Okta has had more time in the business than Microsoft. I hope, in the roadmap, Microsoft eventually offers the same features as Okta. It will take some more time to mature. 

I've been using the solution for five years.

The solution is scalable. 

Customer support is good. However, it could be better sometimes. They do answer fast, however, the resolution itself is not fast. The first level of support will most likely have to move the issue to level two or three technicians and that process makes the resolution take longer.

Positive

I did not previously use a different solution. I deal strictly with Microsoft. I don't deal with any other companies. I'm dedicated to Microsoft. 

I was involved in the deployment process. It's easy for someone who's done it many times. 

In my department, we have ten to 15 colleagues that can handle these migrations or synchronizations. 

It's an easy product to maintain. 

We do have a customer that has Okta, and while we don't deal with it directly, we know what it does. We don't use it. Okta has specific features that are different from this product, however, it's not something we sell. For example, Microsoft can synchronize users from local to Azure, and not vice versa. Okta can do that, however. Also, the management lifecycle feature in Microsoft isn't as robust as Okta. 

Okta does have a lot of models, as does Microsoft. In both cases, depending on what you need, there would be a different license. 

There are not too many companies that have Okta in Spain, however, those that have would have many environments across AWS, Google, et cetera - not just Microsoft.

We're integrators. We don't use the solution ourselves. 

We do not use Permissions Management. I'm not sure if it is one functionality or a combination of several. 

I'd rate the solution eight out of ten. 

We sync up our on-premise Active Directory with Azure AD and use it for app registration. All of our cloud-based DevOps activities use Azure Active Directory.

Azure Active Directory has many automation capabilities, and you can apply policies on top. You can do a lot of things with these combinations and integrate other tools like PingFederate. We've likely saved some money, but I don't know how much. 

The solution has made our environment more controlled and robust. At the same time, functions become more challenging for users when you add more controls and multi-factor authentication. However, these measures are essential when you're dealing with a complex environment that crosses multiple regions and cloud platforms. 

I like Azure Active Directory's integration with GT Nexus, and it improves our overall security. Azure AD enables us to manage user access from a single pane of glass. We use single sign-on and multifactor authentication. Teams are required to have Authenticator downloaded on their devices. 

We use Azure AD's conditional access feature to fine-tune access controls and implement a zero-trust policy using authentication tokens. The calling application needs to verify those tokens. The tokens contain information that the application needs to verify. Every application or user needs to be registered in the system to access it.

In Azure AD, applications either use the managed identity or ARBAC for permission control, and we use SaaS on top of that. Policies can be used if there is anything else infrastructure or access-related. 

Permission management works the same way across all cloud platforms. You can have granular or course-grade permissions. It depends on what you want to use and how you want to use it. I'm on Azure, so I know how they use it. 

Azure AD could be more robust and adopt a saturated model, where they can offer unlimited support for a multi-cloud environment.

I have used Azure AD for two years. 

I rate Microsoft's support a nine out of ten. We are preferred partners, so we get high-priority support. 

Positive

I rate Azure Active Directory an eight out of ten.