Microsoft Entra ID Reviews

Microsoft Entra ID is used to control access to our environment.

Microsoft Entra ID has been most beneficial in the realm of IT management, although not significantly impactful on user experience. Microsoft Entra ID is not solely for user management or enhancing user experience. Rather, it greatly aids in constructing operational processes for IT management, as its capabilities extend far beyond user and access management. In terms of refining user experience, it certainly contributes to areas like authentication, particularly in diverse authentication methods and device-based authentication. 

The best thing about Microsoft Entra ID is the ease of setup.

If we're highly experienced or dealing with intricate scenarios, Microsoft Entra ID might not be the most suitable solution. In my opinion, it resolves the majority of cases, but it lacks comprehensive management tools for access control. I don't consider it the premier tool for user or identity management. While it covers many aspects, we'll need supplementary tools to effectively manage access rules. This deficiency is quite significant. To make it viable for a large organization, substantial additional development is necessary.

Microsoft Entra ID provides a way to manage user access, but it's not an effective tool for access management due to its excessive complexity. This is primarily because the process needs to be performed manually. Therefore, it lacks a user-friendly interface where we could define all access rules and scenarios comprehensively.

Zero trust is not easy to set up, especially for large organizations. While it could be implemented for smaller organizations, the extensive manual configuration required makes it impractical for larger enterprises.

Microsoft Entra ID's impact on access and identity management is relatively limited.

The single interface for managing permissions, permission rules, or conditional access policies needs to be significantly more user-friendly. While it remains functional for IT departments, it is not particularly user-friendly for end users. There is considerable room for improvement in this regard.

Microsoft Entra ID offers various features, but its setup and utilization are quite complex due to the lack of a user-friendly interface for end users. Unless we allocate a significant budget and a substantial workforce to configure it for end users, making it usable remains a challenge. Moreover, even with these investments, the cost of using Microsoft Entra ID would become prohibitively high. Thus, it's evident that the platform lacks the necessary functionality to provide a satisfactory end-user experience. 

I have been using Microsoft Entra ID for eight years.

The solution is stable. I have not encountered any stability issues.

Microsoft Entra ID is scalable.

I have had a positive experience with technical support. Additionally, if we opt for premium support or possess varying levels of support agreements with Microsoft, we can access excellent support.

Positive

The deployment is quite straightforward. It's truly uncomplicated from an IT perspective to utilize Microsoft Entra ID. It's not overly intricate in that aspect. However, when we delve into end-user scenarios, and the management and configuration of conditional access policies, permission management, and other similar aspects, it does introduce a certain level of complexity, naturally.

Microsoft Entra ID service can be quite costly due to its hidden expenses linked to usage. This cost ambiguity arises from our inability to accurately project expenses prior to implementation, contingent upon the specific features employed. The expense is particularly notable if we intend to utilize it for comprehensive identity management. Nevertheless, alternative budget-friendly identity management solutions are limited within the current market landscape.

There are no additional costs for maintenance because most of the parts are cloud-based and managed by Microsoft. This means we can't manage it ourselves. However, if we had a private cloud with Microsoft Entra ID, for instance, then we could manage our entire cloud ourselves. This would allow us to have good control of the costs. But there are many small components in Microsoft Entra ID. So, when we are planning to build something with Microsoft Entra ID, we might struggle to understand the total cost for the users. It's difficult to comprehend all the necessary pieces we need to purchase to construct a scenario. Only after we have designed this solution, we will be able to see the complete cost. Unfortunately, there are numerous hidden costs in Microsoft Entra ID that I am not particularly fond of.

If we consider the top three or four management tools, they offer numerous out-of-the-box features for connecting to HR sources. Furthermore, we have a straightforward method for establishing access policies based on our HR data. In my opinion, competitors hold an advantage over Microsoft Entra ID.

I would rate Microsoft Entra ID eight out of ten.

We can achieve a great deal with conditional access policies; however, using the interface itself is quite cumbersome and not very user-friendly. Consequently, there are very few tools currently available that offer a well-designed user interface for managing access policies. This is consistently a highly intricate scenario.

Based on my experience, Okta functions primarily as a solution for managing customer access or customer identity, rather than being the conventional method for handling business or corporate identities. It's more focused on robustly managing customer identities. However, in my previous procurement roles, it has never been selected as the primary option. This could be due to my limited exposure to customer identity management. Thus, I find it challenging to draw a direct comparison. On the other hand, Microsoft Azure Active Directory can certainly serve as a customer identity management solution and is comparable in this aspect. However, the comparison doesn't hold true for user identity management.

The maintenance is controlled by Microsoft because the solution is on their cloud.

Organizations should refrain from exclusively using Microsoft Entra ID for all identity and access management scenarios. This is because relying solely on Microsoft Entra ID necessitates creating additional components ourselves to address aspects that cannot be readily addressed using the default Microsoft Entra ID setup. We are required to construct these components and establish phases for end users, as Microsoft Entra ID does not encompass all these functionalities. A more effective approach could involve integrating Microsoft Entra ID with another product, such as SailPoint. This combined utilization would likely result in a robust identity management solution. It's important to recognize that Microsoft Entra ID alone cannot adequately address all our scenarios.

We provide a pipeline for Azure Active Directory. We are working with premium clients, giving them services, like SaaS application services through Azure Active Directory. Also, we help external clients who are planning to migrate from on-prem to Azure Active Directory. We help them with the setup, etc.

We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.

We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.

The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features. 

There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users. 

Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.

Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.

Azure AD needs to be more in sync. The synchronization can be time-consuming. 

The availability is good. I have never experienced any downtime.

The scalability is great. If we will go with the custom installation version of Azure AD Connect, i.e., for many users, then we can go with the custom settings. 

I have one client with one tenant. We verified their domain and created many users. It was already on-prem, so we synced all the users from on-prem to Azure AD. We gave those users Office 365 permission from the Office 365 admin center. From there, we enabled the MFA and assigned the licenses. 

We have migrated 10,000 to 12,000 objects from on-prem to Azure AD previously.

Whenever I have logged a case with Microsoft, their technical support replies within 24 hours with an email and a call, which is good.

Previously, our clients only had on-premises Active Directory. They migrated to Azure AD because they didn't want to keep their on-prem environment. There are a lot of challenges with maintaining those servers and other costs. 

It is also a good service. From one console, we can manage many things. It is better if we can work with it from a single console, managing it all with fewer resources. With on-prem, there are many domain controllers that we need for various stages, and we have to manage all the domain controllers. Apart from that, we have to back up and monitor the server as well as do everything for the setup. 

It is a very easy process to set up. First, we need to collect all the information, e.g., the custom domain information, user information, and which kinds of applications the users want to access. All this information is needed. Based on that, we can just set up and go to the Azure Portal. We can go to the Azure Active Directory console from there, where we can verify the domain and do the management. It is a very easy process, which is not time-consuming. Though, if you want to design your own application (customize it) and provide access for a particular user or group, then it can be a bit of a time-consuming process.

I don't think more than one or two people are needed for the deployment. If we have all the information, then we can work alone. Not many resources are needed for this.

Azure AD has a good return on investment. We do not need as many servers, electricity, etc. We can save from a cost point of view. Apart from that, if we have a limited set of users, we do not need to go with the extended version of Azure Active Directory, where it costs a lot to enable these services. Azure Active Directory is a good option compared to on-premises. 

This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.

We are working with the Premium P2 licenses, which are reasonable. If you invest in the on-premises environment setup, then it costs so much. However, on-prem AD gives you the ability to manage your organization in a very organized manner, where you can create a group policy.

Azure AD provides identity access. If you have to go with the identity part only, then Azure AD would be the better option. If you will go with the various authentication authorization and security services, like group policy setup, then on-prem Active Directory would be better.

It is good service and easy to use.

I would rate the solution as a nine out of 10. They should be improving the solution all the time.

My organization uses Microsoft Entra ID for some people who access Azure, especially for people who need Azure for different things. My organization deals with people transitioning from a standard data center environment into a cloud-based one to meet their needs. My organization has certain conditional access to certain people because we have access to government and cloud services or a commercial environment, along with different versions of each of those across different groups. I would say that most of our organization's work is just giving conditional access to people and occasionally vendors, but nothing too absurd.

I don't want to say that the product hasn't improved anything for my organization. The problem with the solution stems more or less from the fact that technology is moving ahead, and my organization needs to try to keep up with the changes, which makes it a new way of doing things that will be applicable to the future. Maybe if we could transition to certain things faster, I would have seen the product's full benefits. Since the areas of transitions related to the solution are slow, I haven't experienced the full depth of what I can do with the product.

The most valuable feature of the solution is its ability to delegate roles to each individual resource, which is great. I think the aforementioned feature is better done in the solution itself than with an actual local AD.

I wish transitioning from Microsoft Active Directory to Microsoft Entra ID was a little easier, and I didn't have to learn so many new concepts. I faced difficulties from Micorosft's end and during the transition from Microsoft Active Directory to Microsoft Entra ID. Sometimes, some of Microsoft's documentation could be a little outdated. The product doesn't meet the organization's niche requirements, especially in our environment. Microsoft Entra ID is not a very standard product.

When I think about the trade-off I have had to go for to get the aforementioned feature, it does annoy me. For me, I can't mirror accounts with the solution. I need to consider that we have so many groups and subscriptions, and I can't just see a blanket of their different individual roles in every single resource if I create an account for someone who takes over a job in the organization. In the solution, some people might have specific roles in one resource, which might be the only thing in there. With Microsoft Entra ID, I can't view every instance, and I have to go one by one subscription all the way down, which is a huge pain when you have 400 to 500 subscriptions. The aforementioned aspects can be considered for the improvement of the solution.

I have been using Microsoft Entra ID for the last five years, but not at its full capacity because, in our organization, we have to ensure that we help with the migration process of different governmental agencies piece by piece since we are a multi-cloud, multi-tenant, multi-forested environment. My organization is a customer of the product.

When it comes to the technical support for the product, I have a representative who works for me, making the support good since I can have him put under fire. I have had some issues with the tool. The IT security audits that come under Microsoft Services Hub are something we needed in Microsoft Gov cloud, and there's only a certain region of Microsoft Gov cloud that supports it, meaning you cannot use Microsoft Services Hub on it, which is all fine as you just have to run it either for by line or you have to run it from within Azure's portal. I had three separate calls with Microsoft's technical support about it, and it was the third tech person who told me after looking at the ticket raised by my organization with the support that the support team had not even finished adding our ticket to their list, which to me was like an organizational issue. Apart from the aforementioned issue I faced with the support team, I feel everything else has been fine. I wouldn't go around saying that Microsoft offers bad technical support.

I rate the technical support a seven out of ten.

Neutral

As the product already existed before I joined my current organization, I was not involved in its deployment phase. I have some past experience with the deployment processes of Microsoft Entra ID and Microsoft Active Directory. The deployment process of Microsoft Entra ID was easy, and it is not anything different or terrible.

The time for deployment of the tool depends on the client or the project my organization deals with, and a lot of the clients I have worked for are pretty small teams. I haven't had to do too much in terms of deployment.

My organization hasn't considered switching to a different product, but I know that we have some AWS environments with IAM solutions.

It is easy to use the solution's offering of a single pane of glass for managing user access if you have experience with Azure for a while. During the transitioning period, the depth that revolves around the concepts of blades in Azure can be annoying, especially while attempting to relearn the new places where everything is stored. It feels like Microsoft invented a new language for their new system, but a lot of it is just like an updated version of what it was. I have many people at work who have never heard of Microsoft Entra ID and claim to use Microsoft Active Directory without realizing they are the same. Microsoft Entra ID is just a new version of Microsoft Active Directory.

As a product that offers a single pane of glass, it works great and offers consistency to our organization's security policies if I consider the little or limited Azure we have.

My organization hasn't implemented the tool over 900 other devices yet, so I don't know how it will work after that.

Microsoft Entra Verified ID is good when it comes to privacy and control of identity data. Regarding Microsoft Entra ID, my organization sees a lot of contractors and vendors that come in, which gives us confidence or at least ways to sell it to politicians who have confidence that we can do something.

My organization uses Microsoft Entra Permissions Management, but we are not too in-depth into it. I feel Microsoft Entra Permissions Management is nice. I believe that Microsoft Entra Permissions Management helps reduce risk surface. I don't like one of the top-level tenants in the product. As the product goes down into different resources or subscriptions, I see that agencies own them. Sometimes, I feel my organization's offerings look good, but when I dig into the offerings of other agencies, I realize that we are not good.

The time-saving capabilities of the solution experienced by IT administrators or the HR department in my organization have been more or less the same.

I haven't seen the budget in a way that can help me figure out if using the solution in my organization has helped save money.

I rate the overall tool an eight out of ten.

We used Azure AD for a role-based customer access mechanism. We implemented a single tenant, single sign-on for users of the application. We gave them a sign-on feature with OpenID Connect.

Previously we had to manually create the authentication server, but when we used Azure AD, we got the server directly from Azure. I didn't have to design the server.

We were also able to filter on the domain for the client I was working for.

In addition, we used Azure AD's Conditional Access feature to enforce fine-tuned and adaptive access controls. That was pretty useful because we didn't have to do much because we had attributes like authorized tags. And we configured scope, meaning who can access what, in the manifest. It was not very complicated.

And Azure ID has definitely helped save us time. Earlier, we had to depend on the infrastructure team, a different team, to manage the Active Directory permissions. But now, most of the time, the developers have access in the portal. It is saving us about 40 percent of our time.

The most valuable features of Azure ID are the single sign-on and OpenID Connect authentication.

Also, it was very nice that the documentation, the articles and help, on how to implement what we were trying to do, were available freely on the site, making it easy to develop. We did two or three sprints because things worked. Most of the time was spent on development and testing. But the deployment was easy.

Maybe I don't have enough experience, but when you fix the rules and permissions, working directly on the manifest, you really need to have in-depth knowledge. If there were a graphical user interface to update the manifest, that would be good. For example, if I want to grant access to HR versus an admin, I have to specifically write that in the manifest file to create the various roles. That means I'm coding in the manifest file. A graphical user interface would really help.

I have been using Azure AD for two-plus years.

The stability is 95 percent. We don't have any issues with it.

Of course it's scalable and that's why we choose the platform. We only have two regions in the load balancer. We have not gone beyond that, so we have not faced an issue.

We deployed it in multiple locations for our customer.

We haven't contacted Microsoft support.

I have played a small role in deploying Azure AD, but I have not been involved in the migration process. Overall, the deployment is easy. It took us 20 to 25 days, including fixing issues. That was normal, nothing unusual.

Regarding maintenance, the team I'm on does application maintenance. For Azure, we have a cloud admin who looks at the Azure portal for things like billing, access management, and admin work.

Some people use SAML technology for single sign-on. Although I haven't used it, it seems a bit complex. I started working directly with Azure AD OpenID Connect to a single tenant, or Azure AD B2B or B2C, and it was very smooth. It was not much of a challenge. Most of the complex things are taken care of by the Azure AD login. Usually, you don't need to do a deep dive into what is happening internally. 

Microsoft is like a "hovercraft", as opposed to scuba diving. With Microsoft, you can use the "hovercraft". Without touching the river you can cross it.

I have not explored many other competitive products, like GCP or AWS. I am a supporter of Microsoft products.

With Verified ID, things were secure. In recent news, there has been some hacking due to some developer using an email ID as opposed to OpenID, but our team did not use email IDs. Even if we were using email IDs for single sign-on, the user still needed to sign up with a password, so it was not possible to impersonate someone else.

The user experience, the interface, is very smooth. We have never had any problems with the single sign-on.

When applications are hosted on Azure, you should use the advantages of Azure AD.

We use the Authenticator app on our mobile phones and to authenticate for Office 365. We also provide consulting services and recommend Microsoft Authenticator to clients looking for an MFA solution.

The solution improved our and our clients' security; end users are more confident knowing that their information is confidential. Strategic users, VIPs, and admins are protected from potential attacks because their authentication goes through Microsoft Authenticator.

The product has significantly increased our security maturity and gives us comfort knowing we have security in a good, affordable solution.

We have a history of all our authentications and excellent integration with the Microsoft solutions we use at our company. It runs smoothly in Windows and macOS.

I want to see more features to improve security, such as integrated user behavior analysis.

We have been using the solution for two years. 

The tool is stable, we haven't had any issues regarding stability. 

Scaling is easy as the product is hosted in the cloud; it's a robust and trustworthy solution.

Currently, we have 100 end users in our company, and we have some clients with around 1000 end users of Microsoft Authenticator.

We never needed to contact technical support as we have never had any problems, so I can't comment on that.

We previously used JumpCloud before migrating to Microsoft Authenticator, and we did that because it's more affordable and has better integration with Office 365 and the other Microsoft products we implement.

The setup was straightforward. We made an implementation plan and transitioned from using MFA via email and SMS messages to using Microsoft Authenticator.

Our security team is responsible for all our security solutions, and they take care of the maintenance, which I understand to be relatively light.

We have a Security Operation Center in our company. Another company using the same solution without a team like ours may require several hours a month to manage the solution.

We implemented it in-house since we are a consulting services company.

We think the solution is excellent and provides a return on our investment.

I would advise implementing the solution to VIPs and admins; it's affordable, effective, and efficient. I would say training staff on properly using the tool is also essential.

We decided to go straight for the Microsoft offering since we use Office 365.

I would rate this solution a nine out of ten.

When we deployed Microsoft Authenticator for our clients, we initially had some requests for training. We delivered the training, and the end users could adapt to it; the transition was smooth.

The solution is extensively used within our organization.

We use it for authentication. Where we have cloud services, it syncs with Active Directory on-prem. We have about 1,800 people using it.

It's a very scalable solution.

The ability to manage and authenticate against on-premises solutions would be beneficial.

We have been using Azure Active Directory for about four years.

We have had very little requirement for technical support. It's a cloud solution.

We didn't use a different solution. We brought this in when we went into what was called Microsoft 365 in those days.

The setup was pretty straightforward. In terms of maintaining it, we have a team of six infrastructure engineers, and Azure AD is just one of the systems that they manage.

We did it in-house.

It's included within a wider bundle of Microsoft 365 products.

You need to make sure you've thought through how you're going to deal with your on-prem applications because having a hybrid solution like ours brings some challenges.

Ultimately, we will move completely into Azure AD, but we have a lot of on-prem applications and you can't use Azure Active Directory with them. Until we remove those applications and make things cloud-only, we will still need a hybrid solution.

We are using it for all non-structured data and as an identity manager for all of our accounts. In addition, we use it also to authenticate Google services, because we have Google Workspace for email, and to integrate other tools with our services. We are able to keep it all going, balanced, and synchronized. It's very good. We use it for just about everything that we need to do an identity check on.

We couldn't live without the Active Directory services. It has helped to improve our security posture. We have a lot of users and hardware to manage and we can do that with Active Directory.

The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.

I have been using the Active Directory solution for three years. I'm responsible for almost all infrastructure services in our organization.

It's pretty stable. In the three years, the service has never been down.

As far as I know, it works for 10,000 and 100,000. It's just difficult to find current information, such as how much hardware and how many licenses we would need to keep it going. But it's scalable and works really well. We can keep adding servers and scale up or out.

We don't have another company that provides support for Active Directory. On my team, there are three people who work with it, and we have about 2,000 users in our company.

To be honest, I can barely navigate Microsoft's support. Microsoft is so well-known and there is so much information to look up on the internet, that we have never come to the point where we have actually had to open an issue with Microsoft's team. We can almost always find out the information that we need by looking it up with Google or in Microsoft's Knowledge Base.

We used to use LDAP, a free tool, but since almost all of our hardware needed integration, we had to move to Active Directory. We couldn't apply the policies that we needed, using open source, and we couldn't keep the integration going the way we needed to.

We are really happy with how the functionality Azure Active Directory gives us. I have a security policy applied to all workstations. Before, all of our users could configure their machines the way they wanted to. As a result, we often had to reconfigure and do other things to them as well because the computers were crashing. We almost don't have to do that anymore.

The trick was to immigrate from LDAP. We had to get all the properties from the files into Active Directory, so it took some time. When we did that, there were some issues with the system and we had to do it manually. It would be nice if they had a service that would make it easier to migrate from LDAP to Active Directory, keeping all of the properties from files and non-structured data as well.

It gives a good return on investment. The amount of first-level support we have had to give internally has dropped a lot since we applied the policies and restricted our users. But our users are now more satisfied because their computers don't have the issues that they had before. Before Active Directory, there were many issues that our users complained about, like worms and malware. We don't have those issues anymore. Even with endpoint protection we had some cases of viruses in our company, but now we don't have them either.

Directly, I couldn't calculate the return on investment, but indirectly we saved by reducing work for our team, and we are keeping our users satisfied.

The process for buying licenses from Microsoft is somewhat messy and really hard to do. We have to talk to someone because it's hard to find out how many licenses we need. If I'm applying for 2,000 users, how many Windows licenses do we need?

They could also charge less for support. You buy the license, but if you want to keep it in good standing, you have to pay for the support, and it is expensive. It's okay to pay for the license itself, but to pay so much for support...

We were thinking about buying another tool, to be capable of managing and keeping all the identities within our organization current. But we had to go straight to Microsoft because there are no other solutions that I know of. By now, almost all organizations are using Windows 10 or 11, and it would be hard to achieve the possibilities that we have with Active Directory if we used another service.

We are integrated with NetApp because we use NetApp storage. It's pretty awesome. We are also integrated with many others, such as our data center hardware with storage from IBM. We're using it for logging switches, as well. It works really well.

My advice to others would be to look at the options and focus on how you can pay less. Do the research so that you buy just the essential licenses to keep it going. If you don't do the sizing well, you can buy more, but it's expensive to keep it going and pay for support.

A lot of our clients basically want to go to the cloud and they don't know how to proceed with doing so. The first thing we recommended is to make sure their identity is in Azure AD as a hybrid approach. We're not getting rid of their on-premises environment, and instead basically, if they're planning to go to Office 365,  they will be able to take advantage of the Azure Active Directory.

Especially nowadays, people are working from home and we have a client that we actually started migrating to Azure Active Directory and moving some of their applications into the cloud. Since COVID struck, and a lot of people are working from home, since the data center's on-premises, it is very hard for them to bring all of their users into VPN and some of them there are outdated and they can't really accommodate the number of users that are working from home.

However, with Azure AD, some of their applications we have in there they can access from anywhere - even from their home basically, as long as they have internet access. Some of the applications we brought into Azure AD include the Windows Virtual Desktop to basically run their application in the cloud. We built a gateway to their own premises data center and they go into the Windows Virtual Desktop and they can authenticate using Azure AD and then they can access their on-premises application. It's basically the transition from being on-site all the time to working from home. It's a smooth transition because of Azure AD.

The solution's ease of use is one of its most valuable features. You can access it anywhere and the integration into existing and some legacy applications is good. You can plug into single sign-on self-service, password reset, or conditional access. If you're inside, you don't need to do multi-factor authentication, MFA's, built-in. 

The licensing could be improved. There are premium one, premium two or P1, P2 licensing right now and a lot of organizations are a little bit confused about the licensing information that they have. They want to know how much they're spending. It's not really clear cut. 

Transitioning to the cloud is very difficult. They need the training to make it easier. They should probably put in more training or even include it on the licensing so that there are people that manage their environment have somewhere to come to learn on their own. Maybe there could be some workshop or training within Azure. 

The solution could offer better notifications. They do upgrades once or twice a year. They need to do a better job of alerting users to the changes that are upcoming - especially on the portal where you manage your users and accounts. There needs to be enough time to showcase the new features so your organization is not surprised or put off by sudden changes. 

I've been at this organization since 2016, and therefore have been working with the solution for four years.

The solution is pretty stable. Once in a while, we get notifications and do a health check if some things are not working or there is some feature or some issue that is acting up. However, that is very seldom.

Scalability is really not a problem. You don't have to really worry about that as it's more of a service. It's not like having your own AD that you need to span the main controllers or to purchase hardware. Scalability from 250 users all the way up to a hundred thousand users can be accommodated easily.

Technical support can be hit and miss sometimes. You get like a first-year technician and you don't get the right person. It gets bounced around and eventually, it's either we fix it or somebody's smart enough to know what the issue is. If I was going to rate it from one to 10, say 10 is the best and one is worst, I'd rate it at 7.5 or so.

We've been doing implementations for a while now so for us the initial setup is straightforward. It becomes complex if a company is coming from a complex environment in the beginning, however, nowadays it's straightforward.

While planning, the first thing we do is an assessment and then we go to the design phase from the assessment on what the company has. Then, from the design phase, we designed the Azure infrastructure and do the implementation. The first thing is, of course, the identity. In general, deployment takes two or sometimes three months.

The initial investment is high due to the migration if you have a legacy environment like an on-premise Active Directory. However, after that initial investment, you're just paying for the license to hold your information and that has your Active Directory. There's a return on investment probably after few months. In that time, you'll get your money spent back due to the fact that you don't have to purchase a lot of hardware initially. The initial investment is really only to migrate your information or your data. That's where there are costs for a company usually.

It's offered as a service. We're using the latest version. We use it with various versions of the cloud (public, private, cloud). That said, a lot of the time the organization also has already some Active Directory on-premises, and that is something that we help out with in terms of bringing them to the cloud, to the Azure Active Directory.

I'd advise new users not to be afraid to go to the cloud. The cloud has a lot of benefits, including software as a service, SaaS applications. You don't have to worry about hardware updates, or maintaining a license for different applications. Just go start small. If you're worried, start as a hybrid, which is most of the time maybe 80%, 90%. You can go from lift and shift to Azure Active Directory. If you're a new company, just go right to the cloud. It's easy. You don't have the legacy infrastructure to worry about.

Going to the cloud is as secure as ever. I feel a lot of organizations when you go to the cloud, especially Azure Active Directory, think you're sharing a piece of a rack due to the fact that it's in the cloud with Azure companies. It is a bit more complicated than that. However, the security is there. Azure Active Directory and going into the cloud has been around for 13 years. It's no longer a new or scary subject.

Overall, I would rate the solution at a nine out of ten. If they fixed little things like notifications and licensing issues, I would give them a perfect score.