Microsoft Entra ID Reviews

Our hybrid system includes in-house domain controllers and Azure integration to link with Microsoft Office solutions. We develop some small-time applications with Power BI and use the tool for local user authentications.

Our office has only two departments, so we don't use the solution across multiple locations. It's an in-house tool, and we created the hybrid system so that specific users can still connect remotely when they are off-prem. We have around 50 total end users. 

The solution made our organization very flexible and increased our security because we previously faced authentication issues; our users sometimes could not connect from their laptops when they took them off-premises. There were also occasions where the cache was lost, so we couldn't troubleshoot, and users could not log in. This issue was solved, and now the system is flawless.

Azure AD helped to save time for our IT administrators; I haven't calculated precisely how much, but I believe it saves me two to three hours a week. 

We are delighted with our organization's Azure AD user experience, so we have no complaints about that. One of the best aspects is we don't have to update anything; Microsoft handles all of that for us. 

The solution allows users to authenticate from home, and the Office 360 integration is advantageous.

Azure AD provides a single pane of glass for managing user access, making the user sign-on experience flawlessly consistent; there is little difference between working from home or on-premises.  

The single pane of glass makes the application of our security policies very consistent, as they are replicated well. We use a VPN to connect with users while working from home, ensuring our security policies are in place. This means there is little difference when staff work from home, as we can track their work. 

Verified ID is quite effective and secure when it comes to privacy and control of identity data.  

We use the solution's Permission Management, which provides excellent controls over identity permissions in Azure AD, Microsoft, Amazon, and Google Clouds. We don't have any issues with this asset.

The Permission Management feature helps to reduce our risk surface when it comes to identity permissions. 

The product could be more cost-effective. 

We've been using the solution for around four and a half years. 

The stability is excellent; we recently experienced our only Azure outage, which was a global one.

The solution is very scalable.

We never had to contact customer support, and the only time we contacted Microsoft was to renew our contract or change the provider. I provide technical support within our organization.

Positive

We didn't previously use a different solution; before Azure AD, our infrastructure was all on-prem, with only specific data and backup in the cloud.

I carried out the deployment, which was pretty straightforward; I previously did a course on Azure, so it wasn't a problem for me. The solution requires very little maintenance, and I'm the sole admin.

It took around three weeks to realize the benefits from the time of deployment, as we had to migrate many of our older systems into Azure, and the integration involved a lot of other vendors. Our email was on a Linux server, and we had a different cloud provider, so the deployment required significant collaboration with multiple parties.

As a small organization, we didn't have a deployment strategy as such, but my approach was to communicate with the other solutions' vendors to gather the required information. Then, I migrated our Linux emailing system into Azure, after which I went for the data, so it was relatively straightforward.

The solution costs us 60,000 Rupees annually, just over $700, and there are no additional costs.

We have to pay for the antivirus solution Microsoft offers with Azure AD, and they should provide it for free. It comes free with OSs, so it should be free with Azure too.

We didn't evaluate other options; we work solely with Microsoft products, so Azure AD is what we got. 

I rate the solution nine out of ten. 

The admin center is very useful, but I prefer to remote into my server to do the administration that way, so I don't use it very much.

We use the solution's Verified ID and two-factor authentication, but we don't use it to onboard remote employees; all our staff are based on-premises and sometimes go off-prem, but typically, they're all in the office. We don't have remote workers as such. 

Regarding cost, I don't think the solution saved us that much, but feature-wise, it's excellent.

To others considering Azure AD, it's an excellent product. If you want stability and simplicity on your system, it's a great choice, and I definitely recommend it.

I usually use Microsoft Entra ID to access our resources and to manage our approvals. It is used to assign roles, set limits, and manage access levels. For specific users, I ensure that nobody else has access. My personal files are protected, and confidential projects are kept secure.

The solution has helped build trust. I trust what I am doing and make sure that my files are protected and safe.

Microsoft Entra ID offers strong security levels, especially with two-step authentication, which confirms that I am the real user. It ensures that nobody can access files or emails without permission. Additionally, it consolidates sign-in requirements across different services, like GitHub, Twitter, and Upwork, in a single application. Microsoft Entra ID changes permissions to role access ID levels, ensuring access to only what is needed.

I do not see any area needing improvement. Perhaps integration with other AI tools, beyond Copilot, could enhance its use, like signing into ChatGPT.

I have been using Microsoft Entra ID for almost more than fifteen years.

I have not experienced any performance or stability issues with Microsoft Entra ID.

Microsoft Entra ID is scalable. It can accommodate many accounts, beyond just a few.

I have not been in contact with Microsoft customer service.

Positive

I evaluated Google Identity and HashiCorp but decided to stay with Microsoft Entra ID because of its user-friendliness and familiarity.

The initial setup of Microsoft Entra ID was very straightforward.

The deployment of Microsoft Entra ID was handled in-house by our department.

I have not thought about return on investment because the company provides Microsoft Entra ID. However, the protection it offers is invaluable.

The cost of Microsoft Entra ID is around $8 per month, which I find very reasonable.

I evaluated Google Identity and HashiCorp.

I rate the solution at ten because it is a great solution for those looking for security and privacy.

We use Microsoft Entra ID to ensure our users have the correct permissions and access. It manages privileged identity and ensures that we have proper MFA for the security of our employees.

Entra ID has made us more agile, enabling us to move faster in our tasks while providing tools for our employees to become more agile and efficient. The solution has improved our security considerably. Entra ID has helped us strengthen security across the board regarding access to apps and resources. It lets us create layers of security that help us prevent significant security issues in the future, such as nation-state attacks and token theft.

The solution helps us envision a future with zero trust, which is one of our goals but challenging to achieve. Entra ID has given us a pathway to achieve it.

Multi-factor authentication is one of the most important features of my work. Verified ID is another feature that is becoming significant. Furthermore, Microsoft Entra ID provides governance over IDs while ensuring people have the correct permissions. We also gain more visibility into security issues, leveraging automation to address them. It's made us more agile and efficient.

There are many new features being added all the time, and Microsoft is advancing at a pace that aligns with our needs. I can't think of anything immediate that needs improvement.

We have been using Entra ID since Microsoft Office 365 was released. I'm unsure of the exact year, but it's been quite a few years—perhaps 10.

The stability of Microsoft Entra ID is fantastic. We rarely encounter any significant issues.

The scalability is great. We are a larger partner, so we're a high-end example, and it's scaled very well for us.

Customer service and technical support have been outstanding. For an organization the size of ours, we have a dedicated team we frequently connect with and escalation paths for larger issues.

Positive

We previously used various solutions, but integrating everything under Microsoft has allowed us to streamline and manage everything in one place.

The setup process is quite streamlined, particularly around cost procedures. However, I don't have any additional details.

We worked with several partners, although I can't recall any names.

I don't have specific metrics but implementing the solution has definitely helped us.

Our experience with pricing, setup cost, and licensing is streamlined and simplified, particularly in cost procedures. I don't have more details beyond that.

I don't recall any specific alternate solutions evaluated before switching.

I'd rate Microsoft Entra ID a 10 out of 10 due to the extensive range and focus on security features.

When I started using Microsoft Entra ID I was an identity and access management technical support engineer at an organization that was a Microsoft partner. I use Microsoft Entra ID primarily to reproduce customer scenarios or challenges they are facing to help them resolve issues on their end. 

Microsoft Entra ID offers a single pane of glass for managing user access. This unified interface provides essential notifications and guidance if further actions are needed within Entra ID. While all features can't be displayed simultaneously due to potential clutter making it visually unappealing, the centralized view efficiently directs us toward managing user access and other identity and access management tasks.

The single pane of glass affects the user's experience positively. Microsoft Entra ID makes necessary innovations when it comes to the GUI interface.

In my overall assessment, the admin center seems effective in consolidating all the responsibilities and duties that admins should be able to perform. This centralization makes it efficient for users like us global admins and user administrators to find everything we need to do in one place, adhering to the principle of least privilege. While I appreciate the admin center's functionality, I prefer working with the Entra portal for its more robust view.

Microsoft Entra ID has significantly improved our organization's security posture. One key feature is what we call privilege identity management, specifically designed to manage sensitive administrative credentials. For example, imagine a CEO with an account in Entra ID. We might also have an IT technician or support person with an admin role, like a Security Admin. We call these privileged identity accounts. While the CEO holds the highest position, they don't need admin access. privilege identity management has been instrumental in enhancing our overall security in several ways including, Robustly securing privileged identity accounts: PIM implements stringent controls and access restrictions, minimizing the risk of unauthorized access to sensitive data and systems. Enforcing the principle of least privilege: PIM ensures users have only the minimum permissions necessary to perform their duties, reducing the attack surface and potential for misuse. Adding extra layers of security: Entra ID integrates multi-factor authentication and conditional access policies, further strengthening access control and mitigating security risks.

Entra ID's conditional access feature strengthens the zero-trust principle, which emphasizes continuous verification and never granting automatic trust. This policy has significantly improved our overall security posture by implementing specific controls that grant access only when users meet defined conditions.

The visibility and control provided by Entra ID permission management across Microsoft, Google, and Amazon Cloud is impressive. Microsoft has a long history in the identity and access management space, starting with Active Directory and subsequently adapting to the cloud. Their cloud expertise has served them well in developing Entra ID, a comprehensive IAM solution. I believe Entra ID represents a significant improvement, offering clear visibility and control over permissions. While I haven't used other third-party products for comparison, I feel Microsoft has delivered a top-notch feature within the IAM landscape.

Using permission management has helped reduce risk surfaces regarding identity permissions.

Entra ID has significantly reduced the time burden on our IT administrators and HR department. Take, for example, its built-in self-service password reset feature. Imagine I've forgotten my password and need to reset it. Previously, I'd have to log a request with IT, potentially waiting for assistance if they were unavailable. SSPR empowers users to reset their passwords independently, freeing up valuable time for our IT team. For our HR department, Entra ID offers integrations with third-party apps, also known as user provisioning. This comes in two flavors: outbound and inbound. Outbound provisioning specifically applies here. In this scenario, Entra ID acts as the source system, creating user accounts in the target third-party SaaS app which is like a tag assistant. For example, if an HR employee needs access to Dropbox or G Suite, we can create those accounts automatically in Entra ID and then provision them into the corresponding SaaS apps using user flows. This eliminates the need for manual user creation in each app. Furthermore, we can implement single sign-on, removing the hassle of juggling multiple passwords for different resources.

Microsoft Entra ID has significantly impacted the employee user experience, particularly through its single sign-on functionality. SSO eliminates the need for multiple passwords to access different resources. Previously, when a user was created in Entra ID, accessing other applications developed outside of Microsoft required separate credentials and logins for each platform. This created a fragmented and cumbersome experience. However, with Entra ID's SSO, user authentication and authorization for these third-party applications now seamlessly occur through a single sign-on process. This grants secure access to all integrated applications without the need for additional logins, streamlining the user experience and enhancing security.

Every feature in Microsoft Entra ID plays a crucial role in overall security. It's like the human body – we might underestimate the importance of seemingly insignificant parts. They might appear small or seemingly irrelevant, but their absence can have significant consequences. When a fingernail breaks or a hair falls out, we suddenly appreciate their role in the body's function. Similarly, with Entra ID, I wouldn't prioritize one feature over another. Each contributes significantly to the platform's robust security posture. They all work together to provide the best possible approach to cloud security. Therefore, highlighting a single feature as more valuable wouldn't be accurate.

Microsoft Entra ID can make improvements in two key areas. The first is to upgrade Workday and SuccessFactors integration to OAuth 2.0. Currently, these HR applications use basic authentication for inbound provisioning to Entra ID, while integration with other IDPs utilizes OAuth 2.0. Many organizations request the adoption of OAuth 2.0 for Entra ID as well, considering its enhanced security. The second is to provide clearer communication about features under public review. Features under public review should have comprehensive documentation outlining their capabilities and limitations. While user feedback is crucial, deploying incomplete features in production environments can lead to frustration and blame. Customers should be informed that public review features are not intended for production use.

I have been using Microsoft Entra ID for three years. 

The technical support team is always readily available 24/7. Regardless of when we raise a support ticket, someone will promptly reach out and try to resolve our specific issue. I understand that the support experience can vary depending on the agent we connect with. Some may not have extensive product knowledge, while others have hands-on experience and offer quick, helpful solutions. Overall, I'd give them a solid ten out of ten. Their constant availability and dedication to resolving our problems are commendable. Even with agents new to our organization, we can feel their effort to assist us. They escalate issues if needed, consistently check back with us for satisfaction, and demonstrate empathy while reassuring us that any limitations or problems we face will be addressed.

Positive

With the rise of cloud computing, Microsoft's exceptional hybrid identity capabilities proved invaluable for our organization. We were able to seamlessly integrate our on-premises users with the cloud through Entra ID. This implementation involved leveraging both Entra ID Connect and the cloud sync agent. While I'm unsure of their identity management setup before Entra ID, I can confidently say that the organization already relied on Active Directory on-premises before I joined.

Deploying Entra ID is generally straightforward. Once we create our Entra tenant, we gain access to Entra ID. Similarly, if we subscribe to Office 365, Entra ID is automatically created for us. This default setup meets most basic operational needs. Therefore, we don't typically need to make any further configuration unless we want to adjust security settings based on our specific organizational needs. Overall, using Entra ID is seamless and can be started directly from our tenant or Office 365 site.

The cost of Entra ID depends entirely on our organization's specific needs and use cases. For smaller organizations, like a local supermarket, it might be quite affordable with the basic free tier or a lower-tiered license. However, larger, multi-national companies with complex requirements may incur higher costs due to the need for additional features and advanced licensing tiers like P1 or P2. Instead of simply labeling it as cheap or expensive, it's important to consider our specific scenario and what functionalities we require. Different models and licenses cater to different needs, so the best approach is to carefully evaluate our organization's specific situation and choose the most suitable option.

I would rate Microsoft Entra ID a ten out of ten.

In the global identity management space, roughly 70 percent of organizations, in my experience, utilize Entra ID. One key reason for this adoption stems from the prevalence of on-premises Active Directory. Many organizations have long relied on this on-premises solution, and Microsoft's decision to replicate its functionality in the cloud, resulting in Entra ID, made the transition seamless for existing users. This familiar interface and consistent experience significantly eased adoption, leading to the 80 percent user utilization rate for Entra ID within my organization.

It is the primary ID platform that we use. It is where all our users are homed. We have Intune integrated with it as well. We use it for authentication. We still have some on-prem infrastructure, which uses legacy or traditional on-premises Active Directory, but all the endpoints and all the users are homed in there.

We integrate with single sign-on for a lot of applications, such as Monday.com and ConnectWise. There are a lot of other tools there, and we use Entra ID for them as well. We use the multifactor authentication functionality in there and then Intune as well, which technically is not a part of Entra ID, but they are very close-knit. We use that for software deployment onto devices, and then we have been on Autopilot for device building and everything like that. It is the center of a lot of what we do.

Years ago, we had on-premises Active Directory, and we still got some clients out with the on-premises Active Directory. On-premises Active Directory worked well when everyone was in the office, but you had to be on the network to log in. If you took a computer home, you could not log in. Microsoft Entra ID definitely accommodates remote working. It is in the cloud. It is a lot more flexible. Someone can just eat out of the box now. They can log into a device, and it sets itself up and deploys the apps with supporting services. It is definitely a lot more flexible, and because it is in the cloud, it is evergreen. New functionality and features are coming out to it all the time, which is great. Previously, every three years or so, you would upgrade your server and you get new functionality, whereas now, you are getting that all the time. If you want to integrate with automation and AI, it all comes to Entra ID first. It is very powerful, and the flexibility to upgrade indefinitely and allow people to work from anywhere is a big push of it.

Microsoft Entra provides a single pane of glass for managing user access. Having that as your single source of truth is very helpful. That directory can be accessed from anywhere without a VPN or anything else. When you are applying a security policy through Intune and Entra ID, you can be sure that it is applying to all devices, whereas with an on-premises directory, you might have a group policy to apply security, and you might change that policy, but if someone was not in the office or using VPN, that policy might not update on their device, so you could never be sure if it worked. There was no way to look at your 500 machines and see which machines had the policy applied and which did not. You could not do that, whereas, with Entra ID, you can. You can even do things in Intune where, for example, if a security policy is not applied or if a device does not have the necessary threshold of security policies and security software, the device is no longer compliant, and it cannot access any resources and things like that. It is much more powerful.

It works very well. Conditional access is probably one of the best features of Entra ID for the ability to control what can be accessed from where and by whom. In the zero trust model, it is very good. We are an IT managed services provider. We are a massive target, and it is a huge risk because if someone breached us, they breached our 2,000 downstream clients because we have got access to their systems. Within Microsoft 365 or Entra ID tenant, you cannot even log in to that tenant unless you are on a compliant IT device. It is a powerful feature.

It has definitely helped to save time for our IT administrators. When I speak to clients, I always work on a rule of about two or three percent of the headcount for IT. It is normal IT when you are a reasonable-sized company, but with 500 people, we have got three people in that team now, which is much lower than that. When you buy a new device, you can log in with the IT credentials. It sets it all up. All your policies and all your software are ready to go. There are no humans building that manually. A lot of it is sort of self-service now as well. So, it cuts down on a lot of time and that thing where people have to come to the office to update their software. The way it was five years ago, if you got an issue with a new laptop, you had to take it to the office and log in yourself for the first time before you went home. You do not have to do any of that now. With Entra ID, the access is via the cloud, so you do not have that issue where years ago, your password would get out of sync with the office. You do not have to deal with all of that. Compared to an on-prem device years ago, the support required is much less. You can now deploy the software centrally and remotely. We are an SMB. Our customers are SMBs. If you are a big company, you probably had a technology platform or a team waiting to deploy software remotely even years ago, but SMBs did not have that. A lot of work was manual, and it was time-consuming, whereas now, with Entra ID and some of the functionality around it, those small businesses almost have a corporate-size business service that they can provide, and it is whatever pounds per user a month.

The cost savings are probably quite high. There is a lot of efficiency for the IT team. There are a less number of issues, so the users are more productive. A typical IT function is a 2% to 3% headcount for a 500 people organization. You would expect ten people to be on our IT team, but we have got two to three people. We have six heads less than we might have had years ago. We are an IT company, so everything should be running slick. We are also using a lot of bleeding-edge technology, so there are some more issues with that, but we have fewer people to support the business. People are more productive. It is hard to quantify the savings, but it is a lot. I have been around long enough to know what the world was like before and how painful it was, but I do not have any stats. I have customers who invest in a lot of technology, and I have ones that do not. We are producing some metrics around that, and it is really interesting to see that the customers who spend a lot do not have major outages. They log fewer tickets and things like that.

Coming from a traditional on-premises Active Directory infrastructure, it is purely a SaaS platform. It is global. It is evergreen. It is always evolving. It is core to the Microsoft Ecosystem. We are just starting to get involved with Power Automate. Because it is all hooked into Entra ID, it is all integrated in there, so the same security, governance, and controls are a part of that. It drives that ecosystem, and we can just keep adding services on top of that, which we do and sell.

They have had a few outages, so stability is a little bit of an issue. It is global. That is the thing. I know some of the other competitors are regionalized ID platforms, but Entra ID is global, so when something goes wrong, it is a problem because it underpins everything, whether you are logging in to M365 or you have single sign-on to Azure, Autopilot, Intune, Exchange mailbox or another application. If there is a problem with Entra ID, all of that falls apart, so its great strength and weakness is the global single tenant for it. Stability is a key area for me. Otherwise, it is generally pretty good. 

We are getting away from the hybrid experience where we used to have devices connected to Entra ID and on-premises directory. That was painful because the on-prem version was probably developed 30 years ago, and it was not designed for a cloud world. It is not too bad now, but getting there can be quite painful in terms of synchronous users and things. It is not very seamless, but if you are fully in Entra ID only, it is a good experience. The stability and the hybrid state can be very problematic and complicated.

It was formerly called Azure Active Directory. We have probably been using it since it was launched.

I have been a Microsoft partner for 15 years. I have been a partner since I have had our business. It has been quite a long time. 

We are a managed service provider, so one of our core solutions is managed IT support. Microsoft's technical support is not great. We are a partner. We are not an end customer. We have a partner premium support agreement. We have a very strong technical team, and when we go to Microsoft, it is pretty serious. 

We have 2,000 clients for a 70 million turnover. We probably escalate 10 to 15 tickets a year to them. When we raise a ticket, the first person asks the basic things such as if we have restarted the device. With Microsoft, when you get to the right person in technical support, it works, but that is a few layers up, and you have to push hard to get there. However, they have saved us a couple of times. 

We spend 15 million pounds a year on Microsoft, but I would pay to have a better direct channel to someone senior because, by the time we are escalating an issue, it is pretty serious. It needs to go to someone senior, not junior.

Even when I was querying about coming to this conference because we get some marketing funds, they said that I cannot claim it. I had to escalate it, and then eventually, they confirmed it was right. It took about a month.

Neutral

We have got a couple of customers who use Okta as their ID platform for authentication. That was not our choice. That was their choice.

Okta started the Cloud or SaaS ID platform authentication. They were the real pioneers of that. A lot of the features of Azure or Entra ID were in Okta first. Sometimes, Microsoft does not innovate in some areas initially, but they certainly catch up. Okta is probably the market leader in terms of Cloud or SaaS ID. 

The two customers that we have now are very painful to move to Entra ID. If we were deciding it now, they probably would not use it because Entra ID has caught up so much. It is better. One customer has 500 people and 100 grand a year for Okta. Okta is seen as the thought leader, and it is a good product. My boss is not technical, but he always says to me, "Is that like the Rolls Royce solution? Do you need a Rolls Royce?"

I am not an Okta expert, but it has automation capabilities such as user life cycle management where if you have a new staff, it will go through and add them to all the necessary systems and get them all set up and ready to go. Entra ID offers some of that automation now. I have not really looked at it, but it is not as powerful. Some of the governance features in Okta are very good as well. Okta looks a lot better, and it is a much nicer interface than Entra ID, even though Entra ID has become better. In the case of Entra ID, for most of our customers, Entra ID is included in the license they bought anyway. If they stop using Entra ID and start using Okta, they are not going to save money. They are just going to incur more costs. A Microsoft solution is integrated into the Microsoft ecosystem. It is easy. It is there. It is the default. You can use Okta with it, but that conditional access piece is almost like the real USP. That is the real winning feature in Entra ID. You probably do not get it with Okta, so that would be the real winner.

Entra ID is not too bad, but Microsoft licensing generally is insane. Most customers normally buy a bundle license with Microsoft 365, E3, or E5. Out of our 2,000 customers, for 99.9% of our customers, the Entra ID license that they are getting through the part of that would be sufficient. There are some more advanced ones that give you a bit more functionality, but we probably have not had a customer for that. We do not even internally use that ourselves.

When you buy the Entra ID license on its own, it is probably three or four pounds. You just get it included in the license. Most people buy it anyway because it comes with conditional access and Intune and all such things that they might use, so that is straightforward. Okta is not cheap. For a customer with 400 or 500 users, it is about 100 grand a year. It is like a premium product in price point comparison. When you move to Okta, you are not saving money on the Microsoft side, so it is not worth it for most companies.

Overall, I would rate Entra ID an eight out of ten.

The primary use in my organization is for identity and identity security management. In our case, it's in our hybrid infrastructure, where it's not the cloud-native option; it's based on on-prem identity infrastructure on the cloud. We use it to manage our identity in a multi-cloud scenario. 

We use it also for our software developers for credentialing. They use a single credential, and they can use multiple platforms, like, GitHub, Google Cloud, AWS, et cetera. 

The product is connected to our security operation setups.

We also use it in our organization to on and off-board the users constantly. It helps strengthen our permission management and privilege access management. For example, if one of our engineers or users needs temporary sole permission to perform an action, we use the product to temporarily grant that security role, or that extra permission that will last a certain amount of time. After the desktop is completed, the permissions are revoked. That way, users do not have a sensitive role constantly enabled.  

The overall identity management and lifecycle management capabilities are great. We can support our entire operation. For example, we can create an onboarding package for the users so that at the right moment they have everything that they need and access to exactly what they need when they need it, and this will help our transition team when new users start. They can have the password, credentials, et cetera, all accelerated while making sure there are no security gaps. 

Entity management is great. We can provide access for short amounts of time as needed. 

When we develop applications, we leverage Entra ID to create an application like an identity so we can tailor the security posture of an application that is often used or exposed on the public internet for customers. 

To summarize, identity lifecycle management, privileged access management, and identity and credential management for developers and applications are all the best aspects of the product, in a nutshell.

Entra ID provides a single pane of glass for managing user access as well HRID of API capability for third-party integration. The single pane of glass positively affects the consistency of the user's sign-on experience. That is one of the strongest points. Using a single pane of glass and then adding HID, like a gatekeeper for identity, is very helpful. The user now knows what they expect when they authenticate an application or they authenticate a portal or simply consume Microsoft Office since the experience is very consistent. It's always the same. Our support knows when, in which scenario, and what could be a problem and then quickly can help the user to overcome an issue. The single pane of glass actually is the beauty of the product.

Security policies can now be very consistent and very granular and can be completed in specific ways for individual users. For example, there is a way to tailor your security experience for certain container reviews. A sensitive user, a high-risk user, or a developer, can have a custom mail detail or security policy that will impact only them while the rest of the standard users will not be affected by an end security policy since their workloads wouldn't require that.

The portal is really handy. It's exactly what you would expect it to be. The management center is very comprehensive. We've had no problems with the useability of the admin access and the capability of the product offering. 

This solution removes a lot of burdens, especially for us as cyber engineers. With a few clicks, we can create and target certain users. It will provide inputs and insights on scenarios and security settings. It will send warnings before we enable policies to let us know what might be affected. It helps us on the front end to avoid security configuration mistakes. That's for the sake of security as well as the user, who could otherwise be blocked every now and then by an incorrect security policy. 

We use Entra ID's conditional access feature to enforce fine tune and adaptive access controls. We use that for user identity and to protect workflows. In EntraID, an application in the directory, it's considered an identity, even if it is an application. Therefore, we can create a policy for users as well as for applications where it will authorize access only if certain conditions are made. We use that extensively.

The conditional access feature positively affects the robustness of a zero-trust strategy to verify users. We use the conditional access feature in conjunction with the Microsoft Endpoint Manager.

We can use combined security products that fit with the product. It's very effective. It ensures security overlap.

I'm working with a verified ID as well. Users can use that single identity to access what they need and to configure the software developer pipeline to use that Microsoft-managed ID to push and pull code from restart to the application. If you have multiple other solutions, for instance, GCP, you can use that federated credential to manage software and code regardless of the cloud provider that is used by using the unique identity. This makes the work of developers more secure since they only need one ID. Otherwise, they will put on a piece of paper, their username and password for each application that requires access. With this solution, you have one identity secured to move them all, and it's easier for the developer who can be more productive while staying more secure.

We've used the product to onboard or move new employees. That's part of the identity lifecycle workflow that we are experiencing. It's probably the number one product for HR management when it comes to user onboarding. It helps onboard and offboard remote workers with ease. After all, not all departments require the same applications, for instance. With this product, we create the prerequisites by creating an access package. 

Verified ID is good when it comes to privacy and control of identity data. Privacy control is a mix of responsibilities between the organization and Microsoft Cloud, of course. There is full transparency with Microsoft covering this data, however, nothing is perfect. If Microsoft changes something, since they are linked, it may affect performance.

The visibility and control for permission management are excellent. Integrations are becoming more and more native. It helps reduce our surface risk when it comes to identity permissions. When in combination with Microsoft Sentinel, it's really feature-rich. I can also create reports for when management wants to assess problem areas.

It's helped to save time for your IT admin waiters or HR department. There is a reduction of recurring tasks by up to 50% to 70% compared to the legacy solution. It's tricky to contemplate how much money is being saved, however. 

The product has affected the employee user experience in a positive way. The organization is very happy with it.

Sometimes with this solution, since our old API can have some latency and short links if you want to enable permission on a system application can be some delays. For example, sometimes, when a user requires their access, sometimes it's not happening in real-time; they just wait a couple of minutes before the TCI really provides it. Sometimes this can create confusion if a user an engineer or a developer believes that the solution is broken. The solution is not broken. It just sometimes has a delay. That is something that I encourage Microsoft to fix. During the pandemic, we had a lot of conditions with the remote workers. So when the capacity increased, there could be latency. However, that is a Microsoft scalability problem that they have to address at a certain point. That said, it's not a dealbreaker.

It would be good to have more clarity around licensing. It's a bit technical for those strictly dealing with budgets. 

I would like to see a little bit of improvement in the resiliency of the platform. Entra ID has a global point of presence worldwide, however, if one node goes down in a geographical location, it has a global impact. Sometimes even a simple certificate that is not renewed on time can cause global issues. Microsoft should improve global operations and sandboxing. So if one of the nodes is down in Asia, it won't take down the United States as well. The redundancy and the resiliency of the product should be improved over the global geographical scale of the product.

In terms of features, at the moment, the solution is covering everything. I don't see a new feature needed aside from improving their API.

I've been using the solution since 2015 or 2016. I've used it since before the name change.

Overall, the product is stable. It's 99.9% stable. 

In my current organization, we have around 100 users on the solution. However, we have B2B integrations that include 3,000 to 4,000 users.

Microsoft does scale up to hundreds of thousands of objects. The solution scales well.

If you need more than fifty thousand objects that can be created in a single tenant they can be created within an additional directory.

Microsoft offers different tiers of support according to the licensing model. The support is great. Generally, at first, you get a general engineer. They'll tell you to go and check an article. I tend to tell them the issue and lay out the problem and ask them not to send me an article since I am an expert. then I'll get to a second-phase engineer that can help. However, once you get to the right person, support is excellent. 

Positive

I have experience with One Identity, SharePoint, SharePointIQ, and InsightID.

I like how this product has a view on a single pane of glass. Out of the box, it can serve multiple types of organizations that may have multi-cloud strategies. It also has good third-party integration and reporting capabilities. Everything we need to start is right in one solution. 

We do have Okta, which we are phasing out. We use it for some B2C scenarios. It's an excellent product and has solved problems for us over the years.

When you set it up the product, there's always a combination of business people, decision-makers, and IT people, and I always encourage business and decision-makers to read the Microsoft adoption framework for Entra VNS Ready. So that way the decision makers have an idea of how to use the product and which features are required. Then we start with the technical part. 

We should basically start always with an assessment. How many users do you have? Which one is the office license model? And so on and so forth. When the assessment is done and when we have an idea of the topology of the user, we can start the design. We ask, okay, would you like to be cloud native? Would you like to have a hybrid model where you have an on-prem identity shipped to the cloud? And based on the decision, we'll start by usually setting up Azure AD Connect. 

Azure AD Connect is a solution that's on-prem. We'll onboard the identity on the cloud and all the security tokens that come with it. Then, of course, we start to plan the identity migration.

Based on the call on existing users, the next design is to onboard a lifecycle identity for the new commerce that will join and for people that will lead. It's important to read the Microsoft architecture and adoption framework for InsightID. And based on that, then we go into the nitty gritty technical decisions. 

The setup can be handled by one person. However, once you begin to integrate it with 95% of the organization and need to touch messaging systems and mail systems, you'll need to collaborate with others. If you are using the Internet and SharePoint, you need an Internet engineer. You likely need a few people to assist.

The maintenance aspect is not difficult. It's a SaaS and Microsoft handles most of the burden. You just need to perform hygiene rather than maintenance, for example, removing people you no longer need. While maintenance is mostly taken care of, people should pay attention to the Azure cloud as Azure can cause security holes with changes. 

We have witnessed a return on investment, however, it's hard to quantify. Definitely, in the long run, there's a benefit to leveraging the product.

Decision-makers dealing with budgets will sometimes struggle to really understand the kind of license that's needed. When you are doing multi-cloud the costs can be a little bit higher. It may not be cost-effective if you do not how to use the platform.

The price point is pretty high.

However, for Android and Office users, it's very useful to have.

We use a hybrid approach on-prem. We have some log applications and some legacy applications that require us to have an active directory as a primary identity source of view. This means that we ship our identity to the cloud, however, we don't have a vice-versa mechanism. 

I'd advise potential new users should investigate by creating a POC free of charge. Microsoft offers free credits for POCs. These can be extended for a certain amount of time.

I'd encourage anyone to contact a Microsoft representative and set up a POC and get training material and really evaluate the product first. Once you use it, there's no going back.

I'd rate the solution eight out of ten.

Entra ID is used to authenticate users and applications. 

Entra ID has helped us implement role-based authentication rather than conditional keys. It has made our entry point and access more secure. Entra has improved our Zero Trust platform, but I can't go into the details about how. 

It has improved our attack response slightly because we now have a better idea of what's happening and what we see in the logs. 

Entra ID provides an excellent overview of the applications and the options applied to them.

There are areas for improvement, particularly when moving between tenants. If we create a new tenant and try to set it up under the same organization, it becomes extremely difficult. A recent incident we dealt with took four months to resolve with a seven-day deadline, which was quite frustrating.

I have used Entra since it was released, and we also used Azure AD before it got renamed.

Stability has been questionable sometimes. We've had a few outages which have caused us some concern, and it's a critical solution that we can't do without.

There isn't much that can be done for scalability other than considering an alternative provider, which we have thought about at times.

I rate Microsoft support eight out of 10 in general, but they let us down when we were moving tenants. We were pretty upset with them.

Positive

We always used Azure AD and then Microsoft Entra ID.

Overall, some areas showed more return on investment, while others less so.

I rate Entra ID eight out of 10. 

I have been employed as a subject matter expert for Microsoft Entra ID, as well as other Microsoft projects. Presently, my organization is collaborating closely with the Microsoft product team. This involves handling end-to-end customer scenarios connected to the products. In cases where there are issues related to configuration or operational scenarios, I provide assistance by configuring based on the organizational requirements. Additionally, I ensure end-to-end security through Microsoft Entra ID. I have dedicated the past 22 months to working within my organization on various Microsoft projects.

Microsoft Entra ID is a cloud-only service. However, if a customer has existing on-premises resources, they can integrate them using Azure Ready Connect to Microsoft Entra ID. It can be used in a hybrid mode depending on the organization's requirements.

Microsoft Entra ID provides a unified interface for managing user access. The user's sign-on experience relies on several factors, including the specific service or resource they are attempting to reach. The initial sign-on process involves first-factor authentication, which typically entails entering the username and password. Depending on the user's assigned security level, multi-factor authentication may be required. If the user is attempting to access an application and Single Sign-On is enabled, they can also enjoy a seamless sign-on experience for accessing both on-premises and cloud-only resources.

The admin center assists us in managing everything, from global administrators to Role-Based Access Control provisions. If a specific admin needs to be assigned to access all user authentication methods, an authentication administrator will be made available. Similarly, a conditional access administrator can assume this role if needed. We have a variety of roles accessible for performing tasks such as accessing, reading, writing, and editing operations, all based on specific requirements. Alternatively, there's the global administration role, which holds the capability to perform various actions and possesses full control over the tenant. This control can be exercised through the admin center.

When the COVID-19 pandemic emerged, all of our employees across various organizations worldwide began working from home. This trend of remote work continues significantly. Users operate from diverse networks, which might vary in terms of security levels. In order to safeguard resources, Microsoft Entra ID plays a pivotal role for all organizations, not solely for mine. Microsoft Entra ID provides essential security features, such as continuous access evaluation, multifactor authentication, IP restriction, and device-based blocking. These features constitute a device registration scenario that organizations can adopt. Whether an organization chooses to manage devices through Microsoft Entra ID or one of the other device registration scenarios available depends on the specific context, particularly the industrial location for an IT engineer. In this setup, an organization can impose restrictions or temporary blocks on users directly, contributing to the assurance of secure logins. This approach aids organizations in preventing unauthorized access to user accounts and organizational data from potentially malicious actors like hackers or unauthorized exporters. Microsoft Entra ID has been designed to enhance the security of both users and organizational information, aligning with Microsoft's commitment to safeguarding user data.

Conditional access is among the most reliable and secure features enhancing the performance of Microsoft Enterprise ID. This functionality enables us to execute various actions, as I have previously indicated. These statements are straightforward and comprehensive. To prevent access for specific users, we must apply logs based on specific requirements. If there is a need to restrict a user, we can implement a pause. This means that if a user is accessing from a certain location or utilizing a particular device, they will be granted access. Conversely, if these conditions are not met, the user's access will be denied. Therefore, conditional access policies can be employed as the organization's primary line of defense. In the past 22 months, updates have been made to the conditional access framework, incorporating conditional access policies from both session management and control management. This enhancement enables organization administrators to apply more refined filters, thereby enhancing user security. These updates include the potential enforcement of app protection procedures through Entra ID. Alternatively, administrators may create custom policies for specific applications or websites using the Defender of products. In the past, the option to merge different Entra apps and conditional access was not available. Presently, conditional access policies offer heightened security, allowing the creation of policies from various Microsoft services, including different apps. This capability empowers us to restrict users or employees from actions like copying certain data or transferring information to other locations. It prevents downloading of company information from untrusted devices as well. Additionally, our implementation of app protection policies aligns various Microsoft services with conditional access policies, further fortifying overall security.

The three factors for implementing a zero-trust framework are verifying the users, checking their privileges, and aiding in identifying any breaches. Conditional access assists with this process.

We can establish application restrictions and enforcement policies based on the Entra ID. These policies can then be aligned with conditional access policies across various locations. Additionally, we have the ability to formulate policies, such as designating trusted and untrusted locations for device data. This ensures that specific applications will only be accessible if they meet the conditional access prerequisites both from Entra and within the Endpoint Manager policies. This encompasses all first-party Microsoft applications as well.

The Verified ID feature is one of the most impressive functionalities I have encountered. Although I haven't used it personally, my role involves working as a technical support engineer for Microsoft. My responsibilities include handling support requests for Microsoft and assisting customers worldwide, whether they are utilizing premier or personal support services. To the best of my understanding, the Verified ID offers one of the most secure methods for organizations to store their data via the Decentralized Identifier framework. This enables them to manage their setup autonomously and perform DID verifications. Through this process, organizations can issue credentials to users using the Microsoft Authenticator app. This ensures that a web server is set up and a decentralized ID is created. Importantly, all organizational data remains confined within the organization; Microsoft does not retain user credentials or passwords. Consequently, all organizational data becomes integrated into the decentralized ID. This process is carried out by administrators responsible for onboarding users into the organization. When an employee joins the organization, they are issued credentials using the Verified ID feature through the authenticator app. Subsequently, these credentials are passed on to the user. The authenticator app then verifies the legitimacy of the request.

Microsoft Entra ID has proven invaluable in saving time for both our IT administrators and HR departments. Prior to Entra ID, we were required to generate individual user IDs sequentially. However, with Entra ID, we now have the convenience of producing them in bulk. This includes the ability to furnish these user access IDs temporarily, along with corresponding temporary passwords. This is achieved through a CSV-formatted Excel sheet. This process is particularly advantageous when juxtaposed with onboarding new users. For our existing users, determinations are made based on their user activity and potential risk status. In this regard, our IT administrators or global admins are promptly alerted if any user is flagged as risky. These notifications and identity protection features are integral components of Microsoft Entra ID, especially in relation to potential users. Furthermore, our system incorporates the latest workflow feature. This functionality closely resembles Identity Protection, although the latter exclusively pertains to users and objects. Conversely, virtual IDs oversee services, including applications and various other resources that have been generated via web apps, SQL, or SharePoint instances.

Microsoft Entra ID has significantly contributed to cost savings within our organization. Prior to implementing Entra ID, substantial financial resources were dedicated to various investments. Particularly in the realm of licensing, any learning initiative incurred substantial expenses. However, there has been a notable transformation in Azure, now rebranded as Entra, accompanied by the incorporation of numerous features under the Microsoft Entra ID umbrella. Undoubtedly, this has greatly enhanced cost management for our organization. Moreover, we now possess the capability to effectively manage subscriptions. We receive regular alerts from the cost management infrastructure, providing insights into our resource consumption. A distinct 'pay-as-you-go' option empowers us to select and pay solely for the resources we utilize. This approach enables us to forego committing to a fixed amount of virtual machines for a predetermined period. Instead, we can opt for resources as needed, paying only for their actual usage. Indeed, the cloud plays a pivotal role in cost savings when compared to the complexities of managing on-premises servers and resources.

The Microsoft Entra ID has significantly enhanced our user experience. In our daily scenarios, there is no need to log in every time. This is especially beneficial for user authentication and accessing various resources. Entra offers features that simplify our daily tasks and the use of dynamic applications that we host. One remarkable feature is the ability to utilize single sign-on, which is both cool and highly effective. Additionally, we have the option of Windows Hello for Business, including field authentication for Windows Hello for Business. These authentication features streamline the login process and contribute to the ease of our work. 

The most valuable feature of Microsoft Entra ID is its security options, where we can provide highly effective security for user accounts during authentication. We have a conditional access policy in place, along with modern authentication methods that can be configured in various ways to meet organizational requirements. These methods may include phone calls, SMS, or even passwordless authentication, which is the most convenient and secure method introduced by Microsoft. This includes Windows Hello for business and certification-based authentication as well.

There are several limitations that Microsoft is currently facing. Since I work with global customers daily, they often come up with new ideas. However, these ideas are sometimes hindered by Microsoft's limitations. As a result, many people are turning to third-party tools or services, even from vendors that are not as reputable as AWS or GCP.

I have personally made similar suggestions to my product team, especially regarding the vendors that users are attempting to rely on. For instance, certain organizations prefer to restrict the use of mobile phones, particularly in countries like India. These organizations are very strict about security and prohibit the use of Android or camera-enabled mobile devices for their employees. Consequently, these users cannot utilize Microsoft Authentication, and instead, they must resort to other password authentication methods such as Fido or Windows Hello for Business.

Among these options, we have only one choice, which is Fido, a security key. However, when users need to use Fido, they are required to also use multifactor authentication. This means that a user can only register for Fido after they have registered for the Authenticator, which is not an ideal scenario. If an organization has already decided not to use mobile phones and has opted for Fido authentication with security keys, it's not advisable to then ask them to use Microsoft Authenticator.

Recently, Microsoft introduced an alternative solution known as the temporary access pass. This pass allows users to log in temporarily, but its effectiveness is limited. This is especially true for Fido authentication with security keys, although it is included in the Entra IDs CBA, particularly for Android and mobile devices. Unfortunately, these secure options are not available when logging in from devices like iPads or iOS-based mobiles, other operating systems, laptops, mobile devices, Chrome, or Linux machines.

Microsoft needs to make improvements in this regard and extend its services to other operating systems as well, especially when considering their widespread usage.

I have been using Microsoft Entra ID for almost two years.

The solution is continuously being updated and enhanced with new features. As we are involved in Microsoft projects, we get a sneak peek into the upcoming release of Microsoft Entra ID, and I am confident it will be exceptionally stable.

Microsoft Entra ID is scalable.

I have been employed as a tech support engineer, assisting with Microsoft products since the inception of my career. As a result, I have not required the services of their customer support.

I have utilized Okta solely for federation services in some testing capacities within my laboratory environment. Okta proves advantageous for establishing federated connections between Azure instances across different clouds. To illustrate, imagine that Microsoft employs local active directory federation services. This duplication seems inevitable, given Microsoft's explicit intentions conveyed through the Microsoft Ignite channel.

Consequently, Microsoft ought to develop federation services akin to Okta's, which offers exclusive cloud-based federation services. This offering would greatly assist users and organizations habituated to utilizing federated authentication protocols. It would be prudent for Microsoft to integrate a cloud-exclusive federation service into Azure Cloud.

Furthermore, Microsoft contends that, in terms of security and trustworthiness in authentication service identity providers, Entra reigns supreme compared to other options. In this regard, I concur that Entra boasts superior security when contrasted with Okta.

Azure Cloud refrains from provisioning specific federation endpoints for certain applications due to the persistent usage of on-premises or federated applications by numerous organizations. This gap is where Okta has capitalized, effectively occupying the market space that Entra commands in such scenarios.

The initial setup is straightforward. The deployment is simple. We possess Microsoft learning documents and public articles from Microsoft, along with community channels. If we aim to adhere to these instructions, the process is quite simple. Even a college graduate attempting to configure from the Entra web portal will find it easy to follow. The procedure is particularly straightforward for specific scenarios and the specific topics that Entra provides.

I completed the implementation in-house using the documentation provided by Microsoft and by following the Microsoft YouTube channels.

Entra's pricing is somewhat higher compared to AWS. With AWS, we have the ability to access EC2 servers, which are essentially virtual machines, for free for a duration of up to one year, specifically the basic virtual machine instances. However, Entra does not offer a similar option. If we are utilizing any form of virtual machine on Entra, we must begin payment after one month of complimentary usage. Unlike AWS, Entra does not provide access to basic virtual machine instances for educational or testing purposes. Furthermore, there is a discernible difference in pricing and licensing when we compare AWS Identity Access Management with Entra's ID system.

I would rate Microsoft Entra ID eight out of ten. I deducted two points due to the limitations concerning the connectivity of services for Android and other operating systems.