Microsoft Entra ID Reviews

It's something that we use every day. We're migrating all of our customers over to it.

We use it for Office 365 and Azure services.

It's a cloud service. You do not depend on local identities. You can just synchronize the identities. It gives you the opportunity to use the security services that come with Office 365 and Azure. 

It does offer a single pane of glass for getting into all applications. However, we have some customers that have a hybrid environment and it depends on what applications and if the client wants them authenticated with Azure or not. In general, it's been positive for the final user experience.

We do have to manage identities on-premises in Azure and have one point of entry and the solution allows for that.

We use conditional access. That's a must for customers - to be able to verify users and devices. It helps with initiating a zero-trust policy. It's one of the main functionalities we really like. You can get granular with the policies in terms of access. 

We use conditional access in conjunction with Endpoint Manager. We also push Endpoint Manager as a solution to work with devices. That's also something that we try to push to the customers in any project. Most of the time, they go with it and like the idea of being merged with which are Endpoint Manager. Sometimes there are some customers, small customers, that maybe don't want to use that. Our position is to always use an endpoint manager.

It's helped out IT managers a lot in terms of the features on offer. I'm not sure of the exact amount of time that has been saved in general. I'm not involved in the day-to-day management from a customer's perspective. 

It's had a positive effect on the user experience. I'd rate the improvement nine out of ten. 

Support could be improved.

Okta has had more time in the business than Microsoft. I hope, in the roadmap, Microsoft eventually offers the same features as Okta. It will take some more time to mature. 

I've been using the solution for five years.

The solution is scalable. 

Customer support is good. However, it could be better sometimes. They do answer fast, however, the resolution itself is not fast. The first level of support will most likely have to move the issue to level two or three technicians and that process makes the resolution take longer.

Positive

I did not previously use a different solution. I deal strictly with Microsoft. I don't deal with any other companies. I'm dedicated to Microsoft. 

I was involved in the deployment process. It's easy for someone who's done it many times. 

In my department, we have ten to 15 colleagues that can handle these migrations or synchronizations. 

It's an easy product to maintain. 

We do have a customer that has Okta, and while we don't deal with it directly, we know what it does. We don't use it. Okta has specific features that are different from this product, however, it's not something we sell. For example, Microsoft can synchronize users from local to Azure, and not vice versa. Okta can do that, however. Also, the management lifecycle feature in Microsoft isn't as robust as Okta. 

Okta does have a lot of models, as does Microsoft. In both cases, depending on what you need, there would be a different license. 

There are not too many companies that have Okta in Spain, however, those that have would have many environments across AWS, Google, et cetera - not just Microsoft.

We're integrators. We don't use the solution ourselves. 

We do not use Permissions Management. I'm not sure if it is one functionality or a combination of several. 

I'd rate the solution eight out of ten. 

We sync up our on-premise Active Directory with Azure AD and use it for app registration. All of our cloud-based DevOps activities use Azure Active Directory.

Azure Active Directory has many automation capabilities, and you can apply policies on top. You can do a lot of things with these combinations and integrate other tools like PingFederate. We've likely saved some money, but I don't know how much. 

The solution has made our environment more controlled and robust. At the same time, functions become more challenging for users when you add more controls and multi-factor authentication. However, these measures are essential when you're dealing with a complex environment that crosses multiple regions and cloud platforms. 

I like Azure Active Directory's integration with GT Nexus, and it improves our overall security. Azure AD enables us to manage user access from a single pane of glass. We use single sign-on and multifactor authentication. Teams are required to have Authenticator downloaded on their devices. 

We use Azure AD's conditional access feature to fine-tune access controls and implement a zero-trust policy using authentication tokens. The calling application needs to verify those tokens. The tokens contain information that the application needs to verify. Every application or user needs to be registered in the system to access it.

In Azure AD, applications either use the managed identity or ARBAC for permission control, and we use SaaS on top of that. Policies can be used if there is anything else infrastructure or access-related. 

Permission management works the same way across all cloud platforms. You can have granular or course-grade permissions. It depends on what you want to use and how you want to use it. I'm on Azure, so I know how they use it. 

Azure AD could be more robust and adopt a saturated model, where they can offer unlimited support for a multi-cloud environment.

I have used Azure AD for two years. 

I rate Microsoft's support a nine out of ten. We are preferred partners, so we get high-priority support. 

Positive

I rate Azure Active Directory an eight out of ten.

I am using Azure AD to assist a client with COCC level one and level two certifications. The primary use of the solution is its conditional access feature to enforce fine-tuned and adaptive access controls. The robustness of a zero-trust strategy to verify users has helped in implementing zero trust right now.

The client has to have a clone network storage and manage the services it provides to the handful of people he works for. The control and identify data do what it is supposed to do, as advertised, but the client is not utilizing those features.

The security and compliance features are very helpful. The online information on the site is well documented.

One thing I would like to see is when you're doing control measures if you could globally apply them instead of going through every user individually. I looked at this problem twenty years ago, and it has stayed the same. In twenty years, it's still the same one by one. The default is whether you get group permissions or role-based assignments, you still have to go in individually to everyone every time, which is cumbersome to me. My problem with Azure AD is that it's designed for medium to large systems, and we're not that large.

I rate it an eight out of ten.

I have been using the solution for less than a year, and the client that I'm consulting with has been using it for about four and a half, five years.

It is a stable solution.

Since we're starting with three people, it's probably not going to grow to more than ten people in the next five years. So the scalability is fine for my client's needs.

We have not contacted Azure's technical support.

The initial setup was straightforward. The client has got three people working for him.

For a small business buying individual licenses, it is an affordable solution.

We use the solution for single sign-on, provisioning, de-provisioning, conditional access, and identity governance.

The access governess feature improves our compliance.

Privilege Identity Management is the most valuable feature.

The licensing and support are expensive and have room for improvement.

I have been using the solution for five years.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

The support is really good.

Positive

The initial setup was straightforward. The time required for deployment will vary depending on the features that we plan to use. Typically, two to three weeks should be sufficient for deployment.

The implementation was completed in-house.

We have seen a return on investment.

I give the cost a three out of ten. The licensing is expensive.

We evaluated Google Cloud Identity.

I give the solution a nine out of ten.

Two to three engineers are required for the Maintenance. The majority of the maintenance is completed by Microsoft.

I recommend the solution to others.

We deployed the solution across multiple geographical areas.

Azure AD is primarily used as the backend for all Microsoft Office 365 user accounts and licensing, as well as for securing those accounts. Endpoint Manager is also utilized, which is part of domain control in the cloud, even though it is not Azure AD.

Azure AD has enabled the organization to set up single sign-on to all applications and has consolidated everything to a single cloud authentication for users. This saved a lot of time by not having to administer accounts in multiple systems, and it has also made it easy to control user identity for all cloud and internal applications. Security features such as attack surface rules and conditional access rules are also highly valuable and help the organization feel safe with all its user accounts. The Entra conditional access feature is used to enforce fine-tuned and adaptive access controls, and it is perfect for verifying users in line with the Zero Trust strategy. Overall, Azure AD enabled the organization to control one set of accounts and policies for everything, providing a huge benefit.

The security features, such as attack surface rules and conditional access rules, are the most valuable aspects of Azure AD.

The only improvement would be for everything to be instant in terms of applying changes and propagating them to systems.

I've been using this solution since 2017.

The stability of Azure AD is perfect.

Azure AD is highly scalable and enables the organization to control everything from one office.

The support channel for Azure AD is probably pretty good, although there was a strange experience with technical support once. Overall, the customer service and support would be rated as positive, with an eight out of ten rating.

Positive

I have never used any other products except Google Workspace, which is very intuitive but not comparable to an identity system.

The initial setup of Azure AD was quick and took just a workday or two, although tweaking it took about a week. The implementation of Azure AD probably took about 48 hours. In terms of maintenance, Azure AD doesn't require any maintenance as it is a cloud service that is always up to date.

At the time, we used contractors to set it up because it was new to us. If I was going to do it today, it wouldn't be that complex for me because I now know the ins and outs of it, but at that time, we contracted people to help us set it up so that we could do it with the best practice. We probably had just one contractor and then we just helped out.

For those looking to implement Azure AD in their organization for the first time, it would be recommended to get rid of the legacy Active Directory right away and go straight to Azure AD instead of starting out hybrid and having to wind that down. If local Active Directory isn't needed, it's best to move all authentication over to the cloud and scrap the Active Directory domain controllers. The Entra portal is a huge benefit as it provides a consolidated view of everything and makes it easier to navigate security, users, conditional access, and identity protection.

Microsoft has been consolidating the view to provide a single pane of glass. It has been more and more down to that. They're now out with something called Entra. It's the Entra portal, and it has a very consolidated view of everything I need to do. Microsoft Entra is basically Endpoint Manager, Microsoft Defender, and Azure Active Directory pulled together for an easy view and ease of navigation. I've started to use Entra a little bit. It has only been out for a little while, but it was created to simplify finding everything. So, instead of navigating through the portal at Azure, I've started using Entra. I like it a lot. At first glance, it looks very intuitive, especially based on how I've been navigating until now. 

What Entra is doing is a huge benefit. If you're starting up today, it's much easier to get into security, users and conditional access, and identity protection. They've consolidated most of the important things there. You can navigate to everything from there, but they draw forth the most important ones in a more intuitive way. They've done that, and what they've done with Entra is what was missing.

Overall, I'd rate Azure Active Directory an eight out of ten. 

We use it for identity and access management for cloud-based applications.

A couple of features are valuable, but the one that comes across the most to me is multi-factor authentication. That is huge because, with the promise of cloud—the ease and flexibility—comes a challenge of security. That means organizations are quite susceptible to cyber security threats and attacks. Nowadays, because assets have moved from the on-premises environment to the cloud, identity has become a new parameter. 

MFA is the most valuable feature because it only takes threat actors who keep guessing the password—even a password with a high degree of complexity, given all the tools available to crack them—to gain access. Then they are able to steal identity information and all the digital assets of an organization. 

We, ourselves, experienced a "near miss" but we were able to detect it at a very early stage and then immediately implement multi-factor authentication, which of course means that in addition to the regular user ID and password, there's another key requirement for validating and verifying the true identity. That's been very valuable to us and to our clients.

We also use Entra’s Conditional Access feature to enforce fine-tuned and adaptive access controls. It's all about taking a further step and layering additional controls to prevent unwanted access. It helps with Zero Trust, ensuring that we can protect assets. The entire paradigm is to make sure that you do not grant access to any potential user without verifying and properly validating who that entity is. That's most invaluable because you can identify a set of conditions that are unique to the organization. They can be related or linked to the profile of the organization and, based on that, you can grant access. Microsoft, from what we've seen, is at the forefront. They're actually spot-on with that.

Using wild imagination, I am thinking about to what extent AAD can integrate with products in a seamless way, such as applications that are running on-premises and making use of on-premises directory services. The most common, of course, is Azure Active Directory Domain Services. To what extent can it be used to replace the on-premises Active Directory Domain Services? Even though they are similar in concept, they are totally separate products. 

I would like to see applications that make use of on-premises Active Directory Domain Services have the ability to also seamlessly make use of Azure Active Directory.

And when it comes to identity and access life cycle management for applications that are run on-premises, as well as access governance, if those kinds of capabilities could be built into Azure Active Directory, that would be good.

I have been using Azure Active Directory since 2015.

It's very stable. I don't think I can recall a major outage of Microsoft's products or services. 

There could be outages impacting other services, and over time, you do experience degradation. But what makes it work is that Microsoft has a lot of resilience built into its cloud architecture.

It's highly scalable. I've worked on projects where we have to deploy Active Directory for in excess of 12,000 users.

More than 90 percent of the people in our organization are using Azure Active Directory.

Overall, I'm satisfied. In some cases, there are incidents that take some time to resolve, but those are more exceptions than they are the rule. We seem to find such cases when we have situations with on-premises workloads, technologies that are not yet in the cloud.

But for the most part, in recent times, on average we tend to have quicker resolutions, relatively speaking, for issues that have to do with the cloud product. 

What I consider to be the aspect that makes the experience good for us is that we get support for all the products. We have access to Premier Support and that enhances the quality of our experience.

Neutral

It's quite easy to set up.

The time needed to set up Azure Active Directory is a function of the environment. For simple deployments, it can be done within hours or within a day. But for complex environments, it might take anywhere from two weeks and up. You need to go through an environment assessment and make use of a project delivery framework.

For example, suppose a customer already has on-premises Active Directory services, and the requirement is to deploy or implement a hybrid identity architecture. That means there are workloads on-premises and in the cloud, and the customer wants to use the same identity scheme or single sign-on. Those are the type of requirements that determine how long it will take to get Azure Active Directory set up.

Deployment generally requires a project manager, an engagement manager, and an architect; a minimum of three people. And if there are other specific solution domains that require specialist skills, it could be four.

There is zero maintenance. The focus, in my own experience, is typically around security: how you're monitoring the environment to ensure that it's still secure. And when there are incidents, to what extent, and how quickly, you can triage and pinpoint and remediate to keep the infrastructure secure? But the actual is maintenance is zero.

It will save us money eventually, even though that's not the case now. For example, for HR, with onboarding and exits, we're beginning to see that this is an area where Entra can help us manage the life cycle of identities. The convenience that comes with that, and how that also helps ensure security and compliance, are areas that Entra can help us with.

The pricing of Azure Active Directory is competitive. By default, the product exists in almost every Microsoft cloud product. But it then depends on the features that a customer really wants to make use of. The extent of the security requirements will inform what kind of plan will be suitable for the customer's situation.

As a business, we have always been cloud-native, so we've always been making use of Azure Active Directory. The very fact that that's what drives our productivity platform, both for ensuring that employees are well engaged and they can deliver on productivity, and meet customer requirements and demands, means we haven't looked at alternatives.

Regarding Entra, the expectation is that when it is deployed, the employee experience should be better. We haven't started exploiting all the features of Entra. It makes use of the core Active Directory: identity and access management, conditional access, et cetera. But we're not making use of all its features at the moment. We hope to implement them in the near future.

Overall, I'm satisfied.

We use Azure AD to manage users in terms of user accounts and profiles. We also use it to manage applications, access control, and application management.

Azure AD has helped improve the onboarding and offboarding process, especially with the user provisioning and SSO. With Azure AD, once a user account is created, the user automatically gets synced across all of our applications without the admin having to touch each application once at a time.

The solution helped improve our onboarding process by saving us a lot of time.

The feature I have found the most valuable is user provisioning (SSO). Azure Active Directory provides a single pane of glass for managing use cases. 

How it works is once it has all been set up, it allows the user to use the same credential – the username and password – across multiple applications. It creates ease of use for the user as they don't have to keep entering a username and password across multiple applications.

Azure AD allows us to manage the users' access from a single point. In a typical environment, if, for example, a user exits the company and the account needs to be disabled, you would have to go across each application to disable that access. With the Microsoft experience, you just have to disable it from the Azure Active Directory, and then it syncs across all of the applications. Once the account is disabled on the Azure, the accounts are disabled on all applications. The user instantly loses access across all applications without the admin having to go to each application one at a time. When you are offboarding an exited user or an employee that leaves the organization, there's no room for error in terms of missing out or forgetting to revoke an access for a particular application.

I would like to see Microsoft communicate how they intend to manage legacy applications. Right now, you still have to deploy a hosted domain server (which comes at an extra cost) if you have a legacy application that cannot sync properly with the enterprise applications and the modern applications.

I have been using Azure Active Directory for about five years now. 

Azure is stable. 

Azure is scalable. 

Microsoft's tech support is very responsive and really supportive. They will work with you if you have any concerns or if you have any issues. They have experts that will be able to jump on a call with you and assist you in making sure that whatever your concerns are, they all get resolved.

Positive

I did not previously use a different solution. 

The initial deployment was straightforward for me because I already had a pretty good experience managing the on-prem Active Directory. The deployment of the directory itself does not take long. However, it took us about a couple of months to carry out the user creation, create the Conditional Access policies, and to test. You have to test your policies before you go live. We had a lot of design to do in terms of setup, testing, rollout, and setup for each feature that we needed to implement. We had more of a test phase before the go-live phase. That's why it took quite a while. 

We did our deployment in-house. We had three people on the deployment. 

We have seen a return on investment from Azure AD because, first of all, we have been able to use the Cloud infrastructure to bring in more response. Also, it has high availability. We can easily scale it up or down, thereby managing costs. Now, in terms of the Azure Active Directory Office 365, we also have scale licenses where we get to manage the licenses across multiple users, thereby reducing costs of having to purchase one per user.

I would say that Azure AD's pricing is very reasonable because of the structure and in terms of the solution. I can offer this tip for the licensing: if you plan on going to a CSV, you can get a certain level of discounts.

We looked at Google Workspace when we were trying to migrate from on-prem to the cloud. At the end of the day, after analyzing and comparing most of the features that we are going to go with and how it will integrate with our existing system, we found the Microsoft Azure Active Directory to be more effective and better suited to our requirements.

This is how Azure AD stacks up against Okta. Okta is a third-party application for syncing user profiles from on-prem to cloud. However, Microsoft already has a pretty good application for that, which is Azure's AD Connect. It's more or less the same thing as Okta and more effective in the sense that with AD Connect we can actually get to query the user objects in terms of all the attributes to work on-prem and on the Cloud, just the same way you probably do it if you run an LDAP query. This is something you might not get with Okta because of the integration with the Active Directory.

My advice to someone looking to implement the solution is: your in-house technical support needs to understand the technology and your requirements as an organization because Azure is very robust. You need to know exactly what you intend to deploy and the requirements you intend or need. If you have that covered, Azure AD will be simple and straightforward to use. If you are able to plan and manage the users and services, it is really cost-effective.

I have identified that Azure Active Directory has a lot of features that are handy and useful. Microsoft is also constantly improving on it and it has all the required features that my organization requires. 

Azure AD is helpful and user friendly when it comes to managing identity and access tasks. It helps you manage that effectively because you have all the clouds, you have profile creation, you have all the features. Everything is easy to locate and simple to navigate.

Azure AD allows us to improve compliance for enforcing fine-tuned and adaptive access controls. It also allows us to manage access to all the applications in our environment. With it, we can create design policies that either the leader or the identify side from HR has to comply with before a particular user gains access into our environment or into a particular service within our environment.

We use Entra's Conditional Access feature in conjunction with Microsoft Endpoint Manager. We do so because one part allows for full control in the endpoint for managing access on the user and that user as an object, and then the other manages the device as an object.

This combination has the ability to reduce the risk of unpatched devices connecting to your corporate network. It will prevent a user from accessing an environment or a service space via a compromised device. If a user, for example, tries to access our network, service, or environment, via a compromised personal device, this combination will help prevent that kind of intrusion. Also, if a corporate authorized device gets compromised, that's when we find out the device is authorized to access that environment. It also helps to manage and restrict access.

Entra has helped our IT administrators and HR department save time. As a rough estimate, I would say it has cut our costs down by 20 hours per week.

Microsoft Entra has affected our employee user experience by helping to manage the end-to-end communication between user, device, and services by creating a very similar communication and very similar to the experience, which allows the user to be able to connect seamlessly to services and also to the device itself.

We use Azure AD to implement Conditional Access policies and privileged access management.

There are plenty of benefits. First, as we had Microsoft AD on-premises, it was very easy to configure Azure AD. We are using the password hash sync for authentication, so authentication on the cloud is very seamless when users use applications on the cloud. That is very important.

Also, with the help of sign-in logs, we are getting information about every application, such as where a user is trying to log in and from which device, making things very crystal clear. We only get this type of transparency and accuracy only from Azure AD.

We use the Conditional Access feature to fine-tune access. We implement a lot of access policies. For example, we want to get rid of client machines with Windows XP and some legacy applications, so we created access policies to prevent logins from those devices and those applications. We have also created policies to prevent logins from certain areas around the world. These abilities are very helpful in preventing phishing and scams.

In addition, there are so many tasks and activities that are automated in Azure AD. For example, we have enabled the password reset self-service so that users can reset a password themselves and log in to their accounts. That is one way it saves time for our help desk team. It no longer requires the help desk. From an administrative perspective, it's very convenient for us to manage and maintain the users of the organization. Azure AD is saving us 10 to 12 hours per week, and that's for just one person who would otherwise be responsible for resetting passwords.

The solution has also prevented so many potential cyber attacks, and that has saved us money. And by saving man-hours, we have saved money. Thirdly, we have been able to reduce manpower. I would estimate it has saved us 20 percent in terms of costs.

Another benefit is that, from a user perspective, it is very smooth and easy to sign in to all the Microsoft applications with the Azure AD sign-in. The UI is very intuitive for Microsoft accounts, so it's very easy for them to log in. We also have single sign-on enabled for desktops, so whenever a user signs in to an application on their machine, they don't need to sign in again and again. With the help of the same token, all other applications can be opened easily.

Two very important features in terms of security are governance and compliance through the Conditional Access policies and Azure Log Analytics.

Also, Azure AD provides a single pane of glass for managing user access.

I mainly work with the Microsoft Security portal so I can get access and privileges to maintain all the security policies, including Conditional Access policies and privilege access management for just-in-time access, as well as Azure AD sign-in logs. These factors are very important.

When it comes to managing identity, we have E5 licenses. We are using every application from Office 365, so it is very easy for us to manage identity with the help of all those applications. We are also using third-party applications that are integrated with Azure AD and that makes access management easy.

From an admin perspective, I would like to see improvement in the Microsoft Graph API.

I have been using Azure Active Directory for six to seven years.

There are some bugs that we find monthly or quarterly, but all the bugs are fixed by Microsoft.

It is scalable.

We have it deployed in Europe and there are about 15,000 users.

I received good technical support when syncing on-premises users to Azure AD. It was very smooth. But for help with Conditional Access, I got poor support.

Neutral

We had on-premises AD and then we introduced Azure AD. We synced all the users from on-premises to Azure AD. Then, with Office 365, we installed Exchange Online and Teams. For single sign-on we have ADFS [Active Directory Federation Services] on-premises, but now we are migrating our applications to Azure AD SSO for single sign-on.

The initial deployment was very straightforward. It only took a day to deploy. The plan was first to get information about our on-premises Active Directory users, computers, and groups, and then we had to determine how many licenses and which types of licenses we needed for those. We also had to think about which type of authentication method we were going to use.

Our deployment involved three to four people.

Maintenance is just checking for updates.

Personally, I feel Microsoft is very costly compared to other products. That is also what management is thinking. But when we consider security and support, Microsoft is better than any other product. It is somehow justified, but I feel it is costly.

I have worked with Okta but for single sign-on only. It does not provide all the features or meet all our demands.

If you want secure data and secure identities, go for Microsoft Azure AD.