Azure Active Directory Reviews

I think that Microsoft Azure Active Directory is going to be applicable to any organization that needs a cloud identity solution and they have more than a handful of employees and users. Licensing could be problematic to figure out, and bundling the Microsoft Azure Active Directory license with an M365 subscription is probably the route to take. However, I would not recommend this product to an organization with an IT administrator who is not strong technically. In this case, it might be better managed by an MSP.

The reality is that Microsoft Azure Active Directory is one part of a suite of products and it is sometimes hard to look at it without understanding how it interacts with the other tools in the suite. If we take this into consideration, then Microsoft Azure Active Directory is the backbone for providing a cloud-based user identity and security solution that will be applicable under any circumstance.

I highly recommend Azure Active Directory for any organization looking to adopt cloud-based technologies and a zero-trust security posture. Many companies "graduate" to it from their legacy on-premises Active Directory installations, and that scenario has been optimized very well, but Azure AD is also a good fit for any organization looking for a robust and secure identity platform.

If you already use 365 and Windows then Microsoft Active Directory is pretty much a no brainer. Especially if you also use Microsoft Defender ATP. The control and oversight over user machines when used with InTune is impressive but I do wish the integration with Local Domains was more robust. Also, shared drives, I was under the impression that I would be able to implement through OneDirve somehow but that was not the case. SharePoint seems to be the alternative here, and it works great but not everyone in the organization is inclined to change how they work and that was ultimately what brought use back to using an Internal Domain. We still use 365 and therefore Azure Active Directory but to a much more limited degree.

Microsoft has always kept the Azure Active Directory at the front side of their identity management suite. It makes the most sense to use Microsoft Azure Active Directory if you are already a Microsoft Azure customer.

Some specific scenarios where Microsoft Azure AD will be well suited are

• If your organization has users who are geographically dispersed and you want to implement a centralized security and access system for them.
• If the client or organization is heavily invested in Microsoft eco-system for other needs, Microsoft Azure Active Directory is the way to go

Scenarios where Azure Active Directory is less appropriate are

• If the organization is not invested in the Microsoft ecosystem.
• If you want an intuitive implementation process.
• If you have fewer than 50 users.

If working with Microsoft 365 subscriptions, Azure Active Directory is the directory service behind the 365 users, so it's really easy to tie that into your others softwares or on-premise network as well

[Microsoft] Azure Active Directory is perfect for single sign on. We have all our SaaS applications integrated with it. Also, the opportunity to have a single place for all the Microsoft Applications and Saas Applications using one account.
Sometimes, the hybrid configuration is not appropriated for some internal non windows applications, due to the complexity.

Microsoft Azure Active Directory is very well-suited for user identity in the cloud, especially in a hybrid instance. Syncing your on-premises infrastructure with the cloud, Microsoft makes it easy to achieve this. In addition, configuring virtual networks and virtual machines is an easier process than expected. If you are currently all on-premises, then Azure Active Directory would not really help your use case, although if you are thinking of migrating to the cloud, you can then experiment with it.

Our company is extremely satisfied with using Azure Active Directory to store and give multiple access levels to all users by the use of Active Directory. We love that since it's a Microsoft product, it can be easily integrated with other Microsoft products like SharePoint without the use of 3rd party connectors for integration. We have an enterprise account with Microsoft, so the price point for hundreds of AD users is also low.

If your organization primarily uses Microsoft systems, there really is no reason to use another product. Azure Active Directory allows you to link your user accounts to virtually all Microsoft software and most 3rd party software. Having one digital identity across all systems makes things much easier for your end-users. Support for 2-factor authentication, especially with more people working from home, is fully supported.

It is appropriate in most cases. As I mentioned earlier, it allows us to have global availability of our AD, while allowing to centralize all operations within the IT department. We can manage users, printers, and GPOs in the cloud easily. For cases where the implementations are wide, I think it is a fundamental requirement. I could say that maybe it is not appropriate for small organizations, but even for those cases, I think it also applies, since it eliminates infrastructure costs and allows you to keep everything in the Microsoft cloud. There are no cases that do not involve analysis or use.

If the organization has current or planned investment in Microsoft (i.e. Windows devices for people, is an Office 365 customer, etc), Azure Active Directory is a no brainer and the basic functionality is included in the base plans and licenses. If the organization needs a deeper level of identity management and/or has a high volume of object turn over (account provisioning and deletion), the limit of the basic functionality in Azure Active Directory is quickly realized and additional effort, expense, and technology may be required.

Microsoft has offered Azure Active Directory as a solution for a couple of decades now, so they have seen and anticipated almost any issue that an organization may face and can therefore help. The cloud offering of Azure Active Directory offers some additional "self healing" or monitoring services that can minimize the need for a service call. However, as with most large companies supporting a fast growing market, there may be some gaps in service knowledge (and particularly processing) from the front line / tier one staff as they follow a corporate script at first contact.

If you have Active Directory currently in your organization you should already be on and connected to Azure. It enables the migration of workloads to the Microsoft cloud where it is appropriate. It enables your existing authentication to be used with partner tools.

Support tickets are acted upon quickly and are usually resolved well. Sometimes issues are hard to push beyond level 1 tech support and prove they are a bug not an implementation issue.

If you manage a local AD and use Microsoft for mailboxes (Exchange), especially if it is hosted by Microsoft and not an on-premises setup, then this is a no-brainer and you should have Azure Active Directory! Even if you use just the free version of AAD, it adds management, reporting and auditing to your O365 which as an admin are very much required pieces of information. I suggest adding licenses for AAD that meets your needs for your organization, such as being able to sync your user information changes from AAD down to your AD and vise-versa, adding mobile security features or auditing, retention needs, etc.

If you have an on-premises Exchange and use a local AD, AAD is less useful for you and I'm not sure it would be recommended to use. While it could add some benefits you do not have already, this would be quite the task to undergo for such little solutions it would provide.

AAD is most useful for organizations that at least use Office 365 for Exchange hosting.

I mean, it is Microsoft. So contacting them for support is nearly the last resort. You'll go to forums and TechNet long before contacting Microsoft. This is where other companies shine above Microsoft, because they have support to offer. You will find more online support for Azure than for other companies, primarily because it is so widely used. Techs like helping other techs. With the number of companies using Azure, there is a tremendous amount of support found online on many websites. If you cannot find your question already answered somewhere, guaranteed someone will answer your posted question within hours.

I believe Azure AD is appropriate in any enterprise environment, however, it is especially well-suited in large environments with many different administrators needing the ability to make changes. It would be less suited in a smaller environment where RSAT tools (such as the AD plug-in) could be used to administer the network.

Microsoft's product support is second to none. This is a trend I've seen with most of the Microsoft products I've used.

It is a good product for anyone looking for a cloud-based solution to manage company users and assets.

Responsive support and relatively good documentation.

If you're an Office or Microsoft 365 admin, this is a must-have product. Even if you are not, this is the modern way of handling authentication and device management.

Password resets are handled quite well with AAD also. The end-user can set up personalized challenge questions and when a reset is necessary, can answer those questions, have the password reset, and continue on with there day - with no IT/IS support necessary. A win-win situation for all involved.

Support is handled offshore and you must send in a request and then schedule a callback. Near real-time support is very problematic. Additionally, you will go through the tiering system. Level one staff at Microsoft have a lot of checkboxes to go through before you are handed to the next tier.

Communication with offshore tech support is a true challenge.

I guess 10, because I can't imagine how any tool can do better than this. It's a pretty standard tool I think for employee maintenance, role maintenance, single sign-on. It's a perfect match for Azure, to give the opportunity to integrate things like power apps and everything else in Azure and seamlessly integrate with your existing user maintenance structure in your company.

I have no personal experience with support. But according to my colleagues it was good. I've not asked in more detail, so my answer may not reflect their actual experience. "Good" to me means "at least an 8."

Well suited authentication-wise for sign-in scenarios such as when users at my organization need their password manually updated. Well suited for availability and since cloud, always can access (opposed to on-prem). Well suited for Office 365 and SharePoint or anything else bundled with MS. Well suited for org with lots of remote users or travelers who can benefit from the SSO.

Less suited for Apple folks but we are 100% Windows 10 environment. It's expensive. Group policies don't always work like they should, I've noticed.

I am giving this a 5 (middle of scale - neither great nor terrible) as it's N/A for me as I've never had to open a support ticket related to Azure Active Directory. Never had an issue or outage that required a ticket. In general of MS support system and KB, I will say that in general they are not great (maybe a 6 or 7 out of 10).

Azure Active Directory is a reliable tool for creating directories of users & roles for all sorts of authorization and authentication scenarios in the cloud. It is highly scalable and can handle the largest user bases possible. The tool had Identity protection and security built-in and as upgrades that can help with identity threat hunting and compromise.

I'll give it a ten out of ten since I've never needed to use their support services. There is extensive information available online.

It is great if you are deeply invested in the Microsoft ecosystem. It works even better if you use any of Microsoft's SAAS propositions. Integration with on-premise systems is great and functionality is unparalleled.
If you use limited Microsoft products, maybe a bit of an overkill, however, it is a must-have with O365 and other products.

AAD is a great product that works seamlessly and is reliable as an actual domain controller on-premise. I have never had to call Microsoft as I have never had any issues. The sync client is being updated regularly, and apart from a persistent bug/feature that it shuts down at 01:00, I cannot really complain.

If you want Office 365, you get Azure Active Directory. And if you want to protect that you seriously should consider Azure AD P1 or even P2 plans. We don't user P2 yet, but that is more or less the pinnacle for your protection needs. The Azure Application Proxy is a good place to publish your on-prem applications.

Microsoft support is great. Though the first call to support is sometimes a hit-or-miss as sometimes the person is not knowledgeable enough or doesn't understand the question and/or what steps you already have done. But overall our experience with Microsoft Azure Active Directory support is good.

It's great for companies with more than a dozen users. It's a quick and easy way to manage the Windows accounts within the organization.

Their Support team is fairly responsive and knowledgeable,

Azure AD is actually required for Office 365 to work, so obviously you won't have a choice about whether or not it is well-suited unless you want to skip Office 365 completely. But it's actually a good standalone AD solution for when you don't want to own any infrastructure at all. That's because AAD is hosted by Microsoft in their commercial cloud, Azure. You could hypothetically build all a full corporate directory against which to authenticate without having to own a single server.

I would not advise using AAD as your network directory as a standalone solution, however. You would need to have at least one on-premise AD domain controller with a full copy of the directory, at all times. This is required because Azure Active Directory operates in the cloud, meaning it is reached by way of the internet. If any site were to become disconnected from the internet for any reason, and if there is NOT a local copy of the directory on a domain controller that the users and computers can reach from their devices, no one would be able to authenticate to any resources until connectivity is restored.

I've only had to open a few support cases with Microsoft for Azure AD. In each time it was because there was a sync error between our on-premise database (the local copy of the AD) and Azure's copy. The AAD copy of the AD has some user and computer attributes that admins can't change using the AAD console. But that's so that we, as humans, don't accidentally break the database. Whenever there has been a sync conflict that i could not resolve following there (usually excellent) instructions for doing so, I have opened a support case. I can count those cases on one hand after nearly three years of lice production use of AAD. Each of those cases was resolved within a few days and in no circumstance was the affected user or computer unable to authenticate, although they may have been unable to access their email for a brief period during the troubleshooting. It's quite a bit better than other Microsoft support, in my opinion.

Azure Active Directory is well suited for organizations that have a large number of users/employees in different geographic locations and lots of internal tools, be it hosted locally or in the cloud, as it will make it easier for the organization to do and effective Identity and Access Management. For small companies, this might be expensive.

Support is great, and provide insightful solutions whenever there is a problem.

If an organization is using Office 365 for email, collaboration, etc, there is no reason NOT to use AzureAD (they already are, to be precise). With appropriate Azure AD licenses, they can leverage those accounts to setup Single Sign-on with any other cloud providers they might be using. Additionally, if they have an on-premise active directory, they can sync those accounts with their Azure AD accounts, and potentially have one login for their on-premise computers, Office 365, and cloud services, protected with multifactor authentication. If an organization lives in the Google ecosystem, Azure AD most likely is not a good fit as Google can provide similar functionality via GSuite (although in my experience, much less robust).