Microsoft Entra ID Reviews

Our use case focuses on ensuring company security through authentication, two-factor verification, groups, and access management. This includes SSO, SFTP, FTP, to manage access for both internal workers and external users who need to access our system.

The best features include the visually intuitive navigation through the platform, which has been evident since the beginning. It is more stable, and the features that Azure delivers make it easier to work in a hybrid environment since we are working with both environments.

Microsoft Entra ID's conditional access policies are very effective and significantly enhance company security. They are very specific, which is particularly beneficial.

The identity protection features have helped mitigate potential threats through our external systems, which are protected through Defender and firewall and private endpoints. We are primarily concerned with Azure DevOps, ensuring maximum protection as we run systems on the Azure Cloud. This protection is achieved through Defender and private endpoints, ensuring our operations run on-premise in a closed environment.

The subscription costs are quite high, so that area needs consideration. Apart from pricing, the support response time could be improved as ticket resolution sometimes takes longer than desired.

There are approximately six people working with Microsoft Entra ID.

The deployment experience was mediocre overall. As a self-learner who watches videos and reads extensively about necessary work topics, the process was relatively easy for me.

The deployment took between four to five months to complete.

The stability is very good, warranting a solid eight out of ten rating.

The scalability deserves an eight out of ten rating.

The technical support is very good, with most inquiries receiving satisfactory answers. However, the waiting time reduces the overall rating to around seven out of ten.

Positive

While I haven't worked with different products, Microsoft Entra ID stands out because it provides an all-in-one solution. With adequate time and dedication, one can achieve significant results with this platform.

The implementation was done through a partner purchase.

While specific monetary return on investment is unclear, the solution has improved our work efficiency. By eliminating the need for multiple VPN channels and enabling direct work from Azure servers, we have achieved approximately 30% efficiency savings.

The SSO functionality is an excellent feature that simplifies work, especially for users with limited IT experience. Despite a busy period last year when Microsoft implemented single sign-on and authenticator for all users, the system has performed effectively.

Regarding seamless integration with third-party applications, Microsoft Entra ID offers a complete solution, particularly beneficial for medium to large companies. Having worked with Dynamics CRM and implementing systems with API, I can confirm that achieving integrated system functionality creates robust company infrastructure.

The solution requires less maintenance compared to our on-premise solutions. While we perform frequent patching and updating on-premise, cloud server updates are minimal, typically only when our external consultant requires changes.

I would recommend this product to other users because I work with clients and my own company exclusively using Azure. It is the only system I recommend due to my expertise and its comprehensive package that allows for expansion.

On a scale of 1-10, I rate Microsoft Entra ID a 9.

Hybrid Cloud

Microsoft Azure

We are using Microsoft Entra ID for multiple purposes, such as managing all authentications and changing passwords online. Previously, we relied on an on-premise network, which required us to be on-site to change passwords. With Microsoft Entra ID, we can synchronize it from anywhere on the network. We have an Azure AD Premium license and utilize features like conditional access policies to control identities. We use it primarily for managing identities inside the organization.

The best feature of Microsoft Entra ID is that it provides more granular control over user identities. The conditional access policy feature is particularly valuable, and it's something we use frequently. Microsoft Entra ID helps us manage identities according to security standards, and it allows us to implement least privilege access effectively. The logging and monitoring capabilities give us insights into activities, offering a single pane of visibility to detect anomalies, ensuring enhanced security.

In terms of improvement, we face issues with latency and responsiveness. Changes take some time to reflect across all users, sometimes up to twenty-four hours, which can be challenging when we need to implement drastic changes. Additionally, Microsoft's documentation can be insufficient. Some technical configuration details are missing, requiring us to consult external sources like forums or communities. They need to improve their documentation to ensure all necessary technical information is covered.

We have been using Microsoft Entra ID for six to seven years. Before that, we had an on-premises Active Directory environment, and then we transitioned to a hybrid setup with Azure connect. This has been our setup for around six to seven years.

Microsoft Entra ID is stable. It functions as it is designed, but improvements regarding the responsiveness of the solution are needed. Sometimes, rolling back changes takes longer than expected, affecting our operations.

Microsoft Entra ID is scalable. It integrates well with third-party tools.

I have experienced mixed results with technical support. Sometimes the support is excellent and technical issues are resolved quickly. However, there are times when complex tickets are assigned to non-technical personnel, which prolongs resolution times. After a delay, we might find out that an issue is out of scope for a particular agent, causing further delays.

We previously used on-premises Active Directory and switched to Microsoft Entra ID to reduce infrastructure. We have a hybrid environment now but maintain some local infrastructure for testing purposes.

The initial setup of Microsoft Entra ID is not straightforward; it sits between easy and tough. Implementing features requires vigilance and certainty before making changes due to its complexity. Microsoft's documentation misses some technical details, creating a need to refer to external resources for certain configurations.

Our deployment was done in-house. We did not use an integrator, reseller, or managed service provider.

Microsoft Entra ID provides visibility for security, such as tracking identity movements. By not relying on an on-premises solution, our infrastructure management is simplified, which aids in disaster recovery planning. We also integrate security features like risky users policies that enhance our security architecture. This contributes to a good ROI.

I rate Microsoft Entra ID at eight to 8.5 out of 10 overall. The solution is mature, with a big community and a strong reputation in the market. It's recommended due to its features and community support, though implementation challenges and documentation issues require attention. Community support and Microsoft's reputation are valuable, but the latency and documentation need improvement.

Hybrid Cloud

Microsoft Azure

My main use cases for Microsoft Entra ID are authentication and access management.

The features of Microsoft Entra ID that I like the most are Conditional Access.

The implementation of Microsoft Entra ID has a significant impact on my secure access to apps or resources in my environment because it ensures that for every SaaS app we have, we can log in with enterprise accounts instead of having to create different accounts. If we disable a user, they get automatically disabled as well in those SaaS apps. That's definitely a big win compared to Active Directory in the past.

I think Microsoft Entra ID can be improved, but that's a broad question, and I'm uncertain about specific areas.

I have been using Microsoft Entra ID for almost 10 years.

I would assess the stability and reliability of Microsoft Entra ID as working fine with good uptime. There was an issue a few years ago, but that's been resolved now.

I haven't experienced any downtime, crashes, or performance issues.

Microsoft Entra ID scales with my growing organizational needs and scales pretty well, supporting up to hundreds of thousands of users.

I haven't expanded usage beyond what we currently have, as we only have as many employees as we have.

When we have to expand usage, the process is smooth because we don't have to do anything; we just add users.

On a scale from one to ten, I would rate my customer service and technical support for Microsoft Entra ID as pretty good, with the support being amazing for identity.

Positive

Prior to adopting Microsoft Entra ID, I couldn't really use another solution to address similar needs because Office 365 can only work with Microsoft Entra ID; it's tied to it.

I would describe my experience with deploying Microsoft Entra ID as working pretty easily.

The deployment of Microsoft Entra ID was easy with just a quick setup, and for Conditional Access, it's well-documented.

I didn't face any challenges during the implementation.

I have seen a return on investment with Microsoft Entra ID, but we didn't have another solution, so when you have Office 365, that's the only thing you can use.

My experience with the pricing, setup cost, and licensing is that we have Microsoft Entra ID Plan 2 licenses, so for us, everything is included, and I don't really work with the other models.

I didn't consider any other solutions before selecting Microsoft Entra ID because it's the only option with Office 365, so you don't have another choice.

Since implementing Microsoft Entra ID, I observe changes in the frequency of identity-related security incidents in my organization, though I'm uncertain about the specific details.

Since implementing Microsoft Entra ID, I definitely see all of the identity risks that are detected for the users now. Before, we didn't have any view on that.

My organization's approach to defending against token theft and nation-state attacks has not changed specifically since implementing Microsoft Entra ID.

The features of Microsoft Entra ID have benefited my organization because we're just more secure. We have less identity theft and no identity compromises since we have MFA now, whereas before, we didn't have MFA.

The integration capabilities of Microsoft Entra ID have influenced my zero-trust model significantly because we didn't have a zero-trust model before.

I don't share any metrics or data points that demonstrate the impact of integrations because before we had nothing.

The implementation of device-bound passkeys and Microsoft Authenticator has affected my organization's approach, and we use phone sign-in with Authenticator.

I would rate my overall experience with Microsoft Entra ID as a nine. The advice I would give to another organization that's considering Microsoft Entra ID is to pursue it because it's included in Office 365.

Microsoft Azure

We primarily use Microsoft Entra ID for application registration, especially for Software as a Service applications, which are prevalent in managing the power grid. These applications support various needs, such as managing contingent workers in our 24/7 operation. While we still utilize some on-premise applications, we prioritize cloud-based solutions for their high availability and accessibility. Furthermore, we are actively exploring B2B collaboration features in Entra ID to manage guest accounts, which offers significant cost savings on licensing and enhances ease of use for external users. Optimizing guest access privileges is a compelling business case for utilizing Entra ID effectively.

Microsoft Entra ID has helped by simplifying our management of permissions for APIs. We are not directly exposing credentials, as we use tokens instead. It has made management easier and more secure, especially in a multi-user environment.

The implementation of Microsoft Entra ID significantly improved secure access to applications and resources in our environment, primarily through the widespread use of single-sign-on. Managing API permissions became much easier, as application registration often involves calling an API to utilize services without directly exposing credentials, relying instead on token-based authentication. This streamlined approach benefits end-users by simplifying access while remaining transparent to them. Ultimately, my role focuses on ensuring a smooth and user-friendly experience, even if the underlying technology remains unseen by the end-users.

Our company strongly emphasizes passwordless authentication, primarily through device-bound passkeys in Microsoft Authenticator. While administrators with high-privileged accounts utilize YubiKeys and passwords for tasks like accessing Microsoft Graph, we are actively transitioning all other users towards passwordless methods such as Windows Hello biometrics. This approach streamlines authentication and enhances security. Though initial deployment in 2022 presented challenges due to hardware limitations and the lingering effects of the COVID-19 pandemic, the technology has significantly improved and provides a simple and effective user experience.

The most valuable feature of Entra ID is having a cloud-based identity, similar to Google's single sign-on. This technology allows for a managed identity in a corporate environment, differentiating between work and personal profiles. Microsoft excels at this distinction, providing a seamless experience akin to signing on with Google across various platforms, streamlining workplace access.

One challenge with Entra ID is its complexity, stemming from integrating many components into a single solution. This complexity can hinder rapid adoption by professionals, suggesting a need for more streamlined, role-specific training to maximize the platform's potential.

I have been using Microsoft Entra ID for four years.

I have used Microsoft Entra ID almost daily for the past few years. Although there have been some minor issues this year, such as with CrowdStrike, it remains a stable platform overall. However, it may not have achieved 99.9 percent availability this year.

Although our company is small, Microsoft Entra ID is a scalable solution that meets our current needs.

Customer service is a mixed bag. Initial responses aren't always great, but once we find the right person, the support can be really good. The initial score is about a six, but with the right assistance, it moves to an eight or nine out of ten.

Positive

In the past, we used Okta and more on-premise solutions. In manufacturing, I used Duo as well.

The initial setup of Entra ID is manageable, especially for those familiar with domain controllers and Active Directory functionality. The straightforward process involves installing an agent on our server, after which Microsoft handles the propagation of information to the cloud.

Regarding my work, the managed identity with consistent feature updates that provide access, ease of use, and security comprises the most significant return on investment for us from Entra ID. While keeping up with updates can be challenging, ensuring security and ease of use makes it worthwhile.

Licensing costs for Microsoft Entra ID remain a concern, especially with the price increases in 2023. While these increases are often attributed to global supply issues or inflation, they still impact everyone. To address this, we are exploring guest accounts to reduce costs. Although many new features are still in preview, we are utilizing them with the understanding that once they are finalized and priced, they will be ready for widespread use. For example, we are implementing Microsoft Copilot, which carries a significant licensing cost. However, beyond the cost, data governance and role-based access control are crucial considerations. AI introduces complexities beyond traditional RBAC, requiring data labelling and different access management strategies.

I rate Microsoft Entra ID an eight out of ten.

Microsoft Entra ID is a great tool, but we face challenges working with numerous vendors and Microsoft Gold partners. Since we manage the power grid, we must proceed cautiously while ensuring effective solutions. Our 24/7 operations necessitate collaboration with other power companies that rely heavily on Microsoft products. To facilitate this, we aim to create a platform for seamless intercompany cooperation, especially since many are establishing data centers.

While I'm not as focused on cybersecurity these days, I believe the zero-trust principle should always prioritize security in its design. This foundational approach applies to everything, from individual tenants to startups. Microsoft, for example, uses default settings, which, while not always ideal, aim to avoid disruptions. I understand their approach, but security should always be paramount.

Our adoption of Entra ID has been slow, particularly with bulk electric management systems. While we desire control over our data center, incidents like the CrowdStrike outage highlight the risks of relying solely on cloud providers. This event sparked discussions among my coworkers and me about Microsoft's ambition to be the World's Computer, as proclaimed at Ignite Keystone. Such aspirations demand greater accountability, especially when outages disrupt global operations. Although Microsoft wasn't directly responsible for the CrowdStrike issue, the perception of their service reliability is still impacted. Ultimately, users will focus on the outcome, regardless of fault.

Hybrid Cloud

Microsoft Azure

Microsoft Entra ID is mostly integrated with Microsoft 365, and it serves as the backbone of the 365 services. Microsoft Entra ID identity platform is feature-rich, allowing for a lot of integration as a single identity model. As an identity provider, you can get a lot of external SaaS applications to identify and be authenticated via Microsoft Entra ID, which is very useful, allowing you to secure your identity in one central place as opposed to trying to secure it in multiple different environments or needing to authenticate users individually on different platforms. Authentication happens once through one identity platform. The Conditional Access policies that you can drive and control the identity flow through are also very useful.

Microsoft Entra ID becomes the central point of authentication for identities, and it has a big impact, a very large impact.

I cannot really think of any specific way where Microsoft Entra ID can improve.

I have been using Microsoft Entra ID for many years, probably at least ten years.

Microsoft Entra ID is very stable. Regarding reliability, there have been instances here and there, but nothing noteworthy.

I was not involved in instances where customer support was used, but I would imagine the teams would have reached out to Microsoft customer support for that.

Neutral

I did not use other solutions before Microsoft Entra ID, but the other solution would be predominantly on-premises Active Directory, which is a different identity management model.

I have definitely seen a return on investment for Microsoft Entra ID.

I do not monitor the frequency or nature of identity-related security incidents since my role is not to look after that; I do not work on the IT team for an organization where I control or monitor that. I used to many years ago, but I have since transitioned into more of a solution architect role which I do not really get involved with.

Since organizations have been using Microsoft Entra ID platform, you would need to change your approach in terms of how you authenticate users, which involves a lot of hardware tokens-based authentication, especially MFA. A lot of companies that I have worked with have implemented phishing-resistant MFA deployments, such as YubiKeys, and the interoperability between Microsoft Entra ID and YubiKey has been quite successful.

We predominantly use two solutions that are phishing-resistant, which are Windows Hello, for which we have done quite a few implementations of both the hybrid and cloud-native versions, which also integrate with Microsoft Entra ID. I would rate this review nine out of ten.

Hybrid Cloud

Microsoft Azure

Microsoft Entra ID is used for identity as the main use case.

The passwordless feature of Microsoft Entra ID is the most valued feature. The implementation of Microsoft Entra ID has had an impact on secure app access to apps or resources in the environment, particularly in security and compliance.

Microsoft Entra ID's integration capabilities have influenced the Zero Trust model significantly. Beyond the Zero Trust Maturity Model that meets the pillars, there are metrics or data points that demonstrate the impact of the integrations.

Since implementing Microsoft Entra ID, data points on bad actors in the frequency and nature of identity-related security incidents have been observed in the organization.

The organization's approach to defending against token theft and nation-state attacks has changed since implementing Microsoft Entra ID. It does help in addressing those concerns.

Microsoft Entra ID should continue to support the entirety of the Microsoft product line from the identity aspect and anything from the security and compliance that continues to evolve and change.

Microsoft Entra ID has been in use for almost five years.

The stability and reliability of Microsoft Entra ID is assessed as good, other than typical outages that every cloud service provider deals with. When there is a Microsoft outage issue, Microsoft Entra ID is one of the services being impacted.

Microsoft Entra ID scales with the growing needs of the organization so far with good results. Regarding expanded usage and workforce growth, the scalability has remained positive.

On a scale from one being the worst and ten being the best, customer service and technical support is rated as nine. This rating is given because there is always room for improvement.

Positive

Prior to adopting Microsoft Entra ID, a separate identity system addressed similar needs. The reason for considering a change was scalability.

The experience with deploying Microsoft Entra ID was definitely a learning curve, but once it was deployed, the organization moved into the operations and maintenance phase.

Working side by side with the Microsoft FastTrack team and the Unified consulting team ensured that deployment could occur in a scheduled manner. The deployment experience was definitely a learning curve as this was a new technology that had to be overcome, and the organization is proud to have accomplished that.

A return on investment has definitely been seen with Microsoft Entra ID.

The experience with the pricing, setup cost, and licensing for Microsoft Entra ID is that it is hoped it could be cheaper, but the Microsoft license model is accepted as is.

Before selecting Microsoft Entra ID, other cloud service providers were considered. What stood out in the evaluation of these options was the positive aspect of Microsoft Entra ID as the organization wanted to be more cloud-native for the office productivity transition from legacy systems.

Data points definitely demonstrate the transition of the workforce into the modern work environment from the previous legacy systems. The implementation of the device-bound passkeys in Microsoft Authenticator has involved a culture shift in the use of different multi-factor devices with Microsoft Entra ID. The process has been smooth.

Microsoft Entra ID is rated overall as ten on a scale from one being the worst and ten being the best. For another organization considering Microsoft Entra ID, it is advised to better understand the landscape and the architecture prior to testing, and to definitely go through the testing and evaluation before going into the full deployment.

Public Cloud

Amazon Web Services (AWS)

We have a hybrid environment where we sync our users from on-premises to Microsoft Entra ID. The main purpose is to utilize Microsoft applications and services, like Microsoft 365 applications. We also use different integrations with Microsoft Entra ID for other cloud-based apps like Salesforce, enabling Single Sign-On integration.

One of the best features is that if users are synced with Microsoft Entra ID, you can integrate different enterprise-level apps like Salesforce, Oracle, and CyberArk. There are hundreds of apps you can integrate. Enabling Single Sign-On using Microsoft Entra users with these other cloud apps is a significant advantage. Single Sign-On is highly valuable.

Microsoft could enhance features regarding user retention for inactive accounts on Microsoft Entra ID. Another improvement needed is in the report customization for enterprise application configurations, making them more graphical and suitable for management presentation. Additionally, the freedom for Group Policies needs enhancement in Microsoft services like Intune.

I have been using Microsoft Entra ID for 6 years, and it is now going to be 7 years.

Microsoft Entra ID is a stable solution. We have been using it for the last 7 years, and it continues to improve with feedback from customers. It is a very stable solution.

It is a scalable solution. We previously had 300 users and now have 1,000 users. The number of licenses has increased, and Microsoft Entra ID has helped manage various Microsoft services under one platform.

Microsoft's technical support can be rated as 7 for front-end support and 8 for tier-two or advanced level support. Sometimes, level-one support lacks the immediate information needed, causing delays in receiving appropriate support.

Neutral

We were using Microsoft's on-premises Active Directory and a different Endpoint Protection. Now, we use Microsoft's Endpoint Protection due to licensing benefits. We also switched from another system to Microsoft Dynamics. These changes have helped reduce both capitalized and operational costs.

The setup process was relatively straightforward due to Entra Connect, which syncs on-prem users to Microsoft Entra. However, managing Group Policies in Microsoft services is still somewhat complex.

We engaged integrators, resellers, and Managed Service Providers for various projects. These service providers supported our deployment.

I cannot provide a specific figure, but moving our CRM and ERP to the cloud has reduced the need for on-premises management, saving on both capitalized and operational costs. This transition has allowed us to reallocate budget to more productive activities.

Licensing with Microsoft 365 often comes bundled, which simplifies license management. This unification reduces the need for separate licenses for Office applications like Word, Excel, and PowerPoint.

Before choosing Microsoft Entra ID, we evaluated other security and identity solutions, including Microsoft's on-premises Active Directory and different Endpoint Protection systems.

I would rate the solution as 9. It is a very good solution for unified management. I rate the overall solution a 9 out of 10.

Hybrid Cloud

Other

I rely on Microsoft Entra ID for syncing customers' on-premises Active Directory to the Microsoft 365 stack. I also use it for managing multi-factor authentication and other enterprise applications for our customers.

Microsoft is at the core of any customer I work with. Microsoft is the core of their identity, communication, and business applications. Microsoft acts as a one-stop shop for calling, meetings, collaboration, AI, and business applications like Dynamics 365 and Outlook. Many services are bundled, providing potential cost savings for organizations.

Conditional access is an additional feature of Entra ID. It allows organizations to say that these devices are allowed to connect without MFA or with MFA and meet certain compliance standards based on what is set in Intune. There are a lot of things that can prevent devices from connecting to your environment unless certain conditions are met. That is a big thing around the security of Entra ID.

It helps allow devices regardless of having an active VPN connection. You can enable your remote employees to access corporate resources without having massive security walls. It not only allows those devices to connect to the network seamlessly, it also allows them to connect securely. It is not that they have unfettered access to your network. You are securing things down where they are only allowed access to certain resources.

The implementation of device-bound passkeys in Microsoft Authenticator helps with phishing-resistant authentication. It helps ensure that every employee that you have is actually that person. It ensures that they are entering the PIN from their phone via the Microsoft Authenticator app and they are who they are. Even if their password is compromised, you still have another level of security for device access. It is not just access to a phone. They have to have pass lock screen access and access to the Microsoft Authenticator app to approve those notifications and type in that secondary code. Requiring a user to enter a two-digit code that is showing on their screen ensures only authorized access. It has been helpful in all cases. I deal with multiple customers, and most of them have hit security issues due to people pressing a random authentication key as approved, not knowing what they are pressing, even though they know it is an authentication prompt. Having that ensures that they are who they say they are.

This constant reauthentication to applications helps with organization security. We are not letting you sign in once and remain signed in for 30 days. If that device gets compromised, your corporate security is at risk. Lowering that authentication threshold to every 24 hours or 12 hours and making a user reauthenticating helps to make sure that they are who they are.

Token Replay detection has a big impact in terms of malware. Some people click on random PDFs in their email attachments and things get through. This is happening even at a larger scale, for example with Linus Tech Tips. Someone clicked an email, and they clicked an application that ran the machine and gathered every authentication token for everything the user had access to. They happen to have access to their YouTube account and other things without MFA. Being able to detect if a token is being reused potentially from another IP, with a snap of a finger, is a great feature. If a token is compromised, you can block it.

Since implementing Entra ID, identity-related security incidents have gone down drastically. 

The most valuable feature for me is enterprise applications. This functionality allows the building of applications that are tied into APIs that we can grant specific permissions and limit the scope of access. This is the most valuable feature for me because I do a lot of automation with PowerShell and APIs. We can secure the applications that we are building and make sure that if the application were to be compromised, there is no full access to a customer's environment causing issues and other security concerns.

Microsoft could improve by stabilizing its branding. I still call it Azure AD. Some of the customers I work with call it Azure AD. Branding makes you stand out in the market, but it is something that also confuses people. The frequent changes in branding cause confusion among customers who struggle to keep track of product names and functions. They get used to things, and then it changes the next day.

I have been using it for about 15 years.

The stability of the solution is very high at 99.999%. There have been some global authentication outages in the past, preventing users from authenticating to business applications, Teams, and other things. It has caused some issues there. Over the past three years, there have not been any major authentication outages. If there have been any, they have been quickly resolved, minimizing any potential business impact.

It is fully scalable.

Overall, I would rate their support an eight out of ten. Their frontline needs some work. Reaching the necessary level of support can take time. It can take multiple days to get through tier-one support, but the assistance received at higher levels is effective. When you get to the tier you need, you do get the right answers and support. The actual support when you get to that level is a ten out of ten.

Positive

Most of my customers previously used on-premises Active Directory with ADFS. ADFS had integration with other platforms for two-factor authentication, but it was not a comprehensive solution. Everything was not under one roof. If the third-party application that was being used for authentication as part of ADFS got compromised, you have a problem, whereas now, everything is under one umbrella of Microsoft. We have more security and fewer components to worry about breaking. We can prevent unfettered access to the environment.

For most of my customers, it is a hybrid environment. Azure AD Connect helps sync their on-prem user attributes to the cloud and vice versa. You have password write-back, group write-back, and other things. You are not just stuck in one environment. You are not just doing one-way synchronization. You are actively making changes in Entra ID that are syncing back to on-prem AD. A lot of the customers I deal with have a very massive on-prem AD environment. It is hard for them to move away from that because there are a lot of things that still require on-prem AD. This allows us to have the best of both worlds, a hybrid cloud environment and also a hybrid on-prem environment.

I would put myself as an expert on it. I am the consultant for deployment.

The return on investment comes from not needing as many IT staff to manage and verify user identity and ensuring seamless device connection without needing to administer device compliance manually. Devices can seamlessly connect and authenticate. Nobody has to manually add serial numbers and other things in Intune for compliance. Entra ID has been very beneficial.

Most features of Entra ID are part of Microsoft's ecosystem and included in Microsoft 365 bundles, which means there are no additional costs associated with pricing and licensing.

We evaluated Duo. Entra ID is a part of Microsoft's ecosystem. You do not have to pay additional for it. It is included. There are additional features out of Entra ID P2 for additional security and other things, but as a base, you get Azure AD P1 as part of most M365 bundles.

I would rate Entra ID a ten out of ten.