Microsoft Entra ID Reviews

Identity verification would be the number one use case. It also factors into mobile device management for devices that aren't registered to the company. We use MFA, and the Authenticator app is a component for multifactor authentication. So, that's why we use it.

You can set policies to specify where users will have to use the Authenticator app to log into particular applications. 

It makes all junior users accountable. There is no excuse for someone else logging into anything because of the multifactor authentication and Authenticator app. You have to verify your identity to log in to specific applications that contain confidential information, especially in a HIPAA-compliant environment.

It enhances security, especially for unregistered devices. It 1000% has security features that help to improve our security posture. It could be irritating at times, but improving the security posture is exactly what the Authenticator app does.

For the end users, it can be confusing if they have worked for another company that had the Authenticator app. It is tricky if they have already had the Authenticator app and then work somewhere else. If they have to download it again and use it again on their phone, it is something that gets complicated. I know how to get through it. They just need to uninstall and reinstall the application, but for them, sometimes, it is confusing. You can have the Authenticator app for multiple services on your phone, and that's what drives them crazy. They get a code and say "I'm using the code for the Authenticator app, but I can't get in." I tell them that it is because they already had it in, but it is for something else. They now have to add. They don't like that at all. You could be on the phone for 45 minutes trying to figure out what their problem is because they don't.

Instead of authenticating by getting a passcode or answering the phone, fingerprint identification should be added to the Authenticator app. Currently, with the Authenticator app, you have to reply to the email, enter a code, or answer the phone. It can just call my phone and then I just press the button to verify that this is me.

I have been using this solution for at least six years. 

It is very stable. If the Authenticator app is set up, you're not going to get into anything without it. It definitely works.

I'm not aware of any bugs or glitches. We usually run updates for the whole environment at a time. I'm not familiar with having run into specific bugs with the Authenticator app. I haven't had any problems over the years.

I've managed over a hundred thousand users in total, but right now, there are about 10,000 users. We are HIPAA compliant. So, everybody has to use it for everything. They have to use it to log into everything under the Office 365 environment, but in other companies or other places where I worked, it was only for specific applications. So, that's based on company needs.

I never had to call technical support for this.

We were using normal MFA, which is similar. The Authenticator app is for mobile devices per se, but normal multifactor authentication doesn't have to focus on mobile devices. You can try and log in to, for example, SharePoint Online, and if MFA is activated, you would have to just scroll to your email and click, "Hey. Yeah, this is me." The Authenticator app is just for mobile devices in my eyes.

It is straightforward for the admins, but end users hate it. On the admin side, it takes 20 minutes at the most.

The Authenticator app wants you to have all your prerequisites designed for whatever environment you want. If you're going through Azure, you can pick the particular applications on which you want this. You can also pick the users for whom you want it to be effective. You can pick the type of ways they authenticate through the Authenticator app. Those are the simple steps.

One person is enough for its deployment and maintenance. I do that. That's not even a role. It depends on who you are, but that's not a role. That's not something for which I would employ a person. I wouldn't employ an IT person or an administrator just to focus on this.

I don't pay for it. Going by how I feel, I see the prices for any MFA solution going down because the more different alternatives there are, the cheaper things should be. Microsoft Authenticator app would be the preferred application, but there are too many ways to implement MFA. I don't know how much it cost, but the price should go down.

It is pretty seamless for the end users, besides the end users having an issue setting up at times.

It is a seamless transition. It is straightforward on the admin side to set up. As a consultant, my advice to any company is that when it comes to big changes, manage end-user pain or frustration. Communicate with the end users and let them know what's going to happen. Explain to them that they're going to be frustrated, but explain why this exists. 

I understand why it exists. So, it doesn't bother me, but our end users just hate it. I understand that they don't like it. Nobody likes it, but it is needed. You are never going to meet an end user who likes any type of MFA, but you need to be more clear about its purpose.

I would rate it an eight out of ten.

We use it for authentication. Where we have cloud services, it syncs with Active Directory on-prem. We have about 1,800 people using it.

It's a very scalable solution.

The ability to manage and authenticate against on-premises solutions would be beneficial.

We have been using Azure Active Directory for about four years.

We have had very little requirement for technical support. It's a cloud solution.

We didn't use a different solution. We brought this in when we went into what was called Microsoft 365 in those days.

The setup was pretty straightforward. In terms of maintaining it, we have a team of six infrastructure engineers, and Azure AD is just one of the systems that they manage.

We did it in-house.

It's included within a wider bundle of Microsoft 365 products.

You need to make sure you've thought through how you're going to deal with your on-prem applications because having a hybrid solution like ours brings some challenges.

Ultimately, we will move completely into Azure AD, but we have a lot of on-prem applications and you can't use Azure Active Directory with them. Until we remove those applications and make things cloud-only, we will still need a hybrid solution.

The main reason for implementing this solution was to help our customers to access internal or external resources seamlessly while allowing them to have full control over access and permissions. 

This enterprise identity service provided our customers with many security features such as single sign-on, multifactor authentication, and conditional access to guard against multiple cybersecurity attacks. 

Most of the clients have either Office 365 with hybrid solutions, a multi-cloud environment and they want to leverage Azure AD to manage access to those clouds or they have hybrid deployments with legacy apps on-premises and on the cloud as well. 

We have applied this solution to multiple organizations and it has helped them manage their environments efficiently. Moreover, it provided a high level of security and security features that are appreciated by most of our clients.

In hybrid scenarios, this is one of the best products you could have. It helped many of our customers to manage resources on-premises and in the cloud from a single dashboard. 

It helped our client to control permissions and review permissions for employees who have left the organization which kept them on-control over access and permissions granted to their employees.

The solution has many valuable aspects, including:

• Password policy enforcement
• Conditional access policies
• Self-service password reset for could users and on-premises
• Azure Active Directory Identity Protection
• Privileged Identity Management
• Multi-factor authentication 
• Passwordless authentication and sign-in
• Business to business and client to business support
• Support for SAML and OAuth

There are many more features that are very useful and can be used as part of the P2 package. There is no need to install any agent or tool to utilize those features except when extending advanced features to the on-premises active directory.

I believe the product is perfect, however, it could be improved if it could integrate with other clouds with fewer efforts and provide the same functionality it provides to Microsoft products.

Most of the features come with a P1 or P2 license. With the free version, you do not get much.

The objects in Azure AD are not managed in organizational units similar to what you get in the windows server active directory, which makes it more difficult to delegate administrative tasks

Azure AD does not support legacy authentication protocols, such as NTLM or Kerberos.

Azure AD is unaware of group policies. If you would like to use the same on-premises group policies, then you need to use the passthrough authentication method with your existing on-premises AD servers. This would compromise the high availability of the cloud and create a single point of failure.

I have been using this tool for more than five years.

A Very stable solution, I never saw the service down, unavailable, or anything like that.

The solution is highly scalable. There are no worries at all about the bandwidth or any other concerns. 

We've had a very positive experience and our clients are adopting it more as their sole identity and access management solution. 

Positive

We did use the SailPoint Identity Platform. There was no cloud solution at that time which is why we switched.

The ease of setup depends on the scenario and the use cases of your organization. 

We are a vendor team and most of the implementation for enterprise clients is done via us or similar vendors. 

The solution has a high ROI when adopted properly in your organization.

Make sure to check which features your organization requires. Find out if they are applicable to all users or just a bunch of them before deciding on buying a license.

We looked at many products, however, I do not want to mention the products' names. 

The Authenticator app is a client application on your smartphone, usually, and you configure your profile in the cloud. I use it with my Android smartphone. 

This is a Microsoft standalone application, which the user installs usually on a mobile device, either iOS-based or in my case, Android-based. Then you add your enterprise accounts into the Microsoft Authenticator app, your work account from Microsoft 365, or your whatever on-premise account, which makes uses the Azure or whatever IDP, identity provider so that you can do single sign-on or multi-factor sign-ins.

It's an authenticator. How it's used really depends on the use case that it is configured with. If you are using your Microsoft 365 work account, if your organization requires you to do multi-factor authentication, not just with the username and password, with an additional factor like the Microsoft Authenticator app, then it simply offers that extra level of protection and security.

You can manage locally additional pathways or passwords. You can collect your credit card information or whatever secret notices in the authenticate app. This is something that got the addition the last couple of years.

You could use it for different use cases. 

The Azure AD-integrated single sign-on scenarios are the most useful due to the fact that, if you are in a cloud application that you have on your smartphone, the Authenticator just requests you to allow or deny the access as a factor. Other applications require a token where you have to enter in an additional pin. Having the single sign-on or the multi-factor way with just allowing the application with one tap to authenticate is really smart.

The solution is free to use and you can use it for every service.

They recently redid the user interface a few months ago and it looks good.

I've found the solution to be stable and scalable. 

Adding a new account can be tricky. I do it a lot and therefore am used to it, however, if you don't you tend to forget the process. If you had a bottom menu and the settings menu, for example, be added to the bottom menu instead of a different place, the top right corner, it might be more intuitive.

One area of improvement is always with global offerings from large companies where we have a lot of users that require help. Users need videos, et cetera, in their own language, and in German, there is not much from Microsoft. These are products that have a very, very fast life cycle. They upgrade the services and applications in a very high rhythm every couple of months, and even Microsoft does not have the resources to offer the learning material in all the regions, however, they offer their services.

We have then to add some additional use via manuals of how to set up, et cetera, as we have users that are not willing or cannot understand videos in English that come from Microsoft.

I've been using the solution for two to three years. It might even be longer than that.

The solution is stable. I haven't had any problems so far. 

The product scales well. 

The goal is to have everyone using it. We are in the rollout phase, and in my organization of about 1,500 users, after a couple of weeks, we have maybe a third of the population starting to use the application. 

This is like this every rollout. It takes a couple of weeks to a month. In the end, we will have around 7,500 users using Microsoft Authenticator or the Microsoft multi-factor authenticator service that allows you to choose different factors. We have a lot of things using the Authenticator app. 

We have central support organizations and I don't access Microsoft support myself. Therefore, I can't speak to their level of service.

I've used many authenticator applications. I used already Microsoft Authenticator when it came out, maybe five, six, or seven years ago. Then I used Google Authenticator and other authenticator applications. You can, however, use these all in parallel. For example, if you mix your private and your work accounts in the same applications, or if your smartphone is managed by your company and you want to separate your private accounts from any corporate policy that can delete your smartphone, you can use different authenticators for different purposes. Right now, I have the Authenticator app in front of me, and I have seven accounts configured, and this is a mix of private and corporate or work accounts.

The initial setup is easy. You just download it and start using it. 

We don't need to worry about maintenance. This is a service from Microsoft.

The solution doesn't cost anything to use.

I'm the Chief Security officer of our organization. I always have to do some research on these topics.

I'm a Microsoft customer.

I'd advise any user to use MFA these days. There's not just war in Ukraine. There's also war in this kind of space and a multi-factor authentication method is a must just to make your cyber life a little bit safer at least.

I'd rate the product eight out of ten.

We use Azure Active Directory to add authentication for users when they sign into the applications. We also use it to provide single sign-on (SSO) to applications.

What I like most about Azure Active Directory is its SSO (single sign-on) feature, as we have a community of users with different IDs and passwords, and this feature helps integrate all these. 

I've been using Azure Active Directory since 2016.

Azure Active Directory is a very stable solution.

Azure Active Directory is scalable.

The technical support for this solution is fine.

Installing this solution was seamless, but it took time for it to complete. It took one month.

We used an integrator to deploy Azure Active Directory.

Azure Active Directory has different licensing plans. We're on a yearly subscription. It is expensive, but if you look at the technical benefits it provides, the price for it is decent. If the cost of the license could be lowered, then it would be better.

Azure Active Directory is a cloud-based solution in which we have done our integration with our applications.

We currently have five or six different teams using this solution. We have three people with admin rights, 3 technicians, and a technical team. Some users have admin rights, e.g. general admin rights, while some have basic rights.

Our plan to increase the usage of Azure Active Directory depends on how many new employees will join the company. It could happen.

I'm recommending Azure Active Directory to other people who want to start using it because it meets requirements.

I'm giving Azure Active Directory a score of 10 out of 10.

We use Azure Active Directory for quite a few things. We use it for security group management of authorized principals who need access to get SSH-signed certificates for user logins. We use it for automated jot-based (JSON Web Token) self sign-on for our lowest, least privileged credentials on certain products. We also use AAD for B2B coordination of SSO when we're bringing users onto our platform, where they have Active Directory on their side. We use the OIDC-based SSO flows through AAD to merge project-level AADs back to our corporate AAD for internal single sign-on flows.

• There is tech support to help with any OIDC-based setups between organizations.
• It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.

The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access. 

I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up.

Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to.

Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.

I have been using Azure Active Directory for a couple of years now.

The stability is great.

The scalability is also great.

We have an enterprise agreement with Microsoft, so we aren't typical folks. Through that agreement, we get a dedicated technical account manager and that person is able to escalate tickets when necessary. I have found Microsoft to be very responsive when needed, although we haven't really needed them that often.

We use Azure a lot, and therefore, AAD was an obvious choice and we thought, "Why not use it?"

They've done a good job on OIDC. That was a pretty simple, seamless setup. We've done that with multiple remote IdPs now, and I don't recall too many issues there.

There is much less cost investment going into it now. We didn't have to do a volume buy to get onto the platform. When it comes to ROI, there is low friction and a high, immediate return on investment.

It's relatively inexpensive in comparison with third-party solutions. It's highly available and supported by Microsoft Azure in our enterprise agreements. With the addition of their B2C tenants, it's hard to beat from a cost perspective now.

They changed their pricing for B2B access. You used to need shared licenses so that, if you were paying for a Premium AAD on your side, that would allow you to have five shared external mapped users. They've blown that all up and it's now dirt cheap. It works out to pennies per user per month, instead of dollars. A P1 user license in their system was $6 per user per month, which is cost-prohibitive for a lot of B2B SSO flows, but now it's down in the pennies range.

I am a systems manager. I use Azure Active Directory every day for my support job.

Our authentication tools to single sign-on portals are hosted in different cloud products, like Amazon or GCP. So, we create an enterprise application and Azure Active Directory to give our users for authentication access to various public URLs.

Before Azure Active Directory, it took effort to provide cloud access to on-premises users. With Azure Active Directory and AD Connect, we are able to sync on-prem users to the cloud with minimal effort. We don't have to manage keeping multiple entities for the same user.

The multi-factor authentication (MFA) is one of the best aspects of the product. 

The security features are great. They will report in advance to you in the case of suspicious activity. 

The GUI is pretty enhanced. You can configure applications or do whatever they need to do. 

Azure Active Directory currently supports Linux machines. However, the problem is that you get either full or minimal access. It would be very nice if we could have some granular authorization modules in Azure Active Directory, then we could join it to the Linux machine and get elevated access as required. Right now, it is either full or nothing. I would like that to be improved. 

We have the ability to join Windows VMs to Azure. It would be nice if we could have some user logs, statistics, and monitoring with Azure Active Directory.

When we subscribe to MFA, the users get MFA tokens. However, it is not a straightforward process to embed any of the OTP providers. It would be good if Microsoft started embedding other third-party OTP solutions. That would be a huge enhancement.

I have been using Active Directory for two years.

This product is used every second of every day.

The solution offers nice stability and performance. 

In my organization, there might be as many as 60,000 people who utilize the solution. 

The scalability is awesome. You don't even need to think about scalability because Microsoft manages it.

We use it on a daily basis.

The support could be better. Lately, they sort of dropped off a bit in terms of quality. Recently, Microsoft support has not been doing such a good job. Previously, they used to do a good job.

In the past, AD Connect was not syncing. It threw errors in the beginning. So, I had to call up technical support to solve the problem. At the time, we were satisfied with their assistance.

I am also using AWS.

Azure Active Directory is not an Active Directory product. It is just the application proxy. You need to have an on-prem solution. Azure Active Directory would just be a proxy that uses the on-prem data and hosts the application. It is not a full-scale Active Directory solution. However, it has a lot of enhancements. The traditional on-prem Active Directory hosts the users and computers as well as some additional group objects. 

On the other hand, AWS Active Directory has all the capabilities of the traditional Active Directory with limited access for the administrator. All domain administration and sensitive credentials will be managed by AWS. So, you don't need to worry about application delays or syncing issues.  

The initial setup is simple.

It is pretty easy to set up the product. You subscribe in Azure Active Directory. By default, it will have an extension where you need to register. If you need a custom domain name, then you need to register with your public DNS providers to create the DNS public entry. You will then have to prove that you own the domain name. Once it has been proven, then your Active Directory pretty much works. 

If you need to sync up your on-prem users with the Azure Active Directory, then you need to have an AD Connect server installed at the VM-level domain. It should be credentialed so AD Connect can use credentials to read your on-premises and sync it to the cloud. Once this has been done, you are good to go. As an enhancement, for whatever user you are syncing, you can mandate them by adding them to a group or rolling out an MFA policy.

Since it is pretty straightforward, you just need one person to deploy it.

I implemented it in an hour.

Some maintenance is required. However, it is not on Azure Active Directory's part. Rather, it is for AD Connect. Often, we see that the connection is getting lost or something is not happening. Sometimes, port 443 might not be open from your on-prem Azure Active Directory. In that case, if you haven't implemented it in the beginning, then you need to do this. For a high availability solution, if you find that the machine is having additional issues, then you might need a higher AD Connect device. I would probably also deploy it with a different availability.

The solution has three types of tiers:

1. E1 has very basic features. 
2. You get limited stuff in E2 and cannot have Office 360 associated with it. 
3. E3 is on the costly side and has all the features.
   

If you need to have an Exchange subscription or email functionality, then you need to pay more for that.

We are using both the on-premises version and the SaaS version.

I would advise potential new users to learn a bit about the product before jumping in. If you are new, you need to do background research about Azure Active Directory. You also need to understand its purpose and how you want to leverage it. When you have a draft architecture in place, then you can go ahead and implement this solution. If it needs to be reimplemented, it is just a matter of five minutes.

I would rate the solution as nine out of 10.

We have integrated our internal applications and cloud applications with Azure AD. We also have a few external applications for which we need to implement a self-service portal and handle requests such as password reset.

We have external applications such as Cloudspace, and we have integrated Azure AD with Cloudspace. We mainly use a single sign-on. Our main target is to go through all single sign-on applications and integrate them with Azure AD. We also need to audit everything in Office 365. Our mail system is Office 365, and we also do some auditing.

We are also implementing Intune. We have deployed some basic policies for mobile devices, and we are working on improving those policies. We need to configure conditional access and improve policies for the applications and devices. We are doing some testing, and it is in progress.

In terms of deployment, we have a hybrid deployment of Azure AD. We have the 2019 version of AD on-prem.

We are able to do complete onboarding through AD. The users have access through the AD login, which is synced with Azure AD. We have a hybrid environment, and every cloud application is accessed through AD. We have defined AD policies related to password expiration, limitations, etc. It has provided smoother accessibility.

Previously, when we had on-premise AD, to reset their own passwords, users had to use a VPN or bring their laptop to the office. With self-service, users can easily change their passwords. This reduces the workload for IT support. If their password gets locked, they can unlock it themself by using Azure AD. Previously, it was also difficult to integrate with external applications, but with Azure AD, integration with external applications is easier. 

Azure AD makes it easier to see and monitor everything in terms of access. We can see sign-in logs or audit logs, and we can also integrate devices by using Intune. So, we can manage BYOD devices inside the organization.

We are using Conditional Access, MFA, and AIP. We have integrated it with Intune, and we already have DLPs.

Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data. 

The audit logs are very good for seeing everything.

We started using it at the end of last year.

It is stable. I haven't faced any issues. There could be some issues related to syncing because of on-prem, but overall, it is quite stable.

I don't have much experience with scalability. I only use tier one or Premium P1, and I want to move to Premium P2 that has more security levels and more advantages.

In my previous companies, there were a thousand users. In my current company, we have less than 500 users. It is working fine, and there are no issues.

We plan to expand our usage. If it is possible, we plan to upgrade our subscription to Premium P2. We have introduced it to one or two companies who were looking for such a solution. We have already introduced the Azure AD hybrid platform for companies that had only an on-prem setup.

Sometimes, there are issues, but they are usually because of user mistakes. We are able to fix such issues. We are able to find the issue and do troubleshooting. We are able to find information about what is wrong and how to fix it. 

Their support is okay. They are able to resolve the issue, but sometimes, there is a delay because the ticket goes to the wrong person or the wrong time zone. I would rate them an eight or a nine out of 10.

We have only been using Microsoft solutions.

It is easy to deploy and not complex, but it also depends on your requirements. We have tenants and subscriptions, and we connect AD to Azure AD through Azure AD Connect, and they are periodically synced.

The connectivity took a day or two. It doesn't take long. Sometimes, there could be issues with on-prem because of not having a standardized setup or because of parameter duplication, but after we resolve the issues, it doesn't take long. For its setup, only one person is generally required.

It was implemented by me, and I also had one guy's support. 

Our infrastructure team takes care of the maintenance part. They are taking care of monitoring. If there is an alert or something happens, they take care of it. It doesn't require much maintenance. One person can manage it.

We have been able to achieve our target and requirements for security. After the move to Azure AD, the security level is high. The users have to change passwords and do MFA a few times if something goes wrong, and if they can't, the device is going to block them. Sometimes, users are not happy, but at the organizational level, it is good. It is costly, but the improvement is good in terms of performance and security.

It is a packaged license. We have a Premium P1 subscription of Office 365, and it came with that.

Two or three years ago, we were looking at some open-source solutions.

I would rate Azure Active Directory a nine out of 10.