Microsoft Entra ID Reviews

We migrated about 3,000 computers from on-prem Active Directory to Azure Active Directory or Azure AD. 

These are still early days, but we are certain that it will improve our organization as we move away from on-prem Active Directory.

It provides a single pane of glass for managing user access, but we have to get more into it to be able to say that for sure. We have got so many different tools. It would be nice to have less tools. We are starting to take a look at how to consolidate tools.

It will definitely help to save time for our IT administrators.

It has not yet helped to save our organization money. It is too early for that.

The way the laptops are joined is valuable. We can take advantage of that in terms of being able to log in and do things. It is easier to change passwords or set things up.

I would like to dive into some of the things that we saw today around the workflows at this Microsoft event. I cannot say that they need to make it better because I do not have much experience with it, but something that is always applicable to Microsoft is that they need to be able to integrate with their competitors. If you look at IDP, they do not integrate with Okta.

I have been using this solution for about six months. It was not called Entra ID then. It was called Azure AD.

Our dealings have been fine. We do not deal with them so much. When we have to open something, our account managers help us out.

We were on on-prem AD. We moved to Azure AD because of a merger. We were purchased by a larger company, so we are moving on to their domain.

It was in the middle of the road. It was not the easiest thing, and it was also not the hardest thing.

We took the help of a company. They did a good job. They helped us to move a huge amount of data.

It is in line. Because we are so early, we have not had to come back on a cycle where we are having to negotiate again.

I would rate Microsoft Entra ID a nine out of ten. It is very good.

We manage local users in the Microsoft Entra ID environment. 

The tool's most valuable features are security and integration with other tenants. 

The product takes at least ten minutes to activate privilege identity management roles. 

I have been using the product for two years. 

The tool's stability is good. 

Microsoft Entra ID's support is good. 

The tool's deployment is easy. However, documentation is not helpful. 

The product is cheap. It is free for our tenant. 

I rate the product a seven out of ten. 

Our primary use cases are to join devices to Azure AD.

Entra ID provides more clarity regarding what's happening in the business. The benefits of using this solution were realized straightaway.

It helped save time for our IT administrators or HR department. Azure ID has positively affected the employee user experience in our organization.

We use features like a single pane of glass for managing user access to a certain degree. The admin center for managing all identity and access tasks is also good.

Moreover, we also use the conditional access feature to enforce fine-tuned and adaptive access controls. Any new user would have to go through the MFA process due to the conditional access policy. So no one gets left out. This is because of the zero-trust strategy for verifying users. 

The biggest benefit of using Azure AD is that it allows us to access the information on-premise servers and also for devices that just joined Azure AD.

In future releases, I would like to see an attack simulator incorporated, especially for some of the business plans.

I've been working with Azure AD for two years.

The initial setup was complex, but we overcame the complexity. 

The pricing is fine. It is what it is. 

Overall, I would rate the solution a nine out of ten.

Identity verification would be the number one use case. It also factors into mobile device management for devices that aren't registered to the company. We use MFA, and the Authenticator app is a component for multifactor authentication. So, that's why we use it.

You can set policies to specify where users will have to use the Authenticator app to log into particular applications. 

It makes all junior users accountable. There is no excuse for someone else logging into anything because of the multifactor authentication and Authenticator app. You have to verify your identity to log in to specific applications that contain confidential information, especially in a HIPAA-compliant environment.

It enhances security, especially for unregistered devices. It 1000% has security features that help to improve our security posture. It could be irritating at times, but improving the security posture is exactly what the Authenticator app does.

For the end users, it can be confusing if they have worked for another company that had the Authenticator app. It is tricky if they have already had the Authenticator app and then work somewhere else. If they have to download it again and use it again on their phone, it is something that gets complicated. I know how to get through it. They just need to uninstall and reinstall the application, but for them, sometimes, it is confusing. You can have the Authenticator app for multiple services on your phone, and that's what drives them crazy. They get a code and say "I'm using the code for the Authenticator app, but I can't get in." I tell them that it is because they already had it in, but it is for something else. They now have to add. They don't like that at all. You could be on the phone for 45 minutes trying to figure out what their problem is because they don't.

Instead of authenticating by getting a passcode or answering the phone, fingerprint identification should be added to the Authenticator app. Currently, with the Authenticator app, you have to reply to the email, enter a code, or answer the phone. It can just call my phone and then I just press the button to verify that this is me.

I have been using this solution for at least six years. 

It is very stable. If the Authenticator app is set up, you're not going to get into anything without it. It definitely works.

I'm not aware of any bugs or glitches. We usually run updates for the whole environment at a time. I'm not familiar with having run into specific bugs with the Authenticator app. I haven't had any problems over the years.

I've managed over a hundred thousand users in total, but right now, there are about 10,000 users. We are HIPAA compliant. So, everybody has to use it for everything. They have to use it to log into everything under the Office 365 environment, but in other companies or other places where I worked, it was only for specific applications. So, that's based on company needs.

I never had to call technical support for this.

We were using normal MFA, which is similar. The Authenticator app is for mobile devices per se, but normal multifactor authentication doesn't have to focus on mobile devices. You can try and log in to, for example, SharePoint Online, and if MFA is activated, you would have to just scroll to your email and click, "Hey. Yeah, this is me." The Authenticator app is just for mobile devices in my eyes.

It is straightforward for the admins, but end users hate it. On the admin side, it takes 20 minutes at the most.

The Authenticator app wants you to have all your prerequisites designed for whatever environment you want. If you're going through Azure, you can pick the particular applications on which you want this. You can also pick the users for whom you want it to be effective. You can pick the type of ways they authenticate through the Authenticator app. Those are the simple steps.

One person is enough for its deployment and maintenance. I do that. That's not even a role. It depends on who you are, but that's not a role. That's not something for which I would employ a person. I wouldn't employ an IT person or an administrator just to focus on this.

I don't pay for it. Going by how I feel, I see the prices for any MFA solution going down because the more different alternatives there are, the cheaper things should be. Microsoft Authenticator app would be the preferred application, but there are too many ways to implement MFA. I don't know how much it cost, but the price should go down.

It is pretty seamless for the end users, besides the end users having an issue setting up at times.

It is a seamless transition. It is straightforward on the admin side to set up. As a consultant, my advice to any company is that when it comes to big changes, manage end-user pain or frustration. Communicate with the end users and let them know what's going to happen. Explain to them that they're going to be frustrated, but explain why this exists. 

I understand why it exists. So, it doesn't bother me, but our end users just hate it. I understand that they don't like it. Nobody likes it, but it is needed. You are never going to meet an end user who likes any type of MFA, but you need to be more clear about its purpose.

I would rate it an eight out of ten.

Azure AD manages the identities of all our employees. 

Azure AD allowed us to get rid of servers and other hardware that run at our offices. We moved everything to the cloud. Once we set up roles and permissions, it's only a matter of adding people and removing people from different groups and letting permissions flow through. 

It also saved us some money. Our IT group is tiny, so any automation we can do is valuable. We haven't had to grow the team beyond three. The employee reaction to Microsoft Entra has been positive. People like to have a single credential for accessing all our Microsoft and non-Microsoft apps.

I like Azure AD's single sign-on and identity federation features. It allows us to issue a single credential to every employee and not worry about managing a lot of passwords. Microsoft Entra provides a single pane of glass for managing user access, and we're pleased with it.

Entra's conditional access feature enables us to set policies up based on the location and risk score of the account and the device they use to access the network. Permission management lets us assign roles for various Azure functions based on functions people perform in the company. It helps us bundle access to different things by associating it with a given role at the company.

I would like to see a better delegation of access. For instance, we want to allow different groups within the company to manage different elements of Azure AD, but I need more granularity in delegating access.

We've been using Azure AD for 10 years.

I rate Azure AD nine out of ten for stability. They've had issues in the past, but it's been quite some time. It has been nearly two years since the last availability problem.

We only have 100 employees at the company, so we're nowhere near the maximum limits. I know of a massive company that adopted Azure AD. I imagine it's scalable well beyond the size of our company.

The support is decent. I always manage to find what I'm looking for. If it's not in the documentation, there are lots of blog posts that third parties have written, and I always seem to find what I need. I rate Microsoft support nine out of ten. 

Positive

We used the on-premises version of Active Directory, but we switched to the cloud to get rid of all of our hardware. We don't run any servers in the officer anymore. 

Setting up Azure AD was straightforward. It's all delivered online, so it's only a matter of filling in the parameters for our organization. After that point, it scales easily.

There's no traditional maintenance. We have to perform audits on accounts to ensure that people and permissions are still online. There isn't product or data maintenance. 

Azure AD is essential to how the business runs. We're only investing more in the whole Microsoft Suite.

We're a Microsoft partner, so we get partner benefits. We pay almost nothing, and it's massively valuable to us.

We didn't look at anything else because we're committed to Office 365, and we need to be on Active Directory for Office 365. It's a well-known, trusted solution so we never did an analysis of alternatives.

I rate Azure Active Directory nine out of ten. I'm sure there are some areas for improvement, but it's extremely valuable to us and the way that we operate.

Since we began to use Active Directory, I've learned a lot about industry best practices, particularly digital identity and its role in zero trust. By using a major mainstream identity provider, we're able to move toward the whole zero-trust model that's popular right now.

If you implement Azure AD, you need to consider the third-party apps you want to integrate. If they support competitors like Okta, Ping, and SailPoint, then they will almost certainly support Azure AD legacy applications. However, older software applications don't integrate well with Azure AD. 

We use this solution to authenticate to the portal. There are also some VMs that are not domain-joined, so we use Azure users that we create natively in the portal.

We also use it for our applications. The accounts that we create natively in Azure are used for application authentication.

We have a hybrid deployment model where some accounts are primarily native in Azure, whereas others are on-premises. We also have accounts that are synchronized between our on-premises servers and Azure.

Azure AD has features that have helped to improve our security posture. We have a service called Azure AD Privileged Identity Management, where instead of our administrators having permanent access or permanent admin assignment, they can now activate admin roles only when they need to perform administrative-level tasks.

This means that instead of using permanent assignments, our administrators activate the specific roles that they need at the moment that they need them. After the task is complete, the administrative access expires. This has definitely improved our security posture.

Using this product has also had a positive effect on our end-user experience. The self-service password reset is something that has definitely improved our end-user experience. Instead of having to call our service desk, users can now reset their own passwords.

This is important because due to our multi-factor authentication, we no longer have policies where we have to have periodic password changes. We have three and four-factor stages of authentication, which makes our logins more secure. This is why users don't have to change or reset their passwords on a regular basis.

One of the ways that Azure AD has improved the way our organization functions is to help cut down on service desk requests. If I have an issue with my password, in the past, I would have had to log a ticket with the service desk. With most of us working remotely, this would've posed a challenge. It would have required the service desk to verify that I am who I say I am, for example. Now, because users set up their own profiles and are able to change passwords for themselves, at any moment that their account is compromised, they're able to change their own password.

Overall, this solution has definitely improved our organization's security posture. We no longer have permanent administrative permission assignments, and we are also able to restrict who is able to log in to certain applications. Finally, we are able to see and review any risky or suspicious sign-ins.

Specifically, in the infrastructure team, we now have managed identities. Instead of having to create service accounts, we have managed identities that are directly linked to our resources that support them. All of that is managed by Azure Active Directory.

Another way that this solution has improved how we do our work is that we no longer have to keep a record of all service accounts or use one service account for multiple services. Now, each service that supports managed identities can have its own service account, and that is managed by Azure AD.

The most valuable feature is the conditional access policies. This gives us the ability to restrict who can access which applications or the portal in specific ways. We are able to define access based on job roles. For example, I'm primarily in the infrastructure team and only certain people should be able to connect to the Resource Manager. We can also define which IP addresses or locations those people can connect from before they can access the portal.

If your organization requires additional security then the subscription will be more expensive.

I have been using Azure Active Directory for approximately five years, since 2016.

In terms of stability, Azure Active Directory is definitely an improvement from what we used in the past. I'm happy so far with the offerings and we hardly ever have any service disruptions.

We have a lot of different people using this solution. We have normal users and we have administrators. It's a large organization.

So far, I've been happy with the technical support.

There are very few service disruptions and also, because of our agreement with Microsoft, we are able to get escalated support.

We hardly ever have any downtime. When we do need support, it's normally escalated and our service is restored in a reasonable timeframe.

I would rate the technical support a nine out of ten.

Prior to this solution, we used the on-premises version of Active Directory.

The switch was part of our cloud migration strategy. For us to be able to use our apps and workloads in the cloud, we had to have Identity Management as part of our migration scope. It's linked to our cloud migration strategy.

I was not involved with the initial setup but I assume that it was not complex because we have Microsoft consultants assisting us.

We specifically work with Microsoft directly. We don't use a reseller or service provider. All of the assistance that we get is directly from the vendor.

Our technical team is responsible for deployment and maintenance. I'm not sure how many people are in that team. Somebody from security is involved, but I'm not sure what other roles are required for maintenance tasks.

We have definitenly seen a return on investment from using this product. We have seamless authentication, quicker response times, more robust security, access from anywhere without having to set up VPN links, and federated models.

If we had similar services on-premises, I assume that it would be expensive, especially given that we used to have a perpetual licensing model. Now that we are able to have a subscription-based service, it has not only improved our security posture but also cut down on costs.

My advice concerning the pricing and licensing would vary depending upon the stage of maturity of the organization. I've been with companies that are using the Office 365 license for Active Directory, whereas others are able to use the free version of it.

For organizations such as the one that I'm at now, where we require more security and have services like the Conditional Access Policies or Privileged Identity management, you have to upgrade to a higher level of the solution.

I'm not sure about the specific costs or how they're calculated, but essentially, the costs go up based on the level of security that is required by the organization.

I can't say for certain what our future plans are for Azure AD but I see it being used long-term. It has helped our organization to grow because of what we are able to do. Also, it has greatly improved our security posture because of the services that are available.

I would rate this solution an eight out of ten.

The Authenticator app is a client application on your smartphone, usually, and you configure your profile in the cloud. I use it with my Android smartphone. 

This is a Microsoft standalone application, which the user installs usually on a mobile device, either iOS-based or in my case, Android-based. Then you add your enterprise accounts into the Microsoft Authenticator app, your work account from Microsoft 365, or your whatever on-premise account, which makes uses the Azure or whatever IDP, identity provider so that you can do single sign-on or multi-factor sign-ins.

It's an authenticator. How it's used really depends on the use case that it is configured with. If you are using your Microsoft 365 work account, if your organization requires you to do multi-factor authentication, not just with the username and password, with an additional factor like the Microsoft Authenticator app, then it simply offers that extra level of protection and security.

You can manage locally additional pathways or passwords. You can collect your credit card information or whatever secret notices in the authenticate app. This is something that got the addition the last couple of years.

You could use it for different use cases. 

The Azure AD-integrated single sign-on scenarios are the most useful due to the fact that, if you are in a cloud application that you have on your smartphone, the Authenticator just requests you to allow or deny the access as a factor. Other applications require a token where you have to enter in an additional pin. Having the single sign-on or the multi-factor way with just allowing the application with one tap to authenticate is really smart.

The solution is free to use and you can use it for every service.

They recently redid the user interface a few months ago and it looks good.

I've found the solution to be stable and scalable. 

Adding a new account can be tricky. I do it a lot and therefore am used to it, however, if you don't you tend to forget the process. If you had a bottom menu and the settings menu, for example, be added to the bottom menu instead of a different place, the top right corner, it might be more intuitive.

One area of improvement is always with global offerings from large companies where we have a lot of users that require help. Users need videos, et cetera, in their own language, and in German, there is not much from Microsoft. These are products that have a very, very fast life cycle. They upgrade the services and applications in a very high rhythm every couple of months, and even Microsoft does not have the resources to offer the learning material in all the regions, however, they offer their services.

We have then to add some additional use via manuals of how to set up, et cetera, as we have users that are not willing or cannot understand videos in English that come from Microsoft.

I've been using the solution for two to three years. It might even be longer than that.

The solution is stable. I haven't had any problems so far. 

The product scales well. 

The goal is to have everyone using it. We are in the rollout phase, and in my organization of about 1,500 users, after a couple of weeks, we have maybe a third of the population starting to use the application. 

This is like this every rollout. It takes a couple of weeks to a month. In the end, we will have around 7,500 users using Microsoft Authenticator or the Microsoft multi-factor authenticator service that allows you to choose different factors. We have a lot of things using the Authenticator app. 

We have central support organizations and I don't access Microsoft support myself. Therefore, I can't speak to their level of service.

I've used many authenticator applications. I used already Microsoft Authenticator when it came out, maybe five, six, or seven years ago. Then I used Google Authenticator and other authenticator applications. You can, however, use these all in parallel. For example, if you mix your private and your work accounts in the same applications, or if your smartphone is managed by your company and you want to separate your private accounts from any corporate policy that can delete your smartphone, you can use different authenticators for different purposes. Right now, I have the Authenticator app in front of me, and I have seven accounts configured, and this is a mix of private and corporate or work accounts.

The initial setup is easy. You just download it and start using it. 

We don't need to worry about maintenance. This is a service from Microsoft.

The solution doesn't cost anything to use.

I'm the Chief Security officer of our organization. I always have to do some research on these topics.

I'm a Microsoft customer.

I'd advise any user to use MFA these days. There's not just war in Ukraine. There's also war in this kind of space and a multi-factor authentication method is a must just to make your cyber life a little bit safer at least.

I'd rate the product eight out of ten.

We are using it for all non-structured data and as an identity manager for all of our accounts. In addition, we use it also to authenticate Google services, because we have Google Workspace for email, and to integrate other tools with our services. We are able to keep it all going, balanced, and synchronized. It's very good. We use it for just about everything that we need to do an identity check on.

We couldn't live without the Active Directory services. It has helped to improve our security posture. We have a lot of users and hardware to manage and we can do that with Active Directory.

The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.

I have been using the Active Directory solution for three years. I'm responsible for almost all infrastructure services in our organization.

It's pretty stable. In the three years, the service has never been down.

As far as I know, it works for 10,000 and 100,000. It's just difficult to find current information, such as how much hardware and how many licenses we would need to keep it going. But it's scalable and works really well. We can keep adding servers and scale up or out.

We don't have another company that provides support for Active Directory. On my team, there are three people who work with it, and we have about 2,000 users in our company.

To be honest, I can barely navigate Microsoft's support. Microsoft is so well-known and there is so much information to look up on the internet, that we have never come to the point where we have actually had to open an issue with Microsoft's team. We can almost always find out the information that we need by looking it up with Google or in Microsoft's Knowledge Base.

We used to use LDAP, a free tool, but since almost all of our hardware needed integration, we had to move to Active Directory. We couldn't apply the policies that we needed, using open source, and we couldn't keep the integration going the way we needed to.

We are really happy with how the functionality Azure Active Directory gives us. I have a security policy applied to all workstations. Before, all of our users could configure their machines the way they wanted to. As a result, we often had to reconfigure and do other things to them as well because the computers were crashing. We almost don't have to do that anymore.

The trick was to immigrate from LDAP. We had to get all the properties from the files into Active Directory, so it took some time. When we did that, there were some issues with the system and we had to do it manually. It would be nice if they had a service that would make it easier to migrate from LDAP to Active Directory, keeping all of the properties from files and non-structured data as well.

It gives a good return on investment. The amount of first-level support we have had to give internally has dropped a lot since we applied the policies and restricted our users. But our users are now more satisfied because their computers don't have the issues that they had before. Before Active Directory, there were many issues that our users complained about, like worms and malware. We don't have those issues anymore. Even with endpoint protection we had some cases of viruses in our company, but now we don't have them either.

Directly, I couldn't calculate the return on investment, but indirectly we saved by reducing work for our team, and we are keeping our users satisfied.

The process for buying licenses from Microsoft is somewhat messy and really hard to do. We have to talk to someone because it's hard to find out how many licenses we need. If I'm applying for 2,000 users, how many Windows licenses do we need?

They could also charge less for support. You buy the license, but if you want to keep it in good standing, you have to pay for the support, and it is expensive. It's okay to pay for the license itself, but to pay so much for support...

We were thinking about buying another tool, to be capable of managing and keeping all the identities within our organization current. But we had to go straight to Microsoft because there are no other solutions that I know of. By now, almost all organizations are using Windows 10 or 11, and it would be hard to achieve the possibilities that we have with Active Directory if we used another service.

We are integrated with NetApp because we use NetApp storage. It's pretty awesome. We are also integrated with many others, such as our data center hardware with storage from IBM. We're using it for logging switches, as well. It works really well.

My advice to others would be to look at the options and focus on how you can pay less. Do the research so that you buy just the essential licenses to keep it going. If you don't do the sizing well, you can buy more, but it's expensive to keep it going and pay for support.