The solution made our organization very flexible and increased our security because we previously faced authentication issues; our users sometimes could not connect from their laptops when they took them off-premises. There were also occasions where the cache was lost, so we couldn't troubleshoot, and users could not log in. This issue was solved, and now the system is flawless.

Azure AD helped to save time for our IT administrators; I haven't calculated precisely how much, but I believe it saves me two to three hours a week. 

We are delighted with our organization's Azure AD user experience, so we have no complaints about that. One of the best aspects is we don't have to update anything; Microsoft handles all of that for us. 

Azure AD is a one-stop solution where we can manage every aspect of identities, access, and applications via policies across all domains of our organization.

We use the Conditional Access feature to enforce fine-tuned and adaptive access controls. This makes our Zero Trust strategy to verify users more robust, as standard users have limited access, on limited devices, with limited permissions. They can only access the domain on specific machines and must be on the corporate or office network. Access from outside the network isn't possible unless it's from a whitelisted location, and along with MFA, we have a powerful Zero Trust model in place.

Azure AD saves us a lot of time, as we previously used an on-prem legacy solution with poor integrations, which slowed onboarding and other processes. Thanks to the product, we spend approximately 70% less time daily and about 80% less time weekly. That's a big plus. 

The solution helps our organization save money from a cost perspective, and there are several other vital angles to consider. Azure AD is an out-of-the-box product in terms of features and security, which is a reduced cost. Whether an organization requires P1 or P2 licensing is another consideration. Finally, if a company is replacing legacy systems, that's money saved for licensing and maintaining those systems. Some of our clients have seen 30-40% savings, especially those using complete legacy systems and then switching to a cloud environment.   

Azure AD greatly helps user experience, as we can integrate the solution with many services. End-user experience improved, whether staff members try to access resources from mobile or even personal devices. We can fine-tune access control across the enterprise, and that helps us provide a good end-user experience.  

Entra ID has primarily helped with security and some level of organization of our user environment and application access for staff.

Entra provides a single pane of glass for managing user access to some degree. We still have to use local Active Directory management for certain items or troubleshooting. It does not seem to extend management and troubleshooting down to the endpoint level or have the same sort of granularity as managing Active Directory directly from an Active Directory server.

Entra ID has helped to save time. It has saved four to eight hours of staff member's time per week.

In some ways, Entra ID has saved us money because using it for single sign-on for third-party applications means that we do not have to use a third-party solution such as Okta or OneLogin. It is a default solution. It comes out of the box, and it works with multiple applications, which means that we do not have to go the route of having a third party to have that same type of solution for us. In that sense, it does save us money, but I do not know how much it has saved because I have not priced out Okta or any of the other solutions. I imagine it is a fairly substantial amount that they would charge per user per month times the number of our users.

It has improved our security posture. Not only with the password feature but there were also things like conditional access, applications within Azure that you can use for better access. You can put conditional access rules in front of those applications, which means that either the device that they're accessing it with has to have a certain up-to-date version of antivirus, it has to have all of its Windows updates, or they have to use multi-factor authentication. All of those nice-to-have features help our security posture a lot.

When users are in Active Directory they can use single sign-on, which means once they've signed on to their machine, they then don't have to sign on again when they access things like their email. They can just go to those URLs. Because those applications are attached to our Azure AD and to our Azure tenant, they can just go to the applications. Those applications know who they are because they have a single sign-on enabled. So that has helped them so they don't have to turn on passwords when they have to access all these different applications.

Microsoft Entra ID provides a unified interface for managing user access. The user's sign-on experience relies on several factors, including the specific service or resource they are attempting to reach. The initial sign-on process involves first-factor authentication, which typically entails entering the username and password. Depending on the user's assigned security level, multi-factor authentication may be required. If the user is attempting to access an application and Single Sign-On is enabled, they can also enjoy a seamless sign-on experience for accessing both on-premises and cloud-only resources.

The admin center assists us in managing everything, from global administrators to Role-Based Access Control provisions. If a specific admin needs to be assigned to access all user authentication methods, an authentication administrator will be made available. Similarly, a conditional access administrator can assume this role if needed. We have a variety of roles accessible for performing tasks such as accessing, reading, writing, and editing operations, all based on specific requirements. Alternatively, there's the global administration role, which holds the capability to perform various actions and possesses full control over the tenant. This control can be exercised through the admin center.

When the COVID-19 pandemic emerged, all of our employees across various organizations worldwide began working from home. This trend of remote work continues significantly. Users operate from diverse networks, which might vary in terms of security levels. In order to safeguard resources, Microsoft Entra ID plays a pivotal role for all organizations, not solely for mine. Microsoft Entra ID provides essential security features, such as continuous access evaluation, multifactor authentication, IP restriction, and device-based blocking. These features constitute a device registration scenario that organizations can adopt. Whether an organization chooses to manage devices through Microsoft Entra ID or one of the other device registration scenarios available depends on the specific context, particularly the industrial location for an IT engineer. In this setup, an organization can impose restrictions or temporary blocks on users directly, contributing to the assurance of secure logins. This approach aids organizations in preventing unauthorized access to user accounts and organizational data from potentially malicious actors like hackers or unauthorized exporters. Microsoft Entra ID has been designed to enhance the security of both users and organizational information, aligning with Microsoft's commitment to safeguarding user data.

Conditional access is among the most reliable and secure features enhancing the performance of Microsoft Enterprise ID. This functionality enables us to execute various actions, as I have previously indicated. These statements are straightforward and comprehensive. To prevent access for specific users, we must apply logs based on specific requirements. If there is a need to restrict a user, we can implement a pause. This means that if a user is accessing from a certain location or utilizing a particular device, they will be granted access. Conversely, if these conditions are not met, the user's access will be denied. Therefore, conditional access policies can be employed as the organization's primary line of defense. In the past 22 months, updates have been made to the conditional access framework, incorporating conditional access policies from both session management and control management. This enhancement enables organization administrators to apply more refined filters, thereby enhancing user security. These updates include the potential enforcement of app protection procedures through Entra ID. Alternatively, administrators may create custom policies for specific applications or websites using the Defender of products. In the past, the option to merge different Entra apps and conditional access was not available. Presently, conditional access policies offer heightened security, allowing the creation of policies from various Microsoft services, including different apps. This capability empowers us to restrict users or employees from actions like copying certain data or transferring information to other locations. It prevents downloading of company information from untrusted devices as well. Additionally, our implementation of app protection policies aligns various Microsoft services with conditional access policies, further fortifying overall security.

The three factors for implementing a zero-trust framework are verifying the users, checking their privileges, and aiding in identifying any breaches. Conditional access assists with this process.

We can establish application restrictions and enforcement policies based on the Entra ID. These policies can then be aligned with conditional access policies across various locations. Additionally, we have the ability to formulate policies, such as designating trusted and untrusted locations for device data. This ensures that specific applications will only be accessible if they meet the conditional access prerequisites both from Entra and within the Endpoint Manager policies. This encompasses all first-party Microsoft applications as well.

The Verified ID feature is one of the most impressive functionalities I have encountered. Although I haven't used it personally, my role involves working as a technical support engineer for Microsoft. My responsibilities include handling support requests for Microsoft and assisting customers worldwide, whether they are utilizing premier or personal support services. To the best of my understanding, the Verified ID offers one of the most secure methods for organizations to store their data via the Decentralized Identifier framework. This enables them to manage their setup autonomously and perform DID verifications. Through this process, organizations can issue credentials to users using the Microsoft Authenticator app. This ensures that a web server is set up and a decentralized ID is created. Importantly, all organizational data remains confined within the organization; Microsoft does not retain user credentials or passwords. Consequently, all organizational data becomes integrated into the decentralized ID. This process is carried out by administrators responsible for onboarding users into the organization. When an employee joins the organization, they are issued credentials using the Verified ID feature through the authenticator app. Subsequently, these credentials are passed on to the user. The authenticator app then verifies the legitimacy of the request.

Microsoft Entra ID has proven invaluable in saving time for both our IT administrators and HR departments. Prior to Entra ID, we were required to generate individual user IDs sequentially. However, with Entra ID, we now have the convenience of producing them in bulk. This includes the ability to furnish these user access IDs temporarily, along with corresponding temporary passwords. This is achieved through a CSV-formatted Excel sheet. This process is particularly advantageous when juxtaposed with onboarding new users. For our existing users, determinations are made based on their user activity and potential risk status. In this regard, our IT administrators or global admins are promptly alerted if any user is flagged as risky. These notifications and identity protection features are integral components of Microsoft Entra ID, especially in relation to potential users. Furthermore, our system incorporates the latest workflow feature. This functionality closely resembles Identity Protection, although the latter exclusively pertains to users and objects. Conversely, virtual IDs oversee services, including applications and various other resources that have been generated via web apps, SQL, or SharePoint instances.

Microsoft Entra ID has significantly contributed to cost savings within our organization. Prior to implementing Entra ID, substantial financial resources were dedicated to various investments. Particularly in the realm of licensing, any learning initiative incurred substantial expenses. However, there has been a notable transformation in Azure, now rebranded as Entra, accompanied by the incorporation of numerous features under the Microsoft Entra ID umbrella. Undoubtedly, this has greatly enhanced cost management for our organization. Moreover, we now possess the capability to effectively manage subscriptions. We receive regular alerts from the cost management infrastructure, providing insights into our resource consumption. A distinct 'pay-as-you-go' option empowers us to select and pay solely for the resources we utilize. This approach enables us to forego committing to a fixed amount of virtual machines for a predetermined period. Instead, we can opt for resources as needed, paying only for their actual usage. Indeed, the cloud plays a pivotal role in cost savings when compared to the complexities of managing on-premises servers and resources.

The Microsoft Entra ID has significantly enhanced our user experience. In our daily scenarios, there is no need to log in every time. This is especially beneficial for user authentication and accessing various resources. Entra offers features that simplify our daily tasks and the use of dynamic applications that we host. One remarkable feature is the ability to utilize single sign-on, which is both cool and highly effective. Additionally, we have the option of Windows Hello for Business, including field authentication for Windows Hello for Business. These authentication features streamline the login process and contribute to the ease of our work. 

Years ago, we had on-premises Active Directory, and we still got some clients out with the on-premises Active Directory. On-premises Active Directory worked well when everyone was in the office, but you had to be on the network to log in. If you took a computer home, you could not log in. Microsoft Entra ID definitely accommodates remote working. It is in the cloud. It is a lot more flexible. Someone can just eat out of the box now. They can log into a device, and it sets itself up and deploys the apps with supporting services. It is definitely a lot more flexible, and because it is in the cloud, it is evergreen. New functionality and features are coming out to it all the time, which is great. Previously, every three years or so, you would upgrade your server and you get new functionality, whereas now, you are getting that all the time. If you want to integrate with automation and AI, it all comes to Entra ID first. It is very powerful, and the flexibility to upgrade indefinitely and allow people to work from anywhere is a big push of it.

Microsoft Entra provides a single pane of glass for managing user access. Having that as your single source of truth is very helpful. That directory can be accessed from anywhere without a VPN or anything else. When you are applying a security policy through Intune and Entra ID, you can be sure that it is applying to all devices, whereas with an on-premises directory, you might have a group policy to apply security, and you might change that policy, but if someone was not in the office or using VPN, that policy might not update on their device, so you could never be sure if it worked. There was no way to look at your 500 machines and see which machines had the policy applied and which did not. You could not do that, whereas, with Entra ID, you can. You can even do things in Intune where, for example, if a security policy is not applied or if a device does not have the necessary threshold of security policies and security software, the device is no longer compliant, and it cannot access any resources and things like that. It is much more powerful.

It works very well. Conditional access is probably one of the best features of Entra ID for the ability to control what can be accessed from where and by whom. In the zero trust model, it is very good. We are an IT managed services provider. We are a massive target, and it is a huge risk because if someone breached us, they breached our 2,000 downstream clients because we have got access to their systems. Within Microsoft 365 or Entra ID tenant, you cannot even log in to that tenant unless you are on a compliant IT device. It is a powerful feature.

It has definitely helped to save time for our IT administrators. When I speak to clients, I always work on a rule of about two or three percent of the headcount for IT. It is normal IT when you are a reasonable-sized company, but with 500 people, we have got three people in that team now, which is much lower than that. When you buy a new device, you can log in with the IT credentials. It sets it all up. All your policies and all your software are ready to go. There are no humans building that manually. A lot of it is sort of self-service now as well. So, it cuts down on a lot of time and that thing where people have to come to the office to update their software. The way it was five years ago, if you got an issue with a new laptop, you had to take it to the office and log in yourself for the first time before you went home. You do not have to do any of that now. With Entra ID, the access is via the cloud, so you do not have that issue where years ago, your password would get out of sync with the office. You do not have to deal with all of that. Compared to an on-prem device years ago, the support required is much less. You can now deploy the software centrally and remotely. We are an SMB. Our customers are SMBs. If you are a big company, you probably had a technology platform or a team waiting to deploy software remotely even years ago, but SMBs did not have that. A lot of work was manual, and it was time-consuming, whereas now, with Entra ID and some of the functionality around it, those small businesses almost have a corporate-size business service that they can provide, and it is whatever pounds per user a month.

The cost savings are probably quite high. There is a lot of efficiency for the IT team. There are a less number of issues, so the users are more productive. A typical IT function is a 2% to 3% headcount for a 500 people organization. You would expect ten people to be on our IT team, but we have got two to three people. We have six heads less than we might have had years ago. We are an IT company, so everything should be running slick. We are also using a lot of bleeding-edge technology, so there are some more issues with that, but we have fewer people to support the business. People are more productive. It is hard to quantify the savings, but it is a lot. I have been around long enough to know what the world was like before and how painful it was, but I do not have any stats. I have customers who invest in a lot of technology, and I have ones that do not. We are producing some metrics around that, and it is really interesting to see that the customers who spend a lot do not have major outages. They log fewer tickets and things like that.

Besides tying together all authentications for our 160 countries, it has also been instrumental in getting the collaboration going between our firm countries since normally they are quite isolated. Also, their IT firms are quite isolated. So, Azure AD has made sure that we can collaborate with each other in multiple different systems: the global portal, the Audit application, and Office 365. This allows us to collaborate closer together, even though we are still separated as different countries.

Because it is an identity store, it handles all our authentication. We also use it with a combination of conditional access, which is a way to limit people's authentication or authorization based on where they are, the compliance of their device, and on a whole bunch of other variables that we can set. So, it definitely has been influential as well on the security side. Because it is a SaaS, you have central management over that. You can see all the logins and get reports on who signs in from where. 

There is a lot of artificial intelligence in Azure AD that can monitor behavior of users. If users behave in a strange way, then the authentication can be blocked. For example, if you have a user logging in from China, but it looks like the same user is logging in from America just a few seconds apart. That is a seemingly risky behavior that Azure AD flags for you, then you can block that behavior or have the user provide you with a second factor of authentication. So, there are a lot of security features that come with Azure AD too.

Entra ID provides a single pane of glass for access management. Microsoft Identity confirms users and the access management grants access. In terms of IT and access management, Entra ID provides better management and monitoring solutions that can be used effectively. Entra ID can be used by IT administrators and app developers. It offers a wide range of options for onboarding applications to the cloud. For example, enabling single sign-on for an on-premises application can be time-consuming. However, moving the application to Entra ID is straightforward. App developers can use Entra ID APIs to build personalized experiences, set up single sign-on, customize applications, and monitor them.

The single pane of glass consistency for user sign-on experience is very good because Entra ID is a solution from Microsoft that is available in different regions around the globe. This means that we always have better visibility and management of user sign-on, and now Microsoft apps also moved to Microsoft Entra. This provides a unified experience where we can manage access and permissions from a single location.

The consistency of our security policy is excellent. It is very granular, allowing us to scope it to groups or access it via the API. We also have Entra ID PIM, which allows us to granularly control access to resources. This is a very good option for access management.

Active Directory's Admin Center is a very good tool for managing all identity and access tasks in our organization. It provides a single pane of glass for managing users, groups, external identities, and roles. It also allows us to create administrative units, which can be used to scope access to a set of users, groups, and devices. We can also use Admin Center to view licenses, company branding, user settings, security settings, sign-in logs, provisioning logs, usage, and insights. Admin Center also makes it easy for admins to troubleshoot problems. For example, if we need to debug something, we can log into Admin Center and check the sign-in logs.

There were many benefits to moving to Entra ID. The main benefit was that it was a game-changer, especially for monitoring. When we were using Active Directory, everything was local. This meant that we had to build our own monitoring solution for each application that was onboarded into AD. This was a time-consuming and expensive process. With Entra ID, we can use Microsoft Sentinel or Entra ID Monitor to monitor all of our applications from a single location. This is a huge time and cost savings. Another benefit of Entra ID is that it makes it easy to onboard new applications. With AD, we had to deploy the application on-premises and then configure IT and access management. This was a complex and time-consuming process. With Entra ID, we can simply onboard the application and then grant Identity Access Management to the application. This is a much simpler and faster process.

Conditional access is a powerful feature that allows us to define a set of conditions that must be met in order for users to access our applications. This can help us to improve security by ensuring that only authorized users can access our data, regardless of where they are or what device they use. For example, we could create a policy that requires users to be located in a specific country or to use a specific device type in order to access our applications. We could also require users to use multi-factor authentication in order to access our applications. Conditional access policies can be applied to all of our applications, including those in Entra ID and Office 365.

Conditional access policy plays a key role in zero trust security. In the conditional access policy, there is a feature called named locations, which allows us to exclude devices from a condition if they are coming from a trusted location. For example, if we add an exclusion for trusted locations to our conditional access policy, it will directly impact our zero trust policy. The main driver for any organization to move to zero trust security is to reduce the number of named locations in their conditional access policies. By reducing the number of named locations, we can increase the security of our organization by making it more difficult for attackers to gain access to our systems.

I have been using the conditional access feature in conjunction with the endpoint manager for a long time. This is a great feature because it helps us to monitor threats and direct users accordingly. It is a very useful feature for monitoring our endpoints. For example, if a user tries to access a service, the check can be done and the endpoint manager will be able to provide us with all the findings.

Microsoft Defender for Endpoint can identify any PaaS devices that connect to a network. This includes any unpacked devices that are trying to use an application that is onboarded in Entra ID or any persistent Office 365 application, such as Microsoft Teams, Outlook, or OneDrive.

I have been using Entra Verified ID on the proof of concept. It is one of the best ways to onboard a remote employee. Since COVID in 2020, we have all been working remotely. It is better to onboard an employee who is present remotely in a different location than to ask them to come to the office, collect a laptop, and then onboard them. Verified ID makes this process easier by using preset, already-known information that is present in our company directory. For example, when an employee is interviewed, they are given face verification through a government ID. The ID is collected and a photograph is taken, which is then stored in the HR database. With this information, we can onboard employees remotely and grant them access to all of the company's resources. This is a much easier option than asking everyone to come to the office and ask for help from the overloaded service desk team.

The speed at which we can onboard a remote employee depends on how we define it in the initial planning. If we set the correct standards, such as the type of information we need to verify the employee's identity, we can streamline the process. For example, if we require the employee to provide a government ID and a photograph, the HR department can collect this information in advance and process it in the company's database. This will make it easier for the employee to complete the onboarding process remotely.

When it comes to controlling and prioritizing the privacy of identity data, there are multiple ways to do so. One way is to onboard remote employees with information that is already present in the company directory. This information can be verified by HR, who has already obtained the employee's consent to share their personal information. Another way to onboard remote employees is to ask them to provide a photo and government ID. This information is also stored in the company's database and is not shared with Microsoft. Microsoft only creates a digital identity for the employee and uses this identity to validate the employee's remote onboarding. In both cases, the employee's personal information is not exposed to the Internet. Microsoft and the company have a secure channel for exchanging this information, so there is no problem with data privacy.

The permission manager in Entra ID is very good. Microsoft improved it a lot. Microsoft Entra is the new permission manager solution. It provides comprehensive visibility into the permissions assigned to all identities, such as user identities. It also allows us to check the current permissions that are given to users. This is a better way to manage permissions. Permission management is a really good option that has a lot of benefits and improvements, especially when moving to the Microsoft enterprise.

When it comes to identity and permission management, the risk is relatively low when using a cloud-managed solution. This is because cloud-managed solutions provide full visibility and the option to automate permission management. One of the benefits of cloud-managed identity and permission management is that it allows us to implement the principle of least privileges. This means that we can give users and workloads only the permissions they need to do their jobs. This helps to reduce our attack surface and makes it more difficult for attackers to gain access to our systems. Another benefit of cloud-managed identity and permission management is that it provides us with visibility into our user and workload identities. This allows us to quickly identify and remediate any security issues that may arise.

Entra ID helps our IT administrators and HR department save time. It reduces the custom task of deploying and onboarding any application. This means that administrators can easily onboard applications to Entra ID and provide users with a single sign-on experience. As a result, administrators have more time to focus on improving their skills and deploying new Entra ID features. Entra IDoffers a wide range of features, including artificial intelligence capabilities such as Chat GPT. This frees up a lot of time that was previously spent managing the local active directory. Entra ID has freed up most of my weekends. When I was previously working with on-premises data centers, I had to patch my servers every weekend, which was a time-consuming and tedious task. However, now that all of my applications have been moved to Entra ID, these tasks have been drastically reduced. As a result, I would say that my weekends are now almost free.

Entra ID saved lot of organization money. I see previously organizations investing in expensive solutions for data centers, which required a lot of maintenance and the need to find the right talent to manage them. However, with Microsoft Entra ID, we no longer have to worry about maintaining data centers, as they are completely managed by the cloud. This has made our operations easier and more efficient, as we can now deploy changes quickly and easily, and receive alerts when any issues are found.

Entra ID positively affected our user experience.

Entra ID offers a unified interface for managing user access.

In addition to the Single Sign-On provided by Entra ID, we also offer a biometric option through Windows Hello.

In the admin center, we can locate the dashboard. Recently, Microsoft has made significant improvements. Previously, searching for a username required navigating to the user test section. However, presently, I've observed that Microsoft has enhanced the search scenario. Now, by simply searching for the username on our web page, it will display the username along with all associated details. Furthermore, we have password identity management, group management, and application registration options available. We also support on-prem authentication, specifically rescoping authentication like NTLM, which is an older authentication method. However, if we register our application with Entra ID, we can easily enhance the security of our authentication through modern authentication methods. These security features are available within the admin center.

Verified ID, in fact, is obtained when we create or subscribe within Entra for the initial time. Therefore, it is a default setting on Microsoft that provides us with a default domain. However, if we perform this on Microsoft.com, we need to append that tenant and subsequently verify it. This, of course, necessitates the addition of certain DNS entries to incorporate our customized domain into Entra ID. Consequently, we have the capacity to include up to 500 domains within a single tenant.

We are three global admin users. As such, we are responsible for maintaining our company's tenants. Occasionally, the security or compliance teams need to assess the current status. For instance, we might have a project requiring a vendor to have access for a specific duration. In such cases, we can readily grant customized access to that user for the designated period. Post this duration, access will be automatically revoked. Hence, we can manage these settings through permission management.

Microsoft has indeed introduced new features. For instance, we now have the ability to create a multitude of users or add members to a group all at once. To facilitate this, they have developed a custom script. By including the object ID of the user in an Excel or CSV file and importing that file, the system will automatically add the users. Entra ID is particularly time-saving, as it allows us to add 100 users in just 30 seconds using the group method. If we were to create the group manually, it would take one to two hours per user.

In my situation, not all users are motivated. The IT division and the technicians might be up to date with the latest technology. However, when we consider the finance or sales personnel, their primary focus is on their business sales. They lack knowledge of IT or technologies. As a result, when we introduce a new solution and onboard their users to that system, we encounter certain issues. Nevertheless, through integration and training, we established the necessary procedures for logging in and working, which eventually became acceptable. Entra ID has played a significant role in making the user experience more seamless.

With COVID-19 at the moment, this solution is a good example of where we needed to move a lot of our traffic from our on-prem authentication into the cloud. Last year, before I joined the company, we had to setup our VPN differently. It was easy enough for us to do because our machines were already joined to Azure AD. We just split the traffic and stopped having to rely on our on-prem VPN for our Office 365 traffic. We were just good to go into the Internet because we had all the features setup, e.g., MFA and Conditional Access, which made life a lot easier.

It has made our security posture better. There are always improvements to be made, but we feel more secure because of the way that things have been setup and how everything integrates together.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

Azure is the most comfortable cloud to work with. One company we worked with had infrastructure that needed to go to the cloud, and with Microsoft, it's very easy to move. The company is flexible in terms of how you want to handle a migration or configuration. There are a lot of features that help to implement different solutions and that makes it very easy to work with. 

Microsoft 365 is a part of the service of Active Directory. Currently, all the people and institutions, such as schools and universities, working from home are getting the benefits of Microsoft 365 in Azure Active Directory. They are indirect users of Azure Active Directory. That's because all the services are with the Azure platform, and all these identities are managed from the cloud. This service is providing a huge contribution to the whole world at this time. For example, my nephew is not going to school currently, but he has to connect every day through Microsoft Teams. I know that it is Active Directory that's managing this authentication, but he doesn't know that.

Azure provides many services related to security, data protection, identity, key networking, and management of the storage accounts with encryption. The whole environment is very secure. Azure works with the security of the services. It is in the backend, and it is the same platform as Microsoft 365 or Office 365. So, if you have Office 365, you're using Azure. The platform source is the same for Azure and Office 365 or Microsoft 365. It is the same platform to manage the users. At a certain point, I guess everything will be together because even though there are too many services, all of them rely on the same platform.

There is a secure way of managing the security and access to your services. If you use Azure in your company, you can manage the type of authentication that you want to use for security. For example, you can manage your company from on-premises and also use the cloud in a hybrid environment. This way the services that Azure provides on the cloud are available for the users that exist on-premises, and this is actually where I'm working right now.

Azure AD has security features that have definitely helped to improve our security posture. Our hybrid environment makes it very easy for us to control when we need to integrate with third-party solutions. Normally, we do not allow integration with our on-premises systems and by requiring the third parties to integrate through Azure Active Directory, it gives us an extra layer of security. There is one-way communication from our on-premises Active Directory, which helps to secure our main controllers.

Another thing that we use extensively is conditional access, on top of the Azure Active Directory multi-factor authentication. We are quite happy with the metrics and reports, as well as the logging of risks, such as attempts to sign in from different areas.

So far, we haven't had any incidents. We've seen some attempts to steal our identities or to log in using our credentials but the security provided by this product, including conditional access and MFA, has stopped these attempts. From a security perspective, we are quite happy.

Overall, our security posture has improved, especially when we are talking about MFA. We have MFA deployed on-premises for all of our critical applications. Moving beyond this, to the cloud, I cannot imagine dealing with all of these different SaaS products without having AD or another cloud identity provider in place. We could use a competing product but definitely, we cannot survive solely with our on-premises solution.

This solution has improved our end-user experience, in particular, because of the single sign-on feature. Our users can quite easily begin working. For example, I've worked with other SaaS solutions and one thing that users complain about is the additional steps required for MFA. Some of the non-tech-savvy end-users sometimes struggle, but overall, I would say the experience is quite good.

We are a group of companies and have different Active Directory Forests and domains. Using Azure Active Directory, collaboration is much easier for us because we are able to configure it at the cloud level.

Microsoft Entra ID offers a single pane of glass for managing user access. This unified interface provides essential notifications and guidance if further actions are needed within Entra ID. While all features can't be displayed simultaneously due to potential clutter making it visually unappealing, the centralized view efficiently directs us toward managing user access and other identity and access management tasks.

The single pane of glass affects the user's experience positively. Microsoft Entra ID makes necessary innovations when it comes to the GUI interface.

In my overall assessment, the admin center seems effective in consolidating all the responsibilities and duties that admins should be able to perform. This centralization makes it efficient for users like us global admins and user administrators to find everything we need to do in one place, adhering to the principle of least privilege. While I appreciate the admin center's functionality, I prefer working with the Entra portal for its more robust view.

Microsoft Entra ID has significantly improved our organization's security posture. One key feature is what we call privilege identity management, specifically designed to manage sensitive administrative credentials. For example, imagine a CEO with an account in Entra ID. We might also have an IT technician or support person with an admin role, like a Security Admin. We call these privileged identity accounts. While the CEO holds the highest position, they don't need admin access. privilege identity management has been instrumental in enhancing our overall security in several ways including, Robustly securing privileged identity accounts: PIM implements stringent controls and access restrictions, minimizing the risk of unauthorized access to sensitive data and systems. Enforcing the principle of least privilege: PIM ensures users have only the minimum permissions necessary to perform their duties, reducing the attack surface and potential for misuse. Adding extra layers of security: Entra ID integrates multi-factor authentication and conditional access policies, further strengthening access control and mitigating security risks.

Entra ID's conditional access feature strengthens the zero-trust principle, which emphasizes continuous verification and never granting automatic trust. This policy has significantly improved our overall security posture by implementing specific controls that grant access only when users meet defined conditions.

The visibility and control provided by Entra ID permission management across Microsoft, Google, and Amazon Cloud is impressive. Microsoft has a long history in the identity and access management space, starting with Active Directory and subsequently adapting to the cloud. Their cloud expertise has served them well in developing Entra ID, a comprehensive IAM solution. I believe Entra ID represents a significant improvement, offering clear visibility and control over permissions. While I haven't used other third-party products for comparison, I feel Microsoft has delivered a top-notch feature within the IAM landscape.

Using permission management has helped reduce risk surfaces regarding identity permissions.

Entra ID has significantly reduced the time burden on our IT administrators and HR department. Take, for example, its built-in self-service password reset feature. Imagine I've forgotten my password and need to reset it. Previously, I'd have to log a request with IT, potentially waiting for assistance if they were unavailable. SSPR empowers users to reset their passwords independently, freeing up valuable time for our IT team. For our HR department, Entra ID offers integrations with third-party apps, also known as user provisioning. This comes in two flavors: outbound and inbound. Outbound provisioning specifically applies here. In this scenario, Entra ID acts as the source system, creating user accounts in the target third-party SaaS app which is like a tag assistant. For example, if an HR employee needs access to Dropbox or G Suite, we can create those accounts automatically in Entra ID and then provision them into the corresponding SaaS apps using user flows. This eliminates the need for manual user creation in each app. Furthermore, we can implement single sign-on, removing the hassle of juggling multiple passwords for different resources.

Microsoft Entra ID has significantly impacted the employee user experience, particularly through its single sign-on functionality. SSO eliminates the need for multiple passwords to access different resources. Previously, when a user was created in Entra ID, accessing other applications developed outside of Microsoft required separate credentials and logins for each platform. This created a fragmented and cumbersome experience. However, with Entra ID's SSO, user authentication and authorization for these third-party applications now seamlessly occur through a single sign-on process. This grants secure access to all integrated applications without the need for additional logins, streamlining the user experience and enhancing security.

In general terms, we use it as an admin tool. If we want to set up accounts for people, it's easier for us to do it like this because everything is connected to different groups.

Microsoft Entra ID provides a unified interface where we can manage all of our entities. It utilizes a flat directory structure, allowing us to assign user access and group them using tags. For instance, when we create a user for the sales team, we simply apply a tag such as "sales," automatically adding that specific user to the sales group. This eliminates the need for the manual creation of containers and the manual grouping of users within a specific container. Everything is achieved through tagging, and streamlining the process, and is facilitated by the singular interface offered by Microsoft Entra ID.

We can easily apply security policies through a unified interface. Everything in Microsoft Azure can be utilized for server storage. Although it's within a single interface, there are options for differentiation. For instance, by clicking on the Microsoft Entra ID, we can access a distinct interface. Here, we have the ability to create, apply, and manage policies for various aspects, all from this specific interface.

The admin center helps us identify where there are issues and easily take action.

In Microsoft Azure, there is a tool called Intune, which serves as a device management tool. In the past, we encountered issues while managing all end devices through SSCM. This involved a constraint where any updates or policies could only be pushed if the device was connected to the office network. Essentially, users needed to physically connect their devices to the office network to receive updates or policy changes. However, with the introduction of Intune, a Microsoft Azure product, we transitioned all our devices to this platform. This allows us to create and directly push policies without the necessity of the device being on the corporate network. Users can now receive security updates, as well as different antivirus updates, even while working from home. This streamlined approach greatly simplifies endpoint maintenance, which also extends to mobile devices.

We do not utilize the Microsoft Entra ID conditional access feature for endpoint devices. Instead, we apply conditional access to specific groups. For instance, we have a team that requires access for a defined period. Additionally, certain types of vendors need access ranging from, for instance, two days to a few hours. In such cases, we employ the conditional access feature to grant the necessary access. We have employed this approach, and it has proven to be highly advantageous.

While we don't typically utilize the conditional access feature in combination with Microsoft Endpoint Manager from the user's standpoint, there are certain groups for which we do implement conditional access. For instance, within multiple teams, not all members are granted identical access. Various team levels enjoy distinct levels of access. It is in such scenarios that we employ the conditional access feature.

We have an access group where we define the access that each team will receive. Additionally, we have the Tier One, Tier Two, and Tier Three support teams, for which we have defined privileges based on their respective roles and responsibilities.

Microsoft Entra ID assists in saving several hours for our IT administrators and HR departments daily. This is particularly due to its unified interface. For instance, when we need to review certain logs, we can grant access to the HR team. They can easily retrieve logs detailing specific employee activities. This includes information such as individual browser usage duration and system activation records. These types of logs encompass the range of data generated on a daily basis from this platform.

Microsoft Entra ID has undoubtedly assisted in saving money for our organization. This is because we are not only utilizing the solution itself, but we can also incorporate our application server along with products such as software and solutions, including emails. Microsoft Entra ID is included as part of the package fee, which unequivocally contributes to cost and time savings. This is primarily due to the elimination of the necessity for an additional identity provider, as it is already encompassed within the package.

Our employees' user experience has improved with Microsoft Entra ID compared to the local Active Directory, which was occasionally slow, depending on the availability of our log-on server at the time. If it was unavailable, logging in was significantly slower, and we could get logged out. This is no longer the case, and now we can easily log in. 

We strive to provide our users with the easiest and fastest way possible to access. Most users view the single pane of glass as a feature that is beneficial. However, the security policy is more difficult to implement and must be managed and measured by the administration.

I give Entra Admin Center for managing all identity and access tasks in our organization an eight out of ten.

We use the Apple environment. When we tried to implement Azure Active Directory in our service, it was a bit difficult. So, we chose to use an alternative such as Okta. However, Azure Active Directory is very valuable because it connects with Apple School Manager itself. I would rate Azure Active Directory an eight out of ten.

Entra saved us about one hour per month.

The overall employee user experience with Entra is a seven out of ten.

We use Active Directory to manage our Microsoft 365 licenses. The solution is very easy to use. We conducted some tests to connect this with our MBM through the identity tools, which was also very easy. We just had to follow a few steps, but we needed to be more technically prepared.

Active Directory is easy to maintain due to our control of identities. We have a controller in place to maintain and clean the Active Directory, providing new identities and removing those no longer in use.

The main benefit is that you have one repository for identities. That is very important for main companies. If you have worked with or are familiar with the concepts of on-prem Active Directory, you can easily start with Microsoft Entra ID. You have everything in one area. You have application identities, workload identities, and other identities in one area. It is very convenient and powerful. It helps with centralized identity management. You can also connect with your partner organizations. It is quite powerful for collaboration with your partners, customers, etc.

Microsoft Entra ID provides a single pane of glass for managing user access. It is pretty good in terms of the sign-on experience of users. It is easy to understand for even non-technical people.

With this single pane of glass, we also have a good view of the security part or security policies. From an admin's perspective, we have complete logs of everything that is happening in almost real time. We have pretty much everything we need. In recent times, I have not come across many use cases that could not be covered.

With conditional access, you can make sure that you have control at any time. It is a part of the zero-trust strategy. Any access is verified. You have a very good grasp on identity and devices for compliance. You can manage any issues through Microsoft Entra ID. Most companies I have worked with let you bring your own device, and device management is very important for them. They have a tight grasp on who can connect and which devices can connect to their network or cloud resources.

There have been improvements in the onboarding and the leaving process. It has always been a challenge to make sure that people are given the right access right at the beginning and that their access is disabled at the right moment. Historically, while auditing clients, I could see people who left the company five years ago, but their access was still active. Permission management has been helpful there. It is a nice thing to implement.

In terms of user experience, we have not received any feedback from the users about Microsoft Entra ID, which is good because it means it is transparent to them. It works as expected.

As we have a hybrid deployment, providing our engineers access rather than allowing them direct access to our Azure AD server is easier, reducing our security concerns. Our end users can also reset passwords themselves without going through our support or services teams.

The solution saves us a lot of time for our IT department and others. Taking into account onboarding, IT, and HR concerns, Azure AD gives us 50% time savings weekly.

Azure AD saves us a lot of money. 

Overall, the solution positively affects the employee user experience in our organization. We can manage all kinds of activities and other MS products from a single pane of glass, including users, endpoints, roles and permissions, mail, and more. This ease of management ensures a positive experience for our end users.  

The Entra portal offers a unified interface to oversee user access. Through the Entra portal, I can access my resources. I utilize the quick user and quick group features to assign users to roles according to their permissions, missions, and development tasks. This involves our EBAC and RBAC systems, assigning tools, and linking them to functions required for executing tasks. After completing these assignments, we place these users in groups and grant them access to specific resource environments, aligned with their designated tasks within those environments.

The Entra portal does not affect the consistency of the security policies that we apply.

The administration center for managing identity and accessing tasks within our organization operates according to the established protocols and procedures prior to its implementation. We utilize account provisioning, RBAC, authentication, authorization, password management, security, and incident management. These are all components that we have implemented to facilitate access and development within our environment.

There are certain things that have helped improve our organization. First, security. With Entra ID, we have been able to implement SSO capabilities for our applications and most resources in our environment. This means that we can use a single credential to access all of our resources, which makes it more difficult for hackers to gain access. It also makes it easier for our users to sign in to resources without having to remember multiple passwords. Second, Entra ID allows us to implement multiple authentication factors. This adds an additional layer of security by requiring users to verify their identity in more than one way. For example, they might need to enter their password and then also provide a code from their phone. This makes it much more difficult for unauthorized users to gain access to our systems. Entra ID also makes it possible to define roles and permissions based on each user's needs. This allows us to grant users only the access they need to do their jobs, which helps to protect our data and systems. Finally, Entra ID allows us to implement conditional access controls. This means that we can restrict access to resources based on factors such as the user's location or the device they are using. This helps to protect our data from unauthorized access, even if a user's password is compromised.

Conditional access is a way to make decisions about enforcing security policies. These policies are made up of "if this, then that" statements. For example, if a user wants to access a resource, they might be required to complete a certain action, such as multi-factor authentication. If a user tries to sign in from a risky location, the system will either block them or require them to complete an additional layer of authentication.

The conditional access feature does not compromise the robustness of the zero-trust strategy, which is a good thing. I have configured it in my environment based on primary monitoring. We have certain locations that we do not trust users from. If a user tries to sign in from one of these locations, which the system automatically detects, they will be required to complete an additional layer of authentication. With zero trust, we do not trust anyone by default. Anyone trying to access our environment externally must be verified.

We use conditional access with Endpoint Manager. When configuring conditional access, we consider factors such as the user's location, device, and country. These are the things that we put in place when configuring the policy. We create users, put them in a group, and then decide to apply conditional access to that group. So, this particular group has been configured under conditional access. This means that no matter where they are, what device they use, or what activity they want to perform in the environment, they will be required to meet certain conditions that have been configured in the conditional access policy.

We use Verified ID to onboard remote users. SSO is configured for this purpose so that users do not have to remember multiple IDs, passwords, or usernames. This can be tedious when logging in to multiple applications. Once SSO is configured for our users, we also configure self-service password reset so that they can reset their passwords themselves if they forget them. With SSO, users only need to remember one credential, their Verified ID. When they log in to an application, such as Zoom, they are redirected to the identity trust provider, which is Entra ID. Entra ID requires a sign-in. Once the user enters their Verified ID into Entra ID, they are redirected back to Zoom and are issued an access token, which allows them to access Zoom. In this way, users can automatically access all other applications in the system that they are required to use to carry out their day-to-day tasks in the company.

Verified ID helps protect the privacy and identity data of our users. Data access management is all about the user's identity. The three main components of data access management are identity, authentication, and authorization. Identity access management is about protecting user information and ensuring that they only have access to the resources they need to perform their jobs. Verified ID is an additional layer of security that helps to ensure that users only have access to the right applications and resources. It does this by verifying the user's identity and ensuring that the resources are being accessed by the right person. Verified ID also uses certificates to confirm the trust and security of the system.

Permission management helps with visibility and control over who has access to what resources in the environment. For example, an HR manager should only have access to HR resources. To achieve this, we put users into groups based on their job function, such as the HR department. We then grant permissions to these groups to access the resources they need. This way, no one in the HR department can access resources that are meant for the financial department. Permission management helps to reduce unauthorized access to resources and prevent data breaches. Before we grant access to resources, we perform a role-based access control analysis to determine the permissions that each role needs.

Entra ID has helped us save a lot of time by streamlining our security access process. From time to time we conduct an access review to ensure that only the right people have access to the environment and resources.

Entra ID operates on multiple platforms and devices, which reduces the time spent on manual tasks and increases productivity. Its ability to integrate across our centers worldwide, providing accessibility, has saved us money.

Entra ID has improved the user experience and performance. It has enhanced performance by saving users time from having to log into so many applications, systems, or plug-ins. Now, they can log in using their Entra ID. It has also helped with security by enabling multi-factor authentication, which has cut down on attempted hacks. Entra ID has also made enrollment easier for users.

During the pandemic, one of the challenges for organizations was how to secure their IT networks. People were working remotely, and some of them were working from the remotest locations. It gave confidence to the organization that only the right person was getting access to work applications.

It also improves your customer experience or employee experience. You don't have to rely much on servers. 

Microsoft Entra ID provides a single pane of glass for user management.

Originally, it was just an integration within Entra ID with limited governance and scalability. Over time, more and more features such as Certificate Authority and Privileged Identity Management have been added, and the amount of governance and controls has increased. As a result, we can now control more aspects within Azure AD. For example, in the beginning, we could not review sign-ins. We could only see simplified final messages. Now, we have more insight into sign-ins, and the overall service has improved. It is now more stable and reliable, which is most important.

Microsoft Entra ID's conditional access feature to enforce fine-tuned and adaptive access controls work. 

When Microsoft Entra ID is implemented properly it can help save our staff time.

If the implementation was done properly, the user experience was seamless. It may have even improved the experience, given that it supports single sign-on and cross-platform access. For example, signing on to enterprise applications was even better. So, it depends on the engineers who implement the product, not the product itself.

We use Entra ID for 3,000 users, and there are multiple third parties integrated into it. The solution is part of the fabric of our company, so it's essential. 

The solution has saved IT administrators and HR staff time. We build Power BI dashboards on top of it to provide some insights. We're feeding all of the users into that. We've built an aggregator that takes all the sign-in logs and all of that data available in Entra and surfaces it through Power BI, so we can reuse it in different parts of our organization. It makes sense to build the dashboards in Power BI, so that it's centrally available and part of a bigger data set. 

Entra's license management features have saved us money because we can allocate licenses to groups and users. We've built reports on top of that license group user information. We can see how many licenses are being used and whether it's over-provisioned. 

In the organization where I work, Microsoft Entra ID helps automate the process of creating accounts and purging multiple accounts when they are no longer needed.

After moving to Azure Active Directory, life becomes very easy, not only for the administrator and IT people but for the end-users as well. They've now got a single sign-on. Previously, our end-users had to remember multiple account IDs and passwords, and they had to enter the relevant account ID and password for each application, whereas now, they have a single identity across all the applications provisioned in our landscape.

It's helpful for security and compliance. Security is a big concern right now, and we're very sensitive about it. I am from the Oil and Gas sector, and this is something that's very critical for us. Additionally, we have external contributors, such as partners, vendors, and technical consultants, who need access to our resources from outside the organization. Azure Active Directory provides some very good features for that such as guest user access and limited user access. 

It has default integration with all Microsoft products such as SharePoint, Power BI, Power Apps, Power Automate, and obviously, the infrastructure as the service landscape of Azure. This integration is surely amazing.

Conditional access is amazing. I have a success story to share for the conditional access feature. About six or seven years ago, we identified a cyber attack that was coming from certain IPs from Nigeria on our tenant, and through that, some of our users were compromised. We blocked all Nigerian IPs using Azure conditional access and saved our users. It was something amazing and life-saving for us. 

The conditional access feature complements the zero-trust strategy. It makes our environment more secure. It makes our environment more reliable as far as the whole security landscape is concerned.

We use Microsoft Endpoint Manager. Initially, we were not using it, but later on, we started to use Microsoft Endpoint, which was previously known as Microsoft Advanced Threat Protection. Implementing secure policies of Microsoft Endpoint, advanced threat protection, and conditional access provides us with a very safe and kind of sandbox environment. This combination protects us from those who are accessing our environment from unpatched devices, pirated applications, and applications with security loopholes.

We're also using Microsoft Intune to save our corporate devices and provide a secure zone for our users to access corporate resources and applications.

I get a single pane of glass view of all the users. I know who has been registered, who has joined, what their last activity was, and when they logged in. If I extend it, I can purchase Intune from Microsoft and I'll be able to do mobile data management.

Azure AD allowed us to get rid of servers and other hardware that run at our offices. We moved everything to the cloud. Once we set up roles and permissions, it's only a matter of adding people and removing people from different groups and letting permissions flow through. 

It also saved us some money. Our IT group is tiny, so any automation we can do is valuable. We haven't had to grow the team beyond three. The employee reaction to Microsoft Entra has been positive. People like to have a single credential for accessing all our Microsoft and non-Microsoft apps.

The flexibility around accessing company systems from anywhere at any time has proven to be very helpful. Organizations decided during the COVID-19 pandemic, on a very short notice, to announce that everyone should be working from home. The good part was that our company was already working under Azure Active Directory, and most of our applications were under Azure at that time. For us, it was a very seamless transition. There were no major impacts on the migration nor did we have to do any special setups or need to configure networks. So, it was a very seamless experience for our users, who used to come into our office, to access systems. They started working from home and there was no difference for them. We did not have to do anything special to support that transition from working from the office to working from home. It was seamless. There was no impact to the end users.

Bringing our many hundreds of applications onto Azure Active Directory single sign-on authentication has had a big impact on users' productivity, usage, and adoption of enterprise applications because they don't need to log in. It is the same credentials and token being used for days and months when people use our systems with hundreds of applications being integrated. From a user perspective, it is quite a seamless experience. They don't need to remember their username, passwords, and other credential information because you are maintaining a single sign-on token. So, it is a big productivity enhancement. Before, we were not using a single sign-on for anything. Now, almost 90 to 95 percent of applications are on Azure Active Directory single sign-on.

It is a central point where we provide the cloud lock-in for our company. We focus the multi-factor authentication within Azure AD before jumping to other clouds or software as a service offerings. So, it is the central point when you need to access something for our company within the cloud. You go to Azure AD and can authenticate there, then you move from there to the target destination or the single sign-on.

Azure AD added a different layer. We were able to add multi-factor authentication for cloud applications, which was not possible before. We also may reduce our VPN footprint due to the Azure AD application proxy. We have a central point where we have registered our software as a service applications that we obtain from other providers or the applications that we host ourselves.

During the pandemic, we were able to smoothly shift our employees to work from home. Azure Active Directory played a crucial role in ensuring the security of our systems by verifying the identity of the authorized personnel logging in.

We started using Azure Active Directory because it helped our IT administrators and department save time, which was one of the main reasons.

Azure Active Directory saved our organization money.

Azure Active Directory significantly enhanced the user experience for our employees. We observed a notable increase in employee usage and positive communication regarding their experience, particularly after the pandemic.

It's an authenticator. How it's used really depends on the use case that it is configured with. If you are using your Microsoft 365 work account, if your organization requires you to do multi-factor authentication, not just with the username and password, with an additional factor like the Microsoft Authenticator app, then it simply offers that extra level of protection and security.

You can manage locally additional pathways or passwords. You can collect your credit card information or whatever secret notices in the authenticate app. This is something that got the addition the last couple of years.

This product has helped improve our security posture because it allows a tie-in into the Microsoft Azure Sentinel product very easily and seamlessly. From a security standpoint, you have the option of conditional access, the option of identity protection, and those types of things. We have incorporated those right into our offering.

Overall, security-wise, this solution has allowed us to be more flexible. When you had just Active Directory and it was an on-premise solution, you had to do a lot of manipulation to get SaaS products working. You had to do a lot of customizing and those types of things. With Azure Active Directory, it's more configuration than it is customization. This allows us to be a lot more flexible, which brings about efficiency, better security, and other benefits.

Azure Active Directory has also improved our end-user experience.

Before, most companies including ours would use a customized username that would have random characters for a user. This is different from Azure Active Directory, which uses what looks like the email address as your username. In fact, it can be set up as a genuine email address. Where it differs is on the back end, where it has a unique ID, but on the front end, it's more readable and it's better understandable.

From my user experience, the sign-on is seamless as you go through and use any of Microsoft products. Everything ties right into it, and then as you set up your different applications that are tied into Azure Active Directory, and get the single sign-on, everything becomes a whole lot easier to connect into. From a user experience, it's improved it drastically.

For provisioning users, you start by registering an application as either an enterprise application or a custom application. You can set up from within Azure Active Directory how it is that users connect to it. Microsoft has done a great job with providing a lot of application templates that help to connect and add it into the cloud. Almost every application that you could think of is there. From that point, you can set up provisioning.

To assist with provisioning, they have great documentation. From an admin perspective, much of the work is done for you. After the applications are connected to Azure Active Directory, you assign users and groups, provisioning users via API calls, which is how it's done on the back end, and it ties in using service accounts. Then, you can create a group that has the appropriate permissions such as write permission, full admin rights, or contributor rights, and then provision users into those groups. The system automatically handles it for you at that point.

We can centralize and manage everything much more effectively with this tool. We are able to leverage role-based access controls and maintain IAM (identity actions management).   

We can also leverage Defender from a policy and security perspective so we can protect against vulnerabilities of all types. 

For remote workers, when they try to log in with the domain username and password, the device will get synchronized to the Azure Active Directory using the device identification method and it will enter an identification letter based on the policy we have derived. This helps us maintain a modern workforce organization. From our modern work workspace configuration, we can centralize and manage everything - even for off-site employees. It doesn't matter the device. It can be a laptop, iPhone device, or Android device - any mobile phone device. Everything is now centralized.

The key improvements to our organization are:

1. A singular control plane is enabling a more efficient administrative process.
2. RBAC simplifies role access providing a simpler approach to zero trust.
3. Onboarding and offboarding extend to every integrated application meaning that compliance is maintained.
4. PIM and PAM: Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved.

With so many features available out of the box, it is difficult to adequately summarise in the space provided here.

We are implementing more and more services in the cloud on Azure and AWS, so we need to monitor our data security thoroughly. It's always a concern. Azure Active Directory enables us to easily validate the identity of anyone who connects to a particular server. We need to validate our data properly. For example, we must ensure our research data is going to the right person and place. Microsoft Azure Active Directory provides the easiest way to do that.

The Conditional Access feature lets us restrict access to a group of people on specific servers. We create a group in the Azure Active Directory and put only the necessary members there. For example, we can easily set up conditional access to SSH, Telnet, SSH, HTTPS, or any service with Azure Active Directory. 

We plan to implement Zero Trust in many of our other devices. It is an essential feature because users from multiple countries are accessing our research servers. We can provide a highly secure environment with minimum services without compromising productivity with a Zero Trust strategy.

We have wireless units deployed across the campus and use Microsoft AD services to authenticate all wireless activities. Many of the use cases are covered by wireless. After authentication, some users need to be redirected to the cloud. Their identities can be easily validated and captured with Microsoft AD. It gives us excellent control over our on-premise infrastructure.

Verified ID has helped us with our remote workforce. We provide VPNs to our remote employees so they can connect to our cloud services, authenticate with Azure, and be granted the necessary access. We provide policies for each user basis. Users in each category connect to the VPN, authenticate with their Azure credentials, and securely access all the cloud services.

We give provisioned laptops to our remote employees. With the help of this VPN, they spend less time coming to work in person because they have full-time access from home. So that way, we could reduce most of our official requirements concerning our employees. 

Privacy is a crucial security concern for our organization. With Verified ID, we can ideally authenticate Microsoft services without worrying about compromised identities. We used to have these issues with on-premise Active Directory, but this is less of a problem since we migrated to Azure Active Directory.

Our HR department can easily get a complete report on our users. HR can see specific fields, like designation, school, businesses, etc., if they need it from the Azure AD. They can also get the usage logs. They don't need to store all this manually for each person. They can easily get all the reporting parameters from this.

Azure AD saves us a lot of time. On any given day, it will save around four hours. It also saves us money because we don't need to pay for the resources required to have Active Directory on-premises. If we relied on on-premises Active Directory, it would require data center resources, like air-conditioning, power,  hardware, etc. We save considerable money by deploying it on the cloud. Percentage-wise, I think we could save around 40 percent. 

Azure Active Directory has improved our overall user experience. I would rate it a nine out of ten. Our users are delighted.

In our previous organization, we had to give continuous system access to users from external teams, who were not employed by our organization. This solution certainly helped with provisioning access to them, providing them with single sign-on access. It also monitored giant movers and leavers, which was helpful. 

Azure AD has massively affected our end-user experience. It provided a single sign-on for all our partners. They don't have to remember their password. They might be accessing 10 of our systems and don't really need to remember all 10 different user IDs and passwords. In most of cases, they are accessing our systems with their own organization's identity, so they don't need to remember a second user ID and password in addition to their organization's credentials. Requesting access is much better since it is all automated.

Our primary customer transitioned from using a local cluster to utilizing Azure. They initially utilized Hyper-V and have now combined Azure AD with SharePoint Office 365. This new setup has proven to be much more convenient for them compared to their previous local arrangement, which did not work well. With Azure AD, I was able to exert greater control over the content on their machine.

Azure AD saved time for our IT administrators and HR departments, particularly when they need to reset their own passwords or grant permissions to other people within the group by themselves. This saved around 60 hours in total.

Azure AD helped save around 18,000 euros.

Azure AD significantly improved the employee user experience in the company by providing them with enhanced accessibility to their information and facilitating seamless login and logout from their machines while working from home. This is a significant shift from the previous system that relied on a local username and VPN connection and was limited to a fixed cluster.

It has helped in improving our security posture. It is modeled around that. It is an AD, which means it is a directory of users, objects, and resources, and there is a lot of security in terms of the access model and in terms of who is accessing those resources.

In terms of user experience, it is pretty seamless for any user to use Azure Active Directory. The way its security model works is that once you sign in to Azure Active Directory, you get access to a lot of applications and systems that have Single Sign-on enabled. So, Azure Active Directory works seamlessly as an identity provider for many applications such as Slack, GitHub, etc. That's one of the best parts of it. If it is used properly, only by using the Azure Active Directory sign-in, a person can access different resources, which really improves the user experience.

It provides a single pane of glass for managing user access. It streamlines the IT access management process and improves the security of the IT systems. If there are any configuration changes in the software, they are taken care of automatically.

The integration of Azure Active Directory with other Microsoft services is very easy. We can integrate it with Teams, 365, or any other Microsoft solution.

Azure Active Directory provides a seamless and secure way for employees to access work resources that have been assigned to them. They can access the resources from anywhere and work from anywhere.

Azure Active Directory provides a robust set of features. Features such as multifactor authentication and conditional access policies are in-built. These features enhance the security of the IT systems and protect sensitive information from potential threats.

Conditional Access helps to enforce fine-tuned and adaptive access controls. Conditional Access provides more secure authentication for us. We also use multifactor authentication to secure our enterprise from any potential threats.

Permission Management helps to bifurcate the users based on various roles, such as administrator.

Azure Active Directory has saved us time. It has helped to save four hours a day. It has also saved us money. There is about a 10% saving.

Azure Active Directory has affected the employee user experience in our organization. It is seamless. They do not get to feel it is there.

Azure AD is essential to our organization. Our users need to use their Azure AD credentials to log into their computers every morning, and we also manage user accounts in Azure AD. As a result, we cannot function without Azure AD.

We use Entra's conditional access to restrict access to our system from overseas users. This means that users can only log in from Canada and the United States.

Our zero-trust strategy uses conditional access to verify users and prevent unexpected traffic, such as attacks from Russia. This makes our strategy more robust and secure.

We use Entra's conditional access in conjunction with Microsoft Endpoint Manager to limit user logins from Canada and the USA. We also limit devices that can log into the network to only those located in Canada.

Entra has helped our IT administrators save an hour of time per day.

Entra has helped our organization save money.

We used to use on-premises Active Directory. Now, we use Azure Active Directory. The main difference is that users can now reset their own passwords in Azure AD. This is a positive improvement, as it saves time and hassle for both users and IT staff. I believe that this has had a positive impact on our employee experience.

The access governess feature improves our compliance.

The solution improved our organization, especially in terms of security control. Overall, we're 65-70% satisfied with the product.

Using this product has helped improve our security posture. I don't handle security directly, but I know that our security team was able to identify logs containing erratic behavior, such as logins that were not authentic. They were able to identify and solve those problems.

This solution has improved our end-user experience a lot because previously, users had to remember different passwords for different applications. Sometimes, the integration with on-premises AD was a little bit difficult over the firewall. However, with Azure, that integration has become seamless. The users are also happy with the additional security afforded by multifactor authentication.

One of the benefits that we get from this solution is the Azure hybrid join, where my presence of the domains is both on-premises and on the cloud. It has allowed us to manage the client machines from the cloud, as well as from the on-premises solution. We are currently building upon our cloud usage so that we can manage more from the Azure instance directly.

Our cloud presence is growing because most people are working from home, so the management of end-users and workstations is becoming a little challenging with the current on-premises system. Having cloud-based management helps us to manage end-users and workstations better. This is because, with an on-premises solution, you need a VPN connection to manage it. Not all users have a VPN but for a cloud-based solution, you just need the internet and almost everyone now has an internet connection.

Azure AD has features that have helped to improve our security posture. We have a service called Azure AD Privileged Identity Management, where instead of our administrators having permanent access or permanent admin assignment, they can now activate admin roles only when they need to perform administrative-level tasks.

This means that instead of using permanent assignments, our administrators activate the specific roles that they need at the moment that they need them. After the task is complete, the administrative access expires. This has definitely improved our security posture.

Using this product has also had a positive effect on our end-user experience. The self-service password reset is something that has definitely improved our end-user experience. Instead of having to call our service desk, users can now reset their own passwords.

This is important because due to our multi-factor authentication, we no longer have policies where we have to have periodic password changes. We have three and four-factor stages of authentication, which makes our logins more secure. This is why users don't have to change or reset their passwords on a regular basis.

One of the ways that Azure AD has improved the way our organization functions is to help cut down on service desk requests. If I have an issue with my password, in the past, I would have had to log a ticket with the service desk. With most of us working remotely, this would've posed a challenge. It would have required the service desk to verify that I am who I say I am, for example. Now, because users set up their own profiles and are able to change passwords for themselves, at any moment that their account is compromised, they're able to change their own password.

Overall, this solution has definitely improved our organization's security posture. We no longer have permanent administrative permission assignments, and we are also able to restrict who is able to log in to certain applications. Finally, we are able to see and review any risky or suspicious sign-ins.

Specifically, in the infrastructure team, we now have managed identities. Instead of having to create service accounts, we have managed identities that are directly linked to our resources that support them. All of that is managed by Azure Active Directory.

Another way that this solution has improved how we do our work is that we no longer have to keep a record of all service accounts or use one service account for multiple services. Now, each service that supports managed identities can have its own service account, and that is managed by Azure AD.

Azure AD has features that have helped improve security posture. From a security point of view, they integrated with Okta, which is one of the integrations that we used for a customer's use case. From there, their entire security posture is managed and integrated with Azure.

It gave better visibility on our customers' security posture - the way that they configure users, configure their end user computing, and multi-factor authentication. This is where they get better visibility and manageability through this particular solution.

A use case that we did for an end user in a manufacturing organization: We used WVD with biometric authentication because 1,500 processes need to happen in a process. The user didn't want to use a login using their credentials. They wanted to use fingerprinting or tap their ID. That is where we integrated with the authentication. Now, they can process in a couple of hours, and they run those 1,500 processes every day. This changed their login process, which improved the manufacturing process. This helped a lot for their high deployment.

In my current organization, it is connected only for Office 365. We are getting into other services that Azure has to offer, but that has not yet started. The first use case that we are going to do is backup and recovery through Azure AD.

We are trying to do backup for some Tier 1 applications through Commvault. We will use that data to restore within the Azure environment or Azure Virtual Network (VNet), recovering all the applications. We then make sure that we have the capability for recovering those applications end-to-end. This is where Azure AD will play a huge role, so we don't have to come down to on-premises for authentication.

This solution helps to improve security for our clients using a specific directory structure and by using a variety of options. There is a default directory, which is owned by Microsoft, and in there you can create custom directories for your use. 

There is a panel available for the administration of users, groups, and external identities. 

Options are included for uploading your on-premises applications to the cloud, and they can be registered with Azure. This means that you can also create your own applications.

Identity governance is available for paid users.

Using Azure Active Directory has benefitted several of my clients, with an example being a startup organization. Startups have three or four things that they need to do in order to begin work. First, they need a domain, and after that, they need a DNS record to be created for their domain. For instance, these services are provided by godaddy.com or similar vendors. Once these steps are complete, they connect to Azure AD with the help of the DNS record that was created. At this point, Azure AD performs the role of a Platform as a Service. Once Active Directory is connected and verified, you can create the users and groups, and begin managing your processes. 

These are the only steps that are required for a startup. For an enterprise that wants to migrate its on-premises data to the cloud, there are several additional steps. For instance, you need to create a virtual machine and install your server. Alternatively, if you already have a server, it can be connected with the help of AD Connect.

This is a good solution for end-users because the vendor provides good documentation and if the users experience errors or issues, they get a popup alert to explain the problem. Furthermore, it can provide a solution to resolve the issue.

We tried to stand it up as a PoC, and we went back and forth with Microsoft on it for a few months. We never got to a resolution because there is an architectural design issue with the service itself, and Microsoft is not going to change their service for us. We tried to use it, and then we gave up, killed it, and went back to the original plan, which was to use Okta. Our goal is to eventually completely get out of the Microsoft Identity ecosystem and move over to Okta.

We do not use Entra ID anymore. We have moved away from Entra ID. We could not justify it from a business standpoint. That is the crux of the situation. We now have a solution that can meet all of our business needs.

Microsoft Entra does not provide a single pane of glass for managing user access. It is not fully featured yet. There are some things within that Entra ID administrator portal, but it is not as robust as simply going to Entra ID service and then going to different features that it has to maintain identities. It is not even a single pane of glass if you look at how Microsoft does identity between Entra ID, Azure Resource Manager, and M365 itself. I know that they are trying to fix the situation between Entra ID and M365, but the subscription-level identity access controls need to be moved out of the subscription level and need to be globally managed from the identity provider. I am sure there was a design choice for that, but it just does not work when you are a company of our scale because we just cannot keep managing individual resources, so we would like to centralize the identity system.

I used Microsoft Entra Permission Management in a very specific scenario but because we are a hybrid environment, we often found ourselves fighting with cloud groups. We moved a lot of security groups into Entra from our Windows AD environment. We have a lot of stuff that has been built upon that for the past 20 years. Not being able to have Windows Active Directory security groups that are synced to Entra ID to control access to resources was a big pain for us. We would have had to create a cloud group and then add all the members of those on-prem security groups to it, so we did not even bother with it. When you have a company of our age and our size and you have nested security groups, there is a lot of linkage there, and it is not attainable. 

Azure Active Directory has many automation capabilities, and you can apply policies on top. You can do a lot of things with these combinations and integrate other tools like PingFederate. We've likely saved some money, but I don't know how much. 

The solution has made our environment more controlled and robust. At the same time, functions become more challenging for users when you add more controls and multi-factor authentication. However, these measures are essential when you're dealing with a complex environment that crosses multiple regions and cloud platforms. 

We have applied this solution to multiple organizations and it has helped them manage their environments efficiently. Moreover, it provided a high level of security and security features that are appreciated by most of our clients.

In hybrid scenarios, this is one of the best products you could have. It helped many of our customers to manage resources on-premises and in the cloud from a single dashboard. 

It helped our client to control permissions and review permissions for employees who have left the organization which kept them on-control over access and permissions granted to their employees.

This is the kind of solution that I feel you cannot run an organization without using.

Going forward, I expect that this solution will help to eliminate our on-premises infrastructure. Perhaps in the next few years, many companies will question their need for on-premises infrastructure and implement a purely cloud-based position. It will be a pay-as-you-go service.

Using this solution has affected our end-user experience because it enables and supports the Office 365 products that Azure provides. It is indirectly linked to all of the Office 365 solutions.

It definitely has improved our security posture, certainly from providing that second factor of authentication. It provides more visibility. We can see all facets of the business, e.g., when people are logging into our resources. This solution makes it highly visible to us.

It enhanced our end user experience quite a bit. Instead of the days of having to contact the service desk with challenges for choosing their password, users can go in and do it themselves locally, regardless of where they are in the world. This has certainly made it a better experience accessing their applications. Previously, a lot of times, they had to remember multiple usernames and passwords for different systems. This solution brings it all together, using a single sign-on experience. 

Is this specific to Azure? No. We have had other IdPs that gave us that same experience, but we have more apps that are integrated into Azure today from single sign-on than we had previously. Having that one handy "my apps" page for folks to go to as their one source for being able to gain access to all their apps is a much better experience from my point of view.

As an organization, we are going for ISO 27001 compliance. The only way to achieve much of that was to have Azure AD in place. Once Azure was in place, many things, like bringing all our laptops into the domain, and ensuring centralized policy deployment, were taken care of and that is where Azure AD has come in handy.

Unfortunately, I don't have any numbers and metrics related to organizational improvement off-hand.

That said, using Azure AD app services, we don't have to care about secure access to our Dynamics 365 data. Azure AD performs the authentication on behalf of our application and that's great. We don't have to implement security on our side to secure access for third-party services or third-party software or applications.

Azure B2C has also helped us in providing secure access to the Power Apps portal, or external content.

During the pandemic, it helped us carry on working securely as a business.

Azure Active Directory hugely improved our organization’s security posture. The ability to control access to resources has vastly improved.

Azure Active Directory provides us with a single pane of glass for managing user access.

Azure AD made organizing information much easier for our organization. The solution also helped the IT and HR departments save up to 50 percent of their time. Based on the time savings, I would say that Azure AD also helped save costs within our organization.

Azure AD positively affected our employees' experience in the company by providing them with a single sign-on portal to access all their accounts in an easy way.

Azure AD has helped improve the onboarding and offboarding process, especially with the user provisioning and SSO. With Azure AD, once a user account is created, the user automatically gets synced across all of our applications without the admin having to touch each application once at a time.

The solution helped improve our onboarding process by saving us a lot of time.

We are able to do complete onboarding through AD. The users have access through the AD login, which is synced with Azure AD. We have a hybrid environment, and every cloud application is accessed through AD. We have defined AD policies related to password expiration, limitations, etc. It has provided smoother accessibility.

Previously, when we had on-premise AD, to reset their own passwords, users had to use a VPN or bring their laptop to the office. With self-service, users can easily change their passwords. This reduces the workload for IT support. If their password gets locked, they can unlock it themself by using Azure AD. Previously, it was also difficult to integrate with external applications, but with Azure AD, integration with external applications is easier. 

Azure AD makes it easier to see and monitor everything in terms of access. We can see sign-in logs or audit logs, and we can also integrate devices by using Intune. So, we can manage BYOD devices inside the organization.

As a company, you want effective identity and access management. You are able to achieve this with Azure Active Directory, you are able to manage everything, such as building user provisioning into third-party applications, or single sign-on, and tools to mitigate threats or risky sign-ins. There are a lot of features that are provided.

The reason we implemented it is that we can use it for authentication with some of our service applications, and that makes users' lives easier. They do not need to learn a lot of different passwords and different usernames. The other benefit is that, on the management side, it's very easy because you can have tight control over who is using the application and who is not; who has permissions.

For some applications, it's not only working for authentication but it's also being used to apply roles for users. From the management perspective, it's much better to have this because in the past we constantly needed to go into the console of the different solutions and create or delete users or modify their roles and permissions. Now, with Azure Active Directory, we can do that from a single point. That makes our management model much easier.

As a result, the solution has helped to improve our security, because user management control is very important. In the past, there were times when, for some reason, we forgot about deleting or even creating users for certain applications. Now, because we have only a single point for those processes, there is better control of that and it reduces the risk of information security incidents. That's especially true when you consider the case where we had forgotten to delete some users due to the increasing number of applications in the cloud. We now have five or six applications using single sign-on and that capability is one of our requirements when we introduce a new solution. It has to be compliant with single sign-on and it should have a way to be implemented with Azure Active Directory. It makes our infrastructure more secure.

Among the applications we have that are using single sign-on are Office 365, Concur for expense control, we have an integration with LinkedIn, as well as two other applications. When a user decides to leave the organization, we check that their access to all our internal applications has been closed. That can be done now with a single script. It makes it very easy for us to delete the user from the organizational unit, or from where the group linked to the application.

It makes things a lot more comfortable in terms of security as we don't need to log in to every single application to delete users. We would see, in the past, when we would run a review on an application in the cloud, that suddenly there were, say, 10 users who shouldn't be there. They could still be using the service because we didn't delete them. For some applications it's not that bad, but for others it could be an open security risk because those users would still have access to assets of the organization. We have reduced, almost to zero, the occurrences of forgetting a user.

Azure AD has affected the end-user experience in a positive way because, as I mentioned, they do not need to learn different usernames and different passwords. In addition, when users request access to some of the applications, we just need to assign the user to the different groups we have. These groups have been integrated with the different cloud applications and that means they can have almost immediate access to the applications. It makes it easier for us to assign roles and access. From the user perspective that's good because once they request something they have access to the service in less than 15 minutes.

Microsoft Entra ID has been most beneficial in the realm of IT management, although not significantly impactful on user experience. Microsoft Entra ID is not solely for user management or enhancing user experience. Rather, it greatly aids in constructing operational processes for IT management, as its capabilities extend far beyond user and access management. In terms of refining user experience, it certainly contributes to areas like authentication, particularly in diverse authentication methods and device-based authentication. 

We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.

We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.

I don't want to say that the product hasn't improved anything for my organization. The problem with the solution stems more or less from the fact that technology is moving ahead, and my organization needs to try to keep up with the changes, which makes it a new way of doing things that will be applicable to the future. Maybe if we could transition to certain things faster, I would have seen the product's full benefits. Since the areas of transitions related to the solution are slow, I haven't experienced the full depth of what I can do with the product.

Previously we had to manually create the authentication server, but when we used Azure AD, we got the server directly from Azure. I didn't have to design the server.

We were also able to filter on the domain for the client I was working for.

In addition, we used Azure AD's Conditional Access feature to enforce fine-tuned and adaptive access controls. That was pretty useful because we didn't have to do much because we had attributes like authorized tags. And we configured scope, meaning who can access what, in the manifest. It was not very complicated.

And Azure ID has definitely helped save us time. Earlier, we had to depend on the infrastructure team, a different team, to manage the Active Directory permissions. But now, most of the time, the developers have access in the portal. It is saving us about 40 percent of our time.

The solution improved our and our clients' security; end users are more confident knowing that their information is confidential. Strategic users, VIPs, and admins are protected from potential attacks because their authentication goes through Microsoft Authenticator.

The product has significantly increased our security maturity and gives us comfort knowing we have security in a good, affordable solution.

We couldn't live without the Active Directory services. It has helped to improve our security posture. We have a lot of users and hardware to manage and we can do that with Active Directory.

Especially nowadays, people are working from home and we have a client that we actually started migrating to Azure Active Directory and moving some of their applications into the cloud. Since COVID struck, and a lot of people are working from home, since the data center's on-premises, it is very hard for them to bring all of their users into VPN and some of them there are outdated and they can't really accommodate the number of users that are working from home.

However, with Azure AD, some of their applications we have in there they can access from anywhere - even from their home basically, as long as they have internet access. Some of the applications we brought into Azure AD include the Windows Virtual Desktop to basically run their application in the cloud. We built a gateway to their own premises data center and they go into the Windows Virtual Desktop and they can authenticate using Azure AD and then they can access their on-premises application. It's basically the transition from being on-site all the time to working from home. It's a smooth transition because of Azure AD.

Authentication and security are the primary concerns in our organization. Through Microsoft Authenticator, we provide authorization to the right people so that only eligible people can access an application. We can verify that all users using each application are valid and verified through the two-factor authentication provided by Microsoft Authenticator. We have some Azure cloud-based applications where users log in, and we need to ensure that the right people are authenticated and have the right roles in our organization. These are the ways Microsoft Authenticator benefits our organization and serves our organization's purposes.

Microsoft Entra ID has improved our organization because we now utilize a single source of truth for authentication. We have less management, and I can point everything to Microsoft Entra ID. I have fewer people talking about resetting passwords, the MFA pieces, and more single sign-on.

I'm not attaching or having to authenticate on separate apps, which has greatly benefited us. We are able to route things into Microsoft Entra ID. I create one ID, I create groups that manage the security side of it, we plug that in, and it works great.

The client has to have a clone network storage and manage the services it provides to the handful of people he works for. The control and identify data do what it is supposed to do, as advertised, but the client is not utilizing those features.

The solution strengthened our security posture by providing fine-grained access based on attributes, standardized names, and values. Azure AD reduced our time to market for products based on improved security.

The product also improved our service desk overhead.

Azure AD positively affected our end-user experience via reduced time to market, being an identity product for our workforce.

Previously, we had several unauthenticated or unverified users who signed on to applications and performed some unauthenticated tasks. This resulted in data being deleted or modified. We needed a tool that could provide multi-factor authentication at certain levels so that only authorized employees and team members can access certain applications and data. Microsoft Authenticator has helped us achieve these goals.

Entra is very good for the organization because we now have many users, due to COVID, who are working from a distance. With Microsoft, we can give them the opportunity to download all the applications on their personal PCs, like Teams, OneDrive, et cetera. They have a single sign-on and they can log on from everywhere.

The solution has improved things a lot for our organization because it has improved productivity. One specific effect is that we used to use a lot of VPN access, but we have decreased that access by 80 percent because they don't need the VPN anymore. And productivity has also improved very much, because users can do their jobs from everywhere, even on their mobile phones, because they have their files on OneDrive. With Azure Active Directory, we don't have security issues thanks to the added security on the cloud, such as MFA and also Defender for Endpoint. 

But it's not only productivity tools that we have on Azure, we have other applications as well that we have set up for our users, like SAP. We have also diminished our telecom costs.

We have saved a lot of money, I'm very sure about that. We pay for the solution but because it is in the pricing agreement, we have more tools available and we don't have to buy more. I would estimate it has saved us more than 40 percent.

In addition, before, we had to work through all the horizontal firewalls and security sensors in the company. Now, we have separated the productivity tools like Word, Excel, OneDrive, and Teams. That means our users are very pleased with the user experience. They like using it. They can work from home or at the company and their files are synchronized. 

Overall, we feel our security has improved and we are confident.

You can set policies to specify where users will have to use the Authenticator app to log into particular applications. 

It makes all junior users accountable. There is no excuse for someone else logging into anything because of the multifactor authentication and Authenticator app. You have to verify your identity to log in to specific applications that contain confidential information, especially in a HIPAA-compliant environment.

With MFA, if there has been a password leak and someone tries to access the system, Azure AD will send a notification to the real user's cell phone and ask, "Are you trying to login? Please approve or decline this login." If the user declines the login, he can send a report to IT and the IT guys can automatically block the account, change the password, and review everything else. That helps us prevent unauthorized access to the system, and that's just through the use of MFA.

Through access policies, if my account was stolen and the guy got his hands on the MFA information for some reason, if the real user is in one country and the thief is in another country, the account will be blocked by our geolocation policy, even when the password is right and the MFA has been approved. We can lock it down using geolocation.

It has features that have definitely helped to improve our security posture. The identity and access management, at the end of the day, are about security. It also offers features like multi-factor authentication, Privileged Identity Management, and access review and attestation, and all of these are connected to security and typically help improve security posture.

We have secure scores and compliance scores. These scores tell you your standpoint in terms of recommendations, vulnerabilities, etc. So, it can tell you what you need to configure to increase your security posture, then you can tell where you are. With the compliance scores, it will tell you what you need to do to improve it. The secure scores will tell you that maybe you should enable MFA for all users or that all admins should have MFA. It gives you a lot of suggestions and recommendations to improve your security posture. 

Microsoft Endpoint Manager acts as a mobile device management tool. It focuses on the firewall and does device compliance policy. There are a lot of policies that you can use to align your organization in regards to compliance and regulations. Also, there are security settings that you can enable.

In Microsoft Defender, it accesses the devices onboarded to your Microsoft Defender so you can see the vulnerabilities in terms of the applications installed on a system as well as the version of the OS that you are using. It shows you the patch management that you need to do for vulnerabilities. 

Entra ID provides more clarity regarding what's happening in the business. The benefits of using this solution were realized straightaway.

It helped save time for our IT administrators or HR department. Azure ID has positively affected the employee user experience in our organization.

Before Azure Active Directory, it took effort to provide cloud access to on-premises users. With Azure Active Directory and AD Connect, we are able to sync on-prem users to the cloud with minimal effort. We don't have to manage keeping multiple entities for the same user.

We don't really have breaches anymore. Now, in most cases, we set up a sign-in policy for risky things, like a user signing in via VPN or they can't sign in based on their location. This security aspect is cool.

If a user wants to sign onto the company's account, but turn on their VPN at the same time, they might not be able to sign in because of the Conditional Access policy set up in place for them. This means their location is different from the trusted site and trusted location. Therefore, they would not be able to sign in. While they might not like it, this is for the security of the organization and its products.

We can see user activity and analyze user interaction between the websites and log files. It gives us a single point of control. Overall it has helped place our security posture in a good position.

In addition, using Microsoft Endpoint Manager, new laptops can easily connect to the MDM solution, making for a very good user experience, particularly for new systems. Users just log in with their email ID and multifactor authentication. Once they are logged in, they connect automatically to the back end and that helps make the user experience for configuration very good.

These are still early days, but we are certain that it will improve our organization as we move away from on-prem Active Directory.

It provides a single pane of glass for managing user access, but we have to get more into it to be able to say that for sure. We have got so many different tools. It would be nice to have less tools. We are starting to take a look at how to consolidate tools.

It will definitely help to save time for our IT administrators.

It has not yet helped to save our organization money. It is too early for that.

Microsoft Entra ID helps to synchronize information from on-premise Active Directory. There are security features such as multifactor authentication. We can also use a single sign-on to connect with the other application on the cloud. 

It helps our admins to have more security. It is helpful for authentication methods, log checking, and audit trails in case of security concerns. However, it has not saved them time.

Microsoft Entra ID has not helped to save our organization money, but it helps to improve security.

In the last two years, as COVID has been present worldwide, the Azure Active Directory capabilities have allowed us to work completely in a remote way. It's not fully necessary to work at the office or in only certain locations. We are now fully capable to work from any location, any place in the world.

Azure Active Directory works well to access the resources that the school has set up for the students. We can share between our groups, and we can set up shared assignments or shared project folders very quickly and easily.

We have access to shared storage space, which is great. It is managed through Azure Active Directory and appears to me as a Microsoft OneDrive account.

As an end-user, the access to shared resources that I get from using this product is very helpful. I also use it for my email, which is a domain that is part of the organization. 

This solution is in the cloud and as soon as users log in to the Office 365 portal, or whatever application you assign to them, it will take care of the identity aspect.

We have protected the entire tenant itself, as a federation. AAD has also become a great source of research.

Previously there were many tenants and many subscriptions within each tenant. We have been able to separate Office 365 as a separate tenant and not welcome any other applications into that. We are only using SaaS with that tenant. Later, we had different tenants, and we welcomed all types of PaaS and IaaS.

Recently, managed identities came into the market, and we are trying to adhere to automations and customization, the automation of groups, which is a major advantage. That way, people don't have to wait for a long time for manual intervention. If they raise a ticket, within a few minutes the answer can be in their mailbox with all the details.

It's improved our company through the security policies. It's helped improve our security posture. 

Conditional access has helped us to better provide more security for our users and MFA has helped us to provide more security for users who are working from home. They use their own personal devices.

Azure AD has helped us to provide security for applications that I didn't have access to.

This product has improved our overall security posture. Everybody is working from home using a VPN. We recently migrated everybody to MFA, which is required to connect using the VPN. People are now more aware of their passwords and overall, gives them better security.

Using the Self Service Password Reset functionality has helped to improve our end-user experience because they no longer have to deal with the service desk to do so. It also helps the service desk because it relieves them of the need to help users when it comes to password changes, allowing them to focus on other things.

Using Azure AD has improved our security posture overall, more than anything I've ever worked with.

It enables end-users to be more secure without it actually affecting their work. Usually, security solutions makes it harder for them, so many start using other solutions instead, solutions that are not managed or monitored by the organization. But when we use Azure AD's Conditional Access, for example, as long as they behave, users don't even notice it.

The passwordless feature means they don't even need to have a password anymore. It's easier for users to be more secure. You can invite anyone to collaborate in a secure way. 

Microsoft Entra ID has improved the way we administer the technology. One strong capability is our ability to use single sign-on. Using identity is an important component of our security, so we have been able to consolidate. Instead of having to manage users for different applications, we use single sign-on. We use Microsoft Entra ID to be the core of identity management across all applications. We have the capability to do so, so it reduces the burden of onboarding, offboarding, and giving different permissions because we have a centralized way to handle that.

Microsoft Entra ID does a pretty good job of providing a single pane of glass for managing user access. For zero trust and the more modern security approaches, it is key to have a single pane of glass. We are able to be very regimented and have processes that are repeatable and reproducible. It provides that consistency, so it is easier to be very consistent.

Microsoft Entra ID has helped to save time for our IT administrators, but I would have a hard time quantifying that. We do not have a lot of users. We are dealing with hundreds of users and not thousands or tens of thousands of users. We are able to use logic and rules to handle most permissioning versus having to do administrative things manually. There is less touch. We touch it only when we have to troubleshoot. If we have a good set of rules, it handles what we need to handle.

There was a lot of logic and a lot of improvement overall in terms of improvement. On the user access side, it improves the company a lot, specifically in regard to security. It really does help with access and protection.

The solution helps us keep our data secure and prevents security breaches, malware, etc. The app also provides us with options regarding our authentication preferences.

There is on-premises AD and cloud AD. We are able to sync the solution and use the load technology and password management features.

Everybody is moving from on-premises to Azure Active Directory because it's cost-effective. They don't need to spend a lot of money on the on-premises resources, such as an on-premises server and maintenance. Now, given that Microsoft has started Windows 365, which is a PC in the cloud, you don't need to have a PC. You can work on an Android tablet from anywhere in the world, using cloud technology.

In terms of the user experience, because the solution is in a cloud environment, people are not bound to work in a specific network. In the old-school way, if you worked from home and you had on-premises Active Directory, you needed to use a VPN. VPNs can be highly unstable because they depend on your home network. If your home network is not good, you won't get the same bandwidth as you would get when using the resources inside the office network. With Active Directory in the cloud, you can use your own network to access the resources. It's faster, reliable, and it's cheaper compared to Active Directory on-premises.

Microsoft Entra ID has made our organization more secure. 

Azure AD has enabled the organization to set up single sign-on to all applications and has consolidated everything to a single cloud authentication for users. This saved a lot of time by not having to administer accounts in multiple systems, and it has also made it easy to control user identity for all cloud and internal applications. Security features such as attack surface rules and conditional access rules are also highly valuable and help the organization feel safe with all its user accounts. The Entra conditional access feature is used to enforce fine-tuned and adaptive access controls, and it is perfect for verifying users in line with the Zero Trust strategy. Overall, Azure AD enabled the organization to control one set of accounts and policies for everything, providing a huge benefit.

Normally, because a third party requires it.

It provides you with security. It provides the third party with some level of security.

But vendors like myself do not appreciate it.

We basically use this for Skype. We are using the cloud environment and we need the Active directory to be ticketed so if we can call and they can log in at the moment. Apart from that, we use it for video connections. If people are working from home, it is helpful that it is in the cloud. At the moment, we do not need to go for the VPN, and then we can connect. For this purpose, we use the Azure. We run quite a big business, and it is helpful with the electrodata we have used. 

The beauty is that it affords us more of an anytime, anywhere operation because we're not tied to an on-prem solution. From a customer experience standpoint, users don't really care about what goes on behind the scenes technically. They just want their lives to be easier. Now that they can access Office 365 globally, anywhere from any device, that's huge. That helps productivity and gives them the ability to get work done. And having to manage fewer passwords and user IDs is another true advantage.

The solution gives users seamless integration to all these products and streamlines the user experience. That's definitely been a pro.

In this completely upside-down world that we're in these days, with most people elsewhere and very few people in the office, it gives us tremendous flexibility for keeping people productive and providing them with access to the data and tools that they need to perform their jobs. It has given us the opportunity to move to this more mobile environment.

Also, the SSO aspect improves our security posture because people aren't writing down or creating a list of all their passwords. Now they only have to remember one. It has definitely made it easier for them to manage. In addition, we've introduced MFA so that whenever you sign in, you're also challenged for approval on your mobile device. That adds to the security.

The best example of how it has helped our organization is when we migrated toward Azure. We were able to take all the users which were there on-prem and migrated them over. If those facilities were not there in Azure Active Directory, then we would likely have to create individual users and one by one give them specific access. We'd have to look at their needs and set authentication. It would be hard to control users that needed higher admin-level access. Without the Active Directory, we would not have the control we needed. 

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

It has given us the ability to be able to establish single sign-on identities in which we can establish credentials no matter where we are, whether it is on-premises or in the cloud, in a hybrid cloud, or in an additional connection from another cloud where we share equipment or host. 

Additionally, we enabled more protection functions so that it is well protected even though it is a single credential for each environment and established for any environment it could be safely protected.

Azure Active Directory has improved our organization because it is one of the key components and is being used by almost most companies for identifying and access management on the cloud or on-premise infrastructure.

It has helped save time for our IT administrators. It's seamless for the users because they simply log into the stations, but it's affecting the response time and efficiency of the IT team.

Azure Active Directory has helped the organization maintain the user policies of their computer systems.

We deal with a lot of health information that we have to keep confidential, so having the Azure cloud security policies in place, such that nothing is exposed to the outside world, is helpful for us.

Active Directory helps me all the time. When users want to log in, it shows me this information with a time and date. It also shows me which computer they are going to use. I can track my users at any time.

I am still figuring out the whole on-prem/Azure Active Directory Premium/Microsoft 365 integrations and administrative connections.

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

I've been in the Azure space since it started out and in the Microsoft Cloud AD since the BPOS days in the early 2000s, and it's just a product that made life simpler for my clients to be able to integrate everything.

Microsoft Entra helps our clients save a lot of time, especially with the many automation processes that we can leverage to facilitate our work. The amount of time saved depends on the customer's needs. In general, on average I would estimate it saves them 40 percent in terms of time. But in some cases, it could be up to 70 percent.

It also helps them save money because they can work with fewer employees, or they don't have to hire more employees to do tasks that can be automated.

Another benefit is that it provides satisfaction at the administration level. On the user level, the ease of use makes it easy to understand without any limitations.

And it provides quite a good level of security for all users.

There are plenty of benefits. First, as we had Microsoft AD on-premises, it was very easy to configure Azure AD. We are using the password hash sync for authentication, so authentication on the cloud is very seamless when users use applications on the cloud. That is very important.

Also, with the help of sign-in logs, we are getting information about every application, such as where a user is trying to log in and from which device, making things very crystal clear. We only get this type of transparency and accuracy only from Azure AD.

We use the Conditional Access feature to fine-tune access. We implement a lot of access policies. For example, we want to get rid of client machines with Windows XP and some legacy applications, so we created access policies to prevent logins from those devices and those applications. We have also created policies to prevent logins from certain areas around the world. These abilities are very helpful in preventing phishing and scams.

In addition, there are so many tasks and activities that are automated in Azure AD. For example, we have enabled the password reset self-service so that users can reset a password themselves and log in to their accounts. That is one way it saves time for our help desk team. It no longer requires the help desk. From an administrative perspective, it's very convenient for us to manage and maintain the users of the organization. Azure AD is saving us 10 to 12 hours per week, and that's for just one person who would otherwise be responsible for resetting passwords.

The solution has also prevented so many potential cyber attacks, and that has saved us money. And by saving man-hours, we have saved money. Thirdly, we have been able to reduce manpower. I would estimate it has saved us 20 percent in terms of costs.

Another benefit is that, from a user perspective, it is very smooth and easy to sign in to all the Microsoft applications with the Azure AD sign-in. The UI is very intuitive for Microsoft accounts, so it's very easy for them to log in. We also have single sign-on enabled for desktops, so whenever a user signs in to an application on their machine, they don't need to sign in again and again. With the help of the same token, all other applications can be opened easily.

Back in '96, '97, '98, nobody was doing intake. So that was a new thing that came in 2000. And it created the container based inherited permissions, which was new for that stage. Before that it was very static, there wasn't inheritance, there wasn't assertions. Then they introduced that and they've slowly built it, and then it just got too big and old, and really the database that MT's on is just vulnerable to all these attacks. And that's primarily why they want people to get off it. There's about four or five open attacks that make it very easy to both intercept the credential requests, and also attack the database itself.

The ability to speed up delivery is a nice benefit, because rather than having external dependencies there's a certain guarantee that if you use anything within that technology platform. Whether it's full of applications, or various other things, there havee already been regression tests by the vendor. And you don't see the same defects that you get when you have integrated systems.

It helps us with maintaining enterprise identities and integrating enterprise in those applications are some of the assignments.

We do have an expanded feature. We have captured video, so that other people can get their hands on getting used to it. That is, they can get used to the platform and implement it from the beginning.

The quantum we are using is probably the authentication The security-based factor of authentication.

We simply use Azure AD and everything is taken care of instantly. You need not worry about user management. Everything is taken care of by Azure AD itself. You just simply have it in your application and everything is done out-of-the-box.

Improved user experience with SSO logins.

When logging on to Azure AD it's pretty quick.  This is because it is managed by Microsoft and there isn't too much administrative overhead for our System Administrators in setting up a bunch of complicated policies to allow the users to log on. Basically we lock down the machine with policies but, the user authentication is much faster and simpler. This is something that the users have noticed.

This solution has helped my organization by allowing us simple management of identities within the organization for integration with the single sign-on system unifying access to applications for mobile devices and management. 

AD is the starting point for the unification of access control, or for using those identities within AD. Without it, we would not be able to give our users access to applications from different devices, whether they are Mac OS, Windows 10, Android, or any other operating system.

From a practice point of view, of storing secrets internally on Azure AD, we use the certificate when we can.

I would advise to allow an ex-client user to change their password. At present, you can only change your password externally if your password is still valid. If your password is expired, you cannot actually do it through Azure AD.

From the beginning when I joined the company, they were already using Azure AD Premium. The most wanted features would be the synchronization between the Windows AD, Azure AD, because there are so many capabilities that just because we can't sync their own from Azure AD.

This solution will support the expansion of services and servers into the cloud.