We use Azure Active Directory for our project management proposals. Employees who are onboarding in Active Directory can use project filters for authentication and other back-end tasks. There are different installed environments and staging areas. Different areas are being used for different purposes.
Test Manager at a computer software company with 1,001-5,000 employees
Provides a single sign-on portal and saves IT time
Pros and Cons
- "Overall, I think the support and the pictorial format of this web portal are very good."
- "The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what."
What is our primary use case?
How has it helped my organization?
Azure Active Directory provides us with a single pane of glass for managing user access.
Azure AD made organizing information much easier for our organization. The solution also helped the IT and HR departments save up to 50 percent of their time. Based on the time savings, I would say that Azure AD also helped save costs within our organization.
Azure AD positively affected our employees' experience in the company by providing them with a single sign-on portal to access all their accounts in an easy way.
What is most valuable?
Overall, I think the support and the pictorial format of this web portal are very good. Everything is just a click away, which is very convenient. Previously, we had to write a configuration file to do anything, but now everything can be configured through the user interface. This is a great improvement.
What needs improvement?
The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what.
Buyer's Guide
Microsoft Entra ID
August 2025

Learn what your peers think about Microsoft Entra ID. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
865,384 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Azure AD for three years.
What other advice do I have?
I give Azure Active Directory an eight out of ten.
I recommend Azure Active Directory.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer.

IT Engineer at a recruiting/HR firm with 10,001+ employees
Good integration capabilities, and scalable, but the filtering options are limited
Pros and Cons
- "Microsoft Entra ID's valuable features include integration capabilities, a simplified Active Directory approach, scalability, conditional access, and privileged identity management."
- "The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive."
What is our primary use case?
Microsoft Entra ID is used for user management and directory governance, including conditional access management, sync user management, group management, and application and SSO connections. In short, it is a user, policy, and access management solution for environments with 10,000 to 50,000+ users.
How has it helped my organization?
Microsoft Entra ID provides a single pane of glass for user management.
Originally, it was just an integration within Entra ID with limited governance and scalability. Over time, more and more features such as Certificate Authority and Privileged Identity Management have been added, and the amount of governance and controls has increased. As a result, we can now control more aspects within Azure AD. For example, in the beginning, we could not review sign-ins. We could only see simplified final messages. Now, we have more insight into sign-ins, and the overall service has improved. It is now more stable and reliable, which is most important.
Microsoft Entra ID's conditional access feature to enforce fine-tuned and adaptive access controls work.
When Microsoft Entra ID is implemented properly it can help save our staff time.
If the implementation was done properly, the user experience was seamless. It may have even improved the experience, given that it supports single sign-on and cross-platform access. For example, signing on to enterprise applications was even better. So, it depends on the engineers who implement the product, not the product itself.
What is most valuable?
Microsoft Entra ID's valuable features include integration capabilities, a simplified Active Directory approach, scalability, conditional access, and privileged identity management.
What needs improvement?
The single pane of glass has limited filtering options within the directory.
The robustness of the conditional access feature of the zero trust strategy to verify users is adequate but not comprehensive. This means that it is still possible to deceive conditional access.
The group management and group capabilities have room for improvement.
For how long have I used the solution?
I have been using Microsoft Entra ID for over five years.
What do I think about the stability of the solution?
Microsoft Entra ID is mostly stable, but we had some issues with MSA. We must have a backup plan when using a cloud provider. If we put all our trust in one provider, that's on us, but most of the time, the service is stable.
What do I think about the scalability of the solution?
Microsoft Entra ID is scalable. When we provision more and more users, we do not notice any impact. User management may be more difficult due to the portal, loading times, and so on, but provisioning the users themselves is not a problem. We have service limitations, but based on those, we can have a large number of users and work on them smoothly.
How are customer service and support?
The quality of technical support depends on the engineer assigned. I've been working with Microsoft One, and while they have some awesome engineers, I've also had situations where they didn't seem to know what they were talking about.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
In my previous role, I worked with Google for enterprise, and it was a nightmare. I also worked with Okta, which is not as seamless as Microsoft Entra ID when it comes to MSA and policy management. However, maybe that's the feature, the improvement that can be done. Even though Okta has more errors and is more annoying as a product, it does have one positive: it is a cross-platform product. We can integrate it with non-Microsoft products, while Microsoft works really well with its own products. So, if we use Endpoint, enterprise apps, and 365 services, it will work most of the time, ten out of ten. But if we try to integrate anything else that is not a Microsoft service, it will be a disaster or we will not be able to onboard the service. That is something that Microsoft could improve: make it cross-platform.
How was the initial setup?
The deployment time depends on the knowledge of the engineers and the cloud approach. Therefore, it can take from a few months to a few years, and sometimes it may result in the provisioning of everything because of a gap in knowledge of the people deploying. I have seen really bad deployments because the people were not cloud-ready.
What was our ROI?
We have seen a ten percent return on investment.
What's my experience with pricing, setup cost, and licensing?
I think the pricing is efficient, but the licensing is overly complicated and difficult to understand. There are many tricks in the licensing that weigh against us.
What other advice do I have?
I would give Microsoft Entra ID seven out of ten.
Conditional Access works well with Microsoft Endpoint Manager, but there are better options, as Endpoint Manager is not the best service.
Microsoft Entra ID is an enterprise-level solution.
Microsoft Entra ID does not require maintenance, but the conventional access policy, AD Connect, and server-related ATSs all do.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Microsoft Entra ID
August 2025

Learn what your peers think about Microsoft Entra ID. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
865,384 professionals have used our research since 2012.
Senior IT Consultant at a computer software company with 1,001-5,000 employees
Good for managing identities, has a positive effect on the user experience, and helps save time
Pros and Cons
- "It's an easy product to maintain."
- "I hope, in the roadmap, Microsoft eventually offers the same features as Okta. It will take some more time to mature."
What is our primary use case?
It's something that we use every day. We're migrating all of our customers over to it.
We use it for Office 365 and Azure services.
What is most valuable?
It's a cloud service. You do not depend on local identities. You can just synchronize the identities. It gives you the opportunity to use the security services that come with Office 365 and Azure.
It does offer a single pane of glass for getting into all applications. However, we have some customers that have a hybrid environment and it depends on what applications and if the client wants them authenticated with Azure or not. In general, it's been positive for the final user experience.
We do have to manage identities on-premises in Azure and have one point of entry and the solution allows for that.
We use conditional access. That's a must for customers - to be able to verify users and devices. It helps with initiating a zero-trust policy. It's one of the main functionalities we really like. You can get granular with the policies in terms of access.
We use conditional access in conjunction with Endpoint Manager. We also push Endpoint Manager as a solution to work with devices. That's also something that we try to push to the customers in any project. Most of the time, they go with it and like the idea of being merged with which are Endpoint Manager. Sometimes there are some customers, small customers, that maybe don't want to use that. Our position is to always use an endpoint manager.
It's helped out IT managers a lot in terms of the features on offer. I'm not sure of the exact amount of time that has been saved in general. I'm not involved in the day-to-day management from a customer's perspective.
It's had a positive effect on the user experience. I'd rate the improvement nine out of ten.
What needs improvement?
Support could be improved.
Okta has had more time in the business than Microsoft. I hope, in the roadmap, Microsoft eventually offers the same features as Okta. It will take some more time to mature.
For how long have I used the solution?
I've been using the solution for five years.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
Customer support is good. However, it could be better sometimes. They do answer fast, however, the resolution itself is not fast. The first level of support will most likely have to move the issue to level two or three technicians and that process makes the resolution take longer.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution. I deal strictly with Microsoft. I don't deal with any other companies. I'm dedicated to Microsoft.
How was the initial setup?
I was involved in the deployment process. It's easy for someone who's done it many times.
In my department, we have ten to 15 colleagues that can handle these migrations or synchronizations.
It's an easy product to maintain.
Which other solutions did I evaluate?
We do have a customer that has Okta, and while we don't deal with it directly, we know what it does. We don't use it. Okta has specific features that are different from this product, however, it's not something we sell. For example, Microsoft can synchronize users from local to Azure, and not vice versa. Okta can do that, however. Also, the management lifecycle feature in Microsoft isn't as robust as Okta.
Okta does have a lot of models, as does Microsoft. In both cases, depending on what you need, there would be a different license.
There are not too many companies that have Okta in Spain, however, those that have would have many environments across AWS, Google, et cetera - not just Microsoft.
What other advice do I have?
We're integrators. We don't use the solution ourselves.
We do not use Permissions Management. I'm not sure if it is one functionality or a combination of several.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Integrator
Technical Manager at Owens & Minor, Inc.
Saves us time and money and enables broad management in a single pane of glass
Pros and Cons
- "Single sign-on, license management, and role management are the most valuable features. Integration with Microsoft 365 is also very valuable."
- "The custom role creation function could be improved as it's somewhat tricky to use."
What is our primary use case?
We primarily use the solution for user integration; we have many users around the globe and use it for authentication syncing in Microsoft 365 and SSO, and the product provides a single point of use. Our environment encompasses many offices around the world.
How has it helped my organization?
As we have a hybrid deployment, providing our engineers access rather than allowing them direct access to our Azure AD server is easier, reducing our security concerns. Our end users can also reset passwords themselves without going through our support or services teams.
The solution saves us a lot of time for our IT department and others. Taking into account onboarding, IT, and HR concerns, Azure AD gives us 50% time savings weekly.
Azure AD saves us a lot of money.
Overall, the solution positively affects the employee user experience in our organization. We can manage all kinds of activities and other MS products from a single pane of glass, including users, endpoints, roles and permissions, mail, and more. This ease of management ensures a positive experience for our end users.
What is most valuable?
Single sign-on, license management, and role management are the most valuable features. Integration with Microsoft 365 is also very valuable.
Azure AD provides a single pane of glass for managing user access, which makes the user sign-on experience very consistent; users can access multiple applications with the same credentials.
The single pane of glass makes the security policies we apply consistent.
We use Azure AD Verified ID to onboard remote employees, and it's pretty quick.
Verified ID is excellent for privacy and control of identity data; many options, such as multi-factor authentication, are available.
We have used the solution's Permission Management, which provides good visibility and control over identity permissions. It's an easy feature to operate, and the portal is intuitive.
What needs improvement?
The custom role creation function could be improved as it's somewhat tricky to use.
For how long have I used the solution?
We've been using Azure AD for over five years.
What do I think about the stability of the solution?
The product is stable.
What do I think about the scalability of the solution?
Azure AD is a scalable solution; we have around 10,000 end users managed by 12 to 15 engineers.
How are customer service and support?
The technical support team is good; I rate them eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used an in-house Active Directory and Okta Workforce Management. Azure AD is more affordable, has the benefit of being a Microsoft product, and allows single sign-on from the same page. Onboarding products is more manageable with Azure AD, and we prefer to use the Microsoft suite rather than mixing and matching from multiple vendors.
How was the initial setup?
The initial setup was straightforward.
What was our ROI?
Azure AD is worth the money and provides us with an ROI.
What's my experience with pricing, setup cost, and licensing?
The pricing is good; it's not cheap but very reasonable.
What other advice do I have?
I rate the solution nine out of ten, and I recommend it.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Change and Communications Manager at a retailer with 10,001+ employees
Provides easy authentication and high security and works absolutely fine even when you switch organizations
Pros and Cons
- "Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most."
- "They can improve how people manage their accounts. They can simplify and provide more information about adding or updating a phone number or email id in the MSA account. A lot of time users do get confused about where to go. For example, if I've changed my mobile number, where do I go and change my mobile number in the MSA account? A lot of time, employees think if they change the phone number in the HR database, it'll automatically get changed on the MSA account, which is not the case. Microsoft can simplify that and add these questions in the FAQ documents as well."
What is our primary use case?
I use it to access my work applications. When I install Microsoft Teams or Outlook, or I want to access my work applications, I authenticate myself using Microsoft Authenticator.
How has it helped my organization?
During the pandemic, one of the challenges for organizations was how to secure their IT networks. People were working remotely, and some of them were working from the remotest locations. It gave confidence to the organization that only the right person was getting access to work applications.
It also improves your customer experience or employee experience. You don't have to rely much on servers.
What is most valuable?
Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most.
It does give you the confidence that no one else can access your details or can have access to your account because it does add a second layer of security. Even if someone hacks the server where my details are stored, unless and until I authenticate myself on MSA, even hackers won't be able to get into my account.
It works absolutely fine from the login perspective. You can also configure it on third-party devices, and it works pretty well. I haven't faced any issues from the login point of view.
What needs improvement?
They can improve how people manage their accounts. They can simplify and provide more information about adding or updating a phone number or email id in the MSA account. A lot of time users do get confused about where to go. For example, if I've changed my mobile number, where do I go and change my mobile number in the MSA account? A lot of time, employees think if they change the phone number in the HR database, it'll automatically get changed on the MSA account, which is not the case. Microsoft can simplify that and add these questions in the FAQ documents as well. They can provide more clarity about how it is different from your organization's database.
Voice recognition could be added going forward. With a smartphone, such as iPhone, as well as with Windows Hello for business, you already have facial recognition. Voice recognition is something that could be added going forward, especially for people with special needs.
For how long have I used the solution?
I have been using it for a year.
What do I think about the stability of the solution?
It is quite stable. Coming from Microsoft, you don't question the stability factor at all. I have Microsoft Authenticator installed on my phone, and even when I switched organizations, I could simply add my new workplace email id, and it worked absolutely fine. It is quite stable, and it gives you a good user experience.
What do I think about the scalability of the solution?
Scalability-wise, it is quite good. We were rolling it out to 150,000 people across the globe and different geographies. One of the good things is that Microsoft doesn't need any introduction anywhere. In terms of user experience, it is right up there. It is also right up there in terms of how different work applications align with it. I would rate it quite high.
How are customer service and support?
Technical support was good. We didn't have to rely on Microsoft's technical support big time because the solution worked very well overall. We had our third-party technical support team involved as well.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Before Microsoft Authenticator, we used Okta Multi-Factor, and prior to Okta, we were totally relying on passwords, which was obviously very risky.
We switched to Microsoft Authenticator because when you implement the whole Microsoft 365 suite, especially in a large organization, all the work applications sync pretty well with Microsoft, and you already have a good relationship with the vendor.
How was the initial setup?
It was initially on-prem, but later on, we shifted it to the cloud. When I joined the organization, it was already on-prem, and I helped to shift all the data from on-prem to Azure cloud. The process was a little complex. We had a few on-prem issues, and we had to redo the capability testing to check if those issues will arise on the Azure Cloud as well. It was complex because we were again asking some of the users who had changed their phone numbers to go and re-add their phone numbers. If they had the same phone number, it would have worked fine, but if they had changed the phone number, once it is shifted from on-prem to Azure Cloud, it wouldn’t have worked anymore. So, they had to re-add their phone number. The challenge was to identify those users and convince them to redo the activity. This switchover took about two quarters or six months.
What about the implementation team?
We had a team of about 7 to 10 people from project management, change management, IT, and global IT teams. We are a massive organization. It was being rolled out to 150,000 people across the globe.
We did pilot testing across different functions and across different geographies. That's the standard practice that we follow in our organization.
What was our ROI?
We have seen an ROI. We were able to secure our IT networks by more than 80%. More than 80% of the audience did subscribe to MSA and used it for logging into their work accounts.
It took us two to three months to realize its benefits from the time of deployment. We did run a pilot batch. We were trying to customize the solution according to our network. Within a quarter, we were able to identify its benefits.
What's my experience with pricing, setup cost, and licensing?
I'm not totally aware of the pricing and licensing, but I do know that the pricing and licensing must be quite balanced. We are a pretty old client of Microsoft, and MSA is just one of the services we use from Microsoft. There's a whole Microsoft 365 suite that's implemented as well. I'm sure it is something that is acceptable to both parties.
Which other solutions did I evaluate?
We were totally relying on Microsoft. We didn't evaluate any other vendor.
What other advice do I have?
To those looking to evaluate this solution, I would advise doing proper pilot testing to iron out any hurdles later on. It is important to take a call on whether you want to adopt the on-prem model or the cloud model. Obviously, the on-prem model is not sustainable if you're trying to secure your IT networks. The cloud model is more sustainable in that sense. I would advise taking that call right in the beginning.
I would also advise considering how to secure third-party devices. There might be third-party contractors who don't have the company laptops, but they do have company email ids to log into the company accounts from their own devices. You should work out how you are going to add those devices to the secure cloud.
I would rate it a nine out of ten. In the next version, if they can come up with voice recognition, especially for people with special needs, it will be helpful.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Systems Engineer at a government with 11-50 employees
Provides users the ability to delegate roles to each individual resource
Pros and Cons
- "The most valuable feature of the solution is its ability to delegate roles to each individual resource, which is great."
- "I faced difficulties from Micorosft's end and during the transition from Microsoft Active Directory to Microsoft Entra ID. Sometimes, some of Microsoft's documentation could be a little outdated."
What is our primary use case?
My organization uses Microsoft Entra ID for some people who access Azure, especially for people who need Azure for different things. My organization deals with people transitioning from a standard data center environment into a cloud-based one to meet their needs. My organization has certain conditional access to certain people because we have access to government and cloud services or a commercial environment, along with different versions of each of those across different groups. I would say that most of our organization's work is just giving conditional access to people and occasionally vendors, but nothing too absurd.
How has it helped my organization?
I don't want to say that the product hasn't improved anything for my organization. The problem with the solution stems more or less from the fact that technology is moving ahead, and my organization needs to try to keep up with the changes, which makes it a new way of doing things that will be applicable to the future. Maybe if we could transition to certain things faster, I would have seen the product's full benefits. Since the areas of transitions related to the solution are slow, I haven't experienced the full depth of what I can do with the product.
What is most valuable?
The most valuable feature of the solution is its ability to delegate roles to each individual resource, which is great. I think the aforementioned feature is better done in the solution itself than with an actual local AD.
What needs improvement?
I wish transitioning from Microsoft Active Directory to Microsoft Entra ID was a little easier, and I didn't have to learn so many new concepts. I faced difficulties from Micorosft's end and during the transition from Microsoft Active Directory to Microsoft Entra ID. Sometimes, some of Microsoft's documentation could be a little outdated. The product doesn't meet the organization's niche requirements, especially in our environment. Microsoft Entra ID is not a very standard product.
When I think about the trade-off I have had to go for to get the aforementioned feature, it does annoy me. For me, I can't mirror accounts with the solution. I need to consider that we have so many groups and subscriptions, and I can't just see a blanket of their different individual roles in every single resource if I create an account for someone who takes over a job in the organization. In the solution, some people might have specific roles in one resource, which might be the only thing in there. With Microsoft Entra ID, I can't view every instance, and I have to go one by one subscription all the way down, which is a huge pain when you have 400 to 500 subscriptions. The aforementioned aspects can be considered for the improvement of the solution.
For how long have I used the solution?
I have been using Microsoft Entra ID for the last five years, but not at its full capacity because, in our organization, we have to ensure that we help with the migration process of different governmental agencies piece by piece since we are a multi-cloud, multi-tenant, multi-forested environment. My organization is a customer of the product.
How are customer service and support?
When it comes to the technical support for the product, I have a representative who works for me, making the support good since I can have him put under fire. I have had some issues with the tool. The IT security audits that come under Microsoft Services Hub are something we needed in Microsoft Gov cloud, and there's only a certain region of Microsoft Gov cloud that supports it, meaning you cannot use Microsoft Services Hub on it, which is all fine as you just have to run it either for by line or you have to run it from within Azure's portal. I had three separate calls with Microsoft's technical support about it, and it was the third tech person who told me after looking at the ticket raised by my organization with the support that the support team had not even finished adding our ticket to their list, which to me was like an organizational issue. Apart from the aforementioned issue I faced with the support team, I feel everything else has been fine. I wouldn't go around saying that Microsoft offers bad technical support.
I rate the technical support a seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
As the product already existed before I joined my current organization, I was not involved in its deployment phase. I have some past experience with the deployment processes of Microsoft Entra ID and Microsoft Active Directory. The deployment process of Microsoft Entra ID was easy, and it is not anything different or terrible.
The time for deployment of the tool depends on the client or the project my organization deals with, and a lot of the clients I have worked for are pretty small teams. I haven't had to do too much in terms of deployment.
Which other solutions did I evaluate?
My organization hasn't considered switching to a different product, but I know that we have some AWS environments with IAM solutions.
What other advice do I have?
It is easy to use the solution's offering of a single pane of glass for managing user access if you have experience with Azure for a while. During the transitioning period, the depth that revolves around the concepts of blades in Azure can be annoying, especially while attempting to relearn the new places where everything is stored. It feels like Microsoft invented a new language for their new system, but a lot of it is just like an updated version of what it was. I have many people at work who have never heard of Microsoft Entra ID and claim to use Microsoft Active Directory without realizing they are the same. Microsoft Entra ID is just a new version of Microsoft Active Directory.
As a product that offers a single pane of glass, it works great and offers consistency to our organization's security policies if I consider the little or limited Azure we have.
My organization hasn't implemented the tool over 900 other devices yet, so I don't know how it will work after that.
Microsoft Entra Verified ID is good when it comes to privacy and control of identity data. Regarding Microsoft Entra ID, my organization sees a lot of contractors and vendors that come in, which gives us confidence or at least ways to sell it to politicians who have confidence that we can do something.
My organization uses Microsoft Entra Permissions Management, but we are not too in-depth into it. I feel Microsoft Entra Permissions Management is nice. I believe that Microsoft Entra Permissions Management helps reduce risk surface. I don't like one of the top-level tenants in the product. As the product goes down into different resources or subscriptions, I see that agencies own them. Sometimes, I feel my organization's offerings look good, but when I dig into the offerings of other agencies, I realize that we are not good.
The time-saving capabilities of the solution experienced by IT administrators or the HR department in my organization have been more or less the same.
I haven't seen the budget in a way that can help me figure out if using the solution in my organization has helped save money.
I rate the overall tool an eight out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Owner at Technosoft
Aids in constructing operational processes for IT management, easy to set up, and requires no maintenance from our end
Pros and Cons
- "The best thing about Microsoft Entra ID is the ease of setup."
- "Microsoft Entra ID's impact on access and identity management is relatively limited."
What is our primary use case?
Microsoft Entra ID is used to control access to our environment.
How has it helped my organization?
Microsoft Entra ID has been most beneficial in the realm of IT management, although not significantly impactful on user experience. Microsoft Entra ID is not solely for user management or enhancing user experience. Rather, it greatly aids in constructing operational processes for IT management, as its capabilities extend far beyond user and access management. In terms of refining user experience, it certainly contributes to areas like authentication, particularly in diverse authentication methods and device-based authentication.
What is most valuable?
The best thing about Microsoft Entra ID is the ease of setup.
What needs improvement?
If we're highly experienced or dealing with intricate scenarios, Microsoft Entra ID might not be the most suitable solution. In my opinion, it resolves the majority of cases, but it lacks comprehensive management tools for access control. I don't consider it the premier tool for user or identity management. While it covers many aspects, we'll need supplementary tools to effectively manage access rules. This deficiency is quite significant. To make it viable for a large organization, substantial additional development is necessary.
Microsoft Entra ID provides a way to manage user access, but it's not an effective tool for access management due to its excessive complexity. This is primarily because the process needs to be performed manually. Therefore, it lacks a user-friendly interface where we could define all access rules and scenarios comprehensively.
Zero trust is not easy to set up, especially for large organizations. While it could be implemented for smaller organizations, the extensive manual configuration required makes it impractical for larger enterprises.
Microsoft Entra ID's impact on access and identity management is relatively limited.
The single interface for managing permissions, permission rules, or conditional access policies needs to be significantly more user-friendly. While it remains functional for IT departments, it is not particularly user-friendly for end users. There is considerable room for improvement in this regard.
Microsoft Entra ID offers various features, but its setup and utilization are quite complex due to the lack of a user-friendly interface for end users. Unless we allocate a significant budget and a substantial workforce to configure it for end users, making it usable remains a challenge. Moreover, even with these investments, the cost of using Microsoft Entra ID would become prohibitively high. Thus, it's evident that the platform lacks the necessary functionality to provide a satisfactory end-user experience.
For how long have I used the solution?
I have been using Microsoft Entra ID for eight years.
What do I think about the stability of the solution?
The solution is stable. I have not encountered any stability issues.
What do I think about the scalability of the solution?
Microsoft Entra ID is scalable.
How are customer service and support?
I have had a positive experience with technical support. Additionally, if we opt for premium support or possess varying levels of support agreements with Microsoft, we can access excellent support.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment is quite straightforward. It's truly uncomplicated from an IT perspective to utilize Microsoft Entra ID. It's not overly intricate in that aspect. However, when we delve into end-user scenarios, and the management and configuration of conditional access policies, permission management, and other similar aspects, it does introduce a certain level of complexity, naturally.
What's my experience with pricing, setup cost, and licensing?
Microsoft Entra ID service can be quite costly due to its hidden expenses linked to usage. This cost ambiguity arises from our inability to accurately project expenses prior to implementation, contingent upon the specific features employed. The expense is particularly notable if we intend to utilize it for comprehensive identity management. Nevertheless, alternative budget-friendly identity management solutions are limited within the current market landscape.
There are no additional costs for maintenance because most of the parts are cloud-based and managed by Microsoft. This means we can't manage it ourselves. However, if we had a private cloud with Microsoft Entra ID, for instance, then we could manage our entire cloud ourselves. This would allow us to have good control of the costs. But there are many small components in Microsoft Entra ID. So, when we are planning to build something with Microsoft Entra ID, we might struggle to understand the total cost for the users. It's difficult to comprehend all the necessary pieces we need to purchase to construct a scenario. Only after we have designed this solution, we will be able to see the complete cost. Unfortunately, there are numerous hidden costs in Microsoft Entra ID that I am not particularly fond of.
Which other solutions did I evaluate?
If we consider the top three or four management tools, they offer numerous out-of-the-box features for connecting to HR sources. Furthermore, we have a straightforward method for establishing access policies based on our HR data. In my opinion, competitors hold an advantage over Microsoft Entra ID.
What other advice do I have?
I would rate Microsoft Entra ID eight out of ten.
We can achieve a great deal with conditional access policies; however, using the interface itself is quite cumbersome and not very user-friendly. Consequently, there are very few tools currently available that offer a well-designed user interface for managing access policies. This is consistently a highly intricate scenario.
Based on my experience, Okta functions primarily as a solution for managing customer access or customer identity, rather than being the conventional method for handling business or corporate identities. It's more focused on robustly managing customer identities. However, in my previous procurement roles, it has never been selected as the primary option. This could be due to my limited exposure to customer identity management. Thus, I find it challenging to draw a direct comparison. On the other hand, Microsoft Azure Active Directory can certainly serve as a customer identity management solution and is comparable in this aspect. However, the comparison doesn't hold true for user identity management.
The maintenance is controlled by Microsoft because the solution is on their cloud.
Organizations should refrain from exclusively using Microsoft Entra ID for all identity and access management scenarios. This is because relying solely on Microsoft Entra ID necessitates creating additional components ourselves to address aspects that cannot be readily addressed using the default Microsoft Entra ID setup. We are required to construct these components and establish phases for end users, as Microsoft Entra ID does not encompass all these functionalities. A more effective approach could involve integrating Microsoft Entra ID with another product, such as SailPoint. This combined utilization would likely result in a robust identity management solution. It's important to recognize that Microsoft Entra ID alone cannot adequately address all our scenarios.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Assistant Manager-Networks at Amrita
Saves us money because we don't need to pay for the resources required to operate the same solution on-premises
Pros and Cons
- "Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure handles everything. We haven't experienced any errors or security-related issues in the past four years. Many people use our protection servers from outside, requiring multi-factor authentication. Each authentication is logged precisely."
- "Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications."
What is our primary use case?
We are a university using Azure AD to authenticate staff, faculty, and students. Our organization completely depends on Azure Active Directory for authentication and identity-related features. All cloud activities and third-party services are validated with Azure Active Directory.
We also have an on-premises Active Directory, and the data is synced periodically to the cloud. Most of the services done on-premises are reflected in the cloud at once. We can also do the same handling features from the cloud to write back to the on-premises AD. This is the architecture.
How has it helped my organization?
We are implementing more and more services in the cloud on Azure and AWS, so we need to monitor our data security thoroughly. It's always a concern. Azure Active Directory enables us to easily validate the identity of anyone who connects to a particular server. We need to validate our data properly. For example, we must ensure our research data is going to the right person and place. Microsoft Azure Active Directory provides the easiest way to do that.
The Conditional Access feature lets us restrict access to a group of people on specific servers. We create a group in the Azure Active Directory and put only the necessary members there. For example, we can easily set up conditional access to SSH, Telnet, SSH, HTTPS, or any service with Azure Active Directory.
We plan to implement Zero Trust in many of our other devices. It is an essential feature because users from multiple countries are accessing our research servers. We can provide a highly secure environment with minimum services without compromising productivity with a Zero Trust strategy.
We have wireless units deployed across the campus and use Microsoft AD services to authenticate all wireless activities. Many of the use cases are covered by wireless. After authentication, some users need to be redirected to the cloud. Their identities can be easily validated and captured with Microsoft AD. It gives us excellent control over our on-premise infrastructure.
Verified ID has helped us with our remote workforce. We provide VPNs to our remote employees so they can connect to our cloud services, authenticate with Azure, and be granted the necessary access. We provide policies for each user basis. Users in each category connect to the VPN, authenticate with their Azure credentials, and securely access all the cloud services.
We give provisioned laptops to our remote employees. With the help of this VPN, they spend less time coming to work in person because they have full-time access from home. So that way, we could reduce most of our official requirements concerning our employees.
Privacy is a crucial security concern for our organization. With Verified ID, we can ideally authenticate Microsoft services without worrying about compromised identities. We used to have these issues with on-premise Active Directory, but this is less of a problem since we migrated to Azure Active Directory.
Our HR department can easily get a complete report on our users. HR can see specific fields, like designation, school, businesses, etc., if they need it from the Azure AD. They can also get the usage logs. They don't need to store all this manually for each person. They can easily get all the reporting parameters from this.
Azure AD saves us a lot of time. On any given day, it will save around four hours. It also saves us money because we don't need to pay for the resources required to have Active Directory on-premises. If we relied on on-premises Active Directory, it would require data center resources, like air-conditioning, power, hardware, etc. We save considerable money by deploying it on the cloud. Percentage-wise, I think we could save around 40 percent.
Azure Active Directory has improved our overall user experience. I would rate it a nine out of ten. Our users are delighted.
What is most valuable?
Azure Active Directory's single sign-on feature has been helpful because users don't need to authenticate again and again each time they access it. Users only need to sign in the first time, and Azure handles everything. We haven't experienced any errors or security-related issues in the past four years. Many people use our protection servers from outside, requiring multi-factor authentication. Each authentication is logged precisely.
In addition to the SSO, Azure AD is entirely flexible. We have other Microsoft services running on-premises, so Microsoft Azure AD allows us to sync other Microsoft services completely. This is perfect for us.
Microsoft Entra offers a single pane of glass for managing users and cloud services on multiple platforms. It all requires authentication and validation of user data, so Azure AD helps us to authenticate each user's identity without any security compromises.
Microsoft has an excellent administration portal that enables us to sync our on-premise Active Directory automatically with the cloud. Any on-premise policy changes are reflected on the cloud. There are various options for each user on the admin portal. You can change user passwords and other attributes or configure a policy for forgotten passwords. A writeback feature can also reflect changes from the cloud to the on-premise environment. If you change the password from the cloud admin center, it gets reflected here.
Microsoft Azure AD Connect has a multi-factor authentication. Multi-factor authentication is a crucial feature, but we only require MFA for specific servers in the cloud. With Microsoft Azure AD Connect, we can specify the users and servers that require multi-factor authentication.
Azure Active Directory integrates well with other third-party applications. Third-party hosted solutions have the option. We can even create applications with Microsoft Azure AD. When users log in to Microsoft Azure AD, their credentials are stored in the application, and we don't need to get them on-premise Active Directory. So, it is an essential feature for us.
What needs improvement?
Microsoft services and most familiar third-party applications are currently supported, but we can't find many other platforms that integrate with Office 365 or Azure Active Directory. Microsoft should develop connectors for different applications and collaborate more with other vendors to cover a broader range of applications.
For how long have I used the solution?
We have been using Azure Active Directory for four years.
What do I think about the stability of the solution?
Microsoft services have a reputation for complete reliability, so we expect the same from Microsoft Azure AD. It doesn't disappoint because most of the on-premise features extend to the cloud. Plus, Microsoft Azure AD has additional features, configuration, and single sign-on capabilities. It's a complete package for this authentication and validation purpose. Most of our users are pretty happy with this product.
What do I think about the scalability of the solution?
Azure AD is completely scalable. We can add unlimited users.
How are customer service and support?
I rate Microsoft's support a ten out of ten. Microsoft technical support is excellent
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we have used on-premise Active Directory.
How was the initial setup?
Setting up Azure Active Directory was a bit complex. The migration process is somewhat challenging because we don't want to lose any on-premise data. Each user has many parameters and access policies already set. Without even changing the password, we were able to sync all this data to Microsoft Azure AD. It was a complex procedure because Azure AD Connect has to be deployed correctly. We required help from Microsoft's technical support to do this.
Our initial deployment required three system admins and took around one week, but it took around six months to import all our users and get everything working properly. After deployment, Azure AD doesn't require any maintenance because everything happens in the cloud. We don't need to bother with anything.
What was our ROI?
The return on investment is pretty massive. We save time and money. It helps us even if we opt for a subscription. We save a considerable amount of time with the cloud version because it has various features unavailable in the on-premises Active Directory that save time for the system administrators. We can concentrate resources on hiring other staff instead of system administrators. All the features are within the cloud itself, so it reduces the maintenance costs of an on-premise server.
What's my experience with pricing, setup cost, and licensing?
Active Directory is bundled with a package of Microsoft services, so it doesn't cost much. I don't know about the individual license of Active Directory.
What other advice do I have?
I rate Azure Active Directory a ten out of ten. I would prefer Azure AD to have multiple application scenarios requiring a single sign-on facility and complete authentication, validation, and security tracking.
If they require it in their application, even if it is an on-premise or a host application, I would prefer Microsoft Azure AD because it handles all this simultaneously. No other application covers a complete range of activities in an all-in-one solution.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Microsoft Entra ID Report and get advice and tips from experienced pros
sharing their opinions.
Updated: August 2025
Product Categories
Single Sign-On (SSO) Authentication Systems Identity Management (IM) Identity and Access Management as a Service (IDaaS) (IAMaaS) Access Management Microsoft Security SuitePopular Comparisons
Microsoft Intune
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Sentinel
Microsoft Defender XDR
Microsoft Purview Data Governance
SailPoint Identity Security Cloud
Azure Key Vault
Workspace ONE UEM
Omada Identity
Azure Front Door
Cloudflare One
Microsoft Defender for Cloud Apps
Microsoft Purview Data Loss Prevention
Okta Workforce Identity
Buyer's Guide
Download our free Microsoft Entra ID Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions?
- What are the biggest differences between Google Cloud Identity and Microsoft Azure Active Directory?
- How does Duo Security compare with Microsoft Authenticator?
- How does Microsoft Authenticator compare with Forinet FortiToken?
- When evaluating Single Sign-On, what aspect do you think is the most important to look for?
- CA SiteMinder vs IBM Tivoli Access Manager
- What single sign-on platform do you recommend?
- How much time does SSO save?
- Why is SSO needed?
- Why is Single Sign-On (SSO) important for companies?