Microsoft Entra ID Reviews

I have had multiple use cases for Entra ID during my previous position as a system administrator. In that role, I was responsible for managing around three thousand users within our organization, including some external parties, which brought the total user count to approximately ten thousand. Entra ID is a cloud-based solution designed for identity and access management. In our organization, we primarily employed it to maintain user groups for authentication purposes. Additionally, we had on-premises applications that required registration within Entra ID, enabling us to provide a single sign-on solution for these applications, granting access to our users.

Entra ID boasts several other features as well. For instance, we utilized a security feature called NFA to enhance user security. We also implemented a conditional access policy, tightly integrated with Microsoft Intune. This policy allowed us to define specific access rules based on user locations. This means that if a user was located in a particular branch, they would be granted access to certain services while others would not. Such configurations were established within our conditional access policy in Entra ID.

At times, we needed to provide temporary access to certain users as administrators. For instance, our compliance team might require access to check compliance reports or logs for a limited period, which we facilitated by granting access for one or two hours. Within Entra ID, we have a functionality known as Security Score, which we utilize to assess and benchmark the security of our organization. This helps us identify potential risks and areas for security enhancement.

Among the tools we employ, Intune plays a crucial role. With Intune, we effectively managed our Windows, iOS, and Android devices. We could establish compliance policies and configuration settings for both Entra ID and Intune, ensuring a consistent and secure user experience across different devices and platforms.

Entra ID can be deployed using a hybrid model for organizations with a significant on-premises presence, or in a fully cloud-based setup for those that do not.

Entra ID offers a unified interface for managing user access.

In addition to the Single Sign-On provided by Entra ID, we also offer a biometric option through Windows Hello.

In the admin center, we can locate the dashboard. Recently, Microsoft has made significant improvements. Previously, searching for a username required navigating to the user test section. However, presently, I've observed that Microsoft has enhanced the search scenario. Now, by simply searching for the username on our web page, it will display the username along with all associated details. Furthermore, we have password identity management, group management, and application registration options available. We also support on-prem authentication, specifically rescoping authentication like NTLM, which is an older authentication method. However, if we register our application with Entra ID, we can easily enhance the security of our authentication through modern authentication methods. These security features are available within the admin center.

Verified ID, in fact, is obtained when we create or subscribe within Entra for the initial time. Therefore, it is a default setting on Microsoft that provides us with a default domain. However, if we perform this on Microsoft.com, we need to append that tenant and subsequently verify it. This, of course, necessitates the addition of certain DNS entries to incorporate our customized domain into Entra ID. Consequently, we have the capacity to include up to 500 domains within a single tenant.

We are three global admin users. As such, we are responsible for maintaining our company's tenants. Occasionally, the security or compliance teams need to assess the current status. For instance, we might have a project requiring a vendor to have access for a specific duration. In such cases, we can readily grant customized access to that user for the designated period. Post this duration, access will be automatically revoked. Hence, we can manage these settings through permission management.

Microsoft has indeed introduced new features. For instance, we now have the ability to create a multitude of users or add members to a group all at once. To facilitate this, they have developed a custom script. By including the object ID of the user in an Excel or CSV file and importing that file, the system will automatically add the users. Entra ID is particularly time-saving, as it allows us to add 100 users in just 30 seconds using the group method. If we were to create the group manually, it would take one to two hours per user.

In my situation, not all users are motivated. The IT division and the technicians might be up to date with the latest technology. However, when we consider the finance or sales personnel, their primary focus is on their business sales. They lack knowledge of IT or technologies. As a result, when we introduce a new solution and onboard their users to that system, we encounter certain issues. Nevertheless, through integration and training, we established the necessary procedures for logging in and working, which eventually became acceptable. Entra ID has played a significant role in making the user experience more seamless.

As an administrator, we sometimes observe a discrepancy between Microsoft Intune and Entra ID – these are distinct solutions, each with its own licensing subscription. On occasion, these two solutions are combined into a single service, or conversely, certain services might be removed. Such situations can create conflicts for administrators. A few days ago, I noticed that certain aspects like the Microsoft Compliance and Microsoft Security tabs were missing when accessing Entra ID. It appears that some services have been removed from Entra ID and new ones have been introduced, which wasn't communicated to us. I would appreciate receiving notifications regarding the removal of services from specific tabs, along with information about their replacements. This would allow us to plan our logins accordingly. Microsoft offers two portals – the classic portal and the modern portal. When using the classic portal, we promptly receive notifications about its upcoming transition to the modern portal after a designated date. However, no such notifications were provided for Entra ID. In my quest to locate security and compliance checking features within Entra ID, I discovered that the options were seemingly absent. Subsequent Google searches revealed that these features had been consolidated under a single solution.

We are receiving false security alerts on the dashboard. We have set up a conditional access policy that restricts access based on the user's location. However, we have observed that there are instances when Microsoft's AI might be generating these false alerts. This is causing users to be blocked from accessing their accounts. When we reached out to these users, they confirmed that they hadn't visited the specified area or country in the last seven to ten days. Despite this, they are receiving notifications to reset their passwords, with a warning of being locked out. Microsoft should work on enhancing its machine-learning algorithm to prevent unnecessary lockouts of users.

I have been using Microsoft Entra ID for five years.

Entra ID is a cloud-based solution. Microsoft, in fact, operates multi-zone data centers which greatly reduce the possibility of service outages. However, this year we have experienced a significant amount of downtime. For instance, we encountered Exchange Online issues in Bangladesh. They source their authentication from either the Singapore or Indian data centers. Unfortunately, there were several instances of problems in this area this year, about two or three times. We faced communication as well as mail-sending problems. While their Service Level Agreement is supposed to be 99.99 percent uptime, it seems to be closer to 99.98 percent. Interestingly, for the past four years, we did not encounter any such issues. Strangely, this year, these problems began around the time of the Russian incident. It's possible that backend issues, perhaps related to cybersecurity, contributed. Additionally, Microsoft laid off ten thousand employees this year, and after this restructuring, we started facing these issues.

I would give the scalability a ten out of ten.

The quality of technical support depends on both the issue at hand and the expertise of the assisting engineer. In certain cases, they might be unable to provide assistance, leading us to resolve the issues on our own.

Positive

We previously used the on-premise version of Active Directory before switching to Entra ID.

The initial setup for Entra ID is simple when opting for a full cloud deployment. We only need to onboard the users and enter the license. However, in a hybrid scenario, we require network connectivity from on-premises to the cloud. Additionally, a separate server is necessary to synchronize the users with the cloud. This process is time-consuming and intricate to manage.

I implemented Entra ID for three to four companies in Bangladesh. Additionally, for on-premises Active Directory deployments, I handled more than ten to fifteen projects. In the capacity of a vendor, I collaborated with a company that served as a local partner of Microsoft.

The deployment involves four or five teams, including IT, Networking, and Security.

To facilitate hybrid implementations, we need the support of an architect to design the servers.

As Entra ID is a subscription service, a payment is required for each user every month. To access its features, purchasing the license is necessary. Initially, upon creating the tenant, a complimentary subscription for either 30 or 90 days is provided. After this trial period, it's mandatory to choose a subscription. Entra ID is relatively expensive compared to other solutions. There are free alternatives available for managing and providing authentication. However, considering a comprehensive range of solutions under one umbrella, Entra ID stands out. It offers additional benefits such as one terabyte of OneDrive and SharePoint storage, along with Microsoft Teams integration. The cost covers various applications and extra features, providing good value for the investment.

Entra has P1 and P2 licenses that are bundled with lots of applications.

I would rate Entra ID a nine out of ten.

Since Entra ID is cloud-based, remote users or branches need to ensure that they have a stable internet connection to access our environment.

Maintenance for cloud solutions is generally not obligatory. This is due to the automatic functionality that activates when users are enabled. However, if a license expires, we must either seek assistance from Microsoft or renew all licenses, subsequently testing the new licenses. Occasionally, for maintenance, especially when dealing with our own custom applications and enabling single sign-on with Entra ID users, we require assistance both from Microsoft and our mitigation team. This is because each application has its own authentication method, often resulting in compliance issues. To address this, discussions with the mitigation personnel are necessary, and we may need to allocate time for aid from a Microsoft engineer. In certain instances, collaboration with Microsoft vendors from the integration team is essential. Apart from these situations, the process remains fairly straightforward.

It has allowed us to use other SaaS products that will authenticate with Office 365 as well as other Microsoft products and non-Microsoft products, so we can have a single sign-on experience for our users. Rather than them needing to have multiple usernames and passwords, they just use whatever they have as their main username and password to log onto their machine.

It is SaaS based, but we sync up from our on-prem into Azure AD.

With COVID-19 at the moment, this solution is a good example of where we needed to move a lot of our traffic from our on-prem authentication into the cloud. Last year, before I joined the company, we had to setup our VPN differently. It was easy enough for us to do because our machines were already joined to Azure AD. We just split the traffic and stopped having to rely on our on-prem VPN for our Office 365 traffic. We were just good to go into the Internet because we had all the features setup, e.g., MFA and Conditional Access, which made life a lot easier.

It has made our security posture better. There are always improvements to be made, but we feel more secure because of the way that things have been setup and how everything integrates together.

• Single sign-on is the most useful at the onset. 
• The dashboards offered are very granular, in terms of usages. 
• We find the Conditional Access element and Multi-Factor Authentication side of things very useful. 

These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.

Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.

It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.

The one area that we are working on at the moment is the business-to-consumer (B2C) element. It is not as rich as some of the other competitors out there. The B2C element of Azure AD is quite niche. Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing.

In my previous role, there would have been a few things that I would have liked added, but they have already introduced them. Those are already in the roadmap. 

I have been using the product for many years. I have only been at Adecco for six months, but I had experience with it at my prior role as well. Overall, I have used it in excess of five years.

The stability is fantastic. It is a big step from using Active Directory on-premise to now moving to something that has been completely rethought in the cloud. It is very impressive and fits into the whole Microsoft ecosystem, making life easier.

We have had some downtime, but I think a lot of that has been unavoidable from Microsoft's side of things. Microsoft made some changes in some instances which caused certain features to be unavailable, like Azure AD became unavailable a few weeks ago. I love that they were very frank, open, and honest as to what happened. However, the bottom line is that we prefer downtime not to happen. 

We have had no problems with it. We are not exactly the biggest organization, i.e., 30,000 accounts. IT makes up probably 5,000 of those accounts, or less. If we were an organization of hundreds of thousands, then we might be questioning scalability. However, I have never known it not to be scalable. For medium- to large-organizations, it is fine. I think it is when you get into multiple companies with multiple complexities then it becomes a struggle. For us, it is more than scalable for our purposes.

We still have many applications that need to be onboarded to Azure AD. Because we are moving to the cloud, there is a lot more that we need onboarded into Azure AD, but it is working well so far.

The technical support is great. We have a dedicated resource who understands our environment. We have regular meetings with them once a week where we get to discuss the current status of various tickets as well as our questions. The support that we get is very good.

We have Premier Support. We also have Premier Mission Critical Support on Azure AD, which is where we have someone who is dedicated to our setup and knows how our environment's setup. Therefore, if we do have a major issue, then they would be brought in to help resolve those issues.

It was a given that we would use Microsoft. To use Microsoft 365, you need to use Azure AD, so that is what we did.

I have always used AD and Azure AD.

In my previous role, the initial setup was quite simple. It was a simple case of install and follow some wizards, then you pretty much had it setup and synced to your Azure AD from the on-prem. Minimum effort was required.

The deployment was about three weeks, which was mainly the change process and getting it through our internal changes. It was quite quick. 

We did it ourselves internally with some help from Microsoft. There were four people involved in the deployment: the service owner, a Microsoft product engineer, and two internal engineers.

We have the maintenance outsourced to a partner. However, we have had trouble with this partner because of their lack of delivery.

Ideally, I would like around five people to work with the partner and maintain the environment. At the moment, we have one person and are recruiting two others. For our scale, three to five people would be great as well as working with a partner to do the operations. That is the model that I am using.

It is one of those costs where you can't really quantify a return on investment. In the grand scheme of things, if we didn't have it, we would probably have a lot more breaches. It would be a lot harder to detect issues because we would have people using static usernames and passwords for various sites, making us open to a lot more attacks. The amount of security and benefit that we get out of it is not quantifiable but the return of investment from a qualitative point of view is much higher than not having it. 

It is the one platform that should be used for all authentication. Azure AD allows you to have one username and password to access all of your sites, which makes life a lot easier. Therefore, the return on investment is good because people have to use the one ID and password.

Be sure:

1. You know your userbase, e.g., how many users you have. 
2. You choose the right license and model that suit your business requirements.

In the future, I would maybe like better integration with competitive products. Obviously, Microsoft would be selective on that anyway. For example, working alongside Okta as a competitor, their product seems to be a bit richer in its offerings. From what I have seen, Okta has a bit more of an edge, which is something that might benefit Azure AD.

Be prepared to learn. It is a massive area. There are a lot of features offered by Azure AD. It works well within the Microsoft realm but also it can work very well with non-Microsoft realms, integrating with other parties. The fact it is Microsoft makes life so much easier, because everyone integrates with Microsoft. Just be prepared to absorb because it is a big beast. It is also a necessary evil that you need to have it. The advantages outweigh the disadvantages of having it.

The learning curve is both steep and wide. You can only focus on what you can focus on with the resources you have in your organization. It is such a big product and changing all the time. This means that you need dedicated people to be on it. There is a lot of keeping up with what Microsoft puts out there with Azure AD, which is great. This makes its feature-rich, but you need to be able to learn how it integrates into your business as well.

What Azure AD does for my current organization is sufficient, but we are probably not adopting most of what Azure AD has. We do not have it at a mature place at the moment, but we hope (over the next couple of years) to get it up to the latest and greatest.

It is an integral part of using Microsoft stuff, so we are not going to move away from it any time soon. If anything, we will ensure that everything is on Azure AD and authenticating users use Azure AD. That part will still take some time to do. Like most large organizations who have been around for a long time, we have legacy to deal with and some of that legacy does not support Azure AD. So, we are working towards that.

If you come from a company with legacy technology, then there will be a lot of business and technological changes for you to make.

The adoption of Azure AD B2C is progressing somewhat well. That is something that we just started in the last couple of months. We are having more of our products being onboarded into it. We will be moving other implementations of Azure AD into the one Azure AD implementation, and it has been great so far.

I would rate it as a nine out of 10. I would have given it a 10, but it is impossible for something to be perfect. The product does itself a disservice when there is an impact due to downtime, which we have had over the years. Because you rely on it so heavily, you can't afford for it to go down for a few minutes because then there will be user impact. 

I use it to manage users and devices in my environment. 

I'm also using it to control access to different services that we have and to manage and register applications. It is used to control access to applications that we use in our company. I do a lot of applications in Azure Active Directory, and then I also have a hybrid configuration in my environment. I'm able to sync my on-premise users in the cloud so they can have the benefit of cloud infrastructure while maintaining access control to provide them access to the services that they need in Azure.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

We have an unlimited number of users that we can register. We can register more than five hundred thousand objects. That is wonderful for us.

We can have an audit and we can easily audit logs. I'm able to know when the user logged in and what program they used. I can track everything. I can see activities and denial of access. 

I can create many users at one time using Excel. When we have a lot of people that join, I can just use Excel to perform the deployment of the platform by creating a user. It makes onboarding easier. 

We can manage access and onboarding by teams. It allows us to maintain privilege identity management.

The Entra admin center is also fabulous. 

The product provides a single pane of glass for managing user access. Everything is there. I can monitor from there. I can create a single sign on from there. I can create MFA (multifactor authentication) directly from the portal. I have more than two thousand devices that I manage and I can do everything centrally. 

The single pane of glass affects the consistency of the security policies we apply. It is easy for me to have access to the panel, and I can have a great view of what is going on in my Active Directory. I have a security score. I have the number of groups, number of applications, and number of devices right in front of me, in one place. This makes it easy for me to monitor it and check everything. 

There are good tutorials available for learning more about the product.

We are using the conditional access feature. We also leverage multi-factor authentication so that we can verify users by phone number, for example. It helps us verify effectively. The conditional access feature works well with Microsoft Endpoint Manager.

We use the verified ID to onboard new employees efficiently. We can now onboard in less than 30 minutes. It's also great for privacy and control.

The employee user experience has been positive. When they submit a ticket, it gets resolved in less than 15 minutes. It's very impressive.

I haven't had any issues with the product.

I've been using the product for three years.

The stability is wonderful. I'd rate it 9.5 out of ten. It's the best.

The scalability is good. It's very scalable. 

I've only reached out to technical support once when I was trying to access our agreement account. They set up a meeting and guided me through how to connect to it. I had a positive experience. 

I have used other cloud technologies like AWS or Google Cloud and they don't have the type of active directory where I can control everything. Azure is very powerful.

Previously, all of our active directory was on a Windows Server on-prem. Managing it was not easy. Finding user accounts, going to log in to the Windows server, going to log in to the active directory, et cetera, that previous process was too long. Now, it's easy. Now, you can log in and you have everything in front of you. 

With the old system, we needed to configure it and we were using Okta and we had a combination of many, many tools to be able to get results. Now, we can assign the role directly from OneClick, and we can also use the PowerShift LiveGuard template and it's easy. 

The product is easy to set up. You can set up an entire organization in one day. 

There is no maintenance needed. Microsoft takes care of everything. We just make sure that we check the synchronization. Even if there is a sync error, we will receive a notification. Usually, it fixes itself and syncs every hour.  

We handled the setup in-house.

We've saved more than 20 hours per week. The product is saving us a lot of time. It cut time spent by 45% to 50%. It's also saved us money as we only pay for what we use.

We pay monthly, and we only pay for what we use.

We are a Microsoft customer. 

I'd advise potential new users to read the documentation and make sure that they know what they are doing before they begin providing access to users. If they don't follow the requirements of their company before creating users, they could have a data breach or provide the wrong access.

You can have a centralized solution that provides secure access. You can manage everything from one portal. Azure makes it easy.

I'd rate the product ten out of ten.

We're using the solution for our customers. It's for those that may have been on-premises and moved to the cloud when it started to become mainstream. Users wanted to transfer their users and permissions and so on to the cloud and onto Azure.

Azure is the most comfortable cloud to work with. One company we worked with had infrastructure that needed to go to the cloud, and with Microsoft, it's very easy to move. The company is flexible in terms of how you want to handle a migration or configuration. There are a lot of features that help to implement different solutions and that makes it very easy to work with. 

We are using the solution on different projects. Depending on the project, we use different features. It's great for handling user groups and security policies.

We can use it with Office 365 and Exchange. 

It provides a single pane of glass.

It's given us good consistency in terms of the user's sign-on experience.

Microsoft makes a very good product. It makes the policies quite easy and everything is quite understandable. It provides different tools to implement the same scenario.

The admin center for managing all identity and access risks across an organization is very cool. 

Verified ID is very useful for onboarding remote employees. It helps with privacy control of identity data. It makes security very easy. It makes it simple to protect the client. This feature helps IT and other teams protect the business.

We used permission management about a year ago. I had some experience with AWS. I didn't use GCP. Mostly we use Azure. In our case, when we implemented it with the current client, we didn't have any issues with it. It was clear and very simple. It has helped us in a few cases reduce risk when it comes to identity permissions.

Sometimes the client doesn't need the full functionality; they just need a small part of it - and it still works in those cases.

The product has helped us save time in IT and HR. If you create your directory with some logic, it allows you to streamline tasks. It can help more quickly handle requests. The management aspect helps simplify user interactions with various departments.

Azure has very good services that showcase how much money you are spending. It gives you advice on how to protect yourself from spending too much money. It's helpful when we have new clients. You can show them the financials from Microsoft and it will help illustrate how much it costs, and how much it will cost if you scale. It's very transparent on how much money you would spend depending on the setup. 

It's had a positive effect on the employee user experience. 

Sometimes it is difficult to understand the structure of the menu. Sometimes they make some changes in the configuration structure and you might have trouble finding a button or some functionality based on a UI update. That can be annoying. Too many interface changes can make it confusing. 

The documentation could be better. Microsoft documentation is confusing. We do not like working with documents. There is not one big website where you can find whatever you want. Instead, there are thousands of websites that cover certain parts or services. On top of that, they often have old, out-of-date information that hasn't been checked. This is the most difficult part of dealing with Microsoft. 

I've used the solution for almost four and a half years.

The solution hasn't had any downtime. Everything works perfectly.

We've had some issues with performance around scalability. When we tried to deploy in certain areas, we didn't have enough scalability. This was an unusual situation. Typically, scalability is not an issue, however. 

Sometimes we contact technical support, however, not usually during the initial setup. We tend to fix any issues by ourselves. 

Microsoft has different support teams in different countries. Who you speak to depends on what service you are using.

Automatically, your request is sent to a certain team or location. We have had a lot of issues with the Azure DevOps team, which is routed to India and the level of support is much lower. We had to have multiple calls to close a very simple task.

Positive

I have not used any other different solution previously. 

I was involved in the initial deployment. The setups are always complex. 

How long it takes to deploy depends on the client. We've done it in two days or one week. However, the main work is typically done across two days.

We tend to have two to three people involved in the implementation. 

It doesn't require any maintenance on our side. 

Typically, we always do the setup by ourselves. We handle the setups for the clients. We sometimes ask Microsoft for input.

Microsoft has various pricing tiers. 

I've read about Okta, however, I have never used it or evaluated it.

We are a Microsoft gold partner. 

I've used the conditional access feature, however, not very often.

If your company has more than ten users, you need this service. It gives you a lot of features to help manage your organization. A small startup with a handful of employees likely won't need it. However, if you have an organization with a financial department, a developer department, et cetera, it will get complicated handling access and permissions. Without this solution, you can't be sure you'll be safe - especially as you scale up your employees.

We use different models, including on-premises and cloud.

If you are a regular user, you don't need any special knowledge. However, if you are a technician, you can take exams from Microsoft and find materials about the product and really learn about it. That said, anyone can get a sense of the product simply by searching for it on YouTube.

I'd rate the solution nine out of ten. 

My company provides different types of support for different products. I am a Microsoft Azure support engineer for Azure Active Directory.

We work with multifactor authentication, federation, synchronization of on-premise services to the cloud, migrations from on-premises to the cloud, and role-based access to company services. I also work with the identity services of Azure. I work with certain cases where customers have issues with Office 365. That's because the administration and the role-based access come from the Azure platform. 

We're in the middle of the transition to unify more services. There are many services in terms of networking with the machines and storage accounts.

Azure is a platform, so it doesn't have a version.

Microsoft 365 is a part of the service of Active Directory. Currently, all the people and institutions, such as schools and universities, working from home are getting the benefits of Microsoft 365 in Azure Active Directory. They are indirect users of Azure Active Directory. That's because all the services are with the Azure platform, and all these identities are managed from the cloud. This service is providing a huge contribution to the whole world at this time. For example, my nephew is not going to school currently, but he has to connect every day through Microsoft Teams. I know that it is Active Directory that's managing this authentication, but he doesn't know that.

Azure provides many services related to security, data protection, identity, key networking, and management of the storage accounts with encryption. The whole environment is very secure. Azure works with the security of the services. It is in the backend, and it is the same platform as Microsoft 365 or Office 365. So, if you have Office 365, you're using Azure. The platform source is the same for Azure and Office 365 or Microsoft 365. It is the same platform to manage the users. At a certain point, I guess everything will be together because even though there are too many services, all of them rely on the same platform.

There is a secure way of managing the security and access to your services. If you use Azure in your company, you can manage the type of authentication that you want to use for security. For example, you can manage your company from on-premises and also use the cloud in a hybrid environment. This way the services that Azure provides on the cloud are available for the users that exist on-premises, and this is actually where I'm working right now.

The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.

For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory. 

For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.

The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them. 

Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.

I have been working with Azure Active Directory for two years.

Scalability is one of the main features of Azure. You can adjust the services that you have., You can increase them anytime, and if you are not using them, you can downgrade the services to the minimum. The scalability and elasticity are the key features of Azure. They allow you to manage all the resources that you have according to your needs. For example, if you are a big company that is going to have a lot of customers during a period and needs to duplicate or triplicate resources, you can get all those created immediately. When you don't need that many virtual machines, storage accounts, or web services, you can downgrade to the minimum. The pricing will be according to the service that you are using. This is one of the most attractive things for the customers because if you were on-premises, what would you do with all those desktops once you don't need them. On the cloud, it is different. If you don't need it, just remove the service, and you won't be charged. It is very flexible.

I provide support for Azure AD. This is my area of support currently, but sometimes customers have questions about different products or services. Because I'm working on Azure Active Directory, it doesn't mean that I only know about this specific product. We are constantly learning and getting trained. There are too many things to learn more about the Azure platform. I have worked for the billing and subscriptions team, which is a totally different type of support. If a customer has questions about billing, subscriptions, pricing, and discounts available on the platform, I can provide support. If a customer needs help with creating a virtual machine, I can tell the customer to work with another team. If I have the knowledge, I go the extra mile and help them. 

There have been situations where the customers had a ten-year-old server that was no longer supported, and all the services were very old. They were from the time when Azure started, and those services are called classic services. Most of those services are not compatible with today's technologies. In such cases, we had to let the customers know that they need to migrate the services, which can get tough for some of them because not all users have the resources to move services to new technology. In such cases, we work with other teams within our own company and try to find a solution. We always try to find a solution. We are not limited to one solution. We'll research for options and do some brainstorming with other teams, and most of the time, there are no cases that we can't close or are unsolved. Of course, customers might have been expecting a different solution, or they are not open to change, but at a certain point, they will need to accept that some of the resources that they have been using for more than 10 years are now obsolete. 

It is very simple. All you need to do is to create a subscription. When you create an Azure subscription, you will be creating an Azure account. If you are using Office 365, you already have an Azure Active Directory account.

If you go to Azure.com and use your credentials, you would be able to log in. So, you have a basic panel with services related to Active Directory, but if you need to deploy virtual machines or other paid services, you will need to purchase a subscription. I have my own environment, but I only use it for testing and for making records of customer issues to see what's happening or why the problem is coming.

It is a very easy-to-manage platform. There are many guides. As soon as you enter the portal, you will see all products and services. Every time you click on any specific service, you will find information about the service, its pricing, etc. You will get the required information needed on the platform. I also have experience with IBM's platform, but it was not as easy to handle as the Azure platform. 

The basic tier of Azure Active Directory is free, so many users use the service for free. For a small company having the security and compliance that Azure offers is a great benefit. For small companies that are using the basic services, not having to pay for Azure Active Directory is the main asset because they can manage their users and have authentications tools and security. 

You just need to create an Azure account to get a free trial or subscription. If you sign up for a free subscription, you will have $200 that you can use for a month on any services that you want to try or test. If you're planning to use a paid subscription, you can't have the first month for free until you spend those $200. At that point, you can decide if you want to continue using the platform. You will be paying only for the services that you use. If you have a virtual machine, but you don't use the virtual machine, you won't be charged for that virtual machine. There are, however, some limitations. If you choose to have storage linked to the virtual machine, the storage is charged differently. 

Azure has different tiers. You can use the standard free version. You can have the B1 license that gives you more services. There is a B2 license that extends to even more objects, more users, and more services. So, depending on the license that you have for the product, the capacity changes. The basic tier allows you to manage a certain number of objects, which can be users, groups, permissions, etc. The number is limited because you are using the free version. If you want to manage a bigger company or more objects, you can just purchase a B1 license. If you need more, you can change to the B2 license that's a top tier. 

If the size of your company changes or you need to reduce the number of licenses or services, you can always cancel licenses. You can go back to the lower tier at any time depending on your needs. Most of the big companies use the higher tiers because they have many employees. In domains like education, there are many students, so they need to use more licenses, but most of the small companies or users who are using it for a project use the free version.

If you need to purchase a service, for each and every service that Azure offers, there are different pricing tiers. For example, you don't have to purchase a virtual machine that is too expensive. There are basic virtual machines that may cost you $40 for one month. If you need a very specific machine to do a deployment, you can use it just for the deployment and then delete the virtual machine. You have to pay it only for the hours for which you used that machine, which is a great advantage. If you work with data processing or you're a developer who needs to test new software or a game, you don't need to pay a huge amount of money for a specific virtual machine. You will only be paying for the hours that you need to do the testing. You don't have to pay $6,000 for high-end technology. I know that the idea is to keep people using the virtual machine, the storage account, or any service they have, but if their needs are just limited for a few hours of the month, that's what they will be paying for. So, it is very flexible.

I would recommend Azure Active Directory to everybody. I would recommend others to use it to easily manage all the users. If you are dependent on an on-premises server, those servers may fail. Some people have too many old servers. If you move to the cloud, you don't have to worry about hardware maintenance.

Microsoft offers several ways to keep your data safe on the cloud. For example, you can choose replication. That means that your data will be at two different data centers. You can have your information at two different locations, such as in the east of the USA and in the west of the USA. If you are paying for higher services, all your information can also be in another country or region. So, all the information that a company may have in Azure will be protected if something catastrophic happens, which is something very important, especially for large companies. 

The improvements to the platform are constant, and the feedback that the customers provide to Microsoft is taken very seriously. They have a feedback page where the users can request new features or existing features that they are not happy about. Microsoft takes into account all these requests, and I see the response from the backend team or developers. I can see how they provide new products or good information about what they are doing right now to improve the services. Most of the requests are for new services and ideas, and most of those ideas are seriously reviewed. I can see that over the last few years, how many of these requests have become a part of the platform. So, you see improvements everywhere. There is also a change in Office 365, which will be soon known as Microsoft 365. They're changing the experience, and they are also changing the licenses to include more products. So, changes are constant. I am not saying this because I work for Microsoft. I have also worked for Amazon, and I see similar structures. They are making changes all the time.

Every day, I see the requests of customers and the response from Microsoft to those requests. When all these improvements are added to the platform, for those of us who are on support, the cases become easier to manage. It gets easier to provide solutions because we have more options to resolve the problems, and the customers also have more options. 

There are times when customers don't realize that the platform has changed and the services they used don't exist anymore. Usually, we provide support through Microsoft Teams and remote sessions. So, we go there, and we explain to the customer that they can do this because the platform allows them to select this and then do customization. So, everything is flexible. The customers sometimes are very surprised because they don't know that the platform has changed so fast. The experience of providing support becomes very nice when a customer is amazed by all the new features. They had been working in the old way, and they didn't know that they now have many options on the platform. In such cases, it is a very satisfactory experience for the customer and also for us. In some cases, it takes about 10 minutes, and the problem is solved. The customer becomes very satisfied with the solution.

I would rate it a 10 out of 10. I can't tell how happy people are when they call and are looking for such a service, and they realize that it already exists. They just didn't know about it. This rating is not based on the experience that I have in working with Microsoft; it is based on the experience of the customers I work with.

We have a variety of use cases. The first thing we use it for is Microsoft 365 services. We utilize the single sign-on capability, for use with other SaaS applications. We use MFA, and use it as an identity provider, in general. We make use of the B2B Federation functionality based on Active Directory, as well.

We use a hybrid Azure Active Directory that works in conjunction with our on-premises Active Directory.

Azure AD has security features that have definitely helped to improve our security posture. Our hybrid environment makes it very easy for us to control when we need to integrate with third-party solutions. Normally, we do not allow integration with our on-premises systems and by requiring the third parties to integrate through Azure Active Directory, it gives us an extra layer of security. There is one-way communication from our on-premises Active Directory, which helps to secure our main controllers.

Another thing that we use extensively is conditional access, on top of the Azure Active Directory multi-factor authentication. We are quite happy with the metrics and reports, as well as the logging of risks, such as attempts to sign in from different areas.

So far, we haven't had any incidents. We've seen some attempts to steal our identities or to log in using our credentials but the security provided by this product, including conditional access and MFA, has stopped these attempts. From a security perspective, we are quite happy.

Overall, our security posture has improved, especially when we are talking about MFA. We have MFA deployed on-premises for all of our critical applications. Moving beyond this, to the cloud, I cannot imagine dealing with all of these different SaaS products without having AD or another cloud identity provider in place. We could use a competing product but definitely, we cannot survive solely with our on-premises solution.

This solution has improved our end-user experience, in particular, because of the single sign-on feature. Our users can quite easily begin working. For example, I've worked with other SaaS solutions and one thing that users complain about is the additional steps required for MFA. Some of the non-tech-savvy end-users sometimes struggle, but overall, I would say the experience is quite good.

We are a group of companies and have different Active Directory Forests and domains. Using Azure Active Directory, collaboration is much easier for us because we are able to configure it at the cloud level.

The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.

The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks.

The MFA has some limitations compared to the legacy version. We still use our on-premises version because it works with our legacy applications using certain protocols. 

I think that as Microsoft is going to the cloud, they are turning off the on-premises features too quickly because the functionality is not yet at par.

I would like to see more features included, such as some surrounding the lifecycle of licenses, and access management for non-Azure cloud applications

We have been using Azure Active Directory for approximately three years.

Prior to working with this company, I worked for Microsoft and I used Azure Active Directory as a user over a period of four to six years.

I'm pretty happy with the stability of this product. In all of the time that I have used it, I do remember a couple of instances where there was downtime. However, these did not last for a significant length of time.

I can recall that it went down one time, for approximately four hours, in several years. SLAs are definitely met by Microsoft.

Scalability-wise, it works for us. We haven't had any problems and it is quite scalable.

Our company has 4,000 employees, so it isn't very large but so far, so good.

There are two people who are administrators that are involved in the managing and administration of Azure AD. I do not have administrative rights. Rather, I am set up for viewing only. 

In general, I would rate Microsoft support a seven out of ten. Sometimes we needed to speak with different people about the same problem, and each time, we had to describe the situation from scratch.

I have no experience with other B2B Federation solutions, so I can't compare Azure Active Directory in this regard.

Our initial setup was complex in some ways and easier in others. The complexity stemmed from the fact that we are a bank, and the security team chose the most complex deployment. Because the security people chose the most complex options, they are missing things. For example, self-service password reset is not working for us because it's one-direction communication.

In summary, our initial setup was complex because it was chosen as such. Although it is the most secure, we are missing some benefits that we would have if we had chosen a different setup.

The deployment itself was not very long. However, the planning stage was lengthy because of the in-depth discussions with the security team. Overall, the deployment took perhaps two weeks or less.

Our deployment strategy was a rather high-level approach and considered that our primary identity provider is on-premises AD, which means that we were able to take some of the details from there. We did not have to consider everything from scratch. For example, our password hash is one-way, so there are no writebacks. We defined it this way because it's quite secure. Similarly, we needed integration with third parties, such as other cloud providers. This meant that we were not afraid if something is breached because there would be no impact on our Active Directory. The only impact from a problem would be at the Azure Active Directory level.

The cost of Azure AD is one of the biggest benefits, as it is available for use free of charge when you start with Office 365. It comes with the basic version of it and you can move to the more expensive plans with additional features, but these are still very competitive compared to other vendors.

By comparison, other vendors offered an independent MFA product but at quite an expensive price. With Microsoft, it was already included in the price. The bundling approach that Microsoft uses is good; although competitors may offer a more compelling solution, we already have access to the one from Microsoft at no additional cost.

We evaluated some other products from an MFA perspective but I have no hands-on experience with them. I received many good recommendations about both Okta and Ping Identity solutions.

My advice for anybody who is considering Azure Active Directory is that if they are going to use other Microsoft services, like Office 365, then it's no brainer. It's the perfect solution for situations like this.

If you're using a different stack, like Google, and you choose a different cloud provider like Google or Amazon, then if you are using Microsoft, it is still good to use Azure Active Directory. The costs are relatively cheap compared to others.

However, if you're not using Microsoft products, then I would suggest that you could look to other vendors like Okta, for example. I had quite a few good references regarding Okta and the Ping Identity products. Ultimately, you are free to choose but from a cost perspective, Microsoft is great.

I would rate this solution a nine out of ten.

When I started using Microsoft Entra ID I was an identity and access management technical support engineer at an organization that was a Microsoft partner. I use Microsoft Entra ID primarily to reproduce customer scenarios or challenges they are facing to help them resolve issues on their end. 

Microsoft Entra ID offers a single pane of glass for managing user access. This unified interface provides essential notifications and guidance if further actions are needed within Entra ID. While all features can't be displayed simultaneously due to potential clutter making it visually unappealing, the centralized view efficiently directs us toward managing user access and other identity and access management tasks.

The single pane of glass affects the user's experience positively. Microsoft Entra ID makes necessary innovations when it comes to the GUI interface.

In my overall assessment, the admin center seems effective in consolidating all the responsibilities and duties that admins should be able to perform. This centralization makes it efficient for users like us global admins and user administrators to find everything we need to do in one place, adhering to the principle of least privilege. While I appreciate the admin center's functionality, I prefer working with the Entra portal for its more robust view.

Microsoft Entra ID has significantly improved our organization's security posture. One key feature is what we call privilege identity management, specifically designed to manage sensitive administrative credentials. For example, imagine a CEO with an account in Entra ID. We might also have an IT technician or support person with an admin role, like a Security Admin. We call these privileged identity accounts. While the CEO holds the highest position, they don't need admin access. privilege identity management has been instrumental in enhancing our overall security in several ways including, Robustly securing privileged identity accounts: PIM implements stringent controls and access restrictions, minimizing the risk of unauthorized access to sensitive data and systems. Enforcing the principle of least privilege: PIM ensures users have only the minimum permissions necessary to perform their duties, reducing the attack surface and potential for misuse. Adding extra layers of security: Entra ID integrates multi-factor authentication and conditional access policies, further strengthening access control and mitigating security risks.

Entra ID's conditional access feature strengthens the zero-trust principle, which emphasizes continuous verification and never granting automatic trust. This policy has significantly improved our overall security posture by implementing specific controls that grant access only when users meet defined conditions.

The visibility and control provided by Entra ID permission management across Microsoft, Google, and Amazon Cloud is impressive. Microsoft has a long history in the identity and access management space, starting with Active Directory and subsequently adapting to the cloud. Their cloud expertise has served them well in developing Entra ID, a comprehensive IAM solution. I believe Entra ID represents a significant improvement, offering clear visibility and control over permissions. While I haven't used other third-party products for comparison, I feel Microsoft has delivered a top-notch feature within the IAM landscape.

Using permission management has helped reduce risk surfaces regarding identity permissions.

Entra ID has significantly reduced the time burden on our IT administrators and HR department. Take, for example, its built-in self-service password reset feature. Imagine I've forgotten my password and need to reset it. Previously, I'd have to log a request with IT, potentially waiting for assistance if they were unavailable. SSPR empowers users to reset their passwords independently, freeing up valuable time for our IT team. For our HR department, Entra ID offers integrations with third-party apps, also known as user provisioning. This comes in two flavors: outbound and inbound. Outbound provisioning specifically applies here. In this scenario, Entra ID acts as the source system, creating user accounts in the target third-party SaaS app which is like a tag assistant. For example, if an HR employee needs access to Dropbox or G Suite, we can create those accounts automatically in Entra ID and then provision them into the corresponding SaaS apps using user flows. This eliminates the need for manual user creation in each app. Furthermore, we can implement single sign-on, removing the hassle of juggling multiple passwords for different resources.

Microsoft Entra ID has significantly impacted the employee user experience, particularly through its single sign-on functionality. SSO eliminates the need for multiple passwords to access different resources. Previously, when a user was created in Entra ID, accessing other applications developed outside of Microsoft required separate credentials and logins for each platform. This created a fragmented and cumbersome experience. However, with Entra ID's SSO, user authentication and authorization for these third-party applications now seamlessly occur through a single sign-on process. This grants secure access to all integrated applications without the need for additional logins, streamlining the user experience and enhancing security.

Every feature in Microsoft Entra ID plays a crucial role in overall security. It's like the human body – we might underestimate the importance of seemingly insignificant parts. They might appear small or seemingly irrelevant, but their absence can have significant consequences. When a fingernail breaks or a hair falls out, we suddenly appreciate their role in the body's function. Similarly, with Entra ID, I wouldn't prioritize one feature over another. Each contributes significantly to the platform's robust security posture. They all work together to provide the best possible approach to cloud security. Therefore, highlighting a single feature as more valuable wouldn't be accurate.

Microsoft Entra ID can make improvements in two key areas. The first is to upgrade Workday and SuccessFactors integration to OAuth 2.0. Currently, these HR applications use basic authentication for inbound provisioning to Entra ID, while integration with other IDPs utilizes OAuth 2.0. Many organizations request the adoption of OAuth 2.0 for Entra ID as well, considering its enhanced security. The second is to provide clearer communication about features under public review. Features under public review should have comprehensive documentation outlining their capabilities and limitations. While user feedback is crucial, deploying incomplete features in production environments can lead to frustration and blame. Customers should be informed that public review features are not intended for production use.

I have been using Microsoft Entra ID for three years. 

The technical support team is always readily available 24/7. Regardless of when we raise a support ticket, someone will promptly reach out and try to resolve our specific issue. I understand that the support experience can vary depending on the agent we connect with. Some may not have extensive product knowledge, while others have hands-on experience and offer quick, helpful solutions. Overall, I'd give them a solid ten out of ten. Their constant availability and dedication to resolving our problems are commendable. Even with agents new to our organization, we can feel their effort to assist us. They escalate issues if needed, consistently check back with us for satisfaction, and demonstrate empathy while reassuring us that any limitations or problems we face will be addressed.

Positive

With the rise of cloud computing, Microsoft's exceptional hybrid identity capabilities proved invaluable for our organization. We were able to seamlessly integrate our on-premises users with the cloud through Entra ID. This implementation involved leveraging both Entra ID Connect and the cloud sync agent. While I'm unsure of their identity management setup before Entra ID, I can confidently say that the organization already relied on Active Directory on-premises before I joined.

Deploying Entra ID is generally straightforward. Once we create our Entra tenant, we gain access to Entra ID. Similarly, if we subscribe to Office 365, Entra ID is automatically created for us. This default setup meets most basic operational needs. Therefore, we don't typically need to make any further configuration unless we want to adjust security settings based on our specific organizational needs. Overall, using Entra ID is seamless and can be started directly from our tenant or Office 365 site.

The cost of Entra ID depends entirely on our organization's specific needs and use cases. For smaller organizations, like a local supermarket, it might be quite affordable with the basic free tier or a lower-tiered license. However, larger, multi-national companies with complex requirements may incur higher costs due to the need for additional features and advanced licensing tiers like P1 or P2. Instead of simply labeling it as cheap or expensive, it's important to consider our specific scenario and what functionalities we require. Different models and licenses cater to different needs, so the best approach is to carefully evaluate our organization's specific situation and choose the most suitable option.

I would rate Microsoft Entra ID a ten out of ten.

In the global identity management space, roughly 70 percent of organizations, in my experience, utilize Entra ID. One key reason for this adoption stems from the prevalence of on-premises Active Directory. Many organizations have long relied on this on-premises solution, and Microsoft's decision to replicate its functionality in the cloud, resulting in Entra ID, made the transition seamless for existing users. This familiar interface and consistent experience significantly eased adoption, leading to the 80 percent user utilization rate for Entra ID within my organization.

I am the Microsoft solution architect for our organization and we are in the process of testing Microsoft Entra ID. 

Microsoft Entra ID will serve as the identity provider for all services, including on-premises and other sources. For instance, it can be utilized to authenticate our in-house phone application, replacing the need for local active directory authentication. With Microsoft Entra ID, the local active directory becomes unnecessary for authentication purposes. As an illustration, even in services like Gmail, authentication through Microsoft Entra ID is possible. This presents an excellent option that is also user-friendly. 

Moreover, the system is uncomplicated, featuring a lightweight and non-hierarchical schema. In contrast to the conventional active directory with its organizational and sub-organizational structure, Microsoft Entra ID adopts a flat directory model, streamlining operations without hierarchies. While this approach offers advantages, it also comes with its drawbacks, such as its reliance on the cloud platform.

Microsoft Entra ID provides a unified interface where we can manage all of our entities. It utilizes a flat directory structure, allowing us to assign user access and group them using tags. For instance, when we create a user for the sales team, we simply apply a tag such as "sales," automatically adding that specific user to the sales group. This eliminates the need for the manual creation of containers and the manual grouping of users within a specific container. Everything is achieved through tagging, and streamlining the process, and is facilitated by the singular interface offered by Microsoft Entra ID.

We can easily apply security policies through a unified interface. Everything in Microsoft Azure can be utilized for server storage. Although it's within a single interface, there are options for differentiation. For instance, by clicking on the Microsoft Entra ID, we can access a distinct interface. Here, we have the ability to create, apply, and manage policies for various aspects, all from this specific interface.

The admin center helps us identify where there are issues and easily take action.

In Microsoft Azure, there is a tool called Intune, which serves as a device management tool. In the past, we encountered issues while managing all end devices through SSCM. This involved a constraint where any updates or policies could only be pushed if the device was connected to the office network. Essentially, users needed to physically connect their devices to the office network to receive updates or policy changes. However, with the introduction of Intune, a Microsoft Azure product, we transitioned all our devices to this platform. This allows us to create and directly push policies without the necessity of the device being on the corporate network. Users can now receive security updates, as well as different antivirus updates, even while working from home. This streamlined approach greatly simplifies endpoint maintenance, which also extends to mobile devices.

We do not utilize the Microsoft Entra ID conditional access feature for endpoint devices. Instead, we apply conditional access to specific groups. For instance, we have a team that requires access for a defined period. Additionally, certain types of vendors need access ranging from, for instance, two days to a few hours. In such cases, we employ the conditional access feature to grant the necessary access. We have employed this approach, and it has proven to be highly advantageous.

While we don't typically utilize the conditional access feature in combination with Microsoft Endpoint Manager from the user's standpoint, there are certain groups for which we do implement conditional access. For instance, within multiple teams, not all members are granted identical access. Various team levels enjoy distinct levels of access. It is in such scenarios that we employ the conditional access feature.

We have an access group where we define the access that each team will receive. Additionally, we have the Tier One, Tier Two, and Tier Three support teams, for which we have defined privileges based on their respective roles and responsibilities.

Microsoft Entra ID assists in saving several hours for our IT administrators and HR departments daily. This is particularly due to its unified interface. For instance, when we need to review certain logs, we can grant access to the HR team. They can easily retrieve logs detailing specific employee activities. This includes information such as individual browser usage duration and system activation records. These types of logs encompass the range of data generated on a daily basis from this platform.

Microsoft Entra ID has undoubtedly assisted in saving money for our organization. This is because we are not only utilizing the solution itself, but we can also incorporate our application server along with products such as software and solutions, including emails. Microsoft Entra ID is included as part of the package fee, which unequivocally contributes to cost and time savings. This is primarily due to the elimination of the necessity for an additional identity provider, as it is already encompassed within the package.

Our employees' user experience has improved with Microsoft Entra ID compared to the local Active Directory, which was occasionally slow, depending on the availability of our log-on server at the time. If it was unavailable, logging in was significantly slower, and we could get logged out. This is no longer the case, and now we can easily log in. 

The group assessment policy stands out as the most valuable feature. It allows us to create numerous groups and add multiple users to those specific groups. Managing these groups can become quite complex within the standard active directory procedures. For instance, when it comes to tasks like adding or removing users, especially if a user is checked out, it can be unclear whether someone needs to manually remove them from the active directory.

However, there exists an option that streamlines this process. This option automatically sends a notification to the user. We have the ability to define the email user in the designated field. Subsequently, the system will prompt us to confirm if continued access to this specific group is required for a few users. If this is a routine request, the system will retain the user in the group, ensuring their ongoing access. This particular feature proves to be incredibly useful in managing these scenarios.

The group policy structure options continue to change, and the naming conventions remain confusing when we access the cloud. 

The support is a bit slow. This is particularly challenging for the service engineers. For instance, opening a ticket takes a considerable amount of time to pinpoint the underlying issue. While high-severity tickets are resolved quickly, there are instances of lower-severity issues that still impact a specific group of users. Addressing these problems is taking longer than usual.

I would like to have the option if needed to use the hierarchy when setting up groups.

I have been using Microsoft Entra ID for three years.

Microsoft has really good SLAs and I can not remember the last time they went down. I would rate the stability of Microsoft Entra ID nine out of ten.

Scalability is quite simple, and the primary advantage of the cloud solution is its scalability; there isn't much to manage in this regard. Our growth remains unhindered because we don't have to impose limitations on ourselves when embarking on new projects or endeavors. Scalability is inherent, requiring only payment for additional resources if necessary. As there's no hardware involved, both scaling up and scaling down are easily achievable.

The support is slow to respond to and resolve minor issues.

Neutral

We are still using our standard Active Directory locally in our on-premises data center.

The complexity of the initial setup depends on the technique used. While it may seem a bit complicated, with the proper design, it becomes a non-issue. Each module has different procedures. For instance, the Defender module, which is a Microsoft service, serves as a part of the Entra ID, allowing us to block and control websites and provide security antivirus solutions. We have onboarded all our devices to Defender. Thus, the machine doesn't need to be part of Microsoft Entra ID, but migration is still possible.

Currently, we are in the midst of a project to onboard the devices to Microsoft Intune. We are transferring the devices from the local active directory, and this process is ongoing. For each device, specific scripts need to be executed, which can be a bit complex. The complexity often arises due to existing policies and applications. When everything is well-prepared, the onboarding process is smooth. This might be an easy task for a new organization, but for those already using a different solution, the migration process becomes a bit complex. Thorough testing is necessary, especially considering that policies tend to change over time.

This project has been running for more than two years and is still ongoing. The pilot phase alone is estimated to take about one and a half years due to various commitments. Unlike a company like Google, my organization operates differently; it encompasses multiple entities like the United Nations across various locations. Since the user count exceeds five thousand, we're being cautious and gradual in our migration. At present, we have migrated only around a hundred users for testing purposes. The migration of the remaining users is scheduled to occur soon.

The price is good, and we have no complaints.

I would rate Microsoft Entra ID nine out of ten.

Microsoft Entra ID is utilized throughout our entire environment. It serves as a singular identity provider for all aspects of our operations, including servers, applications, endpoints, and even external applications. For instance, we can authenticate third-party applications using Microsoft Entra ID.

The required number of personnel for maintenance depends on the size of the organization and the quantity of Microsoft products in simultaneous use. For instance, if we have Microsoft Entra ID solely for email and SharePoint online teams, and there are around five thousand users. In this scenario, I believe that dedicating approximately three to four individuals to Microsoft maintenance would be reasonable.

I recommend Microsoft Entra ID. Microsoft Entra ID can be utilized for third-party applications like AWS and Google as well. It's user-friendly, allowing us to authenticate the products or applications of our interest, even if they are not located in the same place as our origin; nonetheless, they will function seamlessly.