Microsoft Entra ID Reviews

We are a small consultant company, and we help customers to build hybrid environments. We synchronize on-premises AD to Azure AD and help our customers decide which one they want to use.

In our own company, we use Office 365, so we use Activity Directory directly for authentication and authorization.

The most valuable feature is Conditional Access. As there are more and more people working from home, security is a challenge for a lot of companies. To build a general trust solution, we need Conditional Access to make sure the right people use the right device and access the right content.

In our company, we use Conditional Access with Trend to make sure that our employees can use the device from the company. We can make sure that there is higher security. We can also use Trend to set up a group policy and to set up Windows Defender as well.

Microsoft Azure AD is easy to install and is a stable solution.

There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail.

More documentation on some complete scenarios, such as best practices to integrate forests into Azure AD when a customer has several on-premises forests, would be helpful.

I've been using it for four years.

In my experience, it has been working fine.

Scalability is a pain point. There is no documentation about how Microsoft will scale Azure AD for customers. We do, however, plan to increase usage.

We used on-premises Active Directory before using Azure Active Directory.

The initial setup is pretty simple. Microsoft Azure AD can be deployed in one or two minutes.

If you have an Office 365 subscription, Microsoft will build Azure AD for you.

Microsoft Azure AD has P1 or P2 licensing options, and it depends on the customer's needs. To use Conditional Access, you need to have the P1 license, and to use the PIN features, you need the P2 license. We use the P1 license as we use Conditional Access.

It will be a very good solution if your company is already using on-premises Windows Active Directory. Microsoft has provided a useful tool called Azure AD Connect. So, you can easily sync your on-premises Active Directory to Azure Active Directory, and you can easily implement the SSO.

Overall, we are satisfied with the solution and the features provided, and on a scale from one to ten, I would rate this solution at nine.

Our use case for Azure AD is principally to do the role-based access management for our resources. So, we essentially use it for authentication operations for our primary groups and users to secure access to resources.

It has helped in improving our security posture. It is modeled around that. It is an AD, which means it is a directory of users, objects, and resources, and there is a lot of security in terms of the access model and in terms of who is accessing those resources.

In terms of user experience, it is pretty seamless for any user to use Azure Active Directory. The way its security model works is that once you sign in to Azure Active Directory, you get access to a lot of applications and systems that have Single Sign-on enabled. So, Azure Active Directory works seamlessly as an identity provider for many applications such as Slack, GitHub, etc. That's one of the best parts of it. If it is used properly, only by using the Azure Active Directory sign-in, a person can access different resources, which really improves the user experience.

We've benefited from all the security or AD features of this solution. Azure Active Directory is the only directory we've been using, and we make use of pretty much all the features, including the user identity protection features such as MFA. The way it allows us to audit who is logging in and do our work in a secure manner is one of the best features of it.

Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory.

Generally, everything works pretty well, but sometimes, Azure Active Directory has outages on the Microsoft side of things. These outages really have a very big impact on the users, applications, and everything else because they are closely tied to the Azure AD ecosystem. So, whenever there is an outage, it is really difficult because all things start failing. This happens very rarely, but when it happens, there is a big impact.

I've been working as a DevOps engineer for the last four years, and I have been using Azure Active Directory during this time. I got to know it really well over the last two years in my current job and as a part of my Azure Security certification, where I get to know how to secure everything in the cloud by using Azure Active Directory.

It is available most of the time. Only once in the last six months, we faced an issue. So, it is very reliable.

It is managed by Microsoft, so it is not something that is in our hands. We don't manage the infrastructure side and the scalability side.

My present organization is a startup with around a hundred people. There are 5 to 10 people who primarily work in the CloudOps and DevOps space, and we work with Azure Active Directory at some point in time. All people who have resources in Azure, such as the cloud administrators and people from the CloudOps team and the DevOps team, work with Azure AD.

In terms of resources, there are around 100 to 150 resources that we manage within it.

Microsoft has extensive documentation on its website about how to set up things in Azure AD. There are also video tutorials. So, typically, we don't need to engage technical support to do anything.

Only when there is an outage or something like that, we had to engage someone from Microsoft. For example, when there was an outage, we didn't know what was happening. There were some strange behaviors in certain applications, and that's when we involved Microsoft's technical support. 

They are very reliable, and they are very fast to respond. The response time also depends on the support plan that an organization has with Microsoft. 

I haven't used any other Identity Provider solution.

Our organization has definitely seen a return on its investment from using Azure Active Directory. It ties really well with the Azure ecosystem, which is why it makes sense to use Azure Active Directory to access resources.

Azure Active Directory has a very extensive licensing model. Most of the features are available in the free and basic version, and then there are premium P1 and P2 editions. The licensing model is based on how many users you have per month. In Australia, for a P1 license, the cost is 8 dollars.

With P1 and P2 licenses, you get a lot of goodies around the security side of things. For example, User Identity Protection is available only in P2. These are extra features that allow you to have a pretty good security posture, but most of the required things are available in the free and basic version.

I would definitely recommend this solution. I have been using it extensively, and it works really well. It is one of the best Identity Provider solutions out there. You have all the guidance from Microsoft to set things up, and if there is an issue, their technical support is highly available. 

It has been around for a while now, and most organizations leverage Active Directory as their on-premises identity provider. This is just Azure managing your Active Directory for you. It is pretty popular and rock-solid.

I haven't used any other Identity Provider solution, which makes it hard for me to compare it with others. Based on my experience and the things that I have done and learned over time, I would rate Azure Active Directory a nine out of 10. 

We are using Azure Active Directory to secure our identity and applications throughout our corporate. All the authentication is done automatically.

It provides a single pane of glass for managing user access. It streamlines the IT access management process and improves the security of the IT systems. If there are any configuration changes in the software, they are taken care of automatically.

The integration of Azure Active Directory with other Microsoft services is very easy. We can integrate it with Teams, 365, or any other Microsoft solution.

Azure Active Directory provides a seamless and secure way for employees to access work resources that have been assigned to them. They can access the resources from anywhere and work from anywhere.

Azure Active Directory provides a robust set of features. Features such as multifactor authentication and conditional access policies are in-built. These features enhance the security of the IT systems and protect sensitive information from potential threats.

Conditional Access helps to enforce fine-tuned and adaptive access controls. Conditional Access provides more secure authentication for us. We also use multifactor authentication to secure our enterprise from any potential threats.

Permission Management helps to bifurcate the users based on various roles, such as administrator.

Azure Active Directory has saved us time. It has helped to save four hours a day. It has also saved us money. There is about a 10% saving.

Azure Active Directory has affected the employee user experience in our organization. It is seamless. They do not get to feel it is there.

It is very simple. The Active Directory functions are very easy for us. Its integration with anything is very easy. We can easily do third-party multifactor authentication. Automating IT governance is also easy. These are the advantages that we have.

The role-based access control can be improved. Normally, the role-based access control has different privileges. Each role, such as administrator or user, has different privileges, and the setup rules for them should be defined automatically rather than doing it manually.

I have been using this solution for six years.

It is stable.

It is scalable. We have 1,500 users and two admins, and we plan to continue using Azure Active Directory.

Their technical support is very good. I would rate them a nine out of ten.

Positive

We were using Oracle Database. We moved to Azure Active Directory because it is a higher access management solution. It is more secure and helps to manage entities across hybrid and multi-cloud environments.

Its initial setup is very easy. We had to do policy configuration and user configuration. That was it.

It does not require any maintenance from our end.

We had one person for the initial setup.

It is worth the money.

Overall, I would rate Azure Active Directory a nine out of ten. It is a complete identity access management solution for security and managing all types of multi-cloud environments.

We use Azure AD to manage all endpoints, including laptops, desktops, mobile devices, such as iPads and iPhones, and users. We can disable accounts, create accounts, reset passwords, maintain access, and manage permissions.

Azure AD is essential to our organization. Our users need to use their Azure AD credentials to log into their computers every morning, and we also manage user accounts in Azure AD. As a result, we cannot function without Azure AD.

We use Entra's conditional access to restrict access to our system from overseas users. This means that users can only log in from Canada and the United States.

Our zero-trust strategy uses conditional access to verify users and prevent unexpected traffic, such as attacks from Russia. This makes our strategy more robust and secure.

We use Entra's conditional access in conjunction with Microsoft Endpoint Manager to limit user logins from Canada and the USA. We also limit devices that can log into the network to only those located in Canada.

Entra has helped our IT administrators save an hour of time per day.

Entra has helped our organization save money.

We used to use on-premises Active Directory. Now, we use Azure Active Directory. The main difference is that users can now reset their own passwords in Azure AD. This is a positive improvement, as it saves time and hassle for both users and IT staff. I believe that this has had a positive impact on our employee experience.

User and device management is the most valuable feature.

I would like Azure AD to provide features similar to check-in on-prem AD. The fetch-all service is the only one that is not currently available on Azure AD.

The technical support has room for improvement.

I have been using Azure AD for five years.

I give Azure AD's stability an eight out of ten.

I give Azure AD's scalability an eight out of ten.

The basic support from Microsoft is not good.

Negative

We previously used the on-premises Microsoft Active Directory. However, we have since switched to Azure Active Directory, which is a cloud-based solution. Azure AD is more flexible and scalable than on-premises AD, and it allows us to save money on hardware costs. This is because we no longer need to purchase and maintain our own servers. Instead, we can simply use the servers that are provided by Microsoft.

The initial deployment was straightforward and took two months to complete. We switched over to the new system and then set up a number of additional features, such as enterprise applications and multi-factor authentication. This took an additional month, for a total of three months. We followed the instructions from Microsoft step-by-step. The deployment required two full-time employees from our organization and three from our partner.

The implementation was completed with the help of an MSP.

We have seen a significant return on investment since switching to Azure AD. Our monthly costs have decreased from $5,000 to $100.

The price is affordable, and we pay around $100 per month.

Both Okta and Azure AD are great solutions. I know that many people use Okta, but my concern is that we are also using Microsoft products on the endpoint. This means that our users use Windows, and it makes more sense to use a front-end and back-end Microsoft solution.

I give Azure AD a nine out of ten.

Azure AD requires very minimal maintenance.

I recommend Azure AD. The solution is straightforward.

We use the solution for single sign-on, provisioning, de-provisioning, conditional access, and identity governance.

The access governess feature improves our compliance.

Privilege Identity Management is the most valuable feature.

The licensing and support are expensive and have room for improvement.

I have been using the solution for five years.

I give the stability a nine out of ten.

I give the scalability a nine out of ten.

The support is really good.

Positive

The initial setup was straightforward. The time required for deployment will vary depending on the features that we plan to use. Typically, two to three weeks should be sufficient for deployment.

The implementation was completed in-house.

We have seen a return on investment.

I give the cost a three out of ten. The licensing is expensive.

We evaluated Google Cloud Identity.

I give the solution a nine out of ten.

Two to three engineers are required for the Maintenance. The majority of the maintenance is completed by Microsoft.

I recommend the solution to others.

We deployed the solution across multiple geographical areas.

We use Azure AD to implement conditional access when using Microsoft Network (MSN) services. Our infrastructure is primarily on-prem, and we operate our email in a hybrid environment and use the solution for continuity between our on-prem and cloud landscapes.

The solution improved our organization, especially in terms of security control. Overall, we're 65-70% satisfied with the product.

The most valuable feature is Conditional Access, and we use it extensively.

Azure AD provides a single pane of glass for managing user access; we integrated multiple APIs and use single sign-on for all of our Microsoft products. I can't speak in universal terms, but we had some positive feedback from our users regarding user experience.  

We use the Conditional Access feature to enforce fine-tuned and adaptive access controls, an excellent feature we use to enhance the security of all the machines connected to our domain. Users cannot access long-term data, data from untrusted devices, or data on connected personal devices.  

We use Azure AD Verified ID, which is a good feature for privacy and control of identity data; it offers a good level of secrecy. 

We've been using the solution for over six years now. 

The product is stable. 

The scalability isn't an issue; it depends on our license.

We previously used Microsoft's technical support, which was excellent; they were very responsive. Now, we use a CSP, and their support is lacking, so I rate them five out of ten.

Neutral

The initial setup was straightforward, and a partner was present to assist us during the implementation. We have around 250 users, and the solution doesn't require any maintenance.

The product's price is in the midrange. 

I rate the solution eight out of ten. 

Azure AD helped to save some time for our IT admins but not for our HR department, as they don't currently have access to the tool.

I recommend the product to those considering it, though it depends on the use case and requirements. If Azure AD has featured you don't need, then going with one of the cheaper competitors could be a better option.   

My primary use case is Azure SSO. Then, it is a hybrid synchronization of users and computers, and also for SCIM provisioning.

Using this product has helped improve our security posture. I don't handle security directly, but I know that our security team was able to identify logs containing erratic behavior, such as logins that were not authentic. They were able to identify and solve those problems.

This solution has improved our end-user experience a lot because previously, users had to remember different passwords for different applications. Sometimes, the integration with on-premises AD was a little bit difficult over the firewall. However, with Azure, that integration has become seamless. The users are also happy with the additional security afforded by multifactor authentication.

One of the benefits that we get from this solution is the Azure hybrid join, where my presence of the domains is both on-premises and on the cloud. It has allowed us to manage the client machines from the cloud, as well as from the on-premises solution. We are currently building upon our cloud usage so that we can manage more from the Azure instance directly.

Our cloud presence is growing because most people are working from home, so the management of end-users and workstations is becoming a little challenging with the current on-premises system. Having cloud-based management helps us to manage end-users and workstations better. This is because, with an on-premises solution, you need a VPN connection to manage it. Not all users have a VPN but for a cloud-based solution, you just need the internet and almost everyone now has an internet connection.

The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in.

I like the SCIM provisioning, where Azure is the single database and it can push to Google cloud, as well as Oracle cloud. This means that the user directory is synchronized across platforms, so if I am managing Azure AD then my other platforms are also managed.

In a hybrid deployment, when we update the UPN or email address of a user who has license assigned, it does not get updated automatically during normal sync. This means that we have to update it manually from Azure, which is something that needs to be corrected. Essentially, if it's a hybrid sync then it should happen automatically and we shouldn't have to do anything manually.

Azure AD DS allows only one instance in a particular tenant, which is something that could be improved. There are people that want to have AD DS on a per-subscription basis.

I have been using Azure Active Directory for more than three years.

Other than a few global outages, I have not seen any specific outages to the tenant that we use. In the typical case, we haven't faced any issues.

The scalability has been good. For the infrastructure that we have developed, there were no issues. We have nothing in terms of abnormal outages or any abnormal spikes that we have observed. Overall, scalability-wise, we are happy with it.

We have thousands of users on the Azure platform. The entire organization is on Azure AD, and everyone has a different, specific role assigned to them. Some people are using the database, whereas somebody else is using other infrastructure service, and the same is true for all of the different features. We have different teams using different features and I am part of managing identities, which involves using Azure AD and its associated features.

The support from Microsoft is very good. I would rate them a nine out of ten. They are responsive and very knowledgeable.

Prior to Azure AD, we used on-premises Active Directory.

The initial setup was not very complicated because there are very good articles online, published by Microsoft. They give detailed steps on the process and including what challenges you may face. In our setup, the articles online were sufficient but suppose you run into any issues, you simply reach out to Microsoft for support.

Taking the purchases, planning, and everything else into account, it took between three and four months to complete the deployment.

Our in-house team was responsible for deployment. In a few cases, we reached out to Microsoft for support.

We have not evaluated other options. The reason is that the integration between Azure AD and on-premises Active Directory is seamless and easy. Both solutions are by Microsoft.

My advice for anybody who is implementing Azure AD is to consider the size of their environment. If it's a large on-premises environment then you should consider a hybrid model, but if it's a small environment then it's easy to move to the Azure cloud model directly. If it's a small environment then Azure AD is also available on a free license. This is how I would suggest you start looking at having a cloud presence.

Azure AD is easy to integrate and manage, and it will reduce your capital cost a lot.

In summary, this is a good product but there is always scope for improvement.

I would rate this solution a nine out of ten.

We use this solution to authenticate to the portal. There are also some VMs that are not domain-joined, so we use Azure users that we create natively in the portal.

We also use it for our applications. The accounts that we create natively in Azure are used for application authentication.

We have a hybrid deployment model where some accounts are primarily native in Azure, whereas others are on-premises. We also have accounts that are synchronized between our on-premises servers and Azure.

Azure AD has features that have helped to improve our security posture. We have a service called Azure AD Privileged Identity Management, where instead of our administrators having permanent access or permanent admin assignment, they can now activate admin roles only when they need to perform administrative-level tasks.

This means that instead of using permanent assignments, our administrators activate the specific roles that they need at the moment that they need them. After the task is complete, the administrative access expires. This has definitely improved our security posture.

Using this product has also had a positive effect on our end-user experience. The self-service password reset is something that has definitely improved our end-user experience. Instead of having to call our service desk, users can now reset their own passwords.

This is important because due to our multi-factor authentication, we no longer have policies where we have to have periodic password changes. We have three and four-factor stages of authentication, which makes our logins more secure. This is why users don't have to change or reset their passwords on a regular basis.

One of the ways that Azure AD has improved the way our organization functions is to help cut down on service desk requests. If I have an issue with my password, in the past, I would have had to log a ticket with the service desk. With most of us working remotely, this would've posed a challenge. It would have required the service desk to verify that I am who I say I am, for example. Now, because users set up their own profiles and are able to change passwords for themselves, at any moment that their account is compromised, they're able to change their own password.

Overall, this solution has definitely improved our organization's security posture. We no longer have permanent administrative permission assignments, and we are also able to restrict who is able to log in to certain applications. Finally, we are able to see and review any risky or suspicious sign-ins.

Specifically, in the infrastructure team, we now have managed identities. Instead of having to create service accounts, we have managed identities that are directly linked to our resources that support them. All of that is managed by Azure Active Directory.

Another way that this solution has improved how we do our work is that we no longer have to keep a record of all service accounts or use one service account for multiple services. Now, each service that supports managed identities can have its own service account, and that is managed by Azure AD.

The most valuable feature is the conditional access policies. This gives us the ability to restrict who can access which applications or the portal in specific ways. We are able to define access based on job roles. For example, I'm primarily in the infrastructure team and only certain people should be able to connect to the Resource Manager. We can also define which IP addresses or locations those people can connect from before they can access the portal.

If your organization requires additional security then the subscription will be more expensive.

I have been using Azure Active Directory for approximately five years, since 2016.

In terms of stability, Azure Active Directory is definitely an improvement from what we used in the past. I'm happy so far with the offerings and we hardly ever have any service disruptions.

We have a lot of different people using this solution. We have normal users and we have administrators. It's a large organization.

So far, I've been happy with the technical support.

There are very few service disruptions and also, because of our agreement with Microsoft, we are able to get escalated support.

We hardly ever have any downtime. When we do need support, it's normally escalated and our service is restored in a reasonable timeframe.

I would rate the technical support a nine out of ten.

Prior to this solution, we used the on-premises version of Active Directory.

The switch was part of our cloud migration strategy. For us to be able to use our apps and workloads in the cloud, we had to have Identity Management as part of our migration scope. It's linked to our cloud migration strategy.

I was not involved with the initial setup but I assume that it was not complex because we have Microsoft consultants assisting us.

We specifically work with Microsoft directly. We don't use a reseller or service provider. All of the assistance that we get is directly from the vendor.

Our technical team is responsible for deployment and maintenance. I'm not sure how many people are in that team. Somebody from security is involved, but I'm not sure what other roles are required for maintenance tasks.

We have definitenly seen a return on investment from using this product. We have seamless authentication, quicker response times, more robust security, access from anywhere without having to set up VPN links, and federated models.

If we had similar services on-premises, I assume that it would be expensive, especially given that we used to have a perpetual licensing model. Now that we are able to have a subscription-based service, it has not only improved our security posture but also cut down on costs.

My advice concerning the pricing and licensing would vary depending upon the stage of maturity of the organization. I've been with companies that are using the Office 365 license for Active Directory, whereas others are able to use the free version of it.

For organizations such as the one that I'm at now, where we require more security and have services like the Conditional Access Policies or Privileged Identity management, you have to upgrade to a higher level of the solution.

I'm not sure about the specific costs or how they're calculated, but essentially, the costs go up based on the level of security that is required by the organization.

I can't say for certain what our future plans are for Azure AD but I see it being used long-term. It has helped our organization to grow because of what we are able to do. Also, it has greatly improved our security posture because of the services that are available.

I would rate this solution an eight out of ten.