Microsoft Entra ID Reviews

Usually, it is replicating an on-prem Active Directory environment into Azure. It is usually tied with generic email access and SharePoint Online access and building out provisioning for that. There typically is some sort of synchronization tool that is sometimes used in addition to or as a substitute for the typical Microsoft suite. So, it just depends upon the customers and how they're getting that information up there.

In terms of version, it tends to be a mixed bag. It just depends on the client environment and factors such as the maturity and the rigors of change management. Sometimes, it just lags, and we've dealt with those types of situations, but more often than not, it is more of a greener field Azure environment and tends to be the latest and greatest.

It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.

Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot. 

For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.

I have been using this solution for probably two and a half years.

It is perfectly stable. I haven't had any concerns or any problems with that.

I have dealt with them. Overall, tech support is great if you have something that was working but it's broken and needs to get fixed. It is a different bucket if you have more of an implementation question like, "Hey, can we do this?", or "How to approach that?" Sometimes, it can be challenging to get the right people on that call to support those conversations.

Its initial setup really depends on the customer. I have one customer right now with a super simple environment. They're just replicating it up. It's all Microsoft stack top to bottom with no real surprises or anything else. They're happy as pie with that. 

I have larger customers who tend to want some sort of management layer on top of it for Active Directory management purposes. This tends to go into the cloud, which introduces its own little challenges. In a more sophisticated enterprise, I start running into custom schema or workflow dependencies that just don't translate well from on-prem to cloud, but it is rare. It usually ends up being a third-party solution that we route them to with that. So, it's not huge. The challenge is more in identifying that. Typically, as much as we try, we rarely get it identified early enough to change our statement of work or our implementation, so it becomes a bad surprise.

Its price is per user. It is also based on the type of user that you're synchronizing up there.

I would advise spending more time on planning and aligning your business processes with Active Directory and Azure in terms of custom schema and separating third-party accounts, external accounts, or customer's accounts from employee accounts. I've run into issues when people take an existing on-prem solution that has third-party entities or maybe external customers and start synchronizing it up. It is not a slam against the service, but that's where I start recommending people to do different instances of Azure Tenants to break that up a little bit and provide that separation. All of these are planning functions. Using this service can be deceptively easy, but you should spend more time on planning. Around 80% of it is planning, and the rest of it is the implementation.

I would rate Azure Active Directory an eight out of 10. It is super solid. I wouldn't say it's the best. I would love to have everything that you could do on-prem. I understand why it can't do that, but I would love that flexibility.

We're using Azure Active Directory for MFA.

It is very usable and easy to use.

It is easy to manage. I can manage systems with policies and automate our systems. Any professional system can be easily integrated with Azure Active Directory. It is widely used with Windows versions. 

Four years ago, we had an issue with Azure AD. We wanted to reverse sync from Azure AD to on-prem Active Directory, but we couldn't achieve this. Azure AD could connect only in one way, for example, from your site to Azure. If you needed to do the reverse and connect from Azure to on-prem, there was no way to achieve it. We asked Microsoft, and they told us that they don't support it.

Their support should be faster and more knowledgeable and customer-friendly.

I have been using this solution for maybe four years.

It is very stable.

It is very scalable. I don't know about the number of users that we have currently, but at the time I managed its synchronization, there were maybe 800 users. 

We're not satisfied with their support. We couldn't get support from Microsoft directly, and we made an agreement with a company. We weren't satisfied with their support. They were very slow and not friendly. They couldn't solve our problems because our program was very complex.

I didn't use any other solution. I only use Active Directory and Azure AD.

I installed hybrid Exchange. It was very easy for us. Its installation took a very short time. There was a connector system on Exchange, and we just had to set up the connection. It was very easy.

I installed it myself.  

Its maintenance is very cheap and easy. We have only two engineers to manage Azure AD and Azure Exchange.

We have an agreement with Microsoft, and my company pays yearly.

It is a very good product. I plan to keep using it because it is very easy to manage.

If you use an application in Azure and you want single sign-on for Azure products, you should prefer using Azure AD. You should synchronize your on-premise Active Directory to Azure AD. We synchronized Active Directory with Azure AD for single sign-on. For example, if a worker wants to sign in on your computer with the same user ID and password, he or she can connect to Azure services. Azure AD provides support for this.

I would rate Azure Active Directory a nine out of 10. 

I am a cloud engineer, and I do a lot of administrative work that involves creating new infrastructure for our applications. Whenever I create infrastructure, I have to install it on our Active Directory and then set it up. This is how it was that I started working with Azure Active Directory.

Once the infrastructure is set up, I usually proceed to create user groups and user IDs inside Active Directory. After they are created, I set up and configure them based on the requirements of the organization, including the access required for different groups and users.

We deal with a lot of health information that we have to keep confidential, so having the Azure cloud security policies in place, such that nothing is exposed to the outside world, is helpful for us.

The security and infrastructure management features are the most valuable ones for us.

It offers multifactor authentication for setting up development pipelines.

Better deployment management and visibility functionality would be helpful. There is a lot of room for improvement in our infrastructure, and in particular, when we create something, we have to visit a lot of websites. This makes life more difficult for us.

When we deploy new infrastructure, it begins with a lengthy approval process. For example, as an administrator, I may receive an infrastructure request from one of our developers. The developer might need access to our front-end, where all of the servers are deployed. The problem is that we don't know exactly what has been deployed within our servers, so better visibility would be helpful.

It's a closed infrastructure, and every developer gets an individualized container. We don't know exactly which features have been provided to them and it's a roundabout process to log back into Active Directory and see exactly what permissions have been assigned. It requires returning to a specific feature and looking at the specific user.

I have been working with Azure Active Directory for just over three and a half years.

This is a highly reliable solution and we plan to continue using it.

Right now, we have 5,000 users that are deployed on Azure Active Directory. Every internal user account that's been created has some sort of multifactor authentication attached to it.

Right now, there isn't a plan to increase our usage. I think we have reached our maximum capacity and if we have to add on something else, then we have to use another tenant or figure out a different way to do it.

We have a team of 15 people who deal with tickets related to this solution.

We constantly have the chance to engage with Microsoft regarding Azure Active Directory. They provide full-time support, so for any issues that we face, we just create a ticket. When we have issues, we quickly get someone from the Azure support team to help us out.

Prior to using Azure Active Directory, we had our own Active Directory. Once we started migrating our applications to Azure, we began moving away from our traditional implementation.

The initial deployment process takes a couple of days for us, although exactly how long depends upon the type of deployment. If you have new deployments then I suggest creating an automated script that will kick it off because this will save time. If on the other hand, there is something that is already deployed and it needs to be redeployed, it doesn't take longer than a couple of hours.

It only takes one person to deploy. It is done on a ticket basis, as requested by people like our developers.

This product provides added value to the company.

In summary, this is a good product and it has been helpful for us, but without doing the proper research, I wouldn't recommend starting with Azure Active Directory. Migrating all of your user accounts and then your resources from different domains to an Azure Active Directory is a huge task. It means that you have set up to create everything from scratch, so without doing proper research, you may run into problems.

I would rate this solution an eight out of ten.

The solution is a hybrid cloud with connectors into Azure/Microsoft 365 cloud.

I am still figuring out the whole on-prem/Azure Active Directory Premium/Microsoft 365 integrations and administrative connections.

The scalability of the solution is good.

Technical support can be helpful.

It's not intuitive and we use it mainly for our hybrid capability now and are expanding our footprint in Microsoft 365. The integration between on-prem and Online is interesting. However, the learning curve is high.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory, however, you don't have an Azure subscription. Yet, all of our active directory connectors put our credentials into the Azure Active Directory. 

There are enough things that aren't implemented on our side and we are in the middle of this transition.  I don't blame the product necessarily for that. However, there are links and items within Microsoft 365 that still point back to the .com side.

Items seem to continue to move, such as security and compliance. Now there's a security portal and a compliance portal, and all three are still being maintained, however, one's being phased in and the others are being phased out. Things continue to change. It's just been a bit to learn. There's a lot to keep track of. There should be a bit more transparency.

The Office 365 subscriptions are a bit confusing with a hybrid environment with what credential has an Microsoft 365 subscription.  However, then some of the documentation I was reading this week was where I ran into a wall. This particular document clearly showed that when you have a particular ability on the Azure side, and then you have another ability on the Office side, intuitively the Microsoft cloud knows to give you certain other rights, to be able to do stuff. This settings and configurations are in different places. Some things are then in the Exchange Online, some things are in the Intune section, etc.

I am not sure if the intent is to have an Microsoft 365 administrator with a second subscription for a cloud admin account or not.  I was trying to do something in Exchange online and received a message that I couldn't do it because I didn't have a mailbox. It's frustrating and confusing at times. There are things like that just are a different user experience between on-prem and online.

The Microsoft Premier Agreement we have has been very beneficial and we have had an excellent experience with a couple of different short cycle projects.

We've been working with the solution for just over a year and I have been involved for the last five months. It's been under a year, and not very long just yet.

The scalability seems to be there.  We are not a very big shop but we have unique needs and requirements.

The premier services we have are very good. We have a contact that's been with Microsoft a while and that's really saved us. The reach back into field engineers and their amazing ability to get the job done have been hugely beneficial.  The Exchange Online engineer we had was worth double what we paid for. It was amazing. If it weren't for that, I am not sure if we would have made our schedule.  Often the timing hasn't lined up, with short notice compliance requirements and implementation constraints due to configuration or version of technology.  They are very responsive, but depending on if it's break fix or planning, the planning side as longer cycles.   

I wasn't a part of the initial setup. I can't speak to how long the deployment took or how easy or difficult the process was.

We had assistance with the setup. We're actually bringing in some more help as our needs have short turn cycles and some ageing infrastructure that we still have to move online.

I would say to make sure you have a trusted integration partner or someone on staff that has been through this transition.

We're just customers. We don't have a business relationship with the company.

While we use the on-premises model, we also have it synced for hybrid functionality.

With COVID especially, there have been a lot of changes in a lot of companies and a lot of rethinking of processes lately.

We're in the process of rolling out Office 356 internally. We've had really great feedback that people really like Teams, and we want to move more into that area. We had a roadmap meeting with Microsoft a few months ago. It was probably five months ago, four or five months ago.

Some of the more accessible types of items were on the roadmap for the first quarter of this year. However, Microsoft's working hard at listening to customers, especially through the COVID situation that changed a lot of work and priorities. The collaboration stuff has changed. They've been pushing a little bit more on getting some more integrations. We're not going to have that kind of clout where I am, however, where I used to work, we would have. We were the ones that were making sure the Exchange got upgraded and got to the developers.

I would rate the solution at a six out of ten. If the solution offered better transparency/clarity I might rate it higher.

We use it for the authentication of people in a hybrid configuration. In most cases,
Office 365 makes companies move to Azure Active Directory.

We have both on-premises and cloud deployments.

Its ability to provide secure connections to people at all locations is the most valuable. It is mostly used by enterprises.

The onboarding process for new users can be improved. It can be made simpler for people who have never registered to Azure AD previously and need to create an account and enable the MFA. The initial setup can be made simpler for non-IT people. 

It should be a bit simpler to use. Unless you get certifications, such as AZ-300 and AZ-301, it is not a simple thing to use at the enterprise scale.

I have been using this solution for four or five years.

I never use technical support. I usually find the information on my own or through my friends at Microsoft.

It is not complicated for me as an IT guy, but the feedback from the field or non-IT people is that it could be simpler.

MFA and P2 licenses for two Azures for fully-enabled scenarios and features cost a lot of money. This is where Okta is trying to get the prices down.

I have spent seven years at Microsoft, so I have a tendency to like Microsoft solutions because I know them and the philosophy behind them. Till now, Azure AD is probably the best solution for identity and security.

I also use Okta. For integration with Microsoft solutions, Office 365 Azure is just right. However, for some scenarios, such as consolidations, Okta seems to have a few advantages as compared to Active Directory. Okta also has a very interesting price.

I would rate Microsoft Azure Active Directory Premium an eight out of ten.

We primarily use the solution only for the employees. It offers a single sign-on to business applications. Internal modern applications also go through Azure Active Directory, however, we use Active Directory for the legacy ones. (Kerberos).

It takes a couple hours to add SSO to new business SaaS. The Azure AD Marketplace has all the applications we bought so far as built-in templates.

The single sign-on of the solution is the most valuable aspect.

The initial setup is straightforward.

The solution offers good bundles that include Office 365. 

The pricing is pretty decent.

The product is pretty user-friendly and offers good customization capabilities.

We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support. 

We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.

We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify. 

One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add. 

We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.

I've been using the solution for four years at this point.

The solution is relatively stable. The only issue we have is that there's a lot of things on Azure that are synchronous. Sometimes it takes time for changes to apply, and it kind of depends on the time of the day. A lot of the time we're happy with it, however, sometimes it creates a bizarre issue that is difficult to troubleshoot.

The solution is quite stable. If an organization needs to expand it out, they can do so rather easily.

We have about 9,000 people in our organization using the solution.

While the technical support is good, you need premium support. The standard support is more for small enterprises. We have the premium support and with the premium support, it's much better. There's a direct line to the correct type of support. It's very good.

We previously used SiteMinder from Computer Associates. The main reason we migrated to Azure was for the integration with Office 365. It then became our primary authentication source for the employees.

The initial setup is not too complex. It's pretty straightforward.

We didn't need the assistance of an integrator, reseller or consultant for deployment. We were able to handle everything in-house.

The pricing is really great and Office 365 packages are good. We don't pay for it separately. It's included in our package and the APIs are really great. I'm not sure of the exact cost of Azure. It's a package deal.

We've looked into Okta for B2B and B2C clients, not necessarily for our internal employees.

We're just a customer.

We're using the latest version of the solution.

I would recommend the solution for employees. It's a really great tool. However, we tried it also for consumers, for clients for B2B and B2C. For me, it isn't really a great production product. We researched Okta for that.

Overall, I'd rate the solution nine out of ten.

We are a software development company and solution provider, and this is one of the products that we implement for our clients.

This is an easy way to give users access to applications. I can share access with other organizations outside of our network.

This solution is easy to manage.

The ability to grant access to other organizations is helpful.

It integrates well with a large number of applications.

Microsoft needs to add a single setup, so whenever resources join the company or are leaving the company, all of the changes can be made with a single click.

I would like to see a secure, on-premises gateway that offers connectivity between the physical servers and the cloud. The capability already exists, but it is not secure enough when the setting is marked private.

I have been using Microsoft Azure Active Directory Premium for about a year.

In the time that I have been using Microsoft Azure, I haven't had any problem with stability.

This is the right platform if you are looking for scalability. We have more than 100,000 users.

We have not needed to use technical support. 

We have a couple of contacts in the Microsoft team, so we will reach out to them in case we have any questions.

I have recently been working with Okta, and I find that most organizations are moving toward it. With this in mind, I think that Microsoft has to take care, and consider why so many people are switching. The most important reason is the single setup. Once they set up Okta, it's easy for the organization.

I have been working in Microsoft Azure for a long time and I find the initial setup to be easy.

For maintenance, we have a team of 20 administrators and developers.

Licensing fees are paid on a monthly basis and the cost depends on the number of users. There are no charges in addition to this.

The suitability of this solution depends on the technology and the environment at the organization. Many companies are still transitioning to the cloud, leaving part or all of their data on-premises. Ultimately, it depends on the data that they have and their preference or requirements for keeping it on-premises. In some cases, people want to move only non-private data to the cloud. All of these things have to be considered before implementing Azure Active Directory.

I would rate this solution an eight out of ten.

Microsoft Entra ID has made our organization more secure. 

The tool's most valuable feature is conditional access. 

The product needs to improve its support.

I have been working with the product for five years. 

Microsoft Entra ID is stable. 

The product needs to improve support. There are many steps before you get to someone who can solve the issues. 

Neutral

Microsoft Entra ID's deployment is easy. 

Microsoft Entra ID helps save money since you don't need a second MFA solution. I rate it a nine out of ten.