Microsoft Entra ID Reviews

I use it to manage users and devices in my environment. 

I'm also using it to control access to different services that we have and to manage and register applications. It is used to control access to applications that we use in our company. I do a lot of applications in Azure Active Directory, and then I also have a hybrid configuration in my environment. I'm able to sync my on-premise users in the cloud so they can have the benefit of cloud infrastructure while maintaining access control to provide them access to the services that they need in Azure.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

We have an unlimited number of users that we can register. We can register more than five hundred thousand objects. That is wonderful for us.

We can have an audit and we can easily audit logs. I'm able to know when the user logged in and what program they used. I can track everything. I can see activities and denial of access. 

I can create many users at one time using Excel. When we have a lot of people that join, I can just use Excel to perform the deployment of the platform by creating a user. It makes onboarding easier. 

We can manage access and onboarding by teams. It allows us to maintain privilege identity management.

The Entra admin center is also fabulous. 

The product provides a single pane of glass for managing user access. Everything is there. I can monitor from there. I can create a single sign on from there. I can create MFA (multifactor authentication) directly from the portal. I have more than two thousand devices that I manage and I can do everything centrally. 

The single pane of glass affects the consistency of the security policies we apply. It is easy for me to have access to the panel, and I can have a great view of what is going on in my Active Directory. I have a security score. I have the number of groups, number of applications, and number of devices right in front of me, in one place. This makes it easy for me to monitor it and check everything. 

There are good tutorials available for learning more about the product.

We are using the conditional access feature. We also leverage multi-factor authentication so that we can verify users by phone number, for example. It helps us verify effectively. The conditional access feature works well with Microsoft Endpoint Manager.

We use the verified ID to onboard new employees efficiently. We can now onboard in less than 30 minutes. It's also great for privacy and control.

The employee user experience has been positive. When they submit a ticket, it gets resolved in less than 15 minutes. It's very impressive.

I haven't had any issues with the product.

I've been using the product for three years.

The stability is wonderful. I'd rate it 9.5 out of ten. It's the best.

The scalability is good. It's very scalable. 

I've only reached out to technical support once when I was trying to access our agreement account. They set up a meeting and guided me through how to connect to it. I had a positive experience. 

I have used other cloud technologies like AWS or Google Cloud and they don't have the type of active directory where I can control everything. Azure is very powerful.

Previously, all of our active directory was on a Windows Server on-prem. Managing it was not easy. Finding user accounts, going to log in to the Windows server, going to log in to the active directory, et cetera, that previous process was too long. Now, it's easy. Now, you can log in and you have everything in front of you. 

With the old system, we needed to configure it and we were using Okta and we had a combination of many, many tools to be able to get results. Now, we can assign the role directly from OneClick, and we can also use the PowerShift LiveGuard template and it's easy. 

The product is easy to set up. You can set up an entire organization in one day. 

There is no maintenance needed. Microsoft takes care of everything. We just make sure that we check the synchronization. Even if there is a sync error, we will receive a notification. Usually, it fixes itself and syncs every hour.  

We handled the setup in-house.

We've saved more than 20 hours per week. The product is saving us a lot of time. It cut time spent by 45% to 50%. It's also saved us money as we only pay for what we use.

We pay monthly, and we only pay for what we use.

We are a Microsoft customer. 

I'd advise potential new users to read the documentation and make sure that they know what they are doing before they begin providing access to users. If they don't follow the requirements of their company before creating users, they could have a data breach or provide the wrong access.

You can have a centralized solution that provides secure access. You can manage everything from one portal. Azure makes it easy.

I'd rate the product ten out of ten.

Hybrid Cloud

Microsoft Azure

I use Microsoft Entra ID for managing employee onboarding and privileged identity management inside Entra for security. We also use it as an active directory.

The product's valuable features include privileged identity management, least privilege for Zero Trust, the onboarding process for new employees or role changes, and implementing security on identity authentication and authorization. It provides resources for security, which aids in fast employee onboarding.

In the compliance area, the granulation of access to storage accounts or Kubernetes could be improved.

I have used Entra for about one year or maybe two, and it is recently in production.

Some aspects were complex, such as using Microsoft Entra ID in our products and applications. However, Microsoft has a support line that is part of our SLA, which helps resolve any difficulties.

I would rate the support as ten out of ten. They were available to us and worked with us for a day to resolve issues.

Positive

I used Okta Active Directory previously. I use both Okta and Microsoft Entra ID. The reason for moving to Microsoft Entra ID is that it is better for our client applications instead of using another authentication program.

The initial setup was smooth and involved syncing between active directory and Microsoft Entra ID.

In the first and second phases, I handled the deployment alone. The third phase focused on training tier-two technicians.

The ROI improved noticeably, although I do not have exact numbers.

Microsoft Entra ID is not too expensive, and we received a great offer from Microsoft, upgrading to E5 or P2 at a better price.

I rate Microsoft Entra ID an eight out of ten overall.

Hybrid Cloud

Other

I am the Microsoft solution architect for our organization and we are in the process of testing Microsoft Entra ID. 

Microsoft Entra ID will serve as the identity provider for all services, including on-premises and other sources. For instance, it can be utilized to authenticate our in-house phone application, replacing the need for local active directory authentication. With Microsoft Entra ID, the local active directory becomes unnecessary for authentication purposes. As an illustration, even in services like Gmail, authentication through Microsoft Entra ID is possible. This presents an excellent option that is also user-friendly. 

Moreover, the system is uncomplicated, featuring a lightweight and non-hierarchical schema. In contrast to the conventional active directory with its organizational and sub-organizational structure, Microsoft Entra ID adopts a flat directory model, streamlining operations without hierarchies. While this approach offers advantages, it also comes with its drawbacks, such as its reliance on the cloud platform.

Microsoft Entra ID provides a unified interface where we can manage all of our entities. It utilizes a flat directory structure, allowing us to assign user access and group them using tags. For instance, when we create a user for the sales team, we simply apply a tag such as "sales," automatically adding that specific user to the sales group. This eliminates the need for the manual creation of containers and the manual grouping of users within a specific container. Everything is achieved through tagging, and streamlining the process, and is facilitated by the singular interface offered by Microsoft Entra ID.

We can easily apply security policies through a unified interface. Everything in Microsoft Azure can be utilized for server storage. Although it's within a single interface, there are options for differentiation. For instance, by clicking on the Microsoft Entra ID, we can access a distinct interface. Here, we have the ability to create, apply, and manage policies for various aspects, all from this specific interface.

The admin center helps us identify where there are issues and easily take action.

In Microsoft Azure, there is a tool called Intune, which serves as a device management tool. In the past, we encountered issues while managing all end devices through SSCM. This involved a constraint where any updates or policies could only be pushed if the device was connected to the office network. Essentially, users needed to physically connect their devices to the office network to receive updates or policy changes. However, with the introduction of Intune, a Microsoft Azure product, we transitioned all our devices to this platform. This allows us to create and directly push policies without the necessity of the device being on the corporate network. Users can now receive security updates, as well as different antivirus updates, even while working from home. This streamlined approach greatly simplifies endpoint maintenance, which also extends to mobile devices.

We do not utilize the Microsoft Entra ID conditional access feature for endpoint devices. Instead, we apply conditional access to specific groups. For instance, we have a team that requires access for a defined period. Additionally, certain types of vendors need access ranging from, for instance, two days to a few hours. In such cases, we employ the conditional access feature to grant the necessary access. We have employed this approach, and it has proven to be highly advantageous.

While we don't typically utilize the conditional access feature in combination with Microsoft Endpoint Manager from the user's standpoint, there are certain groups for which we do implement conditional access. For instance, within multiple teams, not all members are granted identical access. Various team levels enjoy distinct levels of access. It is in such scenarios that we employ the conditional access feature.

We have an access group where we define the access that each team will receive. Additionally, we have the Tier One, Tier Two, and Tier Three support teams, for which we have defined privileges based on their respective roles and responsibilities.

Microsoft Entra ID assists in saving several hours for our IT administrators and HR departments daily. This is particularly due to its unified interface. For instance, when we need to review certain logs, we can grant access to the HR team. They can easily retrieve logs detailing specific employee activities. This includes information such as individual browser usage duration and system activation records. These types of logs encompass the range of data generated on a daily basis from this platform.

Microsoft Entra ID has undoubtedly assisted in saving money for our organization. This is because we are not only utilizing the solution itself, but we can also incorporate our application server along with products such as software and solutions, including emails. Microsoft Entra ID is included as part of the package fee, which unequivocally contributes to cost and time savings. This is primarily due to the elimination of the necessity for an additional identity provider, as it is already encompassed within the package.

Our employees' user experience has improved with Microsoft Entra ID compared to the local Active Directory, which was occasionally slow, depending on the availability of our log-on server at the time. If it was unavailable, logging in was significantly slower, and we could get logged out. This is no longer the case, and now we can easily log in. 

The group assessment policy stands out as the most valuable feature. It allows us to create numerous groups and add multiple users to those specific groups. Managing these groups can become quite complex within the standard active directory procedures. For instance, when it comes to tasks like adding or removing users, especially if a user is checked out, it can be unclear whether someone needs to manually remove them from the active directory.

However, there exists an option that streamlines this process. This option automatically sends a notification to the user. We have the ability to define the email user in the designated field. Subsequently, the system will prompt us to confirm if continued access to this specific group is required for a few users. If this is a routine request, the system will retain the user in the group, ensuring their ongoing access. This particular feature proves to be incredibly useful in managing these scenarios.

The group policy structure options continue to change, and the naming conventions remain confusing when we access the cloud. 

The support is a bit slow. This is particularly challenging for the service engineers. For instance, opening a ticket takes a considerable amount of time to pinpoint the underlying issue. While high-severity tickets are resolved quickly, there are instances of lower-severity issues that still impact a specific group of users. Addressing these problems is taking longer than usual.

I would like to have the option if needed to use the hierarchy when setting up groups.

I have been using Microsoft Entra ID for three years.

Microsoft has really good SLAs and I can not remember the last time they went down. I would rate the stability of Microsoft Entra ID nine out of ten.

Scalability is quite simple, and the primary advantage of the cloud solution is its scalability; there isn't much to manage in this regard. Our growth remains unhindered because we don't have to impose limitations on ourselves when embarking on new projects or endeavors. Scalability is inherent, requiring only payment for additional resources if necessary. As there's no hardware involved, both scaling up and scaling down are easily achievable.

The support is slow to respond to and resolve minor issues.

Neutral

We are still using our standard Active Directory locally in our on-premises data center.

The complexity of the initial setup depends on the technique used. While it may seem a bit complicated, with the proper design, it becomes a non-issue. Each module has different procedures. For instance, the Defender module, which is a Microsoft service, serves as a part of the Entra ID, allowing us to block and control websites and provide security antivirus solutions. We have onboarded all our devices to Defender. Thus, the machine doesn't need to be part of Microsoft Entra ID, but migration is still possible.

Currently, we are in the midst of a project to onboard the devices to Microsoft Intune. We are transferring the devices from the local active directory, and this process is ongoing. For each device, specific scripts need to be executed, which can be a bit complex. The complexity often arises due to existing policies and applications. When everything is well-prepared, the onboarding process is smooth. This might be an easy task for a new organization, but for those already using a different solution, the migration process becomes a bit complex. Thorough testing is necessary, especially considering that policies tend to change over time.

This project has been running for more than two years and is still ongoing. The pilot phase alone is estimated to take about one and a half years due to various commitments. Unlike a company like Google, my organization operates differently; it encompasses multiple entities like the United Nations across various locations. Since the user count exceeds five thousand, we're being cautious and gradual in our migration. At present, we have migrated only around a hundred users for testing purposes. The migration of the remaining users is scheduled to occur soon.

The price is good, and we have no complaints.

I would rate Microsoft Entra ID nine out of ten.

Microsoft Entra ID is utilized throughout our entire environment. It serves as a singular identity provider for all aspects of our operations, including servers, applications, endpoints, and even external applications. For instance, we can authenticate third-party applications using Microsoft Entra ID.

The required number of personnel for maintenance depends on the size of the organization and the quantity of Microsoft products in simultaneous use. For instance, if we have Microsoft Entra ID solely for email and SharePoint online teams, and there are around five thousand users. In this scenario, I believe that dedicating approximately three to four individuals to Microsoft maintenance would be reasonable.

I recommend Microsoft Entra ID. Microsoft Entra ID can be utilized for third-party applications like AWS and Google as well. It's user-friendly, allowing us to authenticate the products or applications of our interest, even if they are not located in the same place as our origin; nonetheless, they will function seamlessly.

Hybrid Cloud

Microsoft Azure

I work on it to investigate it. I work at a cybersecurity company, so I focus on how the product behaves, particularly how Microsoft Entra ID behaves with group permissions and such.

We work with Microsoft because we're also a security company, so we scan Microsoft Entra ID and then monitor what happens regarding defending against token theft and nation-state attacks.

We are partners with Microsoft. We don't sell Microsoft products; we sell our own product, but we integrate it with Microsoft.

It's simple to create groups or accounts and to add users. There are several options for dynamic groups.

Microsoft Entra ID influences our zero trust model because we need to make sure that we give the right user permissions.

To improve Microsoft Entra ID, it should be made simpler because there is a lot of stuff to do in the platform, which could be reduced to fewer buttons.

I have been using Microsoft Entra ID for two years.

Microsoft Entra ID is pretty stable.

I don't know about scalability, but I assume it is suitable because it is used for huge organizations.

Customer service and technical support for Microsoft Entra ID are very good because I open many tickets with the support and get straight answers. If I don't get an answer, they update me all the time that they will provide an answer, and they work on that.

Positive

Microsoft Entra ID is pretty easy to deploy. The speed of deploying Microsoft Entra ID depends on the organization and its structure, but building new users is very simple.

There is a return on investment when using this platform, though I am uncertain about the specifics.

I haven't observed any problems or changes in the frequency and nature of identity-related security incidents after using Microsoft Entra ID in my company.

I would rate Microsoft Entra ID a nine out of ten.

I use Microsoft Entra ID to manage and reset user passwords and set their requirements so they can access the environment.

The Entra portal offers a unified interface to oversee user access. Through the Entra portal, I can access my resources. I utilize the quick user and quick group features to assign users to roles according to their permissions, missions, and development tasks. This involves our EBAC and RBAC systems, assigning tools, and linking them to functions required for executing tasks. After completing these assignments, we place these users in groups and grant them access to specific resource environments, aligned with their designated tasks within those environments.

The Entra portal does not affect the consistency of the security policies that we apply.

The administration center for managing identity and accessing tasks within our organization operates according to the established protocols and procedures prior to its implementation. We utilize account provisioning, RBAC, authentication, authorization, password management, security, and incident management. These are all components that we have implemented to facilitate access and development within our environment.

There are certain things that have helped improve our organization. First, security. With Entra ID, we have been able to implement SSO capabilities for our applications and most resources in our environment. This means that we can use a single credential to access all of our resources, which makes it more difficult for hackers to gain access. It also makes it easier for our users to sign in to resources without having to remember multiple passwords. Second, Entra ID allows us to implement multiple authentication factors. This adds an additional layer of security by requiring users to verify their identity in more than one way. For example, they might need to enter their password and then also provide a code from their phone. This makes it much more difficult for unauthorized users to gain access to our systems. Entra ID also makes it possible to define roles and permissions based on each user's needs. This allows us to grant users only the access they need to do their jobs, which helps to protect our data and systems. Finally, Entra ID allows us to implement conditional access controls. This means that we can restrict access to resources based on factors such as the user's location or the device they are using. This helps to protect our data from unauthorized access, even if a user's password is compromised.

Conditional access is a way to make decisions about enforcing security policies. These policies are made up of "if this, then that" statements. For example, if a user wants to access a resource, they might be required to complete a certain action, such as multi-factor authentication. If a user tries to sign in from a risky location, the system will either block them or require them to complete an additional layer of authentication.

The conditional access feature does not compromise the robustness of the zero-trust strategy, which is a good thing. I have configured it in my environment based on primary monitoring. We have certain locations that we do not trust users from. If a user tries to sign in from one of these locations, which the system automatically detects, they will be required to complete an additional layer of authentication. With zero trust, we do not trust anyone by default. Anyone trying to access our environment externally must be verified.

We use conditional access with Endpoint Manager. When configuring conditional access, we consider factors such as the user's location, device, and country. These are the things that we put in place when configuring the policy. We create users, put them in a group, and then decide to apply conditional access to that group. So, this particular group has been configured under conditional access. This means that no matter where they are, what device they use, or what activity they want to perform in the environment, they will be required to meet certain conditions that have been configured in the conditional access policy.

We use Verified ID to onboard remote users. SSO is configured for this purpose so that users do not have to remember multiple IDs, passwords, or usernames. This can be tedious when logging in to multiple applications. Once SSO is configured for our users, we also configure self-service password reset so that they can reset their passwords themselves if they forget them. With SSO, users only need to remember one credential, their Verified ID. When they log in to an application, such as Zoom, they are redirected to the identity trust provider, which is Entra ID. Entra ID requires a sign-in. Once the user enters their Verified ID into Entra ID, they are redirected back to Zoom and are issued an access token, which allows them to access Zoom. In this way, users can automatically access all other applications in the system that they are required to use to carry out their day-to-day tasks in the company.

Verified ID helps protect the privacy and identity data of our users. Data access management is all about the user's identity. The three main components of data access management are identity, authentication, and authorization. Identity access management is about protecting user information and ensuring that they only have access to the resources they need to perform their jobs. Verified ID is an additional layer of security that helps to ensure that users only have access to the right applications and resources. It does this by verifying the user's identity and ensuring that the resources are being accessed by the right person. Verified ID also uses certificates to confirm the trust and security of the system.

Permission management helps with visibility and control over who has access to what resources in the environment. For example, an HR manager should only have access to HR resources. To achieve this, we put users into groups based on their job function, such as the HR department. We then grant permissions to these groups to access the resources they need. This way, no one in the HR department can access resources that are meant for the financial department. Permission management helps to reduce unauthorized access to resources and prevent data breaches. Before we grant access to resources, we perform a role-based access control analysis to determine the permissions that each role needs.

Entra ID has helped us save a lot of time by streamlining our security access process. From time to time we conduct an access review to ensure that only the right people have access to the environment and resources.

Entra ID operates on multiple platforms and devices, which reduces the time spent on manual tasks and increases productivity. Its ability to integrate across our centers worldwide, providing accessibility, has saved us money.

Entra ID has improved the user experience and performance. It has enhanced performance by saving users time from having to log into so many applications, systems, or plug-ins. Now, they can log in using their Entra ID. It has also helped with security by enabling multi-factor authentication, which has cut down on attempted hacks. Entra ID has also made enrollment easier for users.

The valuable features I use daily are enterprise application, conditional access, identity governance, password monitoring, and a password reset.

The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access. It would be more beneficial if Entra ID could be completely passwordless.

I have been using Microsoft Entra ID for six years.

Entra ID is stable. We have never had stability issues.

Entra ID is scalable.

I would rate Microsoft Entra ID a ten out of ten. I enjoy using Entra ID and I see the benefits of using it.

No maintenance is required, except for occasional log reviews.

We are using Microsoft Entra ID every day for SSO authentication for our end users. We sync local active directories with Entra, register applications for SSO, assign licenses with dynamic security groups, and utilize it for enterprise applications.

The solution has improved our application security because we can deploy app registrations on our enterprise applications. We could securely enable MFA access on most of our applications.

Entra ID's ability to sync with the local Active Directory provides redundancy, allowing authentication via cloud features even if the local Active Directory faces issues. The SSO features with app registrations are also crucial, as we use Azure globally, allowing role and permission assignments directly from Entra.

I have used Entra ID for eight to 10 years.

The stability of Microsoft Entra ID is excellent. We haven't experienced any issues.

At the moment, it accommodates all our needs, and we have not encountered any scalability issues.

Previously, we used local Active Directory, specifically an on-premises solution.

The initial setup was straightforward.

I would rate Microsoft Entra ID 10 out of 10. It's a good product that's easy to deploy and manage, with no significant learning curve to adapt to various features.

Hybrid Cloud

Other

The use cases typically include external customer authentication, which we do, and by customers, I mean our hotel partners. There is basic user authentication and the ability to isolate those users based on a particular security environment, whether they are coming from a PCI environment, lab environment, corp environment, etcetera. Each of those has to pass through specific security, so everything that your Active Directory or Windows AD is solving on-premise is essentially the use case, except for the external customer situation which was the one thing that made me look at Entra ID. Unfortunately, the way Entra ID works created a major security issue that I cannot go into regarding guest users for our tenant. We are now trying to fix that.

We tried to stand it up as a PoC, and we went back and forth with Microsoft on it for a few months. We never got to a resolution because there is an architectural design issue with the service itself, and Microsoft is not going to change their service for us. We tried to use it, and then we gave up, killed it, and went back to the original plan, which was to use Okta. Our goal is to eventually completely get out of the Microsoft Identity ecosystem and move over to Okta.

We do not use Entra ID anymore. We have moved away from Entra ID. We could not justify it from a business standpoint. That is the crux of the situation. We now have a solution that can meet all of our business needs.

Microsoft Entra does not provide a single pane of glass for managing user access. It is not fully featured yet. There are some things within that Entra ID administrator portal, but it is not as robust as simply going to Entra ID service and then going to different features that it has to maintain identities. It is not even a single pane of glass if you look at how Microsoft does identity between Entra ID, Azure Resource Manager, and M365 itself. I know that they are trying to fix the situation between Entra ID and M365, but the subscription-level identity access controls need to be moved out of the subscription level and need to be globally managed from the identity provider. I am sure there was a design choice for that, but it just does not work when you are a company of our scale because we just cannot keep managing individual resources, so we would like to centralize the identity system.

I used Microsoft Entra Permission Management in a very specific scenario but because we are a hybrid environment, we often found ourselves fighting with cloud groups. We moved a lot of security groups into Entra from our Windows AD environment. We have a lot of stuff that has been built upon that for the past 20 years. Not being able to have Windows Active Directory security groups that are synced to Entra ID to control access to resources was a big pain for us. We would have had to create a cloud group and then add all the members of those on-prem security groups to it, so we did not even bother with it. When you have a company of our age and our size and you have nested security groups, there is a lot of linkage there, and it is not attainable. 

It is great for mom-and-pop shops or small businesses that are truly coming into the enterprise ecosystem and that have not come from a legacy environment. Current statistics show that 99% of the world that was in an Active Directory authentication environment is still in the Active Directory or Windows AD authentication environment and just supplementing Okta, so we are not doing anything new. A previous Microsoft employee that I talked to said that in the last decade, there has literally been only one customer to get fully off their hybrid environment and go fully into Entra, and it took them over ten years. Therefore, Microsoft needs to focus more on Entra and fix not only the design flaws but also address a lot of the customers' needs. It has a lot of potential specifically around taking business from IIQ for some of those UAR workflows, identity workflows, etcetera. Their biggest competitor is Okta, and Okta is currently the better solution.

We have been trying not to use the solution. It is used for a specific use case, which is around authenticating M365, and we are trying to see if we can get out of using it, but that is only because our environment is extremely complicated. Entra ID is not battle-tested or stable enough to support a business of our size. There are some design issues specifically around support for legacy services. We used to be part of Microsoft, so we have about 15-year-old services sitting in our data center that still need to use legacy LDAP authentication. The way we currently have the environment set up is for one very specific domain. I am using a domain for specific context here to keep it simple. We have 36 Active Directory domains, and that does not include the child. We follow the least privileged access model. Our environment currently consists of using AD Connect to synchronize objects from our corporate tenant into Entra ID, and then from Entra ID, we wanted to stand up Azure domain services as a possibility for retiring legacy LDAP services. The issue with Entra ID specifically is that the way it replicates objects out of its database into the Azure domain services Active Directory tenant or Active Directory service is that it uses the display name. This is a bad practice, and it has been known as a bad practice even by Microsoft over the past decade, so the design is not good. The issue with replicating based on the display name is that when you are coming from an environment that uses a least privilege access model, where you want to obfuscate the type of security account being used by hiding it behind a generic display name, instead of myusername_da, myusername_ao, etcetera, to have an idea of what accounts are being used when they are logging in, it is unable to reconcile that object when it creates a new domain. If they all have the same DM, you end up with quadruplicates of each user identity that was replicated to it from the directory. Those quadruplicates or their same account names, as well as the display names within the cloud domain services directory, have a unique identifier with the original account name attached. What that does is that it not only breaks that LDAP legacy authentication, but it also drives up the cost for your customers because you are paying for each additional seat, additional user objects that are created, or additional users. You also cannot tell any of those accounts apart unless you dive deep into the user object to peel back what type of account that is to map it back to what came from on-prem itself, so the service is completely useless. What we have done in our case is that we do not really need Entra ID. We have Okta, so we use an Okta LDAP endpoint. That does exactly what we need in using SCIM, which is the technology that is able to take identities from multiple dynamic providers and merge them together into a single record. It is able to act as an official LDAP endpoint for the business, so legacy apps work. We do not have a problem. Microsoft could learn from that.

Entra should allow for external MFA providers rather than forcing you into a walled garden and the Microsoft ecosystem. Flexibility is a big thing, especially for companies of our size. A big issue for us is that we want the identity to be in Entra for sure, but we want it to come from Okta. We want the authentication and stuff to work, but we want Okta to control the PIM rules. We want it to do the MFA and all those things, but Entra does not play nice with others. Okta has engineered some ways to get it done, but it is not as full-featured as we would like it to be. Microsoft should do what they do with some other partners such as Nerdio and Jamf where they have their own version of a service, but they are still partnering with those other companies to at least add options on the market.

Fully customizable UARs and Azure Secure Identity Workflows would be great. Currently, you can do it if you cobble together a bunch of Azure functions and use Sentinel. If you are sending logs to Sentinel and are able to match patterns and run automation based on that, it would be great. They can help with a solution that abstracts away a lot of that complexity across multiple services into exactly what IIQ does. I could definitely foresee Entra being the choice for identity for pretty much all cloud providers if they can focus on the areas that SailPoint's IIQ does. A big pain point for a business of our size by being in Okta is that we do not have the same workflows that we have between IIQ and AD. With the amount of data that our company generates, we wanted Sentinel. I had their security department onboard, and it was going to be millions a month just to use Sentinel, but we could not use it, so we decided to leverage Splunk and a few other SIEM providers. 

They should also stop changing the name of the product.

We used it for a few months.

Microsoft's support has been so bad when we have had issues in Azure that we recently poured 24 million dollars out of our spend for Azure, cut our unified support agreement with them, and sent it to somebody else. I would rate their support a zero out of ten. It is so bad. We probably never had a support engineer solve our problem. Usually, I or somebody else in the company has to reverse engineer service to try and find the solution. The things that we find are not even documented on the Microsoft site. The second way is to pull the information from the blog of some old guy who found the same issue and ended up solving it. 

People on the support side at Microsoft just read from a runbook and then send us to another part of the world where they ask us the same question, read from a runbook, and then we repeat ourselves, so we sent all that support to Insight. They were happy, and they were way cheaper. It only cost us less than four million. It was significantly cheaper. Our leadership is like, "Wow! IT actually saved us money this year."

Negative

We were using Active Directory, and we will never get off AD. There is too much legacy stuff for us to even bother getting off AD. It is a very mature product. It would be crazy for us to leave Windows Active Directory for something else, even Okta. There are core things that we need to function a certain way, so Entra ID just does not make sense. Entra sometimes even has access issues and replication delays with identity and adding objects to a new access control list within its platform or service.

We are not a typical company. We used to be part of Microsoft, so a lot of things that we inherited were very complex, and we also do things differently. For the old NT systems and SMB shares, we are still using Active Directory groups, and they work just fine. We have automation built around membership. We control the membership of those groups, the auditing of those groups, and everything else, so it does not make sense. It would be too much work to move us over to Entra ID.

I was involved in its deployment. It was complex, but that was not Microsoft's fault. That was our fault because we have a very complicated environment.

We have a hybrid environment. We were in IBM, but we pulled back. We have Oracle's cloud platform, and we have AWS as well as Azure, but 99% of our cloud workloads are all in AWS.

When we initially started, Microsoft was not there. The initial implementation strategy was to synchronize the Windows Active Directory corporate domain to Entra ID. That way, we had the identities and we could use the same AD connector to synchronize the AD distribution lists. The other side was the mailbox. 

We did not take the help of any integrator. It does not require much. You stand up your servers. You have a staging host with its own database, and then a sync host with its own database. You then hook them up and make sure you have all the permissions in your previous tenant.

Microsoft puts MSOL accounts in some default directory. You should be able to tell the agent to put the MSOL accounts in a more secure OU. For instance, the original recommendation, which has changed recently, when we set up the service was to use an enterprise admin to set up the agent, which generates a bunch of MSOL accounts. Those MSOL accounts ended up in our all users' organizations. When you have a company of our size, that is not the only MSOL account that exists in the directory, and it is really hard to tell those apart, so we have to look through the logs, see which MSOL account it is using, and move it into the proper OU for the on-prem domain. It would be nice if you could determine where that goes at the time of creation.

We were able to reclaim the money that we did not spend with Microsoft and spend it elsewhere. It is technically an ROI, an investment of our time in negotiating other deals.

Microsoft is so expensive. You know it is expensive when a Fortune 100 company like ours is complaining about the cost. That has been a big thing for me. When I really want to use an Azure service, it is very hard for me to justify the cost, especially with Microsoft support. 

To those evaluating Entra ID, I would say that if you are on Windows Active Directory, just stay on it.

I would rate it a five out of ten. It is not ready yet. It needs focus by Microsoft.

I use Microsoft Entra ID in my company for provisioning and deprovisioning identities and access.

In the organization where I work, Microsoft Entra ID helps automate the process of creating accounts and purging multiple accounts when they are no longer needed.

The most valuable components of the solution are provisioning and deprovisioning since both features work.

My organization is less familiar with some of the new tools in the market, so I don't know whether I can speak about what needs improvement in Microsoft Entra ID presently.

I have to absorb whatever I have learned about Microsoft Entra ID. I don't know if I can say what additional features need to be introduced in the product, but I can say that the product looks promising based on what I have learned about Microsoft Entra ID.

Attempts to simplify hooks to perform access management are not always easy, but in my organization, we might be able to make some progress in the future.

Microsoft's technical support has shortcomings where improvements are required.

I have been using Microsoft Entra ID since 2005. My organization plans to enter into a partnership with Microsoft, but presently, we are just a customer.

Microsoft Entra Verified ID is a very stable solution.

I have not had any issues with Microsoft Entra Verified ID's scalability feature.

There are 1,50,000 end users of the solution in my organization.

I rate the technical support a seven out of ten.

Neutral

My company has been using Microsoft Entra ID since the release of its earliest version, which was in the mid-2000s.

I was involved in the original deployment or initial setup of Microsoft Entra ID in my organization, and we found it to be a complex process. In the past, my organization was involved in the migration process from a custom Oracle-based solution to Microsoft Entra ID. Microsoft Entra ID was a product that was a new acquisition for Microsoft at the time, in which some custom development work by our company's team was required.

The product is used for our enterprise, an academic medical center with many different hospitals, owing to which the tool is deployed centrally.

The solution is deployed on hybrid cloud services offered by Microsoft Azure Cloud.

The product's deployment phase was carried out with the help of my organization's in-house personnel.

My company has not used many of the new features available with the product's new prices, so I cannot speak if I have seen an ROI from the use of the product in my organization.

I have seen an ROI from the use of the solution if I consider its past usage in our organization since we were able to eliminate work that a lot of people had to do manually, like the creation or deletion of identities.

I work for an academic medical center, where there is a watch kept over every dollar spent. I do have concerns about the micro charges for different levels or features of the product.

My company did consider a product from IBM against Microsoft Entra ID during the evaluation phase. My company chose Microsoft Entra ID since we were involved with Microsoft Active Directory Domain Services. Microsoft Active Directory Domain Services was a nicely tied product with Microsoft Entra ID.

Microsoft Entra ID provides almost a single pane of glass for managing user access, but not in my organization's environment because we have a little bit of custom work to do at our end. It looks like my organization might be able to see how the solution provides a single pane of glass for managing user access in the future.

A single pane of glass affects the consistency of the security policies, as it helps reduce a lot of confusion for the IT professionals who need to work with Microsoft Entra ID. It is very confusing when IT professionals have to bounce to different URLs to find access to tools needed to do their jobs, which was an issue for me, but it looks like there have been some improvements.

I don't use Microsoft Entra Verified ID.

I do use Microsoft Entra Permissions Management, but probably not the way it is designed to be used.

The solution has helped my organization's IT admins and the HR department save a lot of time.

The solution has helped my organization save money, but I cannot quantify it.

I ardently carry out processes where I build out and test a solution and then run a proof of concept before moving to a particular product. I suggest that others who plan to use Microsoft Entra ID consider the aforementioned aspects.

I rate the overall product a nine out of ten.

Hybrid Cloud

Microsoft Azure