Microsoft Entra ID Reviews

It gives us security when integrating all the Active Directories of all our branches together, giving us a centralized database and authentication.

It has helped save time for our IT administrators. It's seamless for the users because they simply log into the stations, but it's affecting the response time and efficiency of the IT team.

Active Directory itself is the best feature it has. It also gives us a single pane of glass for managing user access.

I have been working with Azure Active Directory for almost a year.

So far, it has been a stable solution.

It is scalable.

We did not have a previous solution.

I am working right now on whether we have seen ROI from the solution.

We are always looking for better pricing. Our agreement is on a monthly basis.

We're planning to use conditional access to access controls, but we have not done so in the meantime.

The solution doesn't require much maintenance; we're talking about two or three people.

I set up Azure Active Directory for many customers of the company I work for. I'm an implementer. It is the basis of identity and access for all the tenants we are using for our customers.

Microsoft Entra helps our clients save a lot of time, especially with the many automation processes that we can leverage to facilitate our work. The amount of time saved depends on the customer's needs. In general, on average I would estimate it saves them 40 percent in terms of time. But in some cases, it could be up to 70 percent.

It also helps them save money because they can work with fewer employees, or they don't have to hire more employees to do tasks that can be automated.

Another benefit is that it provides satisfaction at the administration level. On the user level, the ease of use makes it easy to understand without any limitations.

And it provides quite a good level of security for all users.

All the features of the solution are helpful. Among them, one of the most important is the Conditional Access. It helps affect a Zero Trust strategy positively.

Also, I use Entra Permission Management to distribute the roles among all users according to management requests. Microsoft provides reports for visibility and all kinds of controls where you can see the users and their access. Permission Management helps reduce the risk surface when it comes to identity permissions. It supports adaptive controls and that helps me in defining the right controls for users.

I would like them to improve the dashboard by presenting the raw data in a more visual way for the logs and events. That would help us understand the reports better.

I have been using Azure Active Directory for about three years.

It's stable. I haven't experienced any downtime or breakdowns with the product.

It's scalable.

I'm satisfied with their support. 

Neutral

It's easy to set up. 

The amount of time needed to set up Azure Active Directory depends on each customer's use case. It will take at least three to four hours for a small organization, and in that scenario you wouldn't need more than one person to set it up. For larger organizations, it may take a week and we would need two to three persons.

Our customers are looking for advanced features and processes for it to be cost-effective for their organizations. They see it as an overpriced product. They are enjoying using Azure Active Directory, but they are looking for better prices.

Just follow the book.

We use it for identity and access management for cloud-based applications.

A couple of features are valuable, but the one that comes across the most to me is multi-factor authentication. That is huge because, with the promise of cloud—the ease and flexibility—comes a challenge of security. That means organizations are quite susceptible to cyber security threats and attacks. Nowadays, because assets have moved from the on-premises environment to the cloud, identity has become a new parameter. 

MFA is the most valuable feature because it only takes threat actors who keep guessing the password—even a password with a high degree of complexity, given all the tools available to crack them—to gain access. Then they are able to steal identity information and all the digital assets of an organization. 

We, ourselves, experienced a "near miss" but we were able to detect it at a very early stage and then immediately implement multi-factor authentication, which of course means that in addition to the regular user ID and password, there's another key requirement for validating and verifying the true identity. That's been very valuable to us and to our clients.

We also use Entra’s Conditional Access feature to enforce fine-tuned and adaptive access controls. It's all about taking a further step and layering additional controls to prevent unwanted access. It helps with Zero Trust, ensuring that we can protect assets. The entire paradigm is to make sure that you do not grant access to any potential user without verifying and properly validating who that entity is. That's most invaluable because you can identify a set of conditions that are unique to the organization. They can be related or linked to the profile of the organization and, based on that, you can grant access. Microsoft, from what we've seen, is at the forefront. They're actually spot-on with that.

Using wild imagination, I am thinking about to what extent AAD can integrate with products in a seamless way, such as applications that are running on-premises and making use of on-premises directory services. The most common, of course, is Azure Active Directory Domain Services. To what extent can it be used to replace the on-premises Active Directory Domain Services? Even though they are similar in concept, they are totally separate products. 

I would like to see applications that make use of on-premises Active Directory Domain Services have the ability to also seamlessly make use of Azure Active Directory.

And when it comes to identity and access life cycle management for applications that are run on-premises, as well as access governance, if those kinds of capabilities could be built into Azure Active Directory, that would be good.

I have been using Azure Active Directory since 2015.

It's very stable. I don't think I can recall a major outage of Microsoft's products or services. 

There could be outages impacting other services, and over time, you do experience degradation. But what makes it work is that Microsoft has a lot of resilience built into its cloud architecture.

It's highly scalable. I've worked on projects where we have to deploy Active Directory for in excess of 12,000 users.

More than 90 percent of the people in our organization are using Azure Active Directory.

Overall, I'm satisfied. In some cases, there are incidents that take some time to resolve, but those are more exceptions than they are the rule. We seem to find such cases when we have situations with on-premises workloads, technologies that are not yet in the cloud.

But for the most part, in recent times, on average we tend to have quicker resolutions, relatively speaking, for issues that have to do with the cloud product. 

What I consider to be the aspect that makes the experience good for us is that we get support for all the products. We have access to Premier Support and that enhances the quality of our experience.

Neutral

It's quite easy to set up.

The time needed to set up Azure Active Directory is a function of the environment. For simple deployments, it can be done within hours or within a day. But for complex environments, it might take anywhere from two weeks and up. You need to go through an environment assessment and make use of a project delivery framework.

For example, suppose a customer already has on-premises Active Directory services, and the requirement is to deploy or implement a hybrid identity architecture. That means there are workloads on-premises and in the cloud, and the customer wants to use the same identity scheme or single sign-on. Those are the type of requirements that determine how long it will take to get Azure Active Directory set up.

Deployment generally requires a project manager, an engagement manager, and an architect; a minimum of three people. And if there are other specific solution domains that require specialist skills, it could be four.

There is zero maintenance. The focus, in my own experience, is typically around security: how you're monitoring the environment to ensure that it's still secure. And when there are incidents, to what extent, and how quickly, you can triage and pinpoint and remediate to keep the infrastructure secure? But the actual is maintenance is zero.

It will save us money eventually, even though that's not the case now. For example, for HR, with onboarding and exits, we're beginning to see that this is an area where Entra can help us manage the life cycle of identities. The convenience that comes with that, and how that also helps ensure security and compliance, are areas that Entra can help us with.

The pricing of Azure Active Directory is competitive. By default, the product exists in almost every Microsoft cloud product. But it then depends on the features that a customer really wants to make use of. The extent of the security requirements will inform what kind of plan will be suitable for the customer's situation.

As a business, we have always been cloud-native, so we've always been making use of Azure Active Directory. The very fact that that's what drives our productivity platform, both for ensuring that employees are well engaged and they can deliver on productivity, and meet customer requirements and demands, means we haven't looked at alternatives.

Regarding Entra, the expectation is that when it is deployed, the employee experience should be better. We haven't started exploiting all the features of Entra. It makes use of the core Active Directory: identity and access management, conditional access, et cetera. But we're not making use of all its features at the moment. We hope to implement them in the near future.

Overall, I'm satisfied.

We had the need to integrate the solution that we had on-premise and the email-based identities, so we looked for a solution from the same provider that could establish us and provide a synchronized identity (what we know today as SSO) in our resources and thus be able to log in with the same identities we had on-premise and in the cloud. 

We wanted to take advantage of that synchronized identity quickly, simply, and safely. It was important to understand that users today want to have a single password for all resources, be they applications, or devices, in order to help them so that they are not constantly learning different credentials and can thus be faster and more efficient when establishing a single login.

It has given us the ability to be able to establish single sign-on identities in which we can establish credentials no matter where we are, whether it is on-premises or in the cloud, in a hybrid cloud, or in an additional connection from another cloud where we share equipment or host. 

Additionally, we enabled more protection functions so that it is well protected even though it is a single credential for each environment and established for any environment it could be safely protected.

Its most outstanding feature is the ability to integrate, segment, establish, add and configure an identity for multiple domains in different regions, locations, or types of clouds. It is one of the hybrid solutions that can be used the most to establish an entity configuration in multiple environments. It is a tool that has given us the ability to establish identity security issues to share and perimeter segment the security of an organization, a domain, and multiple clouds in a fast, simple, and well-established way, which has allowed us to be more efficient.

I want to see new functionalities for the active directory. I would like to be able to establish that when you log into computers locally, it is installed on a laptop and you can enable the MFA feature that is currently not available for local computers or Windows on-or off-premise - thus being one of the characteristics that can give greater added value to information security issues. 

If this feature was available on computers, it would help us in the future to avoid security breaches, information loss, or data backup vulnerabilities. In many cases, this could generate a complication. However, we always want to innovate, and the Innovation part is always to ensure that any place, device, or management that we are going to establish at the computational level is 100% secure.

We've used the solution for one year and two months.

We primarily use the solution for MFA; to access apps such as Teams or Outlook, two-factor authentication with our mobile phones is required.

We also use Authenticator to assist our clients with re-enrolling, moving, and adding new devices. 

The solution helps us keep our data secure and prevents security breaches, malware, etc. The app also provides us with options regarding our authentication preferences.

The two-factor authentication provides an additional layer of security for our organizational data, so Microsoft Authenticator plays a crucial role in making our confidential data more secure.

The solution offers multiple authentication methods via text, call, or the app. This gives us many options and flexibility when it comes to MFA.

Our users sometimes experience issues from having multiple Microsoft accounts, which can cause some confusion and hassle.

It would be good to see the incorporation of fingerprints and Face IDs as authentication options. This would simplify the authentication process for end users, especially those who aren't as tech-savvy. It is also a consideration for visually impaired people, for example.

We have been using the solution for about one and a half years. 

Microsoft Authenticator is a very stable application; our only issue is that we run into the occasional bug.

The solution is highly scalable. Many organizations use it around the world. 

The technical support is very good. 

Positive

I used PingID when working for another organization, which is slightly different from Microsoft Authenticator.

I wasn't involved in the initial setup, but the solution is straightforward to use once installed. 

The solution requires a little maintenance, as we sometimes encounter bugs where the app doesn't recognize a user account, for example.

I am not involved in the pricing or licensing, so I can't speak to that. 

I would rate the solution a 10 out of 10.

I would advise potential users to familiarize themselves with the basics of the solution; how to set up an account, how to use the app etc. It's always a good idea to have a clear reason for using a particular solution, how it functions, and what role it fulfills.

The most valuable features are

• authentication
• authorization
• two-factor authentication
• I have never had a failure.

It's multi-tenant, residing in multiple locations. Authentication happens quickly. Irrespective of whether I'm in Australia, the US, India, or Africa, I don't see any latency. Those are the good features that I rely on.

It also has a variable extension, which is an added value because in Active Directory, if you have to do a schema, you have to make changes on multiple Active Directory instances. But here, as the extension attribute can be done from the application level, it helps you provide the provisioning. 

Another good reason for using Azure AD is that it can connect with other SaaS services. It also has SSOs, which, along with the MFA, makes authentication much easier.

One area where it can improve is connectivity with other systems. Not all systems are connected and you have to do coding to establish a point of connectivity. It supports certain vendors and it supports certain protocols. It is limited in many other aspects at the attribute level.

Also, some of the provisioning filters are not capable enough. You cannot do a date filter on the provisioning.

Perhaps they could also have easy protocols to create the accounts. Instead of just a file upload, they should have an easy connector to do the provisioning part.

I work in a service-based company and I've been using Azure Active Directory for my customers for around 10 years now.

From 2020 to 2022, there have not been more than two or three outages, and none was more than three to four hours long. And those outages may not have occurred the whole time in the entire environment, they may only have been in certain places.

When there is an outage, the end-user experience is affected, but that happens in AWS and in Azure. It happens with any SaaS product. Overall, it has not affected the end-user experience, but when there is an outage in Azure, it will have an impact on our environment.

It's scalable, but if you need more than one region, you have to pay for it. You have to think about how you want the service to be available.

The technical support is good.

Positive

The initial setup is easy and straightforward. Setting up Azure AD doesn't require you to do anything. You buy the product from Microsoft and Microsoft sets it up for you. You just establish the connectivity to it. It does not take more than a week or two to complete the setup.

The number of employees you require for deployment and maintenance of the solution depends on how you have set up your provisioning platform. If it is automated, you can have one resource. If you're still in manual, then it depends on the volume of the workload.

Licenses are based on the usage. There is no cap. It's based on the number of users we provision.

A SaaS solution is the best product. You get it at a better price and you have many Windows-based services that are included for free.

I would definitely recommend using Azure AD. Many companies are moving from other vendors to Azure because every company uses Office 365 anyway for Word, Excel, and PowerPoint. As soon as you use that, by default, you get an Azure AD account. If you have an Azure AD account, you definitely have features to use. Why would you want to go for another product?

Overall, I haven't seen any major issues with the product.

We are using the solution primarily for demo purposes. We use active data cases from Microsoft. You can run different kinds of virtual machines and different kinds of services. We're currently using it in production.

It's very smooth and very easy to use. 

The performance is good. 

The product is stable.

It's quite scalable.

The initial setup is not complex.

We would like to see more system updates. They should happen more frequently.

I've used the solution for a while. 

The stability has been good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The solution can scale if you need it to.

About350 people use the solution in our organization.

Their support is not great when you are using cloud solutions, however, when you are using cloud solutions, it's very smooth and very effective. We haven't had any issues. 

I'm not sure if a different solution was used previously.

The installation was not complex. It was pretty simple and pretty straightforward.

The deployment is pretty fast. It takes ten minutes, at a maximum, to set up.

You only need one person for deployment and maintenance. 

I didn't need the help of any third-party integrator or consultant. I was able to handle it myself. 

The solution is pretty affordable. Sometimes you can get a Microsoft voucher to get some sort of discount.

I'd rate the solution a ten out of ten.

This solution is useful for user management because it is integrated with DNS.

The solution is deployed on cloud and on-premises. We're using the latest version.

We have about 200-250 users. All of our users have local and Active Directory. We don't have plans to increase usage.

It's user friendly.

The solution could be cheaper.

We have been using this solution for about five years.

It's stable.

The solution is scalable.

Technical support is good.

Installation is straightforward. It only took a couple of hours to set everything up.

We pay a yearly license. Licenses are very expensive.