Microsoft Entra ID is the backbone of our infrastructure. It has largely replaced on-premise AD and allows for identity management, authentication, and authorization across both local and cloud providers. Having one source of truth that allows for anywhere authentication and authorization has revolutionized the game for us while providing high levels of trust via 2FA.
Pros
Ease of Use
Ubiquitous Acceptance
Reliability
Compatibility
Cons
Access Sprawl
Tenant-to-Tenant Operations
Passwordless Rollout
Likelihood to Recommend
Entra ID is a must for any organization for medium to large size. It may be a little overkill for extremely small organizations. However, anyone who needs to authenticate and authorize via on-premise and cloud solutions would benefit from the product. One of its major strengths and areas it shines is in the ubiquitous acceptance of its SSO.
Microsoft Entra ID allows our organization employee's to access SaaS applications and general cloud apps developed locally. We also synchronize our on premise Active Directory data using Entra connect to ensure our tenant authentication is kept up to date and avoid our employees having to remember multiple password to access the system.
Pros
Access governance
App access control
User provisioning
Cons
Graphical user interface is a little confusing in places
Change Announcements could be clearer, better notice of feature retirements and how it will impact our tenant
Learn and support feature, more self service support options
Likelihood to Recommend
Overall Microsoft Entra ID fits our requirements well. We find that as a product it integrates with existing Microsoft on premise systems with ease and allows us to keep a close eye on how our tenant is being used and by whom. As with most things there are a few gotya's on the way but we have found these to be manageable. Subscription services offer more functionality but the out of the box subscription less version meets most of our needs.
VU
Verified User
Manager in Information Technology (Education Management company, 201-500 employees)
Primarily I focus within the US, but we do a lot of our global EYG adoption, implementation, and compliance within Entra. Traditionally it's just identity management and data provisioning access.
Pros
I would say there's no gaps or vulnerabilities within overall identity management.
Cons
I would say that there are, from a competitive landscape, there are still gaps within the overall interest suite. Despite the capability breakdown that there would from a partner standpoint, we'd be more advantageous to know where those lie in a timeline release fashion.
Likelihood to Recommend
Well suited for Enterprise clients like ourselves. Less appropriate for I believe the struggles actually mid range, mid-market.
VU
Verified User
Director in Information Technology (Professional Training & Coaching company, 10,001+ employees)
We have migrated all of our systems to Entra ID for SSO. It provides a single point of sign-on for users while also providing multifactor authentication for security. Users are now able to reset their own passwords(previously, they would have to call the help desk), and we have better insight into where users are signing in from and also which accounts are being attacked by unknown third parties.
Pros
Single Sign On.
Security (Multifactor authentication).
User management.
Cons
The Entra ID interface has numerous options. It is sometimes easy to get lost looking for something.
The recent name change from Azure has confused some of our users, thinking they were logging into the wrong portal. This generated numerous calls to our help desk.
MS will change the locations of things inside their interface at will. Sometimes, they notify you beforehand, and others do not.
Likelihood to Recommend
Entra ID is well-suited for medium to large environments that are already users of Microsoft products. From that aspect, it's fairly simple to get set up and start using. I feel it's less useful to smaller businesses or businesses that are not already using MS products. Entra seems like it would be overkill for a small company of 20-30 users or those that don't have the budget for Entra. SSO can be done for cheaper via other identity management softwares.
We purchased the Office 365 A5 suite about three years ago. We use Microsoft Azure Active Directory across our entire district for 30,000+ users. This is what we use to help manage our users.
Pros
We departmentalize our users by schools
We departmentatize our users by departments
We use this to keep up with what rights we allow specific users
Cons
We have been active directory users for many years and do appreciate the ease of functionality
We use FinPlus as our financial system to manage our employees but we have to manually move employees in AD
Likelihood to Recommend
Giving or taking away rights by user is very easy to do through Microsoft Azure Active Directory, especially when a specific user needs access to something they would not normally need. Access is very easy to give and take away through AD. It can be clunky sometimes when working with groups in these same scenarios.
We use it for centralized user management, for SSO to Microsoft and non-Microsoft applications, and for computer management via GPOs. It's used enterprise-wide. It saves users remembering many different passwords, and streamlines the creation, provisioning, and termination of user accounts. By centralizing passwords, users can use a stronger password, improving system security across all the SSO-enabled applications.
Pros
Creates user and machine accounts.
Integrates with application software for SSO.
Secures our user directory with stronger measures & faster patching than we might do in-house.
Cons
Integration with Mac OS isn't as smooth as with Windows clients.
Logging can be too verbose.
Integration with software from certain publishers isn't very easy, but that may not me AD's fault.
Likelihood to Recommend
For organizations without a strong information security team, that task is delegated to really capable staff (i.e., Microsoft). For organizations with many off-the-shelf and/or hosted applications, centralizing user management through SSO at Azure AD save an enormous amount of work. For organizations with a pure Windows environment, it would be amazing; for shops with heterogenous environments, it takes some more effort to implement.
We use M365 within our school district, and as such, Microsoft Azure Active Directory is our cloud identity provider for all our user accounts (faculty, staff, and students). Ultimately, we are a hybrid Microsoft Azure Active Directory environment, with an on-prem Active Directory that syncs to local objects to Azure. This synchronization helps address the need for cloud-based access to resources that would otherwise be unavailable if we were solely working from an on-prem Microsoft Azure Active Directory environment. We have considered moving all our users and devices to being 100% cloud based; however, the current Microsoft Azure Active Directory infrastructure we are a part of (multi-domain forest) is not currently suited to support that transition at this time.
Pros
Conditional Access -- this is one of the biggest tools that any admin needs when it comes to securing when, where, and how users are accessing information. Especially if the information contains sensitive data types.
Multi-factor Authentication -- we have all our employees configured for MFA. This is incredibly easy to configure with Azure, as well as defining when MFA should be used through Conditional Access.
Audit Logs -- being able to track and identify a user's activity is pretty critical, especially when in incident response mode.
Cons
Complexity --Microsoft Azure Active Directory isn't exactly for the faint of heart.
Management -- some bulk management tasks need to be run through PowerShell...if you don't know PowerShell (and you should) then this could be problematic.
Needs assessment -- the licensing structure for Azure AD might be difficult to understand given the breadth of features available. For example, Azure Active Directory P1 will differ from Azure Active Directory P2, but what does that mean and is it applicable to your organization? Is it necessary to have P2 over P1 to accomplish your business goals?
Likelihood to Recommend
I think that Microsoft Azure Active Directory is going to be applicable to any organization that needs a cloud identity solution and they have more than a handful of employees and users. Licensing could be problematic to figure out, and bundling the Microsoft Azure Active Directory license with an M365 subscription is probably the route to take. However, I would not recommend this product to an organization with an IT administrator who is not strong technically. In this case, it might be better managed by an MSP.
The reality is that Microsoft Azure Active Directory is one part of a suite of products and it is sometimes hard to look at it without understanding how it interacts with the other tools in the suite. If we take this into consideration, then Microsoft Azure Active Directory is the backbone for providing a cloud-based user identity and security solution that will be applicable under any circumstance.
Azure Active Directory is used across our entire organization. It is the way that everyone uses to access Office 365 and all its tools. It is also used to manage single sign-on for other services. It is the source for authentication for many of our tools.
Pros
Authentication
Auditing
Flexibility
Cons
Costs
Complexity of licensing
Learning of new features
Likelihood to Recommend
If you have Active Directory currently in your organization you should already be on and connected to Azure. It enables the migration of workloads to the Microsoft cloud where it is appropriate. It enables your existing authentication to be used with partner tools.
Azure Active Directory is our primary authentication mechanism and also provides the basis for a large portion of our authorization mechanisms throughout our enterprise. Everyone in our organization (roughly 150,000 active people objects) has an Active Directory account that they use to authenticate and also gain access to our physical network, our ERP (PeopleSoft), our LMS (Blackboard), and our primary systems of engagement and content (Office 365).
Pros
As a directory tool, it provides the ability for distributed management and administration of smaller pieces as needed by the organization.
With Azure Active Directory being cloud based, there are frameworks available to integrate authentication to other systems (both cloud and on-prem), such as Azure Application Proxies, etc.
Cons
While it may satisfy basic directory type functions of Identity Management, it doesn't go deep enough by default for the modern workplace (at least without significant effort and potentially dangerous changes to the scheme).
Some of the more useful features are only available at a cost, with the most desirable and useful features costing the most.
Likelihood to Recommend
If the organization has current or planned investment in Microsoft (i.e. Windows devices for people, is an Office 365 customer, etc), Azure Active Directory is a no brainer and the basic functionality is included in the base plans and licenses. If the organization needs a deeper level of identity management and/or has a high volume of object turn over (account provisioning and deletion), the limit of the basic functionality in Azure Active Directory is quickly realized and additional effort, expense, and technology may be required.
