What is our primary use case?
We use this solution to authenticate to the portal. There are also some VMs that are not domain-joined, so we use Azure users that we create natively in the portal.
We also use it for our applications. The accounts that we create natively in Azure are used for application authentication.
We have a hybrid deployment model where some accounts are primarily native in Azure, whereas others are on-premises. We also have accounts that are synchronized between our on-premises servers and Azure.
How has it helped my organization?
Azure AD has features that have helped to improve our security posture. We have a service called Azure AD Privileged Identity Management, where instead of our administrators having permanent access or permanent admin assignment, they can now activate admin roles only when they need to perform administrative-level tasks.
This means that instead of using permanent assignments, our administrators activate the specific roles that they need at the moment that they need them. After the task is complete, the administrative access expires. This has definitely improved our security posture.
Using this product has also had a positive effect on our end-user experience. The self-service password reset is something that has definitely improved our end-user experience. Instead of having to call our service desk, users can now reset their own passwords.
This is important because due to our multi-factor authentication, we no longer have policies where we have to have periodic password changes. We have three and four-factor stages of authentication, which makes our logins more secure. This is why users don't have to change or reset their passwords on a regular basis.
One of the ways that Azure AD has improved the way our organization functions is to help cut down on service desk requests. If I have an issue with my password, in the past, I would have had to log a ticket with the service desk. With most of us working remotely, this would've posed a challenge. It would have required the service desk to verify that I am who I say I am, for example. Now, because users set up their own profiles and are able to change passwords for themselves, at any moment that their account is compromised, they're able to change their own password.
Overall, this solution has definitely improved our organization's security posture. We no longer have permanent administrative permission assignments, and we are also able to restrict who is able to log in to certain applications. Finally, we are able to see and review any risky or suspicious sign-ins.
Specifically, in the infrastructure team, we now have managed identities. Instead of having to create service accounts, we have managed identities that are directly linked to our resources that support them. All of that is managed by Azure Active Directory.
Another way that this solution has improved how we do our work is that we no longer have to keep a record of all service accounts or use one service account for multiple services. Now, each service that supports managed identities can have its own service account, and that is managed by Azure AD.
What is most valuable?
The most valuable feature is the conditional access policies. This gives us the ability to restrict who can access which applications or the portal in specific ways. We are able to define access based on job roles. For example, I'm primarily in the infrastructure team and only certain people should be able to connect to the Resource Manager. We can also define which IP addresses or locations those people can connect from before they can access the portal.
What needs improvement?
If your organization requires additional security then the subscription will be more expensive.
For how long have I used the solution?
I have been using Azure Active Directory for approximately five years, since 2016.
What do I think about the stability of the solution?
In terms of stability, Azure Active Directory is definitely an improvement from what we used in the past. I'm happy so far with the offerings and we hardly ever have any service disruptions.
What do I think about the scalability of the solution?
We have a lot of different people using this solution. We have normal users and we have administrators. It's a large organization.
How are customer service and support?
So far, I've been happy with the technical support.
There are very few service disruptions and also, because of our agreement with Microsoft, we are able to get escalated support.
We hardly ever have any downtime. When we do need support, it's normally escalated and our service is restored in a reasonable timeframe.
I would rate the technical support a nine out of ten.
Which solution did I use previously and why did I switch?
Prior to this solution, we used the on-premises version of Active Directory.
The switch was part of our cloud migration strategy. For us to be able to use our apps and workloads in the cloud, we had to have Identity Management as part of our migration scope. It's linked to our cloud migration strategy.
How was the initial setup?
I was not involved with the initial setup but I assume that it was not complex because we have Microsoft consultants assisting us.
What about the implementation team?
We specifically work with Microsoft directly. We don't use a reseller or service provider. All of the assistance that we get is directly from the vendor.
Our technical team is responsible for deployment and maintenance. I'm not sure how many people are in that team. Somebody from security is involved, but I'm not sure what other roles are required for maintenance tasks.
What was our ROI?
We have definitenly seen a return on investment from using this product. We have seamless authentication, quicker response times, more robust security, access from anywhere without having to set up VPN links, and federated models.
If we had similar services on-premises, I assume that it would be expensive, especially given that we used to have a perpetual licensing model. Now that we are able to have a subscription-based service, it has not only improved our security posture but also cut down on costs.
What's my experience with pricing, setup cost, and licensing?
My advice concerning the pricing and licensing would vary depending upon the stage of maturity of the organization. I've been with companies that are using the Office 365 license for Active Directory, whereas others are able to use the free version of it.
For organizations such as the one that I'm at now, where we require more security and have services like the Conditional Access Policies or Privileged Identity management, you have to upgrade to a higher level of the solution.
I'm not sure about the specific costs or how they're calculated, but essentially, the costs go up based on the level of security that is required by the organization.
What other advice do I have?
I can't say for certain what our future plans are for Azure AD but I see it being used long-term. It has helped our organization to grow because of what we are able to do. Also, it has greatly improved our security posture because of the services that are available.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.