Azure Active Directory Valuable Features

Martijn Verbrugge
Manager Infrastructure & Architecture at BDO Global

In our scenario, we use a lot of the business-to-business (B2B) features in Azure AD, which allows us to tie multiple Azure AD instances together. That is what we heavily use because every firm or country has their own Azure AD instance. We tie those together by using the B2B functionality in Azure AD. So, that is the most valuable part for us right now.

It has been very instrumental towards a lot of services we run, especially on the single sign-on side. For example, we have 160 countries that all run their own IT but we still are able to provide users with a single sign-on experience towards global applications. So, they have a certain set of accounts that they get from their local IT department, then they use exactly the same account and credentials to sign into global services. For the user, it has been quite instrumental in that space. It is about efficiency, but also about users not having to remember multiple accounts and passwords since it is all single sign-on. Therefore, the single sign-on experience for us has been the most instrumental for the end user experience.

We are using a whole bunch of features:

  • We are using privileged identity management, which is also an Azure AD feature. This allows us to give just-in-time, just enough access to privileged accounts. For example, normally you have a named account and you get a few roles based on that named account. If that is a very privileged role, that role always sits on your account all the time. When your account is compromised and the role is on the account, the people that compromise your account have that role. With privileged identity management, I can assign a role to a certain account for a specific amount of time and also for a specific amount of privileges, e.g., I can give somebody global administrator access, then revoke that after an hour automatically. So, when his/her account gets compromised, that role is not present anymore. 
  • We use conditional access. 
  • We use access reviews, which is basically a mechanism to access reviews on Azure AD groups automatically. So, the group owner gets a notification that they need to review their group member access, and they use that to do reviews. That is all audited and locked. For our ISO process, this is a very convenient mechanism to audit your group access.
View full review »
Tom Aafloen
IT Security Consultant at Onevinn AB

Passwordless sign-in, which is one of the new features where you no longer need to have a password, is one of the great features. Passwords have always been hard for end-users, but not so hard to bypass for bad guys. It often doesn't matter how complex or long your password is. If a bad guy can trick you into giving it to him or can sniff your keyboard or your network, or access it through malware, your password doesn't matter anyway. So all the complexity, length of the password, and having to regularly change it is hard for users, but it doesn't stop hackers. And that's what makes passwordless so valuable.

Multi-factor authentication is good as it allows you to answer a notification or even an SMS or a phone call, but that has become more unsecure now because the bad guys are learning new way to bypass these methods. But using passwordless technology, you're not even using a password anymore. You're basically just signing a logon request without actually sending, typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple.

It also stops phishing, which is amazing. If someone tricks a user into going into the "Macrosoft" store or some other site that looks like the real site, they can trick the user into signing in there and then they can steal the password. But if the user is using passwordless, the passwordless solution would say, "Sorry, I don't have a relationship here. I can't sign in." In that way, it can stopping phishing, which is one of the most common attack vectors right now.

Another feature that has improved our security posture is Conditional Access where we can not only say "yes" or "no" to a sign-in, but we can also have conditions. We can say, "Sure, you can sign in, but you need to be part of the right group. You need to come from a managed client. You can't come in with a risky sign-in. You need to come in from a certain platform or a certain network." You can have a really complex set of rules and if those rules are not fulfilled you will not be able to sign in, or we can require MFA or even control the session. That is also a really good security feature.

The B2B feature is another good one where, if I want to give someone access to my my apps or data, instead of creating an account and a password and giving that info to the user, I can invite that user so he or she can use their own existing account. That way, I don't need to manage password resets and the like. The B2B feature enables collaborating with anyone, anytime, anywhere.

View full review »
Product Manager/Architect at a consumer goods company with 5,001-10,000 employees
  • Azure Application Proxy
  • Single sign-on capabilities for SAML
  • OAuth integrated applications
  • The multi-factor authentication piece was desirable.
  • Defender for Identity, as of recently.
  • Some of the services, like Microsoft MCAS solution. 

These features offer additional layers of security, which is kind of what we were looking for. 

Some of the self-service password utilities certainly helped, given the scenario of the world today with COVID-19 and lockdowns. We certainly benefited from being able to say, "Have our users changed their password remotely." When they connect to the VPN, then sync them back up with the domain. So, that was very beneficial for us as well.

View full review »
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,499 professionals have used our research since 2012.
Bharat Halai
Global Head of Identity and Access Management at Adecco
  • Single sign-on is the most useful at the onset. 
  • The dashboards offered are very granular, in terms of usages. 
  • We find the Conditional Access element and Multi-Factor Authentication side of things very useful. 

These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.

Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.

It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.

View full review »
Principal Service Engineer at a energy/utilities company with 10,001+ employees

The single sign-on is an amazing product. Its integration with the back-end, like MFA and conditional access, is very helpful for enterprise class companies because of changing dynamics as well as how companies and workers interact. Traditionally, companies used to have their own premises, networks, network-level VPN and proxy settings, and networks to access company systems. Now, anyone can work from anywhere within our company. We are a global company who works across more than 60 countries, so it is not always possible to have secure networks. So, we need to secure our applications and data without having a network parameter-level security. 

Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company.

The analytics are very helpful. They give you very fine grain data around patterns of usage, such as, who is using it, sign-in attempts, or any failed logins. It also provides detailed analytics, like the amount of users who are using which applications. The application security features let you drill-down reports and generate reports based on the analytics produced via your Active Directory, which is very helpful. This can feed into security operation centers and other things.

View full review »
IAM / IT Security Technical Consultant at a retailer with 10,001+ employees

The features I normally use are for authentication and authorization.

Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.

For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.

View full review »
Deliver Practice Director at a computer software company with 201-500 employees

The solution's ease of use is one of its most valuable features. You can access it anywhere and the integration into existing and some legacy applications is good. You can plug into single sign-on self-service, password reset, or conditional access. If you're inside, you don't need to do multi-factor authentication, MFA's, built-in. 

View full review »
Principal Consultant at a tech services company with 51-200 employees

The most valuable feature is the possibility to create multi-tenant applications alone, or in combination with Azure Active Directory B2C. So, you can provide access to applications for your external partners without having to care about the accounts of external partners, because they will stick it in there as an AD tenant. That is the feature that I like the most.

The solution has features that have helped improve our security posture: 

  • A tagging mechanism that we use for identifying who is the owner of an application registration. 
  • Conditional access and multi-factor authentication, which are adding a lot to security. 
  • The privileged identity management feature that has arisen off privileged access management. This is helping a lot when providing access to certain roles just-in-time. 

They are also still developing several other features that will help us.

It does affect the end user experience. It depends on where they are. When they are within the corporate network, then they already have a second factor that is automatically assigned to them. When they are outside of the company, that is when they have to provide a second factor. That is mostly a SMS message. Now, with the Microsoft Authenticator app that you can install on your mobile phone, we are shifting towards that. This has reduced errors because you may just say that you confirm a message on your mobile phone instead of typing the six-digit code, hoping that you are still in time, and that you entered it correctly. So, it does affect our employees. We try to be up-to-date there.

Mostly, it affects security. It is an obstacle that you have to climb. For example, if you have to enter the code in from the SMS message, then you have to wait for the SMS message to arrive and copy the code, or you have to transfer the code from the SMS message into the field. We reduce that workload for employees by having them be able to receive a message on their phone, then confirm that message. So, security is less of an obstacle, and it is more natural.

View full review »
Senior Information Technology Manager at a manufacturing company with 10,001+ employees

The scalability of the solution is good.

Technical support can be helpful.

View full review »
Solution architect at a insurance company with 5,001-10,000 employees

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

View full review »
Matt Hudson
Enterprise Solution Architect - Security at a insurance company with 10,001+ employees

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

View full review »
Praveen Raj
Software Engineer at a computer software company with 10,001+ employees

This solution is easy to manage.

The ability to grant access to other organizations is helpful.

It integrates well with a large number of applications.

View full review »
IT Senior Consultant and trainer at a tech vendor with 51-200 employees

Active Directory Federation Services (ADFS) stores the identities of our customers.

View full review »
Mohamed Fekry
Service Delivery Manager Cloud & Infrastructure Solutions at Nile

The most valuable feature is that it is very easy to implement, you don't need a lot of effort to set up the solution. This is the most advantageous point, that you can do anything on Azure without taking too much time.

View full review »
Michael Ogunlade
Head of enterprise systems at Fidelity Bank Plc

The most valuable feature is the ability to set up conditional access, where you can enforce users to connect using multifactor authentication. This is one of the things that we are using it for. It means that users who are accessing the applications remotely are authentic.

View full review »
Pete Fotopoulos
Vice President - Network and Infrastructure at NJA LLC

The access control aspect of the authentication is the solution's most valuable aspect.

The single sign-on is very convenient for us.

View full review »
Mikael Ribring
Head of IT at a non-profit with 51-200 employees

The ability to see and control PCs and mobile devices is the most valuable. I can see where they are and how many we have. I can also see the age and retention of PCs.

View full review »
Jeffrey Attoh
Chief Executive Officer at ZDAPT

The most valuable features are the B2B connector and the external identity connection functionality. These are helpful.

User group management works well.

The interface is well laid out and it is easy to navigate. You can get to things quickly and it works.

The portal allows you to create reports, which is a nice feature.

View full review »
Security Architect at a hospitality company with 10,001+ employees

Its ability to provide secure connections to people at all locations is the most valuable. It is mostly used by enterprises.

View full review »
Mike Sax
Vice President, Product Engineering at Logitix

The portal version of the Azure active directory is pretty robust.

The solution is very good for different types of management, including, user, group and policy management requirements.

View full review »
Solution Engineer at a government with 1,001-5,000 employees

This solution serves as the basis to understand the MS SSO and MFA capabilities.

View full review »
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,499 professionals have used our research since 2012.