Microsoft Entra ID Reviews

I use Microsoft Entra ID to manage and reset user passwords and set their requirements so they can access the environment.

The Entra portal offers a unified interface to oversee user access. Through the Entra portal, I can access my resources. I utilize the quick user and quick group features to assign users to roles according to their permissions, missions, and development tasks. This involves our EBAC and RBAC systems, assigning tools, and linking them to functions required for executing tasks. After completing these assignments, we place these users in groups and grant them access to specific resource environments, aligned with their designated tasks within those environments.

The Entra portal does not affect the consistency of the security policies that we apply.

The administration center for managing identity and accessing tasks within our organization operates according to the established protocols and procedures prior to its implementation. We utilize account provisioning, RBAC, authentication, authorization, password management, security, and incident management. These are all components that we have implemented to facilitate access and development within our environment.

There are certain things that have helped improve our organization. First, security. With Entra ID, we have been able to implement SSO capabilities for our applications and most resources in our environment. This means that we can use a single credential to access all of our resources, which makes it more difficult for hackers to gain access. It also makes it easier for our users to sign in to resources without having to remember multiple passwords. Second, Entra ID allows us to implement multiple authentication factors. This adds an additional layer of security by requiring users to verify their identity in more than one way. For example, they might need to enter their password and then also provide a code from their phone. This makes it much more difficult for unauthorized users to gain access to our systems. Entra ID also makes it possible to define roles and permissions based on each user's needs. This allows us to grant users only the access they need to do their jobs, which helps to protect our data and systems. Finally, Entra ID allows us to implement conditional access controls. This means that we can restrict access to resources based on factors such as the user's location or the device they are using. This helps to protect our data from unauthorized access, even if a user's password is compromised.

Conditional access is a way to make decisions about enforcing security policies. These policies are made up of "if this, then that" statements. For example, if a user wants to access a resource, they might be required to complete a certain action, such as multi-factor authentication. If a user tries to sign in from a risky location, the system will either block them or require them to complete an additional layer of authentication.

The conditional access feature does not compromise the robustness of the zero-trust strategy, which is a good thing. I have configured it in my environment based on primary monitoring. We have certain locations that we do not trust users from. If a user tries to sign in from one of these locations, which the system automatically detects, they will be required to complete an additional layer of authentication. With zero trust, we do not trust anyone by default. Anyone trying to access our environment externally must be verified.

We use conditional access with Endpoint Manager. When configuring conditional access, we consider factors such as the user's location, device, and country. These are the things that we put in place when configuring the policy. We create users, put them in a group, and then decide to apply conditional access to that group. So, this particular group has been configured under conditional access. This means that no matter where they are, what device they use, or what activity they want to perform in the environment, they will be required to meet certain conditions that have been configured in the conditional access policy.

We use Verified ID to onboard remote users. SSO is configured for this purpose so that users do not have to remember multiple IDs, passwords, or usernames. This can be tedious when logging in to multiple applications. Once SSO is configured for our users, we also configure self-service password reset so that they can reset their passwords themselves if they forget them. With SSO, users only need to remember one credential, their Verified ID. When they log in to an application, such as Zoom, they are redirected to the identity trust provider, which is Entra ID. Entra ID requires a sign-in. Once the user enters their Verified ID into Entra ID, they are redirected back to Zoom and are issued an access token, which allows them to access Zoom. In this way, users can automatically access all other applications in the system that they are required to use to carry out their day-to-day tasks in the company.

Verified ID helps protect the privacy and identity data of our users. Data access management is all about the user's identity. The three main components of data access management are identity, authentication, and authorization. Identity access management is about protecting user information and ensuring that they only have access to the resources they need to perform their jobs. Verified ID is an additional layer of security that helps to ensure that users only have access to the right applications and resources. It does this by verifying the user's identity and ensuring that the resources are being accessed by the right person. Verified ID also uses certificates to confirm the trust and security of the system.

Permission management helps with visibility and control over who has access to what resources in the environment. For example, an HR manager should only have access to HR resources. To achieve this, we put users into groups based on their job function, such as the HR department. We then grant permissions to these groups to access the resources they need. This way, no one in the HR department can access resources that are meant for the financial department. Permission management helps to reduce unauthorized access to resources and prevent data breaches. Before we grant access to resources, we perform a role-based access control analysis to determine the permissions that each role needs.

Entra ID has helped us save a lot of time by streamlining our security access process. From time to time we conduct an access review to ensure that only the right people have access to the environment and resources.

Entra ID operates on multiple platforms and devices, which reduces the time spent on manual tasks and increases productivity. Its ability to integrate across our centers worldwide, providing accessibility, has saved us money.

Entra ID has improved the user experience and performance. It has enhanced performance by saving users time from having to log into so many applications, systems, or plug-ins. Now, they can log in using their Entra ID. It has also helped with security by enabling multi-factor authentication, which has cut down on attempted hacks. Entra ID has also made enrollment easier for users.

The valuable features I use daily are enterprise application, conditional access, identity governance, password monitoring, and a password reset.

The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access. It would be more beneficial if Entra ID could be completely passwordless.

I have been using Microsoft Entra ID for six years.

Entra ID is stable. We have never had stability issues.

Entra ID is scalable.

I would rate Microsoft Entra ID a ten out of ten. I enjoy using Entra ID and I see the benefits of using it.

No maintenance is required, except for occasional log reviews.

Azure AD is primarily integrated with all of the Microsoft services, such as Microsoft 365, Office 365, and Dynamics 365/Power Apps. Behind the scenes, we are, in one way or another, using Azure AD for our application security, identity management, and to access purpose services. At times, we need to configure some advanced features to provide access and identity to third-party apps to integrate with Dynamic 365. 

Unfortunately, I don't have any numbers and metrics related to organizational improvement off-hand.

That said, using Azure AD app services, we don't have to care about secure access to our Dynamics 365 data. Azure AD performs the authentication on behalf of our application and that's great. We don't have to implement security on our side to secure access for third-party services or third-party software or applications.

Azure B2C has also helped us in providing secure access to the Power Apps portal, or external content.

The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.  

I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.

The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.

The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.

Honestly speaking, I haven't thought about where areas of improvement might be necessary.

Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues.

In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.

I have been using the advanced feature of Azure AD for the last three years or so.

Currently, Azure AD and most of the Azure services are very, very stable. A couple of years ago, I experienced some difficulty in implementing the solutions, the services of Azure AD. In one instance, I was not able to configure Azure AD for a registration. This was two or three years ago. However, currently, the documentation is very clear and there are no loopholes or anything that could hinder even a simple IT administrator to implement these services.

I am just using the product for integration with Dynamics 365 and Power Apps solutions. Right now, we are integrating with Azure AD in a very simple manner. I'm not sure if we plan to expand usage.

In our company, 100 to 200 people are connecting to PowerApps portals using Azure AD B2C.

There are two or three developers right now who use Azure AD for identity and access management purposes. Managers will not be using Azure AD in that it is not used to configure and trigger solutions using Azure.

We haven't used customer support contact up to this point. Everything that we need is already provided through the documentation. So far, we haven't had any need to contact customer support for Azure AD.

We did not use a different solution before we used Azure AD. We only use Microsoft solutions.

The initial setup was very straightforward. The documentation is very good and the steps are very well documented. I remember three years ago I encountered some undocumented feature or maybe a bug when configuring Azure AD for apps registration. However, lately, this is not the case. Currently, the documentation is very up-to-date and very clear, and almost every time I register the user, the apps in Azure AD, and configuration the Azure B2C have helpful documentation. They probably made some form of an update to the system that fixed any past bugs or issues.

The deployment hardly takes 15 to 30 minutes - and that's for app registration. To complete the whole process on the Azure AD side and on our Dynamics 365 side - including Azure B2C - it took, when I implemented it for the first time, one hour to set up everything. That was the first time. Since then, I've gotten faster and it now hardly takes 30 to 40 minutes to configure Azure B2C.

We are an IT company ourselves. A hundred percent of the time we use our own skills and documentation to implement everything related to Azure AD and Dynamics 365 or anything else.

We have seen an ROI due to the fact that it integrates with other Microsoft services very seamlessly. In that sense, it definitely saves time and cost as opposed to implementing something that we don't know, such as other identity systems. 

I don't know much about the pricing. As far as licensing is concerned, there are two options. There is a set of free services that are offered through a free license and if you have a Microsoft tenant or any Microsoft service such as Dynamics 365 or Power Apps, you have access to a free set of services that Azure AD provides. This includes registration and some other items. 

If you want to use Azure AD's advanced features, they are not provided for free. There are two types of premium licenses that are available for anyone who is a registered licensed user.

We did not evaluate different solutions before we chose Azure AD. This is due to the fact that, in the Microsoft ecosystem, Azure AD fits best in terms of providing access and identity management to all of the other Microsoft online services.

We are a Microsoft partner.

I'm not sure which version of the solution we're using. This is an online service. As I'm a Dynamics 365/Power Apps developer, usually I don't bother to check what version of Azure AD is currently hosting on the online services.

I would advise new users, if they are using Microsoft online services, that Azure AD is the best choice for all identity and access management requirements. This is due to the fact that it is in the same ecosystem. It understands the needs of its own vendors much better compared to any other external identity service.

I'd rate the solution a perfect ten out of ten.

Azure Active Directory is similar to an on-premises access control system, but the service and data are hosted in the Azure cloud. Previously, everyone used to have Windows servers built as domain controllers for Active Directory to store their employee data. This assumed the role of a database for their employees.

With Azure Active Directory, which is in the cloud, you have the same functionality and there isn't much of a difference. The defining point is that you have access to online, cloud-based resources, such as Office 365.

In my company, as well as others, we had already implemented the on-premises Active Directory for our infrastructure. We leverage Azure Active Directory to synchronize the existing on-premises details to the cloud so that it creates an identity in Azure, which allows it to be used for other SaaS-based solutions.

This is the kind of solution that I feel you cannot run an organization without using.

Going forward, I expect that this solution will help to eliminate our on-premises infrastructure. Perhaps in the next few years, many companies will question their need for on-premises infrastructure and implement a purely cloud-based position. It will be a pay-as-you-go service.

Using this solution has affected our end-user experience because it enables and supports the Office 365 products that Azure provides. It is indirectly linked to all of the Office 365 solutions.

This is a feature-rich solution.

It offers features that improve our security posture such as multifactor authentication, which is the second layer of protection that is used when we log into the cloud.

The documentation, and the way that people are notified of updates, are things that can be improved. I'm a big fan of Microsoft products but the way they document is not that great.

I have been using Azure Active Directory for the past four years.

This solution was implemented approximately five years ago, before I joined the company.

We use this product on a daily basis. In fact, it is constantly being used and we don't have any problems with stability.

The scalability is good, and it is one of the reasons that we opted for a cloud solution.

We have more than 60,000 employees in the company and it scales very nicely. If more employees join the company then our usage will increase.

There are a variety of roles including administrators and different users. We have between 200 and 300 administrators.

Technical support from Microsoft is excellent.

We have had multiple issues where technical support has been needed. For example, the other day, we had a problem with synchronization. One of the user licenses was not synchronized properly and when we identified the root cause, it showed that the profile was not linked to the Active Directory Account. That was the main problem.

For us, it's constant improvement. Once a problem has been resolved, we document it accordingly so that it doesn't reoccur. Essentially, we don't want to have the same story again.

We also have Active Directory implemented on-premises, and it synchronizes with our cloud solution. The traditional Active Directory is what we used before this.

I was not responsible for the initial setup but my feeling is that it is not very straightforward. From a technical perspective, I expect that it is somewhat complex.

The deployment took approximately six weeks. We are a large company with more than 60,000 employees and I expect that for a smaller company, with perhaps 100 or 200 employees, it might take a day or two to complete.

One of the senior engineers in my organization was responsible for deployment. We also had assistance from Microsoft consultants. Between five and ten people were required for the deployment because it's a larger company.

There is no maintenance that needs to be done on our part. However, we have between 10 and 15 people who closely work on Azure Active Directory. 

Everyone uses a cloud solution to reduce the on-premises infrastructure cost and maintenance. In the coming years, there will be a lot of returns or a lot of cost-cutting that will happen.

The licensing is good and it is really easy to manage. We make sure that we only enable the licenses that are needed for the users, rather than enabling licenses in a blanket fashion. Basically, we only enable the features that are required for each of the users.

There are no costs in addition to the standard licensing fees.

Microsoft is a vendor that is always one step ahead.

The biggest lesson that I have learned is to read the documentation properly and thoroughly. Microsoft is great, but the documentation is sometimes updated and we aren't notified. This means that anytime you apply any solution, just make sure that you follow the proper guidance and always test before deployment.

I would rate this solution a nine out of ten.

Azure AD is where our primary user data is stored. We get a feed-in from our HCM solution and it creates our users, and then that's where we store all of their authorizations, group memberships, and other relevant details.

We access it through the Azure Portal.

This product has helped improve our security posture because it allows a tie-in into the Microsoft Azure Sentinel product very easily and seamlessly. From a security standpoint, you have the option of conditional access, the option of identity protection, and those types of things. We have incorporated those right into our offering.

Overall, security-wise, this solution has allowed us to be more flexible. When you had just Active Directory and it was an on-premise solution, you had to do a lot of manipulation to get SaaS products working. You had to do a lot of customizing and those types of things. With Azure Active Directory, it's more configuration than it is customization. This allows us to be a lot more flexible, which brings about efficiency, better security, and other benefits.

Azure Active Directory has also improved our end-user experience.

Before, most companies including ours would use a customized username that would have random characters for a user. This is different from Azure Active Directory, which uses what looks like the email address as your username. In fact, it can be set up as a genuine email address. Where it differs is on the back end, where it has a unique ID, but on the front end, it's more readable and it's better understandable.

From my user experience, the sign-on is seamless as you go through and use any of Microsoft products. Everything ties right into it, and then as you set up your different applications that are tied into Azure Active Directory, and get the single sign-on, everything becomes a whole lot easier to connect into. From a user experience, it's improved it drastically.

For provisioning users, you start by registering an application as either an enterprise application or a custom application. You can set up from within Azure Active Directory how it is that users connect to it. Microsoft has done a great job with providing a lot of application templates that help to connect and add it into the cloud. Almost every application that you could think of is there. From that point, you can set up provisioning.

To assist with provisioning, they have great documentation. From an admin perspective, much of the work is done for you. After the applications are connected to Azure Active Directory, you assign users and groups, provisioning users via API calls, which is how it's done on the back end, and it ties in using service accounts. Then, you can create a group that has the appropriate permissions such as write permission, full admin rights, or contributor rights, and then provision users into those groups. The system automatically handles it for you at that point.

This product is easy to use.

The features that we use day in and day out are single sign-on, group capabilities, and provisioning capabilities. All of these are very useful.

This product has features such as Conditional Access that improve our security posture. Conditional access gives access only through a timeframe. We have certain policies that we set up, which could be a certain amount of time or it could be a certain type of access. These are examples of types of conditional access.

Another example of a security feature that helps us is Identity Protection, which will perform the automatic detection and remediation of risks.

We also have the ability to go in and investigate any risks using data within the portal, and it's all automated. It's nice in that sense.

These features have significantly improved our security posture and time for remediation. It would be difficult to estimate a time improvement in terms of a percentage, but being that it's automated and there is a portal that displays the risks in real-time, it's a very significant change. Previously, we had to go through and look at logs and those types of things, which was time-consuming compared to using the portal.

We also use multi-factor authentication, which is very useful because that gives another layer of security protection for our users. You have to have some sort of device that you can use to provide that second factor, and not just your username and password.

The provisioning capability is a two-edged sword because it is very useful, but it also needs some improvement. When you start to deal with legacy applications, provisioning is not as intuitive. Legacy applications, a lot of times, were based on an on-premise Active Directory and you had to use it to provision users or grant access to the product. I don't know of a way to make Azure Active Directory act as an on-premises version to connect to those legacy applications.

The speed and responsiveness of the technical support are things that could use some improvement.

We have been using Azure Active Directory since October of 2018, nearly three years ago.

The stability is not too bad. It's usually other issues that go on within Microsoft Azure. Whenever Microsoft Azure is down, the Azure Active Directory service sometimes can be down intermittently, depending on where things are at.

It is important to remember that it's not always the Azure Active Directory component that is down. Rather, a lot of the time, there is an app that is tied into Azure Active Directory causing the problem. I think we've had one incident in the last year that was tied directly to Azure Active Directory, where it was down from a SaaS perspective.

This solution scales very well. We were able to tie into our previous company and then bring on all of those users in a very quick amount of time. This included making sure that they could all log in and get access. We haven't really had any issues from that standpoint.

In terms of the users, you can add B2B and you can add B2C, as well. Scalability-wise, it's been good for us. We have between 15,000 and 20,000 users, which is fully scaled at the moment.

We have plans to do further B2B, as we work with our retail partners. We have a lot of retail partners, which is how our business model is structured, and that's something that we're planning on adding and moving forward with.

As far as scaling, going up, or going down, our numbers of Azure Active Directory users are pretty much what they're going to be for the next couple of years. That said, our B2B is definitely going to increase over the same period.

We use Covenant Technology Partners as the first level of technical support. Most of our support tickets actually get escalated from them up to the Microsoft product team.

The Microsoft product team's service is hit or miss, which is something that Microsoft can improve on. They are sometimes slower to react than we would like, but for the most part, they do take our tickets and work on them as they can, to try to figure out ways of remediation.

We did not have any solution prior to this; it was simply an on-premises Active Directory. We were spinning up something brand new to move forward. Being managed saves a lot of time and effort. We migrated our users over from the Active Directory that the prior owners had, but they managed it all, we did not.

It was very easy to get set up and running. Basically, you log into the Azure portal, you have your tenant that you're already connected into, you add a domain and then you just go. You add your first user and then you continue from there.

Our deployment started in October of that year, we had our first users within a week, and then we pretty much provisioned all of our users within a month. It was a pretty quick turnaround.

At the time of deployment, we were in the middle of a divestiture. As such, our implementation strategy included spinning up a brand new Active Directory so that we could start to migrate our users over from our previous owners into a new one that we would control. Consequently, we started from scratch.

I know that a lot of companies are not doing that. Rather, many are starting with an Active Directory and then moving into Azure Active Directory, but for us, it was a clean slate. We then started to incorporate methods of synching with our previous owner so that we could get all of the data from them and continue to march towards a separation.

We brought in consultants only because we didn't have the manpower at the time when we got started. I believe there was one other person besides myself, we were both at the director level, and neither of us had been given the time to build out our teams by that point. The third-party consulting company that we brought in assisted us to help us and assist us in getting everything set up and built out.

The company was Covenant Technology Partners and our experience with them was very good. They were able to help us get everything set up and running right away. Overall, it went very smoothly.

With respect to day-to-day maintenance, we have a lot of it automated. We've tied it into ServiceNow and a lot of our user additions, modifications, deletions, and other operations are things that we have automated via ServiceNow workflow.

I do have a team of three engineers under a manager that currently manages it, but they don't spend any more than probably 5% of their time, daily, dealing with it.

It is difficult to estimate our return when we didn't own anything beforehand. There is no real basis for comparison. That said, the automation capabilities cut down manual provisioning, manual adding, removing, deletion, editing, and those types of things, of user fields. I would say those are the big savings, and it's helpful that you can easily do the automation tie-in into Azure Active Directory.

Anytime you are dealing with Microsoft and licensing, it is always interesting. We have various levels of their licensing, which includes users on different levels of their enterprise offering. For example, some are on E3, whereas others are on E5. The differences between them have to do with the various features that we use.

We're a Microsoft Teams company and we use it not only for collaboration and instant messaging, but we also use it as our phone system. We did all of that together, so when we spun up Azure Active Directory, we also spun out Microsoft teams to use as our phones and flipped off of an old PBX system. It's been very useful but the licensing can be complicated when you get into the retail partners and guests. But for the most part, Microsoft has done a good job of explaining the different levels and what we need and has given us the proper licensing.

There are no additional fees for Azure Active Directory.

We did not evaluate other vendors. Our plan was to implement Microsoft Azure as our cloud solution, as well as go forward with Azure Active Directory. That was the plan from the get-go.

I know that Okta was out there, as well as a couple of other options, but that was never really a consideration for us.

The biggest lesson that I have learned from using this product is that because it is a SaaS solution, it's easy to get set up and configured. It doesn't take a lot of overhead to run and quite honestly, the security on it is getting better. Microsoft continues to pump more security features into it.

My advice for anybody who is considering Azure Active Directory is that if you have Microsoft products that you are currently already using, I would definitely recommend it. This is a solution that seamlessly ties into your Office products, and into any Microsoft product, and it's really easy to manage. You can spin it up quickly, implement it, and get going right away. You are able to tie into your on-premise Active Directory as well. At that point, you can start to sync those two to manage all of your users and all of your groups in one place.

Overall, this is a good product and to me it's perfect but at the same time, nothing is perfect.

I would rate this solution a nine out of ten.

I started using Azure in my organization for user management, identity management, and app security.

I am using purely Azure Active Directory, but I've used Azure Active Directory in a hybrid scenario. I sync my user from on-premises Active Directory to cloud. While I have used the solution in both scenarios, I use it mostly for purely ATS cloud situations.

We don't really have breaches anymore. Now, in most cases, we set up a sign-in policy for risky things, like a user signing in via VPN or they can't sign in based on their location. This security aspect is cool.

If a user wants to sign onto the company's account, but turn on their VPN at the same time, they might not be able to sign in because of the Conditional Access policy set up in place for them. This means their location is different from the trusted site and trusted location. Therefore, they would not be able to sign in. While they might not like it, this is for the security of the organization and its products.

The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.

The authentication, the SSO and MFA, are cool. 

It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment. 

The user management and application management are okay.

There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory. 

I have been using Azure AD for three years.

Overall, stability is okay. Although, sometimes with the cloud, we have had downtime. In some instances, Microsoft is trying, when it comes to Azure AD, to mitigate any issues as soon as possible. I give them that. They don't have downtime for a long time.

You can extend it as much as you need. For example, you can create as many users as you want on the cloud if you sync your users from on-premises. Therefore, it is highly scalable.

I used to manage about 1,500 users in the cloud. Also, at times, I have worked with organizations who have up to 25,000 users. When it comes to scalability, it is actually okay. Based on your business requirements, small businesses can use Azure Active Directory with no extra cost as well as an organization with more than 10,000 users.

The support is okay, but it is actually different based on your specific issue because they have different teams. For example, when you have issues with cloud identity management, I think those are being handled by Microsoft 365 support, and if you have an issue with your Azure services, the Azure team handles it. 

I can say the support from Microsoft 365 support is awesome because it is free support. Although the experience is not all that awesome every time, and there is no perfect system, when compared to other supports, I would rate them as 10 (out of 10).

Positive

The initial setup was straightforward. When I set up Azure Active Directory, I just had to create an Office 365 tenant.

Creating an Office 365 tenant automatically creates an Azure Active Directory organization for you. For example, if I create my user in Microsoft 365 automatically, I see them in Azure Active Directory. I just need to go to Azure Active Directory, set up my policies, and whatever I want to do based on the documentation.

A part of the documentation is actually complex. You need to read it multiple times and reference a lot of links before you can grasp how it works and what you need to do.

The very first time, it took me awhile to set up. However, when setting it up the second time, having to create Azure AD without setting up users was less than three minutes.

I work with a client who has a small organization of 50 users worldwide. With Active Directory, they are spending a lot for 50 users for management, the cost of maintenance, etc. The ROI number is too small for the costs that they are spending on the maintenance of an on-premises setup. So, I migrated them to Azure Active Directory, where it is cost-effective compared to an on-premises setup.

For you to make use of some of the security features, you need to upgrade your licenses. If it is possible, could they just make some features free? For instance, for the Condition Access policy, you need to set that up and be on Azure AD P2 licensing. So if they could make it free or reduce the licensing for small businesses, that would be cool, as I believe security is for everyone.

The product is very good. Sometimes, I try to use Google Workspace, but I still prefer Azure to that solution. I prefer the Azure user interface versus the Google Workspace interface.

Draw out a plan. Know what you want and your requirements. Microsoft has most things in place. If you have an existing setup or MFA agreement with Okta and other services, you can still make use of them at the same time while you are using Azure Active Directory. Just know your requirements, then look for any possible way to integrate what you have with your requirements.

Overall, this solution is okay.

I would rate this solution as an eight out of 10.

The primary use case for Microsoft Entra ID is authentication, allowing internal employees and guest users to log into our system.

Microsoft Entra ID has simplified central management, including administration and an overview of all logins and user profiles. It simplifies logins, not only for internal users but also for guests. We don't need to manage a lot of party sign-on. It has dramatically decreased phishing and other hacking attempts. 

It has improved our approach to defending against nation-state attacks and token theft by allowing us to enable MFA and other out-of-the-box capabilities easily. We've also reduced complaints and changed user behavior. It takes them some time to get used to it, but we educate them on how to use the built-in security features.   

The most valuable feature for us is the B2C functionality of Microsoft Entra ID, which is essential due to our need for external and internal users to log into our system.

Currently, Microsoft Entra ID meets our needs. I could not think of any areas for improvement or additional features for the next release.

I have used Entra ID for three to four years.

The stability of Microsoft Entra ID is satisfactory.

Microsoft Entra ID is scalable.

I rate Microsoft support eight out of 10. Internally, we have a feedback system for our customer service. While it may not be perfect, there are noticeably fewer customer complaints.

Positive

We did not use a different solution before Microsoft Entra ID. Since we are deeply embedded in the Microsoft ecosystem, it was the natural choice.

The initial setup was not difficult. 

We did not use an integrator, reseller, or consultant for deployment.

I am confident that we have seen a return on investment, but I have not calculated it. Microsoft Entra ID reduces risks and the need to do things manually.

Microsoft's pricing and licensing are difficult to understand. We engage with Microsoft partners regularly, but Microsoft's frequent rebranding complicates the process for us in the industry.

Microsoft Entra ID was a straightforward choice due to our integration within the Microsoft ecosystem.

I would rate Microsoft Entra ID eight out of 10. We are generally satisfied, although understanding the solution fully can be challenging. Once we have the knowledge, implementation becomes easy, but initially, it can be time-consuming.

We use Azure AD to manage all endpoints, including laptops, desktops, mobile devices, such as iPads and iPhones, and users. We can disable accounts, create accounts, reset passwords, maintain access, and manage permissions.

Azure AD is essential to our organization. Our users need to use their Azure AD credentials to log into their computers every morning, and we also manage user accounts in Azure AD. As a result, we cannot function without Azure AD.

We use Entra's conditional access to restrict access to our system from overseas users. This means that users can only log in from Canada and the United States.

Our zero-trust strategy uses conditional access to verify users and prevent unexpected traffic, such as attacks from Russia. This makes our strategy more robust and secure.

We use Entra's conditional access in conjunction with Microsoft Endpoint Manager to limit user logins from Canada and the USA. We also limit devices that can log into the network to only those located in Canada.

Entra has helped our IT administrators save an hour of time per day.

Entra has helped our organization save money.

We used to use on-premises Active Directory. Now, we use Azure Active Directory. The main difference is that users can now reset their own passwords in Azure AD. This is a positive improvement, as it saves time and hassle for both users and IT staff. I believe that this has had a positive impact on our employee experience.

User and device management is the most valuable feature.

I would like Azure AD to provide features similar to check-in on-prem AD. The fetch-all service is the only one that is not currently available on Azure AD.

The technical support has room for improvement.

I have been using Azure AD for five years.

I give Azure AD's stability an eight out of ten.

I give Azure AD's scalability an eight out of ten.

The basic support from Microsoft is not good.

Negative

We previously used the on-premises Microsoft Active Directory. However, we have since switched to Azure Active Directory, which is a cloud-based solution. Azure AD is more flexible and scalable than on-premises AD, and it allows us to save money on hardware costs. This is because we no longer need to purchase and maintain our own servers. Instead, we can simply use the servers that are provided by Microsoft.

The initial deployment was straightforward and took two months to complete. We switched over to the new system and then set up a number of additional features, such as enterprise applications and multi-factor authentication. This took an additional month, for a total of three months. We followed the instructions from Microsoft step-by-step. The deployment required two full-time employees from our organization and three from our partner.

The implementation was completed with the help of an MSP.

We have seen a significant return on investment since switching to Azure AD. Our monthly costs have decreased from $5,000 to $100.

The price is affordable, and we pay around $100 per month.

Both Okta and Azure AD are great solutions. I know that many people use Okta, but my concern is that we are also using Microsoft products on the endpoint. This means that our users use Windows, and it makes more sense to use a front-end and back-end Microsoft solution.

I give Azure AD a nine out of ten.

Azure AD requires very minimal maintenance.

I recommend Azure AD. The solution is straightforward.

We are a university using Azure AD to authenticate staff, faculty, and students. Our organization completely depends on Azure Active Directory for authentication and identity-related features. All cloud activities and third-party services are validated with Azure Active Directory.

We also have an on-premises Active Directory, and the data is synced periodically to the cloud. Most of the services done on-premises are reflected in the cloud at once. We can also do the same handling features from the cloud to write back to the on-premises AD. This is the architecture.

We are implementing more and more services in the cloud on Azure and AWS, so we need to monitor our data security thoroughly. It's always a concern. Azure Active Directory enables us to easily validate the identity of anyone who connects to a particular server. We need to validate our data properly. For example, we must ensure our research data is going to the right person and place. Microsoft Azure Active Directory provides the easiest way to do that.

The Conditional Access feature lets us restrict access to a group of people on specific servers. We create a group in the Azure Active Directory and put only the necessary members there. For example, we can easily set up conditional access to SSH, Telnet, SSH, HTTPS, or any service with Azure Active Directory. 

We plan to implement Zero Trust in many of our other devices. It is an essential feature because users from multiple countries are accessing our research servers. We can provide a highly secure environment with minimum services without compromising productivity with a Zero Trust strategy.

We have wireless units deployed across the campus and use Microsoft AD services to authenticate all wireless activities. Many of the use cases are covered by wireless. After authentication, some users need to be redirected to the cloud. Their identities can be easily validated and captured with Microsoft AD. It gives us excellent control over our on-premise infrastructure.

Verified ID has helped us with our remote workforce. We provide VPNs to our remote employees so they can connect to our cloud services, authenticate with Azure, and be granted the necessary access. We provide policies for each user basis. Users in each category connect to the VPN, authenticate with their Azure credentials, and securely access all the cloud services.

We give provisioned laptops to our remote employees. With the help of this VPN, they spend less time coming to work in person because they have full-time access from home. So that way, we could reduce most of our official requirements concerning our employees. 

Privacy is a crucial security concern for our organization. With Verified ID, we can ideally authenticate Microsoft services without worrying about compromised identities. We used to have these issues with on-premise Active Directory, but this is less of a problem since we migrated to Azure Active Directory.

Our HR department can easily get a complete report on our users. HR can see specific fields, like designation, school, businesses, etc., if they need it from the Azure AD. They can also get the usage logs. They don't need to store all this manually for each person. They can easily get all the reporting parameters from this.

Azure AD saves us a lot of time. On any given day, it will save around four hours. It also saves us money because we don't need to pay for the resources required to have Active Directory on-premises. If we relied on on-premises Active Directory, it would require data center resources, like air-conditioning, power,  hardware, etc. We save considerable money by deploying it on the cloud. Percentage-wise, I think we could save around 40 percent. 

Azure Active Directory has improved our overall user experience. I would rate it a nine out of ten. Our users are delighted.

Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure handles everything. We haven't experienced any errors or security-related issues in the past four years. Many people use our protection servers from outside, requiring multi-factor authentication. Each authentication is logged precisely.

In addition to the SSO, Azure AD is entirely flexible. We have other Microsoft services running on-premises, so Microsoft Azure AD allows us to sync other Microsoft services completely. This is perfect for us.

Microsoft Entra offers a single pane of glass for managing users and cloud services on multiple platforms. It all requires authentication and validation of user data, so Azure AD helps us to authenticate each user's identity without any security compromises. 

Microsoft has an excellent administration portal that enables us to sync our on-premise Active Directory automatically with the cloud. Any on-premise policy changes are reflected on the cloud. There are various options for each user on the admin portal. You can change user passwords and other attributes or configure a policy for forgotten passwords. A writeback feature can also reflect changes from the cloud to the on-premise environment. If you change the password from the cloud admin center, it gets reflected here.

Microsoft Azure AD Connect has a multi-factor authentication. Multi-factor authentication is a crucial feature, but we only require MFA for specific servers in the cloud. With Microsoft Azure AD Connect, we can specify the users and servers that require multi-factor authentication.

Azure Active Directory integrates well with other third-party applications. Third-party hosted solutions have the option. We can even create applications with Microsoft Azure AD. When users log in to Microsoft Azure AD, their credentials are stored in the application, and we don't need to get them on-premise Active Directory. So, it is an essential feature for us.

Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications.

We have been using Azure Active Directory for four years. 

Microsoft services have a reputation for complete reliability, so we expect the same from Microsoft Azure AD. It doesn't disappoint because most of the on-premise features extend to the cloud. Plus, Microsoft Azure AD has additional features, configuration, and single sign-on capabilities. It's a complete package for this authentication and validation purpose. Most of our users are pretty happy with this product.

Azure AD is completely scalable. We can add unlimited users.

I rate Microsoft's support a ten out of ten. Microsoft technical support is excellent

Positive

Previously, we have used on-premise Active Directory.

Setting up Azure Active Directory was a bit complex. The migration process is somewhat challenging because we don't want to lose any on-premise data. Each user has many parameters and access policies already set. Without even changing the password, we were able to sync all this data to Microsoft Azure AD. It was a complex procedure because Azure AD Connect has to be deployed correctly. We required help from Microsoft's technical support to do this.

Our initial deployment required three system admins and took around one week, but it took around six months to import all our users and get everything working properly. After deployment, Azure AD doesn't require any maintenance because everything happens in the cloud. We don't need to bother with anything.

The return on investment is pretty massive. We save time and money. It helps us even if we opt for a subscription. We save a considerable amount of time with the cloud version because it has various features unavailable in the on-premises Active Directory that save time for the system administrators. We can concentrate resources on hiring other staff instead of system administrators. All the features are within the cloud itself, so it reduces the maintenance costs of an on-premise server. 

Active Directory is bundled with a package of Microsoft services, so it doesn't cost much. I don't know about the individual license of Active Directory. 

I rate Azure Active Directory a ten out of ten. I would prefer Azure AD to have multiple application scenarios requiring a single sign-on facility and complete authentication, validation, and security tracking. 

If they require it in their application, even if it is an on-premise or a host application, I would prefer Microsoft Azure AD because it handles all this simultaneously. No other application covers a complete range of activities in an all-in-one solution.