If you use Office 365 for email and collaboration, you owe it to yourself to get Azure AD Premium licenses and take your cloud experience to the next level!
July 11, 2019

If you use Office 365 for email and collaboration, you owe it to yourself to get Azure AD Premium licenses and take your cloud experience to the next level!

Patrick Plaisance | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Overall Satisfaction with Azure Active Directory

We use Azure Active Directory organization-wide both internally, and at the vast majority of our clients. Azure AD is used to both complement, and in some situations, replace entirely on-premise Active Directory. It is used for user authentication, both for Microsoft cloud services (Office 365) as well as the Identity Provider for SSO for various other services. Itis the glue that holds together device management via InTune. For clients with on-premise AD, Azure AD Connect keeps Azure AD & on-premise AD in sync, so users only have one password to remember, one multifactor authentication service will work across multiple on-premise and cloud services, and onboarding/offboarding by IT staff is greatly simplified by having just one "account" to control access to.
  • Sync with on-premise AD via Azure AD Connect app. When it first started out as DirSync, it had major issues with conflicts, but now Connect is reliable, simple to implement and keeps getting new features like.
  • SSO implementation with 3rd party cloud services is excellent. MS even has step by step guides to popular apps/services!
  • InTune integration with Azure AD/Hybrid Azure AD brings domain devices and BYOD devices together under one device management pane of glass.
  • Azure portal is extremely complex and many things are in areas you wouldn't expect them.
  • Hybrid Azure AD is very confusing to setup and offers very little troubleshooting data to go on.
  • I've found that sometimes on-premise AD passwords stop syncing via Azure AD Connect with no errors but a quick script for a full hash password sync clears it up.
  • Streamlined on/offboarding process for staff, saving time and complexity for IT and HR staff.
  • Simplified user experience by implementing AD sync & SSO.
  • Since it is cloud based, IT staff often playing "catch-up" on training as features are added/removed/changed.
Nothing really compares directly. OneLogin as an SSO solution was complicated and expensive. GSuite doesn't have all the same features as Azure AD and you're locked into the Google ecosystem for the most part.
If an organization is using Office 365 for email, collaboration, etc, there is no reason NOT to use AzureAD (they already are, to be precise). With appropriate Azure AD licenses, they can leverage those accounts to setup Single Sign-on with any other cloud providers they might be using. Additionally, if they have an on-premise active directory, they can sync those accounts with their Azure AD accounts, and potentially have one login for their on-premise computers, Office 365, and cloud services, protected with multifactor authentication. If an organization lives in the Google ecosystem, Azure AD most likely is not a good fit as Google can provide similar functionality via GSuite (although in my experience, much less robust).

Microsoft Entra ID Feature Ratings

ID-Management Access Control
9
ID Management Single-Sign On (SSO)
10
Multi-Factor Authentication
8
Password Management
8
Account Provisioning and De-provisioning
9
ID Management Workflow Automation
8
ID Risk Management
8