Microsoft Entra ID Reviews

The solution allows us to assign and give the access and controls. It allows us to monitor privileges with the users so that we can then be in control of the access given to digital resources.

The best example of how it has helped our organization is when we migrated toward Azure. We were able to take all the users which were there on-prem and migrated them over. If those facilities were not there in Azure Active Directory, then we would likely have to create individual users and one by one give them specific access. We'd have to look at their needs and set authentication. It would be hard to control users that needed higher admin-level access. Without the Active Directory, we would not have the control we needed. 

Azure AD has features that have helped improve our security posture. That's one of the basic fundamentals of having an Active Directory. The whole concept of Azure Active Directory came from the Active Directory on-prem version. There’s this tunnel of authentication that it has.

When you migrate, you can migrate your Active Directory on-prem onto the Azure Active Directory which has tightly integrated features due to the fact that they both are from Microsoft. Based on that, you can give access based on what privileges are needed. Basically, if you're talking about security, everything is related to role-based access. The security aspect is linked to providing the proper access.

My understanding is, in the future, they will be able to bring everything into one single platform and they are not there yet. We are loving third-party authentication, however, those authentications will be further scrutinized by AD itself.

For example, if you want to book a flight, you go to any website to book. Booking the flight can be divided into two parts. One is creating a log-in with a particular website and then booking. However, if there are five to ten websites and you want to compare prices on all of them. You aren’t going to set up a log-in for each and every site. That's not feasible.

Instead, you can use your own login credentials, for example, from your Hotmail or Google account. Then, you have a token authenticated by Google, et cetera, which gives you the privilege to do the booking for a particular session. This is similar to what Azure AD should do in the future for authentication and allowing access.

I've been using the solution for at least four to five years. 

The stability is good. It's always there. If it is down then that's it. Anyone can log in. Anyone can do anything, whatever they want to do. That's why it's considered the backbone of the security pillar. There has never been any downtime, however.

Azure AD is scalable. You don't need to take care of it as it's a part of the service which is taken care of by Azure itself based on how our company grows. Basically, it's a hidden feature, and scaling it for the end-user is always happening. It's always scaling.

We have about 3,000 users on Azure AD currently.

I've been working as an architect and therefore have never directly dealt with technical support. 

I work on different platforms. For example, I work on AWS and GCP (Google Cloud Platform), et cetera. Azure AD is very good and very powerful and offers a basic foundation having the highest status or dominance in terms of providing access management. It's tightly getting integrated with the on-premise solutions. That’s true irrespective of what cloud you're using - whether GCP, AWS, Oracle, or IBM - whatever the cloud provider, you're using the services you will be using a laptop or dashboard.

We are now working remotely. However, having remote access doesn't mean that you are not entering the company premises virtually. Basically, everything is going through your company's network. You're just going through to a cloud. You can move across platforms to validate. You can still use the AWS site to authenticate and verify the users. No matter the cloud, you’re still using Azure AD to get access.

I wouldn't say the initial setup is complex. If you have a good understanding of the product, you can break down your tasks. Then, slowly, step by step you can complete all the tasks.

Our operations team did the migration from on-prem AD to Azure AD. Therefore, I cannot speak to the exact length of time it took. My work was to design the architect and provide them with the solution. 

I have clients who have seen an ROI.

I'm not a Microsoft partner. I work as a consultant.

I'm predominantly using the SaaS deployment version. 

My advice to potential users is on the security side. There was a famous article on Gartner which clearly stated that by the end of about 2023 or 2024 if someone tries to access your network or if anything becomes accessible or has been exposed, it is not the cloud provider that is the problem. It is due to a misconfiguration of the services.

It's not really with the user. It's really with how and what kind of access you provide to that user. For example, if I give someone an admin status, and they provide access to someone, they are providing not only basic access, they’re giving access privilege or admin rights. If they’re giving admin rights to the wrong person, even though they may have the best intentions, due to a lack of knowledge, that person may do something stupid and it may be a disaster to the company. That has nothing to do with the AD users themselves. You need to be aware of the security and the access that you're granting your users at all times.

I'd rate the solution at a nine out of ten.

We work with Active Directory in our own IT network in our office. We also deploy Active Directory projects in some other clients.

Active Directory is an active directory service from Windows for a Windows Server operating system.

We have synchronized identities on-premise with on-cloud identities in order to work with Microsoft-aligned services such as Office 365 and to work in the middle of hybrid topology for on-prem and cloud identities, as well as to be more productive with other capabilities that Azure Active Directory Premium offers. This includes, for example, single sign-on, multifactor authentication, Conditional Access, privileged access management, and Privileged Identity Management. Our current experience with Azure in the Cloud - Azure Active Directory - is it's very functional and productive in talking about identity and access management solutions.

In the last two years, as COVID has been present worldwide, the Azure Active Directory capabilities have allowed us to work completely in a remote way. It's not fully necessary to work at the office or in only certain locations. We are now fully capable to work from any location, any place in the world.

The most important thing about this solution is the capabilities for multifactor authentication and single sign-on that it offers for native Microsoft solutions and non-native Microsoft solutions.

The solution has features that have helped improve our security posture. Azure Active Directory works with some technologies around security such as mobile device management, mobile application management, and Azure Information Protection as well as Conditional Access and multifactor authentication. These capabilities give us a good level of security.

The solution has affected our end-user experience. For example, we work with several technologies in the Cloud, such as Salesforce. Azure Active Directory allows us to work within a single sign-on model. This allows us to work more easily, and not have to remember a bunch of different passwords for various applications. With a single sign-on, we can work in a more transparent way and we can be more productive, having direct access to our applications in the cloud.

Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite.

I've been using the solution for the last 15 years or so. 

We have the service running all the time and it runs and works without an issue. Up until now, we have not had any problems at all in terms of the availability of the service.

We know that if we need to integrate more than hundreds or thousands of users, we know this won't be a problem. We have about 80 users in the Azure Active Directory right now, however, we know that if it was necessary to scale it for hundreds or thousands of users, it wouldn't be a problem.

We've contacted technical support several times over the last ten or so years. 

Microsoft is a very big, important company. People working in technical support have been very professional and quick to respond. They're very good specialists.

This is the first product that I consider as it is a powerful directory service and better than what any other company offers.

The initial setup was very straightforward. We've worked with Azure Active Directory for the last three or four years and find it very easy to deploy. It might take maybe three days. 

In terms of maintenance, we only have a couple of people dedicated to offering technical support. Once you deploy it, it's not necessary to give too much support after that.

I know that there are several other solutions, for example, Open LDAP, et cetera. I like the functionalities that Microsoft Active Directory offers. Therefore, it was not necessary to test any other technology.

I'm pretty sure that one of the main advantages of Microsoft Active Directory is that not only does it provide user management, it's also a technology component inside of a very big strategy for technology in any environment or company. It's native. Users can have their own mailbox for Exchange or Office 365. Active Directory is integrated as a way of authentication for any other database or web service. The main advantage is that it's integrated into a whole global authentication strategy.

I am a Microsoft-certified systems engineer. I've been doing this for the last 22 years.

I'm a partner and reseller. We work with several specialists for deploying, project management, and development of solutions around Microsoft technologies.

For any customer or any client that is interested in deploying Azure Active Directory to have a full strategy for hybrid environments. They need to take into account users on-premise and users and resources in the cloud in order to have an integrated architecture and solution to best utilize the Azure Active Directory capabilities.

I'd rate the solution at a nine out of ten.

There were a couple of use cases I've dealt with. In one scenario, I had to import on-premise users to my Azure AD. We had a couple of mobile applications where we were using the authentication feature from Azure AD. 

We needed to create a new infrastructure for one of the clients and everything had to be taken care of by the Azure infrastructure. In that case, we used Azure AD for all kinds of user management tasks, as well as authentication.

We simply use Azure AD and everything is taken care of instantly. You need not worry about user management. Everything is taken care of by Azure AD itself. You just simply have it in your application and everything is done out-of-the-box.

Azure AD, overall, is quite good for securing your applications as well as the infrastructure. 

I like that they provide most of the authentication flows out-of-the-box, so you do not need to do anything specific to tackle any authentication flows.

Azure AD has affected our organization's security positively. In terms of the application, it's quite good. There was very minimal leakage. We had a single instance and that user was already compromised. Otherwise, it's quite good.

Azure AD provides two types of features. One is Azure AD Excel and is already B2C. Out of both versions, Azure B2C requires some improvement, in terms of user management and role management, et cetera.

I've used the solution for approximately one to one-and-a-half years.

The stability is quite high - if we are talking about Azure AD and not Azure AD B2C.

The scalability capabilities are quite high. We have somewhere around 5 million users, and it was doing quite well even with that number.

I haven't interacted much with technical support, however, during one of the instances where we required some help, which was not related to the Azure AD, they provided us quite good support.

I have tried one competitor, IdentityServer. It is basically an open-source solution. In terms of comparison, Azure AD is quite solid. When it comes to IdentityServer, you need to manage everything on your own. You need to host everything and you have to take care of the whole application life cycle with that identity cycle. In the case of Azure AD it's an almost managed service.

I found the initial setup process quite straightforward.

In terms of implementation, Microsoft provides very good documentation of how to kick off Azure AD. You just need to follow those instructions and it will be done in a couple of clicks.

They do have a tier of service that is free that supports many people. You can also purchase a license and costs can be reduced on the Microsoft side.

My previous organization has a very close relationship with Microsoft.

I would advise users to go with Azure AD, if possible, and to try to avoid the B2C version at the moment, as quite a few good features are already in the preview. Once those preview features are done, you can go with the B2C version. 

I'd rate the solution at a nine out of ten.

The solution is our main identity provider and federation platform. We use it for authentication and for federations, for some provisioning, and a little bit of governance.

It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.

The product has helped to improve our security posture. The Azure stack has built out a lot of analytics features. Now, we can more effectively investigate issues. 

The solution has positively affected our end-user experience by improving our usability and reducing friction.

The solution has certain limitations. For example, it has very little governance functionality. This is, of course, a choice made by Microsoft to see which areas they want to have deep functionality, and which areas they believe are more profitable for them. 

We've been using the solution probably since the mid-'90s when it was invented.

The solution has generally been quite stable. They've had some problems with the MFA and other things, however, they are a lot better at keeping the system stable than we are.

What we have seen is that we are running into some of the limitations of scalability. That said, we are more than half a million or 700,000 internal users at the moment. There are relatively few organizations globally that are as big as we are.

We're seeing, for example, that the parcel reset, to sync parcel reset from on-premise into the system is challenging. It's more than the 30 seconds that you typically want. It's even sometimes more than the two minutes that Microsoft promises in their SLAs.

We see that our syncing is slow. We have to run it every three hours, which causes problems with being able to service our business efficiently.

Those are the main problems I've seen. On top of that, there are certain features that have run into challenges, for example, the AEDS is not fast enough.

Technical support is actually quite good. It's rather rare that we have problems with support.

They have been very good at informing us about when they have outages. That's something we really appreciate as it saves us a lot of time. If something on their side is broken, they tell us so that we don't have to look to find any problems in our systems. That's one reason I really like the way they've been handling things.

The system we used before was IBM ISAM.

The ISAM setup was on-premise and it's very expensive to run and maintain. The support for Microsoft is much better, which is an additional advantage for us.

The initial setup was complex.

We have half a million users from 20 different offices. They've all got different ways of wanting to do things, including the way we have to build the federation infrastructure, for example.

This has been a four-year project, and we're probably going to continue with it for the next year or as long as we'll be using the product.

The initial build we did was a six-month build.

Our implementation strategy was to delegate sections, including delegating identity and federation setup.

We have five full-time personnel that handle the maintenance aspect of the solution. We have outsourced the actual hands-on maintenance. This firm has a couple of engineers, an architect, and an engagement lead. We have three solution delivery managers on hand, however, they do other tasks as well and are not necessarily dedicated to AD.

We used a systems integrator to assist with the initial setup. 

The product is priced quite well. The way that Microsoft prices per user and month is quite attractive to us. The level of the license cost is quite good as well.

We did not evaluate other options. Choosing Active Directory was a management choice. 

We are just a customer and an end-user.

I'd advise those considering the solution to find a good partner to work with. You do need to have an experienced system integrator with you when you do the implementation. The integrator we brought on did a good job on our side.

I'd rate the solution at a nine out of ten.

I use a Microsoft 365 cloud deployment and I have an organization where users are created. All of these users are hosted in Azure AD. I send emails in Exchange Online. 

For collaboration, we use Teams and SharePoint. Basically, all of these Microsoft products are on Azure AD. This is due to the fact that for you to use any of these products, users have to be created and these users are being hosted in Azure Active Directory. Without the users in the first place, the products are not used. 

The most valuable aspect of the solution is the ability to create users and host them in Azure AD. That is the bedrock - whatever it is you are doing, you're building on the fact that you have users created. We have Microsoft Teams to manage users and also to manage groups which allow us to manage collaborations and do all sorts of things.

Azure AD has features that have helped improve our security posture. It contains the Azure audit logs that allow you to also audit activities in the organization including those that have happened over a period of time. There is Azure sign-in that allows you to check for sign-in over a period of time for users.

From Azure Active Directory you can actually identify the IP address and run checks or maybe block the IP to improve the security posture of the organization.

The Azure sign-on and audit logs are very handy for a regular admin. They offer the most basic admin solutions to carry out activities on Azure security settings to identify potential threats and carry out some corrective actions on it.

We can use Azure Active Directory to deploy enterprise applications to incorporate third-party applications into the organization and make them available to users. You can put in place multilingual authentications and you can specify the kind of authentication you want to be available for your organization.

Most recently, you can use password-based authentication and multi-factor authentication, which allows for the ability to bring on third-party applications and to incorporate them and deploy them for users.

With Azure Conditional Access you can specify network locations where you want some of the services in the organization to be available to users, and where you don't want users to have access. You can customize and define conditional access to whatever suits the organization and based on what you want, including information protection. You can get conditional access depending on the license you have.

From my personal experience, I'd say that the features need to be more visible to make the product easier to explore for new users. They need to make it possible for someone with very little knowledge to come in and find things. The product needs to be more user-friendly. 

The solution needs to update documentation much more regularly. They need to just come out and update the documentation to reflect new features and make sure the updates are included in the already existing documentation so that someone like me can just pick up the documentation, read it, and know that it is very up-to-date listed and has all the new features contained within it.

I have been using Azure Active Directory Office 365 for over two years.

The solution is exceptionally stable. It's just a way to go on another solution, however, that said, I've noticed a 99.9% stability.

It's my understanding that the solution is very scalable. 

In my experience, I've managed hundreds of users on this product.

We can contact and support directly from the Azure Active Directory if we get stuck. As long as you are actually on the most basic billing subscription, you will be able to access assistance. That said, depending on the Azure license you have, you can get access to technical support for Microsoft Azure Active Directory.

My personal experience with using Microsoft support has been positive. I want to be fair, to be very honest, and the Microsoft support has to be one of the most agreeable out there as all you need to do is just submit the ticket and you get someone to contact you very quickly. They are always available. From the perspective of Azure Active Directory, as long as you have the required license you can contact the corresponding level of support. You can be sure of getting corporate support when you need it.

Previously, the organization had an environment where we managed everything locally. Azure Active Directory actually was our first entry into cloud solutions. We have not used other cloud solutions apart from Azure Active Directory.

The difficulty or ease of the initial implementation depends on the company and the level of experience as well as the level of knowledge of the IT team. The experience needed for cloud solutions is relative. I can say it's straightforward and even with a little experience or knowledge it is straightforward. The documentation is available and you can read and follow the documentation to handle the process. Of course, for new users, it could be a bit more straightforward.

For me, provisioning takes a few minutes - maybe between ten to 20 minutes. Normally it should take less than 30 minutes.

For this particular instance, we needed to add multiple users individually and sometimes as a bulk upload in the case of inboxes. Some needed third-party services. The documentation made the process pretty easy, however, when we did have issues, we could reach out to technical support to finish anything up. 

We have seen an ROI. It's actually cut some costs. Initially, we were using a local environment. Now, we've almost rid ourselves of one of our local environments. Moving to the cloud has saved us a lot of costs and actually, it's a very good experience. It's cost-effective compared to what we used before. It's better in terms of lowering our overall expenditure.

The prices are not too out of place. We're just gradually getting out of COVID and Microsoft is actually putting some renewals, licenses, and some products out just to cushion the effect of license costs as companies recover. With Microsoft, some products also offer free trials. 

We'd like to see more of a discount on existing licenses. They also need to consider having some free licenses, some free subscriptions.

I'm actually a customer. I have an environment in my home meaning I have a subscription that I've paid for. However, I also do consultancy based on the knowledge I currently have. I offer my knowledge to other organizations.

I would advise new users to allow open demos of cloud solutions and figure out what is on offer, what is available, or what can be made better. By doing a POC, you'll get to see resources used and what it's like to handle an environment entirely in the cloud. Organizations can consider gradually moving over or they can actually move completely to the cloud depending on what they want to do. 

I'd rate the solution at an eight out of ten. It's a good solution, especially for companies following the trend of moving onto the cloud. There's always room for improvement, however, currently, they are doing very well.

Containerization is mainly what I've been dealing with lately. I've been trying to provide solutions with Active Directory and cloud resolutions so that Edge services can communicate properly to the main data centers.

We use Active Directory for global authentication.

The advantage of Azure Active Directory is that it's a cloud environment, so just about anybody can get to it. As long as you can get to the cloud, you can get to the internet. You can authenticate offshore resources to client services, which is what my present company does. That kind of authentication is much more advantageous as an Active Directory solution.

If you want to replicate a website at the frontend in Azure, it's very easy to do it globally.

As soon as you authenticate to the web storage, where you hit the frontend, then you can redirect to whatever resources locally that are duplicated.

It doesn't function the same way as Active Directory inside of a physical infrastructure. Even VMware Active Directory doesn't function the same way in the cloud. Cloud is all flat. That's one of the disadvantages. You can authenticate through Active Directory through Federated Services, but it's mainly like an IIS web frontend and bulk storage.

It's all record based.

I've dealt with Azure Active Directory for about three years.

It is a cloud solution.

Stability-wise, it is much more secure and stable than AWS. Oddly enough, a lot of people think that AWS has many more regions and sites. It's actually not true. Azure has far more. There's a good reason why the government jumped right on Azure and uses it for their internal resources.

It is very scalable.

Microsoft technical support is very responsive. If you buy the enterprise package, then when you call them, they will jump right in and help you out.

When one of our clients had a ransomware outbreak, Microsoft helped them solve quite a lot and helped them get up and running.

The initial setup is very straightforward. Microsoft is very good about helping you get things set up, and they're very responsive.

We evaluated AWS AD. AWS support will provide bits and pieces, but Microsoft will jump in and help out. Of course, you have to pay the price for the corporate support, but who wouldn't want that, especially when your whole environment is a Microsoft environment.

It works really well, and I would rate it at nine on a scale from one to ten. You need good training, and Microsoft will provide that for free as part of their package.

When a customer is trying to synchronize user information from their on-premises environment to the cloud, they might be encountering a series of errors or they may not be able to achieve what they are trying to achieve. They will raise a ticket so that somebody can help resolve the problem or clarify the situation and explain what the workflow should be like. That's where I often come in.

My support scope is focused on the synchronization aspect of Azure Active Directory. My specialty covers scenarios where customers have information in their on-premises environment and they want to synchronize their Active Directory information into the cloud with Azure Active Directory.

In addition to getting on calls and assisting customers to resolve issues, we also try to help educate customers on how to achieve the best results with Microsoft products.

In terms of the security posture of my customers, in the area of my specialization—the synchronization of information from on-premises to the cloud—there's an aspect we call TLS. There was a version of TLS that was not really secure, but Microsoft has now pushed and made sure that everything running in its platform uses a higher version, TLS 1.2. That means that when you are doing directory synchronization, your machine and your product need to be TLS 1.2 enabled. Microsoft is always working on enforcing the use of the most secure means to carry out whatever workloads customers are running. While my day-to-day job does not involve an emphasis on security, the areas that do involve security elements are emphasized to make things work effectively.

It also helps when you're troubleshooting. If you have an issue, it's easier for a user to look at it and say, "Okay, this is the problem," and to work on it.

An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.

Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.

Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded. 

The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.

I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.

I've been using the Azure Active Directory platform for a little over three years. I started supporting the product in October of 2018.

Our company is a Microsoft partner. When Microsoft customers raise tickets, most of these tickets get routed to partners like us. I follow up on and assist customers when they have issues that relate to my area of expertise.

Azure AD is solid because of the way the product is designed and because the people who support it are very good.

Microsoft is a very big organization. Whenever they put products on the market, they take things like scalability into consideration. They make sure the life cycle of the product matches the demands and the usage of customers. This product should have a long life in the market.

Microsoft technical support is great. Fantastic. Microsoft is looking to push the capabilities of its products, to enable customers to achieve more.

In general, there has been improvement in the way the technology can be used by end-users. Their feedback has been taken into consideration and that has helped a great deal.

Azure AD has features that have been developed purely for the security of users. It has things like Conditional Access policies and MFA. But the nature of the support that I provide in Azure AD doesn't focus on security. While Azure AD gives a company a holistic way to manage user profiles, I don't usually work on security aspects. But I do know that, to a large extent, the solution is built using the latest security.

The provisioning service I support has authentication methods. There has been a push by Microsoft to move customers away from certain authentication mechanisms that are not very strong in terms of security, and to make sure that secure standards are being enforced. I have looked at integrations set up by customers where they have only done the basic minimum in terms of security. Microsoft had to push those customers towards a much more secure setup. So customers are getting better security.

Overall, the effect of the product on my customers' experience has been good. I generally come into the picture when customers are having an issue. Most customers I've interacted with don't understand some information or why the product is designed the way it is. When I explain that it has to be this way so that they can do what they need to do, the customer feedback comes in at about an eight out of 10.

My primary use case with Azure Active Directory is configuring applications, for example Edge, on premises and doing synchronizations with ADFS in a hybrid environment.

I have used it in a lot of application integrations. I set authentication for the hybrid and cloud applications for the services that we acquire.

The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.

In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS.

The services are very clear, but the user admin interface needs to be better. That's all.

I have been using Azure Active Directory for more than five years.

In terms of stability, sometimes the more applications you integrate, the more it becomes a little bit unstable. The synchronization engine is key because that's what 365on-premises is for. The main thing that Azure supports is Microsoft native 365 and the other services that come with it.

It is scalable. It is just that Microsoft likes complex licensing. They should make it more  straightforward.

We just have the admins using it, that's about 20 people.

Microsoft tech support is not the best, but they're okay.

The initial setup is not that complex. Maybe I'm the wrong person to ask, though, because I am already an old AD person and I understand it.

On a scale of one to ten, I would not rate Azure Active Directory as a bad product, I would rate it as an 8.