Microsoft Entra ID Reviews

I have been employed as a subject matter expert for Microsoft Entra ID, as well as other Microsoft projects. Presently, my organization is collaborating closely with the Microsoft product team. This involves handling end-to-end customer scenarios connected to the products. In cases where there are issues related to configuration or operational scenarios, I provide assistance by configuring based on the organizational requirements. Additionally, I ensure end-to-end security through Microsoft Entra ID. I have dedicated the past 22 months to working within my organization on various Microsoft projects.

Microsoft Entra ID is a cloud-only service. However, if a customer has existing on-premises resources, they can integrate them using Azure Ready Connect to Microsoft Entra ID. It can be used in a hybrid mode depending on the organization's requirements.

Microsoft Entra ID provides a unified interface for managing user access. The user's sign-on experience relies on several factors, including the specific service or resource they are attempting to reach. The initial sign-on process involves first-factor authentication, which typically entails entering the username and password. Depending on the user's assigned security level, multi-factor authentication may be required. If the user is attempting to access an application and Single Sign-On is enabled, they can also enjoy a seamless sign-on experience for accessing both on-premises and cloud-only resources.

The admin center assists us in managing everything, from global administrators to Role-Based Access Control provisions. If a specific admin needs to be assigned to access all user authentication methods, an authentication administrator will be made available. Similarly, a conditional access administrator can assume this role if needed. We have a variety of roles accessible for performing tasks such as accessing, reading, writing, and editing operations, all based on specific requirements. Alternatively, there's the global administration role, which holds the capability to perform various actions and possesses full control over the tenant. This control can be exercised through the admin center.

When the COVID-19 pandemic emerged, all of our employees across various organizations worldwide began working from home. This trend of remote work continues significantly. Users operate from diverse networks, which might vary in terms of security levels. In order to safeguard resources, Microsoft Entra ID plays a pivotal role for all organizations, not solely for mine. Microsoft Entra ID provides essential security features, such as continuous access evaluation, multifactor authentication, IP restriction, and device-based blocking. These features constitute a device registration scenario that organizations can adopt. Whether an organization chooses to manage devices through Microsoft Entra ID or one of the other device registration scenarios available depends on the specific context, particularly the industrial location for an IT engineer. In this setup, an organization can impose restrictions or temporary blocks on users directly, contributing to the assurance of secure logins. This approach aids organizations in preventing unauthorized access to user accounts and organizational data from potentially malicious actors like hackers or unauthorized exporters. Microsoft Entra ID has been designed to enhance the security of both users and organizational information, aligning with Microsoft's commitment to safeguarding user data.

Conditional access is among the most reliable and secure features enhancing the performance of Microsoft Enterprise ID. This functionality enables us to execute various actions, as I have previously indicated. These statements are straightforward and comprehensive. To prevent access for specific users, we must apply logs based on specific requirements. If there is a need to restrict a user, we can implement a pause. This means that if a user is accessing from a certain location or utilizing a particular device, they will be granted access. Conversely, if these conditions are not met, the user's access will be denied. Therefore, conditional access policies can be employed as the organization's primary line of defense. In the past 22 months, updates have been made to the conditional access framework, incorporating conditional access policies from both session management and control management. This enhancement enables organization administrators to apply more refined filters, thereby enhancing user security. These updates include the potential enforcement of app protection procedures through Entra ID. Alternatively, administrators may create custom policies for specific applications or websites using the Defender of products. In the past, the option to merge different Entra apps and conditional access was not available. Presently, conditional access policies offer heightened security, allowing the creation of policies from various Microsoft services, including different apps. This capability empowers us to restrict users or employees from actions like copying certain data or transferring information to other locations. It prevents downloading of company information from untrusted devices as well. Additionally, our implementation of app protection policies aligns various Microsoft services with conditional access policies, further fortifying overall security.

The three factors for implementing a zero-trust framework are verifying the users, checking their privileges, and aiding in identifying any breaches. Conditional access assists with this process.

We can establish application restrictions and enforcement policies based on the Entra ID. These policies can then be aligned with conditional access policies across various locations. Additionally, we have the ability to formulate policies, such as designating trusted and untrusted locations for device data. This ensures that specific applications will only be accessible if they meet the conditional access prerequisites both from Entra and within the Endpoint Manager policies. This encompasses all first-party Microsoft applications as well.

The Verified ID feature is one of the most impressive functionalities I have encountered. Although I haven't used it personally, my role involves working as a technical support engineer for Microsoft. My responsibilities include handling support requests for Microsoft and assisting customers worldwide, whether they are utilizing premier or personal support services. To the best of my understanding, the Verified ID offers one of the most secure methods for organizations to store their data via the Decentralized Identifier framework. This enables them to manage their setup autonomously and perform DID verifications. Through this process, organizations can issue credentials to users using the Microsoft Authenticator app. This ensures that a web server is set up and a decentralized ID is created. Importantly, all organizational data remains confined within the organization; Microsoft does not retain user credentials or passwords. Consequently, all organizational data becomes integrated into the decentralized ID. This process is carried out by administrators responsible for onboarding users into the organization. When an employee joins the organization, they are issued credentials using the Verified ID feature through the authenticator app. Subsequently, these credentials are passed on to the user. The authenticator app then verifies the legitimacy of the request.

Microsoft Entra ID has proven invaluable in saving time for both our IT administrators and HR departments. Prior to Entra ID, we were required to generate individual user IDs sequentially. However, with Entra ID, we now have the convenience of producing them in bulk. This includes the ability to furnish these user access IDs temporarily, along with corresponding temporary passwords. This is achieved through a CSV-formatted Excel sheet. This process is particularly advantageous when juxtaposed with onboarding new users. For our existing users, determinations are made based on their user activity and potential risk status. In this regard, our IT administrators or global admins are promptly alerted if any user is flagged as risky. These notifications and identity protection features are integral components of Microsoft Entra ID, especially in relation to potential users. Furthermore, our system incorporates the latest workflow feature. This functionality closely resembles Identity Protection, although the latter exclusively pertains to users and objects. Conversely, virtual IDs oversee services, including applications and various other resources that have been generated via web apps, SQL, or SharePoint instances.

Microsoft Entra ID has significantly contributed to cost savings within our organization. Prior to implementing Entra ID, substantial financial resources were dedicated to various investments. Particularly in the realm of licensing, any learning initiative incurred substantial expenses. However, there has been a notable transformation in Azure, now rebranded as Entra, accompanied by the incorporation of numerous features under the Microsoft Entra ID umbrella. Undoubtedly, this has greatly enhanced cost management for our organization. Moreover, we now possess the capability to effectively manage subscriptions. We receive regular alerts from the cost management infrastructure, providing insights into our resource consumption. A distinct 'pay-as-you-go' option empowers us to select and pay solely for the resources we utilize. This approach enables us to forego committing to a fixed amount of virtual machines for a predetermined period. Instead, we can opt for resources as needed, paying only for their actual usage. Indeed, the cloud plays a pivotal role in cost savings when compared to the complexities of managing on-premises servers and resources.

The Microsoft Entra ID has significantly enhanced our user experience. In our daily scenarios, there is no need to log in every time. This is especially beneficial for user authentication and accessing various resources. Entra offers features that simplify our daily tasks and the use of dynamic applications that we host. One remarkable feature is the ability to utilize single sign-on, which is both cool and highly effective. Additionally, we have the option of Windows Hello for Business, including field authentication for Windows Hello for Business. These authentication features streamline the login process and contribute to the ease of our work. 

The most valuable feature of Microsoft Entra ID is its security options, where we can provide highly effective security for user accounts during authentication. We have a conditional access policy in place, along with modern authentication methods that can be configured in various ways to meet organizational requirements. These methods may include phone calls, SMS, or even passwordless authentication, which is the most convenient and secure method introduced by Microsoft. This includes Windows Hello for business and certification-based authentication as well.

There are several limitations that Microsoft is currently facing. Since I work with global customers daily, they often come up with new ideas. However, these ideas are sometimes hindered by Microsoft's limitations. As a result, many people are turning to third-party tools or services, even from vendors that are not as reputable as AWS or GCP.

I have personally made similar suggestions to my product team, especially regarding the vendors that users are attempting to rely on. For instance, certain organizations prefer to restrict the use of mobile phones, particularly in countries like India. These organizations are very strict about security and prohibit the use of Android or camera-enabled mobile devices for their employees. Consequently, these users cannot utilize Microsoft Authentication, and instead, they must resort to other password authentication methods such as Fido or Windows Hello for Business.

Among these options, we have only one choice, which is Fido, a security key. However, when users need to use Fido, they are required to also use multifactor authentication. This means that a user can only register for Fido after they have registered for the Authenticator, which is not an ideal scenario. If an organization has already decided not to use mobile phones and has opted for Fido authentication with security keys, it's not advisable to then ask them to use Microsoft Authenticator.

Recently, Microsoft introduced an alternative solution known as the temporary access pass. This pass allows users to log in temporarily, but its effectiveness is limited. This is especially true for Fido authentication with security keys, although it is included in the Entra IDs CBA, particularly for Android and mobile devices. Unfortunately, these secure options are not available when logging in from devices like iPads or iOS-based mobiles, other operating systems, laptops, mobile devices, Chrome, or Linux machines.

Microsoft needs to make improvements in this regard and extend its services to other operating systems as well, especially when considering their widespread usage.

I have been using Microsoft Entra ID for almost two years.

The solution is continuously being updated and enhanced with new features. As we are involved in Microsoft projects, we get a sneak peek into the upcoming release of Microsoft Entra ID, and I am confident it will be exceptionally stable.

Microsoft Entra ID is scalable.

I have been employed as a tech support engineer, assisting with Microsoft products since the inception of my career. As a result, I have not required the services of their customer support.

I have utilized Okta solely for federation services in some testing capacities within my laboratory environment. Okta proves advantageous for establishing federated connections between Azure instances across different clouds. To illustrate, imagine that Microsoft employs local active directory federation services. This duplication seems inevitable, given Microsoft's explicit intentions conveyed through the Microsoft Ignite channel.

Consequently, Microsoft ought to develop federation services akin to Okta's, which offers exclusive cloud-based federation services. This offering would greatly assist users and organizations habituated to utilizing federated authentication protocols. It would be prudent for Microsoft to integrate a cloud-exclusive federation service into Azure Cloud.

Furthermore, Microsoft contends that, in terms of security and trustworthiness in authentication service identity providers, Entra reigns supreme compared to other options. In this regard, I concur that Entra boasts superior security when contrasted with Okta.

Azure Cloud refrains from provisioning specific federation endpoints for certain applications due to the persistent usage of on-premises or federated applications by numerous organizations. This gap is where Okta has capitalized, effectively occupying the market space that Entra commands in such scenarios.

The initial setup is straightforward. The deployment is simple. We possess Microsoft learning documents and public articles from Microsoft, along with community channels. If we aim to adhere to these instructions, the process is quite simple. Even a college graduate attempting to configure from the Entra web portal will find it easy to follow. The procedure is particularly straightforward for specific scenarios and the specific topics that Entra provides.

I completed the implementation in-house using the documentation provided by Microsoft and by following the Microsoft YouTube channels.

Entra's pricing is somewhat higher compared to AWS. With AWS, we have the ability to access EC2 servers, which are essentially virtual machines, for free for a duration of up to one year, specifically the basic virtual machine instances. However, Entra does not offer a similar option. If we are utilizing any form of virtual machine on Entra, we must begin payment after one month of complimentary usage. Unlike AWS, Entra does not provide access to basic virtual machine instances for educational or testing purposes. Furthermore, there is a discernible difference in pricing and licensing when we compare AWS Identity Access Management with Entra's ID system.

I would rate Microsoft Entra ID eight out of ten. I deducted two points due to the limitations concerning the connectivity of services for Android and other operating systems.

Public Cloud

Microsoft Azure

We have been using Microsoft Enterprise for ten years, and we actually started beginning to really use it about two years ago. Earlier, we had an access manager on the premises, but everything is moving to the cloud. So we are moving our access management and identity management solutions to the cloud as well.

The whole access management solution is valuable. In 2015, we were selecting a new access management solution, and because it was already integrated, we started using it. 

Integration with Defender allows us to get alerts and respond to them by blocking users. Microsoft Entra ID has streamlined and centralized our device management and threat response processes.

We are looking for more customization with BRAIN and everything else, and while they are following up on that, we want some more of it.

We have experienced some downtime because of the use of the data centers.

In Microsoft technical support or Microsoft Denmark, we have an account manager and strategist, whom we contact along with the suppliers who have their own technicians. The experience has been positive.

Positive

Earlier, we had an access manager on the premises before moving to Microsoft Enterprise for cloud-based solutions. In 2015, we selected a different access management solution initially.

Would you rate the overall solution on a scale of 1 to 10? Yeah, excellent. From one to ten, would you mind the call? I think, yeah, excellent.

Microsoft Entra ID serves as an identity protector and service privilege manager.

It has enabled my organization to build a secure environment for user login and asset access. We can enable secure user logins and access to assets.

When we implement app access with Microsoft Entra ID, it gives us confidence that we have secure authentication for our applications.

With privilege identity management, we can grant or escalate rights to a role for a short duration of time and not forever. It is a great feature. It is useful to validate the escalation of privileges. 

Federation on access service principle and the ability to be passwordless in certain use cases are valuable. Federated identity management is a great feature for the zero-trust model. 

Microsoft Entra ID could benefit from more fine-tuned rights. It is necessary to prevent granting an application or user broad access rights. A more precise approach would allow for specific rights, limited to certain contexts within the organization.

I have been using Microsoft Entra ID for three years.

Microsoft Entra ID efficiently responds to numerous requests, and we have not faced significant connectivity issues, making it reliable.

Their customer support is good.

Positive

I have not used any other solution. I was previously using Azure AD. About two years ago, it was renamed to Microsoft Entra ID.

I would rate Microsoft Entra ID a nine out of ten.

Other

I handle access management.

Microsoft Entra ID has positively impacted the secure access to apps and resources in our environment. It's just easy to integrate.

It makes management easier. We have visibility into password compromises and other things.

What I appreciate the most about Microsoft Entra ID is that it integrates seamlessly with other Microsoft products, which streamlines the process.

It integrates with applications, such as our Password Manager, and multi-factor authentication, and it integrates with Office 365 and third-party applications. That's very useful.

Microsoft Entra ID can be improved by having more resources for learning how to best use the tool and understanding best use case scenarios. The learning curve is challenging, so I would appreciate seeing a training portal that is easier to use. I would appreciate seeing more guides and training materials about Microsoft Entra ID.

I have been using it for six months.

The stability and reliability of Microsoft Entra ID are good. It is very reliable, and I have never experienced any problems.

Microsoft Entra ID is very scalable with third-party applications.

We have been using Entrust within our environment, and Microsoft Entra ID is in our larger environment. We use both solutions.

The biggest return on investment when using Microsoft Entra ID is the integration with third-party applications.

I would rate Microsoft Entra ID a nine out of ten.

Public Cloud

Microsoft Azure

Our primary use case for this solution is identity and access management within our organization's hybrid cloud environment. We have a multinational presence across 12 countries, with around three thousand employees worldwide. Entra ID plays a pivotal role in streamlining user onboarding and offboarding processes, ensuring secure access to our resources.

Our environment is characterized by a blend of on-premises and cloud-based services, and Entra ID seamlessly integrates with our Azure tenant. It allows us to efficiently manage user identities, enforce authentication and authorization policies, and implement multifactor authentication for enhanced security.

Moreover, we leverage Entra ID's capabilities to maintain compliance with specific regulations, such as those in Germany, where mailbox access for departed employees requires careful management. Entra ID's security features, including Azure Information Protection integration, provide an additional layer of protection against evolving cyber threats.

Microsoft Azure Entra ID has been a transformative addition to our organization, bringing a multitude of benefits and enhancements across various facets of our operations. Here are the key ways in which Entra ID has made a significant difference:

Unified User Access and Seamless Experience:

Entra ID provides a unified interface for managing user access, offering an exceptionally user-friendly experience. Users can effortlessly access a wide range of applications, both cloud-based and on-premises, using a single set of credentials. The Azure portal serves as a true portal, creating a distinct realm for users while maintaining a user-friendly interface. Single Sign-On (SSO) configuration simplifies the login process, allowing users to use a single ID for multiple applications. This streamlined approach, coupled with multifactor authentication, ensures a secure and convenient login experience, especially important in today's remote work environment.

Efficient Policy Management:

One of the standout features of Entra ID is the ease with which Azure policies and conditional access can be applied to enhance security. The EntraID admin center serves as a central hub for cloud-based identity and access management, offering a wide array of features that not only enhance security but also promote collaboration and productivity within the organization.

Modern Authentication Protocols:

Entra ID employs modern authentication protocols like OpenID Connect, which are well-suited for web and mobile users. This is especially crucial in an era where remote work and mobile device usage are prevalent. It represents a significant improvement over the traditional Windows Active Directory, which relied solely on Kerberos and NTLM.

Hybrid Capabilities:

Entra ID's support for hybrid scenarios is invaluable. It caters to the preferences of employees who still rely on on-premises solutions while leveraging the advantages of the cloud. This flexibility in a hybrid environment is a substantial benefit.

Conditional Access for Enhanced Security:

Conditional access policies, akin to "if-then" scenarios, provide granular control over access conditions. These policies evaluate login attempts based on factors such as user location, device health, and more. This ensures that access is granted only under specific, predefined conditions, significantly bolstering security.

Role-Based Access Control (RBAC):

Entra ID offers a robust RBAC system that allows precise management of access permissions. Custom roles can be created, granting users only the necessary permissions, enhancing security without overexposure.

Cost-Effective Scalability:

The cost-effectiveness of Entra ID is notable. It offers a free option, making it accessible to organizations of various sizes. Premium plans unlock advanced features, such as identity protection and advanced threat detection, providing excellent value for the investment.

Enhanced User Experience:

Entra ID has substantially improved the user experience. Account creation and provisioning are straightforward, even more streamlined than traditional Windows Active Directory. This inclusive process involves licensing, role, and permission configuration, all within a unified interface.

Microsoft Azure Entra ID has significantly enhanced our organization's security, user experience, and efficiency. Its modern authentication, conditional access, and RBAC capabilities, along with its support for hybrid environments, make it a valuable addition to our IT ecosystem. Moreover, the cost-effectiveness of Entra ID and its role in simplifying identity and access management have further solidified its value proposition. Our users are more satisfied than ever, thanks to the improvements brought about by this powerful solution.

The standout features of Microsoft Entra ID, for me, revolve primarily around its robust security measures. As someone deeply invested in cloud security, these aspects have proven to be exceptionally valuable.

Conditional Access Policies: The ability to formulate and enforce conditional access policies is a game-changer. It allows us to implement highly granular access control, considering factors like user location, device health, and authentication methods. This level of flexibility ensures that access to critical resources is granted only under the appropriate circumstances, enhancing our security posture significantly.

Identity Protection: Microsoft Entra ID's identity protection capabilities are commendable. They assist us in safeguarding user identities, reducing the risk of unauthorized access and identity-related security breaches. The peace of mind that comes with knowing our identities are well-protected is invaluable.

Threat Intelligence: Real-time threat intelligence provided by Entra ID equips us with the necessary tools to stay ahead of emerging security threats and vulnerabilities. In a rapidly evolving threat landscape, having this information at our fingertips is indispensable.

These security features, coupled with a user-friendly interface and seamless integration, make Microsoft Entra ID an exhilarating solution for those of us who prioritize cloud security. It not only enhances our security posture but also empowers us to adapt and respond effectively to evolving cybersecurity challenges.

Privileged Identity Management (PIM) Performance: Improvements in the performance and reliability of PIM are crucial. Users occasionally encounter issues where roles are elevated, but the assigned roles do not function as expected. Enhancing the consistency and responsiveness of PIM is essential for a seamless privilege management experience.

Portal Speed and Responsiveness: Addressing occasional slowdowns, particularly on Fridays, within the Azure Entra ID portal is important. Consistent portal performance ensures efficient user access management and administration.

Cross-Tenant Synchronization and Collaboration: Simplifying cross-tenant synchronization and collaboration is essential for organizations working in multi-tenant environments. Enhancements in this area can streamline identity and access management processes across tenants, reducing complexity and improving collaboration.

User Offboarding and SharePoint Permissions: Streamlining the offboarding process for former employees is critical. After disabling or deleting a former employee's account, there should be an automatic mechanism to remove associated permissions in SharePoint. Currently, these permissions often remain in SharePoint as stale entries, requiring manual removal. Automating this process can improve security and reduce administrative overhead.

I have been using Microsoft Entra ID for six and a half years.

The Entra ID system has consistently demonstrated a high level of stability. Throughout our usage, I can't recall a single instance when the service experienced downtime. This underscores Microsoft's commitment to ensuring the continuous functionality of the service for its customers.

The stability of Entra ID is crucial for our operations, and its reliability has greatly contributed to our confidence in the platform. Microsoft's dedication to maintaining a stable environment aligns with the expectations of organizations relying on their services.

In summary, the stability of the Entra ID system has been commendable, and it reflects Microsoft's emphasis on delivering a reliable experience to its users.

Scalability in the context of Entra ID has been a significant advantage, particularly when compared to traditional on-premises solutions. The scalability of Entra ID is dependent on both the hardware and the underlying infrastructure. In the case of on-premises servers, organizations are tasked with maintaining and upgrading the hardware, which can be resource-intensive.

What I've observed with Entra ID is that it offers exceptional scalability and reliability. This scalability is achieved through a combination of factors, including built-in redundancy and automatic updates. Microsoft takes on the responsibility of managing the underlying infrastructure, alleviating the maintenance burden on organizations.

This level of scalability allows us the flexibility to easily scale our resources up or down based on our specific requirements. Whether we need to accommodate growth or adjust resources to optimize costs, Entra ID provides the agility needed to achieve our goals.

In essence, the scalability of Entra ID is of the highest quality, and it's a testament to the benefits of utilizing a cloud solution like Azure. The cloud-based approach simplifies resource management and ensures that we can efficiently adapt to changing demands.

We've encountered occasional issues, and Microsoft's customer service and support have consistently been friendly and responsive. Whenever we've reached out to them, they've promptly assisted us in resolving our problems.

One notable aspect is that Microsoft support typically prefers phone calls or emails for communication. While their support is effective, we've found that using Microsoft Teams for support calls would be much more convenient. Teams provides an efficient and collaborative platform for communication, making it a valuable tool for resolving issues.

This highlights the opportunity for Microsoft to enhance customer support by utilizing Teams for more convenient and efficient interactions.

Positive

The initial setup of Entra ID is remarkably straightforward. The system seamlessly integrates within our existing infrastructure, requiring nothing more than an Azure tenant.

In terms of the migration process, we prioritize quality over quantity. We don't need a large workforce for the migration; instead, we value individuals who possess a clear understanding of their roles and responsibilities. This approach is supported by a well-established product line and effective risk management strategies. Additionally, our past experiences and insights gained from previous projects significantly contribute to our confidence and comprehension of the necessary actions.

In collaboration with our partners, our team consists of five members dedicated to the migration process. Our partners, on the other hand, have a smaller team comprising three individuals providing assistance. This collaborative effort ensures a smooth and efficient transition to Entra ID.

We worked with a Cloud Solution Provider (CSP) with many years of experience with the product to successfully implement Entra ID

Our investment in Entra ID has undoubtedly yielded a significant return. Those familiar with its capabilities and accompanying features are confident in the tangible benefits it brings. In a landscape where cloud advancements have revolutionized IT, Entra ID stands out as a crucial component of our infrastructure.

Without this cloud product and the transformative developments in cloud technology, navigating the IT landscape would be challenging. We'd likely find ourselves exploring various products from different companies, potentially incurring higher costs than our current investment in Entra cloud products.

Therefore, I have full confidence that we've achieved a substantial return on investment through our adoption of Entra ID and other cloud solutions. It's a testament to the value and cost-efficiency that modern cloud technologies offer to organizations.

When it comes to setup cost, pricing, and licensing for Entra ID, I would advise others to carefully assess their organization's specific needs and requirements. It's essential to have a clear understanding of the features and capabilities needed to support your business operations effectively.

Consider the scalability of your organization and how Entra ID aligns with your growth plans. Microsoft offers various licensing options, so it's worth exploring the most suitable licensing model that fits your budget and operational demands.

Additionally, keep in mind that while initial setup costs may vary, the long-term benefits of a secure and efficient identity management solution like Entra ID can significantly outweigh the initial investment. It's an investment in both security and productivity.

Lastly, stay updated with Microsoft's licensing updates and pricing changes to ensure that your organization remains compliant and optimized in terms of cost-effectiveness."

This advice provides a general guideline for organizations considering Entra ID, encouraging them to conduct a thorough evaluation of their needs and resources.

Our organization has a strong Microsoft orientation, which naturally led us to align our infrastructure with Microsoft standards. Entra ID serves as our identity provider, handling crucial processes like onboarding, offboarding, and managing departed employees' accounts and devices.

One challenge we've encountered is dealing with "stale devices" connected to Entra ID when employees have left the company. To address this, we regularly execute scripts to identify and manage both dormant accounts and devices. Compliance policies, especially in countries like Germany, necessitate specific mailbox access rules for departed employees. This involves granting the manager access to the mailbox for three months before archiving it. Deleting the user account isn't an option in such cases.

Entra ID offers a health dashboard that helps us track maintenance activities and pending implementations. Key updates, recommended every three months by Microsoft, are currently performed on a monthly basis to maintain robust security.

As a multinational company and a global workforce, security is paramount. Multifactor authentication is a crucial process for all Entra ID users, given the increasing sophistication of cyber threats. We highly recommend exploring the security features of Entra ID and its integration with Azure Information Protection—a cost-effective, AI-driven solution that enhances security.

Hybrid Cloud

Microsoft Azure

We have it synced to our on-premises Active Directory environment where we have some Active Directory servers. We use it for authentication into our cloud apps. We use it for SSO. Because it is connected to our Office 365 tenant, we use it for single sign-on for applications that support it. 

We also use it to evaluate risky sign-ins or risky activity for users. If there are user sign-ins from a geographic location that they would not normally sign in from, we get a notification for it, and we can investigate what is going on with a user's ID, if the person is actually there or not, and if we need to take any action on it.

Entra ID has primarily helped with security and some level of organization of our user environment and application access for staff.

Entra provides a single pane of glass for managing user access to some degree. We still have to use local Active Directory management for certain items or troubleshooting. It does not seem to extend management and troubleshooting down to the endpoint level or have the same sort of granularity as managing Active Directory directly from an Active Directory server.

Entra ID has helped to save time. It has saved four to eight hours of staff member's time per week.

In some ways, Entra ID has saved us money because using it for single sign-on for third-party applications means that we do not have to use a third-party solution such as Okta or OneLogin. It is a default solution. It comes out of the box, and it works with multiple applications, which means that we do not have to go the route of having a third party to have that same type of solution for us. In that sense, it does save us money, but I do not know how much it has saved because I have not priced out Okta or any of the other solutions. I imagine it is a fairly substantial amount that they would charge per user per month times the number of our users.

Syncing with our on-prem Active Directory is valuable because we do not have to keep multiple identities for each of our staff members. We can easily evaluate login risks and provide access for SSO via 365 into applications, such as Salesforce, and other things that we run our business on.

Certain aspects of the user interface can be rather clunky and slow. It can sometimes be circular in terms of clicking a link for a risky user sign-in and seeing what the risky login attempts were. It takes you in a circle back to where you started, so drilling down into details, especially if you are not in it every day and it is one of many tools that you use, can be difficult. It can be difficult to track down the source of an issue.

There should be better integration or support for FSMO roles and cross-tenant force management. If you want to enable it, it is tricky when you add Entra ID into the mix for domain sync or directory sync.

I have been using this solution for five years.

The Entra ID and Azure Active Directory support is quite good. Sometimes, it may take a little bit of time to get past tier one basic questions and basic pointing to support articles and talk to somebody who looks at your configuration and starts to understand what your specific challenges are, but once you get to that next tier of support, it seems like you are able to get answers very quickly.

I would rate their support an eight out of ten. A ten out of ten would be where you make one phone call and all solutions are given.

Positive

We did not have single sign-on capabilities for our SaaS apps. Prior to implementing our Azure environment, we did not have a cloud identity provider. It was all on-premises.

I was involved in the deployment and initial setup of Entra ID. It was not that difficult. It had medium difficulty. There is a Microsoft way of doing things. Microsoft certainly seems to have made things easier since then. Whenever I go back into the system, it looks like some of the usability improvements are there. 

I believe that we also contacted Azure support a number of times during our deployment, and they were quite helpful. They were helpful up to the point where I got contacted by a product manager for Azure Active Directory at the time, and they were able to walk us through some of the implementation challenges we had, so Microsoft, at least for us as we were adopting Azure and Azure Active Directory, had a lot of hands on help with getting set up. They are open to feedback as well. The implementation was about as difficult as I expected an implementation to be. It was not certainly a turnkey where it just works right out of the box, but I have had more difficulty implementing other Microsoft solutions.

It is good. We have Office 365 E3, and then that is tied in with Azure Active Directory. I believe that we only have to pay for our technician-level access or IT department access for Azure Active Directory Premium, which I am sure they call Entra Premium P2 licensing, so it is not a very large cost. We just adopted that, and that gives us a lot of insights into user security that we would not otherwise have. 

We looked at Okta. We looked at Cisco Duo. We looked at OneLogin. I believe that there was some cost that we would have to bear if we had adopted them. Okta looked like a very good solution, but Azure AD came integrated out of the box with our Azure environment and our 365 environment, so we decided to move forward with it instead.

We have started using Permission Management. We have not fully rolled it out yet. We have also not used Verified ID. It is something that is a little tough to implement because the documentation is not necessarily there yet. We have just started touching the surface of it.

I would rate Entra ID an eight out of ten. It is a good product. It works out well for an organization of our size. We are fairly small, and we have limited IT resources. We are able to use Entra ID for permissions management and access management. I am trying to learn more about secure access and secure edge type of solutions that Entra has. At this Microsoft event, the demos in Demo Theater 3 have been overflowing and overcrowded to some crazy degrees, so there is definitely demand for it. Microsoft can put these demos in a larger room because there is a lot of demand for it.

I use Microsoft Entra ID for managing employee onboarding and privileged identity management inside Entra for security. We also use it as an active directory.

The product's valuable features include privileged identity management, least privilege for Zero Trust, the onboarding process for new employees or role changes, and implementing security on identity authentication and authorization. It provides resources for security, which aids in fast employee onboarding.

In the compliance area, the granulation of access to storage accounts or Kubernetes could be improved.

I have used Entra for about one year or maybe two, and it is recently in production.

Some aspects were complex, such as using Microsoft Entra ID in our products and applications. However, Microsoft has a support line that is part of our SLA, which helps resolve any difficulties.

I would rate the support as ten out of ten. They were available to us and worked with us for a day to resolve issues.

Positive

I used Okta Active Directory previously. I use both Okta and Microsoft Entra ID. The reason for moving to Microsoft Entra ID is that it is better for our client applications instead of using another authentication program.

The initial setup was smooth and involved syncing between active directory and Microsoft Entra ID.

In the first and second phases, I handled the deployment alone. The third phase focused on training tier-two technicians.

The ROI improved noticeably, although I do not have exact numbers.

Microsoft Entra ID is not too expensive, and we received a great offer from Microsoft, upgrading to E5 or P2 at a better price.

I rate Microsoft Entra ID an eight out of ten overall.

Hybrid Cloud

Other

I am the Microsoft solution architect for our organization and we are in the process of testing Microsoft Entra ID. 

Microsoft Entra ID will serve as the identity provider for all services, including on-premises and other sources. For instance, it can be utilized to authenticate our in-house phone application, replacing the need for local active directory authentication. With Microsoft Entra ID, the local active directory becomes unnecessary for authentication purposes. As an illustration, even in services like Gmail, authentication through Microsoft Entra ID is possible. This presents an excellent option that is also user-friendly. 

Moreover, the system is uncomplicated, featuring a lightweight and non-hierarchical schema. In contrast to the conventional active directory with its organizational and sub-organizational structure, Microsoft Entra ID adopts a flat directory model, streamlining operations without hierarchies. While this approach offers advantages, it also comes with its drawbacks, such as its reliance on the cloud platform.

Microsoft Entra ID provides a unified interface where we can manage all of our entities. It utilizes a flat directory structure, allowing us to assign user access and group them using tags. For instance, when we create a user for the sales team, we simply apply a tag such as "sales," automatically adding that specific user to the sales group. This eliminates the need for the manual creation of containers and the manual grouping of users within a specific container. Everything is achieved through tagging, and streamlining the process, and is facilitated by the singular interface offered by Microsoft Entra ID.

We can easily apply security policies through a unified interface. Everything in Microsoft Azure can be utilized for server storage. Although it's within a single interface, there are options for differentiation. For instance, by clicking on the Microsoft Entra ID, we can access a distinct interface. Here, we have the ability to create, apply, and manage policies for various aspects, all from this specific interface.

The admin center helps us identify where there are issues and easily take action.

In Microsoft Azure, there is a tool called Intune, which serves as a device management tool. In the past, we encountered issues while managing all end devices through SSCM. This involved a constraint where any updates or policies could only be pushed if the device was connected to the office network. Essentially, users needed to physically connect their devices to the office network to receive updates or policy changes. However, with the introduction of Intune, a Microsoft Azure product, we transitioned all our devices to this platform. This allows us to create and directly push policies without the necessity of the device being on the corporate network. Users can now receive security updates, as well as different antivirus updates, even while working from home. This streamlined approach greatly simplifies endpoint maintenance, which also extends to mobile devices.

We do not utilize the Microsoft Entra ID conditional access feature for endpoint devices. Instead, we apply conditional access to specific groups. For instance, we have a team that requires access for a defined period. Additionally, certain types of vendors need access ranging from, for instance, two days to a few hours. In such cases, we employ the conditional access feature to grant the necessary access. We have employed this approach, and it has proven to be highly advantageous.

While we don't typically utilize the conditional access feature in combination with Microsoft Endpoint Manager from the user's standpoint, there are certain groups for which we do implement conditional access. For instance, within multiple teams, not all members are granted identical access. Various team levels enjoy distinct levels of access. It is in such scenarios that we employ the conditional access feature.

We have an access group where we define the access that each team will receive. Additionally, we have the Tier One, Tier Two, and Tier Three support teams, for which we have defined privileges based on their respective roles and responsibilities.

Microsoft Entra ID assists in saving several hours for our IT administrators and HR departments daily. This is particularly due to its unified interface. For instance, when we need to review certain logs, we can grant access to the HR team. They can easily retrieve logs detailing specific employee activities. This includes information such as individual browser usage duration and system activation records. These types of logs encompass the range of data generated on a daily basis from this platform.

Microsoft Entra ID has undoubtedly assisted in saving money for our organization. This is because we are not only utilizing the solution itself, but we can also incorporate our application server along with products such as software and solutions, including emails. Microsoft Entra ID is included as part of the package fee, which unequivocally contributes to cost and time savings. This is primarily due to the elimination of the necessity for an additional identity provider, as it is already encompassed within the package.

Our employees' user experience has improved with Microsoft Entra ID compared to the local Active Directory, which was occasionally slow, depending on the availability of our log-on server at the time. If it was unavailable, logging in was significantly slower, and we could get logged out. This is no longer the case, and now we can easily log in. 

The group assessment policy stands out as the most valuable feature. It allows us to create numerous groups and add multiple users to those specific groups. Managing these groups can become quite complex within the standard active directory procedures. For instance, when it comes to tasks like adding or removing users, especially if a user is checked out, it can be unclear whether someone needs to manually remove them from the active directory.

However, there exists an option that streamlines this process. This option automatically sends a notification to the user. We have the ability to define the email user in the designated field. Subsequently, the system will prompt us to confirm if continued access to this specific group is required for a few users. If this is a routine request, the system will retain the user in the group, ensuring their ongoing access. This particular feature proves to be incredibly useful in managing these scenarios.

The group policy structure options continue to change, and the naming conventions remain confusing when we access the cloud. 

The support is a bit slow. This is particularly challenging for the service engineers. For instance, opening a ticket takes a considerable amount of time to pinpoint the underlying issue. While high-severity tickets are resolved quickly, there are instances of lower-severity issues that still impact a specific group of users. Addressing these problems is taking longer than usual.

I would like to have the option if needed to use the hierarchy when setting up groups.

I have been using Microsoft Entra ID for three years.

Microsoft has really good SLAs and I can not remember the last time they went down. I would rate the stability of Microsoft Entra ID nine out of ten.

Scalability is quite simple, and the primary advantage of the cloud solution is its scalability; there isn't much to manage in this regard. Our growth remains unhindered because we don't have to impose limitations on ourselves when embarking on new projects or endeavors. Scalability is inherent, requiring only payment for additional resources if necessary. As there's no hardware involved, both scaling up and scaling down are easily achievable.

The support is slow to respond to and resolve minor issues.

Neutral

We are still using our standard Active Directory locally in our on-premises data center.

The complexity of the initial setup depends on the technique used. While it may seem a bit complicated, with the proper design, it becomes a non-issue. Each module has different procedures. For instance, the Defender module, which is a Microsoft service, serves as a part of the Entra ID, allowing us to block and control websites and provide security antivirus solutions. We have onboarded all our devices to Defender. Thus, the machine doesn't need to be part of Microsoft Entra ID, but migration is still possible.

Currently, we are in the midst of a project to onboard the devices to Microsoft Intune. We are transferring the devices from the local active directory, and this process is ongoing. For each device, specific scripts need to be executed, which can be a bit complex. The complexity often arises due to existing policies and applications. When everything is well-prepared, the onboarding process is smooth. This might be an easy task for a new organization, but for those already using a different solution, the migration process becomes a bit complex. Thorough testing is necessary, especially considering that policies tend to change over time.

This project has been running for more than two years and is still ongoing. The pilot phase alone is estimated to take about one and a half years due to various commitments. Unlike a company like Google, my organization operates differently; it encompasses multiple entities like the United Nations across various locations. Since the user count exceeds five thousand, we're being cautious and gradual in our migration. At present, we have migrated only around a hundred users for testing purposes. The migration of the remaining users is scheduled to occur soon.

The price is good, and we have no complaints.

I would rate Microsoft Entra ID nine out of ten.

Microsoft Entra ID is utilized throughout our entire environment. It serves as a singular identity provider for all aspects of our operations, including servers, applications, endpoints, and even external applications. For instance, we can authenticate third-party applications using Microsoft Entra ID.

The required number of personnel for maintenance depends on the size of the organization and the quantity of Microsoft products in simultaneous use. For instance, if we have Microsoft Entra ID solely for email and SharePoint online teams, and there are around five thousand users. In this scenario, I believe that dedicating approximately three to four individuals to Microsoft maintenance would be reasonable.

I recommend Microsoft Entra ID. Microsoft Entra ID can be utilized for third-party applications like AWS and Google as well. It's user-friendly, allowing us to authenticate the products or applications of our interest, even if they are not located in the same place as our origin; nonetheless, they will function seamlessly.

Hybrid Cloud

Microsoft Azure