Azure Active Directory Overview

Azure Active Directory is the #1 ranked solution in our list of top Single Sign-On (SSO) tools. It is most often compared to Okta Workforce Identity: Azure Active Directory vs Okta Workforce Identity

What is Azure Active Directory?

The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks. With Azure Active Directory, you get:

- Single sign-on enabling access to your apps from anywhere

- Conditional Access and multi-factor authentication to help protect and govern access

- A single identity platform to engage with internal and external users more securely

- Developer tools to easily integrate identity into your apps and services 

To learn more about our solution, ask questions, and share feedback, join our Azure Active Directory Community.

Azure Active Directory Buyer's Guide

Download the Azure Active Directory Buyer's Guide including reviews and more. Updated: June 2021

Azure Active Directory Customers

Azure Active Directory is trusted by companies of all sizes and industries including Walmart, Zscaler, Uniper, Amtrak, monday.com, and more.

Azure Active Directory Video

Pricing Advice

What users are saying about Azure Active Directory pricing:
  • "Microsoft has a free version of Azure AD. So, if you don't do a lot of advanced features, then you can use the free version, which is no cost at all because it is underpinning Office 365. Because Microsoft gives it to you as a SaaS, so there are no infrastructure costs whatsoever that you need to incur. If you use the free version, then it is free. If you use the advanced features (that we use), it is a license fee per user."
  • "We have various levels of their licensing, which includes users on different levels of their enterprise offering."
  • "If you have a different IDP today, I would take a close look at what your licensing looks like, then reevaluate the licensing that you have with Microsoft 365, and see if you're covered for some of this other stuff. Folks sometimes don't realize that, "Oh, I'm licensed for that service in Azure." This becomes one of those situations where you have the "aha" moment, "Oh, I didn't know we can do that. Alright, let's go down this road." Then, they start to have conversations with Microsoft to see what they can gain. I would recommend that they work closely with their TAM, just to make sure that they are getting the right level of service. They may just not be aware of what is available to them."
  • "Be sure: You know your userbase, e.g., how many users you have. You choose the right license and model that suit your business requirements."
  • "If you are dealing with one supplier with an out-of-the-box solution, which provides you end-to-end capabilities, then it is naturally cheaper and less of a headache to manage and operate."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Manager Infrastructure & Architecture at BDO Global
Real User
Top 5
Users don't have to remember multiple accounts and passwords since it is all single sign-on

What is our primary use case?

BDO is a network of firms and a firm is what we call a country. So, we are present in about 160 countries. I am involved in BDO Global, which is not really a firm in the sense that we don't deal directly with clients, but BDO Global hosts IT services for all those 160 countries. A couple of those solutions are a worldwide audit solution that our firms use for financial audits for customers. We have a globally running portal solution, which firms are using to collaborate with our customers directly. All these services are basically based on Azure AD for authentication and authorization. This… more »

Pros and Cons

  • "It has been very instrumental towards a lot of services we run, especially on the single sign-on side. For example, we have 160 countries that all run their own IT but we still are able to provide users with a single sign-on experience towards global applications. So, they have a certain set of accounts that they get from their local IT department, then they use exactly the same account and credentials to sign into global services. For the user, it has been quite instrumental in that space. It is about efficiency, but also about users not having to remember multiple accounts and passwords since it is all single sign-on. Therefore, the single sign-on experience for us has been the most instrumental for the end user experience."
  • "We have a custom solution now running to tie all those Azure ADs together. We use the B2B functionality for that. Improvements are already on the roadmap for Azure AD in that area. I think they will make it easier to work together between two different tenants in Azure AD, because normally one tenant is a security boundary. For example, company one has a tenant and company two has a tenant, and then you can do B2B collaboration between those, but it is still quite limited. For our use case, it is enough currently. However, if we want to extend the collaboration even further, then we need an easier way to collaborate between two tenants, but I think that is already on the roadmap of Azure AD anyway."

What other advice do I have?

This solution is a prerequisite with some of the bigger Microsoft services, so if you want to use Office 365, Dynamics, etc., then you need Azure AD. However, it is also quite good to use for other services as well because they are currently supporting tens of thousands of other applications that you can sign into with an Azure account. So, it is not only for Microsoft Office, and I think that is probably a misconception in many people's heads. You can use it for many other cloud services as well as a single sign-on solution. My biggest point would be that it can be used for Microsoft…
IT Security Consultant at Onevinn AB
Consultant
Top 5
The passwordless feature means users don't need a password anymore and makes it easier for them to be more secure

What is our primary use case?

I use it for managing identities, access, and security in a centralized way. I help other people use this product.

Pros and Cons

  • "Using [Azure AD's] passwordless technology, you're not even using a password anymore. You're basically just creating a logon request without actually sending or typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple."
  • "The Azure AD Application Proxy, which helps you publish applications in a secure way, has room for improvement. We are moving from another solution into the Application Proxy and it's quite detailed. Depending on the role you're signing in as, you can end up at different websites, which wasn't an issue with our old solution."

What other advice do I have?

Talk to someone who knows a lot about it. Sure, you can look at everything on the docs.microsoft.com page, but it can be hard to understand what each feature is and the value it give you. Talk to someone who knows both licensing and technology, to understand what's there and what you should pay for and what you should not pay for. There are also a lot of good videos out there, like sessions from Microsoft Ignite. You also have the Microsoft Mechanics video series on YouTube with a lot of videos. So if you like to learn through video, there's a lot available for you. You can also go to docs of…
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
510,204 professionals have used our research since 2012.
Director, Infrastructure at a retailer with 10,001+ employees
Real User
Top 5
Easy to use, flexible security options, and it scales well

What is our primary use case?

Azure AD is where our primary user data is stored. We get a feed-in from our HCM solution and it creates our users, and then that's where we store all of their authorizations, group memberships, and other relevant details. We access it through the Azure Portal.

Pros and Cons

  • "This product is easy to use."
  • "When you start to deal with legacy applications, provisioning is not as intuitive."

What other advice do I have?

The biggest lesson that I have learned from using this product is that because it is a SaaS solution, it's easy to get set up and configured. It doesn't take a lot of overhead to run and quite honestly, the security on it is getting better. Microsoft continues to pump more security features into it. My advice for anybody who is considering Azure Active Directory is that if you have Microsoft products that you are currently already using, I would definitely recommend it. This is a solution that seamlessly ties into your Office products, and into any Microsoft product, and it's really easy to…
DM
Product Manager/Architect at a consumer goods company with 5,001-10,000 employees
Real User
Top 10
We can see all facets of the business, providing us more visibility

What is our primary use case?

We run in a hybrid model. We have our Active Directory on-premise directory services that we provide. We basically went to Azure so we could provide additional capabilities, like single sign-on and multi-factor authentication. We are running in a hybrid environment. It is not completely cloud-native. We sync our on-premise directory to the cloud.

Pros and Cons

  • "It enhanced our end user experience quite a bit. Instead of the days of having to contact the service desk with challenges for choosing their password, users can go in and do it themselves locally, regardless of where they are in the world. This has certainly made it a better experience accessing their applications. Previously, a lot of times, they had to remember multiple usernames and passwords for different systems. This solution brings it all together, using a single sign-on experience."
  • "The thing that is a bit annoying is the inability to nest groups. Because we run an Azure hybrid model, we have nested groups on-premise which does not translate well. So, we have written some scripts to kind of work around that. This is a feature request that we have put in previously to be able to use a group that is nested in Active Directory on-premise and have it handled the same way in Azure."

What other advice do I have?

For others using Azure ID, take cookie online training. They are widely available, free, and give you a very good idea of what path you need to go to. So, if you want to take some professional training to become a guru, then you know what classes to go take and the fundamentals that you need to take before you get into that class. So, I highly recommend taking the video term. I come from an Active Directory background for more than 20 years. Coming into Azure was actually great. We had somebody leave the company who was managing it, and they said, "Hey David, I know you are working for this…
Global Head of Identity and Access Management at Adecco
Real User
End users have one password to get into their online applications, which makes for a better user experience

What is our primary use case?

It has allowed us to use other SaaS products that will authenticate with Office 365 as well as other Microsoft products and non-Microsoft products, so we can have a single sign-on experience for our users. Rather than them needing to have multiple usernames and passwords, they just use whatever they have as their main username and password to log onto their machine. It is SaaS based, but we sync up from our on-prem into Azure AD.

Pros and Cons

  • "It is one of those costs where you can't really quantify a return on investment. In the grand scheme of things, if we didn't have it, we would probably have a lot more breaches. It would be a lot harder to detect issues because we would have people using static usernames and passwords for various sites, making us open to a lot more attacks. The amount of security and benefit that we get out of it is not quantifiable but the return of investment from a qualitative point of view is much higher than not having it."
  • "Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing."

What other advice do I have?

Be prepared to learn. It is a massive area. There are a lot of features offered by Azure AD. It works well within the Microsoft realm but also it can work very well with non-Microsoft realms, integrating with other parties. The fact it is Microsoft makes life so much easier, because everyone integrates with Microsoft. Just be prepared to absorb because it is a big beast. It is also a necessary evil that you need to have it. The advantages outweigh the disadvantages of having it. The learning curve is both steep and wide. You can only focus on what you can focus on with the resources you have…
Principal Service Engineer at a energy/utilities company with 10,001+ employees
Real User
Flexibility around accessing company systems from anywhere at any time has proven to be helpful

What is our primary use case?

We are using Azure Active Directory (AD) for: * Application authentication, which is single sign-on. * Multi-factor authentication (MFA). * Conditional access for people coming in from non-trusted networks, which are interlinked. * Azure AD B2B. These are the four big items that we are using.

Pros and Cons

  • "Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company."
  • "There is a concept of cross-tenant trust relationships, which I believe Microsoft is actively pursuing. That is something which in the coming days and years to come by will be very key to the success of Azure Active Directory, because many organizations are going into mergers and acquisitions or spinning off new companies. They will still have to access the old tenant information because of multiple legal reasons, compliance reasons, and all those things. So, there should be some level of tenant-level trust functionality, where you can bring people from other tenants to access some part of your tenant application. So, that is an area which is growing. I believe Microsoft is actively pursuing this, and it will be an interesting piece."

What other advice do I have?

Look at the market. However, look at it from an end-to-end perspective, especially focused on your applications and how a solution will integrate with your overall security landscape. This is key. Azure Active Directory provides this capability, integrating with your Office 365 tenant, data security elements, classifications, identity protection, device registrations, and Windows operating system. Everything comes end-to-end integrated. While there is no harm evaluating different tools, Azure AD is an out-of-the-box solution from Microsoft, which is very helpful. Every day we are increasing…
IT Manager at a renewables & environment company with 201-500 employees
Real User
Top 5Leaderboard
Gives us tight control over who is using applications, and enables us to add, delete, and modify users in one place

What is our primary use case?

We have deployed an Active Directory model with Active Directory on-premises, and that is providing services to the entire organization. In 2018, we wanted to implement single sign-on with some of our cloud solution partners. That was the main reason that drove us to implement Azure Active Directory. As far as I know, that's the only thing that we use Azure Active Directory for at this moment. We can call it a hybrid system. All our internal operations are using Active Directory on-premises, but when we need to identify some of our users with applications on the cloud, that's when we use Azure… more »

Pros and Cons

  • "For some applications, it's not only working for authentication but it's also being used to apply roles for users. From the management perspective, it's much better to have this because in the past we constantly needed to go into the console of the different solutions and create or delete users or modify their roles and permissions. Now, with Azure Active Directory, we can do that from a single point. That makes our management model much easier."
  • "From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately."

What other advice do I have?

As with any implementation, design is key. That would be applicable to Active Directory as well, but when it comes to Azure AD, do not start the installation unless you have an accepted design for it. You shouldn't just start creating objects on it. You need to have a clear strategy behind what you're going to do. That will save you a lot of headaches. If you start without any kind of design, at the end of the road, you can end up saying, "Okay, I think it would have been better to create this organizational unit," or, "We should have enabled this feature." It's probably not very…
IAM / IT Security Technical Consultant at a retailer with 10,001+ employees
Real User
Top 20
Managed identities mean that people don't have to wait for a long time for manual intervention when they raise a ticket

What is our primary use case?

When we are deploying cloud applications we avail ourselves of the services of Azure AD. At the moment, we are mostly getting the data from on-premises to the cloud, as far as user entities go. We're trying to define policies based upon the company's and our projects' requirements, such as whether we need to make something public or private. This all has to be defined. We also use it for access management.

Pros and Cons

  • "Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things."
  • "An area where there is room for improvement is the ease of use of the dashboards."

What other advice do I have?

It's an easy tool to explore if you have already worked with the on-premises data services. There is good documentation available on the Microsoft website. If Microsoft provided more time for new users to explore new features, that would help. Everyone could learn more and contribute more to their companies or to the projects that they're working on. But it is easy to learn. Just be careful, because you are in the cloud. You have to be aware of access, AM, how the user is coming into their account, where the user is going and what the user actions are, and what access they have. Always try to…
See 23 more Azure Active Directory Reviews