Microsoft Entra ID (formerly Microsoft Azure Active Directory or Azure AD) is a cloud-based identity and access management (IAM) solution supporting restricted access to applications with Azure Multi-Factor Authentication (MFA) built-in, single sign-on (SSO), B2B collaboration controls, self-service password, and integration with Microsoft productivity and cloud storage (Office 365, OneDrive, etc) as well as 3rd party services.
$6
per user/per month
Yubico YubiKeys
Score 9.3 out of 10
N/A
Yubico YubiKeys make the internet safer with phishing-resistant multi-factor authentication (MFA) by providing simple and secure access to computers, mobile devices, servers, and internet accounts. The Yubico YubiKey stops account takeovers at scale by mitigating phishing and ransomware attacks, and delivers users authentication with a simple touch or tap.
If you compare it to authenticator apps, I'd say it's much more easy to set this up for the individual user. Well, it's Swedish. It's also very well documented. There are a lot of guides on how to use them and I have a lot of faith in the security posture of Yubico and how the …
We used SecureAuth for a year or two but just the 2FA bit - it didn't help with compromised passwords to non-2FA'd apps. We now use Azure AD and MEM, which utilises MFA and integrate with most SSO apps.
I liked the Kensington Verimark fingerprint scanner initially because it made signing into Windows simple and secured it within the household, but didn't like the additional complexities of setting it up and needing a driver. That would have required the IT support team to …
RSA token is another option used by many organizations. I think there is a definite benefit to soft tokens, but there's an inherent problem with them as well. If you have to reset your phone, you lose the ability to use that soft token until you set it up again, thus making …
It's easy to implement and manage, easy to integrate, and competitively priced. Whether an organization is 100% Microsoft-based, on-premises, or multi-cloud, Microsoft Entra ID can centralize identities and access, and now it's starting to incorporate agent management. Its integration capabilities allow for quick identification and analysis of any identity issues, which is truly beneficial.
Yubico YubiKeys will likely always be my default recommendation for hardware security keys. It's well suited for environments where key portability is necessary, and for privileged environments where step-up or separate authentication hardware benefits the situation. For example, I can step up my Microsoft rights through PIM, but I'm required to use a Yubico YubiKey (AAGUID filter) even if I'm already using Windows Hello. This means that accessing my workstation doesn't grant rights, accessing my device AND my Yubico YubiKey does. I wouldn't necessarily recommend deploying Yubico YubiKeys to entire user populaces unless the situation calls for it (shared workstations, compliance environments, etc.). This is primarily centered around user training (which is a low bar, but still different), and dealing with loss (you'll want to budget for a % of key loss and be ready to rapidly issue replacements).
Single Sign-on helps ease the user experience, allowing users to avoid typing multiple passwords.
The identity and management are straightforward to use and easy to connect to other applications, as well as third-party applications.
The support of remote work. Nowadays, many people work from home and need to access their accounts. Microsoft Enterprise ID gives secure access to the company data.
So as I said, the second-factor authentication that it does is really well. The response time is really good and all you have to do is just enter the second factor code and that's about it. Right? So that's the good part about using Yubico YubiKeys.
It can be about access control because either right now it's just you have access or you don't have access. I think there can be a use case where you are allowed a particular set of servers and not a particular set of servers. I think maybe it's there or we don't use it, but I haven't seen that. I think I've used Yubico YubiKeys at two companies and I haven't seen that. Maybe that's something that can be added.
MSFT Entra ID has been essential for managing our geographically dispersed team. We're confident that it will scale with us as grow, and we'll be able to take advantage of additional security and ID management features as they become necessary. Being able to centrally manage our user access from anywhere with a small support team is such a relief.
As for implementing YubiKey its simple so I don't see us using anything else as we have experienced no issues so fare. Adding these to our environment is still new for us currently but in the transition phase I only see us buying YubiKey. It is highly rated and well known and cost is reasonable so no need to find another solution.
Simply because of what I mentioned earlier, the feature set sort of keeps changing and they do a lot of, they integrated with a lot of the other tools and so for users who are not as well seasoned, it may be a little bit more complicated for them to begin working within the tool.
I give slightly better than average rating because of the complexity in using a Yubikey. It is not as easy as native push notifications for 2FA products, however, it provides much better strength. Rating this higher or lower would be a disservice to people reading this review. If you are in the market for a hardware 2FA tool, Yubikey will be a great asset in your toolbox.
We have not experienced any issues with availability which is very important when you are dealing with a company that holds the keys to the gate. We have had more issues with availability from our SaaS providers before with authentication but that was on their end. YubiKey has worked every time for us over the course of the last 6 or so months we began testing phase.
We have not seen any lag in loading pages and getting into systems or sites. In comparison to other 2FA and MFA options it is actually faster most of the time to authenticate due to not having to type in. We require users to have long passwords and when there is an option given for password less they jump on it with excitement. As we explore going password less on their PC's the YubiKey is going to make their lives a lot easier to access the resources they need.
I have not needed to engage support for anything at this time. I have been able to find the answers either online or in a knowledgebase. I tried to skip the question but it would not let me, so I rated a 9 based on other interactions with Microsoft support I have had
Make sure you use a good partner. Our implementation was a bit longer and more problematic than we expected. Our partner got it done, but, in my opinion, some of their inexperience and staffing issues were evident.
I figured it all out on my own with the excellent product documentation provided by Yubico. I even managed to produce a backup YubiKey in case I lost my frequently used one. This was crucial when I temporarily lost the original.
Microsoft Entra ID is not as stand-alone product as competitors like Okta. It may lack some of the features that competing products have but on the other hand it integrates both technically and license wise with other Microsoft cloud services and is easy to deploy. It is also the easiest way to extend identity management to the cloud if you already have Microsoft Active Directory in use.
Yubico YubiKeys has been a leader in the security key market, and I think they have a new product we just read about two days back and they can store up to a hundred private keys now. So I think this is what it distinguishes them from the market, apart from this, whatever features we need personally and for our customers. So they provide all those features, but versus the other brands.
For us I feel like the ease of deployment has made this product very appealing, overall this will make the scalability very easy for us to push out once we roll out to our users and the management tools that we have looked at will make the admins like me happy as it is clear and easy to use. The rollout process looks to be very straight forward from the demos that we have looked at regarding the enterprise tools.
Microsoft Professional Services' technical knowledge is appreciable as consultants design the solution as per customer requirements. Mapping of features per user specifications and assisting Customer IT engineers to implement so they can manage and administer the services.
I think it's had positive. It's enabled us to make authentication easier and more streamlined across the organization from frontline workers to back office workers.
It's allowed us to really adopt authentication policies and methods that suit that user and their work environment.
I think it's the flexibility in being able to let users pick the type of authentications that they want to use. Some are comfortable with the touch device on the physical Yubico YubiKeys. Others prefer the mobile app. So it provides flexibility for our users to choose how they want to authenticate without running a file of our security requirements.
