An end-to-end user and identity management solution
November 04, 2023
An end-to-end user and identity management solution
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Entra ID
Microsoft Entra ID (formerly called as Azure Active Directory) is the being used as an identity provider in my organization. Ideally the business problem that it solves is the management of user accounts and access management for those users. Beyond this, our use case also involves using Entra for access reviews, privileged identity management, group management, device management, application identity management, enabling business collaborations and customer identity management and identity protection.
- The most used and useful feature is 'Privileged Identity Management' which helps us to not only limit the assignment of privileged roles but also to monitor and regulate the assignments with a variety of filters.
- 'Conditional Access' is another feature which can be marked as one of USPs of Microsoft Entra ID. The kind of granularity and security that this feature allows is something that prevent a lot of attacks on the identity perimeter.
- I personally love the simplicity and security of the 'Cross-tenant synchronization' feature of Microsoft Entra ID. It makes the collaboration process easier without making any compromises in the security aspect.
- While a very popular feature, but I feel 'Identity Protection' has some improvement scope like improving the delay of alert triggering, provide more details on the suspicious activities and possibly through a simpler UX.
- I think 'Identity Secure Score' dashboard should have some more detailed informational view instead of just providing some generic best practices and then re-directing to the M365 Defender portal.
- 'Per-User MFA' should now either be deprecated or else should now be re-branded and re-worked to support conditional access policies specifically for combined registration policies.
- Biggest positive ROI is that we were able to successfully deploy identity as our defense perimeter against attacks and that too without much administrational overhead which is now on an auto-pilot mode.
- 60% growth on users getting enrolled for MFA and SSPR, hence leading to 45% reduction in service desk calls and tickets.
- Seamless connectivity with the on-prem AD instance with AD connect has been the biggest pain reliever.
Yes, we do have an on-prem Azure AD Forest with multiple Organizational Units and a concise set of domain controllers as well. When it comes to cloud presence, we are currently only living in Azure with almost 500-600 users and almost 700 devices (since we also allow a chunk of users with BYOD model including a few freelancers).
This is on use basis, and we usually manage this for our clients and not much for our internal tenant. This is usually done when required as a proof-of-concept exercise or as a temporary collaboration scenario. Until now the scope of this particular usage scenario has been limited and small.
There are a lot of SaaS apps like Jira, LinkedIn, Atlassian, HP, DocuSign etc. We have a few on-prem app connectivity as well but I Hope it is understood that I cannot name all of those connections due to obvious security concerns.
It is difficult for me to compare Microsoft Entra ID to any other IDP because I have been working with Microsoft Entra ID only from the past 3 years. Although, I have seen it evolved and simplify user experience of its own through this time. With the addition of MFA, SSPR, conditional access, PIM, SSO and many other features, Microsoft has always been focused on improving and securing the user experience.
- AWS Identity & Access Management, Oracle Access Management and PingOne from Ping Identity
While I have a very limited experience with the products above, I can say for sure that Microsoft Entra ID stands out in leveraging its native integration with Windows AD instances throughout the organizations and hence has taken precedence over all these products for this specific use case. Also, the simplified UX and unified integration with other Microsoft security stack products makes it an inevitable choice.
Do you think Microsoft Entra ID delivers good value for the price?
Yes
Are you happy with Microsoft Entra ID's feature set?
Yes
Did Microsoft Entra ID live up to sales and marketing promises?
Yes
Did implementation of Microsoft Entra ID go as expected?
Yes
Would you buy Microsoft Entra ID again?
Yes