Microsoft Entra ID Reviews

When a customer is trying to synchronize user information from their on-premises environment to the cloud, they might be encountering a series of errors or they may not be able to achieve what they are trying to achieve. They will raise a ticket so that somebody can help resolve the problem or clarify the situation and explain what the workflow should be like. That's where I often come in.

My support scope is focused on the synchronization aspect of Azure Active Directory. My specialty covers scenarios where customers have information in their on-premises environment and they want to synchronize their Active Directory information into the cloud with Azure Active Directory.

In addition to getting on calls and assisting customers to resolve issues, we also try to help educate customers on how to achieve the best results with Microsoft products.

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. 

The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.

I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

I've been using the Azure Active Directory platform for a little over three years. I started supporting the product in October of 2018.

Our company is a Microsoft partner. When Microsoft customers raise tickets, most of these tickets get routed to partners like us. I follow up on and assist customers when they have issues that relate to my area of expertise.

Azure AD is solid because of the way the product is designed and because the people who support it are very good.

Microsoft is a very big organization. Whenever they put products on the market, they take things like scalability into consideration. They make sure the life cycle of the product matches the demands and the usage of customers. This product should have a long life in the market.

Microsoft technical support is great. Fantastic. Microsoft is looking to push the capabilities of its products, to enable customers to achieve more.

In general, there has been improvement in the way the technology can be used by end-users. Their feedback has been taken into consideration and that has helped a great deal.

Azure AD has features that have been developed purely for the security of users. It has things like Conditional Access policies and MFA. But the nature of the support that I provide in Azure AD doesn't focus on security. While Azure AD gives a company a holistic way to manage user profiles, I don't usually work on security aspects. But I do know that, to a large extent, the solution is built using the latest security.

The provisioning service I support has authentication methods. There has been a push by Microsoft to move customers away from certain authentication mechanisms that are not very strong in terms of security, and to make sure that secure standards are being enforced. I have looked at integrations set up by customers where they have only done the basic minimum in terms of security. Microsoft had to push those customers towards a much more secure setup. So customers are getting better security.

Overall, the effect of the product on my customers' experience has been good. I generally come into the picture when customers are having an issue. Most customers I've interacted with don't understand some information or why the product is designed the way it is. When I explain that it has to be this way so that they can do what they need to do, the customer feedback comes in at about an eight out of 10.

There are a number of use cases. You can use it as a central point of authentication for giving access to most of your cloud and on-prem resources. For example, you can use Azure AD to give access to a Microsoft 365 application, such as Outlook or Microsoft Teams.

It is quite stable. Being a Microsoft product, it easily integrates with most of the Microsoft solutions. It is very easy to integrate with most of the Microsoft solutions, such as Windows, Microsoft Office, etc. If you have your own internal web applications or you want to integrate with other solutions from other providers, such as AWS or Google, you can link those to Azure AD. If you want to integrate with on-prem resources, you can use your Azure AD on the cloud as the authentication point to give people access to the resources and so on.

It can be used to grant access at a granular level. It provides secure access and many ways to offer security to your user resources. It provides a good level of security for any access on Azure. It gives you options like multi-factor authentication where apart from your password, you can use other factors for authentication, such as a code is sent to your phone or the authenticator app that you can use login. 

It even offers the next level of access management, which gives a password for authentication, and you just use the authenticator app to log in. It enables you to configure things like identity risk awareness to detect if someone logs in from a suspicious location from where they don't normally log in. So, it provides a good level of security features for controlling access to your resources.

Its integration with open-source applications can be improved. I know that they are working on open-source authentication methods for integration with open-source applications, but they can make it more open.

It can be a bit expensive for an organization. There should be a better pricing plan for the license.

I have been using this solution for about four years.

It is quite stable.

It is scalable. In my current organization, we have about 6,000 users on Azure Active Directory.

We are satisfied with their support. They provide different levels of support. They have Level 1, Level 2, and Level 3 engineers, and the response time depends on the kind of agreement you have. Some agreements will guarantee you a faster response time 24/7, such as within four hours, so it all depends on your license.

Considering that it runs on the cloud, the setup is quite easy unless you're doing integration with your on-prem Active Directory. For integration with your on-prem Active Directory, you need someone who is technically competent, and then it would be rather straightforward. They do provide engineers who can assist in that deployment, and they also do knowledge transfer to enable you to proceed with the deployment.

The initial deployment of the product usually takes about three months because you have to ensure all the prerequisites have been met. So, if it is a project for a big organization, we can do it in probably three months. If it is something simple, then it doesn't take much time because the only thing that you're doing is to plug into it. It is already running because it is a cloud service. So, the deployment comes in only if you're integrating it with your on-prem resources and, of course, with other applications. Otherwise, it is very straightforward. It is a cloud service, so it is just plug-and-play.

For deployment, we work with Microsoft. We work with them directly, but for enhancements, we use Microsoft partners.

For maintenance, we have a team of about five engineers who run it. Internally, we have about two engineers and a manager in charge, and then we have two engineers in our infrastructure team. It is not that intensive in terms of day-to-day management because it is a cloud service, so everything is running from Microsoft Azure servers. Therefore, the day-to-day administration is not that much.  

It can be a bit expensive for organizations, but they do have different pricing models. Their free tier can be used on a personal level, but for an organization, the licenses might be a bit expensive. In general, the licenses can become cheaper, which will make it accessible for more people.

Currently, where I am working, we use an enterprise agreement. The license is renewed after every two or three years. So, we make an agreement with Microsoft to give us a license for a number of products, including Azure Active Directory, for two or three years.

I would highly recommend this solution. We plan to keep using it for the long term.

It is among the best in the industry, but there is room for improvement. I would rate it an eight out of 10. 

We use Azure AD for user access and control.

Our deployment is a hybrid of on-premises and cloud.

We can see user activity and analyze user interaction between the websites and log files. It gives us a single point of control. Overall it has helped place our security posture in a good position.

In addition, using Microsoft Endpoint Manager, new laptops can easily connect to the MDM solution, making for a very good user experience, particularly for new systems. Users just log in with their email ID and multifactor authentication. Once they are logged in, they connect automatically to the back end and that helps make the user experience for configuration very good.

Among the valuable features are MDM and Microsoft Endpoint Manager. They are very useful. Intune is built-in. And deploying to MDM has features that are very advanced. It reduces the administration work. And security-wise, it has very advanced technology.

It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security. And in the COVID situation, MDM is very helpful for us due to work-from-home. It enables us to very easily connect to our domain and align new systems with the end-users. That is very helpful for us.

There are some difficulties in the hybrid version, things to do with firewall security, inside the organization. They need to work on that more.

In addition, everything should be in one package. There are so many different packages. They need to provide guidance because there are so many features and we don't know how to implement them in our organization.

I'm also expecting a Windows 365 virtual desktop. I would be interested in that feature.

I have been using Azure Active Directory for four years.

It's 100 percent stable.

The scalability is unlimited.

I would rate Microsoft's support at nine out of 10. It's not a 10 because in some cases they don't answer a call because they are engaged with other calls.

We tried ManageEngine but it was not useful for us. It was not up to the requirements of our organization. Azure AD is a very flexible solution. It is used in most of the organization.

It is very easy to configure if you are configuring a completely new cloud deployment. But with the on-premises deployment, there are some difficulties due to security issues, like credentials required.

It doesn't take more time to install AD Connect on-premises. The installation itself takes one hour and, within one to two days, we can take all the data over to it. But we then need to monitor it for at least two days to make sure everything is fine.

We have almost 400 users in our AD and we have six people involved in maintaining and administering it, including me in my role as senior IT engineer. I take care of Active Directory monitoring, as well as installation and configuration. We also handle patches and upgrades. One person takes care of the billing part.

We set it up with the help of a consultant from KPMG and our experience with him was good.

With COVID going on, part of our ROI from using the solution is that we can view the access of all the employees who are working from home. In these circumstances, that has been a notable return on our investment. 

The pricing, in the context of the COVID situation, is very high because the overseas aerospace industry, to which we supply products, has been hugely impacted. There are no projects coming in. 

The pricing should also be less for smaller organizations.

We use  Azure Active Directory to provide all the identity services for all of our applications.

As a company, you want effective identity and access management. You are able to achieve this with Azure Active Directory, you are able to manage everything, such as building user provisioning into third-party applications, or single sign-on, and tools to mitigate threats or risky sign-ins. There are a lot of features that are provided.

The solution has some great features, such as identity governance, and user self-service. The Outlook application is very good and is used by a lot of people even if they are using Google services.

Azure Active Directory could improve by having an authentication service for laptops or desktop computers running Mac and Linux operating systems. They currently have authentication capabilities for Microsoft Windows. Having this capability would benefit people because in today's world everybody is working from the home environment.

I have been using Azure Active Directory within the past 12 months.

The solution is stable. There was one global outage that lasted approximately four hours in the past year.

Microsoft has different kinds of support you can have. If you pay then you will receive premium support which is very good.

I have previously used Google G Suite.

The initial setup is straightforward.

Azure Active Directory is more expensive than Google, but the capabilities they provide are superior.

I have evaluated SalePoint which is another very good product for collaboration that is available on the B2C platform.

The people who are considering Azure Active Directory should look at it as a whole because even if their company is using G Suite, they will still have to go to Office 365 for accounting and finance users who are very familiar with MS Excel and still want to use it. I see most of the companies that are using G Suite will have Office 365 for certain services. There is no need to have two services, a single Office 365 platform will provide all the capabilities needed.

I rate Azure Active Directory a nine out of ten.

Our use case for Azure AD is principally to do the role-based access management for our resources. So, we essentially use it for authentication operations for our primary groups and users to secure access to resources.

It has helped in improving our security posture. It is modeled around that. It is an AD, which means it is a directory of users, objects, and resources, and there is a lot of security in terms of the access model and in terms of who is accessing those resources.

In terms of user experience, it is pretty seamless for any user to use Azure Active Directory. The way its security model works is that once you sign in to Azure Active Directory, you get access to a lot of applications and systems that have Single Sign-on enabled. So, Azure Active Directory works seamlessly as an identity provider for many applications such as Slack, GitHub, etc. That's one of the best parts of it. If it is used properly, only by using the Azure Active Directory sign-in, a person can access different resources, which really improves the user experience.

We've benefited from all the security or AD features of this solution. Azure Active Directory is the only directory we've been using, and we make use of pretty much all the features, including the user identity protection features such as MFA. The way it allows us to audit who is logging in and do our work in a secure manner is one of the best features of it.

Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory.

Generally, everything works pretty well, but sometimes, Azure Active Directory has outages on the Microsoft side of things. These outages really have a very big impact on the users, applications, and everything else because they are closely tied to the Azure AD ecosystem. So, whenever there is an outage, it is really difficult because all things start failing. This happens very rarely, but when it happens, there is a big impact.

I've been working as a DevOps engineer for the last four years, and I have been using Azure Active Directory during this time. I got to know it really well over the last two years in my current job and as a part of my Azure Security certification, where I get to know how to secure everything in the cloud by using Azure Active Directory.

It is available most of the time. Only once in the last six months, we faced an issue. So, it is very reliable.

It is managed by Microsoft, so it is not something that is in our hands. We don't manage the infrastructure side and the scalability side.

My present organization is a startup with around a hundred people. There are 5 to 10 people who primarily work in the CloudOps and DevOps space, and we work with Azure Active Directory at some point in time. All people who have resources in Azure, such as the cloud administrators and people from the CloudOps team and the DevOps team, work with Azure AD.

In terms of resources, there are around 100 to 150 resources that we manage within it.

Microsoft has extensive documentation on its website about how to set up things in Azure AD. There are also video tutorials. So, typically, we don't need to engage technical support to do anything.

Only when there is an outage or something like that, we had to engage someone from Microsoft. For example, when there was an outage, we didn't know what was happening. There were some strange behaviors in certain applications, and that's when we involved Microsoft's technical support. 

They are very reliable, and they are very fast to respond. The response time also depends on the support plan that an organization has with Microsoft. 

I haven't used any other Identity Provider solution.

Our organization has definitely seen a return on its investment from using Azure Active Directory. It ties really well with the Azure ecosystem, which is why it makes sense to use Azure Active Directory to access resources.

Azure Active Directory has a very extensive licensing model. Most of the features are available in the free and basic version, and then there are premium P1 and P2 editions. The licensing model is based on how many users you have per month. In Australia, for a P1 license, the cost is 8 dollars.

With P1 and P2 licenses, you get a lot of goodies around the security side of things. For example, User Identity Protection is available only in P2. These are extra features that allow you to have a pretty good security posture, but most of the required things are available in the free and basic version.

I would definitely recommend this solution. I have been using it extensively, and it works really well. It is one of the best Identity Provider solutions out there. You have all the guidance from Microsoft to set things up, and if there is an issue, their technical support is highly available. 

It has been around for a while now, and most organizations leverage Active Directory as their on-premises identity provider. This is just Azure managing your Active Directory for you. It is pretty popular and rock-solid.

I haven't used any other Identity Provider solution, which makes it hard for me to compare it with others. Based on my experience and the things that I have done and learned over time, I would rate Azure Active Directory a nine out of 10. 

I use this solution as an identity platform for Microsoft Applications including Office 365. We have found that users have third-party applications for authentication using an integrated identity infrastructure.

The most valuable features of this solution are security, the conditional access feature, and multifactor authentication.

The conditional access policies allow us to restrict logins based on security parameters. It helps us to reduce attacks for a more secure environment.

Multifactor authentication is for a more secure way of authenticating our use.

All our on-premises identities are synchronized to Azure Active Directory. We have an advanced license that enables conditional access based on logins, and suspicious behaviors. 

Active Directory is able to determine if a particular user signing in from a trusted IP or if there are two different sign-ins from two different locations. It will flag this latter incident as a potential compromise of a user's account. 

In terms of security, it provides us with the features to alert us if there are any fraudulent attempts from a user identity perspective.

It provides access to our Azure infrastructure and allows us to assign roles and specific aspects to different subscriptions. It has several built-in roles that you can assign to individual users based on their job scope. It allows for granular provisioning.

With onboarding applications, you are able to register applications in Azure Active Directory, which allows you to use it as a portal for access as well.

Azure Active Directory enhances the user experience because they do not have various IDs for different applications. They are using one single on-premises ID to synchronize and they are able to access various different applications that are presented to them.

If you have a new application, you will export the application within Azure AD and we add access to those who need that application and you are able to use the corporate ID and password to access it.

Azure Active Directory is a good platform for us. We rely heavily on providing our users a good system and interface that we seldom have issues with.

The management interface has some areas that need improvement. It doesn't give you an overview similar to a dashboard view for Azure Active Directory. The view can be complicated. There are many different tabs and you have to drill down into each individual area to find additional information.

There are too many features available, more than we can use.

I have been using Azure Active Directory for three years.

It's quite stable. There are no issues with the stability.

The identity platform is quite robust.

It is very scalable. We have deployed it globally for approximately 10,000 users and experienced not many issues. In fact, we have not encountered any issues so far.

Generally, we don't have issues that require technical support. We have multiple domains within the Azure AD and we had an issue where SharePoint users were not able to access the domain.

We had a prompt response and were able to identify what the issue was. We were given specific tasks which led to resolving the issue.

I would rate the technical support a nine out of ten.

Previously, we did not use another solution. Primarily it was an on-premises Active Directory that we synchronized to the cloud.

The initial setup was completed by a separate team.

We have five global administrators who are primarily responsible for providing access and assigning roles for all the various different groups and teams that have different subscriptions, and they will manage their subscriptions based on the roles that they are assigned.

In terms of deployment, Active Directory ensures that there is express route connectivity from an on-premises data center to Azure and ensures that there are sufficient redundancies in Azure Active Directory Connect Servers and Domain Controllers. 

We have seen a return on our investment. I would say that it is one of the key components of our identity solution

The pricing is very flexible. There are a few tiers of licensing, and it is a part of an enterprise contract.

It is bundled with other services and the pricing is quite reasonable.

We did not evaluate other solutions.

I would strongly recommend implementing Azure Active Directory.

For new organizations, it would be best to start implementing directly on the cloud, and for our existing organizations who have on-premises solutions, it would be seamless to synchronize the on-premises user with the cloud and use that. 

I would rate Azure Active Directory a nine out of ten.

I am an operational engineer and consultant that assists organizations with their Azure Active Directory implementation. I primarily deal with administrative functions in my day-to-day tasks. I am responsible for creating and configuring Azure AD users and groups, as well as assigning the dynamic membership required by the organization to their users. Another common task is that I set up guest user access for organizations that want to grant access to users on a temporary basis.

For customers that want to use a cloud-based deployment, I can assist them with that. In cases where the customer wants an on-premises deployment then we will provide them with help using AD Connect, which is used for synchronization between cloud-based and on-premises data.

This solution helps to improve security for our clients using a specific directory structure and by using a variety of options. There is a default directory, which is owned by Microsoft, and in there you can create custom directories for your use. 

There is a panel available for the administration of users, groups, and external identities. 

Options are included for uploading your on-premises applications to the cloud, and they can be registered with Azure. This means that you can also create your own applications.

Identity governance is available for paid users.

Using Azure Active Directory has benefitted several of my clients, with an example being a startup organization. Startups have three or four things that they need to do in order to begin work. First, they need a domain, and after that, they need a DNS record to be created for their domain. For instance, these services are provided by godaddy.com or similar vendors. Once these steps are complete, they connect to Azure AD with the help of the DNS record that was created. At this point, Azure AD performs the role of a Platform as a Service. Once Active Directory is connected and verified, you can create the users and groups, and begin managing your processes. 

These are the only steps that are required for a startup. For an enterprise that wants to migrate its on-premises data to the cloud, there are several additional steps. For instance, you need to create a virtual machine and install your server. Alternatively, if you already have a server, it can be connected with the help of AD Connect.

This is a good solution for end-users because the vendor provides good documentation and if the users experience errors or issues, they get a popup alert to explain the problem. Furthermore, it can provide a solution to resolve the issue.

The most valuable feature is Identity and Access Management. As an IT administrator, this feature allows me to manage access for users and groups.

This product is easy to use and easy to manage.

The application policies, licensing, and AD Connect options are valuable.

Multifactor authentication provides more security. Having a user ID and password is compulsory but after that, you can add different security features. For example, it can work with biometrics such as fingerprints, retinal scans, and facial recognition. There are many more options that may suit you better, as per your requirements.

When you log in to the Azure portal, there is an option available called Resource Groups. Here, you can add multiple things including printers and different servers. There are Windows servers available, as well as servers hosting many different flavors of Linux. Once a server is created, you can add in a database, for instance.

There are four levels of subscription and the security features are not available for free. At the free or basic level of service, Azure should provide identity protection features including single sign-on and multifactor authentication. These are the most important features for organizations and everybody should be able to utilize them for working remotely.

I have been working with Azure Active Directory for approximately three years.

Worldwide, Azure has many servers available and in fact, they are the largest cloud organization in the world. As long as you are paying for the service, you don't have to worry about availability. There is a Microsoft backend team available that can provide you with what you need.

The availability is the best in the cloud industry.

You don't need to create or manage your own infrastructure, as it is handled by the Azure team. Also, through the Azure portal, you can add databases.

This is a scalable product. You can scale it to any number of users and any number of servers, and there is no issue. As your organization grows day by day, you can increase your users, your databases, and compute services including RAM, CPU, and networking capabilities. This will ensure availability on the platform.

If you are part of a very large organization, with between 50,000 and one million users, then you might generate between 500 and 1,000 terabytes of data each day. You have two options for uploading this data to the cloud, including an online option and an offline option. In the online option, you use a gateway. The offline option includes Data Box, which is a device used to transfer your data. These hold 800 terabytes and above.

I have not used technical support from Microsoft myself. However, it is available and they can provide proper resolution to problems that people are having.

The support documentation that is supplied on the web page is very good. If anything changes then there is a section for notes in the documentation that explains it.

Using technical support is a more cost-effective solution than hiring somebody to maintain the product full-time.

The initial setup is not a complex process. It is simplest in a cloud-based deployment and it will not take much time. If your current server is on-premises then you only need two things. One is your enterprise domain users, which have full access permissions. The other is a global administrator on the cloud side. Both sides need to be integrated and this is done with the help of Azure AD connect. Once this is complete, you can have interaction between your on-premises data and cloud data.

It is helpful to have a basic level of understanding of the product prior to implementing it.

We provide support to our customers, depending on the error or issues that they are having.

There are four different levels of subscription including the free level, one that includes the Office 365 applications, the Premium 1 (P1) level, and the Premium 2 (P2) level. There are different options available for each of the different levels.

Everybody can get a one-month free trial.

This product is cheaper than Amazon AWS and Google GCP.

I do not use the other Active Directory solutions, although I do check on them from time to time. One thing I have noted is that the Google platform charges you on an hourly basis. In the case where you need a virtual machine for only one or two hours, this is a good option. However, if you forget to log out of your machine, then the cost will be large.

AWS provides you with a one-month free trial so that you can test using the resources.

At this time, Azure AD is the biggest cloud Platform as a Service that is available. They have 60+ cloud data centers available worldwide, which is more than any other organization. It is a service that I recommend.

My advice for anybody interested in this product is to utilize the free trial. Microsoft will not charge you anything for the first month. They will also give you a $200 credit so that you can use the services.

I would rate this solution an eight out of ten.

We provide a pipeline for Azure Active Directory. We are working with premium clients, giving them services, like SaaS application services through Azure Active Directory. Also, we help external clients who are planning to migrate from on-prem to Azure Active Directory. We help them with the setup, etc.

We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.

We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.

The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features. 

There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users. 

Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.

Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.

Azure AD needs to be more in sync. The synchronization can be time-consuming. 

The availability is good. I have never experienced any downtime.

The scalability is great. If we will go with the custom installation version of Azure AD Connect, i.e., for many users, then we can go with the custom settings. 

I have one client with one tenant. We verified their domain and created many users. It was already on-prem, so we synced all the users from on-prem to Azure AD. We gave those users Office 365 permission from the Office 365 admin center. From there, we enabled the MFA and assigned the licenses. 

We have migrated 10,000 to 12,000 objects from on-prem to Azure AD previously.

Whenever I have logged a case with Microsoft, their technical support replies within 24 hours with an email and a call, which is good.

Previously, our clients only had on-premises Active Directory. They migrated to Azure AD because they didn't want to keep their on-prem environment. There are a lot of challenges with maintaining those servers and other costs. 

It is also a good service. From one console, we can manage many things. It is better if we can work with it from a single console, managing it all with fewer resources. With on-prem, there are many domain controllers that we need for various stages, and we have to manage all the domain controllers. Apart from that, we have to back up and monitor the server as well as do everything for the setup. 

It is a very easy process to set up. First, we need to collect all the information, e.g., the custom domain information, user information, and which kinds of applications the users want to access. All this information is needed. Based on that, we can just set up and go to the Azure Portal. We can go to the Azure Active Directory console from there, where we can verify the domain and do the management. It is a very easy process, which is not time-consuming. Though, if you want to design your own application (customize it) and provide access for a particular user or group, then it can be a bit of a time-consuming process.

I don't think more than one or two people are needed for the deployment. If we have all the information, then we can work alone. Not many resources are needed for this.

Azure AD has a good return on investment. We do not need as many servers, electricity, etc. We can save from a cost point of view. Apart from that, if we have a limited set of users, we do not need to go with the extended version of Azure Active Directory, where it costs a lot to enable these services. Azure Active Directory is a good option compared to on-premises. 

This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.

We are working with the Premium P2 licenses, which are reasonable. If you invest in the on-premises environment setup, then it costs so much. However, on-prem AD gives you the ability to manage your organization in a very organized manner, where you can create a group policy.

Azure AD provides identity access. If you have to go with the identity part only, then Azure AD would be the better option. If you will go with the various authentication authorization and security services, like group policy setup, then on-prem Active Directory would be better.

It is good service and easy to use.

I would rate the solution as a nine out of 10. They should be improving the solution all the time.