Microsoft Entra ID Reviews

The primary use cases for Azure AD include use in projects and deliverables when implementing different solutions like SSPR, multifactor authentication, Conditional Access policies, and fine-graining the controls on end-user machines, devices, and applications. I also use it to sign licenses via different methods, including group-based licensing, direct licensing to individual users, registering applications, and providing CPUs and credentials. Lastly, I use Azure AD for whitelisting external identities and domains for communication between internal and external domains.

Our organization is global, with over nine locations across the world. We have a hybrid environment, which is very complex due to the size of the organization, and we have a varied client base. From a security standpoint, we have a variety of security services and products. 

Azure AD is a one-stop solution where we can manage every aspect of identities, access, and applications via policies across all domains of our organization.

We use the Conditional Access feature to enforce fine-tuned and adaptive access controls. This makes our Zero Trust strategy to verify users more robust, as standard users have limited access, on limited devices, with limited permissions. They can only access the domain on specific machines and must be on the corporate or office network. Access from outside the network isn't possible unless it's from a whitelisted location, and along with MFA, we have a powerful Zero Trust model in place.

Azure AD saves us a lot of time, as we previously used an on-prem legacy solution with poor integrations, which slowed onboarding and other processes. Thanks to the product, we spend approximately 70% less time daily and about 80% less time weekly. That's a big plus. 

The solution helps our organization save money from a cost perspective, and there are several other vital angles to consider. Azure AD is an out-of-the-box product in terms of features and security, which is a reduced cost. Whether an organization requires P1 or P2 licensing is another consideration. Finally, if a company is replacing legacy systems, that's money saved for licensing and maintaining those systems. Some of our clients have seen 30-40% savings, especially those using complete legacy systems and then switching to a cloud environment.   

Azure AD greatly helps user experience, as we can integrate the solution with many services. End-user experience improved, whether staff members try to access resources from mobile or even personal devices. We can fine-tune access control across the enterprise, and that helps us provide a good end-user experience.  

The most valuable features are the Conditional Access policies, SSPR, and MFA. Another good functionality is registering enterprise applications to provide access to external parties. These four features are precious and are the most used across different use cases for various clients and projects.

Azure AD provides a single pane of glass for managing user access; we can assign access permissions to different user accounts based on situational requirements, and helpful security features are available. The solution provides sign-on consistency, and we can configure permissions to enable single sign-on for a particular application or domain. This gives us the flexibility to offer a great user experience.    

The solution gives us a lot of flexibility when it comes to managing all identity and access tasks in our organization. We can manage freshly provisioned identities from scratch, as well as existing identities and apps through the Azure admin center.   

I want better integration between Azure AD and the on-prem environment because there are currently limitations that can hamper employee experience. We use a feature called password writeback, that can be challenging to implement in a hybrid environment. Employees can change their passwords using a self-service password reset (SSPR) feature, which reflects from the cloud to the on-prem identity, but not the other way around. Currently, there is no way to reflect passwords from on-prem identities to the cloud.

There are other similar limitations, such as a cap on the number of identities that can be synchronized in a particular time frame, which can be an issue for large enterprises with 300,000 employees or more.

I've been using the solution for over three years. 

The solution is stable, though there can be issues around synchronization within a vast organization. Performance-wise, Azure AD is a good product.

The scalability is good. 

Microsoft technical support can take a while to resolve. I can get a response in 30 minutes, but the time to resolve is usually more than four hours or over a day. I wonder if the support staff has adequate training and expertise to provide a better service.

We previously used on-premises AD and switched to Azure AD because we wanted the benefits associated with cloud-based solutions.

The complexity of the initial setup depends on the deployment; cloud deployments are very straightforward, on-prem implementations are more complex due to the infrastructure, and hybrid deployments are always complex as there are many considerations and assessments to be made.

It is hard to measure ROI with security solutions, but identity is the first point of vulnerability for cyber attacks, so identities must be secure and well-managed. The solution provides this, and that is a worthwhile investment.

Azure AD has four licensing options- free, Office 365 apps, Premium P1, and Premium P2. The free option has a limited number of identities and features, and the Office 365 version comes included in several Office 365 subscriptions. With the P1 and P2 licenses, we get all the freeware features plus additional security features, but these come at a higher price. The base price for P1 and P2 is $6 and $9 per user per month, respectively.

I rate the solution nine out of ten. 

From a security standpoint, we don't have major controls from Azure AD, but we can implement features such as MFA and Conditional Access policies to fine-grain the rules on apps and devices. We can also enforce policies where users have different sign-on requirements for the same account, depending on where they sign in from.  

We used the solution's Conditional Access feature in conjunction with Microsoft Endpoint Manager as it was a requirement for a client-side project. There were some conflicts between the two tools regarding device management, so we had to select a different approach. Conditional Access reduces the risk of unpatched devices connecting to our corporate network because it triggers the policy stating only compliant devices can log in and access resources.

Clients use different deployment methods for Azure AD, but most implement them within a hybrid environment. A few organizations are entirely cloud and SaaS-based, as they don't want the maintenance and management associated with on-prem infrastructure and prefer the security offered by the cloud.

My advice to those looking to implement the solution is to consider their primary goal and use case for the product and how they want to implement it. If you have a hybrid environment, many details about how Azure AD can fit into the environment must be figured out beforehand. Consider the costs and how the solution will help from a security standpoint over the next five to ten years, from all perspectives, including networking, security, systems management, and maintenance.

There are many use cases. The main use case is identity synchronization to on-prem with AD Connect. Another main use case is related to conditional access. Automated licensing is also one of the use cases. 

It is also used for identity access management with specific workflows, rules, etc. Permission or role management for applications is another use case, but I have never used that in production. I have demonstrated it to multiple customers, but they were not there yet.

The main benefit is that you have one repository for identities. That is very important for main companies. If you have worked with or are familiar with the concepts of on-prem Active Directory, you can easily start with Microsoft Entra ID. You have everything in one area. You have application identities, workload identities, and other identities in one area. It is very convenient and powerful. It helps with centralized identity management. You can also connect with your partner organizations. It is quite powerful for collaboration with your partners, customers, etc.

Microsoft Entra ID provides a single pane of glass for managing user access. It is pretty good in terms of the sign-on experience of users. It is easy to understand for even non-technical people.

With this single pane of glass, we also have a good view of the security part or security policies. From an admin's perspective, we have complete logs of everything that is happening in almost real time. We have pretty much everything we need. In recent times, I have not come across many use cases that could not be covered.

With conditional access, you can make sure that you have control at any time. It is a part of the zero-trust strategy. Any access is verified. You have a very good grasp on identity and devices for compliance. You can manage any issues through Microsoft Entra ID. Most companies I have worked with let you bring your own device, and device management is very important for them. They have a tight grasp on who can connect and which devices can connect to their network or cloud resources.

There have been improvements in the onboarding and the leaving process. It has always been a challenge to make sure that people are given the right access right at the beginning and that their access is disabled at the right moment. Historically, while auditing clients, I could see people who left the company five years ago, but their access was still active. Permission management has been helpful there. It is a nice thing to implement.

In terms of user experience, we have not received any feedback from the users about Microsoft Entra ID, which is good because it means it is transparent to them. It works as expected.

My two preferred features are conditional access and privileged identity management. They are very powerful. I like conditional access a lot. It is an easy way to secure identities.

Privileged identity management helps to control who is requesting access, when, and what for. It gives you a nice overview of what is happening in your tenant and why people are doing certain things. You can easily detect outliers or if something is wrong. 

They can combine conditional access for user actions and application filtering. Currently, they are separated, and we cannot mix the two. I do not know how it would be possible, but it would be interesting.

For permission access, there can be a bit more granular distinction between Microsoft applications. Currently, you have a pack of things, but sometimes, you only want to allow one of the things and not the whole pack. For example, you just want to allow the Azure portal, not the whole experience. However, such scenarios are rare. Overall, I am pretty happy with where we are today. It is always exciting to do new things, but for the customers I have worked with, it covered 99% of the scenarios.

I have been using it since I started using Azure and M365. It has been almost six years.

It is very stable.

It is very scalable. I have not met any limitations, but I do not have clients with more than 2,000 users. 

I have used their tech support one or two times. It is pretty good. I would rate them a nine out of ten.

Positive

I have worked a bit with Okta and AWS IAM, but they are more expensive than Microsoft Entra ID. I last worked with Okta about two years ago. At that time, Okta was more advanced and intuitive in certain aspects.

Microsoft Entra ID is a no-brainer if you already do not have a solution and if you have on-prem Active Directory. If you already have something, then the choice can be different. Microsoft Entra ID works for various use cases because you have connectors with pretty much every application on the planet. You have a lot of possibilities to integrate. You can also integrate with on-prem. In terms of security, there are a lot of features to protect your identity. It is quite helpful and appealing, so if you do not have anything and you are going to use Microsoft technologies, it is a no-brainer. Similarly, if you are a cloud company just starting, and if you choose Azure, Microsoft Entra ID is a no-brainer. If you choose another cloud, you can go for another solution.

I have been working with cloud and hybrid deployments. There are a few cloud deployments, but I work a lot with hybrid deployments.

Its setup is straightforward. I am very used to it now, and for me, it is pretty straightforward. The deployment duration depends on the features that you want to enable. Features such as conditional access require discussions with the customers. Generally, two weeks are enough. You might also have to train the internal team on it, which could take a bit more time.

You do not require too many people for deployment. One or two people are normally enough.

In terms of maintenance, it is very easy to maintain. You might have to add another business case for your customers or simplify something you put in place. You have to be aware of the new features, etc.

Microsoft Entra ID must have saved organizations money, but I do not have the data.

Its price is okay. It is easy to go from a P1 to P2 license. It is not exactly a bargain, but I would recommend the P2 license.

Make sure to use MFA and conditional access wherever possible.

Overall, I would rate Microsoft Entra ID a nine out of ten.

We use Azure Active Directory for our project management proposals. Employees who are onboarding in Active Directory can use project filters for authentication and other back-end tasks. There are different installed environments and staging areas. Different areas are being used for different purposes.

Azure Active Directory provides us with a single pane of glass for managing user access.

Azure AD made organizing information much easier for our organization. The solution also helped the IT and HR departments save up to 50 percent of their time. Based on the time savings, I would say that Azure AD also helped save costs within our organization.

Azure AD positively affected our employees' experience in the company by providing them with a single sign-on portal to access all their accounts in an easy way.

Overall, I think the support and the pictorial format of this web portal are very good. Everything is just a click away, which is very convenient. Previously, we had to write a configuration file to do anything, but now everything can be configured through the user interface. This is a great improvement.

The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what.

I have been using Azure AD for three years.

I give Azure Active Directory an eight out of ten.

I recommend Azure Active Directory.

We use Azure AD to implement conditional access when using Microsoft Network (MSN) services. Our infrastructure is primarily on-prem, and we operate our email in a hybrid environment and use the solution for continuity between our on-prem and cloud landscapes.

The solution improved our organization, especially in terms of security control. Overall, we're 65-70% satisfied with the product.

The most valuable feature is Conditional Access, and we use it extensively.

Azure AD provides a single pane of glass for managing user access; we integrated multiple APIs and use single sign-on for all of our Microsoft products. I can't speak in universal terms, but we had some positive feedback from our users regarding user experience.  

We use the Conditional Access feature to enforce fine-tuned and adaptive access controls, an excellent feature we use to enhance the security of all the machines connected to our domain. Users cannot access long-term data, data from untrusted devices, or data on connected personal devices.  

We use Azure AD Verified ID, which is a good feature for privacy and control of identity data; it offers a good level of secrecy. 

We've been using the solution for over six years now. 

The product is stable. 

The scalability isn't an issue; it depends on our license.

We previously used Microsoft's technical support, which was excellent; they were very responsive. Now, we use a CSP, and their support is lacking, so I rate them five out of ten.

Neutral

The initial setup was straightforward, and a partner was present to assist us during the implementation. We have around 250 users, and the solution doesn't require any maintenance.

The product's price is in the midrange. 

I rate the solution eight out of ten. 

Azure AD helped to save some time for our IT admins but not for our HR department, as they don't currently have access to the tool.

I recommend the product to those considering it, though it depends on the use case and requirements. If Azure AD has featured you don't need, then going with one of the cheaper competitors could be a better option.   

We use Office 365 for our emails and Office. As part of that, we have Active Directory on the cloud. We want to safeguard things, keeping in mind the recent upsurge in cyber attacks.

I get a single pane of glass view of all the users. I know who has been registered, who has joined, what their last activity was, and when they logged in. If I extend it, I can purchase Intune from Microsoft and I'll be able to do mobile data management.

Single sign-on is the reason we use AD.

I would like to see a better user interface. Right now, it's not that great. Maybe there could be a dashboard view for Active Directory with some pie or bar charts on who is logged in, who is not logged in, and on the activity of each user for the past few days: whether they're active or not active.

I have been using Azure Active Directory for about a year.

It's definitely stable, a 10 out of 10.

We are a small company so it is scalable, seamlessly. We don't even have 100 users, so we don't have any issues with scalability.

We were previously using Gmail, which didn't have anything of this sort, so we moved to Office 365 which has Azure AD. We have joined the domain controller using Azure AD now.

We were not involved in any deployment. It was automatic. The moment we signed in, we were part of Azure. It was straightforward. We just purchased our license, logged in, and we were automatically onboarded to Active Directory seamlessly.

It doesn't require any maintenance. It's managed by Microsoft.

There is a return on investment for us with Azure AD.

Azure AD comes with Office 365, so we are just paying for the Office 365 license.

We did not evaluate other options because Azure AD seems to be the market leader.

Azure AD is one place where you can manage all users and devices and it's safe and secure.

Microsoft Entra ID is used for user management and directory governance, including conditional access management, sync user management, group management, and application and SSO connections. In short, it is a user, policy, and access management solution for environments with 10,000 to 50,000+ users.

Microsoft Entra ID provides a single pane of glass for user management.

Originally, it was just an integration within Entra ID with limited governance and scalability. Over time, more and more features such as Certificate Authority and Privileged Identity Management have been added, and the amount of governance and controls has increased. As a result, we can now control more aspects within Azure AD. For example, in the beginning, we could not review sign-ins. We could only see simplified final messages. Now, we have more insight into sign-ins, and the overall service has improved. It is now more stable and reliable, which is most important.

Microsoft Entra ID's conditional access feature to enforce fine-tuned and adaptive access controls work. 

When Microsoft Entra ID is implemented properly it can help save our staff time.

If the implementation was done properly, the user experience was seamless. It may have even improved the experience, given that it supports single sign-on and cross-platform access. For example, signing on to enterprise applications was even better. So, it depends on the engineers who implement the product, not the product itself.

Microsoft Entra ID's valuable features include integration capabilities, a simplified Active Directory approach, scalability, conditional access, and privileged identity management.

The single pane of glass has limited filtering options within the directory.

The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive. This means that it is still possible to deceive conditional access.

The group management and group capabilities have room for improvement.

I have been using Microsoft Entra ID for over five years.

Microsoft Entra ID is mostly stable, but we had some issues with MSA. We must have a backup plan when using a cloud provider. If we put all our trust in one provider, that's on us, but most of the time, the service is stable.

Microsoft Entra ID is scalable. When we provision more and more users, we do not notice any impact. User management may be more difficult due to the portal, loading times, and so on, but provisioning the users themselves is not a problem. We have service limitations, but based on those, we can have a large number of users and work on them smoothly.

The quality of technical support depends on the engineer assigned. I've been working with Microsoft One, and while they have some awesome engineers, I've also had situations where they didn't seem to know what they were talking about.

Neutral

In my previous role, I worked with Google for enterprise, and it was a nightmare. I also worked with Okta, which is not as seamless as Microsoft Entra ID when it comes to MSA and policy management. However, maybe that's the feature, the improvement that can be done. Even though Okta has more errors and is more annoying as a product, it does have one positive: it is a cross-platform product. We can integrate it with non-Microsoft products, while Microsoft works really well with its own products. So, if we use Endpoint, enterprise apps, and 365 services, it will work most of the time, ten out of ten. But if we try to integrate anything else that is not a Microsoft service, it will be a disaster or we will not be able to onboard the service. That is something that Microsoft could improve: make it cross-platform.

The deployment time depends on the knowledge of the engineers and the cloud approach. Therefore, it can take from a few months to a few years, and sometimes it may result in the provisioning of everything because of a gap in knowledge of the people deploying. I have seen really bad deployments because the people were not cloud-ready.

We have seen a ten percent return on investment.

I think the pricing is efficient, but the licensing is overly complicated and difficult to understand. There are many tricks in the licensing that weigh against us.

I would give Microsoft Entra ID seven out of ten.

Conditional Access works well with Microsoft Endpoint Manager, but there are better options, as Endpoint Manager is not the best service.

Microsoft Entra ID is an enterprise-level solution.

Microsoft Entra ID does not require maintenance, but the conventional access policy, AD Connect, and server-related ATSs all do.

I have a total of fifteen years of experience in the IT industry, and I have worked with multiple technologies including, Exchange, Office 365, and Intune, and then a little bit of SharePoint. I have excellent experience with Entra ID. We have handled a lot of migrations from on-prem to the cloud. We've also done reverse migrations.

We can centralize and manage everything much more effectively with this tool. We are able to leverage role-based access controls and maintain IAM (identity actions management).   

We can also leverage Defender from a policy and security perspective so we can protect against vulnerabilities of all types. 

For remote workers, when they try to log in with the domain username and password, the device will get synchronized to the Azure Active Directory using the device identification method and it will enter an identification letter based on the policy we have derived. This helps us maintain a modern workforce organization. From our modern work workspace configuration, we can centralize and manage everything - even for off-site employees. It doesn't matter the device. It can be a laptop, iPhone device, or Android device - any mobile phone device. Everything is now centralized.

Entra ID Connect is good. If you are migrating your office environment or data center environment, to the cloud, it will do the handshake between the local director and the cloud. Based on that, the objects will be synchronized from the local active directory to the Azure active directory, and that way the users can access both the cloud-related resources, as well as on-prem applications. They can do everything through a single sign-on object. 

It provides us with a single pane of glass for managing user access. We can log onto the Azure portal and maintain all Azure objects. We can enable features so that the user can access everything using the same username and password. If the company needs an MFA license, it can use the Authenticator or any phone or DB PIN of third-party feeder keys. The product allows for a lot of security features. 

As a vendor, we do also have the Defender tool which can help with security robustness.

They have a good feature called conditional access. We have a lot of conditional access policies. For example, MFA. For each application, we can specify access. We can also search for the conditional access policy in Azure Active Directory. We've used it with Endpoint Manager. We can make it so a device can only authenticate within a specific region and any other region would get blocked. We've deployed a lot of conditional access. It reduces the risk of unpatched devices gaining access to our network.

We've used Verified ID. It's good for verification purposes.

We've also used Permission Management. It helps with role-based access. We can create separate role-based access policies for distinct departments. We'll only give specific permissions to specific groups, for example, and they'd only have limited access to certain areas. We can really customize the policy to make the access very granular. We gain good visibility and control over identity permissions. We can configure and deploy down to specific locations or devices based on a customer's needs.

The product has helped us save time for IT admins and the HR department. It's easy to do a password reset. Instead of having to raise a case with every tool, IT can write a ticket for users and do it all from one spot.

Active Directory has saved our organization money. When you deploy the virtual machine, initially, if you are you have a data center server, the server will be kept online in the data center environment. However, nowadays, in the cloud environment, if you have the virtual machine for the application and you can autoscale the server, you can perform on that. If it is off-peak hours, the server will not need to function. It will be shut down based on the rules we define. During that time, the cost is minimal.

We don't have as much control. It's all Microsoft. If any service is down, it can affect a whole region. We would need to wait on a ticket and get word from Microsoft to understand the issues. If it takes longer to resolve the issue on Microsoft's side, all we can do is wait for them to fix it. If it was under our data center, we'd be able to give it immediate attention directly.

I've used the solution for almost five years. 

The stability is fine, although we cannot do anything about it. We cannot directly specify the gateway. That's decided on Microsoft's side, depending on where the user connects from. I'd rate the stability eight out of ten.

I'd rate the scalability eight out of five. Nowadays, we do not need to procure physical hardware, so it's easy to scale up. We can add new virtual machines with ease based on the application support from the OEMs. If you want to increase RAM, this is automatically done via autoscaling.

We've dealt with technical support. Whenever we have issues, we'll write a ticket. We have a premium license and we'll write tickets under that. They'll coordinate with us for any major issues.

Support used to be better. We'd prefer to fix the issue ourselves rather than go through Microsoft. However, they are still helpful and responsive under the license we have.

Neutral

Previously, I did not use anything. I've always relied on Windows-related technology. We had used Windows 2008 and 2012 servers in the past. Now we use 2019 and 2022 servers as well as the latest environment. 

I have used Okta in the past, however, I don't remember much about it. I've used previous versions of it. 

I was not directly involved in initial setup tasks, however, when they migrated the user's object from the local active directory to the cloud, then we used a third-party tool called Cluster Migration Manager, and we used the tool to migrate the object user and object functionality to Azure.

We have continuity load balancers and we have also deployed VMs and SQL databases. we've configured a lot under this product.

We do use premium licenses. One has limited access and the other has more features. Users might also have Office 365 licenses in order to use Exchange. If a company has a large number of employees, like 2,000 or so, they should look at enterprise-level licensing. Educational instituations can access educational licenses. 

We tend to use Windows, however, users may also use AWS or Google if they want and align on that. We work based on the customer's needs and align with whatever they may be.

We usually work for customers that deal with Microsoft. We're consultants, not direct Microsoft partners. 

I'd rate the solution seven out of ten.

Microsoft Entra ID is used to control access to our environment.

Microsoft Entra ID has been most beneficial in the realm of IT management, although not significantly impactful on user experience. Microsoft Entra ID is not solely for user management or enhancing user experience. Rather, it greatly aids in constructing operational processes for IT management, as its capabilities extend far beyond user and access management. In terms of refining user experience, it certainly contributes to areas like authentication, particularly in diverse authentication methods and device-based authentication. 

The best thing about Microsoft Entra ID is the ease of setup.

If we're highly experienced or dealing with intricate scenarios, Microsoft Entra ID might not be the most suitable solution. In my opinion, it resolves the majority of cases, but it lacks comprehensive management tools for access control. I don't consider it the premier tool for user or identity management. While it covers many aspects, we'll need supplementary tools to effectively manage access rules. This deficiency is quite significant. To make it viable for a large organization, substantial additional development is necessary.

Microsoft Entra ID provides a way to manage user access, but it's not an effective tool for access management due to its excessive complexity. This is primarily because the process needs to be performed manually. Therefore, it lacks a user-friendly interface where we could define all access rules and scenarios comprehensively.

Zero trust is not easy to set up, especially for large organizations. While it could be implemented for smaller organizations, the extensive manual configuration required makes it impractical for larger enterprises.

Microsoft Entra ID's impact on access and identity management is relatively limited.

The single interface for managing permissions, permission rules, or conditional access policies needs to be significantly more user-friendly. While it remains functional for IT departments, it is not particularly user-friendly for end users. There is considerable room for improvement in this regard.

Microsoft Entra ID offers various features, but its setup and utilization are quite complex due to the lack of a user-friendly interface for end users. Unless we allocate a significant budget and a substantial workforce to configure it for end users, making it usable remains a challenge. Moreover, even with these investments, the cost of using Microsoft Entra ID would become prohibitively high. Thus, it's evident that the platform lacks the necessary functionality to provide a satisfactory end-user experience. 

I have been using Microsoft Entra ID for eight years.

The solution is stable. I have not encountered any stability issues.

Microsoft Entra ID is scalable.

I have had a positive experience with technical support. Additionally, if we opt for premium support or possess varying levels of support agreements with Microsoft, we can access excellent support.

Positive

The deployment is quite straightforward. It's truly uncomplicated from an IT perspective to utilize Microsoft Entra ID. It's not overly intricate in that aspect. However, when we delve into end-user scenarios, and the management and configuration of conditional access policies, permission management, and other similar aspects, it does introduce a certain level of complexity, naturally.

Microsoft Entra ID service can be quite costly due to its hidden expenses linked to usage. This cost ambiguity arises from our inability to accurately project expenses prior to implementation, contingent upon the specific features employed. The expense is particularly notable if we intend to utilize it for comprehensive identity management. Nevertheless, alternative budget-friendly identity management solutions are limited within the current market landscape.

There are no additional costs for maintenance because most of the parts are cloud-based and managed by Microsoft. This means we can't manage it ourselves. However, if we had a private cloud with Microsoft Entra ID, for instance, then we could manage our entire cloud ourselves. This would allow us to have good control of the costs. But there are many small components in Microsoft Entra ID. So, when we are planning to build something with Microsoft Entra ID, we might struggle to understand the total cost for the users. It's difficult to comprehend all the necessary pieces we need to purchase to construct a scenario. Only after we have designed this solution, we will be able to see the complete cost. Unfortunately, there are numerous hidden costs in Microsoft Entra ID that I am not particularly fond of.

If we consider the top three or four management tools, they offer numerous out-of-the-box features for connecting to HR sources. Furthermore, we have a straightforward method for establishing access policies based on our HR data. In my opinion, competitors hold an advantage over Microsoft Entra ID.

I would rate Microsoft Entra ID eight out of ten.

We can achieve a great deal with conditional access policies; however, using the interface itself is quite cumbersome and not very user-friendly. Consequently, there are very few tools currently available that offer a well-designed user interface for managing access policies. This is consistently a highly intricate scenario.

Based on my experience, Okta functions primarily as a solution for managing customer access or customer identity, rather than being the conventional method for handling business or corporate identities. It's more focused on robustly managing customer identities. However, in my previous procurement roles, it has never been selected as the primary option. This could be due to my limited exposure to customer identity management. Thus, I find it challenging to draw a direct comparison. On the other hand, Microsoft Azure Active Directory can certainly serve as a customer identity management solution and is comparable in this aspect. However, the comparison doesn't hold true for user identity management.

The maintenance is controlled by Microsoft because the solution is on their cloud.

Organizations should refrain from exclusively using Microsoft Entra ID for all identity and access management scenarios. This is because relying solely on Microsoft Entra ID necessitates creating additional components ourselves to address aspects that cannot be readily addressed using the default Microsoft Entra ID setup. We are required to construct these components and establish phases for end users, as Microsoft Entra ID does not encompass all these functionalities. A more effective approach could involve integrating Microsoft Entra ID with another product, such as SailPoint. This combined utilization would likely result in a robust identity management solution. It's important to recognize that Microsoft Entra ID alone cannot adequately address all our scenarios.