Microsoft Entra ID Reviews

We use the Authenticator app on our mobile phones and to authenticate for Office 365. We also provide consulting services and recommend Microsoft Authenticator to clients looking for an MFA solution.

The solution improved our and our clients' security; end users are more confident knowing that their information is confidential. Strategic users, VIPs, and admins are protected from potential attacks because their authentication goes through Microsoft Authenticator.

The product has significantly increased our security maturity and gives us comfort knowing we have security in a good, affordable solution.

We have a history of all our authentications and excellent integration with the Microsoft solutions we use at our company. It runs smoothly in Windows and macOS.

I want to see more features to improve security, such as integrated user behavior analysis.

We have been using the solution for two years. 

The tool is stable, we haven't had any issues regarding stability. 

Scaling is easy as the product is hosted in the cloud; it's a robust and trustworthy solution.

Currently, we have 100 end users in our company, and we have some clients with around 1000 end users of Microsoft Authenticator.

We never needed to contact technical support as we have never had any problems, so I can't comment on that.

We previously used JumpCloud before migrating to Microsoft Authenticator, and we did that because it's more affordable and has better integration with Office 365 and the other Microsoft products we implement.

The setup was straightforward. We made an implementation plan and transitioned from using MFA via email and SMS messages to using Microsoft Authenticator.

Our security team is responsible for all our security solutions, and they take care of the maintenance, which I understand to be relatively light.

We have a Security Operation Center in our company. Another company using the same solution without a team like ours may require several hours a month to manage the solution.

We implemented it in-house since we are a consulting services company.

We think the solution is excellent and provides a return on our investment.

I would advise implementing the solution to VIPs and admins; it's affordable, effective, and efficient. I would say training staff on properly using the tool is also essential.

We decided to go straight for the Microsoft offering since we use Office 365.

I would rate this solution a nine out of ten.

When we deployed Microsoft Authenticator for our clients, we initially had some requests for training. We delivered the training, and the end users could adapt to it; the transition was smooth.

The solution is extensively used within our organization.

We use it because we have to onboard our user laptops to our Windows domain. Azure AD provides us with the Windows domain capability.

As an organization, we are going for ISO 27001 compliance. The only way to achieve much of that was to have Azure AD in place. Once Azure was in place, many things, like bringing all our laptops into the domain, and ensuring centralized policy deployment, were taken care of and that is where Azure AD has come in handy.

We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune. As a user, I rarely go into Azure AD. I would rather go to Intune and work from there.

I've been using Azure Active Directory for the last few years. Since 2020, I've been using it extensively because, where I'm working, we're totally on Azure AD.

There is nothing to be worried about when it comes to stability. It's a cloud product.

We are not worried about scalability because it's a cloud system. It will run and they will scale it. They already have packages wherein you can scale it depending on how many users you have in your system.

Our usage of Azure AD will continue, going forward, as an organization. We are not going to pull back on it. It's only a question of what more we can extract out of it as we go along.

Technical support varies. The problem is that Microsoft has contracted out support to multiple organizations around the world. When you raise a ticket, you may or may not get support from someone in your country or region. That's "Part I". 

"Part II" is that when you get to a support agent, they go by the playbook. While they do a lot of R&D for us when we give them the problem in detail, and they actually find things out and come back to us, they're not willing to go beyond the established guidelines to try to troubleshoot. They will only do so if it becomes a pain-in-the-neck issue and multiple users are reporting that problem. For example I found an issue with Defender and I raised a ticket with the Defender team. That has now been pushed to some sort of a feature update, so things like that do happen.

Positive

The initial setup is straightforward. There is nothing very complicated about it.

The very basic setup of AD might take between 10 minutes and half an hour. Then, if you sit down and focus on the task, it takes about a couple of days to have all your nodes in place.

In our company, there is another person who is my immediate junior and who reports to me. We are the ones who deploy, use, and maintain the system.

We are using the version that comes with Microsoft 365 Business Premium.

Microsoft has a very weird way of licensing the product. With the standard on-prem edition, we can do a lot of regular, day-to-day maintenance, including creating policies and the like. We can't do that in Azure Active Directory. The Azure system is very basic in nature compared to what the server provides us.

There are add-on components and services, such as identity services, that we have to add to our Azure subscription. Only then can I actually say it's on par with the on-prem server edition.

Why should I pay for a component? It should be included in my subscription. I understand there may be an added fee, but don't remove an essential component. I am a career IT guy. When I start comparing my on-prem server against this cloud edition, I see that there are components missing. The money issue is secondary. Give me a solution that matches the Azure standard edition. They should ensure that whatever I have on my domain controller are the facilities that run here in Azure AD. For example, on the domain controller, if you are my user, I can let you create a 14-character or a 20-character password. I can't do that on Azure AD. To do that, I must get the Directory Services module, which costs me another $100 a month. Let that cost be added to the bill and let me create my configurations as and how I want. Why do they want to restrict me? It's a detrimental business practice.

Still, I say go for it. Don't worry about the pricing. Licensing, at the basic level, is sensible. But you should actively talk to your reseller about the needs of your organization. Costs will vary as you dig deeper into understanding what product or service you need. Independent of your geographic location, talk to a local Microsoft partner and understand the cost. Don't simply go online and order things. I would stress that to anybody in the world, whatever the size of their organization.

The pricing module is pretty straightforward for many of the products. They have a price for up to 300 users for many of the licensed products. Up to 300 users is not considered an enterprise business.

You may have knowledge about the product, but when you talk to somebody else you get a slightly different perspective. Exercise that principle. Talk to one or two vendors, but talk. Spend time on the call. Understand what you want. One person might give you an idea of how you can deploy with your existing products, while another guy might say those products have these weaknesses and these strengths.

From the organizational perspective, it's not the native Azure AD components that provide value to the customer, it's more the other components. If you're a Microsoft 365 Business Premium customer, you get Microsoft 365 Defender. Along with that package, you get something called Secure Score for your organization. The beauty of Secure Score is that it gives you something of a benchmark. It says X percentage of organizations have this particular level of security score and it tells you how you can upgrade your security. It may tell you to enable something or disable a feature. After about a day's time, during which the change percolates across the organization, your security posture goes up a notch. That's a very useful tool for any organization, whatever the size.

The end-user experience is better because we don't have to have so many components on board, compared to other solutions, to do something. For example, even though Defender is a limited version in some critical aspects, it still does its job pretty well. One major benefit of having it is that we can control the policies of Defender from the Intune portal or the Microsoft 365 Defender system because it's backed by Azure AD. Azure AD plays a kind of backend role. 

It doesn't play much of a front-end role wherein I can create a policy. If I have to create a GPO, I must get the Directory Services component. Without that, I cannot create a GPO the way I would with the ordinary service. That's a critical difference. And with Microsoft, as usual, until you go digging around, you'll never know about this. I raised support queries with Microsoft and followed up with the tech support, after which I was informed that until I have Directory Services I can't do anything. This kind of clarity is not provided to the customer. Microsoft's website is really weak when it comes to providing specific details.

I would tell any organization that doesn't have Azure Active Directory today not to spend money on setting up a server and a data center and infrastructure. Simply upgrade your Office subscription, because it eventually happens. The world is divided into two major parts: Microsoft users and Google users, and there may be some percentage that doesn't use either product. If you're using these products and looking at ISO compliance, simply upgrade to Microsoft 365 Business Premium. You'll get Azure AD and then you can go about the rest of your work.

Overall, I rate Azure AD at seven out of 10. There is a huge difference in the capabilities between the on-prem server and the Azure version.

The primary use case is for the authentication of the users. We actually onboarded around 3000 to 4000 users at our go live, which are various application users from across the US and the other regions.

The best feature is the single sign-on provision for the various type of users. That is our sole purpose for working on that and utilizing that service as creating a custom solution for a single sign-on would be difficult when we have around 50 applications within our company that has been used by users across the globe. That includes North America plus Europe, Russia, and the Middle East. It is very difficult and complicated to do things on our own. Instead of doing that, we just acquired the service from Microsoft for single sign-on, and for that purpose, we are using the Microsoft Azure Active Directory authentication.

From our utilization perspective, they are providing almost everything. That said, the customization, like the data sharing between the application, is something that needs to be improved from their side. For example, we are sharing certain types of data. We have a container application structure, so we have a single sign-on application where we are using the Active Directory authentication, and when the user clicks on that application, the information of that user is passed to the child application, and the child application does not authenticate the user again. That is a single sign-on concept, which is available across 50 applications within that container. We pass a lot of various types of data, therefore, there's a limited capability of doing that in Microsoft Azure as, on the Azure Active Directory, we may be able to create some additional attributes, however, there are certain limitations.

Technical support could be better.

I haven't explored all aspects of the solution just yet. There's still more to look at.

We've been using the solution for as far as our last project, in which is currently being used. We have been using it for the last four years.

This is a stable solution. Since our product went live in 2017, we never got an issue with respect to authentication.

The product is scalable. It is not even region-specific. You can change the region. For example, if you want to target European users, you can simply purchase a plan for a European server or something like that. Currently, I know that our application is running in the United States region, and our targeted users are from the United States, so our application is working in the North American region, the east area.

Technical support is a thing they need to improve a lot from their side.

The engineers from the Microsoft side are professional, however, the thing is they're working on the shifts. For example, if you encountered an issue which is affecting our production application, and we talk to a guy from Microsoft in Central Standard Time. While he will be available then if the issue is ongoing for more than eight hours, which exceeds their standard working hours, he will just put a hold on the call and will say that my next representative will get back to you on this issue, and when the next representative arrives you kind of need to start over.

Neutral

The Active Directory just plays a role in authenticating the user, and it doesn't do anything else, just authentication. The services where the deployment is being done, that is a different thing. It is an application service in itself. We have an Azure Active Directory service. Besides that, we have application deployments or application services on Azure as well. That is a separate service, which is used for the deployment of the application, so when a user is accessing the application, he is redirected to the Microsoft Azure authentication application where the authentication is being performed. So far, the authentication has been performed, and that user is being redirected to our actual application, which has been deployed on the Azure service. Therefore, there isn't really a direct deployment per se for this product.

I'm not familiar with the pricing aspect of the solution. The client deals with that end of things. My general understanding is that it is quite expensive.

I'd rate the solution an eight out of ten. They do have an outstanding service compared to the competition. 

The main reason for implementing this solution was to help our customers to access internal or external resources seamlessly while allowing them to have full control over access and permissions. 

This enterprise identity service provided our customers with many security features such as single sign-on, multifactor authentication, and conditional access to guard against multiple cybersecurity attacks. 

Most of the clients have either Office 365 with hybrid solutions, a multi-cloud environment and they want to leverage Azure AD to manage access to those clouds or they have hybrid deployments with legacy apps on-premises and on the cloud as well. 

We have applied this solution to multiple organizations and it has helped them manage their environments efficiently. Moreover, it provided a high level of security and security features that are appreciated by most of our clients.

In hybrid scenarios, this is one of the best products you could have. It helped many of our customers to manage resources on-premises and in the cloud from a single dashboard. 

It helped our client to control permissions and review permissions for employees who have left the organization which kept them on-control over access and permissions granted to their employees.

The solution has many valuable aspects, including:

• Password policy enforcement
• Conditional access policies
• Self-service password reset for could users and on-premises
• Azure Active Directory Identity Protection
• Privileged Identity Management
• Multi-factor authentication 
• Passwordless authentication and sign-in
• Business to business and client to business support
• Support for SAML and OAuth

There are many more features that are very useful and can be used as part of the P2 package. There is no need to install any agent or tool to utilize those features except when extending advanced features to the on-premises active directory.

I believe the product is perfect, however, it could be improved if it could integrate with other clouds with fewer efforts and provide the same functionality it provides to Microsoft products.

Most of the features come with a P1 or P2 license. With the free version, you do not get much.

The objects in Azure AD are not managed in organizational units similar to what you get in the windows server active directory, which makes it more difficult to delegate administrative tasks

Azure AD does not support legacy authentication protocols, such as NTLM or Kerberos.

Azure AD is unaware of group policies. If you would like to use the same on-premises group policies, then you need to use the passthrough authentication method with your existing on-premises AD servers. This would compromise the high availability of the cloud and create a single point of failure.

I have been using this tool for more than five years.

A Very stable solution, I never saw the service down, unavailable, or anything like that.

The solution is highly scalable. There are no worries at all about the bandwidth or any other concerns. 

We've had a very positive experience and our clients are adopting it more as their sole identity and access management solution. 

Positive

We did use the SailPoint Identity Platform. There was no cloud solution at that time which is why we switched.

The ease of setup depends on the scenario and the use cases of your organization. 

We are a vendor team and most of the implementation for enterprise clients is done via us or similar vendors. 

The solution has a high ROI when adopted properly in your organization.

Make sure to check which features your organization requires. Find out if they are applicable to all users or just a bunch of them before deciding on buying a license.

We looked at many products, however, I do not want to mention the products' names. 

I started using Azure in my organization for user management, identity management, and app security.

I am using purely Azure Active Directory, but I've used Azure Active Directory in a hybrid scenario. I sync my user from on-premises Active Directory to cloud. While I have used the solution in both scenarios, I use it mostly for purely ATS cloud situations.

We don't really have breaches anymore. Now, in most cases, we set up a sign-in policy for risky things, like a user signing in via VPN or they can't sign in based on their location. This security aspect is cool.

If a user wants to sign onto the company's account, but turn on their VPN at the same time, they might not be able to sign in because of the Conditional Access policy set up in place for them. This means their location is different from the trusted site and trusted location. Therefore, they would not be able to sign in. While they might not like it, this is for the security of the organization and its products.

The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.

The authentication, the SSO and MFA, are cool. 

It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment. 

The user management and application management are okay.

There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory. 

I have been using Azure AD for three years.

Overall, stability is okay. Although, sometimes with the cloud, we have had downtime. In some instances, Microsoft is trying, when it comes to Azure AD, to mitigate any issues as soon as possible. I give them that. They don't have downtime for a long time.

You can extend it as much as you need. For example, you can create as many users as you want on the cloud if you sync your users from on-premises. Therefore, it is highly scalable.

I used to manage about 1,500 users in the cloud. Also, at times, I have worked with organizations who have up to 25,000 users. When it comes to scalability, it is actually okay. Based on your business requirements, small businesses can use Azure Active Directory with no extra cost as well as an organization with more than 10,000 users.

The support is okay, but it is actually different based on your specific issue because they have different teams. For example, when you have issues with cloud identity management, I think those are being handled by Microsoft 365 support, and if you have an issue with your Azure services, the Azure team handles it. 

I can say the support from Microsoft 365 support is awesome because it is free support. Although the experience is not all that awesome every time, and there is no perfect system, when compared to other supports, I would rate them as 10 (out of 10).

Positive

The initial setup was straightforward. When I set up Azure Active Directory, I just had to create an Office 365 tenant.

Creating an Office 365 tenant automatically creates an Azure Active Directory organization for you. For example, if I create my user in Microsoft 365 automatically, I see them in Azure Active Directory. I just need to go to Azure Active Directory, set up my policies, and whatever I want to do based on the documentation.

A part of the documentation is actually complex. You need to read it multiple times and reference a lot of links before you can grasp how it works and what you need to do.

The very first time, it took me awhile to set up. However, when setting it up the second time, having to create Azure AD without setting up users was less than three minutes.

I work with a client who has a small organization of 50 users worldwide. With Active Directory, they are spending a lot for 50 users for management, the cost of maintenance, etc. The ROI number is too small for the costs that they are spending on the maintenance of an on-premises setup. So, I migrated them to Azure Active Directory, where it is cost-effective compared to an on-premises setup.

For you to make use of some of the security features, you need to upgrade your licenses. If it is possible, could they just make some features free? For instance, for the Condition Access policy, you need to set that up and be on Azure AD P2 licensing. So if they could make it free or reduce the licensing for small businesses, that would be cool, as I believe security is for everyone.

The product is very good. Sometimes, I try to use Google Workspace, but I still prefer Azure to that solution. I prefer the Azure user interface versus the Google Workspace interface.

Draw out a plan. Know what you want and your requirements. Microsoft has most things in place. If you have an existing setup or MFA agreement with Okta and other services, you can still make use of them at the same time while you are using Azure Active Directory. Just know your requirements, then look for any possible way to integrate what you have with your requirements.

Overall, this solution is okay.

I would rate this solution as an eight out of 10.

Azure AD is primarily integrated with all of the Microsoft services, such as Microsoft 365, Office 365, and Dynamics 365/Power Apps. Behind the scenes, we are, in one way or another, using Azure AD for our application security, identity management, and to access purpose services. At times, we need to configure some advanced features to provide access and identity to third-party apps to integrate with Dynamic 365. 

Unfortunately, I don't have any numbers and metrics related to organizational improvement off-hand.

That said, using Azure AD app services, we don't have to care about secure access to our Dynamics 365 data. Azure AD performs the authentication on behalf of our application and that's great. We don't have to implement security on our side to secure access for third-party services or third-party software or applications.

Azure B2C has also helped us in providing secure access to the Power Apps portal, or external content.

The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.  

I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.

The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.

The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.

Honestly speaking, I haven't thought about where areas of improvement might be necessary.

Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues.

In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.

I have been using the advanced feature of Azure AD for the last three years or so.

Currently, Azure AD and most of the Azure services are very, very stable. A couple of years ago, I experienced some difficulty in implementing the solutions, the services of Azure AD. In one instance, I was not able to configure Azure AD for a registration. This was two or three years ago. However, currently, the documentation is very clear and there are no loopholes or anything that could hinder even a simple IT administrator to implement these services.

I am just using the product for integration with Dynamics 365 and Power Apps solutions. Right now, we are integrating with Azure AD in a very simple manner. I'm not sure if we plan to expand usage.

In our company, 100 to 200 people are connecting to PowerApps portals using Azure AD B2C.

There are two or three developers right now who use Azure AD for identity and access management purposes. Managers will not be using Azure AD in that it is not used to configure and trigger solutions using Azure.

We haven't used customer support contact up to this point. Everything that we need is already provided through the documentation. So far, we haven't had any need to contact customer support for Azure AD.

We did not use a different solution before we used Azure AD. We only use Microsoft solutions.

The initial setup was very straightforward. The documentation is very good and the steps are very well documented. I remember three years ago I encountered some undocumented feature or maybe a bug when configuring Azure AD for apps registration. However, lately, this is not the case. Currently, the documentation is very up-to-date and very clear, and almost every time I register the user, the apps in Azure AD, and configuration the Azure B2C have helpful documentation. They probably made some form of an update to the system that fixed any past bugs or issues.

The deployment hardly takes 15 to 30 minutes - and that's for app registration. To complete the whole process on the Azure AD side and on our Dynamics 365 side - including Azure B2C - it took, when I implemented it for the first time, one hour to set up everything. That was the first time. Since then, I've gotten faster and it now hardly takes 30 to 40 minutes to configure Azure B2C.

We are an IT company ourselves. A hundred percent of the time we use our own skills and documentation to implement everything related to Azure AD and Dynamics 365 or anything else.

We have seen an ROI due to the fact that it integrates with other Microsoft services very seamlessly. In that sense, it definitely saves time and cost as opposed to implementing something that we don't know, such as other identity systems. 

I don't know much about the pricing. As far as licensing is concerned, there are two options. There is a set of free services that are offered through a free license and if you have a Microsoft tenant or any Microsoft service such as Dynamics 365 or Power Apps, you have access to a free set of services that Azure AD provides. This includes registration and some other items. 

If you want to use Azure AD's advanced features, they are not provided for free. There are two types of premium licenses that are available for anyone who is a registered licensed user.

We did not evaluate different solutions before we chose Azure AD. This is due to the fact that, in the Microsoft ecosystem, Azure AD fits best in terms of providing access and identity management to all of the other Microsoft online services.

We are a Microsoft partner.

I'm not sure which version of the solution we're using. This is an online service. As I'm a Dynamics 365/Power Apps developer, usually I don't bother to check what version of Azure AD is currently hosting on the online services.

I would advise new users, if they are using Microsoft online services, that Azure AD is the best choice for all identity and access management requirements. This is due to the fact that it is in the same ecosystem. It understands the needs of its own vendors much better compared to any other external identity service.

I'd rate the solution a perfect ten out of ten.

My company provides different types of support for different products. I am a Microsoft Azure support engineer for Azure Active Directory.

We work with multifactor authentication, federation, synchronization of on-premise services to the cloud, migrations from on-premises to the cloud, and role-based access to company services. I also work with the identity services of Azure. I work with certain cases where customers have issues with Office 365. That's because the administration and the role-based access come from the Azure platform. 

We're in the middle of the transition to unify more services. There are many services in terms of networking with the machines and storage accounts.

Azure is a platform, so it doesn't have a version.

Microsoft 365 is a part of the service of Active Directory. Currently, all the people and institutions, such as schools and universities, working from home are getting the benefits of Microsoft 365 in Azure Active Directory. They are indirect users of Azure Active Directory. That's because all the services are with the Azure platform, and all these identities are managed from the cloud. This service is providing a huge contribution to the whole world at this time. For example, my nephew is not going to school currently, but he has to connect every day through Microsoft Teams. I know that it is Active Directory that's managing this authentication, but he doesn't know that.

Azure provides many services related to security, data protection, identity, key networking, and management of the storage accounts with encryption. The whole environment is very secure. Azure works with the security of the services. It is in the backend, and it is the same platform as Microsoft 365 or Office 365. So, if you have Office 365, you're using Azure. The platform source is the same for Azure and Office 365 or Microsoft 365. It is the same platform to manage the users. At a certain point, I guess everything will be together because even though there are too many services, all of them rely on the same platform.

There is a secure way of managing the security and access to your services. If you use Azure in your company, you can manage the type of authentication that you want to use for security. For example, you can manage your company from on-premises and also use the cloud in a hybrid environment. This way the services that Azure provides on the cloud are available for the users that exist on-premises, and this is actually where I'm working right now.

The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.

For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory. 

For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.

The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them. 

Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.

I have been working with Azure Active Directory for two years.

Scalability is one of the main features of Azure. You can adjust the services that you have., You can increase them anytime, and if you are not using them, you can downgrade the services to the minimum. The scalability and elasticity are the key features of Azure. They allow you to manage all the resources that you have according to your needs. For example, if you are a big company that is going to have a lot of customers during a period and needs to duplicate or triplicate resources, you can get all those created immediately. When you don't need that many virtual machines, storage accounts, or web services, you can downgrade to the minimum. The pricing will be according to the service that you are using. This is one of the most attractive things for the customers because if you were on-premises, what would you do with all those desktops once you don't need them. On the cloud, it is different. If you don't need it, just remove the service, and you won't be charged. It is very flexible.

I provide support for Azure AD. This is my area of support currently, but sometimes customers have questions about different products or services. Because I'm working on Azure Active Directory, it doesn't mean that I only know about this specific product. We are constantly learning and getting trained. There are too many things to learn more about the Azure platform. I have worked for the billing and subscriptions team, which is a totally different type of support. If a customer has questions about billing, subscriptions, pricing, and discounts available on the platform, I can provide support. If a customer needs help with creating a virtual machine, I can tell the customer to work with another team. If I have the knowledge, I go the extra mile and help them. 

There have been situations where the customers had a ten-year-old server that was no longer supported, and all the services were very old. They were from the time when Azure started, and those services are called classic services. Most of those services are not compatible with today's technologies. In such cases, we had to let the customers know that they need to migrate the services, which can get tough for some of them because not all users have the resources to move services to new technology. In such cases, we work with other teams within our own company and try to find a solution. We always try to find a solution. We are not limited to one solution. We'll research for options and do some brainstorming with other teams, and most of the time, there are no cases that we can't close or are unsolved. Of course, customers might have been expecting a different solution, or they are not open to change, but at a certain point, they will need to accept that some of the resources that they have been using for more than 10 years are now obsolete. 

It is very simple. All you need to do is to create a subscription. When you create an Azure subscription, you will be creating an Azure account. If you are using Office 365, you already have an Azure Active Directory account.

If you go to Azure.com and use your credentials, you would be able to log in. So, you have a basic panel with services related to Active Directory, but if you need to deploy virtual machines or other paid services, you will need to purchase a subscription. I have my own environment, but I only use it for testing and for making records of customer issues to see what's happening or why the problem is coming.

It is a very easy-to-manage platform. There are many guides. As soon as you enter the portal, you will see all products and services. Every time you click on any specific service, you will find information about the service, its pricing, etc. You will get the required information needed on the platform. I also have experience with IBM's platform, but it was not as easy to handle as the Azure platform. 

The basic tier of Azure Active Directory is free, so many users use the service for free. For a small company having the security and compliance that Azure offers is a great benefit. For small companies that are using the basic services, not having to pay for Azure Active Directory is the main asset because they can manage their users and have authentications tools and security. 

You just need to create an Azure account to get a free trial or subscription. If you sign up for a free subscription, you will have $200 that you can use for a month on any services that you want to try or test. If you're planning to use a paid subscription, you can't have the first month for free until you spend those $200. At that point, you can decide if you want to continue using the platform. You will be paying only for the services that you use. If you have a virtual machine, but you don't use the virtual machine, you won't be charged for that virtual machine. There are, however, some limitations. If you choose to have storage linked to the virtual machine, the storage is charged differently. 

Azure has different tiers. You can use the standard free version. You can have the B1 license that gives you more services. There is a B2 license that extends to even more objects, more users, and more services. So, depending on the license that you have for the product, the capacity changes. The basic tier allows you to manage a certain number of objects, which can be users, groups, permissions, etc. The number is limited because you are using the free version. If you want to manage a bigger company or more objects, you can just purchase a B1 license. If you need more, you can change to the B2 license that's a top tier. 

If the size of your company changes or you need to reduce the number of licenses or services, you can always cancel licenses. You can go back to the lower tier at any time depending on your needs. Most of the big companies use the higher tiers because they have many employees. In domains like education, there are many students, so they need to use more licenses, but most of the small companies or users who are using it for a project use the free version.

If you need to purchase a service, for each and every service that Azure offers, there are different pricing tiers. For example, you don't have to purchase a virtual machine that is too expensive. There are basic virtual machines that may cost you $40 for one month. If you need a very specific machine to do a deployment, you can use it just for the deployment and then delete the virtual machine. You have to pay it only for the hours for which you used that machine, which is a great advantage. If you work with data processing or you're a developer who needs to test new software or a game, you don't need to pay a huge amount of money for a specific virtual machine. You will only be paying for the hours that you need to do the testing. You don't have to pay $6,000 for high-end technology. I know that the idea is to keep people using the virtual machine, the storage account, or any service they have, but if their needs are just limited for a few hours of the month, that's what they will be paying for. So, it is very flexible.

I would recommend Azure Active Directory to everybody. I would recommend others to use it to easily manage all the users. If you are dependent on an on-premises server, those servers may fail. Some people have too many old servers. If you move to the cloud, you don't have to worry about hardware maintenance.

Microsoft offers several ways to keep your data safe on the cloud. For example, you can choose replication. That means that your data will be at two different data centers. You can have your information at two different locations, such as in the east of the USA and in the west of the USA. If you are paying for higher services, all your information can also be in another country or region. So, all the information that a company may have in Azure will be protected if something catastrophic happens, which is something very important, especially for large companies. 

The improvements to the platform are constant, and the feedback that the customers provide to Microsoft is taken very seriously. They have a feedback page where the users can request new features or existing features that they are not happy about. Microsoft takes into account all these requests, and I see the response from the backend team or developers. I can see how they provide new products or good information about what they are doing right now to improve the services. Most of the requests are for new services and ideas, and most of those ideas are seriously reviewed. I can see that over the last few years, how many of these requests have become a part of the platform. So, you see improvements everywhere. There is also a change in Office 365, which will be soon known as Microsoft 365. They're changing the experience, and they are also changing the licenses to include more products. So, changes are constant. I am not saying this because I work for Microsoft. I have also worked for Amazon, and I see similar structures. They are making changes all the time.

Every day, I see the requests of customers and the response from Microsoft to those requests. When all these improvements are added to the platform, for those of us who are on support, the cases become easier to manage. It gets easier to provide solutions because we have more options to resolve the problems, and the customers also have more options. 

There are times when customers don't realize that the platform has changed and the services they used don't exist anymore. Usually, we provide support through Microsoft Teams and remote sessions. So, we go there, and we explain to the customer that they can do this because the platform allows them to select this and then do customization. So, everything is flexible. The customers sometimes are very surprised because they don't know that the platform has changed so fast. The experience of providing support becomes very nice when a customer is amazed by all the new features. They had been working in the old way, and they didn't know that they now have many options on the platform. In such cases, it is a very satisfactory experience for the customer and also for us. In some cases, it takes about 10 minutes, and the problem is solved. The customer becomes very satisfied with the solution.

I would rate it a 10 out of 10. I can't tell how happy people are when they call and are looking for such a service, and they realize that it already exists. They just didn't know about it. This rating is not based on the experience that I have in working with Microsoft; it is based on the experience of the customers I work with.

We mainly use Azure Active Directory for authentication, identity management, and single sign-on. A user can use a local Active Directory password to sign into other platforms, like Zendesk or Zoom. These on-premise users are synced to Azure Active Directory. We have some other users who only use cloud, so they don't have instances on-premise, i.e., they are pure cloud. Both of these types of users can authenticate their credentials with other applications and single sign-on. 

We use Microsoft solutions, such as Microsoft Endpoint Manager for mobile device management (MDM), Microsoft Defender, and Advanced Threat Protection (ATP). For our customers and clients, we do something similar. We also send logs from Microsoft 365 to different SIEMs.

We sync users from on-premise using AD Connect sync. We sync them to Azure Active Directory, where we have some instances. 

We have secure scores and compliance scores. These scores tell you your standpoint in terms of recommendations, vulnerabilities, etc. So, it can tell you what you need to configure to increase your security posture, then you can tell where you are. With the compliance scores, it will tell you what you need to do to improve it. The secure scores will tell you that maybe you should enable MFA for all users or that all admins should have MFA. It gives you a lot of suggestions and recommendations to improve your security posture. 

Microsoft Endpoint Manager acts as a mobile device management tool. It focuses on the firewall and does device compliance policy. There are a lot of policies that you can use to align your organization in regards to compliance and regulations. Also, there are security settings that you can enable.

In Microsoft Defender, it accesses the devices onboarded to your Microsoft Defender so you can see the vulnerabilities in terms of the applications installed on a system as well as the version of the OS that you are using. It shows you the patch management that you need to do for vulnerabilities. 

Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.

Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user. 

You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.

There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.

Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.

Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.

I have been using it for four years.

It is very simple to manage.

The scalability is massive. When you get your licenses, those should give you the limits of what you can do, but the limits are considerable. It should scale automatically as your workloads increase.

If enough customers have questions about something, the Microsoft product engineering team will pick it up, document, and design it, then publish it in Microsoft.

At a previous company, I was the technical lead and expert. We were Microsoft partners. So, we picked up tickets for Microsoft 365, working on different issues from eCommerce, Exchange, SharePoint, and OneDrive. 

You can maintain your previous investment in identity management solutions by just integrating them with Azure Active Directory. You can also integrate other solutions with Azure Active Directory, then use Azure Active Directory as a single sign-on.

The initial setup is straightforward. 

Active Directory is a place where all your instances, users, identities are being stored. You can create users and identities, then they are stored in Active Directory. Then, Azure Active Directory is just like a cloud-based scenario. When you create users, they are there. You can join devices to your Active Directory.

You need to have the user's information: their password, email, location and ID. All those things are being stored in Azure Active Directory. 

Deployment time depends on the scope of work. For example, a single user could take about 10 minutes to deploy, if you know what you are doing.

Deployment needs just one person to do it.

It protects your identity and keeps you secure. The return on investment is that it keeps your identity from being compromised or you being scammed. That is the investment that customers pay for.

Previously, only building and global administrators could purchase subscriptions or licenses. Mid-last year, Microsoft made it so users can purchase the license online.

Microsoft business subscription is for 200 to 300 users. If you have more than 300 users, you can't purchase the business plan. You have to purchase the enterprise plan. The enterprise plan is for 301 users and above. 

Pay as you go is also available. If you pay as you go in Azure, you will be billed for whatever you use.

I know AWS has something similar.

It is an excellent solution. I would advise going for it.

I have received several complaints from different people and customers too, "Why do I have to do it two times? I want to do it just one time." However, there is a reason for it - we are increasing the security layer. That is why it takes two times, because it is organizational policy. So, they just have to comply.

Previously, admins could only release quarantined emails, so you would need to speak to the admin to release them. Now, if a user's message gets quarantined, then the end user releases it.

If you have Microsoft 365, then you have Azure AD. They go hand in hand.

I would rate this solution as 10 out of 10.