Microsoft Entra ID Reviews

We use it for the single sign-on to different products that we have, and it works pretty well.

In general terms, we use it as an admin tool. If we want to set up accounts for people, it's easier for us to do it like this because everything is connected to different groups.

It's a very intuitive platform. It's easy to create groups and add people.

I have used Okta in the past. Okta is easy to use, and it's also very friendly. Even users who have no tech experience would be able to use Okta.

When it comes to Azure, creating certain things or getting different resources isn't very clear. You need a certain level of knowledge of the system. It could be a little bit more friendly so that some of the things can be done easily, but after everything is created, it's easy to use.

I've been using this solution for five years. In this company, I've been using it for two years, and before that, I used it for about three years.

It's good. It has never hung up.

They're good. We don't have issues with scalability because we are not like Amazon or other companies that are super huge and have got tons of traffic.

I don't handle it directly now, but based on my previous experience, they're pretty fast. I'd rate them a 10 out of 10.

Positive

There was probably the Google management system, but it works similarly to Azure AD. 

I was not involved in its deployment.

In terms of our environment, it's a private cloud. We have the infrastructure within the platform, but all the software, all the usage, and other things are handled by us. We're private because we're a big company, so we're able to afford it. We're not an IT company, so we don't need so much processing power. So, we use Azure as a PaaS solution.

We use it as a connector for different applications. We have Adobe Sign and applications on AWS. AWS has a translation solution, and people have accounts over there. They have their translations of different products and things like that. That's how we use it.

In terms of maintenance, everything is done by Microsoft. We are just the end users.

The return on investment is easier to calculate with Okta. It's a bit complicated to calculate in the case of Azure. Of course, Azure is already a trusted platform. It's pretty big, and it's handled by Microsoft, so there are no issues with that, but it's easier to check the return on investment with Okta.

I'd recommend Azure Active Directory if you are a big company. For small or medium companies, it's probably not the best idea in the world because of the pricing. If you are a small company, you can probably deploy your own solutions because you're not handling a website with tons of traffic. If you are not like Adidas, Nike, or Walmart, you can do it in a way that is more localized than handling everything through a big price solution. However, Azure tends to provide you with solutions that are easier to use. If it was cheaper, I'd definitely recommend going for it.

I didn't evaluate any other solution. 

I'd rate Azure Active Directory a 10 out of 10.

Azure AD is where our primary user data is stored. We get a feed-in from our HCM solution and it creates our users, and then that's where we store all of their authorizations, group memberships, and other relevant details.

We access it through the Azure Portal.

This product has helped improve our security posture because it allows a tie-in into the Microsoft Azure Sentinel product very easily and seamlessly. From a security standpoint, you have the option of conditional access, the option of identity protection, and those types of things. We have incorporated those right into our offering.

Overall, security-wise, this solution has allowed us to be more flexible. When you had just Active Directory and it was an on-premise solution, you had to do a lot of manipulation to get SaaS products working. You had to do a lot of customizing and those types of things. With Azure Active Directory, it's more configuration than it is customization. This allows us to be a lot more flexible, which brings about efficiency, better security, and other benefits.

Azure Active Directory has also improved our end-user experience.

Before, most companies including ours would use a customized username that would have random characters for a user. This is different from Azure Active Directory, which uses what looks like the email address as your username. In fact, it can be set up as a genuine email address. Where it differs is on the back end, where it has a unique ID, but on the front end, it's more readable and it's better understandable.

From my user experience, the sign-on is seamless as you go through and use any of Microsoft products. Everything ties right into it, and then as you set up your different applications that are tied into Azure Active Directory, and get the single sign-on, everything becomes a whole lot easier to connect into. From a user experience, it's improved it drastically.

For provisioning users, you start by registering an application as either an enterprise application or a custom application. You can set up from within Azure Active Directory how it is that users connect to it. Microsoft has done a great job with providing a lot of application templates that help to connect and add it into the cloud. Almost every application that you could think of is there. From that point, you can set up provisioning.

To assist with provisioning, they have great documentation. From an admin perspective, much of the work is done for you. After the applications are connected to Azure Active Directory, you assign users and groups, provisioning users via API calls, which is how it's done on the back end, and it ties in using service accounts. Then, you can create a group that has the appropriate permissions such as write permission, full admin rights, or contributor rights, and then provision users into those groups. The system automatically handles it for you at that point.

This product is easy to use.

The features that we use day in and day out are single sign-on, group capabilities, and provisioning capabilities. All of these are very useful.

This product has features such as Conditional Access that improve our security posture. Conditional access gives access only through a timeframe. We have certain policies that we set up, which could be a certain amount of time or it could be a certain type of access. These are examples of types of conditional access.

Another example of a security feature that helps us is Identity Protection, which will perform the automatic detection and remediation of risks.

We also have the ability to go in and investigate any risks using data within the portal, and it's all automated. It's nice in that sense.

These features have significantly improved our security posture and time for remediation. It would be difficult to estimate a time improvement in terms of a percentage, but being that it's automated and there is a portal that displays the risks in real-time, it's a very significant change. Previously, we had to go through and look at logs and those types of things, which was time-consuming compared to using the portal.

We also use multi-factor authentication, which is very useful because that gives another layer of security protection for our users. You have to have some sort of device that you can use to provide that second factor, and not just your username and password.

The provisioning capability is a two-edged sword because it is very useful, but it also needs some improvement. When you start to deal with legacy applications, provisioning is not as intuitive. Legacy applications, a lot of times, were based on an on-premise Active Directory and you had to use it to provision users or grant access to the product. I don't know of a way to make Azure Active Directory act as an on-premises version to connect to those legacy applications.

The speed and responsiveness of the technical support are things that could use some improvement.

We have been using Azure Active Directory since October of 2018, nearly three years ago.

The stability is not too bad. It's usually other issues that go on within Microsoft Azure. Whenever Microsoft Azure is down, the Azure Active Directory service sometimes can be down intermittently, depending on where things are at.

It is important to remember that it's not always the Azure Active Directory component that is down. Rather, a lot of the time, there is an app that is tied into Azure Active Directory causing the problem. I think we've had one incident in the last year that was tied directly to Azure Active Directory, where it was down from a SaaS perspective.

This solution scales very well. We were able to tie into our previous company and then bring on all of those users in a very quick amount of time. This included making sure that they could all log in and get access. We haven't really had any issues from that standpoint.

In terms of the users, you can add B2B and you can add B2C, as well. Scalability-wise, it's been good for us. We have between 15,000 and 20,000 users, which is fully scaled at the moment.

We have plans to do further B2B, as we work with our retail partners. We have a lot of retail partners, which is how our business model is structured, and that's something that we're planning on adding and moving forward with.

As far as scaling, going up, or going down, our numbers of Azure Active Directory users are pretty much what they're going to be for the next couple of years. That said, our B2B is definitely going to increase over the same period.

We use Covenant Technology Partners as the first level of technical support. Most of our support tickets actually get escalated from them up to the Microsoft product team.

The Microsoft product team's service is hit or miss, which is something that Microsoft can improve on. They are sometimes slower to react than we would like, but for the most part, they do take our tickets and work on them as they can, to try to figure out ways of remediation.

We did not have any solution prior to this; it was simply an on-premises Active Directory. We were spinning up something brand new to move forward. Being managed saves a lot of time and effort. We migrated our users over from the Active Directory that the prior owners had, but they managed it all, we did not.

It was very easy to get set up and running. Basically, you log into the Azure portal, you have your tenant that you're already connected into, you add a domain and then you just go. You add your first user and then you continue from there.

Our deployment started in October of that year, we had our first users within a week, and then we pretty much provisioned all of our users within a month. It was a pretty quick turnaround.

At the time of deployment, we were in the middle of a divestiture. As such, our implementation strategy included spinning up a brand new Active Directory so that we could start to migrate our users over from our previous owners into a new one that we would control. Consequently, we started from scratch.

I know that a lot of companies are not doing that. Rather, many are starting with an Active Directory and then moving into Azure Active Directory, but for us, it was a clean slate. We then started to incorporate methods of synching with our previous owner so that we could get all of the data from them and continue to march towards a separation.

We brought in consultants only because we didn't have the manpower at the time when we got started. I believe there was one other person besides myself, we were both at the director level, and neither of us had been given the time to build out our teams by that point. The third-party consulting company that we brought in assisted us to help us and assist us in getting everything set up and built out.

The company was Covenant Technology Partners and our experience with them was very good. They were able to help us get everything set up and running right away. Overall, it went very smoothly.

With respect to day-to-day maintenance, we have a lot of it automated. We've tied it into ServiceNow and a lot of our user additions, modifications, deletions, and other operations are things that we have automated via ServiceNow workflow.

I do have a team of three engineers under a manager that currently manages it, but they don't spend any more than probably 5% of their time, daily, dealing with it.

It is difficult to estimate our return when we didn't own anything beforehand. There is no real basis for comparison. That said, the automation capabilities cut down manual provisioning, manual adding, removing, deletion, editing, and those types of things, of user fields. I would say those are the big savings, and it's helpful that you can easily do the automation tie-in into Azure Active Directory.

Anytime you are dealing with Microsoft and licensing, it is always interesting. We have various levels of their licensing, which includes users on different levels of their enterprise offering. For example, some are on E3, whereas others are on E5. The differences between them have to do with the various features that we use.

We're a Microsoft Teams company and we use it not only for collaboration and instant messaging, but we also use it as our phone system. We did all of that together, so when we spun up Azure Active Directory, we also spun out Microsoft teams to use as our phones and flipped off of an old PBX system. It's been very useful but the licensing can be complicated when you get into the retail partners and guests. But for the most part, Microsoft has done a good job of explaining the different levels and what we need and has given us the proper licensing.

There are no additional fees for Azure Active Directory.

We did not evaluate other vendors. Our plan was to implement Microsoft Azure as our cloud solution, as well as go forward with Azure Active Directory. That was the plan from the get-go.

I know that Okta was out there, as well as a couple of other options, but that was never really a consideration for us.

The biggest lesson that I have learned from using this product is that because it is a SaaS solution, it's easy to get set up and configured. It doesn't take a lot of overhead to run and quite honestly, the security on it is getting better. Microsoft continues to pump more security features into it.

My advice for anybody who is considering Azure Active Directory is that if you have Microsoft products that you are currently already using, I would definitely recommend it. This is a solution that seamlessly ties into your Office products, and into any Microsoft product, and it's really easy to manage. You can spin it up quickly, implement it, and get going right away. You are able to tie into your on-premise Active Directory as well. At that point, you can start to sync those two to manage all of your users and all of your groups in one place.

Overall, this is a good product and to me it's perfect but at the same time, nothing is perfect.

I would rate this solution a nine out of ten.

I have a total of fifteen years of experience in the IT industry, and I have worked with multiple technologies including, Exchange, Office 365, and Intune, and then a little bit of SharePoint. I have excellent experience with Entra ID. We have handled a lot of migrations from on-prem to the cloud. We've also done reverse migrations.

We can centralize and manage everything much more effectively with this tool. We are able to leverage role-based access controls and maintain IAM (identity actions management).   

We can also leverage Defender from a policy and security perspective so we can protect against vulnerabilities of all types. 

For remote workers, when they try to log in with the domain username and password, the device will get synchronized to the Azure Active Directory using the device identification method and it will enter an identification letter based on the policy we have derived. This helps us maintain a modern workforce organization. From our modern work workspace configuration, we can centralize and manage everything - even for off-site employees. It doesn't matter the device. It can be a laptop, iPhone device, or Android device - any mobile phone device. Everything is now centralized.

Entra ID Connect is good. If you are migrating your office environment or data center environment, to the cloud, it will do the handshake between the local director and the cloud. Based on that, the objects will be synchronized from the local active directory to the Azure active directory, and that way the users can access both the cloud-related resources, as well as on-prem applications. They can do everything through a single sign-on object. 

It provides us with a single pane of glass for managing user access. We can log onto the Azure portal and maintain all Azure objects. We can enable features so that the user can access everything using the same username and password. If the company needs an MFA license, it can use the Authenticator or any phone or DB PIN of third-party feeder keys. The product allows for a lot of security features. 

As a vendor, we do also have the Defender tool which can help with security robustness.

They have a good feature called conditional access. We have a lot of conditional access policies. For example, MFA. For each application, we can specify access. We can also search for the conditional access policy in Azure Active Directory. We've used it with Endpoint Manager. We can make it so a device can only authenticate within a specific region and any other region would get blocked. We've deployed a lot of conditional access. It reduces the risk of unpatched devices gaining access to our network.

We've used Verified ID. It's good for verification purposes.

We've also used Permission Management. It helps with role-based access. We can create separate role-based access policies for distinct departments. We'll only give specific permissions to specific groups, for example, and they'd only have limited access to certain areas. We can really customize the policy to make the access very granular. We gain good visibility and control over identity permissions. We can configure and deploy down to specific locations or devices based on a customer's needs.

The product has helped us save time for IT admins and the HR department. It's easy to do a password reset. Instead of having to raise a case with every tool, IT can write a ticket for users and do it all from one spot.

Active Directory has saved our organization money. When you deploy the virtual machine, initially, if you are you have a data center server, the server will be kept online in the data center environment. However, nowadays, in the cloud environment, if you have the virtual machine for the application and you can autoscale the server, you can perform on that. If it is off-peak hours, the server will not need to function. It will be shut down based on the rules we define. During that time, the cost is minimal.

We don't have as much control. It's all Microsoft. If any service is down, it can affect a whole region. We would need to wait on a ticket and get word from Microsoft to understand the issues. If it takes longer to resolve the issue on Microsoft's side, all we can do is wait for them to fix it. If it was under our data center, we'd be able to give it immediate attention directly.

I've used the solution for almost five years. 

The stability is fine, although we cannot do anything about it. We cannot directly specify the gateway. That's decided on Microsoft's side, depending on where the user connects from. I'd rate the stability eight out of ten.

I'd rate the scalability eight out of five. Nowadays, we do not need to procure physical hardware, so it's easy to scale up. We can add new virtual machines with ease based on the application support from the OEMs. If you want to increase RAM, this is automatically done via autoscaling.

We've dealt with technical support. Whenever we have issues, we'll write a ticket. We have a premium license and we'll write tickets under that. They'll coordinate with us for any major issues.

Support used to be better. We'd prefer to fix the issue ourselves rather than go through Microsoft. However, they are still helpful and responsive under the license we have.

Neutral

Previously, I did not use anything. I've always relied on Windows-related technology. We had used Windows 2008 and 2012 servers in the past. Now we use 2019 and 2022 servers as well as the latest environment. 

I have used Okta in the past, however, I don't remember much about it. I've used previous versions of it. 

I was not directly involved in initial setup tasks, however, when they migrated the user's object from the local active directory to the cloud, then we used a third-party tool called Cluster Migration Manager, and we used the tool to migrate the object user and object functionality to Azure.

We have continuity load balancers and we have also deployed VMs and SQL databases. we've configured a lot under this product.

We do use premium licenses. One has limited access and the other has more features. Users might also have Office 365 licenses in order to use Exchange. If a company has a large number of employees, like 2,000 or so, they should look at enterprise-level licensing. Educational instituations can access educational licenses. 

We tend to use Windows, however, users may also use AWS or Google if they want and align on that. We work based on the customer's needs and align with whatever they may be.

We usually work for customers that deal with Microsoft. We're consultants, not direct Microsoft partners. 

I'd rate the solution seven out of ten.

The solution acted as a source of truth for everyone internally and those we collaborated with externally. We deployed it in the cloud, so many of our users are remote and spread across the country.

The features around permissions are excellent.

The general usability of the site could be improved.

The ease of use regarding finding audit information for users could also be improved.

We want to see better integration with other Microsoft 365 products; it's a separate tool, but they all need to work together.

We've been using Azure Active Directory for about four years. 

The product is very stable; I rate it nine out of ten for stability.

Azure AD is very scalable; I rate it nine out of ten for scalability. 

The customer service needs improvement; it takes a long time to open a ticket and get it resolved.

Neutral

We previously used Google G Suite and switched to Azure AD for better security, and to match the platform our clients are using to allow easier collaboration with them.

The initial deployment was straightforward, although we initially found it challenging to understand how to use Azure AD to manage access and permissions with external parties. We carried out the setup using three staff; myself and the IT team.

We have seen an ROI with the solution; the ability to collaborate with external partners provided tremendous value. 

I evaluated Okta some years ago, so that information isn't fresh. 

I rate the product nine out of ten, and I recommend it. 

I have come to depend upon Azure AD as my go-to identity management tool. Almost all businesses today use a Microsoft cloud-based product in some form or another, and integration in Azure AD ensures consistency, compliance, and simplified integration across the enterprise.

Additionally, we use many of the built-in security enhancements and features offered by the solution. Single sign-on and other integrations into a range of line-of-business software applications add to the many use cases available through Azure AD. Along with securely extending the on-premises environment to the hybrid state.

The key improvements to our organization are:

1. A singular control plane is enabling a more efficient administrative process.
2. RBAC simplifies role access providing a simpler approach to zero trust.
3. Onboarding and offboarding extend to every integrated application meaning that compliance is maintained.
4. PIM and PAM: Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved.

With so many features available out of the box, it is difficult to adequately summarise in the space provided here.

I find that integration of enterprise applications outside of Microsoft via OATH and SAML is by far one of the most valuable features as it makes software distribution and access simpler and, with SSO enablement, ensures a lower threat surface from end users.

Azure boasts 90 compliance certifications, and this exceeds that of its competitors. With the compliance manager resource, you can control the company’s compliance tasks from one place.

The tool helps you meet complex compliance obligations. For example, you can undertake continuous risk examinations, provide an outlook on your company’s status and provide opportunities for improvement as needed.

With Azure Advisor and the Secure Score continually assessing your security and compliance posture, there is less need for highly paid security engineers. Especially when considering the size of the Microsoft security operations team also monitoring significant portions of the client environment.

It's really difficult to speak to this. The product is constantly undergoing feature enhancement and enrichment, and anything I would like to see coming is already available for public review.

Azure Active Directory is an easy-to-deploy, robust unified identity and access solution that securely extends your existing on-premise infrastructure to the cloud and provides seamless integration for in-house applications and 3rd party SaaS platforms. Granular policy-driven access controls ensure that access is granted only to authorized identities and devices and from approved locations. Azure AD includes an array of security and compliance options to ensure your business governance is adhered to without impacting productivity.

If I had to pick one, it would be to put the features of P1 and P2 into a single license.

I have been using Azure AD for approximately seven years.

The platform is not without its occasional hiccups, however, in general, it is stable and issue-free.

There are few other identity options available with the scale made available by Azure AD.

Support is hit-and-miss. Some days you'll get someone amazing who has the right knowledge and is willing to go beyond to help. And then there are the other times when help isn't forthcoming.

Neutral

The initial configuration is simple. The configuration process is guided so that even a non-technical person can successfully complete the onboarding.

We are a university using Azure AD to authenticate staff, faculty, and students. Our organization completely depends on Azure Active Directory for authentication and identity-related features. All cloud activities and third-party services are validated with Azure Active Directory.

We also have an on-premises Active Directory, and the data is synced periodically to the cloud. Most of the services done on-premises are reflected in the cloud at once. We can also do the same handling features from the cloud to write back to the on-premises AD. This is the architecture.

We are implementing more and more services in the cloud on Azure and AWS, so we need to monitor our data security thoroughly. It's always a concern. Azure Active Directory enables us to easily validate the identity of anyone who connects to a particular server. We need to validate our data properly. For example, we must ensure our research data is going to the right person and place. Microsoft Azure Active Directory provides the easiest way to do that.

The Conditional Access feature lets us restrict access to a group of people on specific servers. We create a group in the Azure Active Directory and put only the necessary members there. For example, we can easily set up conditional access to SSH, Telnet, SSH, HTTPS, or any service with Azure Active Directory. 

We plan to implement Zero Trust in many of our other devices. It is an essential feature because users from multiple countries are accessing our research servers. We can provide a highly secure environment with minimum services without compromising productivity with a Zero Trust strategy.

We have wireless units deployed across the campus and use Microsoft AD services to authenticate all wireless activities. Many of the use cases are covered by wireless. After authentication, some users need to be redirected to the cloud. Their identities can be easily validated and captured with Microsoft AD. It gives us excellent control over our on-premise infrastructure.

Verified ID has helped us with our remote workforce. We provide VPNs to our remote employees so they can connect to our cloud services, authenticate with Azure, and be granted the necessary access. We provide policies for each user basis. Users in each category connect to the VPN, authenticate with their Azure credentials, and securely access all the cloud services.

We give provisioned laptops to our remote employees. With the help of this VPN, they spend less time coming to work in person because they have full-time access from home. So that way, we could reduce most of our official requirements concerning our employees. 

Privacy is a crucial security concern for our organization. With Verified ID, we can ideally authenticate Microsoft services without worrying about compromised identities. We used to have these issues with on-premise Active Directory, but this is less of a problem since we migrated to Azure Active Directory.

Our HR department can easily get a complete report on our users. HR can see specific fields, like designation, school, businesses, etc., if they need it from the Azure AD. They can also get the usage logs. They don't need to store all this manually for each person. They can easily get all the reporting parameters from this.

Azure AD saves us a lot of time. On any given day, it will save around four hours. It also saves us money because we don't need to pay for the resources required to have Active Directory on-premises. If we relied on on-premises Active Directory, it would require data center resources, like air-conditioning, power,  hardware, etc. We save considerable money by deploying it on the cloud. Percentage-wise, I think we could save around 40 percent. 

Azure Active Directory has improved our overall user experience. I would rate it a nine out of ten. Our users are delighted.

Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure handles everything. We haven't experienced any errors or security-related issues in the past four years. Many people use our protection servers from outside, requiring multi-factor authentication. Each authentication is logged precisely.

In addition to the SSO, Azure AD is entirely flexible. We have other Microsoft services running on-premises, so Microsoft Azure AD allows us to sync other Microsoft services completely. This is perfect for us.

Microsoft Entra offers a single pane of glass for managing users and cloud services on multiple platforms. It all requires authentication and validation of user data, so Azure AD helps us to authenticate each user's identity without any security compromises. 

Microsoft has an excellent administration portal that enables us to sync our on-premise Active Directory automatically with the cloud. Any on-premise policy changes are reflected on the cloud. There are various options for each user on the admin portal. You can change user passwords and other attributes or configure a policy for forgotten passwords. A writeback feature can also reflect changes from the cloud to the on-premise environment. If you change the password from the cloud admin center, it gets reflected here.

Microsoft Azure AD Connect has a multi-factor authentication. Multi-factor authentication is a crucial feature, but we only require MFA for specific servers in the cloud. With Microsoft Azure AD Connect, we can specify the users and servers that require multi-factor authentication.

Azure Active Directory integrates well with other third-party applications. Third-party hosted solutions have the option. We can even create applications with Microsoft Azure AD. When users log in to Microsoft Azure AD, their credentials are stored in the application, and we don't need to get them on-premise Active Directory. So, it is an essential feature for us.

Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications.

We have been using Azure Active Directory for four years. 

Microsoft services have a reputation for complete reliability, so we expect the same from Microsoft Azure AD. It doesn't disappoint because most of the on-premise features extend to the cloud. Plus, Microsoft Azure AD has additional features, configuration, and single sign-on capabilities. It's a complete package for this authentication and validation purpose. Most of our users are pretty happy with this product.

Azure AD is completely scalable. We can add unlimited users.

I rate Microsoft's support a ten out of ten. Microsoft technical support is excellent

Positive

Previously, we have used on-premise Active Directory.

Setting up Azure Active Directory was a bit complex. The migration process is somewhat challenging because we don't want to lose any on-premise data. Each user has many parameters and access policies already set. Without even changing the password, we were able to sync all this data to Microsoft Azure AD. It was a complex procedure because Azure AD Connect has to be deployed correctly. We required help from Microsoft's technical support to do this.

Our initial deployment required three system admins and took around one week, but it took around six months to import all our users and get everything working properly. After deployment, Azure AD doesn't require any maintenance because everything happens in the cloud. We don't need to bother with anything.

The return on investment is pretty massive. We save time and money. It helps us even if we opt for a subscription. We save a considerable amount of time with the cloud version because it has various features unavailable in the on-premises Active Directory that save time for the system administrators. We can concentrate resources on hiring other staff instead of system administrators. All the features are within the cloud itself, so it reduces the maintenance costs of an on-premise server. 

Active Directory is bundled with a package of Microsoft services, so it doesn't cost much. I don't know about the individual license of Active Directory. 

I rate Azure Active Directory a ten out of ten. I would prefer Azure AD to have multiple application scenarios requiring a single sign-on facility and complete authentication, validation, and security tracking. 

If they require it in their application, even if it is an on-premise or a host application, I would prefer Microsoft Azure AD because it handles all this simultaneously. No other application covers a complete range of activities in an all-in-one solution. 

The primary use case is as an authentication mechanism or platform for the ISV solution that we offer our customers. When they are authenticating to our application, Azure AD is the solution on the backend the customers are actually using.

I'm a software developer so I write a bunch of integrations between applications and one of them is Azure AD. Our organization itself uses Azure AD for our external solution, which we provide as the authentication mechanism.

The most valuable feature is the authentication platform. Whether that's for users authenticating to applications or for actual applications that we write, authenticating to Microsoft or other applications. We can do app registrations where we're doing client-side or client credential flow authentication from an external app to a hosted Microsoft app or whatever other app within the Microsoft catalog we want to connect to. The focus area has been around being able to integrate and connect to different Microsoft resources using Azure AD to actually provide the authentication piece.

There are a lot of areas where the data from a reporting standpoint is extremely granular. It is great that you're able to get to that data at the same time unless you actually are hands-on with the tool, as it can sometimes be overwhelming to actually be able to decipher what that means. So if you're looking at audit reports or another sort of logging, the amount of information is never the problem within Azure AD, it's trying to distill it down to the information that you want. I think the solution can improve by making the consumption of that data easier for the customers.

I've been working with the solution for five or six years at least. Probably longer. 

The stability is very good. I think it's gone down only a couple of times and when it goes down, there are bigger problems than just us. From my perspective, it is fairly stable.

I think the ease at which you can create new resources and the like from an overarching Azure perspective is phenomenal. I believe Azure AD is scalable. There are some pieces of it that are difficult to use. When assigning layered groups or layered roles to users, trying to figure out the access that a user has can sometimes be a little tricky. But overall I think it follows the Azure model, so it's easy to deploy new pieces as needed.

We have a little over a hundred total users. Azure AD is only accessed by a couple of people within our organization, and they're all based out of our home office in the US. The authentication mechanism is used around the world. We have offices around the US and in Europe that all sign in using Azure AD as the authentication piece. We have 250-ish groups and just over a hundred users.

Previously we used on-prem ADFS. At our organization, we integrate with a whole host of different identity providers; Ping, Okta, and those types, but we've always used a Microsoft product internally for our user setup and access. We switched to Azure AD because our product is also hosted within Azure. As part of that, we actually also switched to a hybrid cloud where we run both on-prem AD and Azure AD online.

There were a couple of hiccups along the way, but the initial setup was fairly straightforward.

The biggest issue for us was getting the sync working from on-prem to the cloud. That was the hardest part. As far as the deployment itself, we went and created an Azure tenant and then created the Azure AD or a portion of it. After that, setting up the sync was really the biggest part.

The implementation was completed in-house, and we integrate it from our product perspective.

Azure AD makes our work a lot easier, but I don't have an actual number to show an ROI.

We're a Microsoft shop, so it basically was the only option that we really had if we wanted to use Azure. Our services host Azure so it made sense for us to use Azure AD.

I give the solution a nine out of ten.

We actually integrate with Microsoft Entra and are able to add additional functionality to it. Entra does everything down to the entitlement level within applications, whereas our organization would go a little bit further and go to the object level. But from an overall user access perspective within our cloud environment, Microsoft Entra does give us visibility into what that user's assigned, based on their roles and group access.

We don't use Microsoft Entra in the way that most other companies are going to use it. We're looking at it from a strategic perspective for the security reporting application that we provide our customers. When a customer of ours would be using Microsoft Entra and they want to extend it to provide additional reporting or to actually go down and assign functions at the object level within their applications, they would use our organization to do that. I don't technically use Microsoft Entra to actually view what our users are looking at from a user access perspective.

I don't know if we use it internally at our organization, but in the majority of cases, the clients want to be able to have a place where they can do enterprise-wide identity management. And so that's what they are trying to get to with Entra. That's a question that a lot of our customers have across the board. The functionality that Entra provides is the ability to span across different either business applications or other third-party applications. The customer then has to be able to do identity-based access control from a single-pane-of-glass within our Azure AD instance.

I don't do the actual assignment within our organization from an Azure AD perspective. We extend what Microsoft Entra provides, from a feature functionality perspective. We have a separate IT team that would actually do the user creation and access assignment within Azure AD and I don't know if they use Microsoft Entra to manage all identity and access tasks within the organization.

We're a Microsoft ISV and we connect with a number of different ERP, CRM, and HDM-type systems, but we do security on compliance reporting and functionality.

We integrate with the solution. Customers that are using Entra, would or could use our organization when they need that extra level of detail. We use it for development purposes to actually create a working solution. We support that as far as when we do our reporting from our organizational perspective. I don't use Entra internally at our organization, so we integrate with it from a coding perspective. As far as features and functionality go, we integrate with it and we support it. 

We run the solution on-prem and then we sync that to Azure AD in the cloud, but it's on a normal public cloud, overall.

I think Azure AD is a no-brainer if you're a Microsoft shop and if you have other Microsoft products already. It boils down to what sort of office you're looking for. Being a development shop, it absolutely made sense to us to use Azure AD because we were already using Azure, so it could be included with that offering. If you're not a technical shop then I think you should have to look to see if it's something that you are going to manage, and how many other applications you manage within your organization from an access perspective. If you're doing that across 25, 50, or 100 different applications, then Azure AD is a great choice. If you don't really sign into too many things, then there may be more cost-effective ways out there. It depends on what your use case is.

We use it for various things in the organization:

1. Provisioning access to systems in the cloud for either internal teams or our partners' external teams. 
2. We use Azure AD for Windows device management with Azure AD Intune. We use them for the management of devices. We have company devices, laptops, or tablets all using Azure AD. 
3. Within Microsoft Azure, we use various services, e.g., Office 365, for granting the right level of access to the right people.

I am directly involved in the project. I know what is happening and being done by developers. I have also done some hands-on work in a test environment, using my own account, just to learn.

In our previous organization, we had to give continuous system access to users from external teams, who were not employed by our organization. This solution certainly helped with provisioning access to them, providing them with single sign-on access. It also monitored giant movers and leavers, which was helpful. 

Azure AD has massively affected our end-user experience. It provided a single sign-on for all our partners. They don't have to remember their password. They might be accessing 10 of our systems and don't really need to remember all 10 different user IDs and passwords. In most of cases, they are accessing our systems with their own organization's identity, so they don't need to remember a second user ID and password in addition to their organization's credentials. Requesting access is much better since it is all automated.

Their connection to the on-prem AD is a strong point. A lot of organizations already use on-prem Active Directory. That easily lends to using Azure AD compared to other providers. 

I like the automated provisioning of access, either for internal teams or external teams.

It has things like conditional access. For example, if someone is accessing sensitive information, then we could force them to do multi-factor authentication. Therefore, we can stop access if it is coming from a location that we did not expect. 

Compared to what we can do on-prem, Azure AD lacks a feature for multiple hierarchical groups. For example, Group A is part of group B. Group B is part of group C. Then, if I put someone into group A, which is part of already B, they get access to any system that group B has access to, and that provisioning is automatically there.

Geo-filtering is not that strong in Azure AD, where we need it to identify and filter out if a request is coming unexpectedly from a different country.

I have been using it for five and a half years on multiple projects.

It is very stable. In the last five years, we only had two major incidents on Azure AD. This is key for Azure services. If your Azure AD is down, then it brings down a lot of other services within Azure. 

It is very scalable.

My previous organization, which did power plant construction, had hundreds of partners at any time and about 10,000 internal staff. 

The product is extensively used. Many times, we have changed the way that we design based on new features introduced by Azure AD, so that drives what we do and how we design. Therefore, if they introduce a new feature, we send it straight on to be researched, then determine where we can use it. 

I am not directly in touch with technical support. I have never been on the other end calling Microsoft for technical support.

We didn't use another solution prior to Active Directory, which has been in place for a long time (20 to 30 years).

When we started using this feature, it saved time when provisioning access to users. Critically, it removed access to users who did not need access to the system. That was a significant improvement. Time-wise, we saved about tenfold. Its day-to-day maintenance is also much easier than without it.

We chose Azure AD when going to the cloud. It was key for us to maintain security within the organization. I don't think we could imagine securing our cloud without identity management as strong and rich as Azure AD. It is a key player in anything that we do on the cloud to secure resources and a critical element that determines our security.

I have set up test environments. The setup is easy, not difficult at all. This is one of the solution's strong points.

A lot of people already have on-prem Active Directory. It is a natural step to extend it to Azure.

Compared to other products in the market, the Azure AD deployment is the fastest. Depending on the size of the organization, it could take weeks or months to deploy.

For an organization of 10,000 users, there might be a team of five to six people supporting AD for day-to-day things.

Pricing-wise, they offer a stepladder approach. You can start with the lowest level features, then start increasing based on new requirements.

I have not really tried any other products, so I wouldn't be able to compare it with other stuff.

Start small, then expand it. When your organization wants to add Azure AD, you can try it on a smaller scale first.

I would rate it as eight out of 10. I am unfamiliar with other products in this market. That is why I am compelled to give it eight out of 10.