Microsoft Entra ID Reviews

We use it because we have to onboard our user laptops to our Windows domain. Azure AD provides us with the Windows domain capability.

As an organization, we are going for ISO 27001 compliance. The only way to achieve much of that was to have Azure AD in place. Once Azure was in place, many things, like bringing all our laptops into the domain, and ensuring centralized policy deployment, were taken care of and that is where Azure AD has come in handy.

We use BitLocker for policy enforcement. And now, because of the Microsoft 365 Business Premium package, we get Intune as a part of it. That's very useful for us for setting policies and managing the systems. The biggest strength of Azure AD is Intune. As a user, I rarely go into Azure AD. I would rather go to Intune and work from there.

I've been using Azure Active Directory for the last few years. Since 2020, I've been using it extensively because, where I'm working, we're totally on Azure AD.

There is nothing to be worried about when it comes to stability. It's a cloud product.

We are not worried about scalability because it's a cloud system. It will run and they will scale it. They already have packages wherein you can scale it depending on how many users you have in your system.

Our usage of Azure AD will continue, going forward, as an organization. We are not going to pull back on it. It's only a question of what more we can extract out of it as we go along.

Technical support varies. The problem is that Microsoft has contracted out support to multiple organizations around the world. When you raise a ticket, you may or may not get support from someone in your country or region. That's "Part I". 

"Part II" is that when you get to a support agent, they go by the playbook. While they do a lot of R&D for us when we give them the problem in detail, and they actually find things out and come back to us, they're not willing to go beyond the established guidelines to try to troubleshoot. They will only do so if it becomes a pain-in-the-neck issue and multiple users are reporting that problem. For example I found an issue with Defender and I raised a ticket with the Defender team. That has now been pushed to some sort of a feature update, so things like that do happen.

Positive

The initial setup is straightforward. There is nothing very complicated about it.

The very basic setup of AD might take between 10 minutes and half an hour. Then, if you sit down and focus on the task, it takes about a couple of days to have all your nodes in place.

In our company, there is another person who is my immediate junior and who reports to me. We are the ones who deploy, use, and maintain the system.

We are using the version that comes with Microsoft 365 Business Premium.

Microsoft has a very weird way of licensing the product. With the standard on-prem edition, we can do a lot of regular, day-to-day maintenance, including creating policies and the like. We can't do that in Azure Active Directory. The Azure system is very basic in nature compared to what the server provides us.

There are add-on components and services, such as identity services, that we have to add to our Azure subscription. Only then can I actually say it's on par with the on-prem server edition.

Why should I pay for a component? It should be included in my subscription. I understand there may be an added fee, but don't remove an essential component. I am a career IT guy. When I start comparing my on-prem server against this cloud edition, I see that there are components missing. The money issue is secondary. Give me a solution that matches the Azure standard edition. They should ensure that whatever I have on my domain controller are the facilities that run here in Azure AD. For example, on the domain controller, if you are my user, I can let you create a 14-character or a 20-character password. I can't do that on Azure AD. To do that, I must get the Directory Services module, which costs me another $100 a month. Let that cost be added to the bill and let me create my configurations as and how I want. Why do they want to restrict me? It's a detrimental business practice.

Still, I say go for it. Don't worry about the pricing. Licensing, at the basic level, is sensible. But you should actively talk to your reseller about the needs of your organization. Costs will vary as you dig deeper into understanding what product or service you need. Independent of your geographic location, talk to a local Microsoft partner and understand the cost. Don't simply go online and order things. I would stress that to anybody in the world, whatever the size of their organization.

The pricing module is pretty straightforward for many of the products. They have a price for up to 300 users for many of the licensed products. Up to 300 users is not considered an enterprise business.

You may have knowledge about the product, but when you talk to somebody else you get a slightly different perspective. Exercise that principle. Talk to one or two vendors, but talk. Spend time on the call. Understand what you want. One person might give you an idea of how you can deploy with your existing products, while another guy might say those products have these weaknesses and these strengths.

From the organizational perspective, it's not the native Azure AD components that provide value to the customer, it's more the other components. If you're a Microsoft 365 Business Premium customer, you get Microsoft 365 Defender. Along with that package, you get something called Secure Score for your organization. The beauty of Secure Score is that it gives you something of a benchmark. It says X percentage of organizations have this particular level of security score and it tells you how you can upgrade your security. It may tell you to enable something or disable a feature. After about a day's time, during which the change percolates across the organization, your security posture goes up a notch. That's a very useful tool for any organization, whatever the size.

The end-user experience is better because we don't have to have so many components on board, compared to other solutions, to do something. For example, even though Defender is a limited version in some critical aspects, it still does its job pretty well. One major benefit of having it is that we can control the policies of Defender from the Intune portal or the Microsoft 365 Defender system because it's backed by Azure AD. Azure AD plays a kind of backend role. 

It doesn't play much of a front-end role wherein I can create a policy. If I have to create a GPO, I must get the Directory Services component. Without that, I cannot create a GPO the way I would with the ordinary service. That's a critical difference. And with Microsoft, as usual, until you go digging around, you'll never know about this. I raised support queries with Microsoft and followed up with the tech support, after which I was informed that until I have Directory Services I can't do anything. This kind of clarity is not provided to the customer. Microsoft's website is really weak when it comes to providing specific details.

I would tell any organization that doesn't have Azure Active Directory today not to spend money on setting up a server and a data center and infrastructure. Simply upgrade your Office subscription, because it eventually happens. The world is divided into two major parts: Microsoft users and Google users, and there may be some percentage that doesn't use either product. If you're using these products and looking at ISO compliance, simply upgrade to Microsoft 365 Business Premium. You'll get Azure AD and then you can go about the rest of your work.

Overall, I rate Azure AD at seven out of 10. There is a huge difference in the capabilities between the on-prem server and the Azure version.

The Authenticator app is a client application on your smartphone, usually, and you configure your profile in the cloud. I use it with my Android smartphone. 

This is a Microsoft standalone application, which the user installs usually on a mobile device, either iOS-based or in my case, Android-based. Then you add your enterprise accounts into the Microsoft Authenticator app, your work account from Microsoft 365, or your whatever on-premise account, which makes uses the Azure or whatever IDP, identity provider so that you can do single sign-on or multi-factor sign-ins.

It's an authenticator. How it's used really depends on the use case that it is configured with. If you are using your Microsoft 365 work account, if your organization requires you to do multi-factor authentication, not just with the username and password, with an additional factor like the Microsoft Authenticator app, then it simply offers that extra level of protection and security.

You can manage locally additional pathways or passwords. You can collect your credit card information or whatever secret notices in the authenticate app. This is something that got the addition the last couple of years.

You could use it for different use cases. 

The Azure AD-integrated single sign-on scenarios are the most useful due to the fact that, if you are in a cloud application that you have on your smartphone, the Authenticator just requests you to allow or deny the access as a factor. Other applications require a token where you have to enter in an additional pin. Having the single sign-on or the multi-factor way with just allowing the application with one tap to authenticate is really smart.

The solution is free to use and you can use it for every service.

They recently redid the user interface a few months ago and it looks good.

I've found the solution to be stable and scalable. 

Adding a new account can be tricky. I do it a lot and therefore am used to it, however, if you don't you tend to forget the process. If you had a bottom menu and the settings menu, for example, be added to the bottom menu instead of a different place, the top right corner, it might be more intuitive.

One area of improvement is always with global offerings from large companies where we have a lot of users that require help. Users need videos, et cetera, in their own language, and in German, there is not much from Microsoft. These are products that have a very, very fast life cycle. They upgrade the services and applications in a very high rhythm every couple of months, and even Microsoft does not have the resources to offer the learning material in all the regions, however, they offer their services.

We have then to add some additional use via manuals of how to set up, et cetera, as we have users that are not willing or cannot understand videos in English that come from Microsoft.

I've been using the solution for two to three years. It might even be longer than that.

The solution is stable. I haven't had any problems so far. 

The product scales well. 

The goal is to have everyone using it. We are in the rollout phase, and in my organization of about 1,500 users, after a couple of weeks, we have maybe a third of the population starting to use the application. 

This is like this every rollout. It takes a couple of weeks to a month. In the end, we will have around 7,500 users using Microsoft Authenticator or the Microsoft multi-factor authenticator service that allows you to choose different factors. We have a lot of things using the Authenticator app. 

We have central support organizations and I don't access Microsoft support myself. Therefore, I can't speak to their level of service.

I've used many authenticator applications. I used already Microsoft Authenticator when it came out, maybe five, six, or seven years ago. Then I used Google Authenticator and other authenticator applications. You can, however, use these all in parallel. For example, if you mix your private and your work accounts in the same applications, or if your smartphone is managed by your company and you want to separate your private accounts from any corporate policy that can delete your smartphone, you can use different authenticators for different purposes. Right now, I have the Authenticator app in front of me, and I have seven accounts configured, and this is a mix of private and corporate or work accounts.

The initial setup is easy. You just download it and start using it. 

We don't need to worry about maintenance. This is a service from Microsoft.

The solution doesn't cost anything to use.

I'm the Chief Security officer of our organization. I always have to do some research on these topics.

I'm a Microsoft customer.

I'd advise any user to use MFA these days. There's not just war in Ukraine. There's also war in this kind of space and a multi-factor authentication method is a must just to make your cyber life a little bit safer at least.

I'd rate the product eight out of ten.

We use Azure Active Directory for quite a few things. We use it for security group management of authorized principals who need access to get SSH-signed certificates for user logins. We use it for automated jot-based (JSON Web Token) self sign-on for our lowest, least privileged credentials on certain products. We also use AAD for B2B coordination of SSO when we're bringing users onto our platform, where they have Active Directory on their side. We use the OIDC-based SSO flows through AAD to merge project-level AADs back to our corporate AAD for internal single sign-on flows.

• There is tech support to help with any OIDC-based setups between organizations.
• It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.

The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access. 

I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up.

Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to.

Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.

I have been using Azure Active Directory for a couple of years now.

The stability is great.

The scalability is also great.

We have an enterprise agreement with Microsoft, so we aren't typical folks. Through that agreement, we get a dedicated technical account manager and that person is able to escalate tickets when necessary. I have found Microsoft to be very responsive when needed, although we haven't really needed them that often.

We use Azure a lot, and therefore, AAD was an obvious choice and we thought, "Why not use it?"

They've done a good job on OIDC. That was a pretty simple, seamless setup. We've done that with multiple remote IdPs now, and I don't recall too many issues there.

There is much less cost investment going into it now. We didn't have to do a volume buy to get onto the platform. When it comes to ROI, there is low friction and a high, immediate return on investment.

It's relatively inexpensive in comparison with third-party solutions. It's highly available and supported by Microsoft Azure in our enterprise agreements. With the addition of their B2C tenants, it's hard to beat from a cost perspective now.

They changed their pricing for B2B access. You used to need shared licenses so that, if you were paying for a Premium AAD on your side, that would allow you to have five shared external mapped users. They've blown that all up and it's now dirt cheap. It works out to pennies per user per month, instead of dollars. A P1 user license in their system was $6 per user per month, which is cost-prohibitive for a lot of B2B SSO flows, but now it's down in the pennies range.

Azure AD is primarily integrated with all of the Microsoft services, such as Microsoft 365, Office 365, and Dynamics 365/Power Apps. Behind the scenes, we are, in one way or another, using Azure AD for our application security, identity management, and to access purpose services. At times, we need to configure some advanced features to provide access and identity to third-party apps to integrate with Dynamic 365. 

Unfortunately, I don't have any numbers and metrics related to organizational improvement off-hand.

That said, using Azure AD app services, we don't have to care about secure access to our Dynamics 365 data. Azure AD performs the authentication on behalf of our application and that's great. We don't have to implement security on our side to secure access for third-party services or third-party software or applications.

Azure B2C has also helped us in providing secure access to the Power Apps portal, or external content.

The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.  

I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.

The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.

The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.

Honestly speaking, I haven't thought about where areas of improvement might be necessary.

Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues.

In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.

I have been using the advanced feature of Azure AD for the last three years or so.

Currently, Azure AD and most of the Azure services are very, very stable. A couple of years ago, I experienced some difficulty in implementing the solutions, the services of Azure AD. In one instance, I was not able to configure Azure AD for a registration. This was two or three years ago. However, currently, the documentation is very clear and there are no loopholes or anything that could hinder even a simple IT administrator to implement these services.

I am just using the product for integration with Dynamics 365 and Power Apps solutions. Right now, we are integrating with Azure AD in a very simple manner. I'm not sure if we plan to expand usage.

In our company, 100 to 200 people are connecting to PowerApps portals using Azure AD B2C.

There are two or three developers right now who use Azure AD for identity and access management purposes. Managers will not be using Azure AD in that it is not used to configure and trigger solutions using Azure.

We haven't used customer support contact up to this point. Everything that we need is already provided through the documentation. So far, we haven't had any need to contact customer support for Azure AD.

We did not use a different solution before we used Azure AD. We only use Microsoft solutions.

The initial setup was very straightforward. The documentation is very good and the steps are very well documented. I remember three years ago I encountered some undocumented feature or maybe a bug when configuring Azure AD for apps registration. However, lately, this is not the case. Currently, the documentation is very up-to-date and very clear, and almost every time I register the user, the apps in Azure AD, and configuration the Azure B2C have helpful documentation. They probably made some form of an update to the system that fixed any past bugs or issues.

The deployment hardly takes 15 to 30 minutes - and that's for app registration. To complete the whole process on the Azure AD side and on our Dynamics 365 side - including Azure B2C - it took, when I implemented it for the first time, one hour to set up everything. That was the first time. Since then, I've gotten faster and it now hardly takes 30 to 40 minutes to configure Azure B2C.

We are an IT company ourselves. A hundred percent of the time we use our own skills and documentation to implement everything related to Azure AD and Dynamics 365 or anything else.

We have seen an ROI due to the fact that it integrates with other Microsoft services very seamlessly. In that sense, it definitely saves time and cost as opposed to implementing something that we don't know, such as other identity systems. 

I don't know much about the pricing. As far as licensing is concerned, there are two options. There is a set of free services that are offered through a free license and if you have a Microsoft tenant or any Microsoft service such as Dynamics 365 or Power Apps, you have access to a free set of services that Azure AD provides. This includes registration and some other items. 

If you want to use Azure AD's advanced features, they are not provided for free. There are two types of premium licenses that are available for anyone who is a registered licensed user.

We did not evaluate different solutions before we chose Azure AD. This is due to the fact that, in the Microsoft ecosystem, Azure AD fits best in terms of providing access and identity management to all of the other Microsoft online services.

We are a Microsoft partner.

I'm not sure which version of the solution we're using. This is an online service. As I'm a Dynamics 365/Power Apps developer, usually I don't bother to check what version of Azure AD is currently hosting on the online services.

I would advise new users, if they are using Microsoft online services, that Azure AD is the best choice for all identity and access management requirements. This is due to the fact that it is in the same ecosystem. It understands the needs of its own vendors much better compared to any other external identity service.

I'd rate the solution a perfect ten out of ten.

It underpins our application authentication and security requirements for internal users.

During the pandemic, it helped us carry on working securely as a business.

Azure Active Directory hugely improved our organization’s security posture. The ability to control access to resources has vastly improved.

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

On-premise capabilities for information and identity management need improvement but I know these are in pipeline.

I have been using it for five or six years.

The stability has improved over the last two to three years.

It has fantastic scalability. Globally, we have about 80,000 users. 

In each territory there are on average around 40 people managing the solution on the admin side. We also have SMEs for the harder tasks. Then you have people, like me, who are architects and determine approach and create designs.

Microsoft Premier Support is very good. We make good use of it. 

The free support is okay.

For mobile device management we used to have MobileIron and Blackberry. Those products have been removed in favour of Intune and Azure AD features. Other legacy security services will be removed in preference for the Azure equivalents. Strategically, Azure AD makes more sense for us. Cloud first is the strategic direction within my company.

It is a predeployed solution, creating the links between the on-premise system and SaaS system is moderately easy.

Our deployment took a month.

For a non-complex organization, the deployment process would be a lot easier than it is for a complex organization. There are a lot of business processes that need to be determined as well as a lot of conversations. The technology side of things is the easy bit. It is the design that takes awhile.

It was all done internally and using Microsoft Partners

We have only really bought into the solution over the last 12 months or so. We expect to see cost returns in the next 12 months.

If you get rid of all the products providing features that Azure suite can provide, then it makes sense cost-wise.

Microsoft Premier Support is an additional cost to the standard licensing fees.

Azure Active Directory and its feature set under a single vendor are unique in our market.

Compared to how it was five years ago, the solution is has really matured.

Make sure that business requirements are understood upfront and a design is in place before any services are deployed. Ensure the people deploying it understand the capabilities and implications of choices.

I would rate this solution as a nine out of 10.

We use Azure Active Directory for our project management proposals. Employees who are onboarding in Active Directory can use project filters for authentication and other back-end tasks. There are different installed environments and staging areas. Different areas are being used for different purposes.

Azure Active Directory provides us with a single pane of glass for managing user access.

Azure AD made organizing information much easier for our organization. The solution also helped the IT and HR departments save up to 50 percent of their time. Based on the time savings, I would say that Azure AD also helped save costs within our organization.

Azure AD positively affected our employees' experience in the company by providing them with a single sign-on portal to access all their accounts in an easy way.

Overall, I think the support and the pictorial format of this web portal are very good. Everything is just a click away, which is very convenient. Previously, we had to write a configuration file to do anything, but now everything can be configured through the user interface. This is a great improvement.

The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what.

I have been using Azure AD for three years.

I give Azure Active Directory an eight out of ten.

I recommend Azure Active Directory.

The solution acted as a source of truth for everyone internally and those we collaborated with externally. We deployed it in the cloud, so many of our users are remote and spread across the country.

The features around permissions are excellent.

The general usability of the site could be improved.

The ease of use regarding finding audit information for users could also be improved.

We want to see better integration with other Microsoft 365 products; it's a separate tool, but they all need to work together.

We've been using Azure Active Directory for about four years. 

The product is very stable; I rate it nine out of ten for stability.

Azure AD is very scalable; I rate it nine out of ten for scalability. 

The customer service needs improvement; it takes a long time to open a ticket and get it resolved.

Neutral

We previously used Google G Suite and switched to Azure AD for better security, and to match the platform our clients are using to allow easier collaboration with them.

The initial deployment was straightforward, although we initially found it challenging to understand how to use Azure AD to manage access and permissions with external parties. We carried out the setup using three staff; myself and the IT team.

We have seen an ROI with the solution; the ability to collaborate with external partners provided tremendous value. 

I evaluated Okta some years ago, so that information isn't fresh. 

I rate the product nine out of ten, and I recommend it. 

We use Azure AD to manage users in terms of user accounts and profiles. We also use it to manage applications, access control, and application management.

Azure AD has helped improve the onboarding and offboarding process, especially with the user provisioning and SSO. With Azure AD, once a user account is created, the user automatically gets synced across all of our applications without the admin having to touch each application once at a time.

The solution helped improve our onboarding process by saving us a lot of time.

The feature I have found the most valuable is user provisioning (SSO). Azure Active Directory provides a single pane of glass for managing use cases. 

How it works is once it has all been set up, it allows the user to use the same credential – the username and password – across multiple applications. It creates ease of use for the user as they don't have to keep entering a username and password across multiple applications.

Azure AD allows us to manage the users' access from a single point. In a typical environment, if, for example, a user exits the company and the account needs to be disabled, you would have to go across each application to disable that access. With the Microsoft experience, you just have to disable it from the Azure Active Directory, and then it syncs across all of the applications. Once the account is disabled on the Azure, the accounts are disabled on all applications. The user instantly loses access across all applications without the admin having to go to each application one at a time. When you are offboarding an exited user or an employee that leaves the organization, there's no room for error in terms of missing out or forgetting to revoke an access for a particular application.

I would like to see Microsoft communicate how they intend to manage legacy applications. Right now, you still have to deploy a hosted domain server (which comes at an extra cost) if you have a legacy application that cannot sync properly with the enterprise applications and the modern applications.

I have been using Azure Active Directory for about five years now. 

Azure is stable. 

Azure is scalable. 

Microsoft's tech support is very responsive and really supportive. They will work with you if you have any concerns or if you have any issues. They have experts that will be able to jump on a call with you and assist you in making sure that whatever your concerns are, they all get resolved.

Positive

I did not previously use a different solution. 

The initial deployment was straightforward for me because I already had a pretty good experience managing the on-prem Active Directory. The deployment of the directory itself does not take long. However, it took us about a couple of months to carry out the user creation, create the Conditional Access policies, and to test. You have to test your policies before you go live. We had a lot of design to do in terms of setup, testing, rollout, and setup for each feature that we needed to implement. We had more of a test phase before the go-live phase. That's why it took quite a while. 

We did our deployment in-house. We had three people on the deployment. 

We have seen a return on investment from Azure AD because, first of all, we have been able to use the Cloud infrastructure to bring in more response. Also, it has high availability. We can easily scale it up or down, thereby managing costs. Now, in terms of the Azure Active Directory Office 365, we also have scale licenses where we get to manage the licenses across multiple users, thereby reducing costs of having to purchase one per user.

I would say that Azure AD's pricing is very reasonable because of the structure and in terms of the solution. I can offer this tip for the licensing: if you plan on going to a CSV, you can get a certain level of discounts.

We looked at Google Workspace when we were trying to migrate from on-prem to the cloud. At the end of the day, after analyzing and comparing most of the features that we are going to go with and how it will integrate with our existing system, we found the Microsoft Azure Active Directory to be more effective and better suited to our requirements.

This is how Azure AD stacks up against Okta. Okta is a third-party application for syncing user profiles from on-prem to cloud. However, Microsoft already has a pretty good application for that, which is Azure's AD Connect. It's more or less the same thing as Okta and more effective in the sense that with AD Connect we can actually get to query the user objects in terms of all the attributes to work on-prem and on the Cloud, just the same way you probably do it if you run an LDAP query. This is something you might not get with Okta because of the integration with the Active Directory.

My advice to someone looking to implement the solution is: your in-house technical support needs to understand the technology and your requirements as an organization because Azure is very robust. You need to know exactly what you intend to deploy and the requirements you intend or need. If you have that covered, Azure AD will be simple and straightforward to use. If you are able to plan and manage the users and services, it is really cost-effective.

I have identified that Azure Active Directory has a lot of features that are handy and useful. Microsoft is also constantly improving on it and it has all the required features that my organization requires. 

Azure AD is helpful and user friendly when it comes to managing identity and access tasks. It helps you manage that effectively because you have all the clouds, you have profile creation, you have all the features. Everything is easy to locate and simple to navigate.

Azure AD allows us to improve compliance for enforcing fine-tuned and adaptive access controls. It also allows us to manage access to all the applications in our environment. With it, we can create design policies that either the leader or the identify side from HR has to comply with before a particular user gains access into our environment or into a particular service within our environment.

We use Entra's Conditional Access feature in conjunction with Microsoft Endpoint Manager. We do so because one part allows for full control in the endpoint for managing access on the user and that user as an object, and then the other manages the device as an object.

This combination has the ability to reduce the risk of unpatched devices connecting to your corporate network. It will prevent a user from accessing an environment or a service space via a compromised device. If a user, for example, tries to access our network, service, or environment, via a compromised personal device, this combination will help prevent that kind of intrusion. Also, if a corporate authorized device gets compromised, that's when we find out the device is authorized to access that environment. It also helps to manage and restrict access.

Entra has helped our IT administrators and HR department save time. As a rough estimate, I would say it has cut our costs down by 20 hours per week.

Microsoft Entra has affected our employee user experience by helping to manage the end-to-end communication between user, device, and services by creating a very similar communication and very similar to the experience, which allows the user to be able to connect seamlessly to services and also to the device itself.