Microsoft Entra ID Reviews

We use Microsoft Entra ID for risk management of our users and compliance policies. We focus on automating processes, managing user identities, and placing them in appropriate groups with specific access roles. 

We do a lot of risk management for our users. We have a lot of compliance policies and custom assignments. We try to automate as much as possible. There are a lot of policies that take our users, identify where they should be, what back roles they should have, and put them where they need to be.

The management and risk assessments have become much easier. We can identify and address potential security threats quickly, especially given our mobile college student population. We have a lot of college students who are very mobile. It works with our CyFlare and security suite. This integration lets us know right away when we have somebody trying to impersonate. We get the notification right away. We can assess our risk factors and automatically put that user in a high-risk area. We can then initiate a contact to know what is going on. Are they in Mexico and Davenport, Iowa at the same time or did they put a VPN in?

We have a much better level of comfort. Everybody does not have admin rights. We need such a level of control considering the number of users that are out there. We had to get that in a bundle, and they have done a good job with that.

Microsoft Entra ID has allowed us to move forward with the zero-trust model. Unless you have control over your users and your authentication mechanisms, you have no control. It is our main portal coming into our security suite. They would not get to the security suite till they got through Microsoft Entra ID.

We have just stepped into the passkey. We like its simplicity. Our users are much happier that they are not thumbprinting, fingerprinting, and typing code numbers in. We are still a little leery, just because it could be a stolen device or stolen pass. Once they have that device in their hand, they are already halfway there. Between Entra ID, our policies and risk assessments, and the passkey system, we are on our way.

Implementing Microsoft Entra ID has not changed our organization's approach to defending against token theft and nation-state attacks a whole lot. Our security team has things locked down, and we have our network segmented, so you cannot jump. We do penetration testing almost daily. We have Entra ID and Defender. We monitor all that through API connections. We monitor any phishing and risk factors for our users and any anomalies in baselines.

So far, we find it working very well in terms of the detections, the risks, the events, and the logs that it sends us. Intercepting these attacks in the middle, seeing that the keys have been hit, and going into a more managed identity has helped. It gives us a feeling of security.

There has not been any reduction in the incidents. We have the same number of incidents, maybe an increase. However, we are catching them, and we know where they are coming from, so we can be more proactive instead of reactive.

Identity management with policies stands out as the most valuable feature. It offers a hands-off experience, providing full control over user access. The granular control, such as preventing logins from specific locations, enhances security significantly.

They are already improving it on a daily basis. They are all the time taking things away and adding things. I went through Update Manager which has all the automated, hot patching. With all the different things that Microsoft has been doing and adding, they are on the right path. It is moving so fast that keeping the knowledge on the IT side, for the people who have to use it, is going to be a bit difficult. 

Microsoft's biggest challenge is the documentation. The challenge lies in keeping documentation up-to-date due to rapid changes. Troubleshooting requires workarounds and research. I try to convert everything to graphs. There are a lot of commands that they say work in graphs but are not there yet. They are not functioning as expected. So, we have to try a workaround. It takes a little bit more research.

I have been using it for about four years.

It is becoming increasingly stable as time progresses.

Its scalability is impressive, aided by Microsoft's efforts to expand its data centers. It is growing so fast. It is growing faster that they could build the buildings and stuff them full of computers.

Our experience with Microsoft support has been good, despite occasional challenges caused by unexpected deprecations.

Positive

Prior to Entra ID, there were different systems such as Intune and Azure portal. Entra ID was integrated as part of the natural progression.

We are in the process of moving completely to the cloud. We are satisfied with the cloud and going all in. The process has been up and down because things are changing so fast. That is just the nature of IT. I have been in this for 30 to 40 years.

I implemented the system myself, gaining information from Microsoft documentation. At the school, I handled implementation without a reseller.

I have been at this job only a year. I was in the public school district. In the public school district, we had it for three years, and the return on investment was not requiring as many people to monitor and track intrusions. It reduced the need for hands-on monitoring and intrusion tracking, minimizing personnel requirements. We were not watching firewall logs and traffic the way we used to all day long. There has been about a 20% decrease in people required.

I just now started looking at it. Our CIO and CFO have brought us into the fold to show us what we are spending. From a pricing standpoint, with all the services that we get, we are okay. I do not see a problem with the pricing structure. We are getting our money's worth.

Microsoft Entra ID deserves a ten out of ten rating.

I am currently using Microsoft Entra ID and have been working as a user and administrator for nearly two years. It serves as an ID management tool which used to be called Active Directory on on-prem servers. With the transition to the cloud, it became Microsoft Entra ID.

The features I find most useful in Microsoft Entra ID include sign-in logs, device management, and application registration. With the Entra ID dashboard, I can access logs easily without needing to remote into servers. This tool is excellent for integrating third-party applications through application registration, making it easy to configure for single sign-on seamlessly. It supports conditional access across various Microsoft applications, enhancing secure access.

There should be guidance on features, especially security features, in Entra ID and whether they are sufficient on their own. The solution could become expensive when paying extra for enhanced security features, so Microsoft needs to offer better clarity on this matter.

I have been using Microsoft Entra ID for almost two years.

In terms of stability, I can say it is ninety-nine percent stable. The remaining one percent instability is mainly due to the hybrid setup.

I have no complaints regarding scalability for Microsoft Entra ID.

The customer service and support are excellent. I experienced a fast resolution within half an hour for an issue by the first line engineer on a Severity A case, which shows support is very good even with minimal licenses.

Neutral

I am not aware of the solutions used prior to Microsoft Entra ID, as I have been involved for the last two years only.

Since it is a SaaS model, everything is set up, and I just need to configure it according to my needs.

We did not require any integrator, reseller, or consultant for the deployment as we managed it internally, using Microsoft's extensive documentation for guidance.

Microsoft Entra ID is reportedly quite expensive for each user regarding security features. The renewal cost is particularly high according to the teams managing purchases.

I have only been involved with Microsoft Entra ID and am aware of another identity management solution called NetIQ, but Microsoft Entra ID is prioritized.

Users should prepare technically before using Microsoft Entra ID, especially in understanding ID management and security integration with applications. Microsoft Entra ID is regarded as the best ID management suite for integrating applications using SAML 2.0 for single sign-on. My total rating for Microsoft Entra ID is nine out of 10.

Hybrid Cloud

Other

My job is to manage APIs on the enterprise end. We use Entra ID to limit contact with the end of the portal as much as possible. We have a lot of permissions that we don't want people to have, or we provide them with managed access. We also use Entra to manage application access. It tends to be blanket permissions, allowing an application total access.

Microsoft Entra ID drives our login and security perimeter, which is crucial for our organization. It has helped us implement multifactor authentication for most of our users despite the legacy systems in place. 

It is essential for supporting our aspiration towards a zero-trust model. It's driving our ambition to get serious about zero trust. We still have a lot of legacy systems that require support. 

Entra handles all the anti-phishing capabilities, and it's also helped us implement passwordless sign-in functionality. Now that we have MFA requirements and stuff like that, we're seeing identities flagged as risky because people are traveling. Sometimes people misuse credentials. It may not be malignant, but a group of people might share credentials. 

Delegated permissions and federated credentials are valuable features of Entra ID. We aim for a more secure environment by pushing for minimal use of static secrets. By utilizing delegated permissions, workflows can manage access, and federated credentials allow integration with platforms like GitHub and AWS. Entra ID drives our login and security perimeter, helping with multifactor authentication, despite the legacy systems.

Entra ID needs to improve its application credentials and use of ID permissions. There are challenges with the management layer. We want to create access down to the Graph level while invoking some management logic. That also means that if an application comes in, we cannot send that to the Graph because we would need an ID on behalf of the cloud hook. 

We have to switch contexts and do a lot of custom security checking. Does this application have permission to change these objects? If it does, then we can use our CNC powered by NMC. It botches our entire audit log so we can return to our service log and correct it rather than have it all in the old cloud. That's annoying. 

We also hit a problem with the federated credentials. Every hour, it exchanges a set of credentials from another IDP. For example, if I have a token from GitHub, I can exchange that for an application identity in NFT, which is awesome when you're doing GitHub workflows. However, because we have more than one tenant, we might need to access resources from one tenant to another. 

We do managed identities and federate to get a token and then assume an identity in the other tenant with that token. But for some reason, Microsoft has excluded all of their own IDP endpoints. Everything else is good to go, but if you come with a Microsoft token, you cannot use it. 

I have been using Microsoft Entra ID for the last two to three years.

I've had no issues with Entra ID. The portal could be slow now and then, but we don't have problems with the platform itself.

We have not observed any major scalability issues. However, when dealing with tens of thousands of objects, it requires proper management and best practices to retrieve only necessary data.

We rarely use customer service because we act as tech support. The few cases we have raised received decent support. 

Positive

We previously used Active Directory. While we haven't fully transitioned, we still source users from Active Directory but draw identities into Microsoft EntraID.

The decision to switch was made before I joined the team, so I'm not in a position to discuss ROI specifically. However, Microsoft EntraID is an integral part of our operations.

We face pricing challenges with newer licenses, as newer features often require them. This results in additional expenses for accessing new functionalities.

I rate Microsoft Entra ID seven out of 10. While it's an excellent standard for user sign-in, its open application model and security limitations lower my rating.

My primary use case for Microsoft Entra ID is service principal management for API access and infrastructure access to Azure and similar systems. We also use it for single sign-on into some applications, such as SAML and OIDC applications.

The features of Microsoft Entra ID that I find most valuable include the ability to define service principles and assign permissions. This aspect is valuable but also difficult to manage. This is because it gives teams permission to self-service and access the infrastructure. We can assign fine-grained permissions, so there is a proliferation of service principles. There are many of them, making it difficult for us to streamline management.

Joining devices with Entra ID and the integration of Intune is cool. It's an easy integration. We use a different MDM, but we are looking into Intune integration. If that works, things will be simple for us.

It is difficult to manage Microsoft Entra ID because we did not lock it down initially, which meant that by default, any user with an account into Microsoft Entra ID could provision permissions for themselves and access Azure infrastructure. We discovered later that we needed to lock it down, resulting in close to a million service principals due to knowledge gaps within our team. 

With our integration of Microsoft Entra ID and federation to Okta, our identity provider, there is now a lot of overlapping functionality. However, to support different operating systems for our use case, we still use Okta. The issue arises when authenticating apps through Okta; it sees authentication requests from the Office 365 umbrella of apps without identifying the specific app. Moreover, there is a persistent token involved when logging in through Microsoft Entra ID, which prevents redirection to the identity provider for authentication, leading to certain limitations.

Their support needs improvement. The UI can also be better. The menu options are very confusing at times. Coming from a different product, which is very similar, it's not intuitive. The UI isn't great. It doesn't look modern at all. The UI could look a lot different. It can be more snappy and more intuitive.

I have been using Microsoft Entra ID for approximately four to five years.

The stability and reliability of Microsoft Entra ID are satisfactory. We have a stage environment, and although the UI appears quite slow, there are no issues with downtime.

Microsoft Entra ID scales effectively with the growing needs of our organization, as we have never faced any challenges with its scalability.

We have about 40,000 users and a lot of AD groups. 

I would evaluate Microsoft support as three out of ten. Microsoft support does not engage right away. They usually try to deflect, buy time, and often do not address the problem immediately. They tend to take excessive time and pin the blame on other components or products involved. We have had notoriously bad experiences with Microsoft support, with cases remaining open for extended periods, leading us to sometimes give up and seek solutions ourselves.

Negative

We also use Okta as our IDP. We have had it for a long time. 

Microsoft started adding more and more features to Azure AD, then it became Entra ID, but it is not our default IDP. There is not a huge difference between them, but Okta support is great because they are a much smaller company compared to Microsoft. They are much more responsive. Their support is definitely way better than Microsoft's support.

I didn't do the deployment. Another team did it. I guess it was easy. 

We have a hybrid setup. Our AD is on-prem.

We have not yet seen an ROI. We are yet to properly leverage Entra ID features. We can't fully blame Microsoft there, but there are definitely some integration pain points.

We have not looked into any other identity solutions.

I would rate Microsoft Entra ID a seven out of ten. It can play well with other products. The integrations can be simple, and the UI can be better.

The main use case for Entra ID is to move from on-premises to the cloud. I have been doing a lot of cloud transformation work, and I have seen that most organizations that move to the cloud see a lot of benefits in terms of monitoring and IAM. In those cases, we move to Entra ID.

Entra ID provides a single pane of glass for access management. Microsoft Identity confirms users and the access management grants access. In terms of IT and access management, Entra ID provides better management and monitoring solutions that can be used effectively. Entra ID can be used by IT administrators and app developers. It offers a wide range of options for onboarding applications to the cloud. For example, enabling single sign-on for an on-premises application can be time-consuming. However, moving the application to Entra ID is straightforward. App developers can use Entra ID APIs to build personalized experiences, set up single sign-on, customize applications, and monitor them.

The single pane of glass consistency for user sign-on experience is very good because Entra ID is a solution from Microsoft that is available in different regions around the globe. This means that we always have better visibility and management of user sign-on, and now Microsoft apps also moved to Microsoft Entra. This provides a unified experience where we can manage access and permissions from a single location.

The consistency of our security policy is excellent. It is very granular, allowing us to scope it to groups or access it via the API. We also have Entra ID PIM, which allows us to granularly control access to resources. This is a very good option for access management.

Active Directory's Admin Center is a very good tool for managing all identity and access tasks in our organization. It provides a single pane of glass for managing users, groups, external identities, and roles. It also allows us to create administrative units, which can be used to scope access to a set of users, groups, and devices. We can also use Admin Center to view licenses, company branding, user settings, security settings, sign-in logs, provisioning logs, usage, and insights. Admin Center also makes it easy for admins to troubleshoot problems. For example, if we need to debug something, we can log into Admin Center and check the sign-in logs.

There were many benefits to moving to Entra ID. The main benefit was that it was a game-changer, especially for monitoring. When we were using Active Directory, everything was local. This meant that we had to build our own monitoring solution for each application that was onboarded into AD. This was a time-consuming and expensive process. With Entra ID, we can use Microsoft Sentinel or Entra ID Monitor to monitor all of our applications from a single location. This is a huge time and cost savings. Another benefit of Entra ID is that it makes it easy to onboard new applications. With AD, we had to deploy the application on-premises and then configure IT and access management. This was a complex and time-consuming process. With Entra ID, we can simply onboard the application and then grant Identity Access Management to the application. This is a much simpler and faster process.

Conditional access is a powerful feature that allows us to define a set of conditions that must be met in order for users to access our applications. This can help us to improve security by ensuring that only authorized users can access our data, regardless of where they are or what device they use. For example, we could create a policy that requires users to be located in a specific country or to use a specific device type in order to access our applications. We could also require users to use multi-factor authentication in order to access our applications. Conditional access policies can be applied to all of our applications, including those in Entra ID and Office 365.

Conditional access policy plays a key role in zero trust security. In the conditional access policy, there is a feature called named locations, which allows us to exclude devices from a condition if they are coming from a trusted location. For example, if we add an exclusion for trusted locations to our conditional access policy, it will directly impact our zero trust policy. The main driver for any organization to move to zero trust security is to reduce the number of named locations in their conditional access policies. By reducing the number of named locations, we can increase the security of our organization by making it more difficult for attackers to gain access to our systems.

I have been using the conditional access feature in conjunction with the endpoint manager for a long time. This is a great feature because it helps us to monitor threats and direct users accordingly. It is a very useful feature for monitoring our endpoints. For example, if a user tries to access a service, the check can be done and the endpoint manager will be able to provide us with all the findings.

Microsoft Defender for Endpoint can identify any PaaS devices that connect to a network. This includes any unpacked devices that are trying to use an application that is onboarded in Entra ID or any persistent Office 365 application, such as Microsoft Teams, Outlook, or OneDrive.

I have been using Entra Verified ID on the proof of concept. It is one of the best ways to onboard a remote employee. Since COVID in 2020, we have all been working remotely. It is better to onboard an employee who is present remotely in a different location than to ask them to come to the office, collect a laptop, and then onboard them. Verified ID makes this process easier by using preset, already-known information that is present in our company directory. For example, when an employee is interviewed, they are given face verification through a government ID. The ID is collected and a photograph is taken, which is then stored in the HR database. With this information, we can onboard employees remotely and grant them access to all of the company's resources. This is a much easier option than asking everyone to come to the office and ask for help from the overloaded service desk team.

The speed at which we can onboard a remote employee depends on how we define it in the initial planning. If we set the correct standards, such as the type of information we need to verify the employee's identity, we can streamline the process. For example, if we require the employee to provide a government ID and a photograph, the HR department can collect this information in advance and process it in the company's database. This will make it easier for the employee to complete the onboarding process remotely.

When it comes to controlling and prioritizing the privacy of identity data, there are multiple ways to do so. One way is to onboard remote employees with information that is already present in the company directory. This information can be verified by HR, who has already obtained the employee's consent to share their personal information. Another way to onboard remote employees is to ask them to provide a photo and government ID. This information is also stored in the company's database and is not shared with Microsoft. Microsoft only creates a digital identity for the employee and uses this identity to validate the employee's remote onboarding. In both cases, the employee's personal information is not exposed to the Internet. Microsoft and the company have a secure channel for exchanging this information, so there is no problem with data privacy.

The permission manager in Entra ID is very good. Microsoft improved it a lot. Microsoft Entra is the new permission manager solution. It provides comprehensive visibility into the permissions assigned to all identities, such as user identities. It also allows us to check the current permissions that are given to users. This is a better way to manage permissions. Permission management is a really good option that has a lot of benefits and improvements, especially when moving to the Microsoft enterprise.

When it comes to identity and permission management, the risk is relatively low when using a cloud-managed solution. This is because cloud-managed solutions provide full visibility and the option to automate permission management. One of the benefits of cloud-managed identity and permission management is that it allows us to implement the principle of least privileges. This means that we can give users and workloads only the permissions they need to do their jobs. This helps to reduce our attack surface and makes it more difficult for attackers to gain access to our systems. Another benefit of cloud-managed identity and permission management is that it provides us with visibility into our user and workload identities. This allows us to quickly identify and remediate any security issues that may arise.

Entra ID helps our IT administrators and HR department save time. It reduces the custom task of deploying and onboarding any application. This means that administrators can easily onboard applications to Entra ID and provide users with a single sign-on experience. As a result, administrators have more time to focus on improving their skills and deploying new Entra ID features. Entra IDoffers a wide range of features, including artificial intelligence capabilities such as Chat GPT. This frees up a lot of time that was previously spent managing the local active directory. Entra ID has freed up most of my weekends. When I was previously working with on-premises data centers, I had to patch my servers every weekend, which was a time-consuming and tedious task. However, now that all of my applications have been moved to Entra ID, these tasks have been drastically reduced. As a result, I would say that my weekends are now almost free.

Entra ID saved lot of organization money. I see previously organizations investing in expensive solutions for data centers, which required a lot of maintenance and the need to find the right talent to manage them. However, with Microsoft Entra ID, we no longer have to worry about maintaining data centers, as they are completely managed by the cloud. This has made our operations easier and more efficient, as we can now deploy changes quickly and easily, and receive alerts when any issues are found.

Entra ID positively affected our user experience.

Microsoft Entra ID Protection and Microsoft Sentinel are both excellent monitoring features for Microsoft Entra ID.

Beneficial of Entra Monitor and Log Analytics to monitor the secure operation of Entra ID services.

Great improvements in the Modern Authentication Strategy Passwordless FIDO2 improvements & Entra ID verification 

In terms of licensing - being able to pick some premium features without purchasing a package is advantageous.

Increasing the free log retention period might be more beneficial.

Compatibility features for legacy systems integration with new features will be challenging at times.

I have been using Microsoft Entra ID for ten years. Microsoft Entra ID has been a critical component of Microsoft cloud offerings since the time it was introduced.

Entra ID is extremely stable and Microsoft absolutely brings new improvements to this feature.

Entra ID is highly scalable. I have seen multiple organizations over 80,000 people in use Entra ID worldwide.

The technical support is good but sometimes it can be difficult to connect with the right engineer when you are working in a complex enterprise environment.

Neutral

Out of all my experiences i have seen organizations using  Microsoft Active Directory before switching to Entra ID.

The initial setup is straightforward. I completed most of the deployment myself with excellent support from the Microsoft support Team.

In most of the cases the implementation was completed in-house with support from the Microsoft support Team.

We have seen a return on our investment with Microsoft through improved performance, better management, and enhanced features.

Entra ID's pricing is comprehensive and affordable. The prices are easy to understand, and the licenses include a variety of security monitoring and additional features.

I have evaluated Google Cloud Identity and AWS Directory Service, but I felt more comfortable with Entra ID.

I give Microsoft Entra ID a nine out of ten.

Entra ID does not require maintenance from our end.

For someone evaluating Entra ID, it is important to understand their use case, business requirements, current solution, and expectations. The current solution is important to understand because it will help to identify any gaps that Entra ID could potentially fill.

Public Cloud

I have demo tenants where I test lots of features, such as creating test accounts and managing permissions.

Many organizations are shifting to a zero-trust model where nothing is trusted by default, and we explicitly add permissions as needed. Entra has some of those metrics, like risky sign-on. You can set up conditional access policies to ensure users can't access it from unknown locations. 

I can look at the logs to see how often my users are flagged as risky and fine-tune my policies to balance usability and security. The biggest implementation barrier with many test accounts is ensuring passwords aren't shared. Using MFA has also helped us ensure the test account is mapped to a single person. 

A lot of these features from Entra ID were implemented in our tenants. The biggest issue we've seen is that these passwords are leaked because someone shared them in a group when they were not supposed to. I think a lot of the policies that Entra has introduced lately around condition access for access management have helped us mitigate that.

I like how Entra allows you to upload a CSV file with user details for bulk user creation. This is useful for automation. Entra has made it easy to manage identity and access by integrating with all Microsoft services. Everything is managed in a single place, eliminating the need for another application.

It was super easy to understand how the basic functions work. The documentation on learn.Microsoft.com was sufficient to get most tasks done. 

The device-bound IDs in Microsoft Authenticator help us fight phishing, which is traditionally made possible by individual passwords. With passkeys, we eliminated the need for passwords to be stored and remembered. These test accounts aren't used daily, so people write the passwords down, and it's insecure. These phishing-resistant ensure we mitigate those risks. 

We've become more aware of token theft and state attacks. For example, if the demo tenant can access our internal resources and code still in development, we ensure that all these user IDs are authenticated. Entra can delegate and control access to apps, helping to close those attack vectors. 

Entra could be improved by enhancing self-service options for end users, such as making password reset options more accessible. This would simplify the user experience for end users.

I have used Entra ID for about a year.

For both the stability and scalability, it's pretty good. I've never had any issues with users trying to log in.

Both the stability and scalability of Microsoft Entra ID are pretty good with no reported login issues.

We have not needed to contact customer service due to sufficient public documentation. This suggests good technical support.

Positive

We used Keycloak for access management and single sign-on and some of the AWS native IAM solutions. Keycloak is open-source, so it's vendor-agnostic and can be integrated with any custom app you build, whereas you run into vendor lock-in with Entra. However, Entra is natively integrated with all Microsoft products, and we've migrated to using an exclusively Microsoft ecosystem. 

The documentation on Microsoft's website was sufficient to understand the setup for basic functions, making the initial setup straightforward.

We did everything in-house without involving any integrator, reseller, or consultant.

Entra is bundled with every new tenant you set up on Azure, so we don't need to pay for extra solutions to manage the fundamental aspects of user management and accounts.

I rate Microsoft Entra ID nine out of 10. It fits my purpose perfectly, and I seldom need to search for alternatives due to its comprehensive functionality.

Hybrid Cloud

Other

We primarily use Microsoft Entra ID in hybrid scenarios where we are undergoing digital transformation. We had on-premises Active Directory that we transitioned to Entra on the cloud, enabling users to authenticate with their regular credentials.

We have a complex scenario with several applications, and we're trying to achieve SSO for most of our applications, but some of our legacy applications don't support SSO or modern protocols. Our core applications are ready for SSO or to be federated. We've centralized our authentication process using Entra ID, so we can collect sign-offs from the users and filter using conditional access. 

Our identity solutions are mature because we started with FIDO and YubiKeys. It's easier to implement now that we aren't sticking to a device. We aren't increasing our costs to add another asset to the user that we can use on their mobile phone. Technologically, FIDO is excellent, but Microsoft Authenticator is even better. 

Entra ID is integrated with Sentinel. It's ingesting logs from Entra ID, and we have playbooks to mitigate any identity-based risks. We could figure out our authentication flows and detect any misbehavior through integration with Sentinel. Entra ID enriches this process with logs, sign-outs, and remediation information.

We have an internal strategy for leveraging all Microsoft solutions. We avoid bringing in third-party applications to solve some gaps and try to address everything exclusively within Microsoft. Microsoft is the only vendor that can deliver the full lifecycle in one solution.

We are always working with cutting-edge solutions. For instance, we were struggling with Zoho support for SSO, and now we no longer use this domain. We are selling commercial vehicles, so it matters how reliable and trustworthy we are. No one wants to buy something from a company that doesn't protect customer data. We need something that makes an attacker's life harder. 

With Entra, we can provide a safe environment where we don't need to rely on users to secure their environment. We have plenty of security pillars to protect the company internally and externally. Using a zero-trust strategy, we reduced the differences between users, enabling safe navigation and asset use.

In my opinion, Microsoft sometimes releases products too early without providing enough documentation. Our team works with innovative solutions like verified ID, identity governance ,and lifecycle workflow.

When we started with lifecycle workflows, we had only two integrated worklows. Still, we couldn't find much of the information we needed in the documentation about our use case or how to leverage IDs in our proof of concept. 

Entra constantly releases new features, and other companies are releasing products at the same pace as Microsoft, so it's trickier. We started implementing a product called Next Identity that provides modern authentication methods like FIDO and push notifications. In 2023, we couldn't see how verified ID would help us. Now, verified ID has been integrated, and we can realize it, but at the time, we couldn't.

I have been using Entra ID for almost three years.

The solution is robust and stable, though we acknowledge the risk of potential backend outages from Microsoft, which could affect us significantly.

The solution is really scalable. We manage more than 100,000 devices and 300,000 user objects in Entra, indicating a high level of scalability in our environment.

We have always worked with Microsoft. Initially, we operated using on-premises Active Directory until we moved to Microsoft 365 and started using Azure AD at that time. Our parent company requires us to use Microsoft, but Entra is a core solution. 

The initial setup involved syncing our identities to the cloud and building a robust tenant as part of the company group. We adhere to a strict blueprint requiring the use of Microsoft solutions.

We have an internal hub in Lisbon focused on innovation and implementing solutions like Verified ID and identity governance.

I rate Microsoft Entra ID nine out of 10. 

Hybrid Cloud

Microsoft Azure

The primary use cases for Azure AD include use in projects and deliverables when implementing different solutions like SSPR, multifactor authentication, Conditional Access policies, and fine-graining the controls on end-user machines, devices, and applications. I also use it to sign licenses via different methods, including group-based licensing, direct licensing to individual users, registering applications, and providing CPUs and credentials. Lastly, I use Azure AD for whitelisting external identities and domains for communication between internal and external domains.

Our organization is global, with over nine locations across the world. We have a hybrid environment, which is very complex due to the size of the organization, and we have a varied client base. From a security standpoint, we have a variety of security services and products. 

Azure AD is a one-stop solution where we can manage every aspect of identities, access, and applications via policies across all domains of our organization.

We use the Conditional Access feature to enforce fine-tuned and adaptive access controls. This makes our Zero Trust strategy to verify users more robust, as standard users have limited access, on limited devices, with limited permissions. They can only access the domain on specific machines and must be on the corporate or office network. Access from outside the network isn't possible unless it's from a whitelisted location, and along with MFA, we have a powerful Zero Trust model in place.

Azure AD saves us a lot of time, as we previously used an on-prem legacy solution with poor integrations, which slowed onboarding and other processes. Thanks to the product, we spend approximately 70% less time daily and about 80% less time weekly. That's a big plus. 

The solution helps our organization save money from a cost perspective, and there are several other vital angles to consider. Azure AD is an out-of-the-box product in terms of features and security, which is a reduced cost. Whether an organization requires P1 or P2 licensing is another consideration. Finally, if a company is replacing legacy systems, that's money saved for licensing and maintaining those systems. Some of our clients have seen 30-40% savings, especially those using complete legacy systems and then switching to a cloud environment.   

Azure AD greatly helps user experience, as we can integrate the solution with many services. End-user experience improved, whether staff members try to access resources from mobile or even personal devices. We can fine-tune access control across the enterprise, and that helps us provide a good end-user experience.  

The most valuable features are the Conditional Access policies, SSPR, and MFA. Another good functionality is registering enterprise applications to provide access to external parties. These four features are precious and are the most used across different use cases for various clients and projects.

Azure AD provides a single pane of glass for managing user access; we can assign access permissions to different user accounts based on situational requirements, and helpful security features are available. The solution provides sign-on consistency, and we can configure permissions to enable single sign-on for a particular application or domain. This gives us the flexibility to offer a great user experience.    

The solution gives us a lot of flexibility when it comes to managing all identity and access tasks in our organization. We can manage freshly provisioned identities from scratch, as well as existing identities and apps through the Azure admin center.   

I want better integration between Azure AD and the on-prem environment because there are currently limitations that can hamper employee experience. We use a feature called password writeback, that can be challenging to implement in a hybrid environment. Employees can change their passwords using a self-service password reset (SSPR) feature, which reflects from the cloud to the on-prem identity, but not the other way around. Currently, there is no way to reflect passwords from on-prem identities to the cloud.

There are other similar limitations, such as a cap on the number of identities that can be synchronized in a particular time frame, which can be an issue for large enterprises with 300,000 employees or more.

I've been using the solution for over three years. 

The solution is stable, though there can be issues around synchronization within a vast organization. Performance-wise, Azure AD is a good product.

The scalability is good. 

Microsoft technical support can take a while to resolve. I can get a response in 30 minutes, but the time to resolve is usually more than four hours or over a day. I wonder if the support staff has adequate training and expertise to provide a better service.

Neutral

We previously used on-premises AD and switched to Azure AD because we wanted the benefits associated with cloud-based solutions.

The complexity of the initial setup depends on the deployment; cloud deployments are very straightforward, on-prem implementations are more complex due to the infrastructure, and hybrid deployments are always complex as there are many considerations and assessments to be made.

It is hard to measure ROI with security solutions, but identity is the first point of vulnerability for cyber attacks, so identities must be secure and well-managed. The solution provides this, and that is a worthwhile investment.

Azure AD has four licensing options- free, Office 365 apps, Premium P1, and Premium P2. The free option has a limited number of identities and features, and the Office 365 version comes included in several Office 365 subscriptions. With the P1 and P2 licenses, we get all the freeware features plus additional security features, but these come at a higher price. The base price for P1 and P2 is $6 and $9 per user per month, respectively.

I rate the solution nine out of ten. 

From a security standpoint, we don't have major controls from Azure AD, but we can implement features such as MFA and Conditional Access policies to fine-grain the rules on apps and devices. We can also enforce policies where users have different sign-on requirements for the same account, depending on where they sign in from.  

We used the solution's Conditional Access feature in conjunction with Microsoft Endpoint Manager as it was a requirement for a client-side project. There were some conflicts between the two tools regarding device management, so we had to select a different approach. Conditional Access reduces the risk of unpatched devices connecting to our corporate network because it triggers the policy stating only compliant devices can log in and access resources.

Clients use different deployment methods for Azure AD, but most implement them within a hybrid environment. A few organizations are entirely cloud and SaaS-based, as they don't want the maintenance and management associated with on-prem infrastructure and prefer the security offered by the cloud.

My advice to those looking to implement the solution is to consider their primary goal and use case for the product and how they want to implement it. If you have a hybrid environment, many details about how Azure AD can fit into the environment must be figured out beforehand. Consider the costs and how the solution will help from a security standpoint over the next five to ten years, from all perspectives, including networking, security, systems management, and maintenance.

Hybrid Cloud

Microsoft Azure