Azure Active Directory Room for Improvement
The conditional access rules are a little limiting. There's greater scope for the variety of rules and conditions you could put in that rules around a more factual authentication for other users. If you have an Azure AD setup, you can then connect to other people's Azure AD, but you don't have a huge amount of control in terms of what you can do. Greater control over guest users and guest access would be better. It's pretty good as it is but that could be improved.
We have a custom solution now running to tie all those Azure ADs together. We use the B2B functionality for that. Improvements are already on the roadmap for Azure AD in that area. I think they will make it easier to work together between two different tenants in Azure AD, because normally one tenant is a security boundary. For example, company one has a tenant and company two has a tenant, and then you can do B2B collaboration between those, but it is still quite limited. For our use case, it is enough currently. However, if we want to extend the collaboration even further, then we need an easier way to collaborate between two tenants, but I think that is already on the roadmap of Azure AD anyway.View full review »
The Azure AD Application Proxy, which helps you publish applications in a secure way, is really good, but has room for improvement. We are moving from another solution into the Application Proxy and the other one has features that the App Proxy doesn't have. An example is where the the role you're signing in as will send you to different URLs, a feature that App Proxy doesn't have (yet).
With Azure AD, if you look in detail on any of the features, you will see 20 good things but it can be missing one thing. All over the place there are small features that could be improved, but these improvement is coming out all the time. It's not like, "Oh, it's been a year since new features came out." Features are coming out all the time and I've even contacted Microsoft and requested some changes and they've been implemented as well.View full review »
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
The provisioning capability is a two-edged sword because it is very useful, but it also needs some improvement. When you start to deal with legacy applications, provisioning is not as intuitive. Legacy applications, a lot of times, were based on an on-premise Active Directory and you had to use it to provision users or grant access to the product. I don't know of a way to make Azure Active Directory act as an on-premises version to connect to those legacy applications.
The speed and responsiveness of the technical support are things that could use some improvement.View full review »
Product Manager/Architect at a consumer goods company with 5,001-10,000 employees
The thing that is a bit annoying is the inability to nest groups. Because we run an Azure hybrid model, we have nested groups on-premise which does not translate well. So, we have written some scripts to kind of work around that. This is a feature request that we have put in previously to be able to use a group that is nested in Active Directory on-premise and have it handled the same way in Azure. That is something that is actively being worked on.
One of the other things that we felt could be improved upon is from an Application Proxy perspective. We have applications native to SSH, and we want to be able to do app proxy to TCP/IP. It sounds like that is actively on the roadmap now, which was amazing. It makes us very excited that it is coming, because we do have use cases with that as well.View full review »
The one area that we are working on at the moment is the business-to-consumer (B2C) element. It is not as rich as some of the other competitors out there. The B2C element of Azure AD is quite niche. Some of the features that they offer, e.g., customized emails, are not available with B2C. You are stuck with whatever email template they give you, and it is not the best user experience. For B2C, that is a bit of a negative thing.
In my previous role, there would have been a few things that I would have liked added, but they have already introduced them. Those are already in the roadmap.
One of the areas where Microsoft is very actively working on enhancing is the capabilities around the B2B and B2C areas.
Microsoft is actively pursuing and building new capabilities around identity governance.
There is a concept of cross-tenant trust relationships, which I believe Microsoft is actively pursuing. That is something which in the coming days and years to come by will be very key to the success of Azure Active Directory, because many organizations are going into mergers and acquisitions or spinning off new companies. They will still have to access the old tenant information because of multiple legal reasons, compliance reasons, and all those things. So, there should be some level of tenant-level trust functionality, where you can bring people from other tenants to access some part of your tenant application. So, that is an area which is growing. I believe Microsoft is actively pursuing this, and it will be an interesting piece.View full review »
Solutions Owner at a manufacturing company with 10,001+ employees
A lot of aspects can be improved and Microsoft is constantly improving it. If I compare Azure AD today with what it was like five years ago, or even three years ago, a lot of areas have been improved, and from different angles. There have been improvements that offer more security and there have been some improvements in the efficiency domain. Azure AD is not a small product. It's not, say, Acrobat Reader, where I could say, "Okay, if these two features are added, it will be a perfect product." Azure is a vast platform.
But if we look at multi-factor authentication, can it be improved? Yes. Perhaps it could cope with the newest authentication protocols or offer new methods for second or third factors.
I'm also willing to go towards passwordless authentication. I don't want anyone to have passwords. I want them to authenticate using other methods, like maybe biometrics via your fingerprint or your face or a gesture. These things, together with the smart card you have, could mean no more passwords. The trends are moving in that direction.
When it comes to identity governance, the governance features in Azure AD are very focused on Microsoft products. I would like to see those governance and life cycle management features offered for non-Microsoft products connected to Azure AD. Currently, those aspects are not covered. Microsoft has started to introduce Identity Governance tools in Azure AD, and I know they are improving on them. For me, this is one of the interesting areas to explore further—and I'm looking to see what more Microsoft offers. Once they improve these areas, organizations will start to utilize Microsoft more because, in that domain, Microsoft is a bit behind. Right now, we need third-party tools to complete the circle.
In addition, sometimes meeting the principle of least privilege is not easy because the roles are not very granular. That means that if you are an administrator you need to do small things connected to resetting passwords and updating certain attributes. Sometimes I have to grant access for the purposes of user management, but it includes more access than they need. Role granularity is something that can be improved, and they are improving it.
Again, if I compare Azure AD today to what it was like three years ago, there have been a lot of improvements in all these domains. But we could also pick any of these specific feature domains in Azure AD and have in-depth discussions about what could be improved, and how.View full review »
IAM / IT Security Technical Consultant at a retailer with 10,001+ employees
An area where there is room for improvement is the ease of use of the dashboards.
Also, if a user is working in India, and we suddenly see a login from the US, Australia, or New Zealand, we should be alerted, because we wouldn't expect that application would be used by that user in those locations at that time.
An area for improvement is that there is so much dependence on on-premises databases, in the on-premises directory services.
In terms of features we would like to see, we don't have domain controllers in Azure AD. We are also looking at how we can best migrate users from on-premises to Azure AD, and how we can welcome B2B users. We would like to see improvement in the B2B functionality. We hope that is already in the roadmap. We'd also like to see some functionality for how we can set boundaries for tenants. We have multiple tenants that we're trying to consolidate. It's definitely going to be a big challenge to consolidate two tenants, so we're looking for help in that area.View full review »
The most challenging aspect I found was the creation of organizational units and specific domains. They have a tool called Bastion, which is expensive and a little bit confusing. I had to cancel the subscription because it was using my credits too quickly. For the students, it was not a very cheap way to learn it.
It would be helpful if they provided more credits for students who are performing test cases because we had to be really careful when we were using it. Making it cheaper for students would be great.View full review »
The B2B Federation functionality is not perfect and could be improved. It is not on the same level that we could have if it were being used on-premises. It offers a different experience, which is a bit complicated and has some additional drawbacks.
The MFA has some limitations compared to the legacy version. We still use our on-premises version because it works with our legacy applications using certain protocols.
I think that as Microsoft is going to the cloud, they are turning off the on-premises features too quickly because the functionality is not yet at par.
I would like to see more features included, such as some surrounding the lifecycle of licenses, and access management for non-Azure cloud applicationsView full review »
There are four levels of subscription and the security features are not available for free. At the free or basic level of service, Azure should provide identity protection features including single sign-on and multifactor authentication. These are the most important features for organizations and everybody should be able to utilize them for working remotely.View full review »
One thing that bothers me about Azure AD is that I can't specify login hours. I have to use an on-premises instance of Active Directory if I want to specify the hours during which a user can log in. For example, if I want to restrict login to only be possible during working hours, to prevent overtime payments or to prevent lawsuits, I can't do this using only Azure AD.View full review »
The biggest thing is if they could integrate with their IPS/IDS processes as well as have integration with another app, like a third-party application. Varonis was another solution that my customers are trying to integrate with ADFS. For some reason, they were seeing some difficulties with the integration. There is a case open with Microsoft on this particular thing.
The only issue is the OU is not properly synced. Therefore, you have to do a manual sync sometimes or you might lose the connector due to AD Connect or sync servers.View full review »
From my personal experience, I'd say that the features need to be more visible to make the product easier to explore for new users. They need to make it possible for someone with very little knowledge to come in and find things. The product needs to be more user-friendly.
The solution needs to update documentation much more regularly. They need to just come out and update the documentation to reflect new features and make sure the updates are included in the already existing documentation so that someone like me can just pick up the documentation, read it, and know that it is very up-to-date listed and has all the new features contained within it.
Honestly speaking, I haven't thought about where areas of improvement might be necessary.
Everything was very smooth every time we used Azure AD. In other Microsoft solutions, we come across some bugs or workarounds, et cetera. However, as far as Azure AD is concerned, or maybe, to the extent that we are using it at least, we haven't come across any issues.
In terms of identity and access management and concerns, all of our needs are provided by the existing implemented features.
Senior Infrastructure Security Engineer at a tech services company with 51-200 employees
Sometimes, what one customer may like, another may not like it. We have had customers asking, "Why is Microsoft forcing us to do this?" For example, when you use Exchange Server on-premise, then you can customize it for your company and these customizations are unlimited. However, if you use Exchange Online or with Microsoft 365, then your ability to make modifications is limited. So, only the cloud versus is limited.View full review »
Delivery Practice Director at a computer software company with 201-500 employees
The licensing could be improved. There are premium one, premium two or P1, P2 licensing right now and a lot of organizations are a little bit confused about the licensing information that they have. They want to know how much they're spending. It's not really clear cut.
Transitioning to the cloud is very difficult. They need the training to make it easier. They should probably put in more training or even include it on the licensing so that there are people that manage their environment have somewhere to come to learn on their own. Maybe there could be some workshop or training within Azure.
The solution could offer better notifications. They do upgrades once or twice a year. They need to do a better job of alerting users to the changes that are upcoming - especially on the portal where you manage your users and accounts. There needs to be enough time to showcase the new features so your organization is not surprised or put off by sudden changes.
We have a lot of freedom in using the Group Policy Objects and, although Group Policy Objects are part of Azure Active Directory, there are still a lot of things that can be improved, such as providing local admin rights to a user. There are various, easy ways that I can do that in the on-premises version, but in the cloud version, it is a bit difficult. You have to create a bunch of policies to make it work.View full review »
Principal Consultant at a tech services company with 51-200 employees
The user administration has room for improvement because some parts are not available within the Azure AD portal, but they are available within the Microsoft 365 portal. When I want to assign that to a user, it would be great if that would be available within the Azure AD portal.
It would be awesome to have a feature where you can see the permissions of a user in all their Azure subscriptions. Right now, you have to select a user, then you have to select the subscription to see which permissions the user has in their selected subscriptions. Sometimes, you just want to know, "Does that user have any permissions in any subscriptions?" That would be awesome if that would be available via the portal.View full review »
Senior DevOps engineer at a tech vendor with 51-200 employees
Generally, everything works pretty well, but sometimes, Azure Active Directory has outages on the Microsoft side of things. These outages really have a very big impact on the users, applications, and everything else because they are closely tied to the Azure AD ecosystem. So, whenever there is an outage, it is really difficult because all things start failing. This happens very rarely, but when it happens, there is a big impact.View full review »
Senior Support Engineer at a tech services company with 1,001-5,000 employees
Recently, Microsoft has developed lightweight synchronization software, the Cloud Provisioning Agent, to do the job of the preceding, heavier version called AD Connect. You can do a lot more with AD Connect, but it can take a lot of expertise to manage and maintain it. As a result, customers were raising a lot of tickets. So Microsoft developed the lightweight version. However, there are still a lot of features that the Cloud Provisioning Agent lacks. I would like to see it upgraded.
The Cloud Provisioning Agent cannot provision a lot of the information that AD Connect does. For starters, the lightweight version cannot synchronize device information. If you have computers on-premises, the information about them will not be synchronized by the Cloud Provisioning Agent. In addition, if you have a user on the cloud and he changes his password, that information should be written back to the on-premises instance. But that workflow cannot be done with the lightweight agent. It can only be done with the more robust version.
I believe the Cloud Provisioning Agent will be upgraded eventually, it's just a matter of time.View full review »
Systems Manager at a financial services firm with 10,001+ employees
Azure Active Directory currently supports Linux machines. However, the problem is that you get either full or minimal access. It would be very nice if we could have some granular authorization modules in Azure Active Directory, then we could join it to the Linux machine and get elevated access as required. Right now, it is either full or nothing. I would like that to be improved.
We have the ability to join Windows VMs to Azure. It would be nice if we could have some user logs, statistics, and monitoring with Azure Active Directory.
When we subscribe to MFA, the users get MFA tokens. However, it is not a straightforward process to embed any of the OTP providers. It would be good if Microsoft started embedding other third-party OTP solutions. That would be a huge enhancement.
There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory.View full review »
Cloud Architect at a hospitality company with 1-10 employees
My understanding is, in the future, they will be able to bring everything into one single platform and they are not there yet. We are loving third-party authentication, however, those authentications will be further scrutinized by AD itself.
For example, if you want to book a flight, you go to any website to book. Booking the flight can be divided into two parts. One is creating a log-in with a particular website and then booking. However, if there are five to ten websites and you want to compare prices on all of them. You aren’t going to set up a log-in for each and every site. That's not feasible.
Instead, you can use your own login credentials, for example, from your Hotmail or Google account. Then, you have a token authenticated by Google, et cetera, which gives you the privilege to do the booking for a particular session. This is similar to what Azure AD should do in the future for authentication and allowing access.View full review »
Senior Information Technology Manager at a manufacturing company with 10,001+ employees
Overall, it's not a very intuitive solution.
When you have an Office 365 enterprise subscription, it comes with Azure Active Directory. We don't have a subscription to Active Directory, but our Active Directory connector puts our credentials into the Azure Active Directory. On the Office 365 side, we're also in the GCC high 365, so it's a lot more locked down. There are a few things that aren't implemented which make things frustrating. I don't blame the product necessarily, but there are links and things within there that still point back to the .com-side and not the .us-side.
There's a security portal and a compliance portal. They're being maintained, but one's being phased in and the others are being phased out. Things continue to change. I guess that's good, but it's just been a bit of a learning curve.
Our Office 365 subscriptions are tied to our on-prem domain — I have a domain admin there. With our Active Directory connector, our on-prem credentials are being pushed to the cloud. We also have domain credentials in the cloud, but there's no Office subscription tied to it, just to do the administration stuff. I moved my sync credential to have a lot more administrative privileges. Some of the documentation I was reading clearly showed that when you have this particular ability right on the Azure side, and then you have another ability on the Office side, that intuitively, the Microsoft cloud knows to give you certain rights to be able to do stuff. They're just kind of hidden in different places.
Some things are in Exchange, and some things are in the Intune section. We had a few extra light subscriptions that weren't being used, so I gave my microsoft.us admin account a whole other subscription. In the big scheme of things, it's roughly $500 a year additionally — it just seems like a lot. I didn't create a mailbox for that and I was trying to do something in Exchange online and it said I couldn't do it because I didn't have a mailbox.
You can expect a different user experience between on-prem and online. Through this cloud period, we have premiere services, we have a premiere agreement and we had an excellent engineer help us with an exchange upgrade where we needed a server. We needed an OS upgrade and we needed the exchange upgrade on the on-prem hybrid server. We asked this engineer for assistance because my CIO wanted to get rid of the on-prem exchange hybrid server, but everything that I was reading was saying that you needed to keep it as long as you had anything on-prem. We asked the engineer about it and he said, "Yeah, you want to keep that." In his opinion, it was at least going to be two years. So at least I got my CIO to stop talking about that. It's just been an interesting time in this transition between on-prem and in the cloud.
In a secure environment, a lot of this stuff is PowerShell, which is fine. It's a learning curve, but if you don't use it all time, then it's a lot of back and forth with looking at the documentation and looking at other blogs. If you're in a secure environment, the Windows RM (remote management) stuff can be blocked, and that's frustrating, too.View full review »
Azure AD needs to be more in sync. The synchronization can be time-consuming.View full review »
M365 enterprise Advisor(Azure) at a tech services company with 501-1,000 employees
In terms of improvement, there should be more flexibility and conditional access. There is a lot of flexibility already, but there are some technologies that should be embedded and integrated into it for a more flexible, customized experience. Also, there should be more tools for analysis for clients, e.g., there should be more flexibility aimed at end users. Regular IT guys for each company should be able to use the tools to troubleshoot a certain level of analysis in their environment.
The security part should be improved overall.
The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform, am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly.View full review »
The solution has not saved costs. While we’ve eliminated some tools, there are some other features that we are dependent on as admin, which is not yet integrated with Azure AD.
Other features have a broader scope and are covered under Azure. If, for example, I want to create a workflow, that cannot be done in Azure AD. That is something that is done in the Azure function or Azure logic app. Parts have to be covered in other functions.
Longer-term, there are some features which might be added, such as admin features similar to Google admin. If I'm an employee and I'm exiting the company, for example, I need to transfer that data from myself to my manager. For that, maybe they could include a feature where they can transfer the data from the user directly and we don't have to rely on any admins.View full review »
Microsoft Azure Engineer at a tech services company with 10,001+ employees
The security needs to be improved. For example, in terms of changing from one version to the latest, meaning going from 2008 to 2012, or 2016 to 2019, you need to get rid of all the operating systems and they need to ensure the security is upgraded and improved.
They need to bring BitLocker into the VMs and the servers.
LAPS could also be improved. LAPS are used to rotate passwords on a server. That can be improved upon to increase security levels.
Protocols SSL 2.0 and SSL 3.0 need to be removed and they should change my TLS 1.2 for every application.View full review »
Senior Information Technology Manager at a manufacturing company with 10,001+ employees
It's not intuitive and we use it mainly for our hybrid capability now and are expanding our footprint in Microsoft 365. The integration between on-prem and Online is interesting. However, the learning curve is high.
When you have an Office 365 enterprise subscription, it comes with Azure Active Directory, however, you don't have an Azure subscription. Yet, all of our active directory connectors put our credentials into the Azure Active Directory.
There are enough things that aren't implemented on our side and we are in the middle of this transition. I don't blame the product necessarily for that. However, there are links and items within Microsoft 365 that still point back to the .com side.
Items seem to continue to move, such as security and compliance. Now there's a security portal and a compliance portal, and all three are still being maintained, however, one's being phased in and the others are being phased out. Things continue to change. It's just been a bit to learn. There's a lot to keep track of. There should be a bit more transparency.
The Office 365 subscriptions are a bit confusing with a hybrid environment with what credential has an Microsoft 365 subscription. However, then some of the documentation I was reading this week was where I ran into a wall. This particular document clearly showed that when you have a particular ability on the Azure side, and then you have another ability on the Office side, intuitively the Microsoft cloud knows to give you certain other rights, to be able to do stuff. This settings and configurations are in different places. Some things are then in the Exchange Online, some things are in the Intune section, etc.
I am not sure if the intent is to have an Microsoft 365 administrator with a second subscription for a cloud admin account or not. I was trying to do something in Exchange online and received a message that I couldn't do it because I didn't have a mailbox. It's frustrating and confusing at times. There are things like that just are a different user experience between on-prem and online.
The Microsoft Premier Agreement we have has been very beneficial and we have had an excellent experience with a couple of different short cycle projects.
In a hybrid deployment, when we update the UPN or email address of a user who has license assigned, it does not get updated automatically during normal sync. This means that we have to update it manually from Azure, which is something that needs to be corrected. Essentially, if it's a hybrid sync then it should happen automatically and we shouldn't have to do anything manually.
Azure AD DS allows only one instance in a particular tenant, which is something that could be improved. There are people that want to have AD DS on a per-subscription basis.View full review »
Executive Director at a financial services firm with 1,001-5,000 employees
The downside is that we now have all our eggs in one basket with Microsoft. We have this great authentication and single sign-on, but if Microsoft has an outage in North America or globally, on Outlook or Teams, we're dead in the water. There is no drop-back-and-punt. There is no "Plan B." The bottom line is that if their services go down, our productivity goes with it. Working with them when we have outages can be very frustrating. We get some type of hiccup once a quarter.
We get service notifications from them all the time that the services are under investigation or that there is some type of issue. More than the headache of not completely understanding the severity, we have to make sure that we communicate with our end-users. We get to the point where we're potentially "crying wolf." We're telling them there's a problem but some people don't have the problem. Then they get to the point where they just ignore our communication.
Outages can last hours, but never more than a day. They can be regional outages where one area is affected and other areas aren't. The advantage is that it could be evening or night in the area that is down, so it's less impactful.View full review »
Microsoft is working with Microsoft Identity Manager for Active Directory on-premise. It will be very important to have these identity management solutions directly in Azure Active Directory. It's very important to have some kind of Azure identity manager as a technology for identity and access management for working both in the cloud and inside the Azure suite.View full review »
The documentation, and the way that people are notified of updates, are things that can be improved. I'm a big fan of Microsoft products but the way they document is not that great.View full review »
Its integration with open-source applications can be improved. I know that they are working on open-source authentication methods for integration with open-source applications, but they can make it more open.
It can be a bit expensive for an organization. There should be a better pricing plan for the license.View full review »
Principal Security Architect at a computer software company with 51-200 employees
Its area of improvement is more about the synchronization of accounts and the intervals for that. Sometimes, there're customers with other network challenges, and it takes a while for synchronization to happen to the cloud. There is some component of their on-prem that is delaying things getting to the cloud. The turnaround time for these requests is very time-sensitive. I don't mean this as derogatory for this service, but in my experience, that happens a lot.
For the Active Directory component, there are some value differences and things like that as compared to on-prem. I have run into problems a few times when there is a custom schema involved with their on-prem installation. You can use it, but that custom schema or functionality is going to have to go somewhere else or rerouted back to on-prem.View full review »
The management interface has some areas that need improvement. It doesn't give you an overview similar to a dashboard view for Azure Active Directory. The view can be complicated. There are many different tabs and you have to drill down into each individual area to find additional information.
There are too many features available, more than we can use.View full review »
IAM manager at a retailer with 10,001+ employees
The solution has certain limitations. For example, it has very little governance functionality. This is, of course, a choice made by Microsoft to see which areas they want to have deep functionality, and which areas they believe are more profitable for them.
Lead Global Cloud Architect at a transportation company with 10,001+ employees
I don't think the documentation is where it needs to be yet, for user journeys and that type of flow. There is still trial and error that I would like to see cleaned up.
Also, they do have support for SAML 2.0 and it's very easy to set up linkages to other Active Directory customers. But if somebody is using an IdP or an identity solution other than Active Directory, that's where you have to start jumping through some hoops. So far, our largest customers are all using Active Directory, but I don't think the solution is quite as third-party-centric as Okta or Auth0. Those solutions have a lot of support for all kinds of IdPs you want to link up to.
Finally, a couple of months ago I was on a team that was looking at low-cost MFA for SSO, where we would control the MFA on our side, instead of having the remote database handle it. In those kinds of flows, there aren't as many off-the-shelf options as I would like. There were cost implications, if I recall, to turn on 2FA. Also, the linkages that they had set up off-the-shelf—obviously they had the Authenticator app—meant that if you wanted to do something with Duo Mobile or any of the other popular 2FA providers, it seems it might have taken us more time than we wanted to put into it.View full review »
Solution architect at a insurance company with 5,001-10,000 employees
We find that most of the new features are in preview for too long. It gives you the announcement that there's a new feature and yet, most of the time, it takes more than one year to have it generally available. Often we have to go and sometimes just use a preview without support.
We cannot run all the configurations from the APIs. I would like to have something that has code and to just be able to back up and apply my configuration. Right now, we are managing more Azure tenants. It's hard to keep all of those configurations at the same level, the same value.
We would like to have more granularity in the Azure conditional access in order to be able to manage more groups for applications. That way, when adding a new applications I don't have multiple conditional access to modify.
One of the main requests from our security team is the MFA challenge. Azure, by default, is more user-friendly. We have a lot of debates with the security team here as the MFA doesn't pop up often enough for them. From an end-user perspective, it's a better user experience, as users generally prefer fewer pop-ups, however, security doesn't like it. It's hard for security to add.
We don't have Azure Premium P2 yet, however, most of the advanced security features are in the P2, and it costs a lot more money.View full review »
Cloud Admin at a tech services company with 10,001+ employees
Better deployment management and visibility functionality would be helpful. There is a lot of room for improvement in our infrastructure, and in particular, when we create something, we have to visit a lot of websites. This makes life more difficult for us.
When we deploy new infrastructure, it begins with a lengthy approval process. For example, as an administrator, I may receive an infrastructure request from one of our developers. The developer might need access to our front-end, where all of the servers are deployed. The problem is that we don't know exactly what has been deployed within our servers, so better visibility would be helpful.
It's a closed infrastructure, and every developer gets an individualized container. We don't know exactly which features have been provided to them and it's a roundabout process to log back into Active Directory and see exactly what permissions have been assigned. It requires returning to a specific feature and looking at the specific user.
We had some issues with the migration of users from the local user accounts to Azure AD. It was more like a local issue and had nothing to do with the Azure AD itself. It works fine for SSO, the Single Sign On. We were not able to do the integration very easily with ADP, so that was a challenge, but later on it was resolved. We had to do a lot of things to have that on the configuration. Some systems do not integrate very well with Azure AD. We thought of going for Okta, but later on we were able to achieve it, but not the way we wanted. It was not as easy as we thought it would be, the integration was not very seamless.
Additionally, it would be great if they added support for more applications in terms of integration for SSO. That's the only thing that I find missing for Azure AD.View full review »
I would like to see improvements made when it comes to viewing audit logs, sign-in logs, and resource tags.View full review »
IT Consultant at a tech services company with 1-10 employees
The problem with this product is that we have limited control, and can't even see where it is running. If Microsoft can give us a way to see where this product is running, from a backend perspective, then it would be great.
I would like to see Microsoft continue to add new features gradually, over time, so that we can introduce them to our customers.View full review »
There are some difficulties in the hybrid version, things to do with firewall security, inside the organization. They need to work on that more.
In addition, everything should be in one package. There are so many different packages. They need to provide guidance because there are so many features and we don't know how to implement them in our organization.
I'm also expecting a Windows 365 virtual desktop. I would be interested in that feature.View full review »
Info Security Manager at a tech services company with 501-1,000 employees
Reading documentation could be simplified. Technical support could also be faster.View full review »
Sr. Cloud Engineer at a tech services company with 1,001-5,000 employees
On-premise capabilities for information and identity management need improvement but I know these are in pipeline.View full review »
The synchronization with the local Active Directory and synchronization with all of the users on the local and cloud could be better. Every user on the cloud and the on-premise local users should have a connection, have the same privilege, the same features. We should be able to change passwords from the local and have it synchronized with the cloud users.View full review »
There is no documentation about how Microsoft will scale Azure AD for customers. It only mentions that it will scale out if you have a lot of requests but does not mention how in detail.
More documentation on some complete scenarios, such as best practices to integrate forests into Azure AD when a customer has several on-premises forests, would be helpful.
Software Engineer at a computer software company with 10,001+ employees
Microsoft needs to add a single setup, so whenever resources join the company or are leaving the company, all of the changes can be made with a single click.
I would like to see a secure, on-premises gateway that offers connectivity between the physical servers and the cloud. The capability already exists, but it is not secure enough when the setting is marked private.View full review »
Senior System Administrator at a financial services firm with 1,001-5,000 employees
Four years ago, we had an issue with Azure AD. We wanted to reverse sync from Azure AD to on-prem Active Directory, but we couldn't achieve this. Azure AD could connect only in one way, for example, from your site to Azure. If you needed to do the reverse and connect from Azure to on-prem, there was no way to achieve it. We asked Microsoft, and they told us that they don't support it.
Their support should be faster and more knowledgeable and customer-friendly.View full review »
IT Senior Consultant and trainer at a tech vendor with 51-200 employees
The synchronization process for on-premises and Sentinel Azure AD could be easier.
The support for identification to the application environment could be improved, e.g., Active Directory Federation Services should be implemented in other applications. They need something like software development kits (SDKs) for integration with our own applications, which is not so easy to implement. We would also like synchronization of identities between identities in applications like Azure.
Powershell IT Admin Cert at a tech services company with 10,001+ employees
It doesn't function the same way as Active Directory inside of a physical infrastructure. Even VMware Active Directory doesn't function the same way in the cloud. Cloud is all flat. That's one of the disadvantages. You can authenticate through Active Directory through Federated Services, but it's mainly like an IIS web frontend and bulk storage.
It's all record based.View full review »
Microsoft has a feedback page, in which if anyone has any suggestions or feedback, you can send them to them. They have all of the technical resources available on the internet, on their website. In case you need the support, you can easily open a ticket with them because you already have a subscription and you are eligible to open a ticket.View full review »
Technical support could be faster.View full review »
Azure Active Directory could improve by having an authentication service for laptops or desktop computers running Mac and Linux operating systems. They currently have authentication capabilities for Microsoft Windows. Having this capability would benefit people because in today's world everybody is working from the home environment.View full review »
Integration Manager at a healthcare company with 10,001+ employees
The synchronization with my AD is not the best. The synchronization between my AD and Azure AD needs improvement. For example, for reports, et cetera, due to the fact that now I have two different ADs - one for local AD and another for Azure AD, the types of fields in the local AD do not sync with Azure AD. It's completely different.View full review »
Some of the features related to authentication could be made clearer. In my last organization, I tried to integrate a third-party education solution with Azure AD, but it was a bit difficult to configure. I would like it to be easier to integrate third-party applications.
It would be ideal if the solution moved to a passwordless type of environment. It's the future of authentification. It's also more secure and convenient.View full review »
Head of IT at a non-profit with 51-200 employees
The only issue with Azure AD is that it doesn't have control over the wifi network. You have to do something more to have a secure wifi network. To have it working, you need an active directory server on-premises to take care of the networks.View full review »
So far, the solution has worked well for us. there are no missing features.
The monitoring dashboard could be a bit better.View full review »
Sr. System Engineer at PT Smartfren Telecom Tbk
I had some issues with the Azure Active Directory on Windows XP. However, it worked well on Windows 7.
The password policy that we had in place caused some system lockups.View full review »
Active Directory could always be more secure. Right now, we've got two-factor authentications. All services based on Active Directory have a username and password. If somebody hacked our username, they could easily get all the data from our side. So I want two-factor authentication and a stronger password policy from Active Directory. The domain controllers should be more secure as well.View full review »
My only pain point in this solution is creating group membership for devices. This is something that could be improved. Essentially, I want to be able to create collection groups, or organizational units and include devices in there. I should be able to add them in the same way that we can add users.
We want to be able to create members as devices in groups, without having to leverage a dynamic group membership with queries. I want to be able to just pick machines, create a group, and add them.View full review »
Security Architect at a hospitality company with 10,001+ employees
The onboarding process for new users can be improved. It can be made simpler for people who have never registered to Azure AD previously and need to create an account and enable the MFA. The initial setup can be made simpler for non-IT people.
It should be a bit simpler to use. Unless you get certifications, such as AZ-300 and AZ-301, it is not a simple thing to use at the enterprise scale.View full review »
In terms of what could be improved, I would say its interface is not very flexible, as opposed to AWS.
The services are very clear, but the user admin interface needs to be better. That's all.View full review »
The integration between the Azure active directory and the traditional active directory could be improved upon. We have two active directories that are installed on virtual machines, which are traditional active directories. The interactions between the two are very limited. For example, I could modify users in our own private instances of AD, however, they won't propagate up to the Azure active directory and vice versa. For us, the integrations are the biggie between the on-prem or the self-hosted AD versus Azure AD.
The traditional AD instances that we maintain have UIs that are very archaic and monolithic and very difficult to navigate. They should update the UI to make it easier to navigate and make it overall more modern.View full review »
Associate Technical Lead at a computer software company with 5,001-10,000 employees
The solution could be improved when it comes to monitoring and logging as these are the most critical areas in case something was to go wrong.
Additionally, the available zones should be in all regions, such as in AWS, they have higher availability in all regions.View full review »
Advisor at a tech services company with 201-500 employees
Azure Active Directory could benefit by adding the capability for identity life cycle for the on-premise solution. For example, an HR solution, which is built on-premise or, in general, better on-premise capable solutions.View full review »
Solutions Specialist at Software One Indonesia
I would like it if Intune could manage MacOS or iOS directly. Right now, we have to use a third-party solution.View full review »
Vice President of Technology at Ecuity Edge
I think the documentation and configuration are both areas that need improvement.
The product changes and gets updated, but the documentation doesn't keep pace.
The initial setup could be simplified.
I would like to see a better UI tool.View full review »
Systems and Networks Engineer at a insurance company with 1,001-5,000 employees
I can't speak to many aspects of the solution that need improvement.
The dashboard and interface could be better. It would be ideal if it was easier to use.View full review »
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.