What is our primary use case?
We provide a pipeline for Azure Active Directory. We are working with premium clients, giving them services, like SaaS application services through Azure Active Directory. Also, we help external clients who are planning to migrate from on-prem to Azure Active Directory. We help them with the setup, etc.
How has it helped my organization?
We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.
We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.
What is most valuable?
The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features.
There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users.
Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.
Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.
What needs improvement?
Azure AD needs to be more in sync. The synchronization can be time-consuming.
What do I think about the stability of the solution?
The availability is good. I have never experienced any downtime.
What do I think about the scalability of the solution?
The scalability is great. If we will go with the custom installation version of Azure AD Connect, i.e., for many users, then we can go with the custom settings.
I have one client with one tenant. We verified their domain and created many users. It was already on-prem, so we synced all the users from on-prem to Azure AD. We gave those users Office 365 permission from the Office 365 admin center. From there, we enabled the MFA and assigned the licenses.
We have migrated 10,000 to 12,000 objects from on-prem to Azure AD previously.
How are customer service and technical support?
Whenever I have logged a case with Microsoft, their technical support replies within 24 hours with an email and a call, which is good.
Which solution did I use previously and why did I switch?
Previously, our clients only had on-premises Active Directory. They migrated to Azure AD because they didn't want to keep their on-prem environment. There are a lot of challenges with maintaining those servers and other costs.
It is also a good service. From one console, we can manage many things. It is better if we can work with it from a single console, managing it all with fewer resources. With on-prem, there are many domain controllers that we need for various stages, and we have to manage all the domain controllers. Apart from that, we have to back up and monitor the server as well as do everything for the setup.
How was the initial setup?
It is a very easy process to set up. First, we need to collect all the information, e.g., the custom domain information, user information, and which kinds of applications the users want to access. All this information is needed. Based on that, we can just set up and go to the Azure Portal. We can go to the Azure Active Directory console from there, where we can verify the domain and do the management. It is a very easy process, which is not time-consuming. Though, if you want to design your own application (customize it) and provide access for a particular user or group, then it can be a bit of a time-consuming process.
What about the implementation team?
I don't think more than one or two people are needed for the deployment. If we have all the information, then we can work alone. Not many resources are needed for this.
What was our ROI?
Azure AD has a good return on investment. We do not need as many servers, electricity, etc. We can save from a cost point of view. Apart from that, if we have a limited set of users, we do not need to go with the extended version of Azure Active Directory, where it costs a lot to enable these services. Azure Active Directory is a good option compared to on-premises.
This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.
What's my experience with pricing, setup cost, and licensing?
We are working with the Premium P2 licenses, which are reasonable. If you invest in the on-premises environment setup, then it costs so much. However, on-prem AD gives you the ability to manage your organization in a very organized manner, where you can create a group policy.
Azure AD provides identity access. If you have to go with the identity part only, then Azure AD would be the better option. If you will go with the various authentication authorization and security services, like group policy setup, then on-prem Active Directory would be better.
What other advice do I have?
It is good service and easy to use.
I would rate the solution as a nine out of 10. They should be improving the solution all the time.