Microsoft Entra ID for security and user comfort
September 23, 2023
Microsoft Entra ID for security and user comfort
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Entra ID
We have been using Microsoft 365 (formerly Office 365) for more than five years. We have used Microsoft 365 Identity Protection (now known as Microsoft Entra ID) for three years.
In my org we use Microsoft Entra ID for security and ease of access for our users. First, we deployed self-service password reset to all of our users, which required they enter some additional information like personal contact info. This required some training on our part to let everyone know what was happening. Then, multi factor authentication and the Microsoft Authenticator provide protection. Once we had deployed MFA and had 100% adoption, we introduced phone sign-on so users did not need to use passwords when signing in.
We have also implemented conditional access to require MFA for all apps, and to block access if certain thresholds are met for failed sign-ins or unusual activity.
In my org we use Microsoft Entra ID for security and ease of access for our users. First, we deployed self-service password reset to all of our users, which required they enter some additional information like personal contact info. This required some training on our part to let everyone know what was happening. Then, multi factor authentication and the Microsoft Authenticator provide protection. Once we had deployed MFA and had 100% adoption, we introduced phone sign-on so users did not need to use passwords when signing in.
We have also implemented conditional access to require MFA for all apps, and to block access if certain thresholds are met for failed sign-ins or unusual activity.
- Identity security
- Ease of access
- User risk management
- Conditional access
- Changes are not often clearly communicated unless you know where to look and have the correct email subscriptions.
- High learning curve.
- MFA has essentially squashed all account security concern for us. With minimal training for our users, we've gone from a few phish scares a year to zero since we implemented MFA.
- Conditional access has changed the way we think about security and zero trust. This is not a novel concept unique to Microsoft Entra ID, but it is very easy to implement with Microsoft and has NO VISIBILITY to your users. No extra setup, it's already built in. We set up most of our Conditional access policies in a few weeks and our users had no way of knowing until we told them (for fun and education).
We have a hybrid environment to support some legacy enterprise applications. Our goal is to move 100% to azure as soon as possible, once the legacy apps are replaced.
We have all of our user identities and some security groups synced to the cloud from an "on-prem" (azure VM) domain controller. The on-prem security groups are only used for those legacy apps mentioned earlier. All of our real identity setup is done in Microsoft Entra ID/AzureAD.
We have all of our user identities and some security groups synced to the cloud from an "on-prem" (azure VM) domain controller. The on-prem security groups are only used for those legacy apps mentioned earlier. All of our real identity setup is done in Microsoft Entra ID/AzureAD.
We use AzureAD/Microsoft Entra ID SSO for every app and service which supports Azure or SAML. Security is top of mind for our board and a goal of mine has been to do away with multiple credentials for our users.
We have too many connected SaaS apps to list but a few are Salesforce, ADP, Concur, Bonus.ly, Cisco Anyconnect.
We do not have any on-prem apps connected to Microsoft Entra ID.
We do not have any on-prem apps connected to Microsoft Entra ID.
Since enabling Microsoft Entra ID with passwordless phone sign-on and PIN or biometric for endpoints, users now forget their passwords often. Not a big deal since they can change it using self service password reset but something to keep in mind.
For my purposes this is part of our logon design. Eventually we will stop expiring passwords and turn up the complexity even higher than it already is. Since the password will be seldom used, it will not impact user experience too much.
For my purposes this is part of our logon design. Eventually we will stop expiring passwords and turn up the complexity even higher than it already is. Since the password will be seldom used, it will not impact user experience too much.
We had implemented Okta previously and had a great experience with it. I was not involved in the setup or admin but did deal with end user support during that time. We made the move to azure AD since it made the most sense for our environment, and to have fewer spices in the pot so to speak.
Do you think Microsoft Entra ID delivers good value for the price?
Yes
Are you happy with Microsoft Entra ID's feature set?
Yes
Did Microsoft Entra ID live up to sales and marketing promises?
Yes
Did implementation of Microsoft Entra ID go as expected?
Yes
Would you buy Microsoft Entra ID again?
Yes
Microsoft Entra ID Feature Ratings
Using Microsoft Entra ID
145 - Executive, IT Administration, Learning Management, Content Creation, Sales, Customer Service, Certification Administration, Exposition Events Services, Membership Services, International Event Management, Marketing, Board of Directors.
2 - Familiarity with Microsoft 365 and Azure AD is a must. Knowledge of Android and iOS for app support. A good handle on Azure AD administration and a solid foundation before deployment is crucial.
- Identity protection
- Operational security
- Ease of access
- I plan to explore using Entra ID as an IDP for our membership and external contacts who use our services. For now we use Salesforce.