Microsoft Entra ID Reviews

We use it for authentication. Where we have cloud services, it syncs with Active Directory on-prem. We have about 1,800 people using it.

It's a very scalable solution.

The ability to manage and authenticate against on-premises solutions would be beneficial.

We have been using Azure Active Directory for about four years.

We have had very little requirement for technical support. It's a cloud solution.

We didn't use a different solution. We brought this in when we went into what was called Microsoft 365 in those days.

The setup was pretty straightforward. In terms of maintaining it, we have a team of six infrastructure engineers, and Azure AD is just one of the systems that they manage.

We did it in-house.

It's included within a wider bundle of Microsoft 365 products.

You need to make sure you've thought through how you're going to deal with your on-prem applications because having a hybrid solution like ours brings some challenges.

Ultimately, we will move completely into Azure AD, but we have a lot of on-prem applications and you can't use Azure Active Directory with them. Until we remove those applications and make things cloud-only, we will still need a hybrid solution.

Microsoft Authenticator is the tool provided to assure that we are using the Microsoft product in the correct way, from the Microsoft point of view.

It's two-factor authentication. I personally use several of them, from Google to Microsoft Authenticator to others. It's a solution that works.

The solution is stable. 

The product is easy to install and quick to deploy.

The solution is secure.

It offers good Microsoft integration capabilities. 

For the moment, I don't have any complaints. 

The pricing is okay, however, it could always be better in the future.

It is a stable, reliable product. There are no bugs or glitches. It doesn't crash or freeze. 

In terms of scalability, we don't have complaints about this from the users of this kind of solution.

Several people in our company use the product. I am unsure of the exact number. 

When we have problems, we don't go to Microsoft; we complain internally to a group that is responsible for keeping this working. I can't speak to how Microsoft's support is. I've never directly interacted with them.

Positive

I also use Google Authenticator.

I need to use different services to log on. Microsoft promotes its own solutions. For my bank, for instance, I have a solution imposed by my bank. For Google, I have Google Authenticator. For Microsoft Plus. I have Microsoft Authenticator. For our VPN, we use FortiGate, the authenticator.

The installation is easy. You can do the installation on mobile phones and it can be installed on the web. It's not a problem.

The deployment is fast and only takes about two minutes. It's supposed to be done by the end-user.

I have done the implementation myself. I did not need the assistance of any integrators or consultants.

I don't pay a separate licensing fee. It's already included in the service we buy from Microsoft.

I'd rate the solution an eight out of ten.

The solution is deployed on a public cloud. We are using Microsoft Azure.

There is on-premises AD and cloud AD. We are able to sync the solution and use the load technology and password management features.

The most valuable features in Active Directory are the password writeback product and the MDM technology.

The on-premises AD comes with a lot of options and group policies. With the group policies, we are using screen saver a lot, and it is messing up Azure AD and isn't working effectively. We are also using MDM technology through Azure. For Android the MDM technology is okay, but it doesn't work properly on iPhones.

When we do a screen share and screenshots, it doesn't work on the iPhone. For Android, it will only work for Outlook, which is provided in the company portal.

I would like to see the group policies on the same platform on cloud.

We have been using this solution for almost two years.

The solution is stable and everything is working. In terms of connecting the web application, there is technology for single sign-on. When we use it, the solution opens very slowly. It might be a bandwidth issue, and some content will not work on that portal.

The solution is scalable. We haven't had any issues.

We have 500 people using this solution in our company. We have increased usage, and we have plans to increase more. 

Technical support is very good. They work quickly to resolve any issues.

We are using an earlier non-premises AD, but we want to move to the cloud setup, which is easier for end users and everyone else due to the pandemic situation.

Setup was straightforward. Implementation took three months.

For the deployment process, we had a technical team of two people who did everything. They are engineers.

We used a consultant for deployment. I think we used a Microsoft partner.

It was a good experience and not very complicated. I think I realized that they are not seeing many implementations. There's a tool in Microsoft Azure called an endpoint security tool, and they don't know how to implement it.

We have a yearly license.

I would rate this solution 9 out of 10.

This product is very nice. It's a legacy application, so the people using it are very familiar with it.

The solution allows us to assign and give the access and controls. It allows us to monitor privileges with the users so that we can then be in control of the access given to digital resources.

The best example of how it has helped our organization is when we migrated toward Azure. We were able to take all the users which were there on-prem and migrated them over. If those facilities were not there in Azure Active Directory, then we would likely have to create individual users and one by one give them specific access. We'd have to look at their needs and set authentication. It would be hard to control users that needed higher admin-level access. Without the Active Directory, we would not have the control we needed. 

Azure AD has features that have helped improve our security posture. That's one of the basic fundamentals of having an Active Directory. The whole concept of Azure Active Directory came from the Active Directory on-prem version. There’s this tunnel of authentication that it has.

When you migrate, you can migrate your Active Directory on-prem onto the Azure Active Directory which has tightly integrated features due to the fact that they both are from Microsoft. Based on that, you can give access based on what privileges are needed. Basically, if you're talking about security, everything is related to role-based access. The security aspect is linked to providing the proper access.

My understanding is, in the future, they will be able to bring everything into one single platform and they are not there yet. We are loving third-party authentication, however, those authentications will be further scrutinized by AD itself.

For example, if you want to book a flight, you go to any website to book. Booking the flight can be divided into two parts. One is creating a log-in with a particular website and then booking. However, if there are five to ten websites and you want to compare prices on all of them. You aren’t going to set up a log-in for each and every site. That's not feasible.

Instead, you can use your own login credentials, for example, from your Hotmail or Google account. Then, you have a token authenticated by Google, et cetera, which gives you the privilege to do the booking for a particular session. This is similar to what Azure AD should do in the future for authentication and allowing access.

I've been using the solution for at least four to five years. 

The stability is good. It's always there. If it is down then that's it. Anyone can log in. Anyone can do anything, whatever they want to do. That's why it's considered the backbone of the security pillar. There has never been any downtime, however.

Azure AD is scalable. You don't need to take care of it as it's a part of the service which is taken care of by Azure itself based on how our company grows. Basically, it's a hidden feature, and scaling it for the end-user is always happening. It's always scaling.

We have about 3,000 users on Azure AD currently.

I've been working as an architect and therefore have never directly dealt with technical support. 

I work on different platforms. For example, I work on AWS and GCP (Google Cloud Platform), et cetera. Azure AD is very good and very powerful and offers a basic foundation having the highest status or dominance in terms of providing access management. It's tightly getting integrated with the on-premise solutions. That’s true irrespective of what cloud you're using - whether GCP, AWS, Oracle, or IBM - whatever the cloud provider, you're using the services you will be using a laptop or dashboard.

We are now working remotely. However, having remote access doesn't mean that you are not entering the company premises virtually. Basically, everything is going through your company's network. You're just going through to a cloud. You can move across platforms to validate. You can still use the AWS site to authenticate and verify the users. No matter the cloud, you’re still using Azure AD to get access.

I wouldn't say the initial setup is complex. If you have a good understanding of the product, you can break down your tasks. Then, slowly, step by step you can complete all the tasks.

Our operations team did the migration from on-prem AD to Azure AD. Therefore, I cannot speak to the exact length of time it took. My work was to design the architect and provide them with the solution. 

I have clients who have seen an ROI.

I'm not a Microsoft partner. I work as a consultant.

I'm predominantly using the SaaS deployment version. 

My advice to potential users is on the security side. There was a famous article on Gartner which clearly stated that by the end of about 2023 or 2024 if someone tries to access your network or if anything becomes accessible or has been exposed, it is not the cloud provider that is the problem. It is due to a misconfiguration of the services.

It's not really with the user. It's really with how and what kind of access you provide to that user. For example, if I give someone an admin status, and they provide access to someone, they are providing not only basic access, they’re giving access privilege or admin rights. If they’re giving admin rights to the wrong person, even though they may have the best intentions, due to a lack of knowledge, that person may do something stupid and it may be a disaster to the company. That has nothing to do with the AD users themselves. You need to be aware of the security and the access that you're granting your users at all times.

I'd rate the solution at a nine out of ten.

When a customer is trying to synchronize user information from their on-premises environment to the cloud, they might be encountering a series of errors or they may not be able to achieve what they are trying to achieve. They will raise a ticket so that somebody can help resolve the problem or clarify the situation and explain what the workflow should be like. That's where I often come in.

My support scope is focused on the synchronization aspect of Azure Active Directory. My specialty covers scenarios where customers have information in their on-premises environment and they want to synchronize their Active Directory information into the cloud with Azure Active Directory.

In addition to getting on calls and assisting customers to resolve issues, we also try to help educate customers on how to achieve the best results with Microsoft products.

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. 

The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.

I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

I've been using the Azure Active Directory platform for a little over three years. I started supporting the product in October of 2018.

Our company is a Microsoft partner. When Microsoft customers raise tickets, most of these tickets get routed to partners like us. I follow up on and assist customers when they have issues that relate to my area of expertise.

Azure AD is solid because of the way the product is designed and because the people who support it are very good.

Microsoft is a very big organization. Whenever they put products on the market, they take things like scalability into consideration. They make sure the life cycle of the product matches the demands and the usage of customers. This product should have a long life in the market.

Microsoft technical support is great. Fantastic. Microsoft is looking to push the capabilities of its products, to enable customers to achieve more.

In general, there has been improvement in the way the technology can be used by end-users. Their feedback has been taken into consideration and that has helped a great deal.

Azure AD has features that have been developed purely for the security of users. It has things like Conditional Access policies and MFA. But the nature of the support that I provide in Azure AD doesn't focus on security. While Azure AD gives a company a holistic way to manage user profiles, I don't usually work on security aspects. But I do know that, to a large extent, the solution is built using the latest security.

The provisioning service I support has authentication methods. There has been a push by Microsoft to move customers away from certain authentication mechanisms that are not very strong in terms of security, and to make sure that secure standards are being enforced. I have looked at integrations set up by customers where they have only done the basic minimum in terms of security. Microsoft had to push those customers towards a much more secure setup. So customers are getting better security.

Overall, the effect of the product on my customers' experience has been good. I generally come into the picture when customers are having an issue. Most customers I've interacted with don't understand some information or why the product is designed the way it is. When I explain that it has to be this way so that they can do what they need to do, the customer feedback comes in at about an eight out of 10.

We are using it for central management, MDM, SSO, MFA, applying policies.

In terms of the features that I have found most valuable, it is cloud based so it is always updated, that part you don't have to take care of. It is public cloud. It is actually AD as a service, so it's a kind of an infrastructure. It is more infrastructure as a service.

We had some issues with the migration of users from the local user accounts to Azure AD. It was more like a local issue and had nothing to do with the Azure AD itself. It works fine for SSO, the Single Sign On. We were not able to do the integration very easily with ADP, so that was a challenge, but later on it was resolved. We had to do a lot of things to have that on the configuration. Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be, the integration was not very seamless.

Additionally, it would be great if they added support for more applications in terms of integration for SSO. That's the only thing that I find missing for Azure AD.

We have been using Azure Active Directory for the last six months. We didn't do any migration from on-premise Active Directory to Azure AD on the cloud. What we did when we were setting up the computers was to join users to Azure AD and apply some conditional policies and everything works fine. We don't have any issues. The only thing we face are some problems with some computers because they were using it locally and we had a lot of data. So when we did the migration to Azure AD, we also had to move all the user settings data, the complete user profile, to the Azure AD account, as well. That was a challenge, but I was able to use ProfWiz to move data between user profile.

There are not any bugs or glitches that I can recall. So far everything is working well.

Scalability is one of the reasons we selected Azure Active Directory. It scales very well.

For now there are almost a hundred users using it, but we are adding more.

We contacted support only one time and it was not related to SSO. We had some questions about their subscription and it was good.

When I was working with another company, we were using on-premise Azure Active Directory. We didn't want to invest in the infrastructure to maintain it, to get the license, so it was not very cost effective for us. We had a meeting with the management and saw that Azure AD would be very cost effective, scalable, and more secure, especially in terms of SSO and MFA, which were some of our requirements. We didn't want Active Directory on premise. It was not easy to do the migration.

The initial setup is not very difficult, especially if you start using it straight away. But if you do the migration, I think that might be a challenge. Fortunately, we started directly from Azure AD, we didn't have to do any migration from Azure AD On-premise to the cloud. It was pretty straightforward and easy. We didn't face any difficulties.

It depends on their requirements and what they are trying to achieve. One shoe does not fit all feet, so that's why it might be different from company to company. For us, it met all our requirements. It was very scalable, which is huge, and just always available. You don't have to be very worried about maintaining your own hardware, your own infrastructure, updating the servers from time to time or caring about securing your on-premise infrastructure. Azure AD is a good solution. I am satisfied with it so far and everything works great.

On a scale of one to ten, I would give Azure Active Directory a nine.

We are a software development company and solution provider, and this is one of the products that we implement for our clients.

This is an easy way to give users access to applications. I can share access with other organizations outside of our network.

This solution is easy to manage.

The ability to grant access to other organizations is helpful.

It integrates well with a large number of applications.

Microsoft needs to add a single setup, so whenever resources join the company or are leaving the company, all of the changes can be made with a single click.

I would like to see a secure, on-premises gateway that offers connectivity between the physical servers and the cloud. The capability already exists, but it is not secure enough when the setting is marked private.

I have been using Microsoft Azure Active Directory Premium for about a year.

In the time that I have been using Microsoft Azure, I haven't had any problem with stability.

This is the right platform if you are looking for scalability. We have more than 100,000 users.

We have not needed to use technical support. 

We have a couple of contacts in the Microsoft team, so we will reach out to them in case we have any questions.

I have recently been working with Okta, and I find that most organizations are moving toward it. With this in mind, I think that Microsoft has to take care, and consider why so many people are switching. The most important reason is the single setup. Once they set up Okta, it's easy for the organization.

I have been working in Microsoft Azure for a long time and I find the initial setup to be easy.

For maintenance, we have a team of 20 administrators and developers.

Licensing fees are paid on a monthly basis and the cost depends on the number of users. There are no charges in addition to this.

The suitability of this solution depends on the technology and the environment at the organization. Many companies are still transitioning to the cloud, leaving part or all of their data on-premises. Ultimately, it depends on the data that they have and their preference or requirements for keeping it on-premises. In some cases, people want to move only non-private data to the cloud. All of these things have to be considered before implementing Azure Active Directory.

I would rate this solution an eight out of ten.

Our primary use case is to simplify directory deployment and centralize source of management. Within our own consulting business, we choose to use Azure AD.

The centralized management feature is very valuable. Being able to delete stuff in one place, from any location is really great for us. In addition, we do not have to deploy lots of machines all over the place to run things as a service, which is how we like to deploy things, just as a service. So, this makes it easier to deploy, easy to set up, and work with. It is easy to use, and makes quality of life issues a reality for us.

It would be nice if it had some visualization tools. A bit of visualization would be really nice to show your Azure directory structure. It would be very good because you might have sub-domains and odds-and-ends going on. So, a bit of visualization would be really good. Being able to plug it directly into the video to produce models would be a really nice feature.

Less than one year.

The stability is really good. We have not had an issue with it at all. It is always there for us.  As a part of what Microsoft seems to be doing, it is taking away from what dedicated machines that you have to fiddle and tinker with to run services on, and turning them into services you can just access.

My experience with tech support has been really good. I have had a couple of issues where I have logged the ticket with Microsoft, and I had someone on the phone with me regarding the ticket within a half an hour. It was a real technician who really knew what he was talking about. I was very impressed.

We had a problem related to Office 365 and Skype, and not being able to generate a Skype session when everything else seemed to be working. The tech support helped us fix the situation. They have a good depth of knowledge  and it is not just people reading off a script. They are real users, with real experience.

The initial deployment and setup was pretty straightforward. It is pretty easy. It is not that hard to get going, and the thing is that it is quick to integrate well with your Windows.

If you have an existing environment that consists of on-prem AD based environment, then you will want to go with Azure AD. You need to talk to your service provider, or your in-house IT team. Get them involved to help. We did so, and then we just set up a whole new domain and got rid of the old one, and set up the new one on Azure AD. Microsoft will help walk you through the process.

It looks like they're just making everything as a service and it is pay per user, and that just works for me. It's really good. Gets the cost down and lets you scale if you need it.

It is easy to use, straightforward, and in my language. It does exactly what is says, and does not pretend to be anything else.