Microsoft Entra ID Reviews

Microsoft Entra ID has made our organization more secure. 

The tool's most valuable feature is conditional access. 

The product needs to improve its support.

I have been working with the product for five years. 

Microsoft Entra ID is stable. 

The product needs to improve support. There are many steps before you get to someone who can solve the issues. 

Neutral

Microsoft Entra ID's deployment is easy. 

Microsoft Entra ID helps save money since you don't need a second MFA solution. I rate it a nine out of ten. 

Azure AD is primarily used as the backend for all Microsoft Office 365 user accounts and licensing, as well as for securing those accounts. Endpoint Manager is also utilized, which is part of domain control in the cloud, even though it is not Azure AD.

Azure AD has enabled the organization to set up single sign-on to all applications and has consolidated everything to a single cloud authentication for users. This saved a lot of time by not having to administer accounts in multiple systems, and it has also made it easy to control user identity for all cloud and internal applications. Security features such as attack surface rules and conditional access rules are also highly valuable and help the organization feel safe with all its user accounts. The Entra conditional access feature is used to enforce fine-tuned and adaptive access controls, and it is perfect for verifying users in line with the Zero Trust strategy. Overall, Azure AD enabled the organization to control one set of accounts and policies for everything, providing a huge benefit.

The security features, such as attack surface rules and conditional access rules, are the most valuable aspects of Azure AD.

The only improvement would be for everything to be instant in terms of applying changes and propagating them to systems.

I've been using this solution since 2017.

The stability of Azure AD is perfect.

Azure AD is highly scalable and enables the organization to control everything from one office.

The support channel for Azure AD is probably pretty good, although there was a strange experience with technical support once. Overall, the customer service and support would be rated as positive, with an eight out of ten rating.

Positive

I have never used any other products except Google Workspace, which is very intuitive but not comparable to an identity system.

The initial setup of Azure AD was quick and took just a workday or two, although tweaking it took about a week. The implementation of Azure AD probably took about 48 hours. In terms of maintenance, Azure AD doesn't require any maintenance as it is a cloud service that is always up to date.

At the time, we used contractors to set it up because it was new to us. If I was going to do it today, it wouldn't be that complex for me because I now know the ins and outs of it, but at that time, we contracted people to help us set it up so that we could do it with the best practice. We probably had just one contractor and then we just helped out.

For those looking to implement Azure AD in their organization for the first time, it would be recommended to get rid of the legacy Active Directory right away and go straight to Azure AD instead of starting out hybrid and having to wind that down. If local Active Directory isn't needed, it's best to move all authentication over to the cloud and scrap the Active Directory domain controllers. The Entra portal is a huge benefit as it provides a consolidated view of everything and makes it easier to navigate security, users, conditional access, and identity protection.

Microsoft has been consolidating the view to provide a single pane of glass. It has been more and more down to that. They're now out with something called Entra. It's the Entra portal, and it has a very consolidated view of everything I need to do. Microsoft Entra is basically Endpoint Manager, Microsoft Defender, and Azure Active Directory pulled together for an easy view and ease of navigation. I've started to use Entra a little bit. It has only been out for a little while, but it was created to simplify finding everything. So, instead of navigating through the portal at Azure, I've started using Entra. I like it a lot. At first glance, it looks very intuitive, especially based on how I've been navigating until now. 

What Entra is doing is a huge benefit. If you're starting up today, it's much easier to get into security, users and conditional access, and identity protection. They've consolidated most of the important things there. You can navigate to everything from there, but they draw forth the most important ones in a more intuitive way. They've done that, and what they've done with Entra is what was missing.

Overall, I'd rate Azure Active Directory an eight out of ten. 

When we access the API, we use Microsoft Authenticator. Something with potential will be saved, and if the company has some use cases to connect to some database, I will use it as well, or something along those lines.

Normally, because a third party requires it.

It provides you with security. It provides the third party with some level of security.

But vendors like myself do not appreciate it.

The most valuable feature of this solution is that is easy to use.

It is also automated.

I believe it can also be integrated into other Microsoft products, as well as more integrations with other solutions.

I have been working with Microsoft Authenticator for two years.

I am working with the most recent version.

Microsoft Authenticator is quite stable.

I would rate the stability of Microsoft Authenticator a ten out of ten.

Microsoft Authenticator is a scalable solution. 

I would rate the scalability of Microsoft Authenticator an eight out of ten.

As far as I know, we have more than 30 users in our organization. Some are senior professionals and some are developers.

I have never dealt with technical support.

I use UiPath as well as Automation Anywhere.

I started with Authenticator and then moved on to the Namespace version or class that I can import from Microsoft.

I would rate the initial setup a ten out of ten.

It was easy.

It only took a few hours to deploy.

It's an out-of-the-box deployment, but I am not the one who manages it.

One person was involved in the deployment.

I would recommend this solution to others who are interested in using it. It is easy to use and it fits its purpose.

Because it is scalable and reliable, I would rate Microsoft Authenticator an eight out of ten.

I have been working with a medication company and we are building an LMS system. We have an older version and we've decided to develop a new version of it. We are building the entire system on the cloud and using new technology.  We started the process on Azure cloud, but we have later plans to try AWS, but for now, we are using Azure Active Directory.

Having access to Azure Active Directory on the cloud gives us speed and use of the latest technology. The application services are very good, such as GitHub.

Azure Active Directory could be made easier to use. We have large amounts of data and storage. We are looking for video files and media content for applications, we will think about options, such as cloud storage or a CDN.

I have been using Azure Active Directory for approximately three years.

I have not found any problems with the stability of Azure Active Directory.

The support for Microsoft is good. We do have a developer support package with them. We create a ticket, they respond back, then there is some back and forth communication. They will have a call with you you and ask for a screenshot of the issue. If you have any issues, they help you. They will follow up with you, the service is not bad. There are times you have to keep following up with them but we were satisfied.

The process of implementing Azure Active Directory is not straightforward. We are currently still setting it up because we are adding more services, setting up the pipelines, and many other things behind the scenes. It's not as simple, it is tough to implement.

The price of Azure Active Directory and Amazon AWS, are almost the same, but most people prefer Amazon AWS because they find it's a little cheaper to some extent and an easier platform to use. 

The prices we pay for the solution can vary because we are adding more services a lot of the time, the price keeps going up and down. The price has been one thousand before but we are still adding more services. The price depends on what services you are using.

We are paying for support to use this solution which is an additional cost.

People have personal preferences in respect to choosing a cloud provider because there are many out there. In terms of support, you have to know exactly what you're looking for and get the pricing figured out. It is important to come up with a proper plan for the implementation.

I rate Azure Active Directory an eight out of ten.

Usually, it is replicating an on-prem Active Directory environment into Azure. It is usually tied with generic email access and SharePoint Online access and building out provisioning for that. There typically is some sort of synchronization tool that is sometimes used in addition to or as a substitute for the typical Microsoft suite. So, it just depends upon the customers and how they're getting that information up there.

In terms of version, it tends to be a mixed bag. It just depends on the client environment and factors such as the maturity and the rigors of change management. Sometimes, it just lags, and we've dealt with those types of situations, but more often than not, it is more of a greener field Azure environment and tends to be the latest and greatest.

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot. 

For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.

I have been using this solution for probably two and a half years.

It is perfectly stable. I haven't had any concerns or any problems with that.

I have dealt with them. Overall, tech support is great if you have something that was working but it's broken and needs to get fixed. It is a different bucket if you have more of an implementation question like, "Hey, can we do this?", or "How to approach that?" Sometimes, it can be challenging to get the right people on that call to support those conversations.

Its initial setup really depends on the customer. I have one customer right now with a super simple environment. They're just replicating it up. It's all Microsoft stack top to bottom with no real surprises or anything else. They're happy as pie with that. 

I have larger customers who tend to want some sort of management layer on top of it for Active Directory management purposes. This tends to go into the cloud, which introduces its own little challenges. In a more sophisticated enterprise, I start running into custom schema or workflow dependencies that just don't translate well from on-prem to cloud, but it is rare. It usually ends up being a third-party solution that we route them to with that. So, it's not huge. The challenge is more in identifying that. Typically, as much as we try, we rarely get it identified early enough to change our statement of work or our implementation, so it becomes a bad surprise.

Its price is per user. It is also based on the type of user that you're synchronizing up there.

I would advise spending more time on planning and aligning your business processes with Active Directory and Azure in terms of custom schema and separating third-party accounts, external accounts, or customer's accounts from employee accounts. I've run into issues when people take an existing on-prem solution that has third-party entities or maybe external customers and start synchronizing it up. It is not a slam against the service, but that's where I start recommending people to do different instances of Azure Tenants to break that up a little bit and provide that separation. All of these are planning functions. Using this service can be deceptively easy, but you should spend more time on planning. Around 80% of it is planning, and the rest of it is the implementation.

I would rate Azure Active Directory an eight out of 10. It is super solid. I wouldn't say it's the best. I would love to have everything that you could do on-prem. I understand why it can't do that, but I would love that flexibility.

We use it mainly for our Office 365 files. The integration between the two is interesting. It's been a learning curve.

Overall, it's not a very intuitive solution.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory. We don't have a subscription to Active Directory, but our Active Directory connector puts our credentials into the Azure Active Directory. On the Office 365 side, we're also in the GCC high 365, so it's a lot more locked down. There are a few things that aren't implemented which make things frustrating. I don't blame the product necessarily, but there are links and things within there that still point back to the .com-side and not the .us-side.

There's a security portal and a compliance portal. They're being maintained, but one's being phased in and the others are being phased out. Things continue to change. I guess that's good, but it's just been a bit of a learning curve.

Our Office 365 subscriptions are tied to our on-prem domain — I have a domain admin there. With our Active Directory connector, our on-prem credentials are being pushed to the cloud. We also have domain credentials in the cloud, but there's no Office subscription tied to it, just to do the administration stuff. I moved my sync credential to have a lot more administrative privileges. Some of the documentation I was reading clearly showed that when you have this particular ability right on the Azure side, and then you have another ability on the Office side, that intuitively, the Microsoft cloud knows to give you certain rights to be able to do stuff. They're just kind of hidden in different places.

Some things are in Exchange, and some things are in the Intune section. We had a few extra light subscriptions that weren't being used, so I gave my microsoft.us admin account a whole other subscription. In the big scheme of things, it's roughly $500 a year additionally — it just seems like a lot. I didn't create a mailbox for that and I was trying to do something in Exchange online and it said I couldn't do it because I didn't have a mailbox.

You can expect a different user experience between on-prem and online. Through this cloud period, we have premiere services, we have a premiere agreement and we had an excellent engineer help us with an exchange upgrade where we needed a server. We needed an OS upgrade and we needed the exchange upgrade on the on-prem hybrid server. We asked this engineer for assistance because my CIO wanted to get rid of the on-prem exchange hybrid server, but everything that I was reading was saying that you needed to keep it as long as you had anything on-prem. We asked the engineer about it and he said, "Yeah, you want to keep that." In his opinion, it was at least going to be two years. So at least I got my CIO to stop talking about that. It's just been an interesting time in this transition between on-prem and in the cloud.

In a secure environment, a lot of this stuff is PowerShell, which is fine. It's a learning curve, but if you don't use it all time, then it's a lot of back and forth with looking at the documentation and looking at other blogs. If you're in a secure environment, the Windows RM (remote management) stuff can be blocked, and that's frustrating, too.

I have been using this solution for roughly five months.

It's definitely both stable and scalable. I used to work in an environment where we had a couple of onsite engineers from Microsoft and I worked on Active Directory — I did that for four years. We did the Active Directory health check, so I actually worked with the engineer for a week and went through our Active Directory. At the time, Microsoft said it was one of the top five most complicated forests out there. We had 150,000 users and 18 domains across the globe supporting the military, so it was pretty big. 

We have experience with their premier support. We have a live audit coming up shortly so we don't have a lot of time to waste, waiting for support to get back to us — unless it's very critical. 

I wasn't involved in the initial setup, so I cannot comment on that. 

We used an integrator, however, we don't speak of his name anymore. 

I think we're on the E3 — I think it was about 35 dollars per user. We may go up to the E5, which includes Project Online and the telecom service in TEAMS. We're in the process of rolling out Office 365 internally. We've had really great feedback that people really like TEAMS and we want to move there. 

We had a roadmap meeting with Microsoft a few months ago. Some of the more accessible types of things were on the roadmap for the first quarter of this year. I know that Microsoft's working hard at listening to their customers, especially through COVID. Collaboration has changed. They also have military folks, that's why they created the GCC High. Once they got into the GCC high, they're like, "Oh, we need to collaborate a little bit more." So they've been pushing a little bit more on integration. We're not going to have that kind of clout where I am, but where I used to work, we would've. 

Overall, I would give Microsoft Azure Active Directory Premium a rating of four out of ten. They could really benefit from some better user-training. 

We use it for the authentication of people in a hybrid configuration. In most cases,
Office 365 makes companies move to Azure Active Directory.

We have both on-premises and cloud deployments.

Its ability to provide secure connections to people at all locations is the most valuable. It is mostly used by enterprises.

The onboarding process for new users can be improved. It can be made simpler for people who have never registered to Azure AD previously and need to create an account and enable the MFA. The initial setup can be made simpler for non-IT people. 

It should be a bit simpler to use. Unless you get certifications, such as AZ-300 and AZ-301, it is not a simple thing to use at the enterprise scale.

I have been using this solution for four or five years.

I never use technical support. I usually find the information on my own or through my friends at Microsoft.

It is not complicated for me as an IT guy, but the feedback from the field or non-IT people is that it could be simpler.

MFA and P2 licenses for two Azures for fully-enabled scenarios and features cost a lot of money. This is where Okta is trying to get the prices down.

I have spent seven years at Microsoft, so I have a tendency to like Microsoft solutions because I know them and the philosophy behind them. Till now, Azure AD is probably the best solution for identity and security.

I also use Okta. For integration with Microsoft solutions, Office 365 Azure is just right. However, for some scenarios, such as consolidations, Okta seems to have a few advantages as compared to Active Directory. Okta also has a very interesting price.

I would rate Microsoft Azure Active Directory Premium an eight out of ten.

My primary use case is for our business directory, we have integrated everything into Azure into the Active Directory. 

We basically use this for Skype. We are using the cloud environment and we need the Active directory to be ticketed so if we can call and they can log in at the moment. Apart from that, we use it for video connections. If people are working from home, it is helpful that it is in the cloud. At the moment, we do not need to go for the VPN, and then we can connect. For this purpose, we use the Azure. We run quite a big business, and it is helpful with the electrodata we have used. 

I like the way it communicates to the cloud.

Whatever business requirements we needed in the past three years, users were created, with the name of the user and they were not connected with the Active Directory. We were trying to in house in three years and with directory, but we were not able to achieve it. Based on that we have informed Microsoft. And now we have created the things that are connected to the  cloud.

In Africa, we do not have the same bandwidth with internet speed. This slows the connectivity and it provides challenges for our business.

Three to five years.

Yes, it is a stable product. But, sometimes we had problems due to the network. We are running in more than 24 countries. In Africa we were having issues, but I would say that 80% of our users are happy as a result of us switching to Azure. 

The scalability of the product is fine. 

First, we create a ticket. Then it is assigned to the technical support team. Afterwards, there is a number assigned to the request by the Microsoft team. We then upload the report of the log, or the case that is required. We then wait for the solution. Then, we can test it and implement the correction for the solution.

It was a bit complex. We initially had an issue with our IP address, but it was resolved.

I believe that this solution has simplified our work environment. We have over 13,000 users and this is very helpful to connect everything. 

It is a really nice tool and we have a license for the more complex model. It is not too expensive.

Be aware that it may not work perfectly globally yet. There are still glitches with the solution in Africa.