Microsoft Entra ID Reviews

We use Microsoft Entra ID primarily to reconnect all of our Windows laptops. It is our centralized location for access to pretty much anything web-related. Everything you log in is MFA activated. We've worked on conditional access policies in it as well.

Microsoft Entra ID has improved our organization because we now utilize a single source of truth for authentication. We have less management, and I can point everything to Microsoft Entra ID. I have fewer people talking about resetting passwords, the MFA pieces, and more single sign-on.

I'm not attaching or having to authenticate on separate apps, which has greatly benefited us. We are able to route things into Microsoft Entra ID. I create one ID, I create groups that manage the security side of it, we plug that in, and it works great.

The most valuable features of Microsoft Entra ID are the login and the conditional access pieces. The login helps me identify who went where, why, and what problems they may have encountered. The conditional access allows me to control the flow of user access.

The private access is the next big thing for us, and that's one feature I'm going to try in public preview and probably move towards. There is no great solution in the cloud for Conditional Access authentication and RADIUS-type authentication.

I have been using Microsoft Entra ID for four years.

The solution's stability is very good. We've only had one minor outage for a few hours.

The solution's scalability is really good.

The solution's initial setup is fairly straightforward. The biggest issues we had were syncing it to the on-premises Active Directory and doing local things like RADIUS.

We implemented the solution with the help of a consultant named Steeves and Associates, and our experience with them was really good.

We have seen a return on investment with Microsoft Entra ID. The solution has dramatically reduced the amount of time spent on activating accounts. I was the first system administrator at the company, and we've got four now. It's definitely a growing arena, but it's an understanding that I can see that progression. I don't have to teach them all these different things. We just do one thing and move on.

Everything costs money in a tough market. As a nonprofit, we have A5 licenses for nonprofits in education, so we at least have some reduced costs. Looking at Copilot and a bunch of other features that are coming out, we'll have to seriously consider that cost-to-value ratio.

Since we all use Windows laptops, choosing Microsoft Entra ID made sense. I think there's a cohesivity in what Microsoft is trying to do, and Microsoft Entra ID is a very core function of that strategy. It's easier to branch out to other security products, making it easier for us to expand that landscape.

Microsoft Entra provides a single pane of glass for managing user access.

Because of the solution's single pane of glass, we don't have to run around to multiple places, mainly to create or remove accounts. One of our biggest issues, especially in the past few years, is turnover. Removing accounts is a big issue because we don't know where everything lies. Trying to find those little corners where access has been granted and not knowing it for a year or two after the employee has left is a huge security concern for us.

Our HR department doesn't use Microsoft Entra ID yet, but the IT department extensively uses it. It saves all that account creation, and we don't have to run around to different products. The solution has saved our company at least a few hours a week. We can focus on other projects, and I can educate most of my staff who are doing it in other areas.

Microsoft Entra ID has not necessarily helped our organization to save money. As a nonprofit, we didn't have any solutions, so it probably started costing us more. However, I think it's paid off just by this security nature of things and having that single pane of glass.

Overall, I rate Microsoft Entra ID ten out of ten.

We manage local users in the Microsoft Entra ID environment. 

The tool's most valuable features are security and integration with other tenants. 

The product takes at least ten minutes to activate privilege identity management roles. 

I have been using the product for two years. 

The tool's stability is good. 

Microsoft Entra ID's support is good. 

The tool's deployment is easy. However, documentation is not helpful. 

The product is cheap. It is free for our tenant. 

I rate the product a seven out of ten. 

The solution grants users access to various apps built on the portal. 

There was a lot of logic and a lot of improvement overall in terms of improvement. On the user access side, it improves the company a lot, specifically in regard to security. It really does help with access and protection.

My experience so far has been amazing. I'm in the intermediate phase of understanding it. Loading users and creating groups and so forth is very easy. We can also run multifactor authentication.

The dashboard is very good. It's outstanding.

It offers very good support.

The virtual machines you can run through it are great.

We are provided with a single pane of glass for managing user access. It helps provide more insights and creates consistency in the user experience. It works perfectly. Only admins can control access. That makes it safe. If a user requests something, only the admin would be able to assign the permissions.

My assessment of Active Directory's admin center managing all of your identities and access tasks is that it is very effective. 

I do use the verified ID at this time to onboard employees. Onboarding new users is very easy. It's very quick and doesn't affect the users. It's simply sped up the process. It also helps with privacy and control of identity data for remote employees. It's good to have and it assists with security. 

Permission management is quite good. The visibility and control in the clouds are good - at least over Microsoft. 

The product has helped save time for our IT administrators and HR department. It's helped a lot of time. It might save around 70% of our time from an IT admin support perspective.

It's very good at not disrupting the user experience. 

I'm still new to the solution. I need to look at the solution more before commenting on what to enhance. 

I do not need any extra features from my side. 

Having more training would be quite helpful. 

Having a faster interface could be helpful.

I've used the solution for two years. 

The solution is stable. 

We use the solution across multiple locations. We have multiple systems and apps that we built that run through Azure. We have about five people actively using the solution. We only have about seven people in our organization. 

The solution can scale well. I'd rate scalability nine out of ten. 

I've never dealt with technical support. My colleagues have used it and I've heard from another user that the turnaround was almost immediate. My understanding is that it is quite good. 

Positive

We did not previously use a different solution. 

The initial setup was straightforward. It does not require any maintenance. 

I'm not sure if we've saved money specifically using the solution, yet, if that wasn't the case, I'm not sure why we would use it.

We have not evaluated other solutions. 

I'm a customer and end-user.

I don't use the conditional access feature. 

I'd personally recommend the solution to anyone. I'd rate the solution ten out of ten. 

Our primary use cases are to join devices to Azure AD.

Entra ID provides more clarity regarding what's happening in the business. The benefits of using this solution were realized straightaway.

It helped save time for our IT administrators or HR department. Azure ID has positively affected the employee user experience in our organization.

We use features like a single pane of glass for managing user access to a certain degree. The admin center for managing all identity and access tasks is also good.

Moreover, we also use the conditional access feature to enforce fine-tuned and adaptive access controls. Any new user would have to go through the MFA process due to the conditional access policy. So no one gets left out. This is because of the zero-trust strategy for verifying users. 

The biggest benefit of using Azure AD is that it allows us to access the information on-premise servers and also for devices that just joined Azure AD.

In future releases, I would like to see an attack simulator incorporated, especially for some of the business plans.

I've been working with Azure AD for two years.

The initial setup was complex, but we overcame the complexity. 

The pricing is fine. It is what it is. 

Overall, I would rate the solution a nine out of ten.

The solution strengthened our security posture by providing fine-grained access based on attributes, standardized names, and values. Azure AD reduced our time to market for products based on improved security.

The product also improved our service desk overhead.

Azure AD positively affected our end-user experience via reduced time to market, being an identity product for our workforce.

Privileged Identity Management (PIM), managed identities, dynamic groups, and extension and security attributes are all great features.

Better integration with external governance products would be a welcome addition to Azure AD. 

We've been using the solution for four years.

The solution is stable but can be improved, especially regarding response times.

Azure AD is a cloud-based solution operating from a worldwide tenant, so scalability isn't an issue, especially from an identity perspective. We have 300,000 total end users. 

We have yet to interact with technical support, so I can't speak to that.

We previously used standard AD. 

The setup is mixed; the startup is fast, but configuring requires the knowledge of a consultant or technical resource. Basic deployment can be completed in a day, but our greenfield deployment took a relatively long time as we're a large organization. A greenfield deployment should take at most two weeks, but implementing Azure AD into a functional environment is a project unto itself. It could take months, depending on the use cases.

Regarding maintenance, we're a global organization, and each feature has its own operating team. At our scale, a group of 25 is responsible for managing and maintaining the identity part of the solution.

The pricing depends on the use case and can be negotiated based on volume. 

I rate the solution eight out of ten. 

My advice to others evaluating the product is to do good due diligence beforehand to determine a clear set of requirements, as with any identity tool or access management solution.  

My primary use case is Azure SSO. Then, it is a hybrid synchronization of users and computers, and also for SCIM provisioning.

Using this product has helped improve our security posture. I don't handle security directly, but I know that our security team was able to identify logs containing erratic behavior, such as logins that were not authentic. They were able to identify and solve those problems.

This solution has improved our end-user experience a lot because previously, users had to remember different passwords for different applications. Sometimes, the integration with on-premises AD was a little bit difficult over the firewall. However, with Azure, that integration has become seamless. The users are also happy with the additional security afforded by multifactor authentication.

One of the benefits that we get from this solution is the Azure hybrid join, where my presence of the domains is both on-premises and on the cloud. It has allowed us to manage the client machines from the cloud, as well as from the on-premises solution. We are currently building upon our cloud usage so that we can manage more from the Azure instance directly.

Our cloud presence is growing because most people are working from home, so the management of end-users and workstations is becoming a little challenging with the current on-premises system. Having cloud-based management helps us to manage end-users and workstations better. This is because, with an on-premises solution, you need a VPN connection to manage it. Not all users have a VPN but for a cloud-based solution, you just need the internet and almost everyone now has an internet connection.

The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in.

I like the SCIM provisioning, where Azure is the single database and it can push to Google cloud, as well as Oracle cloud. This means that the user directory is synchronized across platforms, so if I am managing Azure AD then my other platforms are also managed.

In a hybrid deployment, when we update the UPN or email address of a user who has license assigned, it does not get updated automatically during normal sync. This means that we have to update it manually from Azure, which is something that needs to be corrected. Essentially, if it's a hybrid sync then it should happen automatically and we shouldn't have to do anything manually.

Azure AD DS allows only one instance in a particular tenant, which is something that could be improved. There are people that want to have AD DS on a per-subscription basis.

I have been using Azure Active Directory for more than three years.

Other than a few global outages, I have not seen any specific outages to the tenant that we use. In the typical case, we haven't faced any issues.

The scalability has been good. For the infrastructure that we have developed, there were no issues. We have nothing in terms of abnormal outages or any abnormal spikes that we have observed. Overall, scalability-wise, we are happy with it.

We have thousands of users on the Azure platform. The entire organization is on Azure AD, and everyone has a different, specific role assigned to them. Some people are using the database, whereas somebody else is using other infrastructure service, and the same is true for all of the different features. We have different teams using different features and I am part of managing identities, which involves using Azure AD and its associated features.

The support from Microsoft is very good. I would rate them a nine out of ten. They are responsive and very knowledgeable.

Prior to Azure AD, we used on-premises Active Directory.

The initial setup was not very complicated because there are very good articles online, published by Microsoft. They give detailed steps on the process and including what challenges you may face. In our setup, the articles online were sufficient but suppose you run into any issues, you simply reach out to Microsoft for support.

Taking the purchases, planning, and everything else into account, it took between three and four months to complete the deployment.

Our in-house team was responsible for deployment. In a few cases, we reached out to Microsoft for support.

We have not evaluated other options. The reason is that the integration between Azure AD and on-premises Active Directory is seamless and easy. Both solutions are by Microsoft.

My advice for anybody who is implementing Azure AD is to consider the size of their environment. If it's a large on-premises environment then you should consider a hybrid model, but if it's a small environment then it's easy to move to the Azure cloud model directly. If it's a small environment then Azure AD is also available on a free license. This is how I would suggest you start looking at having a cloud presence.

Azure AD is easy to integrate and manage, and it will reduce your capital cost a lot.

In summary, this is a good product but there is always scope for improvement.

I would rate this solution a nine out of ten.

Identity verification would be the number one use case. It also factors into mobile device management for devices that aren't registered to the company. We use MFA, and the Authenticator app is a component for multifactor authentication. So, that's why we use it.

You can set policies to specify where users will have to use the Authenticator app to log into particular applications. 

It makes all junior users accountable. There is no excuse for someone else logging into anything because of the multifactor authentication and Authenticator app. You have to verify your identity to log in to specific applications that contain confidential information, especially in a HIPAA-compliant environment.

It enhances security, especially for unregistered devices. It 1000% has security features that help to improve our security posture. It could be irritating at times, but improving the security posture is exactly what the Authenticator app does.

For the end users, it can be confusing if they have worked for another company that had the Authenticator app. It is tricky if they have already had the Authenticator app and then work somewhere else. If they have to download it again and use it again on their phone, it is something that gets complicated. I know how to get through it. They just need to uninstall and reinstall the application, but for them, sometimes, it is confusing. You can have the Authenticator app for multiple services on your phone, and that's what drives them crazy. They get a code and say "I'm using the code for the Authenticator app, but I can't get in." I tell them that it is because they already had it in, but it is for something else. They now have to add. They don't like that at all. You could be on the phone for 45 minutes trying to figure out what their problem is because they don't.

Instead of authenticating by getting a passcode or answering the phone, fingerprint identification should be added to the Authenticator app. Currently, with the Authenticator app, you have to reply to the email, enter a code, or answer the phone. It can just call my phone and then I just press the button to verify that this is me.

I have been using this solution for at least six years. 

It is very stable. If the Authenticator app is set up, you're not going to get into anything without it. It definitely works.

I'm not aware of any bugs or glitches. We usually run updates for the whole environment at a time. I'm not familiar with having run into specific bugs with the Authenticator app. I haven't had any problems over the years.

I've managed over a hundred thousand users in total, but right now, there are about 10,000 users. We are HIPAA compliant. So, everybody has to use it for everything. They have to use it to log into everything under the Office 365 environment, but in other companies or other places where I worked, it was only for specific applications. So, that's based on company needs.

I never had to call technical support for this.

We were using normal MFA, which is similar. The Authenticator app is for mobile devices per se, but normal multifactor authentication doesn't have to focus on mobile devices. You can try and log in to, for example, SharePoint Online, and if MFA is activated, you would have to just scroll to your email and click, "Hey. Yeah, this is me." The Authenticator app is just for mobile devices in my eyes.

It is straightforward for the admins, but end users hate it. On the admin side, it takes 20 minutes at the most.

The Authenticator app wants you to have all your prerequisites designed for whatever environment you want. If you're going through Azure, you can pick the particular applications on which you want this. You can also pick the users for whom you want it to be effective. You can pick the type of ways they authenticate through the Authenticator app. Those are the simple steps.

One person is enough for its deployment and maintenance. I do that. That's not even a role. It depends on who you are, but that's not a role. That's not something for which I would employ a person. I wouldn't employ an IT person or an administrator just to focus on this.

I don't pay for it. Going by how I feel, I see the prices for any MFA solution going down because the more different alternatives there are, the cheaper things should be. Microsoft Authenticator app would be the preferred application, but there are too many ways to implement MFA. I don't know how much it cost, but the price should go down.

It is pretty seamless for the end users, besides the end users having an issue setting up at times.

It is a seamless transition. It is straightforward on the admin side to set up. As a consultant, my advice to any company is that when it comes to big changes, manage end-user pain or frustration. Communicate with the end users and let them know what's going to happen. Explain to them that they're going to be frustrated, but explain why this exists. 

I understand why it exists. So, it doesn't bother me, but our end users just hate it. I understand that they don't like it. Nobody likes it, but it is needed. You are never going to meet an end user who likes any type of MFA, but you need to be more clear about its purpose.

I would rate it an eight out of ten.

We use it for authentication. Where we have cloud services, it syncs with Active Directory on-prem. We have about 1,800 people using it.

It's a very scalable solution.

The ability to manage and authenticate against on-premises solutions would be beneficial.

We have been using Azure Active Directory for about four years.

We have had very little requirement for technical support. It's a cloud solution.

We didn't use a different solution. We brought this in when we went into what was called Microsoft 365 in those days.

The setup was pretty straightforward. In terms of maintaining it, we have a team of six infrastructure engineers, and Azure AD is just one of the systems that they manage.

We did it in-house.

It's included within a wider bundle of Microsoft 365 products.

You need to make sure you've thought through how you're going to deal with your on-prem applications because having a hybrid solution like ours brings some challenges.

Ultimately, we will move completely into Azure AD, but we have a lot of on-prem applications and you can't use Azure Active Directory with them. Until we remove those applications and make things cloud-only, we will still need a hybrid solution.