Google Authenticator is a mobile authentication app.
N/A
Azure Active Directory
Score 8.9 out of 10
N/A
Microsoft Azure Active Directory (Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
It is supported by virtually all cloud-based software applications for business. I am happy to allow users to use this in addition to other authenticators. Certainly, if your business is in the Google cloud it makes sense, but my approach to the remote/virtual work world these past couple of years has been structured flexibility. Leaving some choice up to the users for their own comfort, particularly when they are using their own devices. I cannot think of a scenario where it is less appropriate - perhaps where you run the risk of "app sprawl". I.e., where you are requiring users to handle multiple authenticators (which can happen with certain pieces of hardware) you may want to encourage consolidation into one to avoid frustration.
If you are opening a shop and you need software to get the ball rolling compared to Google. Microsoft is the go-to vendor in my opinion. You can get your active directory services, mail, and collaboration tools like teams and offices from one vendor. Anyone with minimal knowledge of IT can actually configure all of these services to get you up to speed. The product is very versatile so in the future if you would like to have cloud servers and services this product have you covered. As your organization grows you can easily integrate the best MFA solutions with Azure AD to keep your organization safe. This is not the product that you should invest in if your organization does not have that many windows devices. For instance, if your company owns Macs other than products like MS Office, Share Point, etc you don't need to get Azure active directory.
Conditional Access -- this is one of the biggest tools that any admin needs when it comes to securing when, where, and how users are accessing information. Especially if the information contains sensitive data types.
Multi-factor Authentication -- we have all our employees configured for MFA. This is incredibly easy to configure with Azure, as well as defining when MFA should be used through Conditional Access.
Audit Logs -- being able to track and identify a user's activity is pretty critical, especially when in incident response mode.
I once performed a factory reset of my smartphone which had Google Authenticator. I didn't have a backup for the device. When I restored my phone with the same google account, I was not able to restore the authenticator app settings. I had to add all the keys back into the app to use it. This is cumbersome, but I understand it is set up this way for security reasons.
I don't like the ease with which it lets you delete a key. If I accidentally delete a key, I am doomed to get my 2FA key reset, unless I still have the QR code saved somewhere.
I have not faced any technical challenge personally using this application. It's very lightweight and doesn't require many system resources on your mobile device.
Easy rollout across organizations, accessible from any device securely, and easy integration with Microsoft products and its services. Microsoft technical consulting services and team helps an organization to connect all dots which make Organization IT professionals' life easier. Easy to use hence adaption is faster and no major training needs to conduct for users.
I have found Google’s support to be hit or miss. There are times when they are very responsive, and I get my issue resolved quickly, and there are times where a response from them takes weeks. There is no in-between. But my support experience with this particular product is nonexistent because I have not had a problem with it yet. Hopefully, we do not have any problems with it either.
Microsoft has offered Azure Active Directory as a solution for a couple of decades now, so they have seen and anticipated almost any issue that an organization may face and can therefore help. The cloud offering of Azure Active Directory offers some additional "self healing" or monitoring services that can minimize the need for a service call. However, as with most large companies supporting a fast growing market, there may be some gaps in service knowledge (and particularly processing) from the front line / tier one staff as they follow a corporate script at first contact.
We deploy Google Authenticator in residential and non-managed client scenarios. Google Authenticator can perform the basic functions needed for multi-factor authentication but lacks the more advanced features of solutions like Cisco's Secure Access by Duo. Google Authenticator is our go-to solution for anyone ready to increase their security but struggling to find the necessary technology budget.
In our particular scenario, we chose [Microsoft] Azure Active Directory because it has integration with tools and applications we use on a day to day basis, such as inTune, Autopilot, Office 365, Exchange Online, Dynamics 365, just to named a few.
Microsoft Professional Services' technical knowledge is appreciable as consultants design the solution as per customer requirements. Mapping of features per user specifications and assisting Customer IT engineers to implement so they can manage and administer the services.
More secure data = less worried about a data breach.
Takes longer to log in, and if I don't have my phone then I have to go looking for it, so it really makes it so that you can't be without your phone, which in certain instances is annoying or not possible and can hold up work time.
Everyone is willing to use the same program because everyone likes Google—makes it easier to manage.
AAD has saved my organization a lot of time in user setups, restoring mailboxes or individual messages, auditing logins/logoffs or data changes and running reports.
It added functionality we did not previously have, such as reporting on user behavior in their systems (what they work on and what applications are used).
My IT Support Department has benefited greatly from adding AAD by being able to see software update needs for each workstation, managing startup items running in the system, checking versions of definitions and policies applied to each workstation and much more.
