Microsoft Entra External ID Reviews

I have been using Microsoft Entra External ID for about seven months, currently evaluating and using it for deployment for our customer. I'm using Microsoft Entra External ID right now.

I have no relation to Microsoft; I am a consultant and customer of Microsoft. My customer purchased Microsoft products and they are trying to purchase and deploy Microsoft Entra External ID, so I'm a consultant, an independent authentication and identity consultant for them. I give them advice and I completed a POC about what I call EID, Microsoft Entra External ID, and Azure AD B2C, which is their X B2C product and they sell both EID and Azure AD B2C, planning to discontinue Azure AD B2C maybe after 2030, with a promise to extend support until that time. I provide technical information and discuss the differences between EID and Azure AD B2C to our customer, which is why I evaluate Microsoft Entra External ID right now.

The best features of Microsoft Entra External ID include its unification of B2C functionality and B2E features. Microsoft calls it B2B, but it's better to say B2E since it means business to inside of your company, similar to the old Azure Active Directory. EID has both B2C functionalities and B2E functionality.

EID has a unified external identity provider, external application, and external user, unifying these objects and internal workforce users, as Microsoft calls them. EID unifies workforce users with external business partners, which is a very strong feature. Azure AD B2C cannot unify both, as it only provides B2C consumer identity IAM platform features. Therefore, the most important feature is the unification of B2C and B2E.

I have utilized the adaptive authentication feature of Microsoft Entra External ID; I evaluated and adopted it in a virtual environment that mimics a real customer system, similar to a sandbox. We evaluated and deployed EID to our customer system, including authentication.

Microsoft Entra External ID can be improved with additional features, specifically customizable flexibility and a customizable user interface for the login dialog. Currently, the login dialog has very limited customization options, which only include font styles, colors, text messages, or brand icons.

Last month, Entra ID introduced some customizable features in their login dialog, but this does not apply to Microsoft Entra External ID, indicating a significant gap between the two. In theory, Entra External ID can support many external identity providers where custom login dialogs could be integrated, potentially via SSO feature coordination, although I have not yet confirmed this. Hence, enhanced customizable login options and the ability to use attribute password logins are critical features that are required for Microsoft Entra External ID to gain dominance in the authentication market.

The initial setup of Microsoft Entra External ID is not overly complex, although it's essential for an administrator to fully understand the background theory and architecture of both Microsoft Entra External ID and Azure portal, as well as Entra ID itself. This understanding can be challenging for ordinary engineers. Once you grasp the components and architecture—that is, having a tenant for Microsoft Entra External ID, Entra ID, and Azure AD B2C—it's not difficult to create the tenant and add users or external identity providers.

Microsoft Entra External ID operates entirely as a SaaS solution; they do not offer on-premises deployment options, making it straightforward in that regard.

For Microsoft Entra External ID, there are several types of users: internal, external, and invited external users. Internal users can use password authentication, while external users can use email OTP for password authentication. For B2B collaboration, internal company employees, referred to as workforce users, can log in using some authentication method linked to their Azure ID or Entra ID, allowing for SSO log-in.

The authentication methods available are very limited, and this presents a weak point. EID does not support other forms of attribute password authentication, such as phone number and password combinations. The only authentication options are UPN or email, with UPN being a format derived from the person's email and EID tenant domain. This is one of EID's weak points compared to Azure AD B2C, which offers customizable authentication options, including attribute and password combinations.

I do not have support from Microsoft; the only assistance I've received was regarding the discontinuation date of Azure AD B2C. From May onward, customers who purchased Azure AD B2C can still create tenants and utilize the service until 2030. However, companies without a Microsoft license for Entra ID or Azure portal cannot add Azure AD B2C, creating logistical issues for some of my clients who are unable to evaluate the platform. This has introduced some challenges for consultants.

The initial setup of Microsoft Entra External ID is not overly complex, although it's essential for an administrator to fully understand the background theory and architecture of both Microsoft Entra External ID and Azure portal, as well as Entra ID itself. This understanding can be challenging for ordinary engineers.

Once you grasp the components and architecture—that is, having a tenant for Microsoft Entra External ID, Entra ID, and Azure AD B2C—it's not difficult to create the tenant and add users or external identity providers. However, bringing in an identity consultant during the initial setup phase can greatly streamline the introduction of Entra ID; after that, operation and administration become much easier.

I do not have support from Microsoft; the only assistance I've received was regarding the discontinuation date of Azure AD B2C. From May onward, customers who purchased Azure AD B2C can still create tenants and utilize the service until 2030.

The main use cases with Microsoft Entra External ID are lifecycle management and access packages, including access certification. The majority of our usage involves lifecycle management, specifically provisioning and de-provisioning activities.

For B2B accounts, the best features with Microsoft Entra External ID enable guest users to receive time-bound access when provisioned. This is how we implement it for B2B accounts.

I utilize the onboarding features with Microsoft Entra External ID.

I deal with External ID, Verified ID, and workload ID.

The impact of having multiple authentication types available significantly helps with security practices using Microsoft Entra External ID. It particularly supports multi-factor authentication effectively. We mainly use MFA through Microsoft Authenticator, and some people use Microsoft's Verified ID.

The detailed monitoring and reporting in Microsoft Entra External ID support compliance efforts effectively. The monitoring features are robust. We sometimes use Sentinel for monitoring and logging features. We can integrate with Sentinel or third-party logging features, SIEM connectors, or any SIEM solution such as Splunk. From the Microsoft perspective, Sentinel is excellent for monitoring.

The user experience is acceptable, but Microsoft Entra External ID is not a full-fledged IGA solution. We use different products for complete Identity Governance Administration. Microsoft Entra External ID is suitable for small-scale enterprises implementing identity lifecycle management since most have Active Directory. However, there are several challenges.

The out-of-the-box connector has limited features for applications, requiring us to build scheme connectors. While small-scale enterprises can benefit from Microsoft Entra External ID's Identity Governance solution, large-scale enterprises might need different tools from leading market vendors such as SailPoint or Saviynt.

Customers face particular challenges with contractor and B2B accounts. Microsoft Entra External ID isn't a complete cloud-based account solution, as it must handle internal employees and collaborate with internal Active Directory.

There are delays in the identity lifecycle process, especially for contract partners during onboarding and off-boarding. This might be due to back-end syncing with Active Directory. B2B account removal and provisioning take considerable time. Access governance, particularly access certification for guest users, is time-consuming. Multi-factor authentication enforcement also presents challenges for external users.

I have experience of five to six years in this field with Microsoft Entra External ID.

I don't frequently connect with support people for Microsoft Entra External ID. The support quality appears to be based on the purchase version. Compared to other leading vendors such as Saviynt and SailPoint, who have dedicated support staff, Microsoft primarily provides knowledge base articles for reference rather than personalized support.

Neutral

Microsoft Entra External ID primarily focuses on identity management rather than being a complete governance solution. In contrast, Saviynt and SailPoint focus on comprehensive identity governance solutions with different modules. These vendors offer inbuilt packages for identity management, access management, access governance, and access control. They include certification capabilities, SOD solutions, complete lifecycle management, third-party management, and privileged account management. Microsoft Entra External ID lacks complete Identity and Access Management capabilities, particularly in areas such as Segregation of Duties and privileged access management. It can handle access certification to a limited extent but remains incomplete compared to other vendors.

I have experience with solutions in the Identity and Access Management space, handling Microsoft Entra External ID and other tools including Saviynt and Delinea.

I started working with Azure Active Directory before it moved to Microsoft Entra External ID. I now work directly with clients for implementation. I have 15 to 16 years of total experience in Identity and Access Management.

We use multi-method authentication, with clients using different types of authentication and external authentication as a second factor. They implement MFA, Identity Verification, and some use FIDO as different authentication methods.

I assess Microsoft Entra External ID's policy management effectiveness for organizations as adequate, meeting approximately 50% of requirements.

My overall rating for Microsoft Entra External ID is 5 out of 10.

When I say identity, I mean Microsoft Entra External ID. We have been using Microsoft Entra External ID since the beginning of 2022. I am using it as a client. The purposes for using Microsoft Entra External ID include creation of users, applying security, applying licenses, and similar functions. We replaced our on-premises Active Directory with Microsoft Azure identity or Microsoft Entra External ID. We are not expanding at this moment, but we are also planning to.

Because we are not using Microsoft Entra External ID that much at the moment, it is convenient for whatever we are doing, such as creation of users, applying licenses, monitoring sign-ups, and applying policies. These are the things that we are doing, and it is performing well.

The monitoring and reporting features in the product are good and support our compliance efforts. Monitoring and reporting help us in detecting if we are under attack because we noticed some malicious activities and the reports show us what happened exactly. Therefore, it was effective.

Since we implemented Microsoft Entra External ID, we have noticed improvements in managing external identities.

Not really at the moment, but perhaps when we go deeper into using Microsoft Entra External ID, we may experience some things we may not prefer. However, up to now, we have not encountered anything that I consider a problem or disadvantage.

If we apply more features, let's say we applied mobile device management for a few machines, a few mobiles, and some computers, and it worked, but I do not know what will happen when we apply this to the rest of the network, which is 1,500 computers and more than 2,000 mobiles.

I do not know what to say regarding new features that could be added to Microsoft Entra External ID. Perhaps we can integrate this with our ERP systems for the HR systems that we are going to have. Perhaps with this integration, we can find this application more practical.

We have been using Microsoft Entra External ID since the beginning of 2022.

Microsoft Entra External ID is stable.

For us, Microsoft Entra External ID is a scalable product.

The technical support from Microsoft is very good. I can give them a rating of nine.

Positive

I have not worked with something similar to Microsoft Entra External ID or products from other vendors. We used to have on-premises servers.

The solution is easy to deploy, and we already have our partner who helped us during the implementation. Therefore, it was easy, and we received support from our partner.

The approximate percentage of savings is about 30%.

I experience time savings since using Microsoft Entra External ID, for certain.

Microsoft is flexible in the pricing for the product, so I cannot say that it is expensive, but definitely they are flexible in the price lists and their ways of doing payments.

For policy management in my organization, I would say it is perfect. We are applying many policies. The multi-method authentication is a very good idea for our security practices using the product. I heard that Microsoft is planning to move towards password-less accounts and not having any passwords. However, for the multi-factor authentication, it is good. It protects us a lot. I give this review an overall rating of nine.

I am looking for a new solution and investigating existing products. We are already working with Microsoft Intune and SOTI. I have been working in the past with a Kaseya product, specifically Datto RMM.

I worked with Kaseya from 2022 until three months ago in my previous job. I have experience with Kaseya IT Glue and Datto RMM.

It was Kaseya Global, used to detect all endpoints, including service, scanners, printers, and for distribution of software.

I have been working with Microsoft Intune for several years. At the company where I started some months ago, they are using SOTI MobiControl.

We are partners with both Microsoft and SOTI. We are an IT global company who have different kinds of customers, which is why we use both the Microsoft suite and SOTI. We use the global suite of Office 365, Microsoft Intune, and the Azure environment.

The experience has been rather good. There are other possibilities, but we made the choice to go with Microsoft, and we have a good experience with that. Most features are paid per month, which is the model many companies are using right now. Though this is unfortunate, it is unavoidable.

For the last four or five years, I have been in an IT manager function, focusing on making things happen and having technical persons execute tasks. In the last three months, I have transitioned to a project manager and service delivery manager function, guiding rather than executing tasks directly.

The licensing model of Microsoft is rather abstract with different ways to handle it. Managing the licenses to use and sell to customers requires specialist knowledge.

Several years with Microsoft Intune.

I would rate their technical support eight out of ten. I have personal experience with Microsoft Entra External ID. I am satisfied, and the customers I am dealing with are also satisfied with this product.

Positive

I have been working with Kaseya IT Glue and Datto RMM.

The only problem that you might face with Microsoft now is their complex licensing model.

I haven't been using Microsoft Defender for IoT. I've been using it for Microsoft Office 365 and the devices, but not for IoT.

In the last three months, I have been working in a project manager function and service delivery manager function, focusing on guiding rather than executing tasks.

I am aware that we're using Microsoft Entra External ID, but I'm not a specialist in it. From what I've heard and seen, I would rate Microsoft Entra External ID seven out of ten as a product.

We are both a partner and reseller of Microsoft. We are partners with both Microsoft and SOTI. We are an IT global company with different kinds of customers, which is why we use both the Microsoft suite and SOTI.

As a project manager and service delivery manager profile, besides my own use, I cannot provide much technical detail at the moment.

I'm more familiar with the Microsoft Entra External ID, the Active Directory external identities, because we have a hybrid environment.

For the parts that I handle, the on-premise part is easier for me. We have an MSP that handles most of those issues, so I don't really have to do much there.

The best features of the Microsoft Entra External ID are that it's fairly easy to use, and I personally prefer the on-premise part. I can use the cloud Microsoft Entra and it's fine, but I grew up in the industry using Active Directory on an on-premise server, so I still prefer that.

I assess the impact of the integrated single sign-on in Microsoft Entra for simplifying the user access experience as positive. Users don't have any issues and it's been fairly easy for them.

I haven't utilized the adaptive authentication feature.

We haven't used the customization capability for user journeys within the Microsoft Entra External ID.

I don't have experience trying to create distinct policies for different user types.

I haven't leveraged the analytics or reporting tools.

I have been using it for less than half a year.

There have been a couple of times when it was unavailable because of Microsoft issues, but other than that, I don't remember any problems.

I'd rate the stability of the Microsoft Entra External ID as a 10.

The Microsoft Entra External ID is a scalable solution. I haven't had to do anything in terms of scaling it, since we only have about 100 users and added 20 users since I joined the organization.

Microsoft support for the Microsoft Entra External ID is good. My MSP handles all of that, and I have never had an issue with Microsoft support, so I'm very happy.

Positive

I didn't use any other IAM solutions or IDaaS solutions before this job.

With the Microsoft Entra External ID, I have a little experience with the permissions management portion, but not a lot at this point.

I haven't been using the permissions management portion for long because our MSP handles most of that.

We had the Microsoft Entra External ID before I came to the organization. I only joined a little over two years ago, so that happened before I got here.

I don't really have to use the Microsoft Entra External ID often because we have an MSP that handles 95% of what we have to do there. The times that I have gone into it, I found it easy to use and I haven't had any issues with it.

I would recommend the Microsoft Entra External ID to others.

I am the Director of Technology with that company.

I rate Microsoft Entra External ID a nine out of ten.

I have experience with these products, and currently, we are using them in our organization.

Regarding Auto-GPT, it was only a POC.

I mainly work with Microsoft products in our system because we have an organizational subscription.

For security purposes, we do Intra ID authentication and we have separate authorization.

We use Microsoft Entra External ID for all our Azure products, whether it is Functions or OpenAI, or Synapse for analytics purposes. We use Intra ID only for all of them.

When it comes to Microsoft Entra External ID, Microsoft itself is the best distributor. They provide very good documents for training and knowledge.

It is very easy to use. When it comes to Microsoft products, all are very easy to install and very easy to use. That is the best feature of Microsoft products.

I have not utilized the adaptive authentication feature of Microsoft Entra External ID.

Previously there was a question about adaptive authentication, and this is the first time I am hearing about it. I will go through some documentation and review it.

I think the analytics and reporting tools are good, but when it comes to UI, it should be more user-friendly. Something similar to ServiceNow features or a Salesforce kind of UI would be good, as it currently looks more black and white.

What I would to see in the future is that authentications and authorizations should be policy-level configurations and field-level configurations, rather than at the entry point.

I see these features in their competitors, such as in other cloud features, ServiceNow and Salesforce.

I have been working with it for three years.

We do have one-on-one technical support. Any issue that we are stuck with, they provide full-fledged support to us and to the organization.

I would rate their technical support as 10 out of 10.

Positive

We have actually reviewed Auto-GPT for workflows, but not so much productivity with it. That is why we are trying to explore CrewAI.

I am exploring CrewAI now. I want to see what their offerings are.

As of latest, when it comes to my experience, I am not satisfied.

I am not at all satisfied with the workflow augmentation regarding agentic AI workflows.

On a scale from one to ten, I rate Microsoft Entra External ID a seven.

I have not explored much, so I only use the SSO part of it.

When it comes to legacy tools, appliances, or legacy firewalls, the integration does not work as effectively. The integration part is not that familiar, so multiple layers are needed to have those sorts of integrations.

The support engineers are not as skilled as our engineers. When they say something would not work, or there is no solution, we usually hear that Microsoft would not support this. However, we have figured out ways to use open-source tools or alternative solutions to address those restrictions that Microsoft has and make things work.

Positive

If you are familiar with Azure solutions, it is affordable. If you need support, then it becomes quite expensive.

As an end user, I use both Linux and Windows products. Our organization is mostly Windows, but we have various Linux servers.

My experience with Linux includes primarily Ubuntu and Debian.

We use Ubuntu, and we don't do any LTS or long-term service; for the most part, it's all free.

I'm familiar with Autopilot; we're actually in the process of transitioning, as all our services have been on premises for a long time, and we're starting the Autopilot at this time.

I've had experience with Entra for a while; we've used it for a lot of SAML integrations and SCIM integrations with different software vendors and users.

With Microsoft Entra External ID, we utilize Entra ID. We have over 200 employees, most of whom have emails, so we handle their multi-factor authentication methods through Entra ID, app registrations, and various software vendors, along with SCIM and single sign-on capabilities.

Some of the best features with Microsoft Entra External ID are that the SAML and SCIM integrations are straightforward. We haven't had many issues with that, mainly due to the vendors we work with that aren't necessarily easy to integrate with, but overall, Microsoft Entra External ID has made it pretty easy from their side.

The positive impact of Microsoft Entra External ID on my organization is that it enhances ease of use for the administrative side. When setting up an account in one place, it propagates everywhere else, although some of our organization hasn't felt the full breadth of it yet. We're circling back to catch all the software vendors we've purchased, which has greatly improved the user experience.

Where it could be improved beyond the previous pain points is that every software vendor should have SAML or SCIM integration, and if they don't, I believe they are doing a disservice.

On the Microsoft Entra External ID side, they could improve by making more opportunities for open source software integration.

Setting up integrated SSO with Microsoft Entra External ID is a pain, but once it's set up, it's manageable. The challenge comes from our broad demographic, as we have people here for 30 plus years who aren't as computer savvy as some, but after the initial setup of single sign-on, the less tech-savvy ones have caught on quickly. It doesn't seem too disruptive for them.

We haven't utilized the adaptive authentication feature with Microsoft Entra External ID yet.

The ability to create distinct policies for different user types has helped in maintaining a secure and flexible environment.

I would rate the technical support or customer service from Microsoft a 6 to 7, maybe a seven.

The communication flow could be improved by having a direct line from Microsoft to our business rather than through an intermediary, as we're generally going through an MSP for support, which makes it indirect.

Positive

My experience with other vendors besides Netgate is non-existent.

In terms of return on investment, prior to using this product, our company managed our own mail server with all internal authentication happening on premises, resulting in a ROI in the thousands every year.

Concerning the pricing or setup costs for Microsoft Entra External ID, based on my experience with Entra and 365 in general, it shouldn't require a whole education on their software. That's been a pain point as we have specific licensing that limits our access, indicating a need for clarity without requiring extensive training.

Better integration with open source software would help us because my supervisor specifically advocates for it. We utilize a lot of open source software, including Netgate, which supports an open source firewall platform, and open source is significant in many areas of our business.

The training generally is complicated to understand, leading us to often go through a managed service provider. It shouldn't be this way, as it should be easier for medium to small-sized companies to navigate the licensing without relying on an MSP.

On a scale of one to ten, I rate Microsoft Entra External ID an eight out of ten.

I have been dealing with the security part for sure.

The fact that it is quite integrated into the entire Microsoft environment makes it quite easy to use. 

Furthermore, Microsoft's reliability in providing a clear roadmap for the solution is very important, especially at a time when cybersecurity is a risk in every company. 

The solution is easy to reuse and not difficult to find expertise for in the market because it is widespread. 

It is gaining attention even from partners and from the market on the offering side. This serves as a good starting point for customers who can develop internal competence on the solution. 

Additionally, the presence of reliable partners who know the solution and can provide internal knowledge is the best aspect for them.

The most important issue is the cost. I generally find Microsoft solutions expensive, especially in specific offerings. 

A common concern among the customers I visit is the unpredictability of Microsoft's costs at every renewal. This is particularly challenging during enterprise agreement renewals, as it's difficult for customers to review costs leading to lengthy negotiations. This is really bothersome for the customer, and I would say it is the worst element I have seen in these years.

I have been using the solution for three years, from the moment Microsoft started releasing data about using identity management.

I would rate it at eight out of ten for scalability.

In general, my experience with Microsoft's technical support goes back at least 30 years. The support for business applications, infrastructure support, and Entra has been mostly positive with highly skilled technicians. However, the timing of support can be problematic due to different time zones. After initial contact and a problem discussion, I often have to speak to different people if the original person is unavailable for a follow-up. This requires a repeated explanation of the problem, leading to lost time. The support is helpful, but the frequent changing of personnel is bothersome. Only through escalation can I expect continuity with the same person, but that usually takes a couple of months. Customers are generally not happy with this aspect of the technical support.

The lack of a specific contract with Microsoft makes it difficult for my customers to get in touch with technical support. While having what was previously called Premier Entra offers access to highly skilled personnel with good response times, without it, reaching Microsoft's team is challenging. This often leads my customers to rely on partners, making it imperative that partners maintain up-to-date competencies. This represents a weak point, as only the largest companies, with sufficient numbers of seats and employees, can rely directly on Microsoft technical support. For others, it is not very accessible.

Negative

I usually recommend this solution. I have a cybersecurity company that has built an offer on it. I absolutely propose this solution. It is a very good solution with room to grow. 

I would rate it eight out of ten.

I use Microsoft Entra external ID for enterprise purposes, particularly for Microsoft Teams.

The most valuable feature for me is the firewall capabilities. Additionally, the single sign-on feature is very useful as a single solution can be used for multiple types of single sign-on applications. This helps in cost as well as time saving since I can use a single solution for all the applications.

Single sign-on for external applications such as Oracle could be improved to be a little bit cheaper. The cost is very high.

With the new name, Microsoft Entra, I have been using it for a little more than a year. However, in terms of Microsoft Azure Active Directory, it has been around ten years.

The stability of this solution is very good. I would rate it nine out of ten.

The solution is highly scalable. I would rate it nine out of ten.

I rate their technical support as eight out of ten. Overall, the quality of customer service is satisfactory.

Positive

I previously used on-premise Active Directory, and I switched to Microsoft Entra external ID due to the need for cloud applications.

The initial setup was easy.

Yes, I have seen a return on investment from this solution. It has led to cost savings as well as time savings because I can use a single solution for all applications.

Regarding pricing, the cost seems high for single sign-on, especially for external applications like Oracle.

Overall, I rate Microsoft Entra external ID a nine out of ten. 

The single solution advantage for multiple applications is a key recommendation point.