The Inside Scoop - Azure AD
Overall Satisfaction with Azure Active Directory
We are using Azure Active Directory (AAD) primarily for two things - access permissions in Exchange, SharePoint and other Office 365 services as well as locally in our network for domain/workstation access and logging. AAD opened the doors in many ways for us to enhance our organization and bring ourselves to modern times in terms of technology and what our users can do. Such as, our users had two or more sets of credentials (1 for Office 365, another for domain access and another for SharePoint). Combining our Exchange and SharePoint into Microsoft's hosted platforms and including AAD into our setup, we reduced the credentials down to just needing one set that is synced across my local AD & AAD. This has saved my IT support department many hours in helping users access services, reset passwords multiple times and has saved us time when setting up new users in just one place rather than several. With AAD it automatically sets the user up in the cloud and eliminates my need to set them up several times to have access to our services.
Pros
- AAD is super easy to set up! One thing I was nervous about was deployment. However, after reading the setup instructions, I was pleased to find this a very simple process and well detailed in the instructions.
- AAD works! It simply does it's job. I have not had to monitor it, troubleshoot it, nor reinstall or tinker with it in any way. Making changes is very quick and easy also allowing you to quickly modify how the sync occurs, whether one-direction from your server to Azure only, or bi-directional where it will sync both ways, or only from Azure to your local AD. You have the options and the control to make it work for your environment!
- AAD has a ton of tools, logs, data that combined provides a great look into what your users are doing, how it is being done and if any error exist it will provide very useful information about it so that you can resolve the matter.
Cons
- One limitation is the OS it must be installed on. We were using SBS '11 when we first deployed AAD, however it does not work for the sync to Azure on this OS. For this, we worked around it by first setting up a secondary local AD on a server that already had Server 2016 on it. Having these two server sync the local AD, we were able to install and configure the AAD sync on the Server 2016. It sync's perfectly and our environment works great being sync'd to AAD.
- Depending on the licensing you have with Microsoft, you will find some features not available. We had to add a $4 license per user (called the Exchange F1 License) to have the ability to sync FROM Azure TO my local AD. This is key for users to be able to modify their passwords anywhere and it updates across your AAD & local AD. You will also have to add another type of license should you want more auditing features or security features.
- It would be great to see Azure have a component in AD where you just enable the sync rather than needing to install the entire package to be able to sync.
- AAD has saved my organization a lot of time in user setups, restoring mailboxes or individual messages, auditing logins/logoffs or data changes and running reports.
- It added functionality we did not previously have, such as reporting on user behavior in their systems (what they work on and what applications are used).
- My IT Support Department has benefited greatly from adding AAD by being able to see software update needs for each workstation, managing startup items running in the system, checking versions of definitions and policies applied to each workstation and much more.
Oracle is awesome and they are always enhancing their products and providing new features. However, Microsoft has this down! It is a Microsoft environment, Windows, Active Directory, Azure...it all works perfectly together. JumpCloud is nice also and they have some really neat features that allow you to combine identities into categories along with systems for inventory and tracking. Oracle does better with security and they have tied in with Kerberos making it an easier setup. But again, Azure is Microsoft's own solution, so the setup and functionality of Azure as compared to the others is just...well it is incomparable. Plus, Azure offers things that none other do - such as backups for data, data retention, auditing and logging and much more, which you will find are all pretty basic with other solutions.
Do you think Microsoft Entra ID delivers good value for the price?
Yes
Are you happy with Microsoft Entra ID's feature set?
Yes
Did Microsoft Entra ID live up to sales and marketing promises?
Yes
Did implementation of Microsoft Entra ID go as expected?
Yes
Would you buy Microsoft Entra ID again?
Yes
Comments
Please log in to join the conversation