We just raised a $30M Series A: Read our story
AG
Solutions Owner at a manufacturing company with 10,001+ employees
Real User
Identity and access management help improve our security posture

Pros and Cons

  • "Many of its features are valuable, including: facilitating application authentication, privileged access management, processes for attestation, and access reviews."
  • "When it comes to identity governance, the governance features in Azure AD are very focused on Microsoft products. I would like to see those governance and life cycle management features offered for non-Microsoft products connected to Azure AD."

What is our primary use case?

We have users, groups, and applications, and the purpose of this product is authentication, authorization, and attestation. We use it for the services connected to those three "A"s. The use cases in all organizations are more or less the same, even if some side services differ. Azure AD is used for authentication and authorization. It's about managing identities and granting access to applications.

How has it helped my organization?

It has features that have definitely helped to improve our security posture. The identity and access management, at the end of the day, are about security. It also offers features like multi-factor authentication, Privileged Identity Management, and access review and attestation, and all of these are connected to security and typically help improve security posture.

What is most valuable?

Many of its features are valuable, including: 

  • facilitating application authentication 
  • privileged access management 
  • processes for attestation
  • access reviews.

The multi-factor authentication, similar to when you use your mobile banking application when you want to do a transaction, doesn't rely only on your username and password. It triggers a second factor, like an SMS to your mobile. It requires another factor for authentication. This is one of the standard services Microsoft offers with Azure AD Directory.

Privileged identity management is also a standard feature of Azure AD for privileged accounts. We make sure we do privileged role activation when it's needed so that we do not have sensitive roles active every day.

What needs improvement?

A lot of aspects can be improved and Microsoft is constantly improving it. If I compare Azure AD today with what it was like five years ago, or even three years ago, a lot of areas have been improved, and from different angles. There have been improvements that offer more security and there have been some improvements in the efficiency domain. Azure AD is not a small product. It's not, say, Acrobat Reader, where I could say, "Okay, if these two features are added, it will be a perfect product." Azure is a vast platform.

But if we look at multi-factor authentication, can it be improved? Yes. Perhaps it could cope with the newest authentication protocols or offer new methods for second or third factors.

I'm also willing to go towards passwordless authentication. I don't want anyone to have passwords. I want them to authenticate using other methods, like maybe biometrics via your fingerprint or your face or a gesture. These things, together with the smart card you have, could mean no more passwords. The trends are moving in that direction.

When it comes to identity governance, the governance features in Azure AD are very focused on Microsoft products. I would like to see those governance and life cycle management features offered for non-Microsoft products connected to Azure AD. Currently, those aspects are not covered. Microsoft has started to introduce Identity Governance tools in Azure AD, and I know they are improving on them. For me, this is one of the interesting areas to explore further—and I'm looking to see what more Microsoft offers. Once they improve these areas, organizations will start to utilize Microsoft more because, in that domain, Microsoft is a bit behind. Right now, we need third-party tools to complete the circle.

In addition, sometimes meeting the principle of least privilege is not easy because the roles are not very granular. That means that if you are an administrator you need to do small things connected to resetting passwords and updating certain attributes. Sometimes I have to grant access for the purposes of user management, but it includes more access than they need. Role granularity is something that can be improved, and they are improving it.

Again, if I compare Azure AD today to what it was like three years ago, there have been a lot of improvements in all these domains. But we could also pick any of these specific feature domains in Azure AD and have in-depth discussions about what could be improved, and how.

For how long have I used the solution?

We have been using Azure Active Directory for more than five years.`

What do I think about the scalability of the solution?

Azure AD is very scalable. The only concern is around role-based access control limitations at the subscription level. That is something Microsoft is improving on. Currently, per subscription, you can have a maximum 2,000 role assignments. Sometimes big organizations hit the limit and need to implement workarounds to resolve that limitation. But that is something Microsoft has already confirmed it is improving. That is a limitation of the Azure platform, it's not specific to my organization. A smaller organization may never hit the limit, but bigger organizations do.

Apart from that, their application integrations, the service, MFA, and everything else, are quite scalable. It is moving in the right direction.

How was the initial setup?

Setting up Azure AD, is about moving toward the cloud journey. I cannot say setting up Azure AD is easy, but on the other hand, organizations are not moving to the cloud in one go. It's not all or nothing, that you have it or you don't have it. It depends on which services you are receiving from Azure AD. Some organizations, like ours, start with a limited number of services.

You usually start with syncing your identities to the cloud so that you can offer your employees certain cloud services. You want to enable them to use certain SaaS applications, where they are relying on a cloud identity, and that's why you need to have your accounts in the cloud. Without that, you cannot grant them access.

Later, you may offer the ability for business partners to use and benefit from certain cloud applications, and gradually the use cases increase. For example, someone may become a privileged user to take responsibility for an application and manage it. When that happens you start to think about what other features in the Azure platform you can offer to do administration in a more secure way. Or, once you have thousands of users benefiting from cloud applications, how can you make sure that you protect their assets and their data? That leads you to start implementing other security features, such as multi-factor authentication. Over time, you may have users benefiting from Office 365 and they need to collaborate by using Teams and SharePoint. Again, you start to build something else around that.

Whether large or small, organizations are on a journey, where they start from on-premises with servers and all these server rooms and applications in the organization. They then shift workloads to the cloud. That process is still ongoing in my organization and in many organizations. Ten years ago, workloads were all on-premises. Five years ago, maybe 90 percent were on-premises. Today it might be 50 percent cloud and 50 percent on-premises. There is value from the cloud: elasticity and flexibility, even for big organizations. A server on-premises is a different story compared to having it on the cloud. If I need to upgrade a server on the cloud, it takes five minutes. If it's on-premises, I need to order hardware and then change the hardware. The usage of Azure Active Directory is due to the evolution of the cloud.

The bottom line is that the implementation is gradual. It's not difficult or easy, although we started with things that were easy to adopt, and then we continued the journey.

The staff required for maintenance of Azure AD depends on how you organize your support. Some organizations outsource their end-user support to other companies, while other organizations staff that completely internally. It can also depend on the users. Is your organization a global organization or a small, local organization? For us, to make sure we maintain the support and availability and all the services we need, including change management, we need at least 15 to 20 resources for a global application with more than 20,000 users, to maintain the platform.

What about the implementation team?

We worked with a lot of consultants for Azure AD. There are many features and no one expert or professional can help with all aspects. Organizations, during their journeys, have to work with different partners and integrators. It may be that there is a specific application you need to integrate with Azure AD and you need some skills there. It may be that you want to better manage Azure resources, so you would talk to a different type of resource. You may want to increase your identity security scores, depending on how you configure Azure AD, and for that, you would need to talk to an Azure security expert. I think this applies to all big enterprises. We need different skills to better utilize Azure, including Azure AD, and to do processes in a more secure way.

We have Microsoft Professional Services. That's the primary source for many organizations that are utilizing Microsoft services. If you have an enterprise agreement or a unified agreement with Microsoft, they offer you consulting services. Of course, you have to pay for Professional Services, but we get value there. The number-one consulting and integration support provider is Microsoft.

They also work with certified partners like Accenture or Avanade. These organizations are connected with Microsoft and they offer consultancy services to enterprises like ours. Depending on the subject, we may use services from any of these providers. We usually go with Microsoft-certified partners.

What other advice do I have?

Multi-factor authentication means you need to do an extra step, but that is normal because the attack surface is wider. We want to make sure you are who you say you are. That extra step impacts the end-user experience, but it's needed. The way authentication happens today is far different from 10 years ago. It may result in some added difficulty, but it is there to protect employees, organizations, customers, business partners, IT assets, data, et cetera.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
HUGOMARTINEZ
IT Manager at a renewables & environment company with 201-500 employees
Real User
Top 5Leaderboard
Gives us tight control over who is using applications, and enables us to add, delete, and modify users in one place

Pros and Cons

  • "For some applications, it's not only working for authentication but it's also being used to apply roles for users. From the management perspective, it's much better to have this because in the past we constantly needed to go into the console of the different solutions and create or delete users or modify their roles and permissions. Now, with Azure Active Directory, we can do that from a single point. That makes our management model much easier."
  • "From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately."

What is our primary use case?

We have deployed an Active Directory model with Active Directory on-premises, and that is providing services to the entire organization. In 2018, we wanted to implement single sign-on with some of our cloud solution partners. That was the main reason that drove us to implement Azure Active Directory. As far as I know, that's the only thing that we use Azure Active Directory for at this moment.

We can call it a hybrid system. All our internal operations are using Active Directory on-premises, but when we need to identify some of our users with applications on the cloud, that's when we use Azure Active Directory.

We are a mid-size company with around 550 users end-users, with the same number of end-user machines. We also run somewhere between 120 and 150 servers.

How has it helped my organization?

The reason we implemented it is that we can use it for authentication with some of our service applications, and that makes users' lives easier. They do not need to learn a lot of different passwords and different usernames. The other benefit is that, on the management side, it's very easy because you can have tight control over who is using the application and who is not; who has permissions.

For some applications, it's not only working for authentication but it's also being used to apply roles for users. From the management perspective, it's much better to have this because in the past we constantly needed to go into the console of the different solutions and create or delete users or modify their roles and permissions. Now, with Azure Active Directory, we can do that from a single point. That makes our management model much easier.

As a result, the solution has helped to improve our security, because user management control is very important. In the past, there were times when, for some reason, we forgot about deleting or even creating users for certain applications. Now, because we have only a single point for those processes, there is better control of that and it reduces the risk of information security incidents. That's especially true when you consider the case where we had forgotten to delete some users due to the increasing number of applications in the cloud. We now have five or six applications using single sign-on and that capability is one of our requirements when we introduce a new solution. It has to be compliant with single sign-on and it should have a way to be implemented with Azure Active Directory. It makes our infrastructure more secure.

Among the applications we have that are using single sign-on are Office 365, Concur for expense control, we have an integration with LinkedIn, as well as two other applications. When a user decides to leave the organization, we check that their access to all our internal applications has been closed. That can be done now with a single script. It makes it very easy for us to delete the user from the organizational unit, or from where the group linked to the application.

It makes things a lot more comfortable in terms of security as we don't need to log in to every single application to delete users. We would see, in the past, when we would run a review on an application in the cloud, that suddenly there were, say, 10 users who shouldn't be there. They could still be using the service because we didn't delete them. For some applications it's not that bad, but for others it could be an open security risk because those users would still have access to assets of the organization. We have reduced, almost to zero, the occurrences of forgetting a user.

Azure AD has affected the end-user experience in a positive way because, as I mentioned, they do not need to learn different usernames and different passwords. In addition, when users request access to some of the applications, we just need to assign the user to the different groups we have. These groups have been integrated with the different cloud applications and that means they can have almost immediate access to the applications. It makes it easier for us to assign roles and access. From the user perspective that's good because once they request something they have access to the service in less than 15 minutes.

What is most valuable?

Implementation of single sign-on with other vendors is quite easy. It might take a couple of hours and everything is running.

For how long have I used the solution?

We've been using Azure Active Directory for over two years.

What do I think about the stability of the solution?

The availability of Azure AD is good. I don't have any complaints about it. Regarding the stability, we haven't had any issues with it. We haven't experienced any service interruption. 

Part of our strategy in the short-term is to move most of our Microsoft environment, when it's feasible, to the cloud, because we have seen that the cloud environment offered by Microsoft is really stable. We have proved that with tools like Azure Active Directory. In almost three years we haven't had a single issue with it.

From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately. It really only takes a few minutes. Although it doesn't seem to cause any problems for our organization, I would like to see more efficiency when it comes to the different connectors with cloud services.

What do I think about the scalability of the solution?

We haven't had a situation where we need to scale this solution.

How are customer service and technical support?

We haven't had any major issue with the solution so we haven't called Microsoft technical support for Azure AD so far.

Which solution did I use previously and why did I switch?

We have always used Active Directory as our dedicated services solution. Three years ago we increased the scope of it and synchronized it with Azure Active Directory. Our on-premises Active Directory is our primary solution. Azure Active Directory is an extension of that.

How was the initial setup?

The initial setup was quite straightforward. It didn't take too long just to get our Azure Active Directory environment set up and running. I think it took less than a day. It was really fast.

We already had Active Directory on-premises, so what we created was the instance of Azure Active Directory. All the different groups, users, and services were already set up. We then replicated with what we currently have in the Azure Active Directory instance. It was not really difficult.

Our company is quite small and that is reflected in our IT department. Azure Active Directory is handled by our infrastructure coordination team, which has only two members. One is the senior engineer who performs all the major changes and the main configurations. We also have a junior engineer who runs all the operations in the company. From time to time, one person from our help desk, usually me, does some small operations when we don't have the infrastructure team available.

What about the implementation team?

We use a reseller to buy the product and they also provide some consulting services. Our relationship with Microsoft is not a direct relationship.

Our reseller is SoftwareONE. They're a global company and our experience with them has been good. We have been with them since 2010 or 2011. We have two or three different services from them related to Microsoft and other brands. They are not exclusively reselling Microsoft licenses. 

What was our ROI?

From a very subjective point of view, as I haven't drawn any kind of numbers to calculate the return on investment, what I can see so far is that the investment is running smoothly and it's easier for us to run our environment with it.

What's my experience with pricing, setup cost, and licensing?

If you have all your infrastructure built using Microsoft tools, it is straightforward to go with Azure Active Directory. Under these circumstances, I don't see any reason to find another solution.

We have an E3 contract, and I believe Azure AD is included in it.

Which other solutions did I evaluate?

We didn't evaluate other vendors because our entire environment is based on Microsoft solutions.

What other advice do I have?

As with any implementation, design is key. That would be applicable to Active Directory as well, but when it comes to Azure AD, do not start the installation unless you have an accepted design for it. You shouldn't just start creating objects on it. You need to have a clear strategy behind what you're going to do. That will save you a lot of headaches. If you start without any kind of design, at the end of the road, you can end up saying, "Okay, I think it would have been better to create this organizational unit," or, "We should have enabled this feature." It's probably not very straightforward to implement the changes. So have a team design the Azure Active Directory structure for you. You need to have the map before starting the implementation.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
543,424 professionals have used our research since 2012.
ITCS user
IAM / IT Security Technical Consultant at a retailer with 10,001+ employees
Real User
Managed identities mean that people don't have to wait for a long time for manual intervention when they raise a ticket

Pros and Cons

  • "Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things."
  • "An area where there is room for improvement is the ease of use of the dashboards."

What is our primary use case?

When we are deploying cloud applications we avail ourselves of the services of Azure AD. At the moment, we are mostly getting the data from on-premises to the cloud, as far as user entities go. We're trying to define policies based upon the company's and our projects' requirements, such as whether we need to make something public or private. This all has to be defined. We also use it for access management.

How has it helped my organization?

We have protected the entire tenant itself, as a federation. AAD has also become a great source of research.

Previously there were many tenants and many subscriptions within each tenant. We have been able to separate Office 365 as a separate tenant and not welcome any other applications into that. We are only using SaaS with that tenant. Later, we had different tenants, and we welcomed all types of PaaS and IaaS.

Recently, managed identities came into the market, and we are trying to adhere to automations and customization, the automation of groups, which is a major advantage. That way, people don't have to wait for a long time for manual intervention. If they raise a ticket, within a few minutes the answer can be in their mailbox with all the details.

What is most valuable?

The features I normally use are for authentication and authorization.

Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.

For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.

What needs improvement?

An area where there is room for improvement is the ease of use of the dashboards.

Also, if a user is working in India, and we suddenly see a login from the US, Australia, or New Zealand, we should be alerted, because we wouldn't expect that application would be used by that user in those locations at that time.

An area for improvement is that there is so much dependence on on-premises databases, in the on-premises directory services.

In terms of features we would like to see, we don't have domain controllers in Azure AD. We are also looking at how we can best migrate users from on-premises to Azure AD, and how we can welcome B2B users. We would like to see improvement in the B2B functionality. We hope that is already in the roadmap. We'd also like to see some functionality for how we can set boundaries for tenants. We have multiple tenants that we're trying to consolidate. It's definitely going to be a big challenge to consolidate two tenants, so we're looking for help in that area.

For how long have I used the solution?

I have been using Azure AD for the last three years.

What do I think about the stability of the solution?

In terms of the solution's availability, I haven't seen anything negative. It's always available. There have been no issues.

What do I think about the scalability of the solution?

I haven't seen any room for improving the scalability or performance. The capacity is good. We are managing about 5,000 users in Azure AD. We have an Ops team and there are about 10 people who maintain and manage users and groups for the production tenant. But in five months, with SaaS and PaaS services, that might go higher.

How are customer service and technical support?

We have had many discussions with tech support for Azure AD. We are trying to install read-only domain controllers or ODCs into the cloud platform. We have had many challenges with that in terms of the network side and the business requirements. Another issue we have spoken with them about is how to do automation of service principles and of groups.

Support has been great, but there is a little room for improvement. We have had to go through many iterations and we have had to wait for a long time until the next version of the solution comes out. Overall, we get good support, but their timelines could be better.

Which solution did I use previously and why did I switch?

We were using Microsoft AD, on-premises. We are now syncing all the users who are in the on-premises version to Azure AD. We are not directly creating users in Azure AD because of the dependencies. Many legacy applications are talking to the on-premises directory services. When a user is created, we are sending that user from the on-premises to the cloud through Azure AD Connect.

What's my experience with pricing, setup cost, and licensing?

We are using the Premium P2 licensing. 

To explore the solution, I had to create a personal version, because I can't play with the access that we get from the company. We explore those services in the personal version first, to see how it reacts.

From the company side, we haven't had issues because the licensing works well. But on a personal level, if I could enable more trial services, at least for a year, it would be much easier to explore and suggest the best solutions.

What other advice do I have?

It's an easy tool to explore if you have already worked with the on-premises data services. There is good documentation available on the Microsoft website. If Microsoft provided more time for new users to explore new features, that would help. Everyone could learn more and contribute more to their companies or to the projects that they're working on. But it is easy to learn.

Just be careful, because you are in the cloud. You have to be aware of access, AM, how the user is coming into their account, where the user is going and what the user actions are, and what access they have. Always try to enable single sign-on, so that if any fraudulent user comes into the picture, you can remove them as soon as possible. So enable those features for admin accounts and use privileged IT management, vaulting the password. You have to strictly follow the security standards, because it's open to the public when it is on the cloud. You have to be very careful about the project requirements, the end-user requirements, and what the business stakeholders need.

When we started with Azure AD, we didn't restrict much. Later, we restricted a few possibilities, such as users logging in with their social accounts, or email accounts like Yahoo accounts or Outlook. Initially it was open to all. Any user could invite a guest user and provide access, but later we restricted things with conditional management, and restricted users so that they could not connect to their Gmail accounts. We are coming up with more policies as well.

We have ongoing discussions with Microsoft Azure AD regarding how we can best protect our entities and what the behaviors should be. We have some more specific requirements in the company, related to project behavior. With IaaS, you have to welcome everyone. You have to put virtual machines in the cloud. You can use the password services and develop custom APIs and deploy them. 

We are trying to define our security policies as much as we can, as we are seeing many changes in the market and are trying to restrict as much as we can. Only users who are least privileged can have an all-access. The most privileged will have additional authentication. We're trying to differentiate.

We have to be very careful about the administrative part, so that operations can easily manage without any hassle. Because we don't have natural restrictions, we are trying to implement our own rules.

As we are moving to the cloud, we have to be very careful when it comes to Azure Active Directory. If there is a mistake and a random user can log in to the directory, they could have access to everything. A user should not have access to whatever he wants, so setting up the right level of authentication and authorization is important. Use IAM very effectively. Identity and access management is a powerful space where one has to be very careful in choosing and configuring policies and standard procedures. We're trying to define that and be careful when with all platforms, whether IaaS, SaaS, or PaaS. At the moment it's going well.

We are merging many things in the tenant. Before, we only had SaaS. We are trying to welcome PaaS and IaaS to use the same production tenant. We have to exercise caution for everyone, all the individual policies, groups, and service principles. We have to enable all the features that you are capable of, such as user sign-in permissions, and application sign-ins. That has to be continuously monitored.

We have a good rapport with Microsoft. We have good support. We'll be exploring all the new services, like the managed entities and their other services that have come up. We are trying our best to explore and use the latest features that are available.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
hugodpereira
Computer engineering student at a educational organization with 501-1,000 employees
Real User
Top 5Leaderboard
Good functionality for role and access definition, with helpful support material available online

Pros and Cons

  • "As an end-user, the access to shared resources that I get from using this product is very helpful."
  • "The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing."

What is our primary use case?

I'm a computer engineering student in Portugal, and we used it during one of our classes for practically the whole semester. We used both the on-premise solution and the Azure, online one.

While we were learning, we used it primarily for user access management and also to define rules for the organization. For example, we created organizational units and defined domains for enterprise-level organizations. I was able to specify access to, for example, certain folders, including shared folders and shared resources.

We were using it in conjunction with SQL Server 2019.

How has it helped my organization?

Azure Active Directory works well to access the resources that the school has set up for the students. We can share between our groups, and we can set up shared assignments or shared project folders very quickly and easily.

We have access to shared storage space, which is great. It is managed through Azure Active Directory and appears to me as a Microsoft OneDrive account.

As an end-user, the access to shared resources that I get from using this product is very helpful. I also use it for my email, which is a domain that is part of the organization. 

What is most valuable?

The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.

The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.

One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.

It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.

What needs improvement?

The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing. I had to cancel the subscription because it was using my credits too quickly. For the students, it was not a very cheap way to learn it.

It would be helpful if they provided more credits for students who are performing test cases because we had to be really careful when we were using it. Making it cheaper for students would be great.

For how long have I used the solution?

I have been using Azure Active Directory for one school semester.

What do I think about the stability of the solution?

Because we weren't using it on a large scale, it is difficult to estimate how good the stability is. That said, it worked fine for the small number of users that we had. Although it was not a good test, I think that it worked fine. It does have some good monitoring options, so we could watch the performance.

What do I think about the scalability of the solution?

I do not have large-scale experience with this product, as I was using it for practice during my degree program. I don't know at this point whether I will be using it in the future.

In my class, there were half a dozen or fewer users.

In order for the solution to be scalable, it requires some upfront work. You have to well define the users, profiles, and roles that you want to have at your organization. We were already given some advice on that from our teachers, including which roles we should create and so forth. Once you have that done, I think it's pretty straightforward. You just have to add them through the interface that the solution has, and it's not very difficult to do.

How are customer service and technical support?

I did not have to contact Microsoft technical support.

Our teachers explained what it was that they wanted us to implement and we were left to figure out how to accomplish the tasks on our own. When problems arose, I used Google to search for answers online. I also watched YouTube videos that included explanations and step-by-step tutorials.

Which solution did I use previously and why did I switch?

Another solution that we learned about was the Apache Web Server. You can do the same things that you do with Azure, but it's more complex. You have to know a little bit more about Linux and you have to do it more manually.

In Azure Active Directory, there are already some default options available. That worked for us. It's easier for someone who doesn't want to have the headaches of understanding some of the more minor details.

How was the initial setup?

For the initial setup, we mainly followed the tutorials that Microsoft has online. Initially, it was a little bit confusing because we discovered that there are many different versions of this same software. There are distinctions between an on-premise way of doing things versus a hybrid approach versus something that is on the cloud exclusively. There are limitations that each one of them has, as well as other differences that include mobile versus desktop solutions.

For a newbie like me, it was a little bit challenging to understand what the best approach would be. In this case, we were oriented by the teachers to implement the hybrid approach. When we were configuring Azure Active Directory for this, and also for the organizational units, we used the Bastion service. It is the one that creates the domains.

The deployment took perhaps half a day to complete the configuration, step by step. We had to make corrections between configurations, where we had made errors, which was part of the learning process. Overall, when you really know what it is that you have to do, it's pretty straightforward and quick to complete. Otherwise, it will take you a little bit longer.

From the documents that Microsoft has available, we understood that there are several ways to deploy this solution. There is an on-premises version, a cloud-based SaaS, and a hybrid option. 

We were using virtual machines with a license that was connected to our educational package. We have a product key, install it locally on the virtual machine, and that's how we worked with it. At that point, it was connected to the cloud.

Our Azure accounts are related to our college email address, and they are also administered by Active Directory.

What about the implementation team?

We deployed it ourselves. With our small group and for the length of time that we used it, we did not perform any maintenance and I don't know how it is normally done on a day-to-day basis. Based on what I have learned, I think that one or two people are sufficient for maintenance if they know the product from head to toe.

What was our ROI?

Based on my experience, it would be difficult to estimate how long it would take to earn your investment back.

What's my experience with pricing, setup cost, and licensing?

As this was being used in an academic setting, we were using the educational package. Azure has an educational package available for students with a variety of licenses and different software available. One of the applications included with this is the Azure SQL Server.

Each of the student accounts had an opening balance of $100 USD in credits. We used that to implement the solution and the code doesn't change if you are a student or a normal organization. Some of the things that we wanted to do were blocked by the organization, so we had to use our personal accounts. When we used our credits in this way, it was not specifically for students but for anybody who uses the service.

These credits are used on a pay-per-use basis and the price depends on the features that you use. The most expensive one that was relevant to our use case was Bastion, which allowed us to create and configure virtual subnets. Our use case required us to use it to connect our on-premises Windows Server with the cloud AD.

What other advice do I have?

My advice for anybody who is implementing Azure AD is to study the basics. Get to learn how this access management solution works. We used Microsoft Learn and YouTube videos to assist us with doing so.

In summary, this is a complete solution for any company, but it requires some time and practice.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Robertas Tamosaitis
Cloud Architect at a financial services firm with 10,001+ employees
Real User
Improves security, priced well, and makes MFA adoption easy for end-users

Pros and Cons

  • "The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features."
  • "The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks."

What is our primary use case?

We have a variety of use cases. The first thing we use it for is Microsoft 365 services. We utilize the single sign-on capability, for use with other SaaS applications. We use MFA, and use it as an identity provider, in general. We make use of the B2B Federation functionality based on Active Directory, as well.

We use a hybrid Azure Active Directory that works in conjunction with our on-premises Active Directory.

How has it helped my organization?

Azure AD has security features that have definitely helped to improve our security posture. Our hybrid environment makes it very easy for us to control when we need to integrate with third-party solutions. Normally, we do not allow integration with our on-premises systems and by requiring the third parties to integrate through Azure Active Directory, it gives us an extra layer of security. There is one-way communication from our on-premises Active Directory, which helps to secure our main controllers.

Another thing that we use extensively is conditional access, on top of the Azure Active Directory multi-factor authentication. We are quite happy with the metrics and reports, as well as the logging of risks, such as attempts to sign in from different areas.

So far, we haven't had any incidents. We've seen some attempts to steal our identities or to log in using our credentials but the security provided by this product, including conditional access and MFA, has stopped these attempts. From a security perspective, we are quite happy.

Overall, our security posture has improved, especially when we are talking about MFA. We have MFA deployed on-premises for all of our critical applications. Moving beyond this, to the cloud, I cannot imagine dealing with all of these different SaaS products without having AD or another cloud identity provider in place. We could use a competing product but definitely, we cannot survive solely with our on-premises solution.

This solution has improved our end-user experience, in particular, because of the single sign-on feature. Our users can quite easily begin working. For example, I've worked with other SaaS solutions and one thing that users complain about is the additional steps required for MFA. Some of the non-tech-savvy end-users sometimes struggle, but overall, I would say the experience is quite good.

We are a group of companies and have different Active Directory Forests and domains. Using Azure Active Directory, collaboration is much easier for us because we are able to configure it at the cloud level.

What is most valuable?

The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.

What needs improvement?

The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks.

The MFA has some limitations compared to the legacy version. We still use our on-premises version because it works with our legacy applications using certain protocols. 

I think that as Microsoft is going to the cloud, they are turning off the on-premises features too quickly because the functionality is not yet at par.

I would like to see more features included, such as some surrounding the lifecycle of licenses, and access management for non-Azure cloud applications

For how long have I used the solution?

We have been using Azure Active Directory for approximately three years.

Prior to working with this company, I worked for Microsoft and I used Azure Active Directory as a user over a period of four to six years.

What do I think about the stability of the solution?

I'm pretty happy with the stability of this product. In all of the time that I have used it, I do remember a couple of instances where there was downtime. However, these did not last for a significant length of time.

I can recall that it went down one time, for approximately four hours, in several years. SLAs are definitely met by Microsoft.

What do I think about the scalability of the solution?

Scalability-wise, it works for us. We haven't had any problems and it is quite scalable.

Our company has 4,000 employees, so it isn't very large but so far, so good.

There are two people who are administrators that are involved in the managing and administration of Azure AD. I do not have administrative rights. Rather, I am set up for viewing only. 

How are customer service and technical support?

In general, I would rate Microsoft support a seven out of ten. Sometimes we needed to speak with different people about the same problem, and each time, we had to describe the situation from scratch.

Which solution did I use previously and why did I switch?

I have no experience with other B2B Federation solutions, so I can't compare Azure Active Directory in this regard.

How was the initial setup?

Our initial setup was complex in some ways and easier in others. The complexity stemmed from the fact that we are a bank, and the security team chose the most complex deployment. Because the security people chose the most complex options, they are missing things. For example, self-service password reset is not working for us because it's one-direction communication.

In summary, our initial setup was complex because it was chosen as such. Although it is the most secure, we are missing some benefits that we would have if we had chosen a different setup.

The deployment itself was not very long. However, the planning stage was lengthy because of the in-depth discussions with the security team. Overall, the deployment took perhaps two weeks or less.

Our deployment strategy was a rather high-level approach and considered that our primary identity provider is on-premises AD, which means that we were able to take some of the details from there. We did not have to consider everything from scratch. For example, our password hash is one-way, so there are no writebacks. We defined it this way because it's quite secure. Similarly, we needed integration with third parties, such as other cloud providers. This meant that we were not afraid if something is breached because there would be no impact on our Active Directory. The only impact from a problem would be at the Azure Active Directory level.

What's my experience with pricing, setup cost, and licensing?

The cost of Azure AD is one of the biggest benefits, as it is available for use free of charge when you start with Office 365. It comes with the basic version of it and you can move to the more expensive plans with additional features, but these are still very competitive compared to other vendors.

By comparison, other vendors offered an independent MFA product but at quite an expensive price. With Microsoft, it was already included in the price. The bundling approach that Microsoft uses is good; although competitors may offer a more compelling solution, we already have access to the one from Microsoft at no additional cost.

Which other solutions did I evaluate?

We evaluated some other products from an MFA perspective but I have no hands-on experience with them. I received many good recommendations about both Okta and Ping Identity solutions.

What other advice do I have?

My advice for anybody who is considering Azure Active Directory is that if they are going to use other Microsoft services, like Office 365, then it's no brainer. It's the perfect solution for situations like this.

If you're using a different stack, like Google, and you choose a different cloud provider like Google or Amazon, then if you are using Microsoft, it is still good to use Azure Active Directory. The costs are relatively cheap compared to others.

However, if you're not using Microsoft products, then I would suggest that you could look to other vendors like Okta, for example. I had quite a few good references regarding Okta and the Ping Identity products. Ultimately, you are free to choose but from a cost perspective, Microsoft is great.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SunilKumar14
Information Technology Specialist at Self-Employed
Real User
Feature-rich, good documentation, and the setup is not complex

Pros and Cons

  • "The most valuable feature is Identity and Access Management. As an IT administrator, this feature allows me to manage access for users and groups."
  • "At the free or basic level of service, Azure should provide identity protection features including single sign-on and multifactor authentication."

What is our primary use case?

I am an operational engineer and consultant that assists organizations with their Azure Active Directory implementation. I primarily deal with administrative functions in my day-to-day tasks. I am responsible for creating and configuring Azure AD users and groups, as well as assigning the dynamic membership required by the organization to their users. Another common task is that I set up guest user access for organizations that want to grant access to users on a temporary basis.

For customers that want to use a cloud-based deployment, I can assist them with that. In cases where the customer wants an on-premises deployment then we will provide them with help using AD Connect, which is used for synchronization between cloud-based and on-premises data.

How has it helped my organization?

This solution helps to improve security for our clients using a specific directory structure and by using a variety of options. There is a default directory, which is owned by Microsoft, and in there you can create custom directories for your use. 

There is a panel available for the administration of users, groups, and external identities. 

Options are included for uploading your on-premises applications to the cloud, and they can be registered with Azure. This means that you can also create your own applications.

Identity governance is available for paid users.

Using Azure Active Directory has benefitted several of my clients, with an example being a startup organization. Startups have three or four things that they need to do in order to begin work. First, they need a domain, and after that, they need a DNS record to be created for their domain. For instance, these services are provided by godaddy.com or similar vendors. Once these steps are complete, they connect to Azure AD with the help of the DNS record that was created. At this point, Azure AD performs the role of a Platform as a Service. Once Active Directory is connected and verified, you can create the users and groups, and begin managing your processes. 

These are the only steps that are required for a startup. For an enterprise that wants to migrate its on-premises data to the cloud, there are several additional steps. For instance, you need to create a virtual machine and install your server. Alternatively, if you already have a server, it can be connected with the help of AD Connect.

This is a good solution for end-users because the vendor provides good documentation and if the users experience errors or issues, they get a popup alert to explain the problem. Furthermore, it can provide a solution to resolve the issue.

What is most valuable?

The most valuable feature is Identity and Access Management. As an IT administrator, this feature allows me to manage access for users and groups.

This product is easy to use and easy to manage.

The application policies, licensing, and AD Connect options are valuable.

Multifactor authentication provides more security. Having a user ID and password is compulsory but after that, you can add different security features. For example, it can work with biometrics such as fingerprints, retinal scans, and facial recognition. There are many more options that may suit you better, as per your requirements.

When you log in to the Azure portal, there is an option available called Resource Groups. Here, you can add multiple things including printers and different servers. There are Windows servers available, as well as servers hosting many different flavors of Linux. Once a server is created, you can add in a database, for instance.

What needs improvement?

There are four levels of subscription and the security features are not available for free. At the free or basic level of service, Azure should provide identity protection features including single sign-on and multifactor authentication. These are the most important features for organizations and everybody should be able to utilize them for working remotely.

For how long have I used the solution?

I have been working with Azure Active Directory for approximately three years.

What do I think about the stability of the solution?

Worldwide, Azure has many servers available and in fact, they are the largest cloud organization in the world. As long as you are paying for the service, you don't have to worry about availability. There is a Microsoft backend team available that can provide you with what you need.

The availability is the best in the cloud industry.

You don't need to create or manage your own infrastructure, as it is handled by the Azure team. Also, through the Azure portal, you can add databases.

What do I think about the scalability of the solution?

This is a scalable product. You can scale it to any number of users and any number of servers, and there is no issue. As your organization grows day by day, you can increase your users, your databases, and compute services including RAM, CPU, and networking capabilities. This will ensure availability on the platform.

If you are part of a very large organization, with between 50,000 and one million users, then you might generate between 500 and 1,000 terabytes of data each day. You have two options for uploading this data to the cloud, including an online option and an offline option. In the online option, you use a gateway. The offline option includes Data Box, which is a device used to transfer your data. These hold 800 terabytes and above.

How are customer service and technical support?

I have not used technical support from Microsoft myself. However, it is available and they can provide proper resolution to problems that people are having.

The support documentation that is supplied on the web page is very good. If anything changes then there is a section for notes in the documentation that explains it.

Using technical support is a more cost-effective solution than hiring somebody to maintain the product full-time.

How was the initial setup?

The initial setup is not a complex process. It is simplest in a cloud-based deployment and it will not take much time. If your current server is on-premises then you only need two things. One is your enterprise domain users, which have full access permissions. The other is a global administrator on the cloud side. Both sides need to be integrated and this is done with the help of Azure AD connect. Once this is complete, you can have interaction between your on-premises data and cloud data.

It is helpful to have a basic level of understanding of the product prior to implementing it.

What about the implementation team?

We provide support to our customers, depending on the error or issues that they are having.

What's my experience with pricing, setup cost, and licensing?

There are four different levels of subscription including the free level, one that includes the Office 365 applications, the Premium 1 (P1) level, and the Premium 2 (P2) level. There are different options available for each of the different levels.

Everybody can get a one-month free trial.

Which other solutions did I evaluate?

This product is cheaper than Amazon AWS and Google GCP.

I do not use the other Active Directory solutions, although I do check on them from time to time. One thing I have noted is that the Google platform charges you on an hourly basis. In the case where you need a virtual machine for only one or two hours, this is a good option. However, if you forget to log out of your machine, then the cost will be large.

AWS provides you with a one-month free trial so that you can test using the resources.

What other advice do I have?

At this time, Azure AD is the biggest cloud Platform as a Service that is available. They have 60+ cloud data centers available worldwide, which is more than any other organization. It is a service that I recommend.

My advice for anybody interested in this product is to utilize the free trial. Microsoft will not charge you anything for the first month. They will also give you a $200 credit so that you can use the services.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Flavio Neves
Azure Cloud Architect at a manufacturing company with 10,001+ employees
Real User
Access policies and MFA improve the security of our environment

Pros and Cons

  • "The user functionality enables us to provide different levels of access, across many applications, for each user. We can customize the access level and set a security level in connection with that access. For instance, we can require MFA. That is a feature that helps enhance our security posture a lot."
  • "One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD."

What is our primary use case?

We're using Azure AD as a centralized identity management tool, to keep all identities in one place. For example, if we have an application that needs authentication, we use Azure AD. It is not only for user authentication and authorization.

We also use Azure AD as a synchronization tool from on-premises instances to the cloud, and we are using Azure ID Join to join machines directly to the cloud. We use it for access policies, as well as the registration of services.

How has it helped my organization?

With MFA, if there has been a password leak and someone tries to access the system, Azure AD will send a notification to the real user's cell phone and ask, "Are you trying to login? Please approve or decline this login." If the user declines the login, he can send a report to IT and the IT guys can automatically block the account, change the password, and review everything else. That helps us prevent unauthorized access to the system, and that's just through the use of MFA.

Through access policies, if my account was stolen and the guy got his hands on the MFA information for some reason, if the real user is in one country and the thief is in another country, the account will be blocked by our geolocation policy, even when the password is right and the MFA has been approved. We can lock it down using geolocation.

What is most valuable?

If we're talking about applications, one of the most valuable features is the administration of enterprise applications. It helps us to keep them working. We don't always need to authenticate a user to make an application work, but we do need some kind of authorization. We use service principal names for that. Managed identities for applications are very useful because we can control, using roles, what each resource can do. We can use a single identity and specify what an application can do with different resources. For example, we can use the same managed identity to say, "Hey, you can read this storage account." We can control access, across resources, using a single managed identity.

When it comes to users who have a single account, the most valuable feature is the authorization across applications. In addition, access policies help us to keep things safe. If we have a suspicious login or sign-on, we can block the account and keep the environment safe. It's also important, regarding users, to have a centralized place to put everything.

The user functionality enables us to provide different levels of access, across many applications, for each user. We can customize the access level and set a security level in connection with that access. For instance, we can require MFA. That is a feature that helps enhance our security posture a lot. And through access policies we can say, "If you just logged in here in Brazil, and you try to log in from Europe five or 10 minutes later, your login will be blocked."

What needs improvement?

One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD.

For how long have I used the solution?

I have been using Azure AD for the last five or six years. I have been using the on-premises solution, Active Directory, since 2005 or 2006.

What do I think about the stability of the solution?

We have never faced an outage situation with Azure AD. The stability is great, very reliable.

What do I think about the scalability of the solution?

The scalability is okay for us. While there are limitations on the number of users, it's a very huge limitation. We have not hit that limitation so far. No matter how many users or groups or SPNs (service principal names) we have, it works fast. The response takes two to three seconds if we use the API.

Currently, we have more than 5,000 users. We are at 100 percent adoption. All our users from on-premises are synced to the cloud and they are fully using the features available.

How are customer service and support?

The technical support is not going in the right direction. Sometimes the first-level support agents don't have the proper knowledge. Some of them take a lot of time to discover simple things because of that lack of knowledge. Sometimes a guy takes three or four days to give up and to ask for help from a higher level of support. The technical support can be improved in that area.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Before Azure AD, we either used Active Directory for on-premises or a Linux solution, but it was almost a miracle finding Linux solutions for identities. In our location, the majority of enterprises and companies are using Active Directory. The free Linux solution is basic. You can choose a user, a password, and a level of access, but it does not go as deep as Active Directory.

How was the initial setup?

The initial setup of Azure AD is very straightforward. There is even a wizard for it, making it very simple. The wizard guided us and pointed us to articles in the Microsoft Knowledge Base, in case we had any doubts about what was going on. It was a matter of "next, next, and finish."

Deployment took less than 60 minutes. It was very fast.

There are almost always issues when it comes to synching on-premises instances because they almost never follow best practices. When migrating to the cloud, there is a tool that Microsoft provides to run in your environment that tells you, "Hey, you need to fix this and this about these users, before you initiate the migration." It's complicated because on-premises solutions are like that. But if you want to have identities in Azure AD, you must have a proper set of User Principal Names, because these will be the anchor for the synchronization. If my on-premises instance has a bad UPN, it will not be able to properly sync to the cloud. But once we finished fixing the irregularities in the on-premises accounts, the migration was easy. We just installed the synchronization server and it did the job.

What was our ROI?

We have seen ROI using Azure Active Directory in the fact that we don't need to have four or five local servers. We can have just one local server and the heavy jobs can be run over the cloud. There is some money saved on that.

What's my experience with pricing, setup cost, and licensing?

The pricing for companies and businesses is okay, it's fair. 

But if you are trying to teach someone about Azure AD, there is no licensing option for that. There is a trial for one month to learn about it, but there is a need for some kind of individual licensing. For instance, I personally have an Azure tenant with Azure AD and I use this tenant to study things. It's a place where I can make a mess. But sometimes I want to do things that are blocked behind the licensing. If I were to buy that license it would be very expensive for me as an individual. It would be nice to have a "learning" license, one that is cheaper for a single person.

What other advice do I have?

Plan what you want. Think about whether you want native authentication and authorization in Azure AD. And if you want to have servers on-prem, you have to plan the kind of synchronization you want. Do you want passwords synced to the cloud or not? Instead of going headlong into using Azure AD and running into issues, the kind that require a change in access which could be problematic, plan before doing the deployment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Suryakant-Kale
Chief Technology Officer at a healthcare company with 5,001-10,000 employees
Real User
Top 20
Provides an organization flexibility to move towards the public cloud

Pros and Cons

  • "A use case that we did for an end user in a manufacturing organization: We used WVD with biometric authentication because 1,500 processes need to happen in a process. The user didn't want to use a login using their credentials. They wanted to use fingerprinting or tap their ID. That is where we integrated with the authentication. Now, they can process in a couple of hours, and they run those 1,500 processes every day. This changed their login process, which improved the manufacturing process. This helped a lot for their high deployment."
  • "The only issue is the OU is not properly synced. Therefore, you have to do a manual sync sometimes or you might lose the connector due to AD Connect or sync servers."

What is our primary use case?

I was a consultant. I recently changed my job (seven days ago). Most of my customers did everything in Azure. They used Azure Active Directory Domain Services (AD DS) as well as Active Directory Federation Services (ADFS) to sync a user's profile using AD Connect and a federated model. So, they could access an application on-premises as well as in a cloud. 

I am now a CTO for a big hospital. I manage Azure AD for all hospitals as the CTO. They also use Office 365 across all four of their hospitals. 

The solution is hybrid cloud. We have the Active Directory on-premises and Active Directory Domain services in Azure. This is where I use AD Connect (or sync server) to sync the user's profile.

How has it helped my organization?

Azure AD has features that have helped improve security posture. From a security point of view, they integrated with Okta, which is one of the integrations that we used for a customer's use case. From there, their entire security posture is managed and integrated with Azure.

It gave better visibility on our customers' security posture - the way that they configure users, configure their end user computing, and multi-factor authentication. This is where they get better visibility and manageability through this particular solution.

A use case that we did for an end user in a manufacturing organization: We used WVD with biometric authentication because 1,500 processes need to happen in a process. The user didn't want to use a login using their credentials. They wanted to use fingerprinting or tap their ID. That is where we integrated with the authentication. Now, they can process in a couple of hours, and they run those 1,500 processes every day. This changed their login process, which improved the manufacturing process. This helped a lot for their high deployment.

In my current organization, it is connected only for Office 365. We are getting into other services that Azure has to offer, but that has not yet started. The first use case that we are going to do is backup and recovery through Azure AD.

We are trying to do backup for some Tier 1 applications through Commvault. We will use that data to restore within the Azure environment or Azure Virtual Network (VNet), recovering all the applications. We then make sure that we have the capability for recovering those applications end-to-end. This is where Azure AD will play a huge role, so we don't have to come down to on-premises for authentication.

What is most valuable?

  • The authentication process, e.g., multi-factor authentication.
  • Directory Domain Services.
  • Azure AD Connect (sync services).

What needs improvement?

The biggest thing is if they could integrate with their IPS/IDS processes as well as have integration with another app, like a third-party application. Varonis was another solution that my customers are trying to integrate with ADFS. For some reason, they were seeing some difficulties with the integration. There is a case open with Microsoft on this particular thing.

The only issue is the OU is not properly synced. Therefore, you have to do a manual sync sometimes or you might lose the connector due to AD Connect or sync servers.

For how long have I used the solution?

I have been using it for a couple of years.

What do I think about the stability of the solution?

I haven't seen any major issues. 

We had a customer with roughly around 80,000 users. They had three SMEs or FTEs managing their Active Directory environment or solution.

Maintenance-wise, we need at least two FTEs for backup, making sure that we have the right coverage 24/7.

What do I think about the scalability of the solution?

I think we can add more systems to make sure that we can connect. The documentation provides more detail about the sizing information for OVA files or AD Connect files on the server. So, you have those kinds of capabilities built into the scalability.

How are customer service and technical support?

Before, we used to manage most technical issues. For example, if there was a critical thing that had to happen, then we would open a case. The support that we used to get from Microsoft was great because we were a Gold partner with Microsoft, so we had good access for the technical team.

We don't use the technical support too much because we have engaged a partner for my current organization. 

How was the initial setup?

The initial setup was so straightforward. The documentation is good. There were no problems deploying it. We did the deployment for one customer in less than an hour. Another customer took some time because it is more like a process for change management. Otherwise, the actual installation, download, and configuration took less than a couple of hours.

My previous company's focus was on how to integrate a customer's Active Directory with Okta, how to integrate it with MFAs, and how to integrate with security IMs.

The deployment was easy to do and integrate with on-premises. So if it was a small- or medium-sized customer, we could bring them into the cloud in no time. Also, we could start looking into other applications that the customer could use: Docker containers or DevOps. This is where we spent most of the time, i.e., with customer design.

Every hospital with Office 365 comes with Active Directory Domain Services so you need to sync all your users. That is how the implementation is done today.

What about the implementation team?

At my previous employer, most of our customers' application deployment used Ruby on Rails in their AWS environment and were looking for an authentication process. So, we installed Active Directory or ADFS in Azure for a specific client. Then, all applications would get authenticated to Azure Active Directory and synced from their on-premises environment. 

There was another client for whom we installed Azure Directory Domain Services, which synced with their on-premises data and federated model so we could get the single sign-on. We then installed Azure VMware Solution in Azure for their expanding or extending their on-premises VMware architecture.

We created a questionnaire where we documented the customer's current environment. For example, customers wanted to sync the amount of users. We then used that questionnaire to take care of the prerequisite before we even started deploying this solution.

The whole deployment process should take less than one FTE.

What was our ROI?

It provides an organization flexibility to move towards the public cloud, so their workload can be upstream. They can see that they don't have to come down to their on-premises for any authorization authentications. That is where we were seeing more development environments, staging environments, and DevOps environments, as most of our customers were pushing towards the public cloud, which would then be integrated with their Azure Active Directory.

What's my experience with pricing, setup cost, and licensing?

The licensing model is straightforward. I don't think there are any issues with the E3 license or E5 license.

Which other solutions did I evaluate?

We had a customer with very traditional architecture in AWS. We spun up the ECP instance, then installed and replicated the Active Directory. Other than that, I don't think we had another customer who was going in a different direction.

What other advice do I have?

We have a budget for Q4 2021. By Q1 2022, we are hoping to get one hospital completely in Azure by 2022.

The only way to learn about the value that Azure brings to the table is if a customer can use as an evaluation copy or license. Then, they can integrate and push the development OUs or the test OU to make sure that they can integrate with the MFAs.

I would rate this solution as an eight or nine (out of 10).

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate