Microsoft Entra Workload ID Reviews

With SalePoint, we don't use it with AWS as a main cloud provider; we are using Azure, Azure and Entra, and we don't integrate it with Azure and Entra. It's primarily being used for creating users in Active Directory on-prem.

There are benefits and challenges that I've experienced with these, such as resistance to change from people inside the organization for doing things quicker, better, smarter. I'm an advocator of it, and I think we could save a lot of time, a lot of effort, a lot of expenditure on things that are not needed by using it a lot more.

All of it from Microsoft Entra Workload ID, all of the identity lifecycle could be improved here.

In my opinion, some of the best features with Microsoft Entra Workload ID are native integration with Office 365, the ability to seamlessly integrate with the Entra stack and provision application access natively with an Office E5 license. But we're not doing it.

I have utilized the automated access reviews as well.

Integration with existing IAM solutions has not helped our identity management processes; it's all of the things that are in front of Directory and Entra, such as SalePoint and other toolsets, give us one of the worst identity experiences I think I've ever come across, which is why I'm trying to change it.

I would say if our security team were using the advanced analytics with Microsoft Entra to its fullest extent, then it would be phenomenal. But they're not. I happen to be looking at it, but they're not.

I have dealt with SalePoint in my company for six years.

I would evaluate the customer service or technical support with Microsoft for Entra products as well; we are a strategic partner, so we're one of 500 companies that can talk to them directly. And also, being an ex-Microsoft employee, I have an excellent relationship with Microsoft, and I can get done or get responses to incidents very, very quickly.

Positive

I don't know how I would assess the impact of AI-powered threat detection for us.

It has helped with security operations in general; I'm being very cagey here, Damian. You can understand why. Where I work, there is a directory services team. There is a security team. The security team may have several different departments in there. I think they are behind the times.

That's about as far as what I would say. We may have the modern firewalls and detections and all the rest of it, but I think from a modern way of working, which the identity is a user which is any device, any place, anywhere, from anything, okay, securely, they're not quite up with that concept, in my opinion.

The review rating is 8.

I've been dealing both with ManageEngine and Microsoft.

I am mostly working on the Identity and Access Management and CIM access platform, so I'm not especially working on password management, but my overall activity is related to the Identity and Access Management platform, compliance, security, and everything.

I have worked on the PAM area in a limited way wherever it was required, such as integrations with Microsoft, integration with the Auth0 CIM platform, and we have built up the platform for PlainID. Wherever we require PAM, I have used it in bits and pieces, but if you say I am a hardcore PAM guy, I would say no. I have an understanding of PAM, how it works, and how it integrates with the IAM platform.

I am also working with something by Splunk.

I have been a reseller, integrator, and consultant, but I do have hands-on experience with AppDynamics.

I am currently not working with AppDynamics in my customer's companies.

My last experience was about a year ago.

I am working with Microsoft Sentinel, Sentinel by OpenText.

I am working with Microsoft Entra Workload ID.

Existing IAM solutions help streamline my identity management processes. If we take the example of Microsoft, sometimes it's a service provider, and sometimes it's an IDP, based on that, we are set up to integrate other identity platforms with Azure, and there is some plug-and-play activity as well with options such as Okta and AWS IAM. The configuration is standard; we only replace the signing URL and the redirect URL, and everything else is automated. We have various options available with Microsoft Entra, such as B2B cross-tenant guest member accesses, and we can invite users and perform activities from that area, while we are also dealing with Azure IaaS, infrastructure as a service, which has different IAM platforms existing with resources or subscriptions.

Mostly on the SOC activity, we are not focused more on the SOC side, and basically, we are in normal activity such as BA support for user-related activities and password leakage. We have developed some AI-based agents who can detect and share user activities. Previously, we had PowerShell scripts running on the platforms, and if any of those activities are there, we are sending alerts. We have converted the same thing into an AI agent.

Transaction monitoring has impacted my ability to prioritize business transactions, such as logins or checkouts.

Particularly about Microsoft Entra Workload ID, I think they still could improve categorization, which still has some room for improvement. They have adopted a lot of things in the IGA platform, such as features that SailPoint is providing. They have covered a lot in the IGA area, and in collaboration, Microsoft is now functioning as identity as a service. We benefit from the features that we have. For example, previously with SailPoint, you needed to sync to the AD to get users and groups before performing operations, but now, we can limit users for sync and should only use cloud accounts to ensure security without touching our hybrid or on-premise platforms.

There are many additional functionalities I expect from Microsoft Entra Workload ID in the future, but it's tough for me to comment due to the variety of licenses we have, such as device management and Office 365. Overall, the complete product is very broad, and there are still some areas that I have not explored.

I am not familiar with remote access products by ManageEngine.

I do not use ManageEngine.

My experience with ManageEngine is average on a scale of 1 to 10.

I have been working with Splunk and AppDynamics.

I would recommend Splunk AppDynamics for companies interested in its data collection features with agents or OpenTelemetry.

I would describe the effectiveness of AppDynamics' application performance monitoring capabilities, particularly in hybrid and on-prem environments.

I am currently not using AppDynamics. For the last year, I have not really tried the AI search-related things, but those areas I have captured with the GitHub Copilot area and CloudSonic.

In last October, I am no longer working with Splunk overall or using some other Splunk products now.

I am currently working with Splunk products.

I am working with Splunk Enterprise Security now.

Microsoft Sentinel is the only Microsoft product that I am working with now.

I am working with Copilot.

My experience with Microsoft Copilot is that it is an average one, but when we deal with GitHub Copilot, it really makes a difference because we are writing a number of PowerShell scripts that are sometimes 5 to 700 lines long, and we are getting great help from there with very accurate understanding.

I have been dealing with Microsoft Copilot Studio as well.

I have been dealing with other GitHub tools such as code scanning and code spaces.

I have used automated credential rotation with consumer management for the same.

We are working on automated access review areas because a lot of access packages are deployed on Microsoft Entra, and we are trying to automate those so that people can just request access packages and get access by birth rule. We are focusing on automation in this area.

I would assess Microsoft Entra Workload ID from 1 to 10 overall for my knowledge.

I would give this review an overall rating of 10.

The product enables organizations to synchronize users to Microsoft 365 products.

Integration with other products must be made easier.

I have been using the solution for one year.

I rate the tool’s stability a seven out of ten.

About 50 people in our organization use the tool. It is used daily.

We get support from our supplier.

Neutral

The initial setup was moderately difficult. The solution is deployed on the cloud. The deployment took a few hours. We needed about three people for the deployment.

Our partners helped us deploy the product in our infrastructure.

I rate the pricing a six out of ten.

We started using the solution recently. We have a lot of Microsoft products in our organization. It was moderately easy to integrate the solution with other Microsoft products. Overall, I rate the tool a seven out of ten.