Microsoft Entra ID Reviews

We are using it for central management, MDM, SSO, MFA, applying policies.

In terms of the features that I have found most valuable, it is cloud based so it is always updated, that part you don't have to take care of. It is public cloud. It is actually AD as a service, so it's a kind of an infrastructure. It is more infrastructure as a service.

We had some issues with the migration of users from the local user accounts to Azure AD. It was more like a local issue and had nothing to do with the Azure AD itself. It works fine for SSO, the Single Sign On. We were not able to do the integration very easily with ADP, so that was a challenge, but later on it was resolved. We had to do a lot of things to have that on the configuration. Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be, the integration was not very seamless.

Additionally, it would be great if they added support for more applications in terms of integration for SSO. That's the only thing that I find missing for Azure AD.

We have been using Azure Active Directory for the last six months. We didn't do any migration from on-premise Active Directory to Azure AD on the cloud. What we did when we were setting up the computers was to join users to Azure AD and apply some conditional policies and everything works fine. We don't have any issues. The only thing we face are some problems with some computers because they were using it locally and we had a lot of data. So when we did the migration to Azure AD, we also had to move all the user settings data, the complete user profile, to the Azure AD account, as well. That was a challenge, but I was able to use ProfWiz to move data between user profile.

There are not any bugs or glitches that I can recall. So far everything is working well.

Scalability is one of the reasons we selected Azure Active Directory. It scales very well.

For now there are almost a hundred users using it, but we are adding more.

We contacted support only one time and it was not related to SSO. We had some questions about their subscription and it was good.

When I was working with another company, we were using on-premise Azure Active Directory. We didn't want to invest in the infrastructure to maintain it, to get the license, so it was not very cost effective for us. We had a meeting with the management and saw that Azure AD would be very cost effective, scalable, and more secure, especially in terms of SSO and MFA, which were some of our requirements. We didn't want Active Directory on premise. It was not easy to do the migration.

The initial setup is not very difficult, especially if you start using it straight away. But if you do the migration, I think that might be a challenge. Fortunately, we started directly from Azure AD, we didn't have to do any migration from Azure AD On-premise to the cloud. It was pretty straightforward and easy. We didn't face any difficulties.

It depends on their requirements and what they are trying to achieve. One shoe does not fit all feet, so that's why it might be different from company to company. For us, it met all our requirements. It was very scalable, which is huge, and just always available. You don't have to be very worried about maintaining your own hardware, your own infrastructure, updating the servers from time to time or caring about securing your on-premise infrastructure. Azure AD is a good solution. I am satisfied with it so far and everything works great.

On a scale of one to ten, I would give Azure Active Directory a nine.

We're using Azure Active Directory for MFA.

It is very usable and easy to use.

It is easy to manage. I can manage systems with policies and automate our systems. Any professional system can be easily integrated with Azure Active Directory. It is widely used with Windows versions. 

Four years ago, we had an issue with Azure AD. We wanted to reverse sync from Azure AD to on-prem Active Directory, but we couldn't achieve this. Azure AD could connect only in one way, for example, from your site to Azure. If you needed to do the reverse and connect from Azure to on-prem, there was no way to achieve it. We asked Microsoft, and they told us that they don't support it.

Their support should be faster and more knowledgeable and customer-friendly.

I have been using this solution for maybe four years.

It is very stable.

It is very scalable. I don't know about the number of users that we have currently, but at the time I managed its synchronization, there were maybe 800 users. 

We're not satisfied with their support. We couldn't get support from Microsoft directly, and we made an agreement with a company. We weren't satisfied with their support. They were very slow and not friendly. They couldn't solve our problems because our program was very complex.

I didn't use any other solution. I only use Active Directory and Azure AD.

I installed hybrid Exchange. It was very easy for us. Its installation took a very short time. There was a connector system on Exchange, and we just had to set up the connection. It was very easy.

I installed it myself.  

Its maintenance is very cheap and easy. We have only two engineers to manage Azure AD and Azure Exchange.

We have an agreement with Microsoft, and my company pays yearly.

It is a very good product. I plan to keep using it because it is very easy to manage.

If you use an application in Azure and you want single sign-on for Azure products, you should prefer using Azure AD. You should synchronize your on-premise Active Directory to Azure AD. We synchronized Active Directory with Azure AD for single sign-on. For example, if a worker wants to sign in on your computer with the same user ID and password, he or she can connect to Azure services. Azure AD provides support for this.

I would rate Azure Active Directory a nine out of 10. 

We provide a pipeline for Azure Active Directory. We are working with premium clients, giving them services, like SaaS application services through Azure Active Directory. Also, we help external clients who are planning to migrate from on-prem to Azure Active Directory. We help them with the setup, etc.

We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.

We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.

The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features. 

There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users. 

Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.

Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.

Azure AD needs to be more in sync. The synchronization can be time-consuming. 

The availability is good. I have never experienced any downtime.

The scalability is great. If we will go with the custom installation version of Azure AD Connect, i.e., for many users, then we can go with the custom settings. 

I have one client with one tenant. We verified their domain and created many users. It was already on-prem, so we synced all the users from on-prem to Azure AD. We gave those users Office 365 permission from the Office 365 admin center. From there, we enabled the MFA and assigned the licenses. 

We have migrated 10,000 to 12,000 objects from on-prem to Azure AD previously.

Whenever I have logged a case with Microsoft, their technical support replies within 24 hours with an email and a call, which is good.

Previously, our clients only had on-premises Active Directory. They migrated to Azure AD because they didn't want to keep their on-prem environment. There are a lot of challenges with maintaining those servers and other costs. 

It is also a good service. From one console, we can manage many things. It is better if we can work with it from a single console, managing it all with fewer resources. With on-prem, there are many domain controllers that we need for various stages, and we have to manage all the domain controllers. Apart from that, we have to back up and monitor the server as well as do everything for the setup. 

It is a very easy process to set up. First, we need to collect all the information, e.g., the custom domain information, user information, and which kinds of applications the users want to access. All this information is needed. Based on that, we can just set up and go to the Azure Portal. We can go to the Azure Active Directory console from there, where we can verify the domain and do the management. It is a very easy process, which is not time-consuming. Though, if you want to design your own application (customize it) and provide access for a particular user or group, then it can be a bit of a time-consuming process.

I don't think more than one or two people are needed for the deployment. If we have all the information, then we can work alone. Not many resources are needed for this.

Azure AD has a good return on investment. We do not need as many servers, electricity, etc. We can save from a cost point of view. Apart from that, if we have a limited set of users, we do not need to go with the extended version of Azure Active Directory, where it costs a lot to enable these services. Azure Active Directory is a good option compared to on-premises. 

This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.

We are working with the Premium P2 licenses, which are reasonable. If you invest in the on-premises environment setup, then it costs so much. However, on-prem AD gives you the ability to manage your organization in a very organized manner, where you can create a group policy.

Azure AD provides identity access. If you have to go with the identity part only, then Azure AD would be the better option. If you will go with the various authentication authorization and security services, like group policy setup, then on-prem Active Directory would be better.

It is good service and easy to use.

I would rate the solution as a nine out of 10. They should be improving the solution all the time.

We have deployed an Active Directory model with Active Directory on-premises, and that is providing services to the entire organization. In 2018, we wanted to implement single sign-on with some of our cloud solution partners. That was the main reason that drove us to implement Azure Active Directory. As far as I know, that's the only thing that we use Azure Active Directory for at this moment.

We can call it a hybrid system. All our internal operations are using Active Directory on-premises, but when we need to identify some of our users with applications on the cloud, that's when we use Azure Active Directory.

We are a mid-size company with around 550 users end-users, with the same number of end-user machines. We also run somewhere between 120 and 150 servers.

The reason we implemented it is that we can use it for authentication with some of our service applications, and that makes users' lives easier. They do not need to learn a lot of different passwords and different usernames. The other benefit is that, on the management side, it's very easy because you can have tight control over who is using the application and who is not; who has permissions.

For some applications, it's not only working for authentication but it's also being used to apply roles for users. From the management perspective, it's much better to have this because in the past we constantly needed to go into the console of the different solutions and create or delete users or modify their roles and permissions. Now, with Azure Active Directory, we can do that from a single point. That makes our management model much easier.

As a result, the solution has helped to improve our security, because user management control is very important. In the past, there were times when, for some reason, we forgot about deleting or even creating users for certain applications. Now, because we have only a single point for those processes, there is better control of that and it reduces the risk of information security incidents. That's especially true when you consider the case where we had forgotten to delete some users due to the increasing number of applications in the cloud. We now have five or six applications using single sign-on and that capability is one of our requirements when we introduce a new solution. It has to be compliant with single sign-on and it should have a way to be implemented with Azure Active Directory. It makes our infrastructure more secure.

Among the applications we have that are using single sign-on are Office 365, Concur for expense control, we have an integration with LinkedIn, as well as two other applications. When a user decides to leave the organization, we check that their access to all our internal applications has been closed. That can be done now with a single script. It makes it very easy for us to delete the user from the organizational unit, or from where the group linked to the application.

It makes things a lot more comfortable in terms of security as we don't need to log in to every single application to delete users. We would see, in the past, when we would run a review on an application in the cloud, that suddenly there were, say, 10 users who shouldn't be there. They could still be using the service because we didn't delete them. For some applications it's not that bad, but for others it could be an open security risk because those users would still have access to assets of the organization. We have reduced, almost to zero, the occurrences of forgetting a user.

Azure AD has affected the end-user experience in a positive way because, as I mentioned, they do not need to learn different usernames and different passwords. In addition, when users request access to some of the applications, we just need to assign the user to the different groups we have. These groups have been integrated with the different cloud applications and that means they can have almost immediate access to the applications. It makes it easier for us to assign roles and access. From the user perspective that's good because once they request something they have access to the service in less than 15 minutes.

Implementation of single sign-on with other vendors is quite easy. It might take a couple of hours and everything is running.

We've been using Azure Active Directory for over two years.

The availability of Azure AD is good. I don't have any complaints about it. Regarding the stability, we haven't had any issues with it. We haven't experienced any service interruption. 

Part of our strategy in the short-term is to move most of our Microsoft environment, when it's feasible, to the cloud, because we have seen that the cloud environment offered by Microsoft is really stable. We have proved that with tools like Azure Active Directory. In almost three years we haven't had a single issue with it.

From time to time it takes a little bit of time to replicate, with some of the applications—something like five to 10 minutes. I know that the design is not supposed to enable real-time replication with some of the applications. But, as an administrator, I would like to run a specific change or modification in Azure Active Directory and see it replicated almost immediately. It really only takes a few minutes. Although it doesn't seem to cause any problems for our organization, I would like to see more efficiency when it comes to the different connectors with cloud services.

We haven't had a situation where we need to scale this solution.

We haven't had any major issue with the solution so we haven't called Microsoft technical support for Azure AD so far.

We have always used Active Directory as our dedicated services solution. Three years ago we increased the scope of it and synchronized it with Azure Active Directory. Our on-premises Active Directory is our primary solution. Azure Active Directory is an extension of that.

The initial setup was quite straightforward. It didn't take too long just to get our Azure Active Directory environment set up and running. I think it took less than a day. It was really fast.

We already had Active Directory on-premises, so what we created was the instance of Azure Active Directory. All the different groups, users, and services were already set up. We then replicated with what we currently have in the Azure Active Directory instance. It was not really difficult.

Our company is quite small and that is reflected in our IT department. Azure Active Directory is handled by our infrastructure coordination team, which has only two members. One is the senior engineer who performs all the major changes and the main configurations. We also have a junior engineer who runs all the operations in the company. From time to time, one person from our help desk, usually me, does some small operations when we don't have the infrastructure team available.

We use a reseller to buy the product and they also provide some consulting services. Our relationship with Microsoft is not a direct relationship.

Our reseller is SoftwareONE. They're a global company and our experience with them has been good. We have been with them since 2010 or 2011. We have two or three different services from them related to Microsoft and other brands. They are not exclusively reselling Microsoft licenses. 

From a very subjective point of view, as I haven't drawn any kind of numbers to calculate the return on investment, what I can see so far is that the investment is running smoothly and it's easier for us to run our environment with it.

If you have all your infrastructure built using Microsoft tools, it is straightforward to go with Azure Active Directory. Under these circumstances, I don't see any reason to find another solution.

We have an E3 contract, and I believe Azure AD is included in it.

We didn't evaluate other vendors because our entire environment is based on Microsoft solutions.

As with any implementation, design is key. That would be applicable to Active Directory as well, but when it comes to Azure AD, do not start the installation unless you have an accepted design for it. You shouldn't just start creating objects on it. You need to have a clear strategy behind what you're going to do. That will save you a lot of headaches. If you start without any kind of design, at the end of the road, you can end up saying, "Okay, I think it would have been better to create this organizational unit," or, "We should have enabled this feature." It's probably not very straightforward to implement the changes. So have a team design the Azure Active Directory structure for you. You need to have the map before starting the implementation.

Azure AD is where our primary user data is stored. We get a feed-in from our HCM solution and it creates our users, and then that's where we store all of their authorizations, group memberships, and other relevant details.

We access it through the Azure Portal.

This product has helped improve our security posture because it allows a tie-in into the Microsoft Azure Sentinel product very easily and seamlessly. From a security standpoint, you have the option of conditional access, the option of identity protection, and those types of things. We have incorporated those right into our offering.

Overall, security-wise, this solution has allowed us to be more flexible. When you had just Active Directory and it was an on-premise solution, you had to do a lot of manipulation to get SaaS products working. You had to do a lot of customizing and those types of things. With Azure Active Directory, it's more configuration than it is customization. This allows us to be a lot more flexible, which brings about efficiency, better security, and other benefits.

Azure Active Directory has also improved our end-user experience.

Before, most companies including ours would use a customized username that would have random characters for a user. This is different from Azure Active Directory, which uses what looks like the email address as your username. In fact, it can be set up as a genuine email address. Where it differs is on the back end, where it has a unique ID, but on the front end, it's more readable and it's better understandable.

From my user experience, the sign-on is seamless as you go through and use any of Microsoft products. Everything ties right into it, and then as you set up your different applications that are tied into Azure Active Directory, and get the single sign-on, everything becomes a whole lot easier to connect into. From a user experience, it's improved it drastically.

For provisioning users, you start by registering an application as either an enterprise application or a custom application. You can set up from within Azure Active Directory how it is that users connect to it. Microsoft has done a great job with providing a lot of application templates that help to connect and add it into the cloud. Almost every application that you could think of is there. From that point, you can set up provisioning.

To assist with provisioning, they have great documentation. From an admin perspective, much of the work is done for you. After the applications are connected to Azure Active Directory, you assign users and groups, provisioning users via API calls, which is how it's done on the back end, and it ties in using service accounts. Then, you can create a group that has the appropriate permissions such as write permission, full admin rights, or contributor rights, and then provision users into those groups. The system automatically handles it for you at that point.

This product is easy to use.

The features that we use day in and day out are single sign-on, group capabilities, and provisioning capabilities. All of these are very useful.

This product has features such as Conditional Access that improve our security posture. Conditional access gives access only through a timeframe. We have certain policies that we set up, which could be a certain amount of time or it could be a certain type of access. These are examples of types of conditional access.

Another example of a security feature that helps us is Identity Protection, which will perform the automatic detection and remediation of risks.

We also have the ability to go in and investigate any risks using data within the portal, and it's all automated. It's nice in that sense.

These features have significantly improved our security posture and time for remediation. It would be difficult to estimate a time improvement in terms of a percentage, but being that it's automated and there is a portal that displays the risks in real-time, it's a very significant change. Previously, we had to go through and look at logs and those types of things, which was time-consuming compared to using the portal.

We also use multi-factor authentication, which is very useful because that gives another layer of security protection for our users. You have to have some sort of device that you can use to provide that second factor, and not just your username and password.

The provisioning capability is a two-edged sword because it is very useful, but it also needs some improvement. When you start to deal with legacy applications, provisioning is not as intuitive. Legacy applications, a lot of times, were based on an on-premise Active Directory and you had to use it to provision users or grant access to the product. I don't know of a way to make Azure Active Directory act as an on-premises version to connect to those legacy applications.

The speed and responsiveness of the technical support are things that could use some improvement.

We have been using Azure Active Directory since October of 2018, nearly three years ago.

The stability is not too bad. It's usually other issues that go on within Microsoft Azure. Whenever Microsoft Azure is down, the Azure Active Directory service sometimes can be down intermittently, depending on where things are at.

It is important to remember that it's not always the Azure Active Directory component that is down. Rather, a lot of the time, there is an app that is tied into Azure Active Directory causing the problem. I think we've had one incident in the last year that was tied directly to Azure Active Directory, where it was down from a SaaS perspective.

This solution scales very well. We were able to tie into our previous company and then bring on all of those users in a very quick amount of time. This included making sure that they could all log in and get access. We haven't really had any issues from that standpoint.

In terms of the users, you can add B2B and you can add B2C, as well. Scalability-wise, it's been good for us. We have between 15,000 and 20,000 users, which is fully scaled at the moment.

We have plans to do further B2B, as we work with our retail partners. We have a lot of retail partners, which is how our business model is structured, and that's something that we're planning on adding and moving forward with.

As far as scaling, going up, or going down, our numbers of Azure Active Directory users are pretty much what they're going to be for the next couple of years. That said, our B2B is definitely going to increase over the same period.

We use Covenant Technology Partners as the first level of technical support. Most of our support tickets actually get escalated from them up to the Microsoft product team.

The Microsoft product team's service is hit or miss, which is something that Microsoft can improve on. They are sometimes slower to react than we would like, but for the most part, they do take our tickets and work on them as they can, to try to figure out ways of remediation.

We did not have any solution prior to this; it was simply an on-premises Active Directory. We were spinning up something brand new to move forward. Being managed saves a lot of time and effort. We migrated our users over from the Active Directory that the prior owners had, but they managed it all, we did not.

It was very easy to get set up and running. Basically, you log into the Azure portal, you have your tenant that you're already connected into, you add a domain and then you just go. You add your first user and then you continue from there.

Our deployment started in October of that year, we had our first users within a week, and then we pretty much provisioned all of our users within a month. It was a pretty quick turnaround.

At the time of deployment, we were in the middle of a divestiture. As such, our implementation strategy included spinning up a brand new Active Directory so that we could start to migrate our users over from our previous owners into a new one that we would control. Consequently, we started from scratch.

I know that a lot of companies are not doing that. Rather, many are starting with an Active Directory and then moving into Azure Active Directory, but for us, it was a clean slate. We then started to incorporate methods of synching with our previous owner so that we could get all of the data from them and continue to march towards a separation.

We brought in consultants only because we didn't have the manpower at the time when we got started. I believe there was one other person besides myself, we were both at the director level, and neither of us had been given the time to build out our teams by that point. The third-party consulting company that we brought in assisted us to help us and assist us in getting everything set up and built out.

The company was Covenant Technology Partners and our experience with them was very good. They were able to help us get everything set up and running right away. Overall, it went very smoothly.

With respect to day-to-day maintenance, we have a lot of it automated. We've tied it into ServiceNow and a lot of our user additions, modifications, deletions, and other operations are things that we have automated via ServiceNow workflow.

I do have a team of three engineers under a manager that currently manages it, but they don't spend any more than probably 5% of their time, daily, dealing with it.

It is difficult to estimate our return when we didn't own anything beforehand. There is no real basis for comparison. That said, the automation capabilities cut down manual provisioning, manual adding, removing, deletion, editing, and those types of things, of user fields. I would say those are the big savings, and it's helpful that you can easily do the automation tie-in into Azure Active Directory.

Anytime you are dealing with Microsoft and licensing, it is always interesting. We have various levels of their licensing, which includes users on different levels of their enterprise offering. For example, some are on E3, whereas others are on E5. The differences between them have to do with the various features that we use.

We're a Microsoft Teams company and we use it not only for collaboration and instant messaging, but we also use it as our phone system. We did all of that together, so when we spun up Azure Active Directory, we also spun out Microsoft teams to use as our phones and flipped off of an old PBX system. It's been very useful but the licensing can be complicated when you get into the retail partners and guests. But for the most part, Microsoft has done a good job of explaining the different levels and what we need and has given us the proper licensing.

There are no additional fees for Azure Active Directory.

We did not evaluate other vendors. Our plan was to implement Microsoft Azure as our cloud solution, as well as go forward with Azure Active Directory. That was the plan from the get-go.

I know that Okta was out there, as well as a couple of other options, but that was never really a consideration for us.

The biggest lesson that I have learned from using this product is that because it is a SaaS solution, it's easy to get set up and configured. It doesn't take a lot of overhead to run and quite honestly, the security on it is getting better. Microsoft continues to pump more security features into it.

My advice for anybody who is considering Azure Active Directory is that if you have Microsoft products that you are currently already using, I would definitely recommend it. This is a solution that seamlessly ties into your Office products, and into any Microsoft product, and it's really easy to manage. You can spin it up quickly, implement it, and get going right away. You are able to tie into your on-premise Active Directory as well. At that point, you can start to sync those two to manage all of your users and all of your groups in one place.

Overall, this is a good product and to me it's perfect but at the same time, nothing is perfect.

I would rate this solution a nine out of ten.

We are a system implementer and this is one of the products that we provide to our clients.

We primarily use this product for identity and access management. Any of our customers using Office 365, which includes Exchange Online and SharePoint Online, are using it for authentication. Worldwide, there are a lot of use cases.

The identity check includes whether the username and password are correct, and it also supports multifactor authentication.

This solution is in the cloud and as soon as users log in to the Office 365 portal, or whatever application you assign to them, it will take care of the identity aspect.

The most valuable features are authentication, authorization, and identity access.

Conditional access is a very important feature where a specific user can be restricted such that they cannot connect to the application if they travel outside of the US.

Multifactor authentication is very important.

They have a velocity check, powered by artificial intelligence and machine learning, where if you have been logging in at a location in the US but suddenly you try to log in from a different country, it flags it as an unusual amount of travel in a short time and it will ask you to prove your identity. This is a security feature that assumes it is a phishing attack and is one of the important protections in the product.

The problem with this product is that we have limited control, and can't even see where it is running.  If Microsoft can give us a way to see where this product is running, from a backend perspective, then it would be great.

I would like to see Microsoft continue to add new features gradually, over time, so that we can introduce them to our customers.

We have been using Azure Active Directory for more than six years.

The stability of this product is 100%, and we plan to continue using it.

As this is a cloud-based product, you don't need to worry about scalability. Regardless of the number of users, it handles identity management.

90% of our customers are using it. From what I see, we have up to 50,000 end-users. In reality, we can have up to 400,000.

We can handle most of the issues by ourselves but if not, Microsoft support is available and we just have to create a ticket.

This is the first cloud-based identity management solution that we have used. In an on-premises deployment, we use the traditional Active Directory.

The deployment process involves using the Azure AD Connect tool, which is very important. The only choice that needs to be made beyond this is whether you want to have single sign-on (SSO) enabled or not.

The deployment will require some basic planning. The length of time required will be a maximum of four weeks. Three staff should be sufficient, although this depends on the number of users.

The maintenance of this solution is almost zero. The only time that something needs to be done is in the on-premises portion of a hybrid solution. The cloud aspect is maintained by Microsoft.

As this is a cloud-based solution, less maintenance is required, so the return on investment is better.

The P1 version costs $6 per user per month. If you need the P2 version then it is an extra $3 per month.

There are two different Premium versions of this product available, being P1 and P2. For 99% of our customers, P1 is enough. The P2 version has some advanced features required by a small number of customers.

Overall, my experience with Active Directory has been very good. When we work in the cloud, this product provides us with almost everything.

I would rate this solution a nine out of ten.

Our use case depends on the client, their project, and what they want to deploy. 

1. The solution can be deployed for security purposes. Multi-factor authentication is being deployed as a second layer of authentication, especially during this COVID-19 time, because everything has to stay secure. 
2. Almost every organization uses the software as a service (SaaS) part. Because of the pandemic right now, a lot of companies are moving many things to the cloud, like virtual machines (VMs) and virtual networks. It doesn't invalidate the fact that some companies don't want to have control on-premises. 

Everything depends on the solution or what the client wants.

We use it for PaaS and IaaS.

In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.

In terms of improvement, there should be more flexibility and conditional access. There is a lot of flexibility already, but there are some technologies that should be embedded and integrated into it for a more flexible, customized experience. Also, there should be more tools for analysis for clients, e.g., there should be more flexibility aimed at end users. Regular IT guys for each company should be able to use the tools to troubleshoot a certain level of analysis in their environment.

The security part should be improved overall. 

The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform,  am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly.

I have been using it for four to five years.

Availability for Azure AD as a whole is 99.95 percent. It is simpler and more available than the way technology used to be previously.

It is very scalable. When you talk about licensing, you have the option to scale up or scale down. For example, you purchase 50 seats of licenses and assign 45 licenses, then for some reason, you fire 10 employees. Once you fire them, you will probably block their identity access and single sign-in. After that, you can decide to reduce the number of licenses. On the other hand, if you acquire 10 licenses and employ five new people, then you can scale up by adding more five licenses that month. So, it helps you to scale up or scale down easily.

In another example, if you have acquired five virtual machine instances, then are using more in terms of the processor, you can scale up. It depends on the configuration you have. If you have done the setup and everything from the beginning, then you can say, "If the processor level reaches 80 percent, you want to add another two virtual machine instances." On the other hand, if you deployed five virtual machine instances, but your usage of those processors is lower than 30 percent, then you should scale down. So, if you have five licenses and you want to scale down by one, then you can scale it down so you can reduce your costs.

I would rate the technical support as a nine out of 10.

When I set it up two years ago, it was easy, not complex. It didn't take much time at all to set up.

A lot of people sign in or set it up with a Google account, Yahoo account, or Microsoft account, which is not the global administrator. A lot of people think that this is the global administrator. They don't understand that the account might have an extension and don't see this until that account gets locked out. That is when they have problems signing in. The setup is not that complex. It is just that the user experience overall needs improvement here.

The deployment process depends on what you are trying to achieve and the technology that you are trying to deploy, e.g., are you trying to deploy SSO, set up device writeback, or do a regular AD Connect setup? Everything depends on the objective or the overall goals of what you want to achieve.

Even after it has been deployed, one or two users may have problems with their account in terms of multi-factor authentication or the way it has been set up. I work with them to troubleshoot these issues.

Sometimes, the priority is to set up AD Connect, which integrates your on-premises to Active Directory. You must make sure your server is up and running. Apart from that, you need to set up your tenant, which is your profile admin center. 

If they want to download and install their tools, then we can connect to their on-premises for synchronization. So, it helps collect on-premises data and put it into the cloud. 

You can also install PowerShell. 

Everything needs to be considered for the requirements and if it is within the budget, then you can come up with a solution, whether it is SaaS, PaaS, or IaaS. 

Since people might not be very familiar with the platform, I have developed a system for how to use, deploy, or utilize the technology.

At the end of the day, it is about the overall goal because everything comes with a cost. Azure AD comes in different ways and shapes, e.g., SaaS is different from IaaS or PaaS, though it is still the same platform. 

Whether you are a small business or large business, you can always enjoy a very secure cloud platform. 

I would rate Azure AD as a nine out of 10.

When we are deploying cloud applications we avail ourselves of the services of Azure AD. At the moment, we are mostly getting the data from on-premises to the cloud, as far as user entities go. We're trying to define policies based upon the company's and our projects' requirements, such as whether we need to make something public or private. This all has to be defined. We also use it for access management.

We have protected the entire tenant itself, as a federation. AAD has also become a great source of research.

Previously there were many tenants and many subscriptions within each tenant. We have been able to separate Office 365 as a separate tenant and not welcome any other applications into that. We are only using SaaS with that tenant. Later, we had different tenants, and we welcomed all types of PaaS and IaaS.

Recently, managed identities came into the market, and we are trying to adhere to automations and customization, the automation of groups, which is a major advantage. That way, people don't have to wait for a long time for manual intervention. If they raise a ticket, within a few minutes the answer can be in their mailbox with all the details.

The features I normally use are for authentication and authorization.

Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.

For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.

An area where there is room for improvement is the ease of use of the dashboards.

Also, if a user is working in India, and we suddenly see a login from the US, Australia, or New Zealand, we should be alerted, because we wouldn't expect that application would be used by that user in those locations at that time.

An area for improvement is that there is so much dependence on on-premises databases, in the on-premises directory services.

In terms of features we would like to see, we don't have domain controllers in Azure AD. We are also looking at how we can best migrate users from on-premises to Azure AD, and how we can welcome B2B users. We would like to see improvement in the B2B functionality. We hope that is already in the roadmap. We'd also like to see some functionality for how we can set boundaries for tenants. We have multiple tenants that we're trying to consolidate. It's definitely going to be a big challenge to consolidate two tenants, so we're looking for help in that area.

I have been using Azure AD for the last three years.

In terms of the solution's availability, I haven't seen anything negative. It's always available. There have been no issues.

I haven't seen any room for improving the scalability or performance. The capacity is good. We are managing about 5,000 users in Azure AD. We have an Ops team and there are about 10 people who maintain and manage users and groups for the production tenant. But in five months, with SaaS and PaaS services, that might go higher.

We have had many discussions with tech support for Azure AD. We are trying to install read-only domain controllers or ODCs into the cloud platform. We have had many challenges with that in terms of the network side and the business requirements. Another issue we have spoken with them about is how to do automation of service principles and of groups.

Support has been great, but there is a little room for improvement. We have had to go through many iterations and we have had to wait for a long time until the next version of the solution comes out. Overall, we get good support, but their timelines could be better.

We were using Microsoft AD, on-premises. We are now syncing all the users who are in the on-premises version to Azure AD. We are not directly creating users in Azure AD because of the dependencies. Many legacy applications are talking to the on-premises directory services. When a user is created, we are sending that user from the on-premises to the cloud through Azure AD Connect.

We are using the Premium P2 licensing. 

To explore the solution, I had to create a personal version, because I can't play with the access that we get from the company. We explore those services in the personal version first, to see how it reacts.

From the company side, we haven't had issues because the licensing works well. But on a personal level, if I could enable more trial services, at least for a year, it would be much easier to explore and suggest the best solutions.

It's an easy tool to explore if you have already worked with the on-premises data services. There is good documentation available on the Microsoft website. If Microsoft provided more time for new users to explore new features, that would help. Everyone could learn more and contribute more to their companies or to the projects that they're working on. But it is easy to learn.

Just be careful, because you are in the cloud. You have to be aware of access, AM, how the user is coming into their account, where the user is going and what the user actions are, and what access they have. Always try to enable single sign-on, so that if any fraudulent user comes into the picture, you can remove them as soon as possible. So enable those features for admin accounts and use privileged IT management, vaulting the password. You have to strictly follow the security standards, because it's open to the public when it is on the cloud. You have to be very careful about the project requirements, the end-user requirements, and what the business stakeholders need.

When we started with Azure AD, we didn't restrict much. Later, we restricted a few possibilities, such as users logging in with their social accounts, or email accounts like Yahoo accounts or Outlook. Initially it was open to all. Any user could invite a guest user and provide access, but later we restricted things with conditional management, and restricted users so that they could not connect to their Gmail accounts. We are coming up with more policies as well.

We have ongoing discussions with Microsoft Azure AD regarding how we can best protect our entities and what the behaviors should be. We have some more specific requirements in the company, related to project behavior. With IaaS, you have to welcome everyone. You have to put virtual machines in the cloud. You can use the password services and develop custom APIs and deploy them. 

We are trying to define our security policies as much as we can, as we are seeing many changes in the market and are trying to restrict as much as we can. Only users who are least privileged can have an all-access. The most privileged will have additional authentication. We're trying to differentiate.

We have to be very careful about the administrative part, so that operations can easily manage without any hassle. Because we don't have natural restrictions, we are trying to implement our own rules.

As we are moving to the cloud, we have to be very careful when it comes to Azure Active Directory. If there is a mistake and a random user can log in to the directory, they could have access to everything. A user should not have access to whatever he wants, so setting up the right level of authentication and authorization is important. Use IAM very effectively. Identity and access management is a powerful space where one has to be very careful in choosing and configuring policies and standard procedures. We're trying to define that and be careful when with all platforms, whether IaaS, SaaS, or PaaS. At the moment it's going well.

We are merging many things in the tenant. Before, we only had SaaS. We are trying to welcome PaaS and IaaS to use the same production tenant. We have to exercise caution for everyone, all the individual policies, groups, and service principles. We have to enable all the features that you are capable of, such as user sign-in permissions, and application sign-ins. That has to be continuously monitored.

We have a good rapport with Microsoft. We have good support. We'll be exploring all the new services, like the managed entities and their other services that have come up. We are trying our best to explore and use the latest features that are available.