Coming October 25: PeerSpot Awards will be announced! Learn more
2019-09-04T14:48:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 94

What needs improvement with Azure Active Directory?

Please share with the community what you think needs improvement with Azure Active Directory.

What are its weaknesses? What would you like to see changed in a future version?

62
PeerSpot user
62 Answers
Srini Sigakolli - PeerSpot reviewer
Solutions Architect at a financial services firm with 10,001+ employees
Real User
Top 20
2022-08-21T07:22:00Z
21 August 22

Compared to what we can do on-prem, Azure AD lacks a feature for multiple hierarchical groups. For example, Group A is part of group B. Group B is part of group C. Then, if I put someone into group A, which is part of already B, they get access to any system that group B has access to, and that provisioning is automatically there. Geo-filtering is not that strong in Azure AD, where we need it to identify and filter out if a request is coming unexpectedly from a different country.

RS
Senior Technical Architect at MindTree
Real User
2022-08-17T07:06:00Z
17 August 22

One area where it can improve is connectivity with other systems. Not all systems are connected and you have to do coding to establish a point of connectivity. It supports certain vendors and it supports certain protocols. It is limited in many other aspects at the attribute level. Also, some of the provisioning filters are not capable enough. You cannot do a date filter on the provisioning. Perhaps they could also have easy protocols to create the accounts. Instead of just a file upload, they should have an easy connector to do the provisioning part.

Jeff Woltz - PeerSpot reviewer
Principal at a computer software company with 51-200 employees
Real User
Top 20
2022-07-27T06:26:00Z
27 July 22

I would like to see a better delegation of access. For instance, we want to allow different groups within the company to manage different elements of Azure AD, but I need more granularity in delegating access.

Anteneh Asnake - PeerSpot reviewer
Modern Data Center and Cloud Engineer II at IE Network Solutions PLC
MSP
Top 5Leaderboard
2022-05-06T07:11:59Z
06 May 22

We would like to see more system updates. They should happen more frequently.

JB
User at Aura Advanced Tech
Real User
Top 5
2022-05-04T20:11:51Z
04 May 22

Many people believe that the Azure Active Directory is overly complicated and antiquated. Active Directory Windows hasn't evolved that much in over 20 years. Azure Active Directory, has a few nuanced elements. It's fairly straightforward.

Michael Collins - PeerSpot reviewer
Head of Technology Service Operations at Macmillan Cancer Support
Real User
Top 20
2022-04-28T12:55:00Z
28 April 22

The ability to manage and authenticate against on-premises solutions would be beneficial.

Learn what your peers think about Azure Active Directory (Azure AD). Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
634,590 professionals have used our research since 2012.
LB
IT Functional Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
Top 5
2022-04-05T09:57:54Z
05 April 22

Azure Active Directory could improve the two-factor authentication.

HakanCengiz - PeerSpot reviewer
IT Security Manager at a construction company with 1,001-5,000 employees
Real User
Top 20
2022-03-16T13:17:40Z
16 March 22

Its price should be improved. It is very expensive for Turkish people.

TM
Cloud Architect
Real User
Top 20
2022-03-02T12:15:00Z
02 March 22

If your organization requires additional security then the subscription will be more expensive.

HR
Cyberecurity and Compliance Specialist at ABB
Real User
Top 5
2022-02-16T17:43:31Z
16 February 22

I would not recommend any changes or improvements right now, in terms of the organization. I think something that is key would be the group policies replication over the cloud, in order to prevent or to avoid relying on the on-premise Active Directory servers and to manage group policies.

DA
Infrastructure Manager at a consumer goods company with 51-200 employees
Real User
2022-02-15T15:50:26Z
15 February 22

The licensing model makes it difficult to understand the real cost of the solution, especially because it changes all the time.

SK
Manager, Technology Delivery at a educational organization with 11-50 employees
Real User
Top 10
2022-02-14T21:20:27Z
14 February 22

Azure Active Directory could be made easier to use. We have large amounts of data and storage. We are looking for video files and media content for applications, we will think about options, such as cloud storage or a CDN.

MZ
Info Security Manager at a tech services company with 501-1,000 employees
MSP
Top 20
2022-01-17T06:15:46Z
17 January 22

Reading documentation could be simplified. Technical support could also be faster.

NR
Sr.Piping Engineer Construction at a energy/utilities company with 10,001+ employees
Real User
Top 20
2022-01-12T16:28:51Z
12 January 22

The on-premises AD comes with a lot of options and group policies. With the group policies, we are using screen saver a lot, and it is messing up Azure AD and isn't working effectively. We are also using MDM technology through Azure. For Android the MDM technology is okay, but it doesn't work properly on iPhones. When we do a screen share and screenshots, it doesn't work on the iPhone. For Android, it will only work for Outlook, which is provided in the company portal. I would like to see the group policies on the same platform on cloud.

TB
Executive Director at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2022-01-02T20:54:00Z
02 January 22

The downside is that we now have all our eggs in one basket with Microsoft. We have this great authentication and single sign-on, but if Microsoft has an outage in North America or globally, on Outlook or Teams, we're dead in the water. There is no drop-back-and-punt. There is no "Plan B." The bottom line is that if their services go down, our productivity goes with it. Working with them when we have outages can be very frustrating. We get some type of hiccup once a quarter. We get service notifications from them all the time that the services are under investigation or that there is some type of issue. More than the headache of not completely understanding the severity, we have to make sure that we communicate with our end-users. We get to the point where we're potentially "crying wolf." We're telling them there's a problem but some people don't have the problem. Then they get to the point where they just ignore our communication. Outages can last hours, but never more than a day. They can be regional outages where one area is affected and other areas aren't. The advantage is that it could be evening or night in the area that is down, so it's less impactful.

AR
Systems Manager at a financial services firm with 10,001+ employees
Real User
Top 20
2021-12-24T15:35:00Z
24 December 21

Azure Active Directory currently supports Linux machines. However, the problem is that you get either full or minimal access. It would be very nice if we could have some granular authorization modules in Azure Active Directory, then we could join it to the Linux machine and get elevated access as required. Right now, it is either full or nothing. I would like that to be improved. We have the ability to join Windows VMs to Azure. It would be nice if we could have some user logs, statistics, and monitoring with Azure Active Directory. When we subscribe to MFA, the users get MFA tokens. However, it is not a straightforward process to embed any of the OTP providers. It would be good if Microsoft started embedding other third-party OTP solutions. That would be a huge enhancement.

TB
Lead Global Cloud Architect at Aptiv PLC
Real User
Top 20
2021-12-23T22:30:00Z
23 December 21

I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up. Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to. Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.

Ajay Kuamr - PeerSpot reviewer
Network and Computer Systems Administrator at bahwan
Real User
Top 10
2021-12-08T13:29:44Z
08 December 21

Active Directory could always be more secure. Right now, we've got two-factor authentications. All services based on Active Directory have a username and password. If somebody hacked our username, they could easily get all the data from our side. So I want two-factor authentication and a stronger password policy from Active Directory. The domain controllers should be more secure as well.

Saurabh Shelke - PeerSpot reviewer
Technical Specialist
MSP
Top 20
2021-12-07T16:21:00Z
07 December 21

The solution has not saved costs. While we’ve eliminated some tools, there are some other features that we are dependent on as admin, which is not yet integrated with Azure AD. Other features have a broader scope and are covered under Azure. If, for example, I want to create a workflow, that cannot be done in Azure AD. That is something that is done in the Azure function or Azure logic app. Parts have to be covered in other functions. Longer-term, there are some features which might be added, such as admin features similar to Google admin. If I'm an employee and I'm exiting the company, for example, I need to transfer that data from myself to my manager. For that, maybe they could include a feature where they can transfer the data from the user directly and we don't have to rely on any admins.

MB
Systems and Networks Engineer at a insurance company with 1,001-5,000 employees
Real User
Top 5
2021-11-05T16:39:00Z
05 November 21

I can't speak to many aspects of the solution that need improvement. The dashboard and interface could be better. It would be ideal if it was easier to use.

MS
manager at a retailer with 10,001+ employees
Real User
Top 5Leaderboard
2021-11-04T14:41:00Z
04 November 21

The solution has certain limitations. For example, it has very little governance functionality. This is, of course, a choice made by Microsoft to see which areas they want to have deep functionality, and which areas they believe are more profitable for them.

PV
Microsoft Azure Engineer at Kyndryl
Consultant
Top 20
2021-11-01T19:58:00Z
01 November 21

The security needs to be improved. For example, in terms of changing from one version to the latest, meaning going from 2008 to 2012, or 2016 to 2019, you need to get rid of all the operating systems and they need to ensure the security is upgraded and improved. They need to bring BitLocker into the VMs and the servers. LAPS could also be improved. LAPS are used to rotate passwords on a server. That can be improved upon to increase security levels. Protocols SSL 2.0 and SSL 3.0 need to be removed and they should change my TLS 1.2 for every application.

AD
Advisor at a tech services company with 201-500 employees
Real User
2021-10-21T20:03:00Z
21 October 21

Azure Active Directory could benefit by adding the capability for identity life cycle for the on-premise solution. For example, an HR solution, which is built on-premise or, in general, better on-premise capable solutions.

Flavio Neves - PeerSpot reviewer
Azure Cloud Architect at a manufacturing company with 10,001+ employees
Real User
2021-10-20T22:21:00Z
20 October 21

One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD.

Adewale Oluwaseyi - PeerSpot reviewer
Technical Lead at Freelance Consultant
Real User
Top 10
2021-10-20T11:50:00Z
20 October 21

From my personal experience, I'd say that the features need to be more visible to make the product easier to explore for new users. They need to make it possible for someone with very little knowledge to come in and find things. The product needs to be more user-friendly. The solution needs to update documentation much more regularly. They need to just come out and update the documentation to reflect new features and make sure the updates are included in the already existing documentation so that someone like me can just pick up the documentation, read it, and know that it is very up-to-date listed and has all the new features contained within it.

John Gbigbi-Jackson - PeerSpot reviewer
Cloud Systems Administrator (Servers and Storage) at University of Bath
Real User
Top 20
2021-10-14T00:15:00Z
14 October 21

I would like to see improvements made when it comes to viewing audit logs, sign-in logs, and resource tags.

PB
Powershell IT Admin Cert at Infosys
Real User
Top 5
2021-10-12T18:12:00Z
12 October 21

It doesn't function the same way as Active Directory inside of a physical infrastructure. Even VMware Active Directory doesn't function the same way in the cloud. Cloud is all flat. That's one of the disadvantages. You can authenticate through Active Directory through Federated Services, but it's mainly like an IIS web frontend and bulk storage. It's all record based.

Ozgur Kolukisa - PeerSpot reviewer
Infrastructure and Cloud Principle Specialist at a tech services company with 1,001-5,000 employees
Real User
2021-10-12T12:09:00Z
12 October 21

Some of the features related to authentication could be made clearer. In my last organization, I tried to integrate a third-party education solution with Azure AD, but it was a bit difficult to configure. I would like it to be easier to integrate third-party applications.

Khadim Ali - PeerSpot reviewer
Dynamics 365 CRM / Power Apps Developer at Get Dynamics
Real User
Top 20
2021-10-11T18:54:00Z
11 October 21

Honestly speaking, I haven't thought about where areas of improvement might be necessary. Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues. In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.

KO
Senior Support Engineer at a tech services company with 1,001-5,000 employees
Real User
2021-10-11T11:38:00Z
11 October 21

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version. I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

AG
Solutions Owner at a manufacturing company with 10,001+ employees
Real User
2021-10-05T12:56:00Z
05 October 21

A lot of aspects can be improved and Microsoft is constantly improving it. If I compare Azure AD today with what it was like five years ago, or even three years ago, a lot of areas have been improved, and from different angles. There have been improvements that offer more security and there have been some improvements in the efficiency domain. Azure AD is not a small product. It's not, say, Acrobat Reader, where I could say, "Okay, if these two features are added, it will be a perfect product." Azure is a vast platform. But if we look at multi-factor authentication, can it be improved? Yes. Perhaps it could cope with the newest authentication protocols or offer new methods for second or third factors. I'm also willing to go towards passwordless authentication. I don't want anyone to have passwords. I want them to authenticate using other methods, like maybe biometrics via your fingerprint or your face or a gesture. These things, together with the smart card you have, could mean no more passwords. The trends are moving in that direction. When it comes to identity governance, the governance features in Azure AD are very focused on Microsoft products. I would like to see those governance and life cycle management features offered for non-Microsoft products connected to Azure AD. Currently, those aspects are not covered. Microsoft has started to introduce Identity Governance tools in Azure AD, and I know they are improving on them. For me, this is one of the interesting areas to explore further—and I'm looking to see what more Microsoft offers. Once they improve these areas, organizations will start to utilize Microsoft more because, in that domain, Microsoft is a bit behind. Right now, we need third-party tools to complete the circle. In addition, sometimes meeting the principle of least privilege is not easy because the roles are not very granular. That means that if you are an administrator you need to do small things connected to resetting passwords and updating certain attributes. Sometimes I have to grant access for the purposes of user management, but it includes more access than they need. Role granularity is something that can be improved, and they are improving it. Again, if I compare Azure AD today to what it was like three years ago, there have been a lot of improvements in all these domains. But we could also pick any of these specific feature domains in Azure AD and have in-depth discussions about what could be improved, and how.

YawKusiappiah - PeerSpot reviewer
Sr Systems Engineer at a tech services company with 10,001+ employees
Real User
2021-10-04T19:32:00Z
04 October 21

In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS. The services are very clear, but the user admin interface needs to be better. That's all.

Minghao Li - PeerSpot reviewer
Technical Manager at a non-profit with 201-500 employees
Real User
2021-09-30T23:09:00Z
30 September 21

There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail. More documentation on some complete scenarios, such as best practices to integrate forests into Azure AD when a customer has several on-premises forests, would be helpful.

Nazim Kabiri - PeerSpot reviewer
IT Manager at EPC Power Corp.
Real User
Top 20
2021-08-23T20:42:00Z
23 August 21

We had some issues with the migration of users from the local user accounts to Azure AD. It was more like a local issue and had nothing to do with the Azure AD itself. It works fine for SSO, the Single Sign On. We were not able to do the integration very easily with ADP, so that was a challenge, but later on it was resolved. We had to do a lot of things to have that on the configuration. Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be, the integration was not very seamless. Additionally, it would be great if they added support for more applications in terms of integration for SSO. That's the only thing that I find missing for Azure AD.

SunilKumar12 - PeerSpot reviewer
Sr Engineer IT at Hical Technologies Pvt Ltd
Real User
Top 10
2021-08-16T12:53:00Z
16 August 21

There are some difficulties in the hybrid version, things to do with firewall security, inside the organization. They need to work on that more. In addition, everything should be in one package. There are so many different packages. They need to provide guidance because there are so many features and we don't know how to implement them in our organization. I'm also expecting a Windows 365 virtual desktop. I would be interested in that feature.

MS
Senior DevOps engineer at a tech vendor with 51-200 employees
Real User
Top 20
2021-07-15T17:40:00Z
15 July 21

Generally, everything works pretty well, but sometimes, Azure Active Directory has outages on the Microsoft side of things. These outages really have a very big impact on the users, applications, and everything else because they are closely tied to the Azure AD ecosystem. So, whenever there is an outage, it is really difficult because all things start failing. This happens very rarely, but when it happens, there is a big impact.

Joseph Chandrasekaram - PeerSpot reviewer
Identity Engineer at a pharma/biotech company with 10,001+ employees
Real User
Top 5Leaderboard
2021-06-15T21:20:14Z
15 June 21

The management interface has some areas that need improvement. It doesn't give you an overview similar to a dashboard view for Azure Active Directory. The view can be complicated. There are many different tabs and you have to drill down into each individual area to find additional information. There are too many features available, more than we can use.

Suryakant-Kale - PeerSpot reviewer
Chief Technology Officer at a healthcare company with 5,001-10,000 employees
Real User
Top 20
2021-06-01T12:07:00Z
01 June 21

The biggest thing is if they could integrate with their IPS/IDS processes as well as have integration with another app, like a third-party application. Varonis was another solution that my customers are trying to integrate with ADFS. For some reason, they were seeing some difficulties with the integration. There is a case open with Microsoft on this particular thing. The only issue is the OU is not properly synced. Therefore, you have to do a manual sync sometimes or you might lose the connector due to AD Connect or sync servers.

Chandra Guddati - PeerSpot reviewer
IT specialist at BMO Financial Group
Real User
Top 20
2021-05-30T16:11:00Z
30 May 21

The documentation, and the way that people are notified of updates, are things that can be improved. I'm a big fan of Microsoft products but the way they document is not that great.

David Grain - PeerSpot reviewer
Founder, CEO at a computer software company with 11-50 employees
Real User
Top 20
2021-05-30T16:11:00Z
30 May 21

The conditional access rules are a little limiting. There's greater scope for the variety of rules and conditions you could put in that rules around a more factual authentication for other users. If you have an Azure AD setup, you can then connect to other people's Azure AD, but you don't have a huge amount of control in terms of what you can do. Greater control over guest users and guest access would be better. It's pretty good as it is but that could be improved.

Jonathan Stewart - PeerSpot reviewer
Director, Infrastructure at a retailer with 10,001+ employees
Real User
Top 10
2021-05-11T07:57:00Z
11 May 21

The provisioning capability is a two-edged sword because it is very useful, but it also needs some improvement. When you start to deal with legacy applications, provisioning is not as intuitive. Legacy applications, a lot of times, were based on an on-premise Active Directory and you had to use it to provision users or grant access to the product. I don't know of a way to make Azure Active Directory act as an on-premises version to connect to those legacy applications. The speed and responsiveness of the technical support are things that could use some improvement.

VK
IT Consultant at a tech services company with 1-10 employees
Consultant
Top 20
2021-05-11T06:54:00Z
11 May 21

The problem with this product is that we have limited control, and can't even see where it is running. If Microsoft can give us a way to see where this product is running, from a backend perspective, then it would be great. I would like to see Microsoft continue to add new features gradually, over time, so that we can introduce them to our customers.

GR
Cloud Admin at a tech services company with 10,001+ employees
Real User
2021-05-11T06:54:00Z
11 May 21

Better deployment management and visibility functionality would be helpful. There is a lot of room for improvement in our infrastructure, and in particular, when we create something, we have to visit a lot of websites. This makes life more difficult for us. When we deploy new infrastructure, it begins with a lengthy approval process. For example, as an administrator, I may receive an infrastructure request from one of our developers. The developer might need access to our front-end, where all of the servers are deployed. The problem is that we don't know exactly what has been deployed within our servers, so better visibility would be helpful. It's a closed infrastructure, and every developer gets an individualized container. We don't know exactly which features have been provided to them and it's a roundabout process to log back into Active Directory and see exactly what permissions have been assigned. It requires returning to a specific feature and looking at the specific user.

MU
IT Senior Consultant and trainer at a tech vendor with 51-200 employees
Real User
Top 5
2021-04-27T09:42:00Z
27 April 21

The synchronization process for on-premises and Sentinel Azure AD could be easier. The support for identification to the application environment could be improved, e.g., Active Directory Federation Services should be implemented in other applications. They need something like software development kits (SDKs) for integration with our own applications, which is not so easy to implement. We would also like synchronization of identities between identities in applications like Azure.

DM
Product Manager/Architect at a consumer goods company with 5,001-10,000 employees
Real User
Top 20
2021-04-05T22:12:00Z
05 April 21

The thing that is a bit annoying is the inability to nest groups. Because we run an Azure hybrid model, we have nested groups on-premise which does not translate well. So, we have written some scripts to kind of work around that. This is a feature request that we have put in previously to be able to use a group that is nested in Active Directory on-premise and have it handled the same way in Azure. That is something that is actively being worked on. One of the other things that we felt could be improved upon is from an Application Proxy perspective. We have applications native to SSH, and we want to be able to do app proxy to TCP/IP. It sounds like that is actively on the roadmap now, which was amazing. It makes us very excited that it is coming, because we do have use cases with that as well.

Tom Aafloen - PeerSpot reviewer
IT Security Consultant at Onevinn AB
Consultant
Top 10
2021-04-01T19:10:00Z
01 April 21

The Azure AD Application Proxy, which helps you publish applications in a secure way, is really good, but has room for improvement. We are moving from another solution into the Application Proxy and the other one has features that the App Proxy doesn't have. An example is where the the role you're signing in as will send you to different URLs, a feature that App Proxy doesn't have (yet). With Azure AD, if you look in detail on any of the features, you will see 20 good things but it can be missing one thing. All over the place there are small features that could be improved, but these improvement is coming out all the time. It's not like, "Oh, it's been a year since new features came out." Features are coming out all the time and I've even contacted Microsoft and requested some changes and they've been implemented as well.

MW
Principal Consultant at a tech services company with 51-200 employees
Consultant
Top 20
2021-03-24T13:46:00Z
24 March 21

The user administration has room for improvement because some parts are not available within the Azure AD portal, but they are available within the Microsoft 365 portal. When I want to assign that to a user, it would be great if that would be available within the Azure AD portal. It would be awesome to have a feature where you can see the permissions of a user in all their Azure subscriptions. Right now, you have to select a user, then you have to select the subscription to see which permissions the user has in their selected subscriptions. Sometimes, you just want to know, "Does that user have any permissions in any subscriptions?" That would be awesome if that would be available via the portal.

Martijn Verbrugge - PeerSpot reviewer
Manager Infrastructure & Architecture at BDO Global
Real User
Top 20
2021-03-11T15:27:00Z
11 March 21

We have a custom solution now running to tie all those Azure ADs together. We use the B2B functionality for that. Improvements are already on the roadmap for Azure AD in that area. I think they will make it easier to work together between two different tenants in Azure AD, because normally one tenant is a security boundary. For example, company one has a tenant and company two has a tenant, and then you can do B2B collaboration between those, but it is still quite limited. For our use case, it is enough currently. However, if we want to extend the collaboration even further, then we need an easier way to collaborate between two tenants, but I think that is already on the roadmap of Azure AD anyway.

Mike  Sax - PeerSpot reviewer
Vice President, Product Engineering at Logitix
Real User
Top 5
2021-02-08T23:26:51Z
08 February 21

The integration between the Azure active directory and the traditional active directory could be improved upon. We have two active directories that are installed on virtual machines, which are traditional active directories. The interactions between the two are very limited. For example, I could modify users in our own private instances of AD, however, they won't propagate up to the Azure active directory and vice versa. For us, the integrations are the biggie between the on-prem or the self-hosted AD versus Azure AD. The traditional AD instances that we maintain have UIs that are very archaic and monolithic and very difficult to navigate. They should update the UI to make it easier to navigate and make it overall more modern.

SW
Senior Information Technology Manager at a manufacturing company with 10,001+ employees
Real User
Top 5
2021-01-26T15:36:51Z
26 January 21

Overall, it's not a very intuitive solution. When you have an Office 365 enterprise subscription, it comes with Azure Active Directory. We don't have a subscription to Active Directory, but our Active Directory connector puts our credentials into the Azure Active Directory. On the Office 365 side, we're also in the GCC high 365, so it's a lot more locked down. There are a few things that aren't implemented which make things frustrating. I don't blame the product necessarily, but there are links and things within there that still point back to the .com-side and not the .us-side. There's a security portal and a compliance portal. They're being maintained, but one's being phased in and the others are being phased out. Things continue to change. I guess that's good, but it's just been a bit of a learning curve. Our Office 365 subscriptions are tied to our on-prem domain — I have a domain admin there. With our Active Directory connector, our on-prem credentials are being pushed to the cloud. We also have domain credentials in the cloud, but there's no Office subscription tied to it, just to do the administration stuff. I moved my sync credential to have a lot more administrative privileges. Some of the documentation I was reading clearly showed that when you have this particular ability right on the Azure side, and then you have another ability on the Office side, that intuitively, the Microsoft cloud knows to give you certain rights to be able to do stuff. They're just kind of hidden in different places. Some things are in Exchange, and some things are in the Intune section. We had a few extra light subscriptions that weren't being used, so I gave my microsoft.us admin account a whole other subscription. In the big scheme of things, it's roughly $500 a year additionally — it just seems like a lot. I didn't create a mailbox for that and I was trying to do something in Exchange online and it said I couldn't do it because I didn't have a mailbox. You can expect a different user experience between on-prem and online. Through this cloud period, we have premiere services, we have a premiere agreement and we had an excellent engineer help us with an exchange upgrade where we needed a server. We needed an OS upgrade and we needed the exchange upgrade on the on-prem hybrid server. We asked this engineer for assistance because my CIO wanted to get rid of the on-prem exchange hybrid server, but everything that I was reading was saying that you needed to keep it as long as you had anything on-prem. We asked the engineer about it and he said, "Yeah, you want to keep that." In his opinion, it was at least going to be two years. So at least I got my CIO to stop talking about that. It's just been an interesting time in this transition between on-prem and in the cloud. In a secure environment, a lot of this stuff is PowerShell, which is fine. It's a learning curve, but if you don't use it all time, then it's a lot of back and forth with looking at the documentation and looking at other blogs. If you're in a secure environment, the Windows RM (remote management) stuff can be blocked, and that's frustrating, too.

SW
Senior Information Technology Manager at a manufacturing company with 10,001+ employees
Real User
Top 5
2021-01-23T15:57:58Z
23 January 21

It's not intuitive and we use it mainly for our hybrid capability now and are expanding our footprint in Microsoft 365. The integration between on-prem and Online is interesting. However, the learning curve is high. When you have an Office 365 enterprise subscription, it comes with Azure Active Directory, however, you don't have an Azure subscription. Yet, all of our active directory connectors put our credentials into the Azure Active Directory. There are enough things that aren't implemented on our side and we are in the middle of this transition. I don't blame the product necessarily for that. However, there are links and items within Microsoft 365 that still point back to the .com side. Items seem to continue to move, such as security and compliance. Now there's a security portal and a compliance portal, and all three are still being maintained, however, one's being phased in and the others are being phased out. Things continue to change. It's just been a bit to learn. There's a lot to keep track of. There should be a bit more transparency. The Office 356 subscriptions are a bit confusing with a hybrid environment with what credential has an Microsoft 365 subscription. However, then some of the documentation I was reading this week was where I ran into a wall. This particular document clearly showed that when you have a particular ability on the Azure side, and then you have another ability on the Office side, intuitively the Microsoft cloud knows to give you certain other rights, to be able to do stuff. This settings and configurations are in different places. Some things are then in the Exchange Online, some things are in the Intune section, etc. I am not sure if the intent is to have an Microsoft 365 administrator with a second subscription for a cloud admin account or not. I was trying to do something in Exchange online and received a message that I couldn't do it because I didn't have a mailbox. It's frustrating and confusing at times. There are things like that just are a different user experience between on-prem and online. The Microsoft Premier Agreement we have has been very beneficial and we have had an excellent experience with a couple of different short cycle projects.

AA
Delivery Practice Director at a computer software company with 201-500 employees
MSP
Top 5
2020-12-10T05:07:42Z
10 December 20

The licensing could be improved. There are premium one, premium two or P1, P2 licensing right now and a lot of organizations are a little bit confused about the licensing information that they have. They want to know how much they're spending. It's not really clear cut. Transitioning to the cloud is very difficult. They need the training to make it easier. They should probably put in more training or even include it on the licensing so that there are people that manage their environment have somewhere to come to learn on their own. Maybe there could be some workshop or training within Azure. The solution could offer better notifications. They do upgrades once or twice a year. They need to do a better job of alerting users to the changes that are upcoming - especially on the portal where you manage your users and accounts. There needs to be enough time to showcase the new features so your organization is not surprised or put off by sudden changes.

MR
Head of IT at a non-profit with 51-200 employees
Real User
Top 20
2020-12-03T17:29:43Z
03 December 20

The only issue with Azure AD is that it doesn't have control over the wifi network. You have to do something more to have a secure wifi network. To have it working, you need an active directory server on-premises to take care of the networks.

JP
Security Architect at a hospitality company with 10,001+ employees
Real User
Top 20
2020-12-01T15:42:08Z
01 December 20

The onboarding process for new users can be improved. It can be made simpler for people who have never registered to Azure AD previously and need to create an account and enable the MFA. The initial setup can be made simpler for non-IT people. It should be a bit simpler to use. Unless you get certifications, such as AZ-300 and AZ-301, it is not a simple thing to use at the enterprise scale.

Michael Ogunlade - PeerSpot reviewer
Head of enterprise systems at Fidelity Bank Plc
Real User
Top 5
2020-11-04T18:06:55Z
04 November 20

Technical support could be faster.

DM
Solution architect at a insurance company with 5,001-10,000 employees
Real User
Top 20
2020-10-23T17:36:10Z
23 October 20

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value. We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditionnal access to modify. One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

CP
Vice President of Technology at Ecuity Edge
Reseller
2020-09-21T06:33:14Z
21 September 20

I think the documentation and configuration are both areas that need improvement. The product changes and gets updated, but the documentation doesn't keep pace. The initial setup could be simplified. I would like to see a better UI tool.

Pete Fotopoulos - PeerSpot reviewer
Vice President - Network and Infrastructure at NJA LLC
Real User
Top 20
2020-08-04T07:26:14Z
04 August 20

It would be ideal if the solution moved to a passwordless type of environment. It's the future of authentification. It's also more secure and convenient.

Mohamed Fekry - PeerSpot reviewer
Service Delivery Manager Cloud & Infrastructure Solutions at Nile
Real User
2020-07-19T08:15:00Z
19 July 20

Microsoft has a feedback page, in which if anyone has any suggestions or feedback, you can send them to them. They have all of the technical resources available on the internet, on their website. In case you need the support, you can easily open a ticket with them because you already have a subscription and you are eligible to open a ticket.

Jeffrey Attoh - PeerSpot reviewer
Chief Executive Officer at ZDAPT
Real User
2020-07-08T09:01:01Z
08 July 20

My only pain point in this solution is creating group membership for devices. This is something that could be improved. Essentially, I want to be able to create collection groups, or organizational units and include devices in there. I should be able to add them in the same way that we can add users. We want to be able to create members as devices in groups, without having to leverage a dynamic group membership with queries. I want to be able to just pick machines, create a group, and add them.

PR
Software Engineer at Cognizant
Real User
2020-06-28T08:51:00Z
28 June 20

Microsoft needs to add a single setup, so whenever resources join the company or are leaving the company, all of the changes can be made with a single click. I would like to see a secure, on-premises gateway that offers connectivity between the physical servers and the cloud. The capability already exists, but it is not secure enough when the setting is marked private.

SK
Solution Engineer at a government with 1,001-5,000 employees
Real User
2019-09-04T14:48:00Z
04 September 19

The SSO MyApps interface is very basic and needs better customization capabilities.

Related Questions
CJ
User at Alaska USA Federal Credit Union
Nov 12, 2020
Hi community, I work at a large financial services firm and I'm researching AWS Directory Service and Azure AD.  Any recommendations of which I should go with and why? Thanks.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Aug 21, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 55 answers
PR
Software Engineer at Cognizant
28 June 20
Licensing fees are paid on a monthly basis and the cost depends on the number of users. There are no charges in addition to this.
Pete Fotopoulos - PeerSpot reviewer
Vice President - Network and Infrastructure at NJA LLC
04 August 20
I don't have any insights into the licensing costs. I'm not a part of the accounting or payment process.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Aug 17, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Single Sign-On (SSO) Tools to help...
See 2 comments
JT
CTO at NATIONAL MOTOR FREIGHT TRAFFIC ASSOCIATION INC
03 June 22
It was interesting not to see Okta on this list. Did it make a broader list, but not the top tools?   I have implemented Okta, and I have implemented a dual-headed Okta in the past with ease, so I was a little surprised. The other tool I use is Thycotic Secret Server for Admin passwords, though they are now part of a new company.  
rtechenthusiast85 - PeerSpot reviewer
Search Engine Optimization Specialist at LoginRadius
17 August 22
SSO is an essential feature of an Identity and Access Management (IAM) access control platform.  User identity authentication is important when it comes to understanding which permissions a user will have. 
Janet Staver - PeerSpot reviewer
Tech Blogger
May 31, 2022
If you are like the majority of other companies, you most likely use cloud environments or multi-cloud implementations. Even though cloud computing has become increasingly popular, it introduces security threats such as contract breaches, compliance problems, and APIs that are not secure or are misconfigured. Because most SaaS applications include large amounts of sensitive data, such as credit...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Top 8 Single Sign-On (SSO) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Janet Staver - PeerSpot reviewer
Tech Blogger
May 31, 2022
How do I secure my SaaS application?
If you are like the majority of other companies, you most likely use cloud environments or multi-...
Download Free Report
Download our free Azure Active Directory (Azure AD) Report and get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
DOWNLOAD NOW
634,590 professionals have used our research since 2012.