Microsoft Entra ID Reviews

My primary use case for Microsoft Entra ID is service principal management for API access and infrastructure access to Azure and similar systems. We also use it for single sign-on into some applications, such as SAML and OIDC applications.

The features of Microsoft Entra ID that I find most valuable include the ability to define service principles and assign permissions. This aspect is valuable but also difficult to manage. This is because it gives teams permission to self-service and access the infrastructure. We can assign fine-grained permissions, so there is a proliferation of service principles. There are many of them, making it difficult for us to streamline management.

Joining devices with Entra ID and the integration of Intune is cool. It's an easy integration. We use a different MDM, but we are looking into Intune integration. If that works, things will be simple for us.

It is difficult to manage Microsoft Entra ID because we did not lock it down initially, which meant that by default, any user with an account into Microsoft Entra ID could provision permissions for themselves and access Azure infrastructure. We discovered later that we needed to lock it down, resulting in close to a million service principals due to knowledge gaps within our team. 

With our integration of Microsoft Entra ID and federation to Okta, our identity provider, there is now a lot of overlapping functionality. However, to support different operating systems for our use case, we still use Okta. The issue arises when authenticating apps through Okta; it sees authentication requests from the Office 365 umbrella of apps without identifying the specific app. Moreover, there is a persistent token involved when logging in through Microsoft Entra ID, which prevents redirection to the identity provider for authentication, leading to certain limitations.

Their support needs improvement. The UI can also be better. The menu options are very confusing at times. Coming from a different product, which is very similar, it's not intuitive. The UI isn't great. It doesn't look modern at all. The UI could look a lot different. It can be more snappy and more intuitive.

I have been using Microsoft Entra ID for approximately four to five years.

The stability and reliability of Microsoft Entra ID are satisfactory. We have a stage environment, and although the UI appears quite slow, there are no issues with downtime.

Microsoft Entra ID scales effectively with the growing needs of our organization, as we have never faced any challenges with its scalability.

We have about 40,000 users and a lot of AD groups. 

I would evaluate Microsoft support as three out of ten. Microsoft support does not engage right away. They usually try to deflect, buy time, and often do not address the problem immediately. They tend to take excessive time and pin the blame on other components or products involved. We have had notoriously bad experiences with Microsoft support, with cases remaining open for extended periods, leading us to sometimes give up and seek solutions ourselves.

Negative

We also use Okta as our IDP. We have had it for a long time. 

Microsoft started adding more and more features to Azure AD, then it became Entra ID, but it is not our default IDP. There is not a huge difference between them, but Okta support is great because they are a much smaller company compared to Microsoft. They are much more responsive. Their support is definitely way better than Microsoft's support.

I didn't do the deployment. Another team did it. I guess it was easy. 

We have a hybrid setup. Our AD is on-prem.

We have not yet seen an ROI. We are yet to properly leverage Entra ID features. We can't fully blame Microsoft there, but there are definitely some integration pain points.

We have not looked into any other identity solutions.

I would rate Microsoft Entra ID a seven out of ten. It can play well with other products. The integrations can be simple, and the UI can be better.