Microsoft Entra ID Reviews

We need it for running MSA protection for most of the users. We need Azure AD Connect because they are highly on primary setup, so they need to sync on primary with Azure AD.

From the beginning when I joined the company, they were already using Azure AD Premium. The most wanted features would be the synchronization between the Windows AD, Azure AD, because there are so many capabilities that just because we can't sync their own from Azure AD.

The most beneficial feature would be the effectiveness of having a hybrid set-up. When we need to create an account, we create it in Auto Activator 3. Even though the users are created and managed in Windows really, we can use all the benefits of the cloud, as well.

Right now I can't point out a particular feature, but sometimes when we work, it evolves.  There are so many features that are out recently, so it'd be hard to set up MSA for obvious remote users, so users who are using Azure are hard to use it remotely. So, while we're setting that up, we have face of issues which show the limitations of Azure.

Initially, we wanted to exclude specific users from MSA. So, we had a condition policy, which forces MSA for all the users. So we wanted to exclude users who are using an NPS extension.  So it was not listed, as a NPS extension was not listed outside an application, in actual, so, we go back and were not able to exclude users using NPS extension from MSA. So that was one limitation that we found and we had to work around that.

We noticed recent additions on display that have been in recent updates. On the board, there are some features that still need help. 

The stability is pretty good. Earlier, there were freezes here and there. But, we overcame it. What w have now is stable, but they are trying to include more features.

We have almost 500 users. So, it is pretty easy. They are including more features, which enhances onboarding and decommissioning users. From an actual perspective, it's pretty easy to scale.

Tech support has its up and downs. So, sometimes it will take one week, and other times two weeks to resolve a case. Sometimes they have to respond fast, and they do so. It is not consistent.

It's really affordable. It does not feel as if it is too costly. It's okay to spend this money for this product or feature. Yeah, I think it's affordable.

If you have connections with a PSP partner, it will be easy, I guess. If you're buying an Azure AD Premium independently, you won't have a helping hand from them. You'll have support  but, not much other than that. With a PSP partner, you will feel like that you can implement or you can quadrate.

Once Azure is developed, and fully established, it will be a perfect product. It is still in the development stage at present. 

The primary use case is collaboration. So it's all about federation of identity and permissions.

Identity is one of those things that you need to be separate from your actual tenant. There's a benefit for it being separated from your actual tenant for reasons of security and containerization. 

It's very easy to run and it's part of their ecosystem and I don't think it's going anywhere anytime soon.

Back in '96, '97, '98, nobody was doing intake. So that was a new thing that came in 2000. And it created the container based inherited permissions, which was new for that stage. Before that it was very static, there wasn't inheritance, there wasn't assertions. Then they introduced that and they've slowly built it, and then it just got too big and old, and really the database that MT's on is just vulnerable to all these attacks. And that's primarily why they want people to get off it. There's about four or five open attacks that make it very easy to both intercept the credential requests, and also attack the database itself.

The ability to speed up delivery is a nice benefit, because rather than having external dependencies there's a certain guarantee that if you use anything within that technology platform. Whether it's full of applications, or various other things, there havee already been regression tests by the vendor. And you don't see the same defects that you get when you have integrated systems.

The fact that it's an ecosystem in itself is probably the best one. It fits into the whole Microsoft stack. Everything this year is all about stacks, and I tend to agree. The inter-operability  and complexity of things these days is just too big. These things change too much. So you don't really want to be stuck between three technology stacks that are changing. If there's a defect, you won't know which one it's in. Trying to hold the service provider to account is quite hard. I'd probably say, yeah, stay with the stack if you can.

I guess price would be the thing, and some of the proprietary lock-in. But, I guess documentation and support would be good.

The features are fine. I wouldn't suggest any features because you can keep adding to it. But, its simplicity is that it works under its own ecosystem. It's nice and reliable. If you start adding all these extra things to it, it'll probably cause complications with some of the legacy things that are still slowly just hanging onto them. But, to look at more documentation, engineering, or an open standard would be nice.

It's like any technology. It appears that if it did have stability problems they don't really exist anymore in the same way. It's like any introductory development technology. Because its identity, it has to be perfect. It is either secure, or it's not, and unfortunately there's a million ways for things to go wrong and there's only one way for things to go right when there's no give. You do see a lot of issues with it at the beginning.

It is mathematical. So, it's like most things. Took a while to get the XAML certificates and all that sort of stuff working. But,now it's a very common thing. You get a session certificate on your phone when you're doing things. When you join a session on your browser on your mobile phone. It's just very common things now.

I'd say there's about 5,600 users of this solution in our organization.

There are set rules. But, it's a security mechanism. If you try and get your swipe card pass for your office, and then you try and integrate it with one across the road, they're literally being designed not to integrate with each other by design. This is because if you want it secure, you don't want to have it integrate. The same thing works with changing the posture of something after you've initiated it. Expect this sort of behavior.

The tech support is OK. I'm talking more about the engineering structure of it. As I said, you can understand why security things have a tendency to not document it, because it's one of those things. Do you want more people to review it and make it harder, or do you want to covet it and reduce the exposure of it?  It's catch 22. You're damned if you do, damned if you don't. Doesn't matter which way you go.

We have prior experiene with Novell. 

It's easy in its essence, but part of the ease is like anything that seems easy is generally complex when you try and fix it because you've skipped over so many configurations. It's like a wizard that you go, "Yep, it's done." And then it breaks, and you say to yourself, "Oh, hang on, I clicked one button. How could I have done that differently?" It's a lot more stable than it used to be. They've got into a maturity plateau where they're not developing it anymore within for reasons of functionality and the product doesn't really break much.

There's no such thing as a "free lunch." If you'd save money here, it costs money there. If you pay more upfront, you pay less when you get off. The market equals itself out, like a free market. So, it generally does. It's more about convenience at the end of the day.

As a user, I'm not an owner of the tech, so as a consumer, even if I am a specialist, I still don't own the technology. I just want to lease it, subscribe it and make sure that the owners of it are able to meet the facilities of it in its life-cycle.

There's a couple of other options on the market like Okta, and a few things like that. They're quite simple, and because they're separate from the whole Microsoft ecosystem, they do have some benefits in that they're completely focused on only that product and only that requirement. With Microsoft, they're like an octopus. They have so many different requirements and priorities that sometimes they don't invest all their energy into the products that you have expectations to investigate.

Last year Microsoft had said that the onsite Active Directory ,as we know it, is going to be deprecated. So that means group policy, that means security groups, the NTLM and all that  we've relied on for so long is going to come to an end with this modern management philosophy. That's why I did those group policy changes. From group policy, which is essentially the ability to control the operating environments of managed devices, rather than that, Microsoft wants only a mobile device management policy. So it's pretty much a HTTPS or SSL assertion to manage devices off the domain, and they will all come from Intune.

So, they're not going to be managed by a set of static policies. They're going to be set by a whole heap of compliances. Does that make more sense? It's not conforming. It's when you assert yourself, and us for a particular requirement from the domain. They check your requirements per request, which takes the load off the environment quite a bit. So they only validate you when you ask.

It's a lot easier to get an engineer to understand the Microsoft stack then some esoteric random "Joe." There's just are not enough people in the field.

You're better off creating a pilot tenant on your own. You can set up one that's free using one of their 30 day trials, and while you're doing that try and make it as realistic as you can to the environment you're coming from. Make sure that it is true in terms of network, commissuib and integration. If you're going to use a MDN for mobile device management, or you're going to use applications for the federated sign-ons. Try and get as much as you can in it. You've got 30 days and they're quite liberal with allowing you to trial it.

Most of the capabilities are there internally. You can't expose external DNS names or anything and use it as an external platform, but internally you can. So spin up a VM or something internally and do the same things you would. I'd dare say: test it and prove it. You've got to prove it to yourself before anybody. I wouldn't trust anything from a brochure or anything else. Your reputation's on the line. You're doing something important for someone else and you've got to verify it yourself and put it through the paces. Spend enough time doing proof of concepts and pilots.

The primary use case of this solution is single sign-on, and if a company is going to use Azure AD, a lot of what they are looking for is to manage those sign-ins and logins and have a single place for it to be.

I've been in the Azure space since it started out and in the Microsoft Cloud AD since the BPOS days in the early 2000s, and it's just a product that made life simpler for my clients to be able to integrate everything.

The self-password reset if its enabled and configured properly, really helps a company be able to reset rather than getting IT involved. 

Additionally, the capability of adding that single sign-on for other pieces that you might want to run through Azure Active Directory, such as Office 365 or Salesforce or any number of different third party authentications that you need can be done through Azure Directory Premium.

One of the things with Windows 10 as a company client's software is that they're using it on laptops, desktops, or whatever. In Active Directory Premium, you can control the sign-in and the spaces where documents might be kept on that device with Active Directory Premium and the rights management piece.

Documentation I think is always the worst part with what Azure's doing right now across the board. You may run into an issue you get a technician that says, "Here, look at all these links through self-documentation, and then make comments to it if you want to change it or do something." It's just that the documentation itself, is not very friendly to somebody who is just going in to it. If I had to turn it over to a customer, I just don't think that documentation is that friendly to somebody who does not have in-depth knowledge.

Three to five years.

My impressions of the stability of the product are that it is a pretty good product. I have seen one outage in the last three years, where it just would not work. It only lasted an hour. It was a pretty big deal, but other than that it has been very dependable.

It scales really easy. It's just adding more scales. It is eally easily as far as number of users are concerned, if you're talking about scaling into other apps or other things that you have. Again, there's a configuration curve there. But, if you're scaling applications or services, then there can be a little more difficulty in that.

It's hit or miss. I've had more success in the last probably eight months than I had prior to that. If there's one downfall to their tech support, it's too compartmentalized. So if you're talking AD Premium, and again, with all of the different pieces to it. If you have a single sign-on issue, you might get a different technician than you would get for a joining a VM to Azure AD or whatever. They compartmentalize their tech support, and I will say to myself, "Well, just give me a guy that knows what's going on." But, then they get very compartmentalized in their tech support. They have to bring somebody else in, or have to research or do whatever. So, that's the one criticism that I have. Response has been excellent. They get you well within their SOAs, depending on what you've got paid for tech support.

It's pretty straightforward depending on what your needs are.

Licensing is easy.

The biggest piece of advice is if you're planning for all applications that need authentication, and making sure that all applications that need authentication or that you're going against, that you're using the premium parts of Active Directory for, are compliant with the solution and not finding out afterwards.

My primary use case is for our business directory, we have integrated everything into Azure into the Active Directory. 

We basically use this for Skype. We are using the cloud environment and we need the Active directory to be ticketed so if we can call and they can log in at the moment. Apart from that, we use it for video connections. If people are working from home, it is helpful that it is in the cloud. At the moment, we do not need to go for the VPN, and then we can connect. For this purpose, we use the Azure. We run quite a big business, and it is helpful with the electrodata we have used. 

I like the way it communicates to the cloud.

Whatever business requirements we needed in the past three years, users were created, with the name of the user and they were not connected with the Active Directory. We were trying to in house in three years and with directory, but we were not able to achieve it. Based on that we have informed Microsoft. And now we have created the things that are connected to the  cloud.

In Africa, we do not have the same bandwidth with internet speed. This slows the connectivity and it provides challenges for our business.

Three to five years.

Yes, it is a stable product. But, sometimes we had problems due to the network. We are running in more than 24 countries. In Africa we were having issues, but I would say that 80% of our users are happy as a result of us switching to Azure. 

The scalability of the product is fine. 

First, we create a ticket. Then it is assigned to the technical support team. Afterwards, there is a number assigned to the request by the Microsoft team. We then upload the report of the log, or the case that is required. We then wait for the solution. Then, we can test it and implement the correction for the solution.

It was a bit complex. We initially had an issue with our IP address, but it was resolved.

I believe that this solution has simplified our work environment. We have over 13,000 users and this is very helpful to connect everything. 

It is a really nice tool and we have a license for the more complex model. It is not too expensive.

Be aware that it may not work perfectly globally yet. There are still glitches with the solution in Africa.

I primarily use this solution for hybrid deployment, security, securing resources and for integration purposes. In terms of security, we have been using the B2B/B2C hybrid integration with the certificate authentication.

From a practice point of view, of storing secrets internally on Azure AD, we use the certificate when we can.

I would advise to allow an ex-client user to change their password. At present, you can only change your password externally if your password is still valid. If your password is expired, you cannot actually do it through Azure AD.

Most of the time, this product is doing purpose-built solutions. Some people on my team like the multi-step authentication. Others like the fact that it secures their resources externally.

We found the ADFS being a redundant part of the solution. But, it was removed. The licensing is a bit confusing if you are not going into the premium model.

Three to five years.

It is pretty good in terms of stability. I have not had any issues. It has not crashed.

In terms of scalability, we have not had any formal issues or outages from the solution. We are currently using it for 100 users. But, our clients are also using it, and I think we have at least several thousand clients using it.

The initial setup was straightforward. It has been improving a lot in the past couple of years. Yes, it is a lot easier now than when I first started working with this solution. 

I would estimate that the initial setup would probably take a team a week to set up.

When implementing for one client, where they had ADFS turned on, we could not ID enough ADFS and when there was no internet connection. This was a Catch-22 for us, and very frustrating. I would advise new users to use Azure over the ADFS.

Our primary use case is to simplify directory deployment and centralize source of management. Within our own consulting business, we choose to use Azure AD.

The centralized management feature is very valuable. Being able to delete stuff in one place, from any location is really great for us. In addition, we do not have to deploy lots of machines all over the place to run things as a service, which is how we like to deploy things, just as a service. So, this makes it easier to deploy, easy to set up, and work with. It is easy to use, and makes quality of life issues a reality for us.

It would be nice if it had some visualization tools. A bit of visualization would be really nice to show your Azure directory structure. It would be very good because you might have sub-domains and odds-and-ends going on. So, a bit of visualization would be really good. Being able to plug it directly into the video to produce models would be a really nice feature.

Less than one year.

The stability is really good. We have not had an issue with it at all. It is always there for us.  As a part of what Microsoft seems to be doing, it is taking away from what dedicated machines that you have to fiddle and tinker with to run services on, and turning them into services you can just access.

My experience with tech support has been really good. I have had a couple of issues where I have logged the ticket with Microsoft, and I had someone on the phone with me regarding the ticket within a half an hour. It was a real technician who really knew what he was talking about. I was very impressed.

We had a problem related to Office 365 and Skype, and not being able to generate a Skype session when everything else seemed to be working. The tech support helped us fix the situation. They have a good depth of knowledge  and it is not just people reading off a script. They are real users, with real experience.

The initial deployment and setup was pretty straightforward. It is pretty easy. It is not that hard to get going, and the thing is that it is quick to integrate well with your Windows.

If you have an existing environment that consists of on-prem AD based environment, then you will want to go with Azure AD. You need to talk to your service provider, or your in-house IT team. Get them involved to help. We did so, and then we just set up a whole new domain and got rid of the old one, and set up the new one on Azure AD. Microsoft will help walk you through the process.

It looks like they're just making everything as a service and it is pay per user, and that just works for me. It's really good. Gets the cost down and lets you scale if you need it.

It is easy to use, straightforward, and in my language. It does exactly what is says, and does not pretend to be anything else.

It's a very good solution.  You can manage your entity's enterprise identity using Azure Active Directory, and again, you can do several administrative activities. You can also use your Power Shares sorting and interfacing the endpoint.

It helps us with maintaining enterprise identities and integrating enterprise in those applications are some of the assignments.

We do have an expanded feature. We have captured video, so that other people can get their hands on getting used to it. That is, they can get used to the platform and implement it from the beginning.

We find the Integration accessory integration the most valuable feature. You can have your application integrated with an actual directory. You don't need to do much code, you can use interfaces and it's a direct integration. So, no need to worry about the requirements of your application.

The licensing cost is a bit prohibitive.

Less than one year.

I have not encountered any issues of stability with the product.

It scales as far as it depends on the contract. So, it is useful, with plenty of management capabilities. It is pretty flexible, scaling, you can scale in or out as per your requirements.

I have not contacted tech support.

It is a very straightforward implementation, and you pay as you go. It depends on your number of users, number of applications integrated, and how you prepare your topologies (the arrangements of the network). So, it is pretty much flexible. You can custom tailor it as per your business and target , business implementation and requirement. 

I have some prior experience with Oracle Unified Directory, as well. It is a less compliant directory service. 

In comparison, Azure Active Directory is mostly used with tighter integration. In most of the cases, enterprises are using Office 365 for the communication site online. If you have a requirement like integration with Office 365, then Azure Active Directory is a perfect solution. If you want to integrate other applications or workstations, you can use any compliant directory that works.

We primarily use this solution for tracking authentication.

The quantum we are using is probably the authentication The security-based factor of authentication.

The most valuable feature is the factor identification. I find that it is natural integration, and it is just a natural step. I do not need to do anything else.

I think there is room for improvement with actually discussing, and advertising Microsoft as a an authenticator. Many people just get confused and use Google. It's weird because it's exactly the same way that it works. But it's there, it's definite region to start the people is more used to use their the Google authenticator instead of the Microsoft authentication. I think if Microsoft would make more of an effort to penetrate the market, that would be key.

In addition, it would be nice to have a biometric authentication like voice ID, or any of your medical ID. This would be a nice additional feature for Azure to have.

We experienced the aset surge that happened a month or so ago. There was a storm that broke one of the data centers in south-central. The functionality of active directive for Microsoft support was in shortage.  It took a day to return back to functional use.

The solution is scalable for our needs.

I have not needed to request technical support. All of the Microsoft guides are really good and are very helpful.

I know more about Microsoft than any other technology, that's why I didn't look for any other competitors.

It was a very straightforward initial setup. To be honest, we are a pretty small company so for us it's one portal and everything is there. It's not that complicated.

I like it, I love it and it works fine.