Microsoft Entra ID Reviews

We use Azure AD to implement Conditional Access policies and privileged access management.

There are plenty of benefits. First, as we had Microsoft AD on-premises, it was very easy to configure Azure AD. We are using the password hash sync for authentication, so authentication on the cloud is very seamless when users use applications on the cloud. That is very important.

Also, with the help of sign-in logs, we are getting information about every application, such as where a user is trying to log in and from which device, making things very crystal clear. We only get this type of transparency and accuracy only from Azure AD.

We use the Conditional Access feature to fine-tune access. We implement a lot of access policies. For example, we want to get rid of client machines with Windows XP and some legacy applications, so we created access policies to prevent logins from those devices and those applications. We have also created policies to prevent logins from certain areas around the world. These abilities are very helpful in preventing phishing and scams.

In addition, there are so many tasks and activities that are automated in Azure AD. For example, we have enabled the password reset self-service so that users can reset a password themselves and log in to their accounts. That is one way it saves time for our help desk team. It no longer requires the help desk. From an administrative perspective, it's very convenient for us to manage and maintain the users of the organization. Azure AD is saving us 10 to 12 hours per week, and that's for just one person who would otherwise be responsible for resetting passwords.

The solution has also prevented so many potential cyber attacks, and that has saved us money. And by saving man-hours, we have saved money. Thirdly, we have been able to reduce manpower. I would estimate it has saved us 20 percent in terms of costs.

Another benefit is that, from a user perspective, it is very smooth and easy to sign in to all the Microsoft applications with the Azure AD sign-in. The UI is very intuitive for Microsoft accounts, so it's very easy for them to log in. We also have single sign-on enabled for desktops, so whenever a user signs in to an application on their machine, they don't need to sign in again and again. With the help of the same token, all other applications can be opened easily.

Two very important features in terms of security are governance and compliance through the Conditional Access policies and Azure Log Analytics.

Also, Azure AD provides a single pane of glass for managing user access.

I mainly work with the Microsoft Security portal so I can get access and privileges to maintain all the security policies, including Conditional Access policies and privilege access management for just-in-time access, as well as Azure AD sign-in logs. These factors are very important.

When it comes to managing identity, we have E5 licenses. We are using every application from Office 365, so it is very easy for us to manage identity with the help of all those applications. We are also using third-party applications that are integrated with Azure AD and that makes access management easy.

From an admin perspective, I would like to see improvement in the Microsoft Graph API.

I have been using Azure Active Directory for six to seven years.

There are some bugs that we find monthly or quarterly, but all the bugs are fixed by Microsoft.

It is scalable.

We have it deployed in Europe and there are about 15,000 users.

I received good technical support when syncing on-premises users to Azure AD. It was very smooth. But for help with Conditional Access, I got poor support.

Neutral

We had on-premises AD and then we introduced Azure AD. We synced all the users from on-premises to Azure AD. Then, with Office 365, we installed Exchange Online and Teams. For single sign-on we have ADFS [Active Directory Federation Services] on-premises, but now we are migrating our applications to Azure AD SSO for single sign-on.

The initial deployment was very straightforward. It only took a day to deploy. The plan was first to get information about our on-premises Active Directory users, computers, and groups, and then we had to determine how many licenses and which types of licenses we needed for those. We also had to think about which type of authentication method we were going to use.

Our deployment involved three to four people.

Maintenance is just checking for updates.

Personally, I feel Microsoft is very costly compared to other products. That is also what management is thinking. But when we consider security and support, Microsoft is better than any other product. It is somehow justified, but I feel it is costly.

I have worked with Okta but for single sign-on only. It does not provide all the features or meet all our demands.

If you want secure data and secure identities, go for Microsoft Azure AD.

The primary use case is as an authentication mechanism or platform for the ISV solution that we offer our customers. When they are authenticating to our application, Azure AD is the solution on the backend the customers are actually using.

I'm a software developer so I write a bunch of integrations between applications and one of them is Azure AD. Our organization itself uses Azure AD for our external solution, which we provide as the authentication mechanism.

The most valuable feature is the authentication platform. Whether that's for users authenticating to applications or for actual applications that we write, authenticating to Microsoft or other applications. We can do app registrations where we're doing client-side or client credential flow authentication from an external app to a hosted Microsoft app or whatever other app within the Microsoft catalog we want to connect to. The focus area has been around being able to integrate and connect to different Microsoft resources using Azure AD to actually provide the authentication piece.

There are a lot of areas where the data from a reporting standpoint is extremely granular. It is great that you're able to get to that data at the same time unless you actually are hands-on with the tool, as it can sometimes be overwhelming to actually be able to decipher what that means. So if you're looking at audit reports or another sort of logging, the amount of information is never the problem within Azure AD, it's trying to distill it down to the information that you want. I think the solution can improve by making the consumption of that data easier for the customers.

I've been working with the solution for five or six years at least. Probably longer. 

The stability is very good. I think it's gone down only a couple of times and when it goes down, there are bigger problems than just us. From my perspective, it is fairly stable.

I think the ease at which you can create new resources and the like from an overarching Azure perspective is phenomenal. I believe Azure AD is scalable. There are some pieces of it that are difficult to use. When assigning layered groups or layered roles to users, trying to figure out the access that a user has can sometimes be a little tricky. But overall I think it follows the Azure model, so it's easy to deploy new pieces as needed.

We have a little over a hundred total users. Azure AD is only accessed by a couple of people within our organization, and they're all based out of our home office in the US. The authentication mechanism is used around the world. We have offices around the US and in Europe that all sign in using Azure AD as the authentication piece. We have 250-ish groups and just over a hundred users.

Previously we used on-prem ADFS. At our organization, we integrate with a whole host of different identity providers; Ping, Okta, and those types, but we've always used a Microsoft product internally for our user setup and access. We switched to Azure AD because our product is also hosted within Azure. As part of that, we actually also switched to a hybrid cloud where we run both on-prem AD and Azure AD online.

There were a couple of hiccups along the way, but the initial setup was fairly straightforward.

The biggest issue for us was getting the sync working from on-prem to the cloud. That was the hardest part. As far as the deployment itself, we went and created an Azure tenant and then created the Azure AD or a portion of it. After that, setting up the sync was really the biggest part.

The implementation was completed in-house, and we integrate it from our product perspective.

Azure AD makes our work a lot easier, but I don't have an actual number to show an ROI.

We're a Microsoft shop, so it basically was the only option that we really had if we wanted to use Azure. Our services host Azure so it made sense for us to use Azure AD.

I give the solution a nine out of ten.

We actually integrate with Microsoft Entra and are able to add additional functionality to it. Entra does everything down to the entitlement level within applications, whereas our organization would go a little bit further and go to the object level. But from an overall user access perspective within our cloud environment, Microsoft Entra does give us visibility into what that user's assigned, based on their roles and group access.

We don't use Microsoft Entra in the way that most other companies are going to use it. We're looking at it from a strategic perspective for the security reporting application that we provide our customers. When a customer of ours would be using Microsoft Entra and they want to extend it to provide additional reporting or to actually go down and assign functions at the object level within their applications, they would use our organization to do that. I don't technically use Microsoft Entra to actually view what our users are looking at from a user access perspective.

I don't know if we use it internally at our organization, but in the majority of cases, the clients want to be able to have a place where they can do enterprise-wide identity management. And so that's what they are trying to get to with Entra. That's a question that a lot of our customers have across the board. The functionality that Entra provides is the ability to span across different either business applications or other third-party applications. The customer then has to be able to do identity-based access control from a single-pane-of-glass within our Azure AD instance.

I don't do the actual assignment within our organization from an Azure AD perspective. We extend what Microsoft Entra provides, from a feature functionality perspective. We have a separate IT team that would actually do the user creation and access assignment within Azure AD and I don't know if they use Microsoft Entra to manage all identity and access tasks within the organization.

We're a Microsoft ISV and we connect with a number of different ERP, CRM, and HDM-type systems, but we do security on compliance reporting and functionality.

We integrate with the solution. Customers that are using Entra, would or could use our organization when they need that extra level of detail. We use it for development purposes to actually create a working solution. We support that as far as when we do our reporting from our organizational perspective. I don't use Entra internally at our organization, so we integrate with it from a coding perspective. As far as features and functionality go, we integrate with it and we support it. 

We run the solution on-prem and then we sync that to Azure AD in the cloud, but it's on a normal public cloud, overall.

I think Azure AD is a no-brainer if you're a Microsoft shop and if you have other Microsoft products already. It boils down to what sort of office you're looking for. Being a development shop, it absolutely made sense to us to use Azure AD because we were already using Azure, so it could be included with that offering. If you're not a technical shop then I think you should have to look to see if it's something that you are going to manage, and how many other applications you manage within your organization from an access perspective. If you're doing that across 25, 50, or 100 different applications, then Azure AD is a great choice. If you don't really sign into too many things, then there may be more cost-effective ways out there. It depends on what your use case is.

We use it because we have to onboard our user laptops to our Windows domain. Azure AD provides us with the Windows domain capability.

As an organization, we are going for ISO 27001 compliance. The only way to achieve much of that was to have Azure AD in place. Once Azure was in place, many things, like bringing all our laptops into the domain, and ensuring centralized policy deployment, were taken care of and that is where Azure AD has come in handy.

We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune. As a user, I rarely go into Azure AD. I would rather go to Intune and work from there.

I've been using Azure Active Directory for the last few years. Since 2020, I've been using it extensively because, where I'm working, we're totally on Azure AD.

There is nothing to be worried about when it comes to stability. It's a cloud product.

We are not worried about scalability because it's a cloud system. It will run and they will scale it. They already have packages wherein you can scale it depending on how many users you have in your system.

Our usage of Azure AD will continue, going forward, as an organization. We are not going to pull back on it. It's only a question of what more we can extract out of it as we go along.

Technical support varies. The problem is that Microsoft has contracted out support to multiple organizations around the world. When you raise a ticket, you may or may not get support from someone in your country or region. That's "Part I". 

"Part II" is that when you get to a support agent, they go by the playbook. While they do a lot of R&D for us when we give them the problem in detail, and they actually find things out and come back to us, they're not willing to go beyond the established guidelines to try to troubleshoot. They will only do so if it becomes a pain-in-the-neck issue and multiple users are reporting that problem. For example I found an issue with Defender and I raised a ticket with the Defender team. That has now been pushed to some sort of a feature update, so things like that do happen.

Positive

The initial setup is straightforward. There is nothing very complicated about it.

The very basic setup of AD might take between 10 minutes and half an hour. Then, if you sit down and focus on the task, it takes about a couple of days to have all your nodes in place.

In our company, there is another person who is my immediate junior and who reports to me. We are the ones who deploy, use, and maintain the system.

We are using the version that comes with Microsoft 365 Business Premium.

Microsoft has a very weird way of licensing the product. With the standard on-prem edition, we can do a lot of regular, day-to-day maintenance, including creating policies and the like. We can't do that in Azure Active Directory. The Azure system is very basic in nature compared to what the server provides us.

There are add-on components and services, such as identity services, that we have to add to our Azure subscription. Only then can I actually say it's on par with the on-prem server edition.

Why should I pay for a component? It should be included in my subscription. I understand there may be an added fee, but don't remove an essential component. I am a career IT guy. When I start comparing my on-prem server against this cloud edition, I see that there are components missing. The money issue is secondary. Give me a solution that matches the Azure standard edition. They should ensure that whatever I have on my domain controller are the facilities that run here in Azure AD. For example, on the domain controller, if you are my user, I can let you create a 14-character or a 20-character password. I can't do that on Azure AD. To do that, I must get the Directory Services module, which costs me another $100 a month. Let that cost be added to the bill and let me create my configurations as and how I want. Why do they want to restrict me? It's a detrimental business practice.

Still, I say go for it. Don't worry about the pricing. Licensing, at the basic level, is sensible. But you should actively talk to your reseller about the needs of your organization. Costs will vary as you dig deeper into understanding what product or service you need. Independent of your geographic location, talk to a local Microsoft partner and understand the cost. Don't simply go online and order things. I would stress that to anybody in the world, whatever the size of their organization.

The pricing module is pretty straightforward for many of the products. They have a price for up to 300 users for many of the licensed products. Up to 300 users is not considered an enterprise business.

You may have knowledge about the product, but when you talk to somebody else you get a slightly different perspective. Exercise that principle. Talk to one or two vendors, but talk. Spend time on the call. Understand what you want. One person might give you an idea of how you can deploy with your existing products, while another guy might say those products have these weaknesses and these strengths.

From the organizational perspective, it's not the native Azure AD components that provide value to the customer, it's more the other components. If you're a Microsoft 365 Business Premium customer, you get Microsoft 365 Defender. Along with that package, you get something called Secure Score for your organization. The beauty of Secure Score is that it gives you something of a benchmark. It says X percentage of organizations have this particular level of security score and it tells you how you can upgrade your security. It may tell you to enable something or disable a feature. After about a day's time, during which the change percolates across the organization, your security posture goes up a notch. That's a very useful tool for any organization, whatever the size.

The end-user experience is better because we don't have to have so many components on board, compared to other solutions, to do something. For example, even though Defender is a limited version in some critical aspects, it still does its job pretty well. One major benefit of having it is that we can control the policies of Defender from the Intune portal or the Microsoft 365 Defender system because it's backed by Azure AD. Azure AD plays a kind of backend role. 

It doesn't play much of a front-end role wherein I can create a policy. If I have to create a GPO, I must get the Directory Services component. Without that, I cannot create a GPO the way I would with the ordinary service. That's a critical difference. And with Microsoft, as usual, until you go digging around, you'll never know about this. I raised support queries with Microsoft and followed up with the tech support, after which I was informed that until I have Directory Services I can't do anything. This kind of clarity is not provided to the customer. Microsoft's website is really weak when it comes to providing specific details.

I would tell any organization that doesn't have Azure Active Directory today not to spend money on setting up a server and a data center and infrastructure. Simply upgrade your Office subscription, because it eventually happens. The world is divided into two major parts: Microsoft users and Google users, and there may be some percentage that doesn't use either product. If you're using these products and looking at ISO compliance, simply upgrade to Microsoft 365 Business Premium. You'll get Azure AD and then you can go about the rest of your work.

Overall, I rate Azure AD at seven out of 10. There is a huge difference in the capabilities between the on-prem server and the Azure version.

The primary use case is for the authentication of the users. We actually onboarded around 3000 to 4000 users at our go live, which are various application users from across the US and the other regions.

The best feature is the single sign-on provision for the various type of users. That is our sole purpose for working on that and utilizing that service as creating a custom solution for a single sign-on would be difficult when we have around 50 applications within our company that has been used by users across the globe. That includes North America plus Europe, Russia, and the Middle East. It is very difficult and complicated to do things on our own. Instead of doing that, we just acquired the service from Microsoft for single sign-on, and for that purpose, we are using the Microsoft Azure Active Directory authentication.

From our utilization perspective, they are providing almost everything. That said, the customization, like the data sharing between the application, is something that needs to be improved from their side. For example, we are sharing certain types of data. We have a container application structure, so we have a single sign-on application where we are using the Active Directory authentication, and when the user clicks on that application, the information of that user is passed to the child application, and the child application does not authenticate the user again. That is a single sign-on concept, which is available across 50 applications within that container. We pass a lot of various types of data, therefore, there's a limited capability of doing that in Microsoft Azure as, on the Azure Active Directory, we may be able to create some additional attributes, however, there are certain limitations.

Technical support could be better.

I haven't explored all aspects of the solution just yet. There's still more to look at.

We've been using the solution for as far as our last project, in which is currently being used. We have been using it for the last four years.

This is a stable solution. Since our product went live in 2017, we never got an issue with respect to authentication.

The product is scalable. It is not even region-specific. You can change the region. For example, if you want to target European users, you can simply purchase a plan for a European server or something like that. Currently, I know that our application is running in the United States region, and our targeted users are from the United States, so our application is working in the North American region, the east area.

Technical support is a thing they need to improve a lot from their side.

The engineers from the Microsoft side are professional, however, the thing is they're working on the shifts. For example, if you encountered an issue which is affecting our production application, and we talk to a guy from Microsoft in Central Standard Time. While he will be available then if the issue is ongoing for more than eight hours, which exceeds their standard working hours, he will just put a hold on the call and will say that my next representative will get back to you on this issue, and when the next representative arrives you kind of need to start over.

Neutral

The Active Directory just plays a role in authenticating the user, and it doesn't do anything else, just authentication. The services where the deployment is being done, that is a different thing. It is an application service in itself. We have an Azure Active Directory service. Besides that, we have application deployments or application services on Azure as well. That is a separate service, which is used for the deployment of the application, so when a user is accessing the application, he is redirected to the Microsoft Azure authentication application where the authentication is being performed. So far, the authentication has been performed, and that user is being redirected to our actual application, which has been deployed on the Azure service. Therefore, there isn't really a direct deployment per se for this product.

I'm not familiar with the pricing aspect of the solution. The client deals with that end of things. My general understanding is that it is quite expensive.

I'd rate the solution an eight out of ten. They do have an outstanding service compared to the competition. 

The main reason for implementing this solution was to help our customers to access internal or external resources seamlessly while allowing them to have full control over access and permissions. 

This enterprise identity service provided our customers with many security features such as single sign-on, multifactor authentication, and conditional access to guard against multiple cybersecurity attacks. 

Most of the clients have either Office 365 with hybrid solutions, a multi-cloud environment and they want to leverage Azure AD to manage access to those clouds or they have hybrid deployments with legacy apps on-premises and on the cloud as well. 

We have applied this solution to multiple organizations and it has helped them manage their environments efficiently. Moreover, it provided a high level of security and security features that are appreciated by most of our clients.

In hybrid scenarios, this is one of the best products you could have. It helped many of our customers to manage resources on-premises and in the cloud from a single dashboard. 

It helped our client to control permissions and review permissions for employees who have left the organization which kept them on-control over access and permissions granted to their employees.

The solution has many valuable aspects, including:

• Password policy enforcement
• Conditional access policies
• Self-service password reset for could users and on-premises
• Azure Active Directory Identity Protection
• Privileged Identity Management
• Multi-factor authentication 
• Passwordless authentication and sign-in
• Business to business and client to business support
• Support for SAML and OAuth

There are many more features that are very useful and can be used as part of the P2 package. There is no need to install any agent or tool to utilize those features except when extending advanced features to the on-premises active directory.

I believe the product is perfect, however, it could be improved if it could integrate with other clouds with fewer efforts and provide the same functionality it provides to Microsoft products.

Most of the features come with a P1 or P2 license. With the free version, you do not get much.

The objects in Azure AD are not managed in organizational units similar to what you get in the windows server active directory, which makes it more difficult to delegate administrative tasks

Azure AD does not support legacy authentication protocols, such as NTLM or Kerberos.

Azure AD is unaware of group policies. If you would like to use the same on-premises group policies, then you need to use the passthrough authentication method with your existing on-premises AD servers. This would compromise the high availability of the cloud and create a single point of failure.

I have been using this tool for more than five years.

A Very stable solution, I never saw the service down, unavailable, or anything like that.

The solution is highly scalable. There are no worries at all about the bandwidth or any other concerns. 

We've had a very positive experience and our clients are adopting it more as their sole identity and access management solution. 

Positive

We did use the SailPoint Identity Platform. There was no cloud solution at that time which is why we switched.

The ease of setup depends on the scenario and the use cases of your organization. 

We are a vendor team and most of the implementation for enterprise clients is done via us or similar vendors. 

The solution has a high ROI when adopted properly in your organization.

Make sure to check which features your organization requires. Find out if they are applicable to all users or just a bunch of them before deciding on buying a license.

We looked at many products, however, I do not want to mention the products' names. 

We use Azure Active Directory to add authentication for users when they sign into the applications. We also use it to provide single sign-on (SSO) to applications.

What I like most about Azure Active Directory is its SSO (single sign-on) feature, as we have a community of users with different IDs and passwords, and this feature helps integrate all these. 

I've been using Azure Active Directory since 2016.

Azure Active Directory is a very stable solution.

Azure Active Directory is scalable.

The technical support for this solution is fine.

Installing this solution was seamless, but it took time for it to complete. It took one month.

We used an integrator to deploy Azure Active Directory.

Azure Active Directory has different licensing plans. We're on a yearly subscription. It is expensive, but if you look at the technical benefits it provides, the price for it is decent. If the cost of the license could be lowered, then it would be better.

Azure Active Directory is a cloud-based solution in which we have done our integration with our applications.

We currently have five or six different teams using this solution. We have three people with admin rights, 3 technicians, and a technical team. Some users have admin rights, e.g. general admin rights, while some have basic rights.

Our plan to increase the usage of Azure Active Directory depends on how many new employees will join the company. It could happen.

I'm recommending Azure Active Directory to other people who want to start using it because it meets requirements.

I'm giving Azure Active Directory a score of 10 out of 10.

The solution is primarily used for handling user permission and containing with the Online Exchange. It's for handling user passwords, user permissions, all of the privileges, and for using Azure Active Directory for the Online Exchange.

We're satisfied with the product in general.

The most valuable aspect of the solution is the connectivity with our on-premise Active Directory.

We've found the performance to be very good.

The stability is good.

The scalability of the product is decent.

The installation process is straightforward.

The synchronization with the local Active Directory and synchronization with all of the users on the local and cloud could be better. Every user on the cloud and the on-premise local users should have a connection, have the same privilege, the same features. We should be able to change passwords from the local and have it synchronized with the cloud users.

I've used the solution for four years. It's been a while. 

The stability is good. The solution offers good performance. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We've found the scalability of the product to be very good. There aren't any issues with expanding as needed.

In my organization, we have about 25 users. I deployed it for another organization as my company is a service consultant. Therefore, I do this installation for other users and other companies. There are about 60 users in one and another has 100 users. Another company has only 20 users there. The amount of users each organization has varies. 

We do plan to grow our team and possibly use the solution more. 

I have contacted technical support from Microsoft many times, including when the mailing system is down or when I have a problem with Active Directory or Azure. I contact the help desk for Microsoft, and they reply to me in about one hour and help me to solve any issue. It takes about three or four hours and at that point usually, everything is resolved.

The initial setup was very straightforward and simple. It was not overly complex or difficult. We didn't have any problems with the process.

The deployment for the local setup takes some time. For the cloud, it's very straightforward, and it takes no time at all. It takes about two hours to totally install the hybrid, the connection, and go on with the application.

We have about five people who can handle deployment and maintenance duties. That includes me and five engineers.

I can handle the implementation myself. I do not need the help of an integrator or consultant.

We have many customers that purchase licensing agreements with Azure. Typically they are charged per user.

We're a partner.

I would recommend the solution to others. If they just read a bit about it and connect with Microsoft, they'll likely get some good advice as to how to use it. 

I'd rate it at a nine out of ten. 

We use Azure Active Directory for quite a few things. We use it for security group management of authorized principals who need access to get SSH-signed certificates for user logins. We use it for automated jot-based (JSON Web Token) self sign-on for our lowest, least privileged credentials on certain products. We also use AAD for B2B coordination of SSO when we're bringing users onto our platform, where they have Active Directory on their side. We use the OIDC-based SSO flows through AAD to merge project-level AADs back to our corporate AAD for internal single sign-on flows.

• There is tech support to help with any OIDC-based setups between organizations.
• It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.

The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access. 

I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up.

Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to.

Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.

I have been using Azure Active Directory for a couple of years now.

The stability is great.

The scalability is also great.

We have an enterprise agreement with Microsoft, so we aren't typical folks. Through that agreement, we get a dedicated technical account manager and that person is able to escalate tickets when necessary. I have found Microsoft to be very responsive when needed, although we haven't really needed them that often.

We use Azure a lot, and therefore, AAD was an obvious choice and we thought, "Why not use it?"

They've done a good job on OIDC. That was a pretty simple, seamless setup. We've done that with multiple remote IdPs now, and I don't recall too many issues there.

There is much less cost investment going into it now. We didn't have to do a volume buy to get onto the platform. When it comes to ROI, there is low friction and a high, immediate return on investment.

It's relatively inexpensive in comparison with third-party solutions. It's highly available and supported by Microsoft Azure in our enterprise agreements. With the addition of their B2C tenants, it's hard to beat from a cost perspective now.

They changed their pricing for B2B access. You used to need shared licenses so that, if you were paying for a Premium AAD on your side, that would allow you to have five shared external mapped users. They've blown that all up and it's now dirt cheap. It works out to pennies per user per month, instead of dollars. A P1 user license in their system was $6 per user per month, which is cost-prohibitive for a lot of B2B SSO flows, but now it's down in the pennies range.