Microsoft Entra ID Reviews

We mainly use Azure Active Directory for authentication, identity management, and single sign-on. A user can use a local Active Directory password to sign into other platforms, like Zendesk or Zoom. These on-premise users are synced to Azure Active Directory. We have some other users who only use cloud, so they don't have instances on-premise, i.e., they are pure cloud. Both of these types of users can authenticate their credentials with other applications and single sign-on. 

We use Microsoft solutions, such as Microsoft Endpoint Manager for mobile device management (MDM), Microsoft Defender, and Advanced Threat Protection (ATP). For our customers and clients, we do something similar. We also send logs from Microsoft 365 to different SIEMs.

We sync users from on-premise using AD Connect sync. We sync them to Azure Active Directory, where we have some instances. 

We have secure scores and compliance scores. These scores tell you your standpoint in terms of recommendations, vulnerabilities, etc. So, it can tell you what you need to configure to increase your security posture, then you can tell where you are. With the compliance scores, it will tell you what you need to do to improve it. The secure scores will tell you that maybe you should enable MFA for all users or that all admins should have MFA. It gives you a lot of suggestions and recommendations to improve your security posture. 

Microsoft Endpoint Manager acts as a mobile device management tool. It focuses on the firewall and does device compliance policy. There are a lot of policies that you can use to align your organization in regards to compliance and regulations. Also, there are security settings that you can enable.

In Microsoft Defender, it accesses the devices onboarded to your Microsoft Defender so you can see the vulnerabilities in terms of the applications installed on a system as well as the version of the OS that you are using. It shows you the patch management that you need to do for vulnerabilities. 

Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.

Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user. 

You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.

There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.

Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.

Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.

I have been using it for four years.

It is very simple to manage.

The scalability is massive. When you get your licenses, those should give you the limits of what you can do, but the limits are considerable. It should scale automatically as your workloads increase.

If enough customers have questions about something, the Microsoft product engineering team will pick it up, document, and design it, then publish it in Microsoft.

At a previous company, I was the technical lead and expert. We were Microsoft partners. So, we picked up tickets for Microsoft 365, working on different issues from eCommerce, Exchange, SharePoint, and OneDrive. 

You can maintain your previous investment in identity management solutions by just integrating them with Azure Active Directory. You can also integrate other solutions with Azure Active Directory, then use Azure Active Directory as a single sign-on.

The initial setup is straightforward. 

Active Directory is a place where all your instances, users, identities are being stored. You can create users and identities, then they are stored in Active Directory. Then, Azure Active Directory is just like a cloud-based scenario. When you create users, they are there. You can join devices to your Active Directory.

You need to have the user's information: their password, email, location and ID. All those things are being stored in Azure Active Directory. 

Deployment time depends on the scope of work. For example, a single user could take about 10 minutes to deploy, if you know what you are doing.

Deployment needs just one person to do it.

It protects your identity and keeps you secure. The return on investment is that it keeps your identity from being compromised or you being scammed. That is the investment that customers pay for.

Previously, only building and global administrators could purchase subscriptions or licenses. Mid-last year, Microsoft made it so users can purchase the license online.

Microsoft business subscription is for 200 to 300 users. If you have more than 300 users, you can't purchase the business plan. You have to purchase the enterprise plan. The enterprise plan is for 301 users and above. 

Pay as you go is also available. If you pay as you go in Azure, you will be billed for whatever you use.

I know AWS has something similar.

It is an excellent solution. I would advise going for it.

I have received several complaints from different people and customers too, "Why do I have to do it two times? I want to do it just one time." However, there is a reason for it - we are increasing the security layer. That is why it takes two times, because it is organizational policy. So, they just have to comply.

Previously, admins could only release quarantined emails, so you would need to speak to the admin to release them. Now, if a user's message gets quarantined, then the end user releases it.

If you have Microsoft 365, then you have Azure AD. They go hand in hand.

I would rate this solution as 10 out of 10.

My primary use case with Azure Active Directory is configuring applications, for example Edge, on premises and doing synchronizations with ADFS in a hybrid environment.

I have used it in a lot of application integrations. I set authentication for the hybrid and cloud applications for the services that we acquire.

The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.

In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS.

The services are very clear, but the user admin interface needs to be better. That's all.

I have been using Azure Active Directory for more than five years.

In terms of stability, sometimes the more applications you integrate, the more it becomes a little bit unstable. The synchronization engine is key because that's what 365on-premises is for. The main thing that Azure supports is Microsoft native 365 and the other services that come with it.

It is scalable. It is just that Microsoft likes complex licensing. They should make it more  straightforward.

We just have the admins using it, that's about 20 people.

Microsoft tech support is not the best, but they're okay.

The initial setup is not that complex. Maybe I'm the wrong person to ask, though, because I am already an old AD person and I understand it.

On a scale of one to ten, I would not rate Azure Active Directory as a bad product, I would rate it as an 8.

Our primary use cases are to join devices to Azure AD.

Entra ID provides more clarity regarding what's happening in the business. The benefits of using this solution were realized straightaway.

It helped save time for our IT administrators or HR department. Azure ID has positively affected the employee user experience in our organization.

We use features like a single pane of glass for managing user access to a certain degree. The admin center for managing all identity and access tasks is also good.

Moreover, we also use the conditional access feature to enforce fine-tuned and adaptive access controls. Any new user would have to go through the MFA process due to the conditional access policy. So no one gets left out. This is because of the zero-trust strategy for verifying users. 

The biggest benefit of using Azure AD is that it allows us to access the information on-premise servers and also for devices that just joined Azure AD.

In future releases, I would like to see an attack simulator incorporated, especially for some of the business plans.

I've been working with Azure AD for two years.

The initial setup was complex, but we overcame the complexity. 

The pricing is fine. It is what it is. 

Overall, I would rate the solution a nine out of ten.

The solution is our main authentication on our authorization platform to get access to our resources.

The solution is deployed on cloud with Microsoft Azure as the provider. We have around 100 people using this solution in my organization. 

We're using the whole suite: device management, user credentials, everything that's possible.

I would not recommend any changes or improvements right now, in terms of the organization. I think something that is key would be the group policies replication over the cloud, in order to prevent or to avoid relying on the on-premise Active Directory servers and to manage group policies.

I have been using this solution for a year.

The solution is stable.

It is scalable.

We have plans to increase usage. We have been increasing over the past year. I believe we started with about 30 people, and now we have almost 100.

We have only contacted technical support once or twice in the last year. They were very simple tasks.

Setup was very simple initially. Deployment took no more than six weeks, and we only needed two people.

We used a partner to help us and guide us on the deployment.

The licensing costs are yearly. There is a standard fee per user.

I would rate this solution 9 out of 10.

With a more complex environment, more complex tools are implemented. My thoughts are that they need to have a right and current inventory of applications that are compatible with single sign-on to properly implement that functionality, for example.

I am a systems manager. I use Azure Active Directory every day for my support job.

Our authentication tools to single sign-on portals are hosted in different cloud products, like Amazon or GCP. So, we create an enterprise application and Azure Active Directory to give our users for authentication access to various public URLs.

Before Azure Active Directory, it took effort to provide cloud access to on-premises users. With Azure Active Directory and AD Connect, we are able to sync on-prem users to the cloud with minimal effort. We don't have to manage keeping multiple entities for the same user.

The multi-factor authentication (MFA) is one of the best aspects of the product. 

The security features are great. They will report in advance to you in the case of suspicious activity. 

The GUI is pretty enhanced. You can configure applications or do whatever they need to do. 

Azure Active Directory currently supports Linux machines. However, the problem is that you get either full or minimal access. It would be very nice if we could have some granular authorization modules in Azure Active Directory, then we could join it to the Linux machine and get elevated access as required. Right now, it is either full or nothing. I would like that to be improved. 

We have the ability to join Windows VMs to Azure. It would be nice if we could have some user logs, statistics, and monitoring with Azure Active Directory.

When we subscribe to MFA, the users get MFA tokens. However, it is not a straightforward process to embed any of the OTP providers. It would be good if Microsoft started embedding other third-party OTP solutions. That would be a huge enhancement.

I have been using Active Directory for two years.

This product is used every second of every day.

The solution offers nice stability and performance. 

In my organization, there might be as many as 60,000 people who utilize the solution. 

The scalability is awesome. You don't even need to think about scalability because Microsoft manages it.

We use it on a daily basis.

The support could be better. Lately, they sort of dropped off a bit in terms of quality. Recently, Microsoft support has not been doing such a good job. Previously, they used to do a good job.

In the past, AD Connect was not syncing. It threw errors in the beginning. So, I had to call up technical support to solve the problem. At the time, we were satisfied with their assistance.

I am also using AWS.

Azure Active Directory is not an Active Directory product. It is just the application proxy. You need to have an on-prem solution. Azure Active Directory would just be a proxy that uses the on-prem data and hosts the application. It is not a full-scale Active Directory solution. However, it has a lot of enhancements. The traditional on-prem Active Directory hosts the users and computers as well as some additional group objects. 

On the other hand, AWS Active Directory has all the capabilities of the traditional Active Directory with limited access for the administrator. All domain administration and sensitive credentials will be managed by AWS. So, you don't need to worry about application delays or syncing issues.  

The initial setup is simple.

It is pretty easy to set up the product. You subscribe in Azure Active Directory. By default, it will have an extension where you need to register. If you need a custom domain name, then you need to register with your public DNS providers to create the DNS public entry. You will then have to prove that you own the domain name. Once it has been proven, then your Active Directory pretty much works. 

If you need to sync up your on-prem users with the Azure Active Directory, then you need to have an AD Connect server installed at the VM-level domain. It should be credentialed so AD Connect can use credentials to read your on-premises and sync it to the cloud. Once this has been done, you are good to go. As an enhancement, for whatever user you are syncing, you can mandate them by adding them to a group or rolling out an MFA policy.

Since it is pretty straightforward, you just need one person to deploy it.

I implemented it in an hour.

Some maintenance is required. However, it is not on Azure Active Directory's part. Rather, it is for AD Connect. Often, we see that the connection is getting lost or something is not happening. Sometimes, port 443 might not be open from your on-prem Azure Active Directory. In that case, if you haven't implemented it in the beginning, then you need to do this. For a high availability solution, if you find that the machine is having additional issues, then you might need a higher AD Connect device. I would probably also deploy it with a different availability.

The solution has three types of tiers:

1. E1 has very basic features. 
2. You get limited stuff in E2 and cannot have Office 360 associated with it. 
3. E3 is on the costly side and has all the features.
   

If you need to have an Exchange subscription or email functionality, then you need to pay more for that.

We are using both the on-premises version and the SaaS version.

I would advise potential new users to learn a bit about the product before jumping in. If you are new, you need to do background research about Azure Active Directory. You also need to understand its purpose and how you want to leverage it. When you have a draft architecture in place, then you can go ahead and implement this solution. If it needs to be reimplemented, it is just a matter of five minutes.

I would rate the solution as nine out of 10.

I started using Azure in my organization for user management, identity management, and app security.

I am using purely Azure Active Directory, but I've used Azure Active Directory in a hybrid scenario. I sync my user from on-premises Active Directory to cloud. While I have used the solution in both scenarios, I use it mostly for purely ATS cloud situations.

We don't really have breaches anymore. Now, in most cases, we set up a sign-in policy for risky things, like a user signing in via VPN or they can't sign in based on their location. This security aspect is cool.

If a user wants to sign onto the company's account, but turn on their VPN at the same time, they might not be able to sign in because of the Conditional Access policy set up in place for them. This means their location is different from the trusted site and trusted location. Therefore, they would not be able to sign in. While they might not like it, this is for the security of the organization and its products.

The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.

The authentication, the SSO and MFA, are cool. 

It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment. 

The user management and application management are okay.

There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory. 

I have been using Azure AD for three years.

Overall, stability is okay. Although, sometimes with the cloud, we have had downtime. In some instances, Microsoft is trying, when it comes to Azure AD, to mitigate any issues as soon as possible. I give them that. They don't have downtime for a long time.

You can extend it as much as you need. For example, you can create as many users as you want on the cloud if you sync your users from on-premises. Therefore, it is highly scalable.

I used to manage about 1,500 users in the cloud. Also, at times, I have worked with organizations who have up to 25,000 users. When it comes to scalability, it is actually okay. Based on your business requirements, small businesses can use Azure Active Directory with no extra cost as well as an organization with more than 10,000 users.

The support is okay, but it is actually different based on your specific issue because they have different teams. For example, when you have issues with cloud identity management, I think those are being handled by Microsoft 365 support, and if you have an issue with your Azure services, the Azure team handles it. 

I can say the support from Microsoft 365 support is awesome because it is free support. Although the experience is not all that awesome every time, and there is no perfect system, when compared to other supports, I would rate them as 10 (out of 10).

Positive

The initial setup was straightforward. When I set up Azure Active Directory, I just had to create an Office 365 tenant.

Creating an Office 365 tenant automatically creates an Azure Active Directory organization for you. For example, if I create my user in Microsoft 365 automatically, I see them in Azure Active Directory. I just need to go to Azure Active Directory, set up my policies, and whatever I want to do based on the documentation.

A part of the documentation is actually complex. You need to read it multiple times and reference a lot of links before you can grasp how it works and what you need to do.

The very first time, it took me awhile to set up. However, when setting it up the second time, having to create Azure AD without setting up users was less than three minutes.

I work with a client who has a small organization of 50 users worldwide. With Active Directory, they are spending a lot for 50 users for management, the cost of maintenance, etc. The ROI number is too small for the costs that they are spending on the maintenance of an on-premises setup. So, I migrated them to Azure Active Directory, where it is cost-effective compared to an on-premises setup.

For you to make use of some of the security features, you need to upgrade your licenses. If it is possible, could they just make some features free? For instance, for the Condition Access policy, you need to set that up and be on Azure AD P2 licensing. So if they could make it free or reduce the licensing for small businesses, that would be cool, as I believe security is for everyone.

The product is very good. Sometimes, I try to use Google Workspace, but I still prefer Azure to that solution. I prefer the Azure user interface versus the Google Workspace interface.

Draw out a plan. Know what you want and your requirements. Microsoft has most things in place. If you have an existing setup or MFA agreement with Okta and other services, you can still make use of them at the same time while you are using Azure Active Directory. Just know your requirements, then look for any possible way to integrate what you have with your requirements.

Overall, this solution is okay.

I would rate this solution as an eight out of 10.

We use Azure AD for user access and control.

Our deployment is a hybrid of on-premises and cloud.

We can see user activity and analyze user interaction between the websites and log files. It gives us a single point of control. Overall it has helped place our security posture in a good position.

In addition, using Microsoft Endpoint Manager, new laptops can easily connect to the MDM solution, making for a very good user experience, particularly for new systems. Users just log in with their email ID and multifactor authentication. Once they are logged in, they connect automatically to the back end and that helps make the user experience for configuration very good.

Among the valuable features are MDM and Microsoft Endpoint Manager. They are very useful. Intune is built-in. And deploying to MDM has features that are very advanced. It reduces the administration work. And security-wise, it has very advanced technology.

It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security. And in the COVID situation, MDM is very helpful for us due to work-from-home. It enables us to very easily connect to our domain and align new systems with the end-users. That is very helpful for us.

There are some difficulties in the hybrid version, things to do with firewall security, inside the organization. They need to work on that more.

In addition, everything should be in one package. There are so many different packages. They need to provide guidance because there are so many features and we don't know how to implement them in our organization.

I'm also expecting a Windows 365 virtual desktop. I would be interested in that feature.

I have been using Azure Active Directory for four years.

It's 100 percent stable.

The scalability is unlimited.

I would rate Microsoft's support at nine out of 10. It's not a 10 because in some cases they don't answer a call because they are engaged with other calls.

We tried ManageEngine but it was not useful for us. It was not up to the requirements of our organization. Azure AD is a very flexible solution. It is used in most of the organization.

It is very easy to configure if you are configuring a completely new cloud deployment. But with the on-premises deployment, there are some difficulties due to security issues, like credentials required.

It doesn't take more time to install AD Connect on-premises. The installation itself takes one hour and, within one to two days, we can take all the data over to it. But we then need to monitor it for at least two days to make sure everything is fine.

We have almost 400 users in our AD and we have six people involved in maintaining and administering it, including me in my role as senior IT engineer. I take care of Active Directory monitoring, as well as installation and configuration. We also handle patches and upgrades. One person takes care of the billing part.

We set it up with the help of a consultant from KPMG and our experience with him was good.

With COVID going on, part of our ROI from using the solution is that we can view the access of all the employees who are working from home. In these circumstances, that has been a notable return on our investment. 

The pricing, in the context of the COVID situation, is very high because the overseas aerospace industry, to which we supply products, has been hugely impacted. There are no projects coming in. 

The pricing should also be less for smaller organizations.

We migrated about 3,000 computers from on-prem Active Directory to Azure Active Directory or Azure AD. 

These are still early days, but we are certain that it will improve our organization as we move away from on-prem Active Directory.

It provides a single pane of glass for managing user access, but we have to get more into it to be able to say that for sure. We have got so many different tools. It would be nice to have less tools. We are starting to take a look at how to consolidate tools.

It will definitely help to save time for our IT administrators.

It has not yet helped to save our organization money. It is too early for that.

The way the laptops are joined is valuable. We can take advantage of that in terms of being able to log in and do things. It is easier to change passwords or set things up.

I would like to dive into some of the things that we saw today around the workflows at this Microsoft event. I cannot say that they need to make it better because I do not have much experience with it, but something that is always applicable to Microsoft is that they need to be able to integrate with their competitors. If you look at IDP, they do not integrate with Okta.

I have been using this solution for about six months. It was not called Entra ID then. It was called Azure AD.

Our dealings have been fine. We do not deal with them so much. When we have to open something, our account managers help us out.

We were on on-prem AD. We moved to Azure AD because of a merger. We were purchased by a larger company, so we are moving on to their domain.

It was in the middle of the road. It was not the easiest thing, and it was also not the hardest thing.

We took the help of a company. They did a good job. They helped us to move a huge amount of data.

It is in line. Because we are so early, we have not had to come back on a cycle where we are having to negotiate again.

I would rate Microsoft Entra ID a nine out of ten. It is very good.