Microsoft Entra ID Reviews

Microsoft Entra ID is used for user management and directory governance, including conditional access management, sync user management, group management, and application and SSO connections. In short, it is a user, policy, and access management solution for environments with 10,000 to 50,000+ users.

Microsoft Entra ID provides a single pane of glass for user management.

Originally, it was just an integration within Entra ID with limited governance and scalability. Over time, more and more features such as Certificate Authority and Privileged Identity Management have been added, and the amount of governance and controls has increased. As a result, we can now control more aspects within Azure AD. For example, in the beginning, we could not review sign-ins. We could only see simplified final messages. Now, we have more insight into sign-ins, and the overall service has improved. It is now more stable and reliable, which is most important.

Microsoft Entra ID's conditional access feature to enforce fine-tuned and adaptive access controls work. 

When Microsoft Entra ID is implemented properly it can help save our staff time.

If the implementation was done properly, the user experience was seamless. It may have even improved the experience, given that it supports single sign-on and cross-platform access. For example, signing on to enterprise applications was even better. So, it depends on the engineers who implement the product, not the product itself.

Microsoft Entra ID's valuable features include integration capabilities, a simplified Active Directory approach, scalability, conditional access, and privileged identity management.

The single pane of glass has limited filtering options within the directory.

The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive. This means that it is still possible to deceive conditional access.

The group management and group capabilities have room for improvement.

I have been using Microsoft Entra ID for over five years.

Microsoft Entra ID is mostly stable, but we had some issues with MSA. We must have a backup plan when using a cloud provider. If we put all our trust in one provider, that's on us, but most of the time, the service is stable.

Microsoft Entra ID is scalable. When we provision more and more users, we do not notice any impact. User management may be more difficult due to the portal, loading times, and so on, but provisioning the users themselves is not a problem. We have service limitations, but based on those, we can have a large number of users and work on them smoothly.

The quality of technical support depends on the engineer assigned. I've been working with Microsoft One, and while they have some awesome engineers, I've also had situations where they didn't seem to know what they were talking about.

Neutral

In my previous role, I worked with Google for enterprise, and it was a nightmare. I also worked with Okta, which is not as seamless as Microsoft Entra ID when it comes to MSA and policy management. However, maybe that's the feature, the improvement that can be done. Even though Okta has more errors and is more annoying as a product, it does have one positive: it is a cross-platform product. We can integrate it with non-Microsoft products, while Microsoft works really well with its own products. So, if we use Endpoint, enterprise apps, and 365 services, it will work most of the time, ten out of ten. But if we try to integrate anything else that is not a Microsoft service, it will be a disaster or we will not be able to onboard the service. That is something that Microsoft could improve: make it cross-platform.

The deployment time depends on the knowledge of the engineers and the cloud approach. Therefore, it can take from a few months to a few years, and sometimes it may result in the provisioning of everything because of a gap in knowledge of the people deploying. I have seen really bad deployments because the people were not cloud-ready.

We have seen a ten percent return on investment.

I think the pricing is efficient, but the licensing is overly complicated and difficult to understand. There are many tricks in the licensing that weigh against us.

I would give Microsoft Entra ID seven out of ten.

Conditional Access works well with Microsoft Endpoint Manager, but there are better options, as Endpoint Manager is not the best service.

Microsoft Entra ID is an enterprise-level solution.

Microsoft Entra ID does not require maintenance, but the conventional access policy, AD Connect, and server-related ATSs all do.

I have a total of fifteen years of experience in the IT industry, and I have worked with multiple technologies including, Exchange, Office 365, and Intune, and then a little bit of SharePoint. I have excellent experience with Entra ID. We have handled a lot of migrations from on-prem to the cloud. We've also done reverse migrations.

We can centralize and manage everything much more effectively with this tool. We are able to leverage role-based access controls and maintain IAM (identity actions management).   

We can also leverage Defender from a policy and security perspective so we can protect against vulnerabilities of all types. 

For remote workers, when they try to log in with the domain username and password, the device will get synchronized to the Azure Active Directory using the device identification method and it will enter an identification letter based on the policy we have derived. This helps us maintain a modern workforce organization. From our modern work workspace configuration, we can centralize and manage everything - even for off-site employees. It doesn't matter the device. It can be a laptop, iPhone device, or Android device - any mobile phone device. Everything is now centralized.

Entra ID Connect is good. If you are migrating your office environment or data center environment, to the cloud, it will do the handshake between the local director and the cloud. Based on that, the objects will be synchronized from the local active directory to the Azure active directory, and that way the users can access both the cloud-related resources, as well as on-prem applications. They can do everything through a single sign-on object. 

It provides us with a single pane of glass for managing user access. We can log onto the Azure portal and maintain all Azure objects. We can enable features so that the user can access everything using the same username and password. If the company needs an MFA license, it can use the Authenticator or any phone or DB PIN of third-party feeder keys. The product allows for a lot of security features. 

As a vendor, we do also have the Defender tool which can help with security robustness.

They have a good feature called conditional access. We have a lot of conditional access policies. For example, MFA. For each application, we can specify access. We can also search for the conditional access policy in Azure Active Directory. We've used it with Endpoint Manager. We can make it so a device can only authenticate within a specific region and any other region would get blocked. We've deployed a lot of conditional access. It reduces the risk of unpatched devices gaining access to our network.

We've used Verified ID. It's good for verification purposes.

We've also used Permission Management. It helps with role-based access. We can create separate role-based access policies for distinct departments. We'll only give specific permissions to specific groups, for example, and they'd only have limited access to certain areas. We can really customize the policy to make the access very granular. We gain good visibility and control over identity permissions. We can configure and deploy down to specific locations or devices based on a customer's needs.

The product has helped us save time for IT admins and the HR department. It's easy to do a password reset. Instead of having to raise a case with every tool, IT can write a ticket for users and do it all from one spot.

Active Directory has saved our organization money. When you deploy the virtual machine, initially, if you are you have a data center server, the server will be kept online in the data center environment. However, nowadays, in the cloud environment, if you have the virtual machine for the application and you can autoscale the server, you can perform on that. If it is off-peak hours, the server will not need to function. It will be shut down based on the rules we define. During that time, the cost is minimal.

We don't have as much control. It's all Microsoft. If any service is down, it can affect a whole region. We would need to wait on a ticket and get word from Microsoft to understand the issues. If it takes longer to resolve the issue on Microsoft's side, all we can do is wait for them to fix it. If it was under our data center, we'd be able to give it immediate attention directly.

I've used the solution for almost five years. 

The stability is fine, although we cannot do anything about it. We cannot directly specify the gateway. That's decided on Microsoft's side, depending on where the user connects from. I'd rate the stability eight out of ten.

I'd rate the scalability eight out of five. Nowadays, we do not need to procure physical hardware, so it's easy to scale up. We can add new virtual machines with ease based on the application support from the OEMs. If you want to increase RAM, this is automatically done via autoscaling.

We've dealt with technical support. Whenever we have issues, we'll write a ticket. We have a premium license and we'll write tickets under that. They'll coordinate with us for any major issues.

Support used to be better. We'd prefer to fix the issue ourselves rather than go through Microsoft. However, they are still helpful and responsive under the license we have.

Neutral

Previously, I did not use anything. I've always relied on Windows-related technology. We had used Windows 2008 and 2012 servers in the past. Now we use 2019 and 2022 servers as well as the latest environment. 

I have used Okta in the past, however, I don't remember much about it. I've used previous versions of it. 

I was not directly involved in initial setup tasks, however, when they migrated the user's object from the local active directory to the cloud, then we used a third-party tool called Cluster Migration Manager, and we used the tool to migrate the object user and object functionality to Azure.

We have continuity load balancers and we have also deployed VMs and SQL databases. we've configured a lot under this product.

We do use premium licenses. One has limited access and the other has more features. Users might also have Office 365 licenses in order to use Exchange. If a company has a large number of employees, like 2,000 or so, they should look at enterprise-level licensing. Educational instituations can access educational licenses. 

We tend to use Windows, however, users may also use AWS or Google if they want and align on that. We work based on the customer's needs and align with whatever they may be.

We usually work for customers that deal with Microsoft. We're consultants, not direct Microsoft partners. 

I'd rate the solution seven out of ten.

Microsoft Entra ID is used to control access to our environment.

Microsoft Entra ID has been most beneficial in the realm of IT management, although not significantly impactful on user experience. Microsoft Entra ID is not solely for user management or enhancing user experience. Rather, it greatly aids in constructing operational processes for IT management, as its capabilities extend far beyond user and access management. In terms of refining user experience, it certainly contributes to areas like authentication, particularly in diverse authentication methods and device-based authentication. 

The best thing about Microsoft Entra ID is the ease of setup.

If we're highly experienced or dealing with intricate scenarios, Microsoft Entra ID might not be the most suitable solution. In my opinion, it resolves the majority of cases, but it lacks comprehensive management tools for access control. I don't consider it the premier tool for user or identity management. While it covers many aspects, we'll need supplementary tools to effectively manage access rules. This deficiency is quite significant. To make it viable for a large organization, substantial additional development is necessary.

Microsoft Entra ID provides a way to manage user access, but it's not an effective tool for access management due to its excessive complexity. This is primarily because the process needs to be performed manually. Therefore, it lacks a user-friendly interface where we could define all access rules and scenarios comprehensively.

Zero trust is not easy to set up, especially for large organizations. While it could be implemented for smaller organizations, the extensive manual configuration required makes it impractical for larger enterprises.

Microsoft Entra ID's impact on access and identity management is relatively limited.

The single interface for managing permissions, permission rules, or conditional access policies needs to be significantly more user-friendly. While it remains functional for IT departments, it is not particularly user-friendly for end users. There is considerable room for improvement in this regard.

Microsoft Entra ID offers various features, but its setup and utilization are quite complex due to the lack of a user-friendly interface for end users. Unless we allocate a significant budget and a substantial workforce to configure it for end users, making it usable remains a challenge. Moreover, even with these investments, the cost of using Microsoft Entra ID would become prohibitively high. Thus, it's evident that the platform lacks the necessary functionality to provide a satisfactory end-user experience. 

I have been using Microsoft Entra ID for eight years.

The solution is stable. I have not encountered any stability issues.

Microsoft Entra ID is scalable.

I have had a positive experience with technical support. Additionally, if we opt for premium support or possess varying levels of support agreements with Microsoft, we can access excellent support.

Positive

The deployment is quite straightforward. It's truly uncomplicated from an IT perspective to utilize Microsoft Entra ID. It's not overly intricate in that aspect. However, when we delve into end-user scenarios, and the management and configuration of conditional access policies, permission management, and other similar aspects, it does introduce a certain level of complexity, naturally.

Microsoft Entra ID service can be quite costly due to its hidden expenses linked to usage. This cost ambiguity arises from our inability to accurately project expenses prior to implementation, contingent upon the specific features employed. The expense is particularly notable if we intend to utilize it for comprehensive identity management. Nevertheless, alternative budget-friendly identity management solutions are limited within the current market landscape.

There are no additional costs for maintenance because most of the parts are cloud-based and managed by Microsoft. This means we can't manage it ourselves. However, if we had a private cloud with Microsoft Entra ID, for instance, then we could manage our entire cloud ourselves. This would allow us to have good control of the costs. But there are many small components in Microsoft Entra ID. So, when we are planning to build something with Microsoft Entra ID, we might struggle to understand the total cost for the users. It's difficult to comprehend all the necessary pieces we need to purchase to construct a scenario. Only after we have designed this solution, we will be able to see the complete cost. Unfortunately, there are numerous hidden costs in Microsoft Entra ID that I am not particularly fond of.

If we consider the top three or four management tools, they offer numerous out-of-the-box features for connecting to HR sources. Furthermore, we have a straightforward method for establishing access policies based on our HR data. In my opinion, competitors hold an advantage over Microsoft Entra ID.

I would rate Microsoft Entra ID eight out of ten.

We can achieve a great deal with conditional access policies; however, using the interface itself is quite cumbersome and not very user-friendly. Consequently, there are very few tools currently available that offer a well-designed user interface for managing access policies. This is consistently a highly intricate scenario.

Based on my experience, Okta functions primarily as a solution for managing customer access or customer identity, rather than being the conventional method for handling business or corporate identities. It's more focused on robustly managing customer identities. However, in my previous procurement roles, it has never been selected as the primary option. This could be due to my limited exposure to customer identity management. Thus, I find it challenging to draw a direct comparison. On the other hand, Microsoft Azure Active Directory can certainly serve as a customer identity management solution and is comparable in this aspect. However, the comparison doesn't hold true for user identity management.

The maintenance is controlled by Microsoft because the solution is on their cloud.

Organizations should refrain from exclusively using Microsoft Entra ID for all identity and access management scenarios. This is because relying solely on Microsoft Entra ID necessitates creating additional components ourselves to address aspects that cannot be readily addressed using the default Microsoft Entra ID setup. We are required to construct these components and establish phases for end users, as Microsoft Entra ID does not encompass all these functionalities. A more effective approach could involve integrating Microsoft Entra ID with another product, such as SailPoint. This combined utilization would likely result in a robust identity management solution. It's important to recognize that Microsoft Entra ID alone cannot adequately address all our scenarios.

We use Azure Active Directory for our project management proposals. Employees who are onboarding in Active Directory can use project filters for authentication and other back-end tasks. There are different installed environments and staging areas. Different areas are being used for different purposes.

Azure Active Directory provides us with a single pane of glass for managing user access.

Azure AD made organizing information much easier for our organization. The solution also helped the IT and HR departments save up to 50 percent of their time. Based on the time savings, I would say that Azure AD also helped save costs within our organization.

Azure AD positively affected our employees' experience in the company by providing them with a single sign-on portal to access all their accounts in an easy way.

Overall, I think the support and the pictorial format of this web portal are very good. Everything is just a click away, which is very convenient. Previously, we had to write a configuration file to do anything, but now everything can be configured through the user interface. This is a great improvement.

The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what.

I have been using Azure AD for three years.

I give Azure Active Directory an eight out of ten.

I recommend Azure Active Directory.

We use Azure AD which enables our customers to remotely access the shared machines within their office, allowing them to work from any location.

Our primary customer transitioned from using a local cluster to utilizing Azure. They initially utilized Hyper-V and have now combined Azure AD with SharePoint Office 365. This new setup has proven to be much more convenient for them compared to their previous local arrangement, which did not work well. With Azure AD, I was able to exert greater control over the content on their machine.

Azure AD saved time for our IT administrators and HR departments, particularly when they need to reset their own passwords or grant permissions to other people within the group by themselves. This saved around 60 hours in total.

Azure AD helped save around 18,000 euros.

Azure AD significantly improved the employee user experience in the company by providing them with enhanced accessibility to their information and facilitating seamless login and logout from their machines while working from home. This is a significant shift from the previous system that relied on a local username and VPN connection and was limited to a fixed cluster.

The most valuable feature is the ease with which a person can log in remotely using only a password or pin without creating a profile or policy.

The permission management is a mess because it is not centralized, especially when we go back from Azure, which is quite big to SharePoint. This is not really well done and has room for improvement.

I would appreciate it if Azure AD could provide an option to simplify its interface by removing unnecessary features for small companies with a maximum of 50 users. This would make it more user-friendly for our customers who find the current interface overwhelming due to its numerous options.

I have been using the solution for almost 12 years.

Azure AD is a stable solution.

Although Azure AD is intended to be scalable, we have not yet verified its scalability by adding more users.

The initial setup is straightforward. The deployment required around six hours. I only had to import to write the existing users into Azure.

The implementation was completed in-house.

The solution can be cheaper.

I evaluated Google Workspace but I prefer Microsoft.

I give the solution a nine out of ten.

The only maintenance required for Azure AD is to modify certain parts on Windows by using policies.

The usefulness of Azure AD depends on several factors such as our intended use, the current system, the number of users, and organizational size. While Azure AD is an excellent choice for larger companies, it may not be beneficial for individuals.

The solution acted as a source of truth for everyone internally and those we collaborated with externally. We deployed it in the cloud, so many of our users are remote and spread across the country.

The features around permissions are excellent.

The general usability of the site could be improved.

The ease of use regarding finding audit information for users could also be improved.

We want to see better integration with other Microsoft 365 products; it's a separate tool, but they all need to work together.

We've been using Azure Active Directory for about four years. 

The product is very stable; I rate it nine out of ten for stability.

Azure AD is very scalable; I rate it nine out of ten for scalability. 

The customer service needs improvement; it takes a long time to open a ticket and get it resolved.

Neutral

We previously used Google G Suite and switched to Azure AD for better security, and to match the platform our clients are using to allow easier collaboration with them.

The initial deployment was straightforward, although we initially found it challenging to understand how to use Azure AD to manage access and permissions with external parties. We carried out the setup using three staff; myself and the IT team.

We have seen an ROI with the solution; the ability to collaborate with external partners provided tremendous value. 

I evaluated Okta some years ago, so that information isn't fresh. 

I rate the product nine out of ten, and I recommend it. 

The primary use cases are task tracking and technical documentation, but I'm a project manager, so I also use the product for other jobs.

We have around 15 total users, with a couple of admins.

The boards for task tracking are a valuable feature. 

Azure AD is a turnkey solution; it provides many features for developers to use in one place.

Many of the features are outdated, so the UI and UX could be improved. 

The wiki is hard to use as it's more of a repository for technical information, but when I'm writing a PRD, I need more tools for writing. 

It would be good if the UI were more visually appealing, as it looks dated compared to other products on the market. It works fine for the dev team, but the navigation could be improved, especially for managers.

I've been using the solution for around two years. 

The stability is okay overall. 

The product is highly scalable; it's enormous and has many features.

I previously used a variety of solutions for task management, including Asana, Teamwork from Microsoft, Jira, and so on. 

I wasn't involved in the deployment; the solution was already in place when I arrived. It doesn't require any maintenance that I'm aware of. 

The product is relatively affordable, especially compared to Okta, a pricey solution.

Azure AD helped save my organization money, as it's a turnkey solution for dev management, though I can't say precisely how much as I'm not involved in the financial side.  

I rate the solution six out of ten. 

I don't use Azure AD's Verified ID, but I'm considering an identity management solution. I'm hesitant about which one to choose, and the choice is between a product from Okta and the one from Azure AD.

I use the Permission Management feature, which I look for when choosing an identity management product, but I'm still in the research phase with this feature.

Most of our staff are okay with the quality of the end-user experience within our organization, but it could be more comfortable to use for managers. It's a challenging solution to implement for every department or team because not everyone likes the UX, and it's pretty outdated when it comes to product document writing. I had an unpleasant experience when we had a power cut, and I lost two pages of documentation, as there is no autosave feature. This is important from a manager's perspective but less so for developers.

For those considering the solution, talk to your dev team to determine if it covers their needs. If so, use it, as it has many features and is very scalable.

The solution strengthened our security posture by providing fine-grained access based on attributes, standardized names, and values. Azure AD reduced our time to market for products based on improved security.

The product also improved our service desk overhead.

Azure AD positively affected our end-user experience via reduced time to market, being an identity product for our workforce.

Privileged Identity Management (PIM), managed identities, dynamic groups, and extension and security attributes are all great features.

Better integration with external governance products would be a welcome addition to Azure AD. 

We've been using the solution for four years.

The solution is stable but can be improved, especially regarding response times.

Azure AD is a cloud-based solution operating from a worldwide tenant, so scalability isn't an issue, especially from an identity perspective. We have 300,000 total end users. 

We have yet to interact with technical support, so I can't speak to that.

We previously used standard AD. 

The setup is mixed; the startup is fast, but configuring requires the knowledge of a consultant or technical resource. Basic deployment can be completed in a day, but our greenfield deployment took a relatively long time as we're a large organization. A greenfield deployment should take at most two weeks, but implementing Azure AD into a functional environment is a project unto itself. It could take months, depending on the use cases.

Regarding maintenance, we're a global organization, and each feature has its own operating team. At our scale, a group of 25 is responsible for managing and maintaining the identity part of the solution.

The pricing depends on the use case and can be negotiated based on volume. 

I rate the solution eight out of ten. 

My advice to others evaluating the product is to do good due diligence beforehand to determine a clear set of requirements, as with any identity tool or access management solution.