Microsoft Entra ID Reviews

The use case for this solution is the access to Office 365, Azure subscriptions, and several software as a service platforms as well as other SaaS-developed applications that we provide access to, such as, OpenID Connect, OAuth, or SAML.

It is a central point where we provide the cloud lock-in for our company. We focus the multi-factor authentication within Azure AD before jumping to other clouds or software as a service offerings. So, it is the central point when you need to access something for our company within the cloud. You go to Azure AD and can authenticate there, then you move from there to the target destination or the single sign-on.

Azure AD added a different layer. We were able to add multi-factor authentication for cloud applications, which was not possible before. We also may reduce our VPN footprint due to the Azure AD application proxy. We have a central point where we have registered our software as a service applications that we obtain from other providers or the applications that we host ourselves.

The most valuable feature is the possibility to create multi-tenant applications alone, or in combination with Azure Active Directory B2C. So, you can provide access to applications for your external partners without having to care about the accounts of external partners, because they will stick it in there as an AD tenant. That is the feature that I like the most.

The solution has features that have helped improve our security posture: 

• A tagging mechanism that we use for identifying who is the owner of an application registration. 
• Conditional access and multi-factor authentication, which are adding a lot to security. 
• The privileged identity management feature that has arisen off privileged access management. This is helping a lot when providing access to certain roles just-in-time. 

They are also still developing several other features that will help us.

It does affect the end user experience. It depends on where they are. When they are within the corporate network, then they already have a second factor that is automatically assigned to them. When they are outside of the company, that is when they have to provide a second factor. That is mostly a SMS message. Now, with the Microsoft Authenticator app that you can install on your mobile phone, we are shifting towards that. This has reduced errors because you may just say that you confirm a message on your mobile phone instead of typing the six-digit code, hoping that you are still in time, and that you entered it correctly. So, it does affect our employees. We try to be up-to-date there.

Mostly, it affects security. It is an obstacle that you have to climb. For example, if you have to enter the code in from the SMS message, then you have to wait for the SMS message to arrive and copy the code, or you have to transfer the code from the SMS message into the field. We reduce that workload for employees by having them be able to receive a message on their phone, then confirm that message. So, security is less of an obstacle, and it is more natural.

The user administration has room for improvement because some parts are not available within the Azure AD portal, but they are available within the Microsoft 365 portal. When I want to assign that to a user, it would be great if that would be available within the Azure AD portal.

It would be awesome to have a feature where you can see the permissions of a user in all their Azure subscriptions. Right now, you have to select a user, then you have to select the subscription to see which permissions the user has in their selected subscriptions. Sometimes, you just want to know, "Does that user have any permissions in any subscriptions?" That would be awesome if that would be available via the portal.

I have been using it for more than two years now.

The stability is very good. They had a problem recently that was hopefully the exception. 

I am looking forward to the adjustment of the SLA that they increased from 99.9 percent to 99.99 percent. With this increase, which should happen on the first of April (not an April joke), this should be a huge improvement for the visibility towards the world because this is a commitment by Microsoft, saying, "We are taking care of Azure AD." I think that is a very good thing.

From my point of view, it scales very well. There are different possibilities to take care of it, depending on what you want to achieve. Lately, they introduced something like administration units, where you can achieve that even a bit further to restrict the access of your administrator to a certain group. So, that should be really helpful for even better scaling.

One company has around 50,000 users and another company has around 200 users. For the bigger company, there are several people involved, three to four people. They are taking care of application registrations as well as the Azure AD Connect synchronization to see if there are any errors, then clear those errors. However, it is mostly the application, registration, and configuration of the Azure AD.

The technical support is great. We have access to a special unit within Microsoft where we have additional support besides the technical support. So, it has been really good working with Microsoft.

We have other tools: 

• Red Hat SSO
• OpenID Connect
• OAuth
• Azure Domain Federation.

We just removed the Azure Domain Federation (AD FS), thanks to the Azure AD.

Deployment time really depends on how you set up your Azure AD. You might: 

• Want to set up Azure AD Connect, then the process takes longer. 
• Just use Azure AD, then the process is much faster. 
• Directly connect to another source of truth, then there is something in-between. 

It really depends on your situation. I would say it takes between an hour and a week.

For the company, I didn't set it up. I did set it up for myself, but that was a simplified situation and I found the process to be straightforward.

Make sure that you get the most out of your Office 365 licenses for Azure AD. If you have additional concerns for users who don't have an Office 365 license, consider Azure AD Premium P1 and P2. Be aware that you have to evaluate your license usage beforehand.

Consider the usage of Azure AD Premium P1 and P2 when you are not assigning Microsoft or Office 365 licenses. This is really important to get access to good features, like conditional access, privilege identity management, and accessory use.

I would rate Azure AD as a nine out of 10.

It underpins our application authentication and security requirements for internal users.

During the pandemic, it helped us carry on working securely as a business.

Azure Active Directory hugely improved our organization’s security posture. The ability to control access to resources has vastly improved.

We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.

Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.

The solution has made our end user experience a lot easier and smoother.

On-premise capabilities for information and identity management need improvement but I know these are in pipeline.

I have been using it for five or six years.

The stability has improved over the last two to three years.

It has fantastic scalability. Globally, we have about 80,000 users. 

In each territory there are on average around 40 people managing the solution on the admin side. We also have SMEs for the harder tasks. Then you have people, like me, who are architects and determine approach and create designs.

Microsoft Premier Support is very good. We make good use of it. 

The free support is okay.

For mobile device management we used to have MobileIron and Blackberry. Those products have been removed in favour of Intune and Azure AD features. Other legacy security services will be removed in preference for the Azure equivalents. Strategically, Azure AD makes more sense for us. Cloud first is the strategic direction within my company.

It is a predeployed solution, creating the links between the on-premise system and SaaS system is moderately easy.

Our deployment took a month.

For a non-complex organization, the deployment process would be a lot easier than it is for a complex organization. There are a lot of business processes that need to be determined as well as a lot of conversations. The technology side of things is the easy bit. It is the design that takes awhile.

It was all done internally and using Microsoft Partners

We have only really bought into the solution over the last 12 months or so. We expect to see cost returns in the next 12 months.

If you get rid of all the products providing features that Azure suite can provide, then it makes sense cost-wise.

Microsoft Premier Support is an additional cost to the standard licensing fees.

Azure Active Directory and its feature set under a single vendor are unique in our market.

Compared to how it was five years ago, the solution is has really matured.

Make sure that business requirements are understood upfront and a design is in place before any services are deployed. Ensure the people deploying it understand the capabilities and implications of choices.

I would rate this solution as a nine out of 10.

We use it mainly for our Office 365 files. The integration between the two is interesting. It's been a learning curve.

Overall, it's not a very intuitive solution.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory. We don't have a subscription to Active Directory, but our Active Directory connector puts our credentials into the Azure Active Directory. On the Office 365 side, we're also in the GCC high 365, so it's a lot more locked down. There are a few things that aren't implemented which make things frustrating. I don't blame the product necessarily, but there are links and things within there that still point back to the .com-side and not the .us-side.

There's a security portal and a compliance portal. They're being maintained, but one's being phased in and the others are being phased out. Things continue to change. I guess that's good, but it's just been a bit of a learning curve.

Our Office 365 subscriptions are tied to our on-prem domain — I have a domain admin there. With our Active Directory connector, our on-prem credentials are being pushed to the cloud. We also have domain credentials in the cloud, but there's no Office subscription tied to it, just to do the administration stuff. I moved my sync credential to have a lot more administrative privileges. Some of the documentation I was reading clearly showed that when you have this particular ability right on the Azure side, and then you have another ability on the Office side, that intuitively, the Microsoft cloud knows to give you certain rights to be able to do stuff. They're just kind of hidden in different places.

Some things are in Exchange, and some things are in the Intune section. We had a few extra light subscriptions that weren't being used, so I gave my microsoft.us admin account a whole other subscription. In the big scheme of things, it's roughly $500 a year additionally — it just seems like a lot. I didn't create a mailbox for that and I was trying to do something in Exchange online and it said I couldn't do it because I didn't have a mailbox.

You can expect a different user experience between on-prem and online. Through this cloud period, we have premiere services, we have a premiere agreement and we had an excellent engineer help us with an exchange upgrade where we needed a server. We needed an OS upgrade and we needed the exchange upgrade on the on-prem hybrid server. We asked this engineer for assistance because my CIO wanted to get rid of the on-prem exchange hybrid server, but everything that I was reading was saying that you needed to keep it as long as you had anything on-prem. We asked the engineer about it and he said, "Yeah, you want to keep that." In his opinion, it was at least going to be two years. So at least I got my CIO to stop talking about that. It's just been an interesting time in this transition between on-prem and in the cloud.

In a secure environment, a lot of this stuff is PowerShell, which is fine. It's a learning curve, but if you don't use it all time, then it's a lot of back and forth with looking at the documentation and looking at other blogs. If you're in a secure environment, the Windows RM (remote management) stuff can be blocked, and that's frustrating, too.

I have been using this solution for roughly five months.

It's definitely both stable and scalable. I used to work in an environment where we had a couple of onsite engineers from Microsoft and I worked on Active Directory — I did that for four years. We did the Active Directory health check, so I actually worked with the engineer for a week and went through our Active Directory. At the time, Microsoft said it was one of the top five most complicated forests out there. We had 150,000 users and 18 domains across the globe supporting the military, so it was pretty big. 

We have experience with their premier support. We have a live audit coming up shortly so we don't have a lot of time to waste, waiting for support to get back to us — unless it's very critical. 

I wasn't involved in the initial setup, so I cannot comment on that. 

We used an integrator, however, we don't speak of his name anymore. 

I think we're on the E3 — I think it was about 35 dollars per user. We may go up to the E5, which includes Project Online and the telecom service in TEAMS. We're in the process of rolling out Office 365 internally. We've had really great feedback that people really like TEAMS and we want to move there. 

We had a roadmap meeting with Microsoft a few months ago. Some of the more accessible types of things were on the roadmap for the first quarter of this year. I know that Microsoft's working hard at listening to their customers, especially through COVID. Collaboration has changed. They also have military folks, that's why they created the GCC High. Once they got into the GCC high, they're like, "Oh, we need to collaborate a little bit more." So they've been pushing a little bit more on integration. We're not going to have that kind of clout where I am, but where I used to work, we would've. 

Overall, I would give Microsoft Azure Active Directory Premium a rating of four out of ten. They could really benefit from some better user-training. 

A lot of our clients basically want to go to the cloud and they don't know how to proceed with doing so. The first thing we recommended is to make sure their identity is in Azure AD as a hybrid approach. We're not getting rid of their on-premises environment, and instead basically, if they're planning to go to Office 365,  they will be able to take advantage of the Azure Active Directory.

Especially nowadays, people are working from home and we have a client that we actually started migrating to Azure Active Directory and moving some of their applications into the cloud. Since COVID struck, and a lot of people are working from home, since the data center's on-premises, it is very hard for them to bring all of their users into VPN and some of them there are outdated and they can't really accommodate the number of users that are working from home.

However, with Azure AD, some of their applications we have in there they can access from anywhere - even from their home basically, as long as they have internet access. Some of the applications we brought into Azure AD include the Windows Virtual Desktop to basically run their application in the cloud. We built a gateway to their own premises data center and they go into the Windows Virtual Desktop and they can authenticate using Azure AD and then they can access their on-premises application. It's basically the transition from being on-site all the time to working from home. It's a smooth transition because of Azure AD.

The solution's ease of use is one of its most valuable features. You can access it anywhere and the integration into existing and some legacy applications is good. You can plug into single sign-on self-service, password reset, or conditional access. If you're inside, you don't need to do multi-factor authentication, MFA's, built-in. 

The licensing could be improved. There are premium one, premium two or P1, P2 licensing right now and a lot of organizations are a little bit confused about the licensing information that they have. They want to know how much they're spending. It's not really clear cut. 

Transitioning to the cloud is very difficult. They need the training to make it easier. They should probably put in more training or even include it on the licensing so that there are people that manage their environment have somewhere to come to learn on their own. Maybe there could be some workshop or training within Azure. 

The solution could offer better notifications. They do upgrades once or twice a year. They need to do a better job of alerting users to the changes that are upcoming - especially on the portal where you manage your users and accounts. There needs to be enough time to showcase the new features so your organization is not surprised or put off by sudden changes. 

I've been at this organization since 2016, and therefore have been working with the solution for four years.

The solution is pretty stable. Once in a while, we get notifications and do a health check if some things are not working or there is some feature or some issue that is acting up. However, that is very seldom.

Scalability is really not a problem. You don't have to really worry about that as it's more of a service. It's not like having your own AD that you need to span the main controllers or to purchase hardware. Scalability from 250 users all the way up to a hundred thousand users can be accommodated easily.

Technical support can be hit and miss sometimes. You get like a first-year technician and you don't get the right person. It gets bounced around and eventually, it's either we fix it or somebody's smart enough to know what the issue is. If I was going to rate it from one to 10, say 10 is the best and one is worst, I'd rate it at 7.5 or so.

We've been doing implementations for a while now so for us the initial setup is straightforward. It becomes complex if a company is coming from a complex environment in the beginning, however, nowadays it's straightforward.

While planning, the first thing we do is an assessment and then we go to the design phase from the assessment on what the company has. Then, from the design phase, we designed the Azure infrastructure and do the implementation. The first thing is, of course, the identity. In general, deployment takes two or sometimes three months.

The initial investment is high due to the migration if you have a legacy environment like an on-premise Active Directory. However, after that initial investment, you're just paying for the license to hold your information and that has your Active Directory. There's a return on investment probably after few months. In that time, you'll get your money spent back due to the fact that you don't have to purchase a lot of hardware initially. The initial investment is really only to migrate your information or your data. That's where there are costs for a company usually.

It's offered as a service. We're using the latest version. We use it with various versions of the cloud (public, private, cloud). That said, a lot of the time the organization also has already some Active Directory on-premises, and that is something that we help out with in terms of bringing them to the cloud, to the Azure Active Directory.

I'd advise new users not to be afraid to go to the cloud. The cloud has a lot of benefits, including software as a service, SaaS applications. You don't have to worry about hardware updates, or maintaining a license for different applications. Just go start small. If you're worried, start as a hybrid, which is most of the time maybe 80%, 90%. You can go from lift and shift to Azure Active Directory. If you're a new company, just go right to the cloud. It's easy. You don't have the legacy infrastructure to worry about.

Going to the cloud is as secure as ever. I feel a lot of organizations when you go to the cloud, especially Azure Active Directory, think you're sharing a piece of a rack due to the fact that it's in the cloud with Azure companies. It is a bit more complicated than that. However, the security is there. Azure Active Directory and going into the cloud has been around for 13 years. It's no longer a new or scary subject.

Overall, I would rate the solution at a nine out of ten. If they fixed little things like notifications and licensing issues, I would give them a perfect score.

Microsoft Entra ID has made our organization more secure. 

The tool's most valuable feature is conditional access. 

The product needs to improve its support.

I have been working with the product for five years. 

Microsoft Entra ID is stable. 

The product needs to improve support. There are many steps before you get to someone who can solve the issues. 

Neutral

Microsoft Entra ID's deployment is easy. 

Microsoft Entra ID helps save money since you don't need a second MFA solution. I rate it a nine out of ten. 

We use the solution for single sign-on. 

The product is easy to use. 

Microsoft Entra ID should improve workload identities. It should set conditional access. 

I have been using the product for six years. 

My company has 5000 end users. I rate the product's scalability a nine out of ten. 

The tool's support is not good. However, the documentation is good. 

Negative

The tool's deployment is easy. 

We relied on two resources for deployment. 

I have seen ROI with the tool's use. 

The solution was fairly priced the last time I checked the costs. 

Microsoft Entra ID has helped us save money. It also helped us save 70 percent of the time. I rate it a nine out of ten. 

It gives us security when integrating all the Active Directories of all our branches together, giving us a centralized database and authentication.

It has helped save time for our IT administrators. It's seamless for the users because they simply log into the stations, but it's affecting the response time and efficiency of the IT team.

Active Directory itself is the best feature it has. It also gives us a single pane of glass for managing user access.

I have been working with Azure Active Directory for almost a year.

So far, it has been a stable solution.

It is scalable.

We did not have a previous solution.

I am working right now on whether we have seen ROI from the solution.

We are always looking for better pricing. Our agreement is on a monthly basis.

We're planning to use conditional access to access controls, but we have not done so in the meantime.

The solution doesn't require much maintenance; we're talking about two or three people.

When we access the API, we use Microsoft Authenticator. Something with potential will be saved, and if the company has some use cases to connect to some database, I will use it as well, or something along those lines.

Normally, because a third party requires it.

It provides you with security. It provides the third party with some level of security.

But vendors like myself do not appreciate it.

The most valuable feature of this solution is that is easy to use.

It is also automated.

I believe it can also be integrated into other Microsoft products, as well as more integrations with other solutions.

I have been working with Microsoft Authenticator for two years.

I am working with the most recent version.

Microsoft Authenticator is quite stable.

I would rate the stability of Microsoft Authenticator a ten out of ten.

Microsoft Authenticator is a scalable solution. 

I would rate the scalability of Microsoft Authenticator an eight out of ten.

As far as I know, we have more than 30 users in our organization. Some are senior professionals and some are developers.

I have never dealt with technical support.

I use UiPath as well as Automation Anywhere.

I started with Authenticator and then moved on to the Namespace version or class that I can import from Microsoft.

I would rate the initial setup a ten out of ten.

It was easy.

It only took a few hours to deploy.

It's an out-of-the-box deployment, but I am not the one who manages it.

One person was involved in the deployment.

I would recommend this solution to others who are interested in using it. It is easy to use and it fits its purpose.

Because it is scalable and reliable, I would rate Microsoft Authenticator an eight out of ten.