Microsoft Entra ID Reviews

My main use cases for Microsoft Entra ID began with it serving as the authentication back-end for Office 365 investments; now it's starting to function as a federated IDP for us.

The feature of Microsoft Entra ID that I appreciate the most is the level of integration that's available in the partner network.

The implementation of Microsoft Entra ID helps with timely termination controls regarding secure access to apps or resources in my environment.

I believe Microsoft Entra ID can be improved, and I think it's already on the roadmap. We value the selective sync where Microsoft Entra ID is actually the authoritative source and then will provision down to Active Directory. That's a significant priority for us. We're always looking to understand how they're addressing agentic AI, but the primary thing I would prioritize if we could do this again is the ability to keep a SAM account name instead of having to use a UPN. This causes considerable challenges for us as a customer because we have to reissue identities to everybody.

I have been working in my current field since 2020, so almost five years and change.

I would assess the stability and reliability of Microsoft Entra ID as generally pretty good and on par with other cloud providers. Historically, we've seen a major outage occur every other year or so, where those events have significant downtime that wipes out essentially the entire capability of the hyperscale provider.

I have experienced downtime, crashes, or performance issues with Microsoft Entra ID.

I believe Microsoft Entra ID scales pretty well with the growing needs of my organization. Microsoft continues to innovate, so I'm not worried about the number of identities I put in it and the performance by any means. It really comes down to how well the Microsoft vision for agentic AI aligns with what the rest of the world chooses to do and at the pace they choose to do it.

On a scale from one to ten, I would rate customer service and technical support a six.

I give a rating of six because I think this is a trend for every tech provider; support is decreasing in quality categorically across the board, and many organizations are trying to implement AI-based strategies for support agents that simply aren't very good yet. That changes every couple of months, but historically, we have had a hard time going through and getting the right engineer or skill set on a call. The big change seems to be that they want to collect some logs and then go away and come back, rather than joining us on a bridge to work through issues. This is problematic based on how most organizations, ours included, choose to solve problems at scale in real-time.

I would evaluate customer service as usually great; everyone's friendly, nice, and helpful. However, the technical support depends on who you get and how fast you can get them on a call, which can make or break a support experience.

We were using another solution, SiteMinder, to address similar needs before adopting Microsoft Entra ID.

I would describe my experience with deploying Microsoft Entra ID as relatively easy, provided you have applications that support modern authentication protocols. We are a customer that had a number that were not supporting that, so we had to come up with alternative, deeper integrations and capabilities to make that work. Going through and not being able to support SAM account names was a challenge. We don't have publicly routable UPN, so being an alt ID customer and making a bunch of changes is a challenge. I think these would be the things I would have criticisms for regarding feedback.

Regarding my experience with deployment, I think once the system is up and running with the basic integrations back to AD or wherever it needs to be, it's pretty straightforward. I think the catalog of applications to integrate with is very large. For things using modern auth, the setup usually takes a couple of hours depending on the fidelity of the application team that you're working with, and it's relatively smooth and easy once you get the foundational components in place.

I think that I have seen return on investment with Microsoft Entra ID, as I believe it is becoming a commodity.

My experience with pricing, setup cost, and licensing is that going through and being able to use these things is always part of delivering an M365 bundle, so I don't think the experience is great because the only way you can make a deal is with significant takeouts of other platforms to afford it.

In selecting Microsoft Entra ID, we considered everything; it was a massive RFP. We looked at Ping, Okta, CyberArk when they acquired Idaptive, and we surveyed a huge remit of tools.

Microsoft Entra ID's integration capabilities haven't influenced my Zero Trust model.

Since implementing Microsoft Entra ID, we cannot share any changes I have observed in the frequency and nature of my identity-related security incidents in my organization.

My organization's approach to defending against token theft and nation-state attacks has stayed the same since implementing Microsoft Entra ID.

Regarding the features of Microsoft Entra ID, the question is which features and the Entra feature set.

In general, I find Microsoft Entra ID interesting because I don't think there's a great answer for that. It's the bundled set that comes with the M365 SKU sets, and you kind of end up having to use it. Many of the benefits and features we value center around the level of simplicity, as well as the deepest integrations with Microsoft Active Directory as a customer that does sync. I think the opportunity to go through and do connected devices in the field is really the future-looking set of functionality we're most interested in.

I can share that there's not a lot of novel capability from Microsoft Entra ID that isn't being made up from an Okta or a Ping, or other new players to the market. Single sign-on identity provider style capabilities are nothing new or novel or innovative anymore.

Our organization uses different authenticators concerning the implementation of device-bound passkeys in Microsoft Authenticator and how it has affected our approach to phishing-resistant authentication.

What stood out to me in the evaluation process, both positive and negative, was the opportunity for Microsoft to do more with it. Knowing that it was truly the largest identity provider on the planet was also helpful for us. The size and scale, and hopefully the resiliency of the platform, were great talking points.

The factors that led us to consider a change were performance, cost, support, and scalability.

My advice for other organizations considering Microsoft Entra ID is that it makes sense if you're going to go all-in on the Microsoft ecosystem, because you have to make the case for the bundle of at least two or three products to afford it. I would rate my overall experience with this review a seven out of ten.

Hybrid Cloud

My main use cases for Microsoft Entra ID are protecting company data and authentication. We use on-premises Active Directory and sync everything to Microsoft Entra ID, and we protect all of our apps with single sign-on and multi-factor authentication.

The features I value most about Microsoft Entra ID are single sign-on, multi-factor authentication, and Conditional Access. It is easy to use and you can get very granular with the controls.

Microsoft Entra ID has provided my company with visibility into everything that is occurring regarding authentications for any application across all apps. It also helps with user password resets and improves password reset management in general.

One feature I would like to see released for the next generation of Microsoft Entra ID is the ability to set password requirements for cloud-managed accounts. Currently, there is a single password policy set to eight characters, and I cannot modify the policy. Upcoming requirements will necessitate 12-character passwords, and it is impossible to configure this. This capability is needed.

I have been working in my current field for 11 years.

Microsoft Entra ID has good stability and reliability. I generally do not experience crashes or problems, except during global issues, which occur infrequently.

Microsoft Entra ID has influenced my zero trust model through the implementation of very strict Conditional Access policies. We have approximately 100 Conditional Access policies to ensure that only allowed devices can access the applications they should have access to. We have device-based policies and user-based policies, and we are quite advanced in our Conditional Access policy implementation.

I did use Microsoft Customer Service, and it is problematic. The issue with Microsoft Customer Service is that we have many experts in our IT department, including myself as an Entra expert, Exchange experts, and other specialists. When we contact Microsoft Support, it does not matter that we are experts; we must start at the very bottom. It takes considerable back and forth to describe the issue and to convince first-level support that we only contact support when necessary. It is very difficult to convince them that what we are experiencing is actually a problem and not merely a configuration issue or something basic. Therefore, it takes a very long time to get the appropriate level of support.

Neutral

I did not consider other applications or solutions because we purchased Microsoft Entra ID as part of our migration to Microsoft Exchange Online. We were using Microsoft solutions on-premises, so moving to the cloud was the natural progression.

I was not involved in the initial deployment of Microsoft Entra ID. I am currently involved with new features and releases. During the initial deployment, I was managing devices, endpoints, and security.

From the security perspective, I see a return on investment from Microsoft Entra ID. Visibility provides a measurable return.

An example of Microsoft Entra ID's impact is that most of our apps now use single sign-on. Previously, apps used local or application-specific usernames and passwords, which was too much for users to remember. This resulted in frequent password resets and left IT with no visibility into user activities. Microsoft Entra ID has definitely improved this situation.

Integration capability does not influence my zero trust model.

Our deployment is hybrid, with the cloud portion in Microsoft Azure.

I rate this product an 8 out of 10.

Hybrid Cloud

Microsoft Azure

Digital Workplace

Cloud Infrastructure Administators

Microsoft Entra ID grows with the needs of our organization. When there's something new, we're usually ready to consider it. It's not too far ahead, but it's not missing major thigns we need either. It's sometimes even bringing ideas for our own identity provider, which creates pressure for our own identity provider to keep up with Microsoft Entra ID.

The main factors that led me to consider Microsoft Entra ID are that on Azure, it's unavoidable. There's no other way. That was an argument sometimes we had to use even internally when people asked why we were using it. The fact that we ended up expanding it to AWS as well for single sign-on was because it's this kind of industry standard that every single sign-on solution supports. We could use some features that were relatively unique to Microsoft Entra ID or in a way that we already had them configured for Azure, so we're getting them for free when we're just expanding the population. When we implemented access reviews, we have the same thing now for AWS as well. There were some things like that which we got almost for free because we had already invested in Azure.

The areas where Microsoft Entra ID could improve include the fact that it is a de facto standard but not a real standard, leading to strong vendor lock-in, which sometimes makes us avoid Microsoft Entra ID for certain purposes. That is number one. Second, I would say it is difficult for us to use it for end-user applications.

The B2C model is quite unworkable in our case. We have a lot of different ecosystems of customers, a big organization doing different things. The end user populations are not the same, and it's becoming really difficult and unwieldy to manage, I don't know how many tenants for a thousand applications. We really have a thousand applications, and I would say maybe fifty different ecosystems. That's why this is a part where we opt for our own identity provider instead of Microsoft Entra ID. Maybe some kind of redesign of B2C would be more interesting, but I don't know exactly how. I would need to go in a design session to know what to propose specifically.

What would make it a ten for me is that I don't know to the extent it's possible, but full infrastructure-as-code management. A little bit more openness and contribution to identity standards would be beneficial. I know that Microsoft Entra ID is doing a lot of things for which there's no equivalent standard, but it would be interesting to see at least the creation of standards or suggestion of standards for the industry to catch up. I understand it's not necessarily the most interesting thing for Microsoft, but it could reduce resistance in our organization.

Prior to adopting Microsoft Entra ID, I have not used another solution to address similar needs. Nothing really comparable.

I assess the stability and reliability of Microsoft Entra ID as having no problems with this. It's good.

I would evaluate Microsoft support for their products on a scale of one to ten, and I think it depends a bit on the product. On Azure, we had some misses sometimes where support was around the clock, and if we're not responding quickly, another person was picking up and we're starting the conversation again. We had a few cases like that, particularly for security products which are quite complicated. Other than that, we had a very good experience with the cloud solution architects and the designated engineers from there. We had a pretty good experience. It's just that sometimes it's difficult to find the right resource. Usually, they are specialized on one thing, and if you go a little bit beyond their domain, it might take some time until you find the right information.

Positive

We have not considered similar solutions before going with Microsoft Entra ID. We know that there are other organizations in our ecosystem that used Okta. Because we didn't have enough central support for this kind of solutions, we could not even consider going to yet another product and doing the procurement, the evaluation, the return on investment, and things like that. We went for something that was already available in our organisation.

I would describe my experience deploying Microsoft Entra ID as generally going well, other than the provisioning of the licenses. There were a few things that were a bit challenging. One thing that's a bit unclear to me to what extent it's still valid since I'm no longer in that team for less than a year, but the fact that some things in Microsoft Entra ID we have to roll out by PowerShell and not by Bicep. This creates a bifurcation in our code. There are things that we have to do in Bicep as we do everything else on Azure, and Microsoft Entra ID, which is a bit its own world where you have to do a few things by PowerShell. That was a thing, but it's manageable and not the end of the world.

It's always difficult to measure return on investment on Microsoft Entra ID since it's about security, which is a philosophical question. What I can say is that among all the cloud security costs we have, Microsoft Entra ID was among the lowest compared, for example, to endpoint protection and container logging and things. Nobody ever put these costs in question because they were low for the assurances we were feeling that we were getting for the management of identities in the cloud. We still have, of course, to be careful about when to use P1, when to use P2 and for which populations, but it didn't create a problem. Other security products where we actually ended up not rolling them out because of their cost.

On the digital workplace side, I was not directly involved. For the whole Microsoft 365, we got it as part of the license, which is fine. We have enough guest accounts, so I could not distinguish Microsoft Entra ID from Microsoft 365 on that side because they go together. On the Azure side, we didn't have any major problem. We had some procurement-related problems because we could not self-provision Microsoft Entra ID licenses the same way we could do it for other Azure resources. We still have to pass through a separate process just to get Microsoft Entra ID licenses, which is inflexible. For example, if I have a new team, I can give them an Azure account and it's really pay as you go. But to get them the licenses, fundamentally, I have to place an order at the beginning of the year, and it follows a completely different, much more old school procurement workflow. I don't know to the extent this is because of my organization or because of Microsoft. I think we kind of ended up mirroring each other because Microsoft has this license and Azure walls which behave very differently, and I think in our organization, we copied this and we ended up doing two different procurement processes for those two different worlds, and one is way more inflexible than the other.

My advice for someone who is considering Microsoft Entra ID is to start early with governance and not leave it for later, as we did. I would say follow the recommendations of Microsoft and not do things your own way because sometimes, if we are coming from another provider or from on-premises, we sometimes end up doing ineffective things. I think that's it, and don't improvise too much. My overall rating for this product is nine out of ten.

Public Cloud

Microsoft Azure

The main use cases for Microsoft Entra ID in this company involve granting permissions across different Databricks workspaces or Synapse, and leveraging the same identity across Power BI integration and semantic models.

What I find most valuable about Microsoft Entra ID is centralizing identity. I think that's the power of this. I don't need to worry too much about how to set up the groups. I just need to get access and assign it to the correct place. Centralizing everything and making it more transparent for me while leveraging these groups and users in my applications represents the best difference.

The impact of Microsoft Entra ID on security is that it grants permissions to those who need to see the information. I think that's the main goal of Microsoft Entra ID features.

I'm not sure how Microsoft Entra ID's integration capabilities have influenced my zero-trust model. This one is hard to answer.

Since having Microsoft Entra ID, I have not observed any changes in the frequency and nature of identity-related security incidents in my company.

So far, I've never heard about token theft and nation-state attacks issues since implementing Microsoft Entra ID, but I hope to keep it this way.

I don't see any area of improvement for Microsoft Entra ID for my usage. I think it's perfect for me.

I'm not aware if Microsoft Entra ID could be cheaper, but if it can be cheaper, it's a good way to keep customers linked to it.

Usually when people talk about Azure, they talk about cost. I think Microsoft Entra ID is not as expensive as AWS, but cost is usually the main concern.

I have been using Microsoft Entra ID for a couple of years. Every company that I worked with had the previous Active Directory, now Microsoft Entra ID, so I'm using it for at least ten years. Most of the companies work with Azure.

I have never had any problems with the stability and reliability of Microsoft Entra ID. During the demo today, there was a gap between Microsoft Entra ID and the sync. However, this was the first time that I observed something of this nature. Before it, I never saw any problem.

Regarding scalability, Microsoft Entra ID has been able to scale to the workloads that my company needs. So far, that's the least critical concern about scaling. I think it performs very well. The company is pretty big with a few thousand employees, and it works very well, considering not only the users but the application IDs and other elements.

I think the customer service and technical support for Microsoft Entra ID are great. Every time that I had to get in contact with them, the answers are fast and they are very helpful in trying to solve the problem.

Positive

My company did not consider other tools before choosing Microsoft Entra ID.

With my experience, the deployment process for Microsoft Entra ID is pretty straightforward. Using Azure CLI, it's quite simple to make the assignments and everything else. I don't provision users; I just consume what is ready. So it's quite simple for me.

I guess the biggest return on investment for Microsoft Entra ID is linked with security. Security definitely helps protect the company image from leaking and from issues. I think when we put this on the table, I don't know if the cost to buy something of this nature matters too much because the impact is much more significant.

While using Microsoft Entra ID, we are not considering something else.

I think AI is also connected with Microsoft Entra ID. It acts on behalf of someone. All the features that I'm seeing in the event are already making transparent how AI is connecting or using the data and the artifacts around the cloud that is on behalf of someone. I think that's a great feature.

The implementation of device-bound passkeys in Microsoft Authenticator is a step forward to make things more secure and harder for someone with second intentions to go through your architecture and platform. I think this was an implementation to keep things more secure in general, and it definitely did.

My advice for other companies considering Microsoft Entra ID is that if you want to simplify your identity management and focus on your core business, Microsoft Entra ID is a good option. I would rate this product a nine out of ten.

Public Cloud

Microsoft Azure

My main use cases for Microsoft Entra ID include Azure App Registrations and management of third-party integrations into our M365 tenant.The implementation of Microsoft Entra ID has been pivotal for our secure access to apps or resources in our environment. We use Microsoft Entra ID to grant access for all external apps that want to connect into some type of data source in Office 365, so it has been crucial to be able to set those up and manage those.Microsoft Entra ID's integration capabilities have been the foundation for our Zero Trust model because my team only sets up integration and Azure App Registrations based on a request and we review them. Nothing gets access to any data or anything in our tenant unless we review it and approve it and configure it in Microsoft Entra ID.

The features of Microsoft Entra ID that I value the most include the governance tools around OAuth, Azure App Registrations, and the security tools that enable us to set those up and monitor those.The features of Microsoft Entra ID have benefited my organization by allowing us complete control over what apps have access to what in Office 365 and for how long due to the Azure App Registration tools and process that Microsoft Entra ID offers us.

Microsoft Entra ID can be improved through better lifecycle management of the Azure App Registrations. If a token or a certificate is going to expire, it would be helpful to notify the app owner or the representative in our organization, saying that their certificate is getting ready to expire in two weeks, asking if this is still in use and if they still need this, and providing information on how to renew it if needed. Additional tools for governance and lifecycle management would be beneficial.To make it a ten, some of the governance and lifecycle management for app registrations that I mentioned would be beneficial. It would alleviate some of the time burden from my team to be able to automate the management of some of those aspects. Other than that, it is pretty solid.

I have been using Microsoft Entra ID for about ten years.

I assess the stability and reliability of Microsoft Entra ID as great.I have experienced some downtime, crashes, or performance issues, primarily the typical Office 365-wide outages that happen from time to time, but nothing beyond that.One of the outages I experienced was about a month ago where there were DNS issues with Microsoft, and all of Office 365 was inaccessible, along with the Microsoft Entra ID admin center.

Microsoft Entra ID scales well with the growing needs of my organization. As the organization has been growing with Azure App Registrations that I have been mentioning, we get more and more of those, and the tools are just there for us to use.We have expanded the usage of Microsoft Entra ID gradually over time as our organization has been getting bigger and there are more and more third-party apps that get brought on board, and it has been smooth.

I would rate customer service and technical support an eight on a scale from one to ten.I give an eight rating because for the most part, whenever we open up a ticket or need technical support, we get a good resource to help us quickly. However, every once in a while, you might get a resource that is not as well-versed in exactly what you are looking for help with. For my team, if we are opening up a ticket, we have already done a lot of basic troubleshooting.Overall, I would evaluate customer service and technical support as pretty good.

Positive

I have seen a return on investment with Microsoft Entra ID, as it makes my team, the engineering team for Office 365, have a much easier time in terms of managing third-party integrations and other apps that connect into Office 365.

I cannot speak to the setup cost of Microsoft Entra ID because it was before my time here. Licensing has been pretty pain-free. All of our users get the base E3 license, so the workload on that is pretty easy.

To other organizations considering Microsoft Entra ID, I definitely advise you to implement it, as it is crucial for my team and what we do in controlling access to certain resources in our tenant. I cannot imagine doing our job without it. I would rate this product a nine out of ten.

Hybrid Cloud

Other

My main use case for Microsoft Entra ID is for access control. I'm not entirely sure what I like the most about Microsoft Entra ID, but perhaps it's that everything is included in the same app compared to before. Mainly, we have SharePoint set up, so we use it to manage users' access, which is the main purpose.

SharePoint site access has mainly benefited my organization, and that's how we have Microsoft Entra ID set up. Because of the hybrid environment we have with Active Directory, that's why we have it configured for our users' access to folders and sites.

Microsoft Entra ID did help with our approach to phishing resistance, and we appreciate the Office 365 MFA protections. Since we have this hybrid environment set up, we find it more secure when accessing any Office 365 products such as Outlook, SharePoint, and OneDrive.

I think something can be improved, but it's working.

I have been using Microsoft Entra ID for about ten years.

I assess the stability and reliability as generally good, as we do have occasional downtime for SharePoint, but usually the service is restored within an hour or less, which is good. There is nothing major with downtime, and we are satisfied.

Microsoft Entra ID works well for scalability in my organization, as we have grown from 150 employees to 700 employees. There are some changes in licensing, with Microsoft offering cheaper licenses for employees under 300, and when you exceed that number, you move into another level and another layer of the licensing scheme. The transition is quite easy, and it gives you the flexibility to mix and match the licenses you want.

I recently used customer support, but it was not for our production environment; it was for our test environment. I contacted support and I am waiting for a phone call. We have experience contacting support, and they are good.

I have not personally contacted support a lot, but some of my team members contact them regularly, and they receive very good feedback from them. According to the comments I received, I would rate customer support around a seven or eight.

Positive

I did not consider another solution before; we are Microsoft customers, and it has been that way since day one.

The deployment of Microsoft Entra ID is easy once it's migrated to the cloud. The implementation of Microsoft Entra ID is required for SharePoint sites to provide user access, and that is one of the requirements, so that's why we had it set up.

I have seen a return on investment, as it's a great investment because our production environment has now migrated to the cloud, and we use SharePoint extensively. Microsoft Entra ID is what we use for access control, and it's a great investment.

I do not believe we pay anything extra for Microsoft Entra ID; it's a good deal. We have Office 365 licenses, and Microsoft Entra ID is included.

We have not just relied on Microsoft Entra ID for the security setup, as we do have other third-party software integrated with our system for protections and data protections.

Nothing right now has influenced my Zero Trust model with Microsoft Entra ID integration capability. My organization's approach to defending against token theft and nation-state attacks has not changed since implementing Microsoft Entra ID, as I have other security solutions in place, so we do not use Microsoft Entra ID for protections.

I am satisfied. I would rate this product an eight overall.

Hybrid Cloud

Microsoft Azure

Our main use cases for Microsoft Entra ID involve working with clients that use the Microsoft platform and their identity graph to identify who the users are and integrating our solution with Microsoft Entra ID to identify who that person is when we're registering credentials on a YubiKey.

Since implementing Microsoft Entra ID, we have not seen major changes, but we are working with Microsoft to examine metrics and build dashboards in Sentinel. We have plans to do that, and we have a pull from the customer perspective wanting to examine the data metrics. Our data metrics are specifically tied to the lifecycle management, onboarding, usage of authentication, enrollment, and recovery cycles. We just met with the team to work on this and determine how we can use agentic AI to share risk signals both from our metrics and for the Sentinel dashboard.

The features of Microsoft Entra ID benefit my organization by streamlining everything for the customers that use Entra or the whole Microsoft platform. When looking at the full solution and the value that it brings us in terms of visibility, especially when we're talking about agentic AI, the fact that you can use Microsoft Entra ID and all the other product ecosystems to work together to give you the best value and then act on that data is where the win is for us.

As a security company ourselves, we are moving towards a zero-trust model, and we find that partners aligned with Microsoft Entra ID support that, which is the baseline thought process of having a zero-trust environment.

We do have some tickets regarding Microsoft Entra ID, but we are working with the team to examine those improvements, especially with our product that we're a partner with Microsoft on. It is beneficial that there is an interaction where we can bring the customer in as well so that Microsoft can hear the voice of the customer and determine what needs to be improved, and it is a good partnership that works well for everyone.

Microsoft Entra ID has been a core cornerstone of our product, the YubiKey itself, and we have been engaged with it for about a year now from a product perspective.

I have not experienced any downtime, crashes, or performance issues with Microsoft Entra ID.

I would describe the stability and reliability of Microsoft Entra ID as positive.

Microsoft Entra ID scales with the growing needs of our organization without any issues, and from what we see from customers, it serves small, medium, and large-sized enterprise customers.

I would evaluate customer service and technical support highly as our interactions with the team have been great and always responsive. Once we are GA, I expect that support will be up to par as well.

Prior to adopting Microsoft Entra ID, our partners and customers had multiple solutions, as the bigger companies often rely on multiple IDPs and multiple solutions because of the platform, whether it is mobile or desktop. The offering is there and is probably above the other offerings in the market.

For our use case and working with Microsoft Entra ID, our integration timelines are comparable to everything else.

I would say from the customers, we have definitely seen a return on investment with Microsoft Entra ID. Having that full ecosystem compared with other IDPs and other ID solutions from competitors, we definitely see a visible two-to-one ratio for our customers in the pipeline.

When considering Microsoft Entra ID, it was one of the cornerstones, so we did not actually examine anything else. We chose to partner and support it because we do see many of our customers using Microsoft Entra ID and the Microsoft platform.

My organization's approach to defending against token theft and nation-state attacks has not changed since implementing Microsoft Entra ID.

The implementation of device-bound passkeys in Microsoft Authenticator has not changed our organization's approach to phishing-resistant authentication. Our product is non-device-bound passkeys, but we see air gaps in the market where you cannot have a device-bound passkey. We choose to complement what Microsoft has in place as well, but it has not changed anything from that perspective. It probably eases use for our customers, but we still see that there are use cases where they have air gaps and are using a mobile key.

The evaluation process regarding Microsoft Entra ID highlighted the workflows and everything being streamlined, especially with the authentication process. I do not see a specific feature of Microsoft Entra ID that stands out the most, but we are examining the whole ecosystem from a data perspective as well and looking at Sentinel, Data Lake, and those products. However, it is mainly the authentication space and the authentication workflow, so it is identifying that there is a passkey registered with Microsoft Entra ID.

As far as our support and working with Microsoft and all of our customers, we only support Azure. My overall rating for this product is eight out of ten.

Hybrid Cloud

Microsoft Azure

Microsoft Entra ID is used for hybrid synced users to Azure and for external users with guest accounts created in the directory. Security groups and all related functionality are utilized for user management.

Logging activities, including sign-in logs, password lockout, and security monitoring for compromised accounts, are valuable components of the implementation.

To prevent intrusions, as a government entity, Microsoft Entra ID is used to determine if someone is attempting to brute force an account and to understand the origin of the access attempt and whether it represents an actual threat.

Logging, sign-in logs, password lockout, and security features for compromised accounts are the most valuable aspects of Microsoft Entra ID.

To prevent intrusions, the ability to determine if someone is attempting to brute force an account and to understand where the access attempt is originating from and whether it represents an actual threat is critical.

Microsoft Entra ID has had a very positive impact because access can be controlled both internally and externally to the environment and applications used by the organization. Many app registrations function through Microsoft Entra ID to allow internal and external users to access applications.

There has been a return on investment in Microsoft Entra ID because of the security capabilities that enable both internal and external access management.

Microsoft Entra ID could benefit from improved structure and organization. Currently, internal and external users are grouped together, and filters must be applied to differentiate between them. Having separate areas for internal and external users would be beneficial since they should be treated differently.

Growth opportunities exist in separating certain elements for improved viewability.

Microsoft Entra ID has been in use for approximately eight years.

The primary issue experienced with Microsoft Entra ID is Azure sync performance. Over the past year, syncs have occasionally taken longer than expected to complete between on-premises and cloud environments. While syncs should typically complete within 30 to 60 minutes, there have been instances where syncing has taken hours. These issues have been reported to Microsoft, and while they address the problems, they do not typically share details about the fixes applied.

Microsoft Entra ID has been expanded through the creation of security groups specifically in the cloud rather than on-premises. The organization is moving forward with all groups being created in Azure and Microsoft Entra ID. User accounts will continue to be created on-premises, but security groups and dynamic groups will all be created in Azure and Microsoft Entra ID.

Support for Microsoft Entra ID is evaluated as generally good, with few problems encountered. On a global scale, however, support has not been consistently reliable.

Positive

There has been a return on investment in Microsoft Entra ID because of the security capabilities that enable both internal and external access management.

The primary benefit observed from Microsoft Entra ID is the ability to identify and respond to suspicious account activity. Most frequently, locked accounts have been investigated and flagged accounts have been flagged for suspicion or high risk, particularly guest accounts invited to the tenant. This allows the organization to communicate with affected users and recommend actions such as password resets. This capability is especially valuable because the organization regularly interacts with the public.

Zero-trust model implementation has not been influenced by Microsoft Entra ID, as this reviewer was not involved in that initiative.

The organization's approach to defending against token theft and nation-state attacks has not changed since implementing Microsoft Entra ID.

No competitive solutions have been evaluated or considered, as the organization is satisfied with Microsoft Entra ID. This review is rated as an 8 out of 10.

Hybrid Cloud

Microsoft Azure