Senior Solution Architect DataCenter & Cloud at a tech services company with 11-50 employees
Real User
Top 5
2025-08-26T15:48:28Z
Aug 26, 2025
A potential area of improvement in Microsoft Entra ID Protection could include backup-level capability or snapshot capability. Currently, we are required to use third-party backups for the overall Microsoft Entra ID Protection. If there was some level of backup mechanism available with quick restore functionality, that would be beneficial.
Technical Consultant Security and Compliance at inSpark
Consultant
Top 5
2025-06-11T13:33:54Z
Jun 11, 2025
Protection with Microsoft Entra ID Protection could always improve, receiving a 9 out of 10 in effectiveness currently. Identity protection and trust issues, particularly in hybrid environments, could be addressed better with Microsoft Entra ID Protection. This would aid connectivity concerns.
Security Operations Team Leader at Yalla Security Srl
Real User
Top 5
2025-02-06T14:56:52Z
Feb 6, 2025
I have set up my Active Directory locally for the same domain. However, Entra ID lacks a function to synchronize from the cloud to the local directory. This is a significant issue since there is no write-back feature from the cloud to local, which would allow me to use my own credentials from the cloud tenant securely.
AI Solution Architect at Bitscape Infotech Pvt. Ltd.
MSP
Top 5
2024-12-16T09:48:00Z
Dec 16, 2024
Microsoft has not offered control over how they calculate high or low-risk scenarios. While they mention if a low risk is found by Microsoft, the triggered policy isn't customizable. Enhanced configurations for verified credentials would also be beneficial since the current configuration is quite complex and tedious.
There is a lot of confusion around the user interface. For new users, it can be difficult or confusing to understand the concepts of managed identity and role protection.
Learn what your peers think about Microsoft Entra ID Protection. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
So far, the tool has been good. I have dealt with our company's clients' technical and functional requirements. So far, the tool has always serviced all our needs, so I don't see any shortcomings in it. The challenge in the tool was related to hybrid connectivity, like with Azure AD Connect, which I now think is Microsoft Entra ID's predecessor. Azure AD Connect was replaced by Microsoft Entra ID. There were many issues with the tool's sync process. During the configuration of networks, the process was quite resource-intensive. I think Microsoft understood the concerns of the users associated with the tool, and that is why it released a new kit into the block, like Microsoft Entra Cloud Sync, to replace its shortcomings. Microsoft Entra Cloud Sync is for enterprises that would love to have hybrid configurations. Microsoft Entra ID Protection needs to offer better hybrid connectivity to users. There are two products under Microsoft Entra ID, which are like brothers or cousins, and I feel that matching them up should not be an uphill task for us, like when we have a scenario where we try to integrate with a tool from a different vendor through APIs and so many other configurations that need to be done. The tool can just unify and make the process as quick as possible with a few clicks to deal with the configuration. I want the tool's licensing model to be made easier.
When it comes to logs, we don't have access to all of them because there's a limitation of 90 days for log retention. It would be a great option to have the ability to increase this duration in the portal itself, either as a paid feature or something similar, as three months of log retention is insufficient. If we want to check someone's log, the challenge is sometimes finding different access points to various portals. However, they have started adding these access points, which is a positive improvement. For example, previously, there was no cloud app security access from Active Directory, but now they have already added the link. Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar. It doesn't have to be a complete module, but having some logs or notifications for administrators would be very helpful. If they could provide us with the option to receive notifications or something similar, it would significantly enhance the platform. One more thing to consider is the log retention period in the Active Directory. It would be useful if we could export logs or have access to information about how long the logs can be retained in the Active Directory.
The solution is not optimized to work with Mac devices on a granular level. They work seamlessly with Windows but have a lot to improve to work with Mac devices. It also needs to improve stability and scalability.
Senior IT System Administrator at a financial services firm with 51-200 employees
Real User
2023-06-09T12:00:00Z
Jun 9, 2023
The solution's sync should be faster since it can take about 30 minutes to two hours to complete a simple sync. The tool needs to sync instantly. It also needs to improve scalability, support, and stability.
Identity labeling and sensitivity needs improvement to be comparable to Dell. Password management needs to include a keyword mechanism that blocks or allows generic passwords. The auditor tool needs to include SIEM events in addition to sign-in and audit logs. Currently, we have to rely on third-party solutions for our log needs. The solution's models need to be centralized instead of having different names and separate platforms. We have to spend a lot of time integrating all the models with the IAM.
Microsoft Entra ID Protection enhances security with advanced identity controls and seamless integration across environments. It ensures robust protection via multifactor authentication and single sign-on capabilities, safeguarding enterprises' sensitive information efficiently.Microsoft Entra ID Protection offers comprehensive identity management and privileged access management features, making it critical for businesses transitioning to hybrid models or cloud solutions. Utilizing...
A potential area of improvement in Microsoft Entra ID Protection could include backup-level capability or snapshot capability. Currently, we are required to use third-party backups for the overall Microsoft Entra ID Protection. If there was some level of backup mechanism available with quick restore functionality, that would be beneficial.
Protection with Microsoft Entra ID Protection could always improve, receiving a 9 out of 10 in effectiveness currently. Identity protection and trust issues, particularly in hybrid environments, could be addressed better with Microsoft Entra ID Protection. This would aid connectivity concerns.
I have set up my Active Directory locally for the same domain. However, Entra ID lacks a function to synchronize from the cloud to the local directory. This is a significant issue since there is no write-back feature from the cloud to local, which would allow me to use my own credentials from the cloud tenant securely.
Microsoft has not offered control over how they calculate high or low-risk scenarios. While they mention if a low risk is found by Microsoft, the triggered policy isn't customizable. Enhanced configurations for verified credentials would also be beneficial since the current configuration is quite complex and tedious.
There is a lot of confusion around the user interface. For new users, it can be difficult or confusing to understand the concepts of managed identity and role protection.
The pricing could be improved.
So far, the tool has been good. I have dealt with our company's clients' technical and functional requirements. So far, the tool has always serviced all our needs, so I don't see any shortcomings in it. The challenge in the tool was related to hybrid connectivity, like with Azure AD Connect, which I now think is Microsoft Entra ID's predecessor. Azure AD Connect was replaced by Microsoft Entra ID. There were many issues with the tool's sync process. During the configuration of networks, the process was quite resource-intensive. I think Microsoft understood the concerns of the users associated with the tool, and that is why it released a new kit into the block, like Microsoft Entra Cloud Sync, to replace its shortcomings. Microsoft Entra Cloud Sync is for enterprises that would love to have hybrid configurations. Microsoft Entra ID Protection needs to offer better hybrid connectivity to users. There are two products under Microsoft Entra ID, which are like brothers or cousins, and I feel that matching them up should not be an uphill task for us, like when we have a scenario where we try to integrate with a tool from a different vendor through APIs and so many other configurations that need to be done. The tool can just unify and make the process as quick as possible with a few clicks to deal with the configuration. I want the tool's licensing model to be made easier.
When it comes to logs, we don't have access to all of them because there's a limitation of 90 days for log retention. It would be a great option to have the ability to increase this duration in the portal itself, either as a paid feature or something similar, as three months of log retention is insufficient. If we want to check someone's log, the challenge is sometimes finding different access points to various portals. However, they have started adding these access points, which is a positive improvement. For example, previously, there was no cloud app security access from Active Directory, but now they have already added the link. Integrating some notifications, not necessarily all, but at least for important events or alerts, would be beneficial as it would function as a team solution or something similar. It doesn't have to be a complete module, but having some logs or notifications for administrators would be very helpful. If they could provide us with the option to receive notifications or something similar, it would significantly enhance the platform. One more thing to consider is the log retention period in the Active Directory. It would be useful if we could export logs or have access to information about how long the logs can be retained in the Active Directory.
The solution is not optimized to work with Mac devices on a granular level. They work seamlessly with Windows but have a lot to improve to work with Mac devices. It also needs to improve stability and scalability.
The solution's sync should be faster since it can take about 30 minutes to two hours to complete a simple sync. The tool needs to sync instantly. It also needs to improve scalability, support, and stability.
Identity labeling and sensitivity needs improvement to be comparable to Dell. Password management needs to include a keyword mechanism that blocks or allows generic passwords. The auditor tool needs to include SIEM events in addition to sign-in and audit logs. Currently, we have to rely on third-party solutions for our log needs. The solution's models need to be centralized instead of having different names and separate platforms. We have to spend a lot of time integrating all the models with the IAM.