Microsoft Entra ID Reviews

We use Azure AD to manage all endpoints, including laptops, desktops, mobile devices, such as iPads and iPhones, and users. We can disable accounts, create accounts, reset passwords, maintain access, and manage permissions.

Azure AD is essential to our organization. Our users need to use their Azure AD credentials to log into their computers every morning, and we also manage user accounts in Azure AD. As a result, we cannot function without Azure AD.

We use Entra's conditional access to restrict access to our system from overseas users. This means that users can only log in from Canada and the United States.

Our zero-trust strategy uses conditional access to verify users and prevent unexpected traffic, such as attacks from Russia. This makes our strategy more robust and secure.

We use Entra's conditional access in conjunction with Microsoft Endpoint Manager to limit user logins from Canada and the USA. We also limit devices that can log into the network to only those located in Canada.

Entra has helped our IT administrators save an hour of time per day.

Entra has helped our organization save money.

We used to use on-premises Active Directory. Now, we use Azure Active Directory. The main difference is that users can now reset their own passwords in Azure AD. This is a positive improvement, as it saves time and hassle for both users and IT staff. I believe that this has had a positive impact on our employee experience.

User and device management is the most valuable feature.

I would like Azure AD to provide features similar to check-in on-prem AD. The fetch-all service is the only one that is not currently available on Azure AD.

The technical support has room for improvement.

I have been using Azure AD for five years.

I give Azure AD's stability an eight out of ten.

I give Azure AD's scalability an eight out of ten.

The basic support from Microsoft is not good.

We previously used the on-premises Microsoft Active Directory. However, we have since switched to Azure Active Directory, which is a cloud-based solution. Azure AD is more flexible and scalable than on-premises AD, and it allows us to save money on hardware costs. This is because we no longer need to purchase and maintain our own servers. Instead, we can simply use the servers that are provided by Microsoft.

The initial deployment was straightforward and took two months to complete. We switched over to the new system and then set up a number of additional features, such as enterprise applications and multi-factor authentication. This took an additional month, for a total of three months. We followed the instructions from Microsoft step-by-step. The deployment required two full-time employees from our organization and three from our partner.

The implementation was completed with the help of an MSP.

We have seen a significant return on investment since switching to Azure AD. Our monthly costs have decreased from $5,000 to $100.

The price is affordable, and we pay around $100 per month.

Both Okta and Azure AD are great solutions. I know that many people use Okta, but my concern is that we are also using Microsoft products on the endpoint. This means that our users use Windows, and it makes more sense to use a front-end and back-end Microsoft solution.

I give Azure AD a nine out of ten.

Azure AD requires very minimal maintenance.

I recommend Azure AD. The solution is straightforward.

Public Cloud

Microsoft Azure

I use it to manage users and devices in my environment. 

I'm also using it to control access to different services that we have and to manage and register applications. It is used to control access to applications that we use in our company. I do a lot of applications in Azure Active Directory, and then I also have a hybrid configuration in my environment. I'm able to sync my on-premise users in the cloud so they can have the benefit of cloud infrastructure while maintaining access control to provide them access to the services that they need in Azure.

The product provides very good time savings. It also allows for a high level of security.

We get alerts when something has happened and it's easy for me to find the issue. It makes it easy to reset passwords. 

We have all the security features in one place and we have log analytics and diagnostics as well. It's very good for identity governance. 

We have an unlimited number of users that we can register. We can register more than five hundred thousand objects. That is wonderful for us.

We can have an audit and we can easily audit logs. I'm able to know when the user logged in and what program they used. I can track everything. I can see activities and denial of access. 

I can create many users at one time using Excel. When we have a lot of people that join, I can just use Excel to perform the deployment of the platform by creating a user. It makes onboarding easier. 

We can manage access and onboarding by teams. It allows us to maintain privilege identity management.

The Entra admin center is also fabulous. 

The product provides a single pane of glass for managing user access. Everything is there. I can monitor from there. I can create a single sign on from there. I can create MFA (multifactor authentication) directly from the portal. I have more than two thousand devices that I manage and I can do everything centrally. 

The single pane of glass affects the consistency of the security policies we apply. It is easy for me to have access to the panel, and I can have a great view of what is going on in my Active Directory. I have a security score. I have the number of groups, number of applications, and number of devices right in front of me, in one place. This makes it easy for me to monitor it and check everything. 

There are good tutorials available for learning more about the product.

We are using the conditional access feature. We also leverage multi-factor authentication so that we can verify users by phone number, for example. It helps us verify effectively. The conditional access feature works well with Microsoft Endpoint Manager.

We use the verified ID to onboard new employees efficiently. We can now onboard in less than 30 minutes. It's also great for privacy and control.

The employee user experience has been positive. When they submit a ticket, it gets resolved in less than 15 minutes. It's very impressive.

I haven't had any issues with the product.

I've been using the product for three years.

The stability is wonderful. I'd rate it 9.5 out of ten. It's the best.

The scalability is good. It's very scalable. 

I've only reached out to technical support once when I was trying to access our agreement account. They set up a meeting and guided me through how to connect to it. I had a positive experience. 

I have used other cloud technologies like AWS or Google Cloud and they don't have the type of active directory where I can control everything. Azure is very powerful.

Previously, all of our active directory was on a Windows Server on-prem. Managing it was not easy. Finding user accounts, going to log in to the Windows server, going to log in to the active directory, et cetera, that previous process was too long. Now, it's easy. Now, you can log in and you have everything in front of you. 

With the old system, we needed to configure it and we were using Okta and we had a combination of many, many tools to be able to get results. Now, we can assign the role directly from OneClick, and we can also use the PowerShift LiveGuard template and it's easy. 

The product is easy to set up. You can set up an entire organization in one day. 

There is no maintenance needed. Microsoft takes care of everything. We just make sure that we check the synchronization. Even if there is a sync error, we will receive a notification. Usually, it fixes itself and syncs every hour.  

We handled the setup in-house.

We've saved more than 20 hours per week. The product is saving us a lot of time. It cut time spent by 45% to 50%. It's also saved us money as we only pay for what we use.

We pay monthly, and we only pay for what we use.

We are a Microsoft customer. 

I'd advise potential new users to read the documentation and make sure that they know what they are doing before they begin providing access to users. If they don't follow the requirements of their company before creating users, they could have a data breach or provide the wrong access.

You can have a centralized solution that provides secure access. You can manage everything from one portal. Azure makes it easy.

I'd rate the product ten out of ten.

Hybrid Cloud

Microsoft Azure

I use Microsoft Entra ID for managing employee onboarding and privileged identity management inside Entra for security. We also use it as an active directory.

The product's valuable features include privileged identity management, least privilege for Zero Trust, the onboarding process for new employees or role changes, and implementing security on identity authentication and authorization. It provides resources for security, which aids in fast employee onboarding.

In the compliance area, the granulation of access to storage accounts or Kubernetes could be improved.

I have used Entra for about one year or maybe two, and it is recently in production.

Some aspects were complex, such as using Microsoft Entra ID in our products and applications. However, Microsoft has a support line that is part of our SLA, which helps resolve any difficulties.

I would rate the support as ten out of ten. They were available to us and worked with us for a day to resolve issues.

Positive

I used Okta Active Directory previously. I use both Okta and Microsoft Entra ID. The reason for moving to Microsoft Entra ID is that it is better for our client applications instead of using another authentication program.

The initial setup was smooth and involved syncing between active directory and Microsoft Entra ID.

In the first and second phases, I handled the deployment alone. The third phase focused on training tier-two technicians.

The ROI improved noticeably, although I do not have exact numbers.

Microsoft Entra ID is not too expensive, and we received a great offer from Microsoft, upgrading to E5 or P2 at a better price.

I rate Microsoft Entra ID an eight out of ten overall.

Hybrid Cloud

Other

The use cases typically include external customer authentication, which we do, and by customers, I mean our hotel partners. There is basic user authentication and the ability to isolate those users based on a particular security environment, whether they are coming from a PCI environment, lab environment, corp environment, etcetera. Each of those has to pass through specific security, so everything that your Active Directory or Windows AD is solving on-premise is essentially the use case, except for the external customer situation which was the one thing that made me look at Entra ID. Unfortunately, the way Entra ID works created a major security issue that I cannot go into regarding guest users for our tenant. We are now trying to fix that.

We tried to stand it up as a PoC, and we went back and forth with Microsoft on it for a few months. We never got to a resolution because there is an architectural design issue with the service itself, and Microsoft is not going to change their service for us. We tried to use it, and then we gave up, killed it, and went back to the original plan, which was to use Okta. Our goal is to eventually completely get out of the Microsoft Identity ecosystem and move over to Okta.

We do not use Entra ID anymore. We have moved away from Entra ID. We could not justify it from a business standpoint. That is the crux of the situation. We now have a solution that can meet all of our business needs.

Microsoft Entra does not provide a single pane of glass for managing user access. It is not fully featured yet. There are some things within that Entra ID administrator portal, but it is not as robust as simply going to Entra ID service and then going to different features that it has to maintain identities. It is not even a single pane of glass if you look at how Microsoft does identity between Entra ID, Azure Resource Manager, and M365 itself. I know that they are trying to fix the situation between Entra ID and M365, but the subscription-level identity access controls need to be moved out of the subscription level and need to be globally managed from the identity provider. I am sure there was a design choice for that, but it just does not work when you are a company of our scale because we just cannot keep managing individual resources, so we would like to centralize the identity system.

I used Microsoft Entra Permission Management in a very specific scenario but because we are a hybrid environment, we often found ourselves fighting with cloud groups. We moved a lot of security groups into Entra from our Windows AD environment. We have a lot of stuff that has been built upon that for the past 20 years. Not being able to have Windows Active Directory security groups that are synced to Entra ID to control access to resources was a big pain for us. We would have had to create a cloud group and then add all the members of those on-prem security groups to it, so we did not even bother with it. When you have a company of our age and our size and you have nested security groups, there is a lot of linkage there, and it is not attainable. 

It is great for mom-and-pop shops or small businesses that are truly coming into the enterprise ecosystem and that have not come from a legacy environment. Current statistics show that 99% of the world that was in an Active Directory authentication environment is still in the Active Directory or Windows AD authentication environment and just supplementing Okta, so we are not doing anything new. A previous Microsoft employee that I talked to said that in the last decade, there has literally been only one customer to get fully off their hybrid environment and go fully into Entra, and it took them over ten years. Therefore, Microsoft needs to focus more on Entra and fix not only the design flaws but also address a lot of the customers' needs. It has a lot of potential specifically around taking business from IIQ for some of those UAR workflows, identity workflows, etcetera. Their biggest competitor is Okta, and Okta is currently the better solution.

We have been trying not to use the solution. It is used for a specific use case, which is around authenticating M365, and we are trying to see if we can get out of using it, but that is only because our environment is extremely complicated. Entra ID is not battle-tested or stable enough to support a business of our size. There are some design issues specifically around support for legacy services. We used to be part of Microsoft, so we have about 15-year-old services sitting in our data center that still need to use legacy LDAP authentication. The way we currently have the environment set up is for one very specific domain. I am using a domain for specific context here to keep it simple. We have 36 Active Directory domains, and that does not include the child. We follow the least privileged access model. Our environment currently consists of using AD Connect to synchronize objects from our corporate tenant into Entra ID, and then from Entra ID, we wanted to stand up Azure domain services as a possibility for retiring legacy LDAP services. The issue with Entra ID specifically is that the way it replicates objects out of its database into the Azure domain services Active Directory tenant or Active Directory service is that it uses the display name. This is a bad practice, and it has been known as a bad practice even by Microsoft over the past decade, so the design is not good. The issue with replicating based on the display name is that when you are coming from an environment that uses a least privilege access model, where you want to obfuscate the type of security account being used by hiding it behind a generic display name, instead of myusername_da, myusername_ao, etcetera, to have an idea of what accounts are being used when they are logging in, it is unable to reconcile that object when it creates a new domain. If they all have the same DM, you end up with quadruplicates of each user identity that was replicated to it from the directory. Those quadruplicates or their same account names, as well as the display names within the cloud domain services directory, have a unique identifier with the original account name attached. What that does is that it not only breaks that LDAP legacy authentication, but it also drives up the cost for your customers because you are paying for each additional seat, additional user objects that are created, or additional users. You also cannot tell any of those accounts apart unless you dive deep into the user object to peel back what type of account that is to map it back to what came from on-prem itself, so the service is completely useless. What we have done in our case is that we do not really need Entra ID. We have Okta, so we use an Okta LDAP endpoint. That does exactly what we need in using SCIM, which is the technology that is able to take identities from multiple dynamic providers and merge them together into a single record. It is able to act as an official LDAP endpoint for the business, so legacy apps work. We do not have a problem. Microsoft could learn from that.

Entra should allow for external MFA providers rather than forcing you into a walled garden and the Microsoft ecosystem. Flexibility is a big thing, especially for companies of our size. A big issue for us is that we want the identity to be in Entra for sure, but we want it to come from Okta. We want the authentication and stuff to work, but we want Okta to control the PIM rules. We want it to do the MFA and all those things, but Entra does not play nice with others. Okta has engineered some ways to get it done, but it is not as full-featured as we would like it to be. Microsoft should do what they do with some other partners such as Nerdio and Jamf where they have their own version of a service, but they are still partnering with those other companies to at least add options on the market.

Fully customizable UARs and Azure Secure Identity Workflows would be great. Currently, you can do it if you cobble together a bunch of Azure functions and use Sentinel. If you are sending logs to Sentinel and are able to match patterns and run automation based on that, it would be great. They can help with a solution that abstracts away a lot of that complexity across multiple services into exactly what IIQ does. I could definitely foresee Entra being the choice for identity for pretty much all cloud providers if they can focus on the areas that SailPoint's IIQ does. A big pain point for a business of our size by being in Okta is that we do not have the same workflows that we have between IIQ and AD. With the amount of data that our company generates, we wanted Sentinel. I had their security department onboard, and it was going to be millions a month just to use Sentinel, but we could not use it, so we decided to leverage Splunk and a few other SIEM providers. 

They should also stop changing the name of the product.

We used it for a few months.

Microsoft's support has been so bad when we have had issues in Azure that we recently poured 24 million dollars out of our spend for Azure, cut our unified support agreement with them, and sent it to somebody else. I would rate their support a zero out of ten. It is so bad. We probably never had a support engineer solve our problem. Usually, I or somebody else in the company has to reverse engineer service to try and find the solution. The things that we find are not even documented on the Microsoft site. The second way is to pull the information from the blog of some old guy who found the same issue and ended up solving it. 

People on the support side at Microsoft just read from a runbook and then send us to another part of the world where they ask us the same question, read from a runbook, and then we repeat ourselves, so we sent all that support to Insight. They were happy, and they were way cheaper. It only cost us less than four million. It was significantly cheaper. Our leadership is like, "Wow! IT actually saved us money this year."

Negative

We were using Active Directory, and we will never get off AD. There is too much legacy stuff for us to even bother getting off AD. It is a very mature product. It would be crazy for us to leave Windows Active Directory for something else, even Okta. There are core things that we need to function a certain way, so Entra ID just does not make sense. Entra sometimes even has access issues and replication delays with identity and adding objects to a new access control list within its platform or service.

We are not a typical company. We used to be part of Microsoft, so a lot of things that we inherited were very complex, and we also do things differently. For the old NT systems and SMB shares, we are still using Active Directory groups, and they work just fine. We have automation built around membership. We control the membership of those groups, the auditing of those groups, and everything else, so it does not make sense. It would be too much work to move us over to Entra ID.

I was involved in its deployment. It was complex, but that was not Microsoft's fault. That was our fault because we have a very complicated environment.

We have a hybrid environment. We were in IBM, but we pulled back. We have Oracle's cloud platform, and we have AWS as well as Azure, but 99% of our cloud workloads are all in AWS.

When we initially started, Microsoft was not there. The initial implementation strategy was to synchronize the Windows Active Directory corporate domain to Entra ID. That way, we had the identities and we could use the same AD connector to synchronize the AD distribution lists. The other side was the mailbox. 

We did not take the help of any integrator. It does not require much. You stand up your servers. You have a staging host with its own database, and then a sync host with its own database. You then hook them up and make sure you have all the permissions in your previous tenant.

Microsoft puts MSOL accounts in some default directory. You should be able to tell the agent to put the MSOL accounts in a more secure OU. For instance, the original recommendation, which has changed recently, when we set up the service was to use an enterprise admin to set up the agent, which generates a bunch of MSOL accounts. Those MSOL accounts ended up in our all users' organizations. When you have a company of our size, that is not the only MSOL account that exists in the directory, and it is really hard to tell those apart, so we have to look through the logs, see which MSOL account it is using, and move it into the proper OU for the on-prem domain. It would be nice if you could determine where that goes at the time of creation.

We were able to reclaim the money that we did not spend with Microsoft and spend it elsewhere. It is technically an ROI, an investment of our time in negotiating other deals.

Microsoft is so expensive. You know it is expensive when a Fortune 100 company like ours is complaining about the cost. That has been a big thing for me. When I really want to use an Azure service, it is very hard for me to justify the cost, especially with Microsoft support. 

To those evaluating Entra ID, I would say that if you are on Windows Active Directory, just stay on it.

I would rate it a five out of ten. It is not ready yet. It needs focus by Microsoft.

I am the Microsoft solution architect for our organization and we are in the process of testing Microsoft Entra ID. 

Microsoft Entra ID will serve as the identity provider for all services, including on-premises and other sources. For instance, it can be utilized to authenticate our in-house phone application, replacing the need for local active directory authentication. With Microsoft Entra ID, the local active directory becomes unnecessary for authentication purposes. As an illustration, even in services like Gmail, authentication through Microsoft Entra ID is possible. This presents an excellent option that is also user-friendly. 

Moreover, the system is uncomplicated, featuring a lightweight and non-hierarchical schema. In contrast to the conventional active directory with its organizational and sub-organizational structure, Microsoft Entra ID adopts a flat directory model, streamlining operations without hierarchies. While this approach offers advantages, it also comes with its drawbacks, such as its reliance on the cloud platform.

Microsoft Entra ID provides a unified interface where we can manage all of our entities. It utilizes a flat directory structure, allowing us to assign user access and group them using tags. For instance, when we create a user for the sales team, we simply apply a tag such as "sales," automatically adding that specific user to the sales group. This eliminates the need for the manual creation of containers and the manual grouping of users within a specific container. Everything is achieved through tagging, and streamlining the process, and is facilitated by the singular interface offered by Microsoft Entra ID.

We can easily apply security policies through a unified interface. Everything in Microsoft Azure can be utilized for server storage. Although it's within a single interface, there are options for differentiation. For instance, by clicking on the Microsoft Entra ID, we can access a distinct interface. Here, we have the ability to create, apply, and manage policies for various aspects, all from this specific interface.

The admin center helps us identify where there are issues and easily take action.

In Microsoft Azure, there is a tool called Intune, which serves as a device management tool. In the past, we encountered issues while managing all end devices through SSCM. This involved a constraint where any updates or policies could only be pushed if the device was connected to the office network. Essentially, users needed to physically connect their devices to the office network to receive updates or policy changes. However, with the introduction of Intune, a Microsoft Azure product, we transitioned all our devices to this platform. This allows us to create and directly push policies without the necessity of the device being on the corporate network. Users can now receive security updates, as well as different antivirus updates, even while working from home. This streamlined approach greatly simplifies endpoint maintenance, which also extends to mobile devices.

We do not utilize the Microsoft Entra ID conditional access feature for endpoint devices. Instead, we apply conditional access to specific groups. For instance, we have a team that requires access for a defined period. Additionally, certain types of vendors need access ranging from, for instance, two days to a few hours. In such cases, we employ the conditional access feature to grant the necessary access. We have employed this approach, and it has proven to be highly advantageous.

While we don't typically utilize the conditional access feature in combination with Microsoft Endpoint Manager from the user's standpoint, there are certain groups for which we do implement conditional access. For instance, within multiple teams, not all members are granted identical access. Various team levels enjoy distinct levels of access. It is in such scenarios that we employ the conditional access feature.

We have an access group where we define the access that each team will receive. Additionally, we have the Tier One, Tier Two, and Tier Three support teams, for which we have defined privileges based on their respective roles and responsibilities.

Microsoft Entra ID assists in saving several hours for our IT administrators and HR departments daily. This is particularly due to its unified interface. For instance, when we need to review certain logs, we can grant access to the HR team. They can easily retrieve logs detailing specific employee activities. This includes information such as individual browser usage duration and system activation records. These types of logs encompass the range of data generated on a daily basis from this platform.

Microsoft Entra ID has undoubtedly assisted in saving money for our organization. This is because we are not only utilizing the solution itself, but we can also incorporate our application server along with products such as software and solutions, including emails. Microsoft Entra ID is included as part of the package fee, which unequivocally contributes to cost and time savings. This is primarily due to the elimination of the necessity for an additional identity provider, as it is already encompassed within the package.

Our employees' user experience has improved with Microsoft Entra ID compared to the local Active Directory, which was occasionally slow, depending on the availability of our log-on server at the time. If it was unavailable, logging in was significantly slower, and we could get logged out. This is no longer the case, and now we can easily log in. 

The group assessment policy stands out as the most valuable feature. It allows us to create numerous groups and add multiple users to those specific groups. Managing these groups can become quite complex within the standard active directory procedures. For instance, when it comes to tasks like adding or removing users, especially if a user is checked out, it can be unclear whether someone needs to manually remove them from the active directory.

However, there exists an option that streamlines this process. This option automatically sends a notification to the user. We have the ability to define the email user in the designated field. Subsequently, the system will prompt us to confirm if continued access to this specific group is required for a few users. If this is a routine request, the system will retain the user in the group, ensuring their ongoing access. This particular feature proves to be incredibly useful in managing these scenarios.

The group policy structure options continue to change, and the naming conventions remain confusing when we access the cloud. 

The support is a bit slow. This is particularly challenging for the service engineers. For instance, opening a ticket takes a considerable amount of time to pinpoint the underlying issue. While high-severity tickets are resolved quickly, there are instances of lower-severity issues that still impact a specific group of users. Addressing these problems is taking longer than usual.

I would like to have the option if needed to use the hierarchy when setting up groups.

I have been using Microsoft Entra ID for three years.

Microsoft has really good SLAs and I can not remember the last time they went down. I would rate the stability of Microsoft Entra ID nine out of ten.

Scalability is quite simple, and the primary advantage of the cloud solution is its scalability; there isn't much to manage in this regard. Our growth remains unhindered because we don't have to impose limitations on ourselves when embarking on new projects or endeavors. Scalability is inherent, requiring only payment for additional resources if necessary. As there's no hardware involved, both scaling up and scaling down are easily achievable.

The support is slow to respond to and resolve minor issues.

Neutral

We are still using our standard Active Directory locally in our on-premises data center.

The complexity of the initial setup depends on the technique used. While it may seem a bit complicated, with the proper design, it becomes a non-issue. Each module has different procedures. For instance, the Defender module, which is a Microsoft service, serves as a part of the Entra ID, allowing us to block and control websites and provide security antivirus solutions. We have onboarded all our devices to Defender. Thus, the machine doesn't need to be part of Microsoft Entra ID, but migration is still possible.

Currently, we are in the midst of a project to onboard the devices to Microsoft Intune. We are transferring the devices from the local active directory, and this process is ongoing. For each device, specific scripts need to be executed, which can be a bit complex. The complexity often arises due to existing policies and applications. When everything is well-prepared, the onboarding process is smooth. This might be an easy task for a new organization, but for those already using a different solution, the migration process becomes a bit complex. Thorough testing is necessary, especially considering that policies tend to change over time.

This project has been running for more than two years and is still ongoing. The pilot phase alone is estimated to take about one and a half years due to various commitments. Unlike a company like Google, my organization operates differently; it encompasses multiple entities like the United Nations across various locations. Since the user count exceeds five thousand, we're being cautious and gradual in our migration. At present, we have migrated only around a hundred users for testing purposes. The migration of the remaining users is scheduled to occur soon.

The price is good, and we have no complaints.

I would rate Microsoft Entra ID nine out of ten.

Microsoft Entra ID is utilized throughout our entire environment. It serves as a singular identity provider for all aspects of our operations, including servers, applications, endpoints, and even external applications. For instance, we can authenticate third-party applications using Microsoft Entra ID.

The required number of personnel for maintenance depends on the size of the organization and the quantity of Microsoft products in simultaneous use. For instance, if we have Microsoft Entra ID solely for email and SharePoint online teams, and there are around five thousand users. In this scenario, I believe that dedicating approximately three to four individuals to Microsoft maintenance would be reasonable.

I recommend Microsoft Entra ID. Microsoft Entra ID can be utilized for third-party applications like AWS and Google as well. It's user-friendly, allowing us to authenticate the products or applications of our interest, even if they are not located in the same place as our origin; nonetheless, they will function seamlessly.

Hybrid Cloud

Microsoft Azure

I use Microsoft Entra ID to manage and reset user passwords and set their requirements so they can access the environment.

The Entra portal offers a unified interface to oversee user access. Through the Entra portal, I can access my resources. I utilize the quick user and quick group features to assign users to roles according to their permissions, missions, and development tasks. This involves our EBAC and RBAC systems, assigning tools, and linking them to functions required for executing tasks. After completing these assignments, we place these users in groups and grant them access to specific resource environments, aligned with their designated tasks within those environments.

The Entra portal does not affect the consistency of the security policies that we apply.

The administration center for managing identity and accessing tasks within our organization operates according to the established protocols and procedures prior to its implementation. We utilize account provisioning, RBAC, authentication, authorization, password management, security, and incident management. These are all components that we have implemented to facilitate access and development within our environment.

There are certain things that have helped improve our organization. First, security. With Entra ID, we have been able to implement SSO capabilities for our applications and most resources in our environment. This means that we can use a single credential to access all of our resources, which makes it more difficult for hackers to gain access. It also makes it easier for our users to sign in to resources without having to remember multiple passwords. Second, Entra ID allows us to implement multiple authentication factors. This adds an additional layer of security by requiring users to verify their identity in more than one way. For example, they might need to enter their password and then also provide a code from their phone. This makes it much more difficult for unauthorized users to gain access to our systems. Entra ID also makes it possible to define roles and permissions based on each user's needs. This allows us to grant users only the access they need to do their jobs, which helps to protect our data and systems. Finally, Entra ID allows us to implement conditional access controls. This means that we can restrict access to resources based on factors such as the user's location or the device they are using. This helps to protect our data from unauthorized access, even if a user's password is compromised.

Conditional access is a way to make decisions about enforcing security policies. These policies are made up of "if this, then that" statements. For example, if a user wants to access a resource, they might be required to complete a certain action, such as multi-factor authentication. If a user tries to sign in from a risky location, the system will either block them or require them to complete an additional layer of authentication.

The conditional access feature does not compromise the robustness of the zero-trust strategy, which is a good thing. I have configured it in my environment based on primary monitoring. We have certain locations that we do not trust users from. If a user tries to sign in from one of these locations, which the system automatically detects, they will be required to complete an additional layer of authentication. With zero trust, we do not trust anyone by default. Anyone trying to access our environment externally must be verified.

We use conditional access with Endpoint Manager. When configuring conditional access, we consider factors such as the user's location, device, and country. These are the things that we put in place when configuring the policy. We create users, put them in a group, and then decide to apply conditional access to that group. So, this particular group has been configured under conditional access. This means that no matter where they are, what device they use, or what activity they want to perform in the environment, they will be required to meet certain conditions that have been configured in the conditional access policy.

We use Verified ID to onboard remote users. SSO is configured for this purpose so that users do not have to remember multiple IDs, passwords, or usernames. This can be tedious when logging in to multiple applications. Once SSO is configured for our users, we also configure self-service password reset so that they can reset their passwords themselves if they forget them. With SSO, users only need to remember one credential, their Verified ID. When they log in to an application, such as Zoom, they are redirected to the identity trust provider, which is Entra ID. Entra ID requires a sign-in. Once the user enters their Verified ID into Entra ID, they are redirected back to Zoom and are issued an access token, which allows them to access Zoom. In this way, users can automatically access all other applications in the system that they are required to use to carry out their day-to-day tasks in the company.

Verified ID helps protect the privacy and identity data of our users. Data access management is all about the user's identity. The three main components of data access management are identity, authentication, and authorization. Identity access management is about protecting user information and ensuring that they only have access to the resources they need to perform their jobs. Verified ID is an additional layer of security that helps to ensure that users only have access to the right applications and resources. It does this by verifying the user's identity and ensuring that the resources are being accessed by the right person. Verified ID also uses certificates to confirm the trust and security of the system.

Permission management helps with visibility and control over who has access to what resources in the environment. For example, an HR manager should only have access to HR resources. To achieve this, we put users into groups based on their job function, such as the HR department. We then grant permissions to these groups to access the resources they need. This way, no one in the HR department can access resources that are meant for the financial department. Permission management helps to reduce unauthorized access to resources and prevent data breaches. Before we grant access to resources, we perform a role-based access control analysis to determine the permissions that each role needs.

Entra ID has helped us save a lot of time by streamlining our security access process. From time to time we conduct an access review to ensure that only the right people have access to the environment and resources.

Entra ID operates on multiple platforms and devices, which reduces the time spent on manual tasks and increases productivity. Its ability to integrate across our centers worldwide, providing accessibility, has saved us money.

Entra ID has improved the user experience and performance. It has enhanced performance by saving users time from having to log into so many applications, systems, or plug-ins. Now, they can log in using their Entra ID. It has also helped with security by enabling multi-factor authentication, which has cut down on attempted hacks. Entra ID has also made enrollment easier for users.

The valuable features I use daily are enterprise application, conditional access, identity governance, password monitoring, and a password reset.

The downside of using a single password to access the entire system is that if those credentials are compromised, the hacker will have full access. It would be more beneficial if Entra ID could be completely passwordless.

I have been using Microsoft Entra ID for six years.

Entra ID is stable. We have never had stability issues.

Entra ID is scalable.

I would rate Microsoft Entra ID a ten out of ten. I enjoy using Entra ID and I see the benefits of using it.

No maintenance is required, except for occasional log reviews.

I work on it to investigate it. I work at a cybersecurity company, so I focus on how the product behaves, particularly how Microsoft Entra ID behaves with group permissions and such.

We work with Microsoft because we're also a security company, so we scan Microsoft Entra ID and then monitor what happens regarding defending against token theft and nation-state attacks.

We are partners with Microsoft. We don't sell Microsoft products; we sell our own product, but we integrate it with Microsoft.

It's simple to create groups or accounts and to add users. There are several options for dynamic groups.

Microsoft Entra ID influences our zero trust model because we need to make sure that we give the right user permissions.

To improve Microsoft Entra ID, it should be made simpler because there is a lot of stuff to do in the platform, which could be reduced to fewer buttons.

I have been using Microsoft Entra ID for two years.

Microsoft Entra ID is pretty stable.

I don't know about scalability, but I assume it is suitable because it is used for huge organizations.

Customer service and technical support for Microsoft Entra ID are very good because I open many tickets with the support and get straight answers. If I don't get an answer, they update me all the time that they will provide an answer, and they work on that.

Positive

Microsoft Entra ID is pretty easy to deploy. The speed of deploying Microsoft Entra ID depends on the organization and its structure, but building new users is very simple.

There is a return on investment when using this platform, though I am uncertain about the specifics.

I haven't observed any problems or changes in the frequency and nature of identity-related security incidents after using Microsoft Entra ID in my company.

I would rate Microsoft Entra ID a nine out of ten.

We are using Microsoft Entra ID every day for SSO authentication for our end users. We sync local active directories with Entra, register applications for SSO, assign licenses with dynamic security groups, and utilize it for enterprise applications.

The solution has improved our application security because we can deploy app registrations on our enterprise applications. We could securely enable MFA access on most of our applications.

Entra ID's ability to sync with the local Active Directory provides redundancy, allowing authentication via cloud features even if the local Active Directory faces issues. The SSO features with app registrations are also crucial, as we use Azure globally, allowing role and permission assignments directly from Entra.

I have used Entra ID for eight to 10 years.

The stability of Microsoft Entra ID is excellent. We haven't experienced any issues.

At the moment, it accommodates all our needs, and we have not encountered any scalability issues.

Previously, we used local Active Directory, specifically an on-premises solution.

The initial setup was straightforward.

I would rate Microsoft Entra ID 10 out of 10. It's a good product that's easy to deploy and manage, with no significant learning curve to adapt to various features.

Hybrid Cloud

Other

We are using Azure Active Directory to secure our identity and applications throughout our corporate. All the authentication is done automatically.

It provides a single pane of glass for managing user access. It streamlines the IT access management process and improves the security of the IT systems. If there are any configuration changes in the software, they are taken care of automatically.

The integration of Azure Active Directory with other Microsoft services is very easy. We can integrate it with Teams, 365, or any other Microsoft solution.

Azure Active Directory provides a seamless and secure way for employees to access work resources that have been assigned to them. They can access the resources from anywhere and work from anywhere.

Azure Active Directory provides a robust set of features. Features such as multifactor authentication and conditional access policies are in-built. These features enhance the security of the IT systems and protect sensitive information from potential threats.

Conditional Access helps to enforce fine-tuned and adaptive access controls. Conditional Access provides more secure authentication for us. We also use multifactor authentication to secure our enterprise from any potential threats.

Permission Management helps to bifurcate the users based on various roles, such as administrator.

Azure Active Directory has saved us time. It has helped to save four hours a day. It has also saved us money. There is about a 10% saving.

Azure Active Directory has affected the employee user experience in our organization. It is seamless. They do not get to feel it is there.

It is very simple. The Active Directory functions are very easy for us. Its integration with anything is very easy. We can easily do third-party multifactor authentication. Automating IT governance is also easy. These are the advantages that we have.

The role-based access control can be improved. Normally, the role-based access control has different privileges. Each role, such as administrator or user, has different privileges, and the setup rules for them should be defined automatically rather than doing it manually.

I have been using this solution for six years.

It is stable.

It is scalable. We have 1,500 users and two admins, and we plan to continue using Azure Active Directory.

Their technical support is very good. I would rate them a nine out of ten.

Positive

We were using Oracle Database. We moved to Azure Active Directory because it is a higher access management solution. It is more secure and helps to manage entities across hybrid and multi-cloud environments.

Its initial setup is very easy. We had to do policy configuration and user configuration. That was it.

It does not require any maintenance from our end.

We had one person for the initial setup.

It is worth the money.

Overall, I would rate Azure Active Directory a nine out of ten. It is a complete identity access management solution for security and managing all types of multi-cloud environments.

Private Cloud

Microsoft Azure

My organization uses Microsoft Entra ID for some people who access Azure, especially for people who need Azure for different things. My organization deals with people transitioning from a standard data center environment into a cloud-based one to meet their needs. My organization has certain conditional access to certain people because we have access to government and cloud services or a commercial environment, along with different versions of each of those across different groups. I would say that most of our organization's work is just giving conditional access to people and occasionally vendors, but nothing too absurd.

I don't want to say that the product hasn't improved anything for my organization. The problem with the solution stems more or less from the fact that technology is moving ahead, and my organization needs to try to keep up with the changes, which makes it a new way of doing things that will be applicable to the future. Maybe if we could transition to certain things faster, I would have seen the product's full benefits. Since the areas of transitions related to the solution are slow, I haven't experienced the full depth of what I can do with the product.

The most valuable feature of the solution is its ability to delegate roles to each individual resource, which is great. I think the aforementioned feature is better done in the solution itself than with an actual local AD.

I wish transitioning from Microsoft Active Directory to Microsoft Entra ID was a little easier, and I didn't have to learn so many new concepts. I faced difficulties from Micorosft's end and during the transition from Microsoft Active Directory to Microsoft Entra ID. Sometimes, some of Microsoft's documentation could be a little outdated. The product doesn't meet the organization's niche requirements, especially in our environment. Microsoft Entra ID is not a very standard product.

When I think about the trade-off I have had to go for to get the aforementioned feature, it does annoy me. For me, I can't mirror accounts with the solution. I need to consider that we have so many groups and subscriptions, and I can't just see a blanket of their different individual roles in every single resource if I create an account for someone who takes over a job in the organization. In the solution, some people might have specific roles in one resource, which might be the only thing in there. With Microsoft Entra ID, I can't view every instance, and I have to go one by one subscription all the way down, which is a huge pain when you have 400 to 500 subscriptions. The aforementioned aspects can be considered for the improvement of the solution.

I have been using Microsoft Entra ID for the last five years, but not at its full capacity because, in our organization, we have to ensure that we help with the migration process of different governmental agencies piece by piece since we are a multi-cloud, multi-tenant, multi-forested environment. My organization is a customer of the product.

When it comes to the technical support for the product, I have a representative who works for me, making the support good since I can have him put under fire. I have had some issues with the tool. The IT security audits that come under Microsoft Services Hub are something we needed in Microsoft Gov cloud, and there's only a certain region of Microsoft Gov cloud that supports it, meaning you cannot use Microsoft Services Hub on it, which is all fine as you just have to run it either for by line or you have to run it from within Azure's portal. I had three separate calls with Microsoft's technical support about it, and it was the third tech person who told me after looking at the ticket raised by my organization with the support that the support team had not even finished adding our ticket to their list, which to me was like an organizational issue. Apart from the aforementioned issue I faced with the support team, I feel everything else has been fine. I wouldn't go around saying that Microsoft offers bad technical support.

I rate the technical support a seven out of ten.

Neutral

As the product already existed before I joined my current organization, I was not involved in its deployment phase. I have some past experience with the deployment processes of Microsoft Entra ID and Microsoft Active Directory. The deployment process of Microsoft Entra ID was easy, and it is not anything different or terrible.

The time for deployment of the tool depends on the client or the project my organization deals with, and a lot of the clients I have worked for are pretty small teams. I haven't had to do too much in terms of deployment.

My organization hasn't considered switching to a different product, but I know that we have some AWS environments with IAM solutions.

It is easy to use the solution's offering of a single pane of glass for managing user access if you have experience with Azure for a while. During the transitioning period, the depth that revolves around the concepts of blades in Azure can be annoying, especially while attempting to relearn the new places where everything is stored. It feels like Microsoft invented a new language for their new system, but a lot of it is just like an updated version of what it was. I have many people at work who have never heard of Microsoft Entra ID and claim to use Microsoft Active Directory without realizing they are the same. Microsoft Entra ID is just a new version of Microsoft Active Directory.

As a product that offers a single pane of glass, it works great and offers consistency to our organization's security policies if I consider the little or limited Azure we have.

My organization hasn't implemented the tool over 900 other devices yet, so I don't know how it will work after that.

Microsoft Entra Verified ID is good when it comes to privacy and control of identity data. Regarding Microsoft Entra ID, my organization sees a lot of contractors and vendors that come in, which gives us confidence or at least ways to sell it to politicians who have confidence that we can do something.

My organization uses Microsoft Entra Permissions Management, but we are not too in-depth into it. I feel Microsoft Entra Permissions Management is nice. I believe that Microsoft Entra Permissions Management helps reduce risk surface. I don't like one of the top-level tenants in the product. As the product goes down into different resources or subscriptions, I see that agencies own them. Sometimes, I feel my organization's offerings look good, but when I dig into the offerings of other agencies, I realize that we are not good.

The time-saving capabilities of the solution experienced by IT administrators or the HR department in my organization have been more or less the same.

I haven't seen the budget in a way that can help me figure out if using the solution in my organization has helped save money.

I rate the overall tool an eight out of ten.