Microsoft Entra ID Reviews

I use it for managing identities, access, and security in a centralized way. I help other people use this product.

Using Azure AD has improved our security posture overall, more than anything I've ever worked with.

It enables end-users to be more secure without it actually affecting their work. Usually, security solutions makes it harder for them, so many start using other solutions instead, solutions that are not managed or monitored by the organization. But when we use Azure AD's Conditional Access, for example, as long as they behave, users don't even notice it.

The passwordless feature means they don't even need to have a password anymore. It's easier for users to be more secure. You can invite anyone to collaborate in a secure way. 

Passwordless sign-in, which is one of the new features where you no longer need to have a password, is one of the great features. Passwords have always been hard for end-users, but not so hard to bypass for bad guys. It often doesn't matter how complex or long your password is. If a bad guy can trick you into giving it to him or can sniff your keyboard or your network, or access it through malware, your password doesn't matter anyway. So all the complexity, length of the password, and having to regularly change it is hard for users, but it doesn't stop hackers. And that's what makes passwordless so valuable.

Multi-factor authentication is good as it allows you to answer a notification or even an SMS or a phone call, but that has become more unsecure now because the bad guys are learning new way to bypass these methods. But using passwordless technology, you're not even using a password anymore. You're basically just signing a logon request without actually sending, typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple.

It also stops phishing, which is amazing. If someone tricks a user into going into the "Macrosoft" store or some other site that looks like the real site, they can trick the user into signing in there and then they can steal the password. But if the user is using passwordless, the passwordless solution would say, "Sorry, I don't have a relationship here. I can't sign in." In that way, it can stopping phishing, which is one of the most common attack vectors right now.

Another feature that has improved our security posture is Conditional Access where we can not only say "yes" or "no" to a sign-in, but we can also have conditions. We can say, "Sure, you can sign in, but you need to be part of the right group. You need to come from a managed client. You can't come in with a risky sign-in. You need to come in from a certain platform or a certain network." You can have a really complex set of rules and if those rules are not fulfilled you will not be able to sign in, or we can require MFA or even control the session. That is also a really good security feature.

The B2B feature is another good one where, if I want to give someone access to my my apps or data, instead of creating an account and a password and giving that info to the user, I can invite that user so he or she can use their own existing account. That way, I don't need to manage password resets and the like. The B2B feature enables collaborating with anyone, anytime, anywhere.

The Azure AD Application Proxy, which helps you publish applications in a secure way, is really good, but has room for improvement. We are moving from another solution into the Application Proxy and the other one has features that the App Proxy doesn't have. An example is where the the role you're signing in as will send you to different URLs, a feature that App Proxy doesn't have (yet).

With Azure AD, if you look in detail on any of the features, you will see 20 good things but it can be missing one thing. All over the place there are small features that could be improved, but these improvement is coming out all the time. It's not like, "Oh, it's been a year since new features came out." Features are coming out all the time and I've even contacted Microsoft and requested some changes and they've been implemented as well.

I have been using Azure Active Directory for close to eight years now.

The stability or availability is incredible. It's super-good. However, just the other week, there was an outage for a few hours, so it's not 100 percent. But in Microsoft's defense, that hasn't happened for a long time.

What I also usually point out to people is that if you host your own solution and things break in the middle of the night, who's going to look at it? With this solution, you know that in the first millisecond that something breaks, 10 people or 100 people are looking at it. You get constant feedback about what's going on and you usually get a full report afterwards about what actually happened and how they will prevent them in the future. They are really good at managing these outages.

I don't know what the uptime is, but it's still 99.999 or something like that. It's super-trustworthy, but it's not 100 percent. What is? Still, it's likely much better than a private on-premises solution could ever be.

In terms of scalability there are no limits. I have customers with 10 people and others with up to 300,000, and everything in between. There is no difference. I haven't had to think about memory or disk space or CPU in a long time because everything just works. It's super-scalable.

We have 100 customers and all of them use Azure AD. They are spread all over the world. In Sweden, where I'm from, we have government municipalities, we have private corporations, hospitals, manufacturing. Everybody needs this. It doesn't matter which market or which area you work in. I don't see a target audience for this. It's everyone.

Their tech support is pretty good, depending on who you end up talking to. If you open a support request, you can be asked quite basic questions at first: "Have you tried turning it on and off again?" Sometimes we need to go through five people to get the correct people, the people who know the problem area really well. We usually dig really deep into the area and learn al lot first. We need someone who is expert in this product and who knows exactly how that area of the product works. Sometimes it takes a while to get to the correct person, but once you get there, they're usually super-knowledgeable, super-friendly and quick to reply. It can be tricky to find the right person. But I suppose that is the same in any company. 

Over the years, we have built up a contact network so we can usually contact the right people right away, as we are a Microsoft partner. But because this review is for everyone, I would suggest that you keep asking until you'll end up at the right people.

Overall, Microsoft is really attentive. Previously, you could say, "Can you show me the roadmap for the next three years?" and they would say "Sure." They don't really do that anymore because they say, "It now depends on what you want." We can help influence Microsoft how to prioritize. They have daily and weekly meetings where they discuss "What do people want now? How should we prioritize?" It's a totally new Microsoft compared with a few years ago. If I see something missing, they usually come up with it pretty quickly.

I see people moving from other solutions into Azure AD because they're not satisfied with the other solutions. 

The initial setup is a straightforward process, for such a complex technology. Although there are a lot of moving parts involved in actually setting it up, it is quite easy.

I've set this up for many and, in general, it takes less than a day to get things up and running. Then, of course, there's tons of optional configuration to improve and secure things, but just getting it up and running takes less than a day.

The implementation strategy used to be helping them get to the cloud, by doing things like making sure that they clean up the accounts in the on-premises solution and setting up the synchronization rules. But nowadays, most of my customers are people who have Azure AD in place already. So now I'm trying to enable and configure and improve security configuration. For example, you don't have to set up the passwordless feature and you don't have to do multi-factor authentication. They are optional. So my task now is more one of improving their configuration and turning on security features. A lot of it is secure by default, but some features require you to configure and set them up.

With the licensing there are so many features involved, and different features for different licensing levels. Those levels include the free version, as well as Premium P1, Premium P2. My approach with my clients is usually, "What kind of licenses do you have? Okay, let's improve this, because you have it already. You're paying for it already. Why not use it?" 

The next step is, "These features are included in the licensing you don't have. Do you think it's worth it?" I talk to them, I explain them, and I demonstrate them. They will usually say, "Yeah, we need that one."

I don't know other solutions really deeply. I know of them, but I'm a specialist who is focused on this one. But I realize, when I talked to other specialists in other areas, that they are solving the same problem, so they usually have similar solutions.

What Microsoft is winning on is that people used to say, "Buy the best product, the best in class or best in breed for each area." But that has changed now. "Buy the best ecosystem" is the better approach. If I have Azure AD as my identity and access solution, and if I also use Microsoft Defender for Endpoint and the Defender for Office 365, and other Microsoft solutions, I can then go to one portal, one place, and see how my apps are doing, how my users are doing, how my devices are doing, and how my data is doing. You get this super-integrated ecosystem where everything talks to each other. That is the strength.

In my opinion Azure AD is a fantasic standalone product, but you have so much more benefit from using it together with other Microsoft solutions.

The user usually doesn't care if we use Microsoft or any other vendor's to protect his identity or his computer or his data. They just want to do their jobs. But as admin, I see the advantage of using the same provider. I can actually create a query saying, "Show me all users who logged in to Azure AD from a device with this operating system, accessing this application, and who have a risk on their device, where a document is classified as sensitive." I can do all of that in one query for identity application devices and the data. That's the strength, having that insight into everything. And when it comes to security and Azure AD, Microsoft has 3,000 full-time security researchers, and they spend over a billion dollars each year on security research alone.

What's amazing is that the CIA, the FBI, and these big companies or organizations are using Azure AD, and they have really high requirements for audits and protection. As a "regular" organization, you can get the same level of security without have to ask for it. You get to ride on the coattails of that amazing security without spending $1 billion yourself.

If another Microsoft customer is hit by something bad, Microsoft is going to stop it for the rest of its customers. If you're the first to get hit by new bad malware, that may be tough, but all of the other customers are instantly protected because different customers share threat intelligence, in a way. You get the benefit of all the security discoveries that Microsoft makes, instantly.

Talk to someone who knows a lot about it. Sure, you can look at everything on the docs.microsoft.com page, but it can be hard to understand what each feature is and the value it give you. Talk to someone who knows both licensing and technology, to understand what's there and what you should pay for and what you should not pay for.

There are also a lot of good videos out there, like sessions from Microsoft Ignite. You also have the Microsoft Mechanics video series on YouTube with a lot of videos. So if you like to learn through video, there's a lot available for you. You can also go to docs of Microsoft.com and search for Azure AD. You will get like a starting page where you can learn the identity and access basics or also how you integrate apps. There is a link collection with everything and anything you would like to know. Or you can call me.

We are Security advisors. We help people, we train people, we implement it for them, we document it, we teach them, and we talk at seminars. We sell our knowledge. We don't sell solutions. There are 25 people in our company and five to 10 people are working with Azure AD. It's not that we need five for our daily operations, it's just that's how many of us are working with it. In general, a company might need one to five people working on it. If I need to set up a feature for five people or 500,000 people I do the same steps. The thing that is different in bigger companies, is that you need to communicate, you need to educate, you need to write Knowledge Base articles, you need to inform the service desk. All of those things are just to prepare users. But that has nothing to do with Azure AD. The technology is super-simple. It's more that the process around it is different in different companies.

We run in a hybrid model. We have our Active Directory on-premise directory services that we provide. We basically went to Azure so we could provide additional capabilities, like single sign-on and multi-factor authentication.

We are running in a hybrid environment. It is not completely cloud-native. We sync our on-premise directory to the cloud.

It definitely has improved our security posture, certainly from providing that second factor of authentication. It provides more visibility. We can see all facets of the business, e.g., when people are logging into our resources. This solution makes it highly visible to us.

It enhanced our end user experience quite a bit. Instead of the days of having to contact the service desk with challenges for choosing their password, users can go in and do it themselves locally, regardless of where they are in the world. This has certainly made it a better experience accessing their applications. Previously, a lot of times, they had to remember multiple usernames and passwords for different systems. This solution brings it all together, using a single sign-on experience. 

Is this specific to Azure? No. We have had other IdPs that gave us that same experience, but we have more apps that are integrated into Azure today from single sign-on than we had previously. Having that one handy "my apps" page for folks to go to as their one source for being able to gain access to all their apps is a much better experience from my point of view.

• Azure Application Proxy
• Single sign-on capabilities for SAML
• OAuth integrated applications
• The multi-factor authentication piece was desirable.
• Defender for Identity, as of recently.
• Some of the services, like Microsoft MCAS solution. 

These features offer additional layers of security, which is kind of what we were looking for. 

Some of the self-service password utilities certainly helped, given the scenario of the world today with COVID-19 and lockdowns. We certainly benefited from being able to say, "Have our users changed their password remotely." When they connect to the VPN, then sync them back up with the domain. So, that was very beneficial for us as well.

The thing that is a bit annoying is the inability to nest groups. Because we run an Azure hybrid model, we have nested groups on-premise which does not translate well. So, we have written some scripts to kind of work around that. This is a feature request that we have put in previously to be able to use a group that is nested in Active Directory on-premise and have it handled the same way in Azure. That is something that is actively being worked on. 

One of the other things that we felt could be improved upon is from an Application Proxy perspective. We have applications native to SSH, and we want to be able to do app proxy to TCP/IP. It sounds like that is actively on the roadmap now, which was amazing. It makes us very excited that it is coming, because we do have use cases with that as well.

I have been using it for a few years now.

The stability has been pretty rock solid. For the first time, we have seen some instability over the last month. I know there were some issues with Microsoft in terms of one of their stacks. That was something that they addressed pretty quickly though. We were appraised of the issues by our technical account manager, so we were in the know. We weren't left in the dark when something happened, and it was remediated pretty quickly.

We have about five to six folks whose main role is to manage identity, and that is my team at the company. However, we also have administrators all over the globe, handling service desk tickets, e.g., resetting passwords. There are about 30 or 40 people, if you include that level of things. However, from a global admin perspective, we probably have a total of eight people.

It is certainly scalable. Whether you are connecting to a local on-premise directory services organization, or if you are using B2B and B2C. This is part of the vision: At some point, leverage some of the B2B features that we have appointed to us in Azure, which we don't do today. This is certainly something that we are looking at internally as a potential for moving forward. 

We are managing 7,000 to 8,000 users within Azure AD.

This is room for growth.  

We are part of the DPP program. So, we talk to the identity folks at Microsoft on a weekly basis, who are amazing. It has been such a great experience with those folks.

The technical support that we get through the GTP program is amazing. Microsoft Premier Support is pretty good as well. We have called them, but typically we don't have the type of issues that we are calling all the time for. We have a pretty savvy team, and just being plugged into the GTP team has helped us understand new features which are coming out, whether we are part of an active preview or attending an evening where they are doing a webinar to introduce new features to us. The cool thing about that is you do have that line of sight if you need to ask questions or get technical answers. Between our technical account manager and our GTP partner, we do relatively well without having to open too many cases.

We had a different identity provider at one point in time. At the time that we were looking at identity providers, Microsoft really wasn't there from a technical perspective. They are there now, far surpassing some of the things that we have done in the past. So, it was a no-brainer for us. We are very much a Microsoft organization. Primarily, it is the operating system of choice, not only for endpoint service, but it was a pretty good deal to move over and leverage some of the licensing and whatnot for our end users.

From an IdP perspective, we had Okta for quite some time. We had some limitations with Okta that we were looking at Azure to handle. I got pulled in kind of mid-project. I am not really sure when the decision was made, or how it was made, but certainly cost was a factor. We were already licensed for a lot of what was needed to go with Azure, where we were paying Okta separate licensing fees. So, we saved money by switching from Okta to Azure.

The initial setup would have been complex if it had not been for being part of the GTP program. We have gotten a lot of value out of that program in terms of cross-training our team members, catching up on any new features that come out as well as any of the gotchas that the Microsoft team has seen. So, those have benefited us quite a bit.

The deployment probably took six to eight months. Standing up Azure and sinking your directory services, like creating a connector, takes minutes. We could stand that up in the day. What took time was taking all of the applications that we have throughout the environment, migrating them across and doing integrations with single sign-on. You need to have conversations with different application owners as well as potentially pulling in some vendors to do some of the configuration. There may be some apps which are not as straightforward as others, but we thought that the experience was pretty straightforward (to a point) where we can handle a lot of the work ourselves.

When we needed Microsoft, we were able to reach out, talk to them, and get the assistance that we needed. That was super beneficial to us.

There are a lot less calls to our service desk. For some of the traditional, "Hey, I need to reset my password," or "Hey, I'm locked out." So, we're seeing a lot of that self-service, gaining access to the different apps, and having it all be integrated with Azure will take away some of the headache. For example, "I don't know what my password is for GitHub," or, "I don't know what password is for Slack." We are like, "Well, it's the same password that you use every day." So, that has dropped call volume.

If you have a different IdP today, I would take a close look at what your licensing looks like, then reevaluate the licensing that you have with Microsoft 365, and see if you're covered for some of this other stuff. Folks sometimes don't realize that, "Oh, I'm licensed for that service in Azure." This becomes one of those situations where you have the "aha" moment, "Oh, I didn't know we can do that. Alright, let's go down this road." Then, they start to have conversations with Microsoft to see what they can gain. I would recommend that they work closely with their TAM, just to make sure that they are getting the right level of service. They may just not be aware of what is available to them.

We look to gain new features when updating licensing. Every time we go to negotiate an enterprise agreement, we are looking at:

• What are the benefits?
• What are we getting back from Microsoft?
  
  They are very good at working with us to get what we are looking for in terms of working on packaging for pricing.

We did not evaluate other options. The decision was pretty easy. When we initially looked at Okta years ago, Microsoft was also one of the folks that we looked at. Okta was a little more advanced than some of the gallery apps. Then, Microsoft made a huge play and added more gallery-type apps. That helped us quite a bit to move things along.

For others using Azure ID, take cookie online training. They are widely available, free, and give you a very good idea of what path you need to go to. So, if you want to take some professional training to become a guru, then you know what classes to go take and the fundamentals that you need to take before you get into that class. So, I highly recommend taking the video term.

I come from an Active Directory background for more than 20 years. Coming into Azure was actually great. We had somebody leave the company who was managing it, and they said, "Hey David, I know you are working for this other pocket of the business. How would you like to come back to the identity platform?" I said, "Absolutely." So, it was easier for me to come up to speed in several of the advanced areas of Azure, e.g., conditional access policies. We are starting down a zero trust methodology, which has been very exciting for me.

I would give it a solid eight (out of 10). It has a lot of the features that we are looking at. I don't think there are any tools out there that will give you that one magical wand with everything that you are looking for, but certainly this comes close. Microsoft has been working with us to help us through some of the new features and additions that are coming.

The use case for this solution is the access to Office 365, Azure subscriptions, and several software as a service platforms as well as other SaaS-developed applications that we provide access to, such as, OpenID Connect, OAuth, or SAML.

It is a central point where we provide the cloud lock-in for our company. We focus the multi-factor authentication within Azure AD before jumping to other clouds or software as a service offerings. So, it is the central point when you need to access something for our company within the cloud. You go to Azure AD and can authenticate there, then you move from there to the target destination or the single sign-on.

Azure AD added a different layer. We were able to add multi-factor authentication for cloud applications, which was not possible before. We also may reduce our VPN footprint due to the Azure AD application proxy. We have a central point where we have registered our software as a service applications that we obtain from other providers or the applications that we host ourselves.

The most valuable feature is the possibility to create multi-tenant applications alone, or in combination with Azure Active Directory B2C. So, you can provide access to applications for your external partners without having to care about the accounts of external partners, because they will stick it in there as an AD tenant. That is the feature that I like the most.

The solution has features that have helped improve our security posture: 

• A tagging mechanism that we use for identifying who is the owner of an application registration. 
• Conditional access and multi-factor authentication, which are adding a lot to security. 
• The privileged identity management feature that has arisen off privileged access management. This is helping a lot when providing access to certain roles just-in-time. 

They are also still developing several other features that will help us.

It does affect the end user experience. It depends on where they are. When they are within the corporate network, then they already have a second factor that is automatically assigned to them. When they are outside of the company, that is when they have to provide a second factor. That is mostly a SMS message. Now, with the Microsoft Authenticator app that you can install on your mobile phone, we are shifting towards that. This has reduced errors because you may just say that you confirm a message on your mobile phone instead of typing the six-digit code, hoping that you are still in time, and that you entered it correctly. So, it does affect our employees. We try to be up-to-date there.

Mostly, it affects security. It is an obstacle that you have to climb. For example, if you have to enter the code in from the SMS message, then you have to wait for the SMS message to arrive and copy the code, or you have to transfer the code from the SMS message into the field. We reduce that workload for employees by having them be able to receive a message on their phone, then confirm that message. So, security is less of an obstacle, and it is more natural.

The user administration has room for improvement because some parts are not available within the Azure AD portal, but they are available within the Microsoft 365 portal. When I want to assign that to a user, it would be great if that would be available within the Azure AD portal.

It would be awesome to have a feature where you can see the permissions of a user in all their Azure subscriptions. Right now, you have to select a user, then you have to select the subscription to see which permissions the user has in their selected subscriptions. Sometimes, you just want to know, "Does that user have any permissions in any subscriptions?" That would be awesome if that would be available via the portal.

I have been using it for more than two years now.

The stability is very good. They had a problem recently that was hopefully the exception. 

I am looking forward to the adjustment of the SLA that they increased from 99.9 percent to 99.99 percent. With this increase, which should happen on the first of April (not an April joke), this should be a huge improvement for the visibility towards the world because this is a commitment by Microsoft, saying, "We are taking care of Azure AD." I think that is a very good thing.

From my point of view, it scales very well. There are different possibilities to take care of it, depending on what you want to achieve. Lately, they introduced something like administration units, where you can achieve that even a bit further to restrict the access of your administrator to a certain group. So, that should be really helpful for even better scaling.

One company has around 50,000 users and another company has around 200 users. For the bigger company, there are several people involved, three to four people. They are taking care of application registrations as well as the Azure AD Connect synchronization to see if there are any errors, then clear those errors. However, it is mostly the application, registration, and configuration of the Azure AD.

The technical support is great. We have access to a special unit within Microsoft where we have additional support besides the technical support. So, it has been really good working with Microsoft.

We have other tools: 

• Red Hat SSO
• OpenID Connect
• OAuth
• Azure Domain Federation.

We just removed the Azure Domain Federation (AD FS), thanks to the Azure AD.

Deployment time really depends on how you set up your Azure AD. You might: 

• Want to set up Azure AD Connect, then the process takes longer. 
• Just use Azure AD, then the process is much faster. 
• Directly connect to another source of truth, then there is something in-between. 

It really depends on your situation. I would say it takes between an hour and a week.

For the company, I didn't set it up. I did set it up for myself, but that was a simplified situation and I found the process to be straightforward.

Make sure that you get the most out of your Office 365 licenses for Azure AD. If you have additional concerns for users who don't have an Office 365 license, consider Azure AD Premium P1 and P2. Be aware that you have to evaluate your license usage beforehand.

Consider the usage of Azure AD Premium P1 and P2 when you are not assigning Microsoft or Office 365 licenses. This is really important to get access to good features, like conditional access, privilege identity management, and accessory use.

I would rate Azure AD as a nine out of 10.

It underpins our application authentication and security requirements for internal users.

During the pandemic, it helped us carry on working securely as a business.

Azure Active Directory hugely improved our organization’s security posture. The ability to control access to resources has vastly improved.

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

On-premise capabilities for information and identity management need improvement but I know these are in pipeline.

I have been using it for five or six years.

The stability has improved over the last two to three years.

It has fantastic scalability. Globally, we have about 80,000 users. 

In each territory there are on average around 40 people managing the solution on the admin side. We also have SMEs for the harder tasks. Then you have people, like me, who are architects and determine approach and create designs.

Microsoft Premier Support is very good. We make good use of it. 

The free support is okay.

For mobile device management we used to have MobileIron and Blackberry. Those products have been removed in favour of Intune and Azure AD features. Other legacy security services will be removed in preference for the Azure equivalents. Strategically, Azure AD makes more sense for us. Cloud first is the strategic direction within my company.

It is a predeployed solution, creating the links between the on-premise system and SaaS system is moderately easy.

Our deployment took a month.

For a non-complex organization, the deployment process would be a lot easier than it is for a complex organization. There are a lot of business processes that need to be determined as well as a lot of conversations. The technology side of things is the easy bit. It is the design that takes awhile.

It was all done internally and using Microsoft Partners

We have only really bought into the solution over the last 12 months or so. We expect to see cost returns in the next 12 months.

If you get rid of all the products providing features that Azure suite can provide, then it makes sense cost-wise.

Microsoft Premier Support is an additional cost to the standard licensing fees.

Azure Active Directory and its feature set under a single vendor are unique in our market.

Compared to how it was five years ago, the solution is has really matured.

Make sure that business requirements are understood upfront and a design is in place before any services are deployed. Ensure the people deploying it understand the capabilities and implications of choices.

I would rate this solution as a nine out of 10.

The primary use case for Microsoft Entra ID is enterprise or company-wide system management. It allows us to join most systems, regardless of their location, to the active directory of the company's domain. This is particularly useful for managing PCs for remote workers and securing their devices.

Microsoft Entra ID has made managing users easier, as well as sending out policies and implementing restrictions. It simplifies the management of IT infrastructure.

The features I find most valuable are conditional access, privilege management, and dynamic groups. Conditional access allows us to set specific policies for security purposes. Privilege management enables us to assign specific roles to users, such as user administration, without giving everyone admin rights.

Microsoft often changes settings, and many features are scattered. It would be helpful if settings were grouped under a specific category, like authentication, to make it easier for beginners. The platform can be overwhelming for new users, so consistent organization of features is needed.

I have been working with Microsoft Entra ID for a good part of five years, migrating over from when it was previously named Azure Active Directory.

There can be outages or times when the portal is unresponsive, which is why I would rate the stability a seven.

I have not encountered any issues with scalability; it is for everyone. So, the scalability rating is ten out of ten.

I haven't raised any tickets with technical support, as I was part of the Microsoft technical support group.

Positive

No other solutions were used previously.

The initial setup is straightforward due to my experience, however, I would rate it a six or seven out of ten for someone new. Issues arise if users make incorrect choices during the out-of-box experience.

The deployment requires one person to create user profiles and assign relevant permissions, though two to three people may be needed for advanced features.

Business process-wise, Microsoft Entra ID makes managing users and IT infrastructure easier.

The pricing is fair compared to other products, and I would rate it a five out of ten for value for money.

No other solutions were evaluated.

For seamless integrations with other services, Microsoft Entra ID is likely the easiest tool. I would recommend it to others.

I'd rate the solution eight out of ten.

The solution grants users access to various apps built on the portal. 

There was a lot of logic and a lot of improvement overall in terms of improvement. On the user access side, it improves the company a lot, specifically in regard to security. It really does help with access and protection.

My experience so far has been amazing. I'm in the intermediate phase of understanding it. Loading users and creating groups and so forth is very easy. We can also run multifactor authentication.

The dashboard is very good. It's outstanding.

It offers very good support.

The virtual machines you can run through it are great.

We are provided with a single pane of glass for managing user access. It helps provide more insights and creates consistency in the user experience. It works perfectly. Only admins can control access. That makes it safe. If a user requests something, only the admin would be able to assign the permissions.

My assessment of Active Directory's admin center managing all of your identities and access tasks is that it is very effective. 

I do use the verified ID at this time to onboard employees. Onboarding new users is very easy. It's very quick and doesn't affect the users. It's simply sped up the process. It also helps with privacy and control of identity data for remote employees. It's good to have and it assists with security. 

Permission management is quite good. The visibility and control in the clouds are good - at least over Microsoft. 

The product has helped save time for our IT administrators and HR department. It's helped a lot of time. It might save around 70% of our time from an IT admin support perspective.

It's very good at not disrupting the user experience. 

I'm still new to the solution. I need to look at the solution more before commenting on what to enhance. 

I do not need any extra features from my side. 

Having more training would be quite helpful. 

Having a faster interface could be helpful.

I've used the solution for two years. 

The solution is stable. 

We use the solution across multiple locations. We have multiple systems and apps that we built that run through Azure. We have about five people actively using the solution. We only have about seven people in our organization. 

The solution can scale well. I'd rate scalability nine out of ten. 

I've never dealt with technical support. My colleagues have used it and I've heard from another user that the turnaround was almost immediate. My understanding is that it is quite good. 

Positive

We did not previously use a different solution. 

The initial setup was straightforward. It does not require any maintenance. 

I'm not sure if we've saved money specifically using the solution, yet, if that wasn't the case, I'm not sure why we would use it.

We have not evaluated other solutions. 

I'm a customer and end-user.

I don't use the conditional access feature. 

I'd personally recommend the solution to anyone. I'd rate the solution ten out of ten. 

Our primary use cases are to join devices to Azure AD.

Entra ID provides more clarity regarding what's happening in the business. The benefits of using this solution were realized straightaway.

It helped save time for our IT administrators or HR department. Azure ID has positively affected the employee user experience in our organization.

We use features like a single pane of glass for managing user access to a certain degree. The admin center for managing all identity and access tasks is also good.

Moreover, we also use the conditional access feature to enforce fine-tuned and adaptive access controls. Any new user would have to go through the MFA process due to the conditional access policy. So no one gets left out. This is because of the zero-trust strategy for verifying users. 

The biggest benefit of using Azure AD is that it allows us to access the information on-premise servers and also for devices that just joined Azure AD.

In future releases, I would like to see an attack simulator incorporated, especially for some of the business plans.

I've been working with Azure AD for two years.

The initial setup was complex, but we overcame the complexity. 

The pricing is fine. It is what it is. 

Overall, I would rate the solution a nine out of ten.

I set up Azure Active Directory for many customers of the company I work for. I'm an implementer. It is the basis of identity and access for all the tenants we are using for our customers.

Microsoft Entra helps our clients save a lot of time, especially with the many automation processes that we can leverage to facilitate our work. The amount of time saved depends on the customer's needs. In general, on average I would estimate it saves them 40 percent in terms of time. But in some cases, it could be up to 70 percent.

It also helps them save money because they can work with fewer employees, or they don't have to hire more employees to do tasks that can be automated.

Another benefit is that it provides satisfaction at the administration level. On the user level, the ease of use makes it easy to understand without any limitations.

And it provides quite a good level of security for all users.

All the features of the solution are helpful. Among them, one of the most important is the Conditional Access. It helps affect a Zero Trust strategy positively.

Also, I use Entra Permission Management to distribute the roles among all users according to management requests. Microsoft provides reports for visibility and all kinds of controls where you can see the users and their access. Permission Management helps reduce the risk surface when it comes to identity permissions. It supports adaptive controls and that helps me in defining the right controls for users.

I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better.

I have been using Azure Active Directory for about three years.

It's stable. I haven't experienced any downtime or breakdowns with the product.

It's scalable.

I'm satisfied with their support. 

Neutral

It's easy to set up. 

The amount of time needed to set up Azure Active Directory depends on each customer's use case. It will take at least three to four hours for a small organization, and in that scenario you wouldn't need more than one person to set it up. For larger organizations, it may take a week and we would need two to three persons.

Our customers are looking for advanced features and processes for it to be cost-effective for their organizations. They see it as an overpriced product. They are enjoying using Azure Active Directory, but they are looking for better prices.

Just follow the book.