Microsoft Entra ID Reviews

We are a small consultant company, and we help customers to build hybrid environments. We synchronize on-premises AD to Azure AD and help our customers decide which one they want to use.

In our own company, we use Office 365, so we use Activity Directory directly for authentication and authorization.

The most valuable feature is Conditional Access. As there are more and more people working from home, security is a challenge for a lot of companies. To build a general trust solution, we need Conditional Access to make sure the right people use the right device and access the right content.

In our company, we use Conditional Access with Trend to make sure that our employees can use the device from the company. We can make sure that there is higher security. We can also use Trend to set up a group policy and to set up Windows Defender as well.

Microsoft Azure AD is easy to install and is a stable solution.

There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail.

More documentation on some complete scenarios, such as best practices to integrate forests into Azure AD when a customer has several on-premises forests, would be helpful.

I've been using it for four years.

In my experience, it has been working fine.

Scalability is a pain point. There is no documentation about how Microsoft will scale Azure AD for customers. We do, however, plan to increase usage.

We used on-premises Active Directory before using Azure Active Directory.

The initial setup is pretty simple. Microsoft Azure AD can be deployed in one or two minutes.

If you have an Office 365 subscription, Microsoft will build Azure AD for you.

Microsoft Azure AD has P1 or P2 licensing options, and it depends on the customer's needs. To use Conditional Access, you need to have the P1 license, and to use the PIN features, you need the P2 license. We use the P1 license as we use Conditional Access.

It will be a very good solution if your company is already using on-premises Windows Active Directory. Microsoft has provided a useful tool called Azure AD Connect. So, you can easily sync your on-premises Active Directory to Azure Active Directory, and you can easily implement the SSO.

Overall, we are satisfied with the solution and the features provided, and on a scale from one to ten, I would rate this solution at nine.

Our use case depends on the client, their project, and what they want to deploy. 

1. The solution can be deployed for security purposes. Multi-factor authentication is being deployed as a second layer of authentication, especially during this COVID-19 time, because everything has to stay secure. 
2. Almost every organization uses the software as a service (SaaS) part. Because of the pandemic right now, a lot of companies are moving many things to the cloud, like virtual machines (VMs) and virtual networks. It doesn't invalidate the fact that some companies don't want to have control on-premises. 

Everything depends on the solution or what the client wants.

We use it for PaaS and IaaS.

In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.

In terms of improvement, there should be more flexibility and conditional access. There is a lot of flexibility already, but there are some technologies that should be embedded and integrated into it for a more flexible, customized experience. Also, there should be more tools for analysis for clients, e.g., there should be more flexibility aimed at end users. Regular IT guys for each company should be able to use the tools to troubleshoot a certain level of analysis in their environment.

The security part should be improved overall. 

The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform,  am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly.

I have been using it for four to five years.

Availability for Azure AD as a whole is 99.95 percent. It is simpler and more available than the way technology used to be previously.

It is very scalable. When you talk about licensing, you have the option to scale up or scale down. For example, you purchase 50 seats of licenses and assign 45 licenses, then for some reason, you fire 10 employees. Once you fire them, you will probably block their identity access and single sign-in. After that, you can decide to reduce the number of licenses. On the other hand, if you acquire 10 licenses and employ five new people, then you can scale up by adding more five licenses that month. So, it helps you to scale up or scale down easily.

In another example, if you have acquired five virtual machine instances, then are using more in terms of the processor, you can scale up. It depends on the configuration you have. If you have done the setup and everything from the beginning, then you can say, "If the processor level reaches 80 percent, you want to add another two virtual machine instances." On the other hand, if you deployed five virtual machine instances, but your usage of those processors is lower than 30 percent, then you should scale down. So, if you have five licenses and you want to scale down by one, then you can scale it down so you can reduce your costs.

I would rate the technical support as a nine out of 10.

When I set it up two years ago, it was easy, not complex. It didn't take much time at all to set up.

A lot of people sign in or set it up with a Google account, Yahoo account, or Microsoft account, which is not the global administrator. A lot of people think that this is the global administrator. They don't understand that the account might have an extension and don't see this until that account gets locked out. That is when they have problems signing in. The setup is not that complex. It is just that the user experience overall needs improvement here.

The deployment process depends on what you are trying to achieve and the technology that you are trying to deploy, e.g., are you trying to deploy SSO, set up device writeback, or do a regular AD Connect setup? Everything depends on the objective or the overall goals of what you want to achieve.

Even after it has been deployed, one or two users may have problems with their account in terms of multi-factor authentication or the way it has been set up. I work with them to troubleshoot these issues.

Sometimes, the priority is to set up AD Connect, which integrates your on-premises to Active Directory. You must make sure your server is up and running. Apart from that, you need to set up your tenant, which is your profile admin center. 

If they want to download and install their tools, then we can connect to their on-premises for synchronization. So, it helps collect on-premises data and put it into the cloud. 

You can also install PowerShell. 

Everything needs to be considered for the requirements and if it is within the budget, then you can come up with a solution, whether it is SaaS, PaaS, or IaaS. 

Since people might not be very familiar with the platform, I have developed a system for how to use, deploy, or utilize the technology.

At the end of the day, it is about the overall goal because everything comes with a cost. Azure AD comes in different ways and shapes, e.g., SaaS is different from IaaS or PaaS, though it is still the same platform. 

Whether you are a small business or large business, you can always enjoy a very secure cloud platform. 

I would rate Azure AD as a nine out of 10.

We are using it for all non-structured data and as an identity manager for all of our accounts. In addition, we use it also to authenticate Google services, because we have Google Workspace for email, and to integrate other tools with our services. We are able to keep it all going, balanced, and synchronized. It's very good. We use it for just about everything that we need to do an identity check on.

We couldn't live without the Active Directory services. It has helped to improve our security posture. We have a lot of users and hardware to manage and we can do that with Active Directory.

The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.

I have been using the Active Directory solution for three years. I'm responsible for almost all infrastructure services in our organization.

It's pretty stable. In the three years, the service has never been down.

As far as I know, it works for 10,000 and 100,000. It's just difficult to find current information, such as how much hardware and how many licenses we would need to keep it going. But it's scalable and works really well. We can keep adding servers and scale up or out.

We don't have another company that provides support for Active Directory. On my team, there are three people who work with it, and we have about 2,000 users in our company.

To be honest, I can barely navigate Microsoft's support. Microsoft is so well-known and there is so much information to look up on the internet, that we have never come to the point where we have actually had to open an issue with Microsoft's team. We can almost always find out the information that we need by looking it up with Google or in Microsoft's Knowledge Base.

We used to use LDAP, a free tool, but since almost all of our hardware needed integration, we had to move to Active Directory. We couldn't apply the policies that we needed, using open source, and we couldn't keep the integration going the way we needed to.

We are really happy with how the functionality Azure Active Directory gives us. I have a security policy applied to all workstations. Before, all of our users could configure their machines the way they wanted to. As a result, we often had to reconfigure and do other things to them as well because the computers were crashing. We almost don't have to do that anymore.

The trick was to immigrate from LDAP. We had to get all the properties from the files into Active Directory, so it took some time. When we did that, there were some issues with the system and we had to do it manually. It would be nice if they had a service that would make it easier to migrate from LDAP to Active Directory, keeping all of the properties from files and non-structured data as well.

It gives a good return on investment. The amount of first-level support we have had to give internally has dropped a lot since we applied the policies and restricted our users. But our users are now more satisfied because their computers don't have the issues that they had before. Before Active Directory, there were many issues that our users complained about, like worms and malware. We don't have those issues anymore. Even with endpoint protection we had some cases of viruses in our company, but now we don't have them either.

Directly, I couldn't calculate the return on investment, but indirectly we saved by reducing work for our team, and we are keeping our users satisfied.

The process for buying licenses from Microsoft is somewhat messy and really hard to do. We have to talk to someone because it's hard to find out how many licenses we need. If I'm applying for 2,000 users, how many Windows licenses do we need?

They could also charge less for support. You buy the license, but if you want to keep it in good standing, you have to pay for the support, and it is expensive. It's okay to pay for the license itself, but to pay so much for support...

We were thinking about buying another tool, to be capable of managing and keeping all the identities within our organization current. But we had to go straight to Microsoft because there are no other solutions that I know of. By now, almost all organizations are using Windows 10 or 11, and it would be hard to achieve the possibilities that we have with Active Directory if we used another service.

We are integrated with NetApp because we use NetApp storage. It's pretty awesome. We are also integrated with many others, such as our data center hardware with storage from IBM. We're using it for logging switches, as well. It works really well.

My advice to others would be to look at the options and focus on how you can pay less. Do the research so that you buy just the essential licenses to keep it going. If you don't do the sizing well, you can buy more, but it's expensive to keep it going and pay for support.

The use cases depend on my clients' specifications. If they have the on-premises Active Directory and it is a hybrid environment, then objects are synchronized with the cloud in Azure Active Directory. Services that are on-premises or in the cloud are synchronized with each other, to create a centralized management solution. 

If we're talking about Azure Active Directory only, the cloud-based, centralized management solution, we don't need to use a VPN to access the resources; everything is cloud. We just need to be connected with Azure Active Directory and we can use the resources anywhere in the world and resource security will be intact.

I use both the cloud and on-premises versions.

Everybody is moving from on-premises to Azure Active Directory because it's cost-effective. They don't need to spend a lot of money on the on-premises resources, such as an on-premises server and maintenance. Now, given that Microsoft has started Windows 365, which is a PC in the cloud, you don't need to have a PC. You can work on an Android tablet from anywhere in the world, using cloud technology.

In terms of the user experience, because the solution is in a cloud environment, people are not bound to work in a specific network. In the old-school way, if you worked from home and you had on-premises Active Directory, you needed to use a VPN. VPNs can be highly unstable because they depend on your home network. If your home network is not good, you won't get the same bandwidth as you would get when using the resources inside the office network. With Active Directory in the cloud, you can use your own network to access the resources. It's faster, reliable, and it's cheaper compared to Active Directory on-premises.

• Conditional Access
• Geofencing
• Azure Multi-Factor Authentication

are the major security features to secure resources.

For example, if I don't want users using the company resources outside of India, I will add managed countries within Conditional Access. Only the people from the managed country will be able to access things. If an employee goes out of India and tries to access the resources that have been restricted, they will not be able to open the portal to access the resources.

We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work.

I have been using Azure Active Directory for six years.

Microsoft works with suppliers and vendors. Certain vendors are very good at providing support and certain vendors are not very good at providing support. It depends on the time zone in which we are opening a ticket and which vendor the ticket is going to.

It's pretty straightforward in general, although it depends on what kind of requirements a client has.

If I'm deploying with Microsoft Autopilot, it usually takes at least 40 to 50 minutes to deploy one machine. If I'm deploying 1,000 machines in one go, you can multiply that 40 minutes for each of those 1,000 machines. Everything is configured in the cloud, in Azure Active Directory. You just need to purchase the machine, configure things, and ship the machine to the user. When they turn it on they will be able to work on it. Everything will be installed in the backend. If it's not on Autopilot, it's just in a matter of a few clicks to connect the machine to Azure Active Directory.

The deployment plan also depends on the client. If the client is not providing machines to their employees, they want the machine to be BYOD, we will work on the existing computer. In that case, we just set up the policies and ask the user to connect to Azure Active Directory. But if a client is concerned about complete security, and they want the machine to be used in a certain way, and they are providing the machine, then I prefer that it should be Autopilot. It becomes an enterprise-managed machine, and we have more control over it.

Clients only invest their money when they know that they are getting a really helpful platform. They want to see that I, as a consultant, am confident in the product I'm asking them to use. I have to be very confident that I am providing them a solution that will definitely work for them.

People have a tendency to keep their information in-house, but the cost of keeping information on-premises in SharePoint servers is very expensive. There is a good chance that, if something happens, they will lose the database. There is no backup. And to keep a backup, you have to pay more for a cloud backup solution to keep your data on another server. You are compromising with your data in a two-sided scenario, where one is on-premises and the other is on a data server as a backup. If you go for the cloud version of Active Directory, everything is secure and everything is in the Microsoft data center, which is reliable and secure. They have disaster management and recovery. That's a win-win situation.

My work is generally on device management, which is on Intune, Endpoint Manager, and Cloud App Security. These all work hand-in-hand. Azure Active Directory is just an assembler of management resources, but Intune makes the device secure. The policies create restrictions. These things work together. If you need Active Directory, you will definitely need Intune.

The largest deployment I worked on with one of my clients was about 2,500 computers. As far as managing them goes, it varies, between 200 to 300 computers at one time in one environment. If I'm working on providing a day-to-day solution, it is different because the queries are different. People usually have problems related to smaller queries, like their printer is not connecting, or they are not able to access SharePoint, or they do not have permissions for a given file. But as far as deployment and designing the architecture of Azure Active Directory goes, I work with midsize companies.

To summarize, the big advantages of this platform are the reliability, cost-effectiveness, and security. These are the features that make it one of the best solutions in the IT industry. Azure AD is the future. Everyone is adopting the cloud environment. I, myself, use Azure Active Directory for my own devices and resources. I encourage other people to accept the future. It gives you more security than the on-premises Active Directory. To me, it is the best solution.

We are a system implementer and this is one of the products that we provide to our clients.

We primarily use this product for identity and access management. Any of our customers using Office 365, which includes Exchange Online and SharePoint Online, are using it for authentication. Worldwide, there are a lot of use cases.

The identity check includes whether the username and password are correct, and it also supports multifactor authentication.

This solution is in the cloud and as soon as users log in to the Office 365 portal, or whatever application you assign to them, it will take care of the identity aspect.

The most valuable features are authentication, authorization, and identity access.

Conditional access is a very important feature where a specific user can be restricted such that they cannot connect to the application if they travel outside of the US.

Multifactor authentication is very important.

They have a velocity check, powered by artificial intelligence and machine learning, where if you have been logging in at a location in the US but suddenly you try to log in from a different country, it flags it as an unusual amount of travel in a short time and it will ask you to prove your identity. This is a security feature that assumes it is a phishing attack and is one of the important protections in the product.

The problem with this product is that we have limited control, and can't even see where it is running.  If Microsoft can give us a way to see where this product is running, from a backend perspective, then it would be great.

I would like to see Microsoft continue to add new features gradually, over time, so that we can introduce them to our customers.

We have been using Azure Active Directory for more than six years.

The stability of this product is 100%, and we plan to continue using it.

As this is a cloud-based product, you don't need to worry about scalability. Regardless of the number of users, it handles identity management.

90% of our customers are using it. From what I see, we have up to 50,000 end-users. In reality, we can have up to 400,000.

We can handle most of the issues by ourselves but if not, Microsoft support is available and we just have to create a ticket.

This is the first cloud-based identity management solution that we have used. In an on-premises deployment, we use the traditional Active Directory.

The deployment process involves using the Azure AD Connect tool, which is very important. The only choice that needs to be made beyond this is whether you want to have single sign-on (SSO) enabled or not.

The deployment will require some basic planning. The length of time required will be a maximum of four weeks. Three staff should be sufficient, although this depends on the number of users.

The maintenance of this solution is almost zero. The only time that something needs to be done is in the on-premises portion of a hybrid solution. The cloud aspect is maintained by Microsoft.

As this is a cloud-based solution, less maintenance is required, so the return on investment is better.

The P1 version costs $6 per user per month. If you need the P2 version then it is an extra $3 per month.

There are two different Premium versions of this product available, being P1 and P2. For 99% of our customers, P1 is enough. The P2 version has some advanced features required by a small number of customers.

Overall, my experience with Active Directory has been very good. When we work in the cloud, this product provides us with almost everything.

I would rate this solution a nine out of ten.

We use Azure AD which enables our customers to remotely access the shared machines within their office, allowing them to work from any location.

Our primary customer transitioned from using a local cluster to utilizing Azure. They initially utilized Hyper-V and have now combined Azure AD with SharePoint Office 365. This new setup has proven to be much more convenient for them compared to their previous local arrangement, which did not work well. With Azure AD, I was able to exert greater control over the content on their machine.

Azure AD saved time for our IT administrators and HR departments, particularly when they need to reset their own passwords or grant permissions to other people within the group by themselves. This saved around 60 hours in total.

Azure AD helped save around 18,000 euros.

Azure AD significantly improved the employee user experience in the company by providing them with enhanced accessibility to their information and facilitating seamless login and logout from their machines while working from home. This is a significant shift from the previous system that relied on a local username and VPN connection and was limited to a fixed cluster.

The most valuable feature is the ease with which a person can log in remotely using only a password or pin without creating a profile or policy.

The permission management is a mess because it is not centralized, especially when we go back from Azure, which is quite big to SharePoint. This is not really well done and has room for improvement.

I would appreciate it if Azure AD could provide an option to simplify its interface by removing unnecessary features for small companies with a maximum of 50 users. This would make it more user-friendly for our customers who find the current interface overwhelming due to its numerous options.

I have been using the solution for almost 12 years.

Azure AD is a stable solution.

Although Azure AD is intended to be scalable, we have not yet verified its scalability by adding more users.

The initial setup is straightforward. The deployment required around six hours. I only had to import to write the existing users into Azure.

The implementation was completed in-house.

The solution can be cheaper.

I evaluated Google Workspace but I prefer Microsoft.

I give the solution a nine out of ten.

The only maintenance required for Azure AD is to modify certain parts on Windows by using policies.

The usefulness of Azure AD depends on several factors such as our intended use, the current system, the number of users, and organizational size. While Azure AD is an excellent choice for larger companies, it may not be beneficial for individuals.

We use the Azure portal to create users, assign rights, build policies, etc. I'm not an administrator for that part of our system but that is basically what we use Azure AD for.

Conditional access has helped us to better provide more security for our users and MFA has helped us to provide more security for users who are working from home. They use their own personal devices.

Azure AD has helped us to provide security for applications that I didn't have access to.

This product has improved our overall security posture. Everybody is working from home using a VPN. We recently migrated everybody to MFA, which is required to connect using the VPN. People are now more aware of their passwords and overall, gives them better security.

Using the Self Service Password Reset functionality has helped to improve our end-user experience because they no longer have to deal with the service desk to do so. It also helps the service desk because it relieves them of the need to help users when it comes to password changes, allowing them to focus on other things.

We use all of the services that are offered by Azure AD. We use Azure AD Connect, SSPR, app registration, application proxy, and more. We use everything for different services that include conditional access, authentication methods, etc.

Conditional Access is a helpful feature because it allows us to provide better security for our users.

I would like to see improvements made when it comes to viewing audit logs, sign-in logs, and resource tags.

We have been using Azure Active Directory for approximately six years.

In my opinion, the on-premises deployment is still king with respect to stability.

We are able to control what's happening there, unlike the cloud instances when the service is down. If Azure AD is down then it will affect the ability of our users to log in.

Both Azure AD and the on-premises Active Directory solutions are scalable.

We have approximately 30,000 objects hosted in Azure AD. Usage will be increased as need be, as we have more users and we have more objects to add.

I would rate Microsoft support and eight out of ten.

Support provides access to good resources and good backend tools that we can use to resolve issues.

We migrated to Azure Active Directory from Windows Active Directory.

In my previous organization, I was involved in the implementation and it was very straightforward. It was straightforward in the sense that we didn't encounter any major issues because we were already using Windows Active Directory. The only issue we had was that we had to move people in batches, and not at the same time.

Our deployment took approximately one month.

As part of the implementation strategy, we first moved our Exchange to Office 365. This was the initial migration of users from on-premises to Azure AD. The primary phase was to start using Office 365 for our email instead of Exchange.

We migrated from our on-premises Exchange solution to Azure AD with our in-house team. There are some of us in the infrastructure team, plus my manager.

In terms of our overall Azure experience, I can see that this solution yields a return on our investment. However, it is difficult to quantify.

The cost is billed on a per-user licensing basis.

We did not evaluate any other options.

I think that overall, using Azure AD is very straightforward.

My advice for anybody who is considering Azure AD is to look at the products, understand the role of AD, and see how it works in their environment. Then, before they roll out, test it well.

The biggest lesson that I have learned from using this product is that it helps with better organization and allocation of rights and security.

I would rate this solution a ten out of ten.

We have users, groups, and applications, and the purpose of this product is authentication, authorization, and attestation. We use it for the services connected to those three "A"s. The use cases in all organizations are more or less the same, even if some side services differ. Azure AD is used for authentication and authorization. It's about managing identities and granting access to applications.

It has features that have definitely helped to improve our security posture. The identity and access management, at the end of the day, are about security. It also offers features like multi-factor authentication, Privileged Identity Management, and access review and attestation, and all of these are connected to security and typically help improve security posture.

Many of its features are valuable, including: 

• facilitating application authentication 
• privileged access management 
• processes for attestation
• access reviews.

The multi-factor authentication, similar to when you use your mobile banking application when you want to do a transaction, doesn't rely only on your username and password. It triggers a second factor, like an SMS to your mobile. It requires another factor for authentication. This is one of the standard services Microsoft offers with Azure AD Directory.

Privileged identity management is also a standard feature of Azure AD for privileged accounts. We make sure we do privileged role activation when it's needed so that we do not have sensitive roles active every day.

A lot of aspects can be improved and Microsoft is constantly improving it. If I compare Azure AD today with what it was like five years ago, or even three years ago, a lot of areas have been improved, and from different angles. There have been improvements that offer more security and there have been some improvements in the efficiency domain. Azure AD is not a small product. It's not, say, Acrobat Reader, where I could say, "Okay, if these two features are added, it will be a perfect product." Azure is a vast platform.

But if we look at multi-factor authentication, can it be improved? Yes. Perhaps it could cope with the newest authentication protocols or offer new methods for second or third factors.

I'm also willing to go towards passwordless authentication. I don't want anyone to have passwords. I want them to authenticate using other methods, like maybe biometrics via your fingerprint or your face or a gesture. These things, together with the smart card you have, could mean no more passwords. The trends are moving in that direction.

When it comes to identity governance, the governance features in Azure AD are very focused on Microsoft products. I would like to see those governance and life cycle management features offered for non-Microsoft products connected to Azure AD. Currently, those aspects are not covered. Microsoft has started to introduce Identity Governance tools in Azure AD, and I know they are improving on them. For me, this is one of the interesting areas to explore further—and I'm looking to see what more Microsoft offers. Once they improve these areas, organizations will start to utilize Microsoft more because, in that domain, Microsoft is a bit behind. Right now, we need third-party tools to complete the circle.

In addition, sometimes meeting the principle of least privilege is not easy because the roles are not very granular. That means that if you are an administrator you need to do small things connected to resetting passwords and updating certain attributes. Sometimes I have to grant access for the purposes of user management, but it includes more access than they need. Role granularity is something that can be improved, and they are improving it.

Again, if I compare Azure AD today to what it was like three years ago, there have been a lot of improvements in all these domains. But we could also pick any of these specific feature domains in Azure AD and have in-depth discussions about what could be improved, and how.

We have been using Azure Active Directory for more than five years.`

Azure AD is very scalable. The only concern is around role-based access control limitations at the subscription level. That is something Microsoft is improving on. Currently, per subscription, you can have a maximum 2,000 role assignments. Sometimes big organizations hit the limit and need to implement workarounds to resolve that limitation. But that is something Microsoft has already confirmed it is improving. That is a limitation of the Azure platform, it's not specific to my organization. A smaller organization may never hit the limit, but bigger organizations do.

Apart from that, their application integrations, the service, MFA, and everything else, are quite scalable. It is moving in the right direction.

Setting up Azure AD, is about moving toward the cloud journey. I cannot say setting up Azure AD is easy, but on the other hand, organizations are not moving to the cloud in one go. It's not all or nothing, that you have it or you don't have it. It depends on which services you are receiving from Azure AD. Some organizations, like ours, start with a limited number of services.

You usually start with syncing your identities to the cloud so that you can offer your employees certain cloud services. You want to enable them to use certain SaaS applications, where they are relying on a cloud identity, and that's why you need to have your accounts in the cloud. Without that, you cannot grant them access.

Later, you may offer the ability for business partners to use and benefit from certain cloud applications, and gradually the use cases increase. For example, someone may become a privileged user to take responsibility for an application and manage it. When that happens you start to think about what other features in the Azure platform you can offer to do administration in a more secure way. Or, once you have thousands of users benefiting from cloud applications, how can you make sure that you protect their assets and their data? That leads you to start implementing other security features, such as multi-factor authentication. Over time, you may have users benefiting from Office 365 and they need to collaborate by using Teams and SharePoint. Again, you start to build something else around that.

Whether large or small, organizations are on a journey, where they start from on-premises with servers and all these server rooms and applications in the organization. They then shift workloads to the cloud. That process is still ongoing in my organization and in many organizations. Ten years ago, workloads were all on-premises. Five years ago, maybe 90 percent were on-premises. Today it might be 50 percent cloud and 50 percent on-premises. There is value from the cloud: elasticity and flexibility, even for big organizations. A server on-premises is a different story compared to having it on the cloud. If I need to upgrade a server on the cloud, it takes five minutes. If it's on-premises, I need to order hardware and then change the hardware. The usage of Azure Active Directory is due to the evolution of the cloud.

The bottom line is that the implementation is gradual. It's not difficult or easy, although we started with things that were easy to adopt, and then we continued the journey.

The staff required for maintenance of Azure AD depends on how you organize your support. Some organizations outsource their end-user support to other companies, while other organizations staff that completely internally. It can also depend on the users. Is your organization a global organization or a small, local organization? For us, to make sure we maintain the support and availability and all the services we need, including change management, we need at least 15 to 20 resources for a global application with more than 20,000 users, to maintain the platform.

We worked with a lot of consultants for Azure AD. There are many features and no one expert or professional can help with all aspects. Organizations, during their journeys, have to work with different partners and integrators. It may be that there is a specific application you need to integrate with Azure AD and you need some skills there. It may be that you want to better manage Azure resources, so you would talk to a different type of resource. You may want to increase your identity security scores, depending on how you configure Azure AD, and for that, you would need to talk to an Azure security expert. I think this applies to all big enterprises. We need different skills to better utilize Azure, including Azure AD, and to do processes in a more secure way.

We have Microsoft Professional Services. That's the primary source for many organizations that are utilizing Microsoft services. If you have an enterprise agreement or a unified agreement with Microsoft, they offer you consulting services. Of course, you have to pay for Professional Services, but we get value there. The number-one consulting and integration support provider is Microsoft.

They also work with certified partners like Accenture or Avanade. These organizations are connected with Microsoft and they offer consultancy services to enterprises like ours. Depending on the subject, we may use services from any of these providers. We usually go with Microsoft-certified partners.

Multi-factor authentication means you need to do an extra step, but that is normal because the attack surface is wider. We want to make sure you are who you say you are. That extra step impacts the end-user experience, but it's needed. The way authentication happens today is far different from 10 years ago. It may result in some added difficulty, but it is there to protect employees, organizations, customers, business partners, IT assets, data, et cetera.