Microsoft Entra ID Reviews

The solution is a hybrid cloud with connectors into Azure/Microsoft 365 cloud.

I am still figuring out the whole on-prem/Azure Active Directory Premium/Microsoft 365 integrations and administrative connections.

The scalability of the solution is good.

Technical support can be helpful.

It's not intuitive and we use it mainly for our hybrid capability now and are expanding our footprint in Microsoft 365. The integration between on-prem and Online is interesting. However, the learning curve is high.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory, however, you don't have an Azure subscription. Yet, all of our active directory connectors put our credentials into the Azure Active Directory. 

There are enough things that aren't implemented on our side and we are in the middle of this transition.  I don't blame the product necessarily for that. However, there are links and items within Microsoft 365 that still point back to the .com side.

Items seem to continue to move, such as security and compliance. Now there's a security portal and a compliance portal, and all three are still being maintained, however, one's being phased in and the others are being phased out. Things continue to change. It's just been a bit to learn. There's a lot to keep track of. There should be a bit more transparency.

The Office 365 subscriptions are a bit confusing with a hybrid environment with what credential has an Microsoft 365 subscription.  However, then some of the documentation I was reading this week was where I ran into a wall. This particular document clearly showed that when you have a particular ability on the Azure side, and then you have another ability on the Office side, intuitively the Microsoft cloud knows to give you certain other rights, to be able to do stuff. This settings and configurations are in different places. Some things are then in the Exchange Online, some things are in the Intune section, etc.

I am not sure if the intent is to have an Microsoft 365 administrator with a second subscription for a cloud admin account or not.  I was trying to do something in Exchange online and received a message that I couldn't do it because I didn't have a mailbox. It's frustrating and confusing at times. There are things like that just are a different user experience between on-prem and online.

The Microsoft Premier Agreement we have has been very beneficial and we have had an excellent experience with a couple of different short cycle projects.

We've been working with the solution for just over a year and I have been involved for the last five months. It's been under a year, and not very long just yet.

The scalability seems to be there.  We are not a very big shop but we have unique needs and requirements.

The premier services we have are very good. We have a contact that's been with Microsoft a while and that's really saved us. The reach back into field engineers and their amazing ability to get the job done have been hugely beneficial.  The Exchange Online engineer we had was worth double what we paid for. It was amazing. If it weren't for that, I am not sure if we would have made our schedule.  Often the timing hasn't lined up, with short notice compliance requirements and implementation constraints due to configuration or version of technology.  They are very responsive, but depending on if it's break fix or planning, the planning side as longer cycles.   

I wasn't a part of the initial setup. I can't speak to how long the deployment took or how easy or difficult the process was.

We had assistance with the setup. We're actually bringing in some more help as our needs have short turn cycles and some ageing infrastructure that we still have to move online.

I would say to make sure you have a trusted integration partner or someone on staff that has been through this transition.

We're just customers. We don't have a business relationship with the company.

While we use the on-premises model, we also have it synced for hybrid functionality.

With COVID especially, there have been a lot of changes in a lot of companies and a lot of rethinking of processes lately.

We're in the process of rolling out Office 356 internally. We've had really great feedback that people really like Teams, and we want to move more into that area. We had a roadmap meeting with Microsoft a few months ago. It was probably five months ago, four or five months ago.

Some of the more accessible types of items were on the roadmap for the first quarter of this year. However, Microsoft's working hard at listening to customers, especially through the COVID situation that changed a lot of work and priorities. The collaboration stuff has changed. They've been pushing a little bit more on getting some more integrations. We're not going to have that kind of clout where I am, however, where I used to work, we would have. We were the ones that were making sure the Exchange got upgraded and got to the developers.

I would rate the solution at a six out of ten. If the solution offered better transparency/clarity I might rate it higher.

Typically, we have applications deployed within the office network that we need to make accessible to our staff outside of the bank. Some of them are also our clients, but mainly, this is for people working in the region.

So without having to put them behind firewalls, what we opted to do is publish them to the proxy. This means that they can then come in via a secure port and begin to access the resources as if they were internally and securely within the network.

The most valuable feature is the ability to set up conditional access, where you can enforce users to connect using multifactor authentication. This is one of the things that we are using it for. It means that users who are accessing the applications remotely are authentic.

Technical support could be faster.

I have been using this product for three years.

This solution is stable and we plan to increase our usage.

It is a scalable product. It can be deployed in a highly available manner, where you have to have two or three connectors. We have approximately 7,000 users.

We are satisfied with the technical support from Microsoft, although it could be faster.

This product is part of our enterprise license and we did not previously use a different one.

This is a cloud service, so the initial setup is straightforward. It is not complex.

For each request, it does not take very long.

We deployed this product ourselves.

No staff is required for maintenance.

This product is sold as part of the enterprise package and our licensing fees are paid on a yearly basis. You can get it as an add-on and it's not expensive.

I have not evaluated other solutions, which makes it difficult to tell what additional features I would like to see in the future. It is sufficient and adequate for our current use case.

In our current use case, there is nothing that is lacking. This is definitely a product that I can recommend for other users.

I would rate this solution an eight out of ten.

We primarily use the solution only for the employees. It offers a single sign-on to business applications. Internal modern applications also go through Azure Active Directory, however, we use Active Directory for the legacy ones. (Kerberos).

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. 

We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.

We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify. 

One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. 

We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

I've been using the solution for four years at this point.

The solution is relatively stable. The only issue we have is that there's a lot of things on Azure that are synchronous. Sometimes it takes time for changes to apply, and it kind of depends on the time of the day. A lot of the time we're happy with it, however, sometimes it creates a bizarre issue that is difficult to troubleshoot.

The solution is quite stable. If an organization needs to expand it out, they can do so rather easily.

We have about 9,000 people in our organization using the solution.

While the technical support is good, you need premium support. The standard support is more for small enterprises. We have the premium support and with the premium support, it's much better. There's a direct line to the correct type of support. It's very good.

We previously used SiteMinder from Computer Associates. The main reason we migrated to Azure was for the integration with Office 365. It then became our primary authentication source for the employees.

The initial setup is not too complex. It's pretty straightforward.

We didn't need the assistance of an integrator, reseller or consultant for deployment. We were able to handle everything in-house.

The pricing is really great and Office 365 packages are good. We don't pay for it separately. It's included in our package and the APIs are really great. I'm not sure of the exact cost of Azure. It's a package deal.

We've looked into Okta for B2B and B2C clients, not necessarily for our internal employees.

We're just a customer.

We're using the latest version of the solution.

I would recommend the solution for employees. It's a really great tool. However, we tried it also for consumers, for clients for B2B and B2C. For me, it isn't really a great production product. We researched Okta for that.

Overall, I'd rate the solution nine out of ten.

The primary use case of this solution is single sign-on, and if a company is going to use Azure AD, a lot of what they are looking for is to manage those sign-ins and logins and have a single place for it to be.

I've been in the Azure space since it started out and in the Microsoft Cloud AD since the BPOS days in the early 2000s, and it's just a product that made life simpler for my clients to be able to integrate everything.

The self-password reset if its enabled and configured properly, really helps a company be able to reset rather than getting IT involved. 

Additionally, the capability of adding that single sign-on for other pieces that you might want to run through Azure Active Directory, such as Office 365 or Salesforce or any number of different third party authentications that you need can be done through Azure Directory Premium.

One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece.

Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.

Three to five years.

My impressions of the stability of the product are that it is a pretty good product. I have seen one outage in the last three years, where it just would not work. It only lasted an hour. It was a pretty big deal, but other than that it has been very dependable.

It scales really easy. It's just adding more scales. It is eally easily as far as number of users are concerned, if you're talking about scaling into other apps or other things that you have. Again, there's a configuration curve there. But, if you're scaling applications or services, then there can be a little more difficulty in that.

It's hit or miss. I've had more success in the last probably eight months than I had prior to that. If there's one downfall to their tech support, it's too compartmentalized. So if you're talking AD Premium, and again, with all of the different pieces to it. If you have a single sign-on issue, you might get a different technician than you would get for a joining a VM to Azure AD or whatever. They compartmentalize their tech support, and I will say to myself, "Well, just give me a guy that knows what's going on." But, then they get very compartmentalized in their tech support. They have to bring somebody else in, or have to research or do whatever. So, that's the one criticism that I have. Response has been excellent. They get you well within their SOAs, depending on what you've got paid for tech support.

It's pretty straightforward depending on what your needs are.

Licensing is easy.

The biggest piece of advice is if you're planning for all applications that need authentication, and making sure that all applications that need authentication or that you're going against, that you're using the premium parts of Active Directory for, are compliant with the solution and not finding out afterwards.

I set up Azure Active Directory for many customers of the company I work for. I'm an implementer. It is the basis of identity and access for all the tenants we are using for our customers.

Microsoft Entra helps our clients save a lot of time, especially with the many automation processes that we can leverage to facilitate our work. The amount of time saved depends on the customer's needs. In general, on average I would estimate it saves them 40 percent in terms of time. But in some cases, it could be up to 70 percent.

It also helps them save money because they can work with fewer employees, or they don't have to hire more employees to do tasks that can be automated.

Another benefit is that it provides satisfaction at the administration level. On the user level, the ease of use makes it easy to understand without any limitations.

And it provides quite a good level of security for all users.

All the features of the solution are helpful. Among them, one of the most important is the Conditional Access. It helps affect a Zero Trust strategy positively.

Also, I use Entra Permission Management to distribute the roles among all users according to management requests. Microsoft provides reports for visibility and all kinds of controls where you can see the users and their access. Permission Management helps reduce the risk surface when it comes to identity permissions. It supports adaptive controls and that helps me in defining the right controls for users.

I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better.

I have been using Azure Active Directory for about three years.

It's stable. I haven't experienced any downtime or breakdowns with the product.

It's scalable.

I'm satisfied with their support. 

Neutral

It's easy to set up. 

The amount of time needed to set up Azure Active Directory depends on each customer's use case. It will take at least three to four hours for a small organization, and in that scenario you wouldn't need more than one person to set it up. For larger organizations, it may take a week and we would need two to three persons.

Our customers are looking for advanced features and processes for it to be cost-effective for their organizations. They see it as an overpriced product. They are enjoying using Azure Active Directory, but they are looking for better prices.

Just follow the book.

We use it to have better security and better control over PCs and clients.

The ability to see and control PCs and mobile devices is the most valuable. I can see where they are and how many we have. I can also see the age and retention of PCs.

The only issue with Azure AD is that it doesn't have control over the wifi network. You have to do something more to have a secure wifi network. To have it working, you need an active directory server on-premises to take care of the networks.

I have been using Microsoft products for a really long time. I have been using cloud solutions for a couple of years.

It is stable and working for us.

They don't give support to the end users in Sweden. We always have to go to a reseller, which is a bad thing.

The initial setup was straightforward.

We didn't do it ourselves. A company did it for us.

We are a non-profit organization, so we get good prices from Microsoft for their products. It is working well, but it could be cheaper. For the type of organization we are, it would be good if they could give a little bit more and be more generous like Google, which has completely free services. Microsoft has free versions or web services called Office 365 E1, which is free for use, but we want to have it with more qualified clients.

I would advise getting some help from professionals to implement it. You have to implement it in a very planned way with a very detailed roadmap.

I would rate Microsoft Azure Active Directory Premium an eight out of ten. It is quite good, and we are quite pleased with this solution.

This product manages access for our compute space that includes Office 365, Salesforce, and other solutions.

The most valuable features are the B2B connector and the external identity connection functionality. These are helpful.

User group management works well.

The interface is well laid out and it is easy to navigate. You can get to things quickly and it works.

The portal allows you to create reports, which is a nice feature.

My only pain point in this solution is creating group membership for devices. This is something that could be improved. Essentially, I want to be able to create collection groups, or organizational units and include devices in there. I should be able to add them in the same way that we can add users.

We want to be able to create members as devices in groups, without having to leverage a dynamic group membership with queries. I want to be able to just pick machines, create a group, and add them.

We have been using Active Directory Premium for four years.

This is a stable product.

I have only used technical support on one occasion and I found it to be pretty good.

The initial setup is straightforward.

I have not used this product to its full extent but from what I have used, I find that it works well.

My advice for anybody who is implementing AD Premium is to understand what it is that they're going to use and how they're going to manage identity. I suggest doing a lot more in terms of identity governance.

I would rate this solution a nine out of ten.

We use Azure AD to implement Conditional Access policies and privileged access management.

There are plenty of benefits. First, as we had Microsoft AD on-premises, it was very easy to configure Azure AD. We are using the password hash sync for authentication, so authentication on the cloud is very seamless when users use applications on the cloud. That is very important.

Also, with the help of sign-in logs, we are getting information about every application, such as where a user is trying to log in and from which device, making things very crystal clear. We only get this type of transparency and accuracy only from Azure AD.

We use the Conditional Access feature to fine-tune access. We implement a lot of access policies. For example, we want to get rid of client machines with Windows XP and some legacy applications, so we created access policies to prevent logins from those devices and those applications. We have also created policies to prevent logins from certain areas around the world. These abilities are very helpful in preventing phishing and scams.

In addition, there are so many tasks and activities that are automated in Azure AD. For example, we have enabled the password reset self-service so that users can reset a password themselves and log in to their accounts. That is one way it saves time for our help desk team. It no longer requires the help desk. From an administrative perspective, it's very convenient for us to manage and maintain the users of the organization. Azure AD is saving us 10 to 12 hours per week, and that's for just one person who would otherwise be responsible for resetting passwords.

The solution has also prevented so many potential cyber attacks, and that has saved us money. And by saving man-hours, we have saved money. Thirdly, we have been able to reduce manpower. I would estimate it has saved us 20 percent in terms of costs.

Another benefit is that, from a user perspective, it is very smooth and easy to sign in to all the Microsoft applications with the Azure AD sign-in. The UI is very intuitive for Microsoft accounts, so it's very easy for them to log in. We also have single sign-on enabled for desktops, so whenever a user signs in to an application on their machine, they don't need to sign in again and again. With the help of the same token, all other applications can be opened easily.

Two very important features in terms of security are governance and compliance through the Conditional Access policies and Azure Log Analytics.

Also, Azure AD provides a single pane of glass for managing user access.

I mainly work with the Microsoft Security portal so I can get access and privileges to maintain all the security policies, including Conditional Access policies and privilege access management for just-in-time access, as well as Azure AD sign-in logs. These factors are very important.

When it comes to managing identity, we have E5 licenses. We are using every application from Office 365, so it is very easy for us to manage identity with the help of all those applications. We are also using third-party applications that are integrated with Azure AD and that makes access management easy.

From an admin perspective, I would like to see improvement in the Microsoft Graph API.

I have been using Azure Active Directory for six to seven years.

There are some bugs that we find monthly or quarterly, but all the bugs are fixed by Microsoft.

It is scalable.

We have it deployed in Europe and there are about 15,000 users.

I received good technical support when syncing on-premises users to Azure AD. It was very smooth. But for help with Conditional Access, I got poor support.

Neutral

We had on-premises AD and then we introduced Azure AD. We synced all the users from on-premises to Azure AD. Then, with Office 365, we installed Exchange Online and Teams. For single sign-on we have ADFS [Active Directory Federation Services] on-premises, but now we are migrating our applications to Azure AD SSO for single sign-on.

The initial deployment was very straightforward. It only took a day to deploy. The plan was first to get information about our on-premises Active Directory users, computers, and groups, and then we had to determine how many licenses and which types of licenses we needed for those. We also had to think about which type of authentication method we were going to use.

Our deployment involved three to four people.

Maintenance is just checking for updates.

Personally, I feel Microsoft is very costly compared to other products. That is also what management is thinking. But when we consider security and support, Microsoft is better than any other product. It is somehow justified, but I feel it is costly.

I have worked with Okta but for single sign-on only. It does not provide all the features or meet all our demands.

If you want secure data and secure identities, go for Microsoft Azure AD.