The Inside Scoop - Azure AD
November 12, 2019

The Inside Scoop - Azure AD

John Fester | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Azure Active Directory

We are using Azure Active Directory (AAD) primarily for two things - access permissions in Exchange, SharePoint and other Office 365 services as well as locally in our network for domain/workstation access and logging. AAD opened the doors in many ways for us to enhance our organization and bring ourselves to modern times in terms of technology and what our users can do. Such as, our users had two or more sets of credentials (1 for Office 365, another for domain access and another for SharePoint). Combining our Exchange and SharePoint into Microsoft's hosted platforms and including AAD into our setup, we reduced the credentials down to just needing one set that is synced across my local AD & AAD. This has saved my IT support department many hours in helping users access services, reset passwords multiple times and has saved us time when setting up new users in just one place rather than several. With AAD it automatically sets the user up in the cloud and eliminates my need to set them up several times to have access to our services.
  • AAD is super easy to set up! One thing I was nervous about was deployment. However, after reading the setup instructions, I was pleased to find this a very simple process and well detailed in the instructions.
  • AAD works! It simply does it's job. I have not had to monitor it, troubleshoot it, nor reinstall or tinker with it in any way. Making changes is very quick and easy also allowing you to quickly modify how the sync occurs, whether one-direction from your server to Azure only, or bi-directional where it will sync both ways, or only from Azure to your local AD. You have the options and the control to make it work for your environment!
  • AAD has a ton of tools, logs, data that combined provides a great look into what your users are doing, how it is being done and if any error exist it will provide very useful information about it so that you can resolve the matter.
  • One limitation is the OS it must be installed on. We were using SBS '11 when we first deployed AAD, however it does not work for the sync to Azure on this OS. For this, we worked around it by first setting up a secondary local AD on a server that already had Server 2016 on it. Having these two server sync the local AD, we were able to install and configure the AAD sync on the Server 2016. It sync's perfectly and our environment works great being sync'd to AAD.
  • Depending on the licensing you have with Microsoft, you will find some features not available. We had to add a $4 license per user (called the Exchange F1 License) to have the ability to sync FROM Azure TO my local AD. This is key for users to be able to modify their passwords anywhere and it updates across your AAD & local AD. You will also have to add another type of license should you want more auditing features or security features.
  • It would be great to see Azure have a component in AD where you just enable the sync rather than needing to install the entire package to be able to sync.
  • AAD has saved my organization a lot of time in user setups, restoring mailboxes or individual messages, auditing logins/logoffs or data changes and running reports.
  • It added functionality we did not previously have, such as reporting on user behavior in their systems (what they work on and what applications are used).
  • My IT Support Department has benefited greatly from adding AAD by being able to see software update needs for each workstation, managing startup items running in the system, checking versions of definitions and policies applied to each workstation and much more.
Oracle is awesome and they are always enhancing their products and providing new features. However, Microsoft has this down! It is a Microsoft environment, Windows, Active Directory, Azure...it all works perfectly together. JumpCloud is nice also and they have some really neat features that allow you to combine identities into categories along with systems for inventory and tracking. Oracle does better with security and they have tied in with Kerberos making it an easier setup. But again, Azure is Microsoft's own solution, so the setup and functionality of Azure as compared to the others is just...well it is incomparable. Plus, Azure offers things that none other do - such as backups for data, data retention, auditing and logging and much more, which you will find are all pretty basic with other solutions.
I mean, it is Microsoft. So contacting them for support is nearly the last resort. You'll go to forums and TechNet long before contacting Microsoft. This is where other companies shine above Microsoft, because they have support to offer. You will find more online support for Azure than for other companies, primarily because it is so widely used. Techs like helping other techs. With the number of companies using Azure, there is a tremendous amount of support found online on many websites. If you cannot find your question already answered somewhere, guaranteed someone will answer your posted question within hours.

Do you think Microsoft Entra ID delivers good value for the price?

Yes

Are you happy with Microsoft Entra ID's feature set?

Yes

Did Microsoft Entra ID live up to sales and marketing promises?

Yes

Did implementation of Microsoft Entra ID go as expected?

Yes

Would you buy Microsoft Entra ID again?

Yes

If you manage a local AD and use Microsoft for mailboxes (Exchange), especially if it is hosted by Microsoft and not an on-premises setup, then this is a no-brainer and you should have Azure Active Directory! Even if you use just the free version of AAD, it adds management, reporting and auditing to your O365 which as an admin are very much required pieces of information. I suggest adding licenses for AAD that meets your needs for your organization, such as being able to sync your user information changes from AAD down to your AD and vise-versa, adding mobile security features or auditing, retention needs, etc.

If you have an on-premises Exchange and use a local AD, AAD is less useful for you and I'm not sure it would be recommended to use. While it could add some benefits you do not have already, this would be quite the task to undergo for such little solutions it would provide.

AAD is most useful for organizations that at least use Office 365 for Exchange hosting.

Microsoft Entra ID Feature Ratings

ID-Management Access Control
8
ID Management Single-Sign On (SSO)
7
Multi-Factor Authentication
8
Password Management
8
Account Provisioning and De-provisioning
9
ID Management Workflow Automation
7
ID Risk Management
7