Azure Active Directory Valuable Features
Being able to integrate with third-party solutions is the most valuable feature. These are solutions that produced software as a service and we haven't then had to bring that service to our own data or in our own directory. We can use our Azure identity to connect to their solution. Being able to connect to third-party applications in these identities is the best thing we've found.
Being able to use Azure AD means that you can use some of the Azure AD security features like Advanced Password Protection. As well as querying your normal password requirements like lengths and complexity, Azure AD has a feature in which you can put specific words. It can be words to do with your company, words to do with your company location, or words that a lot of your employees would otherwise use. You can disallow them. It's very good at making more obvious passwords, ones they're not allowed to use anymore. That's a good feature.
It has something called Dynamic Groups so that when a user joins the company and they get added to specific groups, Azure AD will add them dynamically to other groups that will give them access to some of the base applications.
We have certain sets of software that they have to be able to access. Instead of somebody who deals with new users having to add them into 20 different application groups, you need access to this, this, and this. The Dynamic Group update feature from Azure AD means that you can just put them in one group and say that they have a role, and it will automatically then add them to about six or seven other groups, giving them default access to other things as well, instead of having to do that. It means there's a lot less manual work when you get new employees.
The most important things of Azure Active Directory are the security and the facility to manage all the services and users. It is very easy to manage users and assign roles, permissions, and access. At the same time, it is a very secure environment. Microsoft takes security very seriously. They take care of all the security and all the factors to prevent any kind of data or information compromise.
For data protection and access security, there are many good things that Azure and Azure Active Directory offer. You can choose in how many ways a user can log in to Azure, especially with multifactor authentication. You can choose how, when, and where someone can access a service that you may have on Azure Active Directory.
For most of the small users, Azure Active Directory is free. So, they don't need to have a paid service for Azure Active Directory.
The platform is constantly changing. Every month, we have new services, and we also have services that are being deprecated to provide a better customer experience. For example, we have a tool that connects the users that exist on-premises to the cloud. The AD connects to this synchronization tool, which has been improved about five times in the last year. Every new version is more flexible with more options. The experience for the users has been improved to make it easier to manage the tool. In addition, the feedback that the customers provide to Microsoft is taken very seriously. For example, there were some authentication features that, for security purposes, had certain limitations. Those limitations still exist, but the portal now has options so that the customers can make custom features to manage their identity. There is a feature called manage identities where you can give flexible access to a person for services. For example, I can give you access as a reader to all my information but only for 12 hours or 24 hours. So, I can decide for how long I want to give you access. In the past, I had to give you a role that was permanent, and now, I can give you a role that will last only a few hours to allow you to do your job. In case you need more time or more features, you need to contact me and request them.
Similarly, previously, there weren't too many options when you were synchronizing your users from on-premise to the cloud. Now, the system that allows you to make that synchronization has many options. You can select different schemas. You can select which users you want to be a part of the cloud. You can manage many rules. The customization in the whole Azure platform is awesome. All these features that are now a part of the platform were not there in the past. In these three years, I have seen so many changes. There are too many features, and I can see changes every month. There are too many settings that have been improved, especially related to authentication, permissions, and auto management ops. The cloud or the Azure platform is managed by roles that you can assign to different people, and each role has different permissions and access. So, everything is very customizable right now.View full review »
In our scenario, we use a lot of the business-to-business (B2B) features in Azure AD, which allows us to tie multiple Azure AD instances together. That is what we heavily use because every firm or country has their own Azure AD instance. We tie those together by using the B2B functionality in Azure AD. So, that is the most valuable part for us right now.
It has been very instrumental towards a lot of services we run, especially on the single sign-on side. For example, we have 160 countries that all run their own IT but we still are able to provide users with a single sign-on experience towards global applications. So, they have a certain set of accounts that they get from their local IT department, then they use exactly the same account and credentials to sign into global services. For the user, it has been quite instrumental in that space. It is about efficiency, but also about users not having to remember multiple accounts and passwords since it is all single sign-on. Therefore, the single sign-on experience for us has been the most instrumental for the end user experience.
We are using a whole bunch of features:
- We are using privileged identity management, which is also an Azure AD feature. This allows us to give just-in-time, just enough access to privileged accounts. For example, normally you have a named account and you get a few roles based on that named account. If that is a very privileged role, that role always sits on your account all the time. When your account is compromised and the role is on the account, the people that compromise your account have that role. With privileged identity management, I can assign a role to a certain account for a specific amount of time and also for a specific amount of privileges, e.g., I can give somebody global administrator access, then revoke that after an hour automatically. So, when his/her account gets compromised, that role is not present anymore.
- We use conditional access.
- We use access reviews, which is basically a mechanism to access reviews on Azure AD groups automatically. So, the group owner gets a notification that they need to review their group member access, and they use that to do reviews. That is all audited and locked. For our ISO process, this is a very convenient mechanism to audit your group access.
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Passwordless sign-in, which is one of the new features where you no longer need to have a password, is one of the great features. Passwords have always been hard for end-users, but not so hard to bypass for bad guys. It often doesn't matter how complex or long your password is. If a bad guy can trick you into giving it to him or can sniff your keyboard or your network, or access it through malware, your password doesn't matter anyway. So all the complexity, length of the password, and having to regularly change it is hard for users, but it doesn't stop hackers. And that's what makes passwordless so valuable.
Multi-factor authentication is good as it allows you to answer a notification or even an SMS or a phone call, but that has become more unsecure now because the bad guys are learning new way to bypass these methods. But using passwordless technology, you're not even using a password anymore. You're basically just signing a logon request without actually sending, typing or storing the password. This is awesome for any user, regardless of whether you're a factory worker or a CFO. It's secure and super-simple.
It also stops phishing, which is amazing. If someone tricks a user into going into the "Macrosoft" store or some other site that looks like the real site, they can trick the user into signing in there and then they can steal the password. But if the user is using passwordless, the passwordless solution would say, "Sorry, I don't have a relationship here. I can't sign in." In that way, it can stopping phishing, which is one of the most common attack vectors right now.
Another feature that has improved our security posture is Conditional Access where we can not only say "yes" or "no" to a sign-in, but we can also have conditions. We can say, "Sure, you can sign in, but you need to be part of the right group. You need to come from a managed client. You can't come in with a risky sign-in. You need to come in from a certain platform or a certain network." You can have a really complex set of rules and if those rules are not fulfilled you will not be able to sign in, or we can require MFA or even control the session. That is also a really good security feature.
The B2B feature is another good one where, if I want to give someone access to my my apps or data, instead of creating an account and a password and giving that info to the user, I can invite that user so he or she can use their own existing account. That way, I don't need to manage password resets and the like. The B2B feature enables collaborating with anyone, anytime, anywhere.View full review »
This product is easy to use.
The features that we use day in and day out are single sign-on, group capabilities, and provisioning capabilities. All of these are very useful.
This product has features such as Conditional Access that improve our security posture. Conditional access gives access only through a timeframe. We have certain policies that we set up, which could be a certain amount of time or it could be a certain type of access. These are examples of types of conditional access.
Another example of a security feature that helps us is Identity Protection, which will perform the automatic detection and remediation of risks.
We also have the ability to go in and investigate any risks using data within the portal, and it's all automated. It's nice in that sense.
These features have significantly improved our security posture and time for remediation. It would be difficult to estimate a time improvement in terms of a percentage, but being that it's automated and there is a portal that displays the risks in real-time, it's a very significant change. Previously, we had to go through and look at logs and those types of things, which was time-consuming compared to using the portal.
We also use multi-factor authentication, which is very useful because that gives another layer of security protection for our users. You have to have some sort of device that you can use to provide that second factor, and not just your username and password.View full review »
Product Manager/Architect at a consumer goods company with 5,001-10,000 employees
- Azure Application Proxy
- Single sign-on capabilities for SAML
- OAuth integrated applications
- The multi-factor authentication piece was desirable.
- Defender for Identity, as of recently.
- Some of the services, like Microsoft MCAS solution.
These features offer additional layers of security, which is kind of what we were looking for.
Some of the self-service password utilities certainly helped, given the scenario of the world today with COVID-19 and lockdowns. We certainly benefited from being able to say, "Have our users changed their password remotely." When they connect to the VPN, then sync them back up with the domain. So, that was very beneficial for us as well.View full review »
- Single sign-on is the most useful at the onset.
- The dashboards offered are very granular, in terms of usages.
- We find the Conditional Access element and Multi-Factor Authentication side of things very useful.
These features let us have secure, yet user-friendly interactions, rather than having to be embroiled in various types of signups for each application. These allow us to be a lot more granular as well as making sure our environment is more secure. Our accesses and users remain secure too.
Multi-Factor Authentication (MFA) and Conditional Access have helped us be more secure. There is one place where all these features are posted, making life a lot easier. If we were to try and buy these separately, then it would be a painful experience. Whereas, if it is in one product, then all these features talk to each other and it is available for us in one go. For example, when you buy a car, if you buy the steering wheel and engine separately, then you need to make it work altogether. Whereas, you just want to buy a car with everything included, making life a lot easier.
It has made the end user experience a lot better. They only have one password to get into their online applications and that makes the user experience much better.View full review »
The single sign-on is an amazing product. Its integration with the back-end, like MFA and conditional access, is very helpful for enterprise class companies because of changing dynamics as well as how companies and workers interact. Traditionally, companies used to have their own premises, networks, network-level VPN and proxy settings, and networks to access company systems. Now, anyone can work from anywhere within our company. We are a global company who works across more than 60 countries, so it is not always possible to have secure networks. So, we need to secure our applications and data without having a network parameter-level security.
Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company.
The analytics are very helpful. They give you very fine grain data around patterns of usage, such as, who is using it, sign-in attempts, or any failed logins. It also provides detailed analytics, like the amount of users who are using which applications. The application security features let you drill-down reports and generate reports based on the analytics produced via your Active Directory, which is very helpful. This can feed into security operation centers and other things.View full review »
Solutions Owner at a manufacturing company with 10,001+ employees
Many of its features are valuable, including:
- facilitating application authentication
- privileged access management
- processes for attestation
- access reviews.
The multi-factor authentication, similar to when you use your mobile banking application when you want to do a transaction, doesn't rely only on your username and password. It triggers a second factor, like an SMS to your mobile. It requires another factor for authentication. This is one of the standard services Microsoft offers with Azure AD Directory.
Privileged identity management is also a standard feature of Azure AD for privileged accounts. We make sure we do privileged role activation when it's needed so that we do not have sensitive roles active every day.
Implementation of single sign-on with other vendors is quite easy. It might take a couple of hours and everything is running.View full review »
IAM / IT Security Technical Consultant at a retailer with 10,001+ employees
The features I normally use are for authentication and authorization.
Single sign-on provides flexibility and helps because users don't want to remember so many passwords when logging in. It's a major feature. Once you log in, you have access to all the applications. It also enables us to provide backend access controls to our users, especially when it comes to groups, as we are trying to normalize things.
For the end-users, they can seamlessly log in to their web products, like their Outlook account. They have YAML services and SharePoint services. Everything is single sign-on and that makes them happy.View full review »
The most valuable feature is the ability to define certain roles for the users and to give access to shared resources.
The options for user access management on the cloud are similar to those with the on-premises deployment. You can work directly on the cloud but control it from your on-premises server if you want, or you can make all of the changes directly on Azure.
One of the security features that Azure Active Directory provides is that it warns users about the usage of weak passwords. When we created user accounts and their passwords, it warned us about weak passwords and gave us the option to define password creation rules. We tested the feature and tried using invalid passwords, and it blocked access to the organizational units accordingly. We did not work with the more advanced security features within the scope of the course.
It has some good monitoring options that you can use to see how well it is working. In my class, we were able to see which users were accessing the solution, and what went wrong with the tests that we were doing.View full review »
The most valuable feature is its ability to act as an identity provider for other cloud-based, SaaS applications. In our bank, this is the main identity provider for such features. Not on Office 365 applications, but on others like Salesforce.View full review »
The most valuable feature is Identity and Access Management. As an IT administrator, this feature allows me to manage access for users and groups.
This product is easy to use and easy to manage.
The application policies, licensing, and AD Connect options are valuable.
Multifactor authentication provides more security. Having a user ID and password is compulsory but after that, you can add different security features. For example, it can work with biometrics such as fingerprints, retinal scans, and facial recognition. There are many more options that may suit you better, as per your requirements.
When you log in to the Azure portal, there is an option available called Resource Groups. Here, you can add multiple things including printers and different servers. There are Windows servers available, as well as servers hosting many different flavors of Linux. Once a server is created, you can add in a database, for instance.
If we're talking about applications, one of the most valuable features is the administration of enterprise applications. It helps us to keep them working. We don't always need to authenticate a user to make an application work, but we do need some kind of authorization. We use service principal names for that. Managed identities for applications are very useful because we can control, using roles, what each resource can do. We can use a single identity and specify what an application can do with different resources. For example, we can use the same managed identity to say, "Hey, you can read this storage account." We can control access, across resources, using a single managed identity.
When it comes to users who have a single account, the most valuable feature is the authorization across applications. In addition, access policies help us to keep things safe. If we have a suspicious login or sign-on, we can block the account and keep the environment safe. It's also important, regarding users, to have a centralized place to put everything.
The user functionality enables us to provide different levels of access, across many applications, for each user. We can customize the access level and set a security level in connection with that access. For instance, we can require MFA. That is a feature that helps enhance our security posture a lot. And through access policies we can say, "If you just logged in here in Brazil, and you try to log in from Europe five or 10 minutes later, your login will be blocked."View full review »
- The authentication process, e.g., multi-factor authentication.
- Directory Domain Services.
- Azure AD Connect (sync services).
The most valuable aspect of the solution is the ability to create users and host them in Azure AD. That is the bedrock - whatever it is you are doing, you're building on the fact that you have users created. We have Microsoft Teams to manage users and also to manage groups which allow us to manage collaborations and do all sorts of things.
Azure AD has features that have helped improve our security posture. It contains the Azure audit logs that allow you to also audit activities in the organization including those that have happened over a period of time. There is Azure sign-in that allows you to check for sign-in over a period of time for users.
From Azure Active Directory you can actually identify the IP address and run checks or maybe block the IP to improve the security posture of the organization.
The Azure sign-on and audit logs are very handy for a regular admin. They offer the most basic admin solutions to carry out activities on Azure security settings to identify potential threats and carry out some corrective actions on it.
We can use Azure Active Directory to deploy enterprise applications to incorporate third-party applications into the organization and make them available to users. You can put in place multilingual authentications and you can specify the kind of authentication you want to be available for your organization.
Most recently, you can use password-based authentication and multi-factor authentication, which allows for the ability to bring on third-party applications and to incorporate them and deploy them for users.
With Azure Conditional Access you can specify network locations where you want some of the services in the organization to be available to users, and where you don't want users to have access. You can customize and define conditional access to whatever suits the organization and based on what you want, including information protection. You can get conditional access depending on the license you have.View full review »
The app registration services are great. This basically simplifies security in order to give access to third-party apps from within Microsoft services such as Dynamics 365 and Power Apps. We can do this in a very secure manner using the AD. This really very simplifies the identity and access management for us.
I use Azure B2C for providing access to external users. It was a really great experience to configure Azure AD B2C. I like this feature, as it provides a single sign-on for existing or new users; even new Azure AD users can be provided with sign-ins to our portal.
The solution has features that have helped improve our security posture. For example, without Azure B2C or any third-party identity service like Google or Gmail, we are compelled to store users' credentials and sensitive data in Dynamics 365 contact table somewhere. By using Azure B2C, we are totally independent of this.
The solution hasn’t affected the end-user experience. Usually, users are not so IT aware, so they don't feel an impact related to the change. We know that having secure access for them is important for them and also for us, however, they don’t feel any noticeable difference with the extra security in place.View full review »
Senior Infrastructure Security Engineer at a tech services company with 51-200 employees
Authentication and identity management are key. For someone to authenticate your account, it is like having the password or access to your password. If someone gains unauthorized access to an account, then they can perform a lot of malicious activities, such as sending spam emails or falsifying emails, including authorizing payments.
Multi-factor authentication (MFA) has improved our customers' security posture. Multi-factor authentication has two layers of authentication, which helps in case you input your credentials into a phishing website and then it has access to your credentials. So if they use your credentials, then you have proof on your phone that was sent to the end user.
You can also use Conditional Access to block sign-ins from other countries. For example, if someone attempts to login from Canada or the US, and your company is based in Africa or somewhere else, then it blocks that user. In this case, it will flag the user and IP as suspicious.
There is also impossible travel, which is an identity protection feature that flags and blocks. For instance, if you are signing in from California, then in the next two hours, you are logging in from Kenya. We know that a flight to Kenya couldn't possibly happen within two hours.
Admins can set password changes for 30, 60, or 90 days, whether it is on-premise or the cloud.View full review »
Delivery Practice Director at a computer software company with 201-500 employees
The solution's ease of use is one of its most valuable features. You can access it anywhere and the integration into existing and some legacy applications is good. You can plug into single sign-on self-service, password reset, or conditional access. If you're inside, you don't need to do multi-factor authentication, MFA's, built-in.View full review »
- Conditional Access
- Azure Multi-Factor Authentication
are the major security features to secure resources.
For example, if I don't want users using the company resources outside of India, I will add managed countries within Conditional Access. Only the people from the managed country will be able to access things. If an employee goes out of India and tries to access the resources that have been restricted, they will not be able to open the portal to access the resources.View full review »
Principal Consultant at a tech services company with 51-200 employees
The most valuable feature is the possibility to create multi-tenant applications alone, or in combination with Azure Active Directory B2C. So, you can provide access to applications for your external partners without having to care about the accounts of external partners, because they will stick it in there as an AD tenant. That is the feature that I like the most.
The solution has features that have helped improve our security posture:
- A tagging mechanism that we use for identifying who is the owner of an application registration.
- Conditional access and multi-factor authentication, which are adding a lot to security.
- The privileged identity management feature that has arisen off privileged access management. This is helping a lot when providing access to certain roles just-in-time.
They are also still developing several other features that will help us.
It does affect the end user experience. It depends on where they are. When they are within the corporate network, then they already have a second factor that is automatically assigned to them. When they are outside of the company, that is when they have to provide a second factor. That is mostly a SMS message. Now, with the Microsoft Authenticator app that you can install on your mobile phone, we are shifting towards that. This has reduced errors because you may just say that you confirm a message on your mobile phone instead of typing the six-digit code, hoping that you are still in time, and that you entered it correctly. So, it does affect our employees. We try to be up-to-date there.
Mostly, it affects security. It is an obstacle that you have to climb. For example, if you have to enter the code in from the SMS message, then you have to wait for the SMS message to arrive and copy the code, or you have to transfer the code from the SMS message into the field. We reduce that workload for employees by having them be able to receive a message on their phone, then confirm that message. So, security is less of an obstacle, and it is more natural.View full review »
Senior DevOps engineer at a tech vendor with 51-200 employees
We've benefited from all the security or AD features of this solution. Azure Active Directory is the only directory we've been using, and we make use of pretty much all the features, including the user identity protection features such as MFA. The way it allows us to audit who is logging in and do our work in a secure manner is one of the best features of it.
Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory.View full review »
Senior Support Engineer at a tech services company with 1,001-5,000 employees
An aspect of Azure's synchronization technology is called the provisioning service. It's the technology that takes user information from Azure AD into third-party applications. If a company has hundreds of users that already exist in the cloud, and it now wants to enable those same users to be present in third-party applications that their business uses, like Atlassian or GoToMeeting, the provisioning technology can assist in achieving that.
Over the years, the performance of this particular technology has greatly improved. I have seen its evolution and growth. Customers see much more robust performance from that technology and it gives them an easy way to set up their environments. The product has been designed quite well and customer feedback has also been taken into consideration. You can even see the progress of the process: how the user is being created and sent over to the third-party application.
Systems Manager at a financial services firm with 10,001+ employees
The multi-factor authentication (MFA) is one of the best aspects of the product.
The security features are great. They will report in advance to you in the case of suspicious activity.
The GUI is pretty enhanced. You can configure applications or do whatever they need to do.
The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.
The authentication, the SSO and MFA, are cool.
It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment.
The user management and application management are okay.View full review »
Cloud Architect at a hospitality company with 1-10 employees
Azure AD has features that have helped improve our security posture. That's one of the basic fundamentals of having an Active Directory. The whole concept of Azure Active Directory came from the Active Directory on-prem version. There’s this tunnel of authentication that it has.
When you migrate, you can migrate your Active Directory on-prem onto the Azure Active Directory which has tightly integrated features due to the fact that they both are from Microsoft. Based on that, you can give access based on what privileges are needed. Basically, if you're talking about security, everything is related to role-based access. The security aspect is linked to providing the proper access.View full review »
The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features.
There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users.
Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.
Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.View full review »
M365 enterprise Advisor(Azure) at a tech services company with 501-1,000 employees
In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.View full review »
Overall, the solution is quite good.
There are a few additional functionalities that are very compatible. For example, device management is there and creating a custom role, which reduces the task of restricting the user from AD, if the person is on the on-premise AD. If they're using on-premise, they have to create a distribution list, then apply Azure to that. It's simplified in Azure AD, making it easy to create roles and assign them to the users.
In fact, the device management and role assignments are great. These two features I found very compatible. For device management, if you are using an on-prem AD, you have to use some other software like Google admin to manage the devices. However, here, it is integrated into Azure AD. That's a positive aspect of the solution.
Regarding the role assignments, it's a very flexible way to restrict the user, or, if you want to customize access, that can be done as well.
The activity log, which is a way to see who made what changes, is quite useful.
Azure AD has features that helped improve our security posture. It is SSO - Single Sign-On. We can manage the users very easily and we can apply SSO and MFA to them.
I'll give it a score of four out of five for the security posture on offer.
For whatever company I'm working for, we cannot fully put the data on the cloud due to compliance. Rather, you have to keep some data on-premises. That’s why it’s great that we can use the hybrid approach with Microsoft.
Azure AD has not affected our end-user experience in any way. The transition is also quite smooth. If you're using an AD Connect to sync from your on-premises to your Azure AD, nothing has come up from the end-users in terms of issues or problems.
It has made our work easier in that it’s simplified everything for us. It has eliminated a few of the third-party tools, which we used to use. For example, we had a dependency on Google admin due to the fact that we could see where we could manage the devices of the user. That has been integrated directly to Azure AD.View full review »
Microsoft Azure Engineer at a tech services company with 10,001+ employees
The single sign-on is the most valuable aspect of the solution. It allows for storing passwords in secure vaults. For developers, we use a vault for SSH. Mainly, we have replication from all services on-prem to the cloud.
With a single sign-on, in the case something happens on-premises, users can still use a single sign-on to a PC to access the cloud.
We can deploy policies, which improves our security posture. It's mainly very similar to on-premises, however, some new features can be used on the cloud as well, such as labs and password rotation. Some features have improved, which has been great.
The solution improves the way our organization functions. I can deploy a policy that will search for unused accounts, for example, and delete or just move them to a different organization unit that handles unused accounts. We can change unsecured passwords. We can detect intrusion and inform a security group on how to disable that account immediately. We can also perform security checks on services.
We can easily migrate services and improve the quality and improvement of bandwidth of the service. It's easy to scale.
There are some searches, such as a global search, which have powerful query capabilities if you configure it in a certain way.
It's easy to use. The portal experience provides a dashboard of what's happening. With the dashboard, you can see what's happening with the service faster. Of course, I’m talking about the cloud. On-prem you don't have that dashboard.
Active Directory has affected our end-user experience. It has improved it as we have centralized management now and we have centralized administration, and things can be automated easily. You can have most tasks automated. It's good.View full review »
We are using Conditional Access, MFA, and AIP. We have integrated it with Intune, and we already have DLPs.
Application integration is easy. MFA and password self-service have reduced most of the supportive work of IT. We use multi-factor authentication. Every access from a user is through multi-factor authentication. There is no legacy authentication. We have blocked legacy authentication methods. For people who use the MDM on mobile, we push our application through Intune. In a hybrid environment, users can work from anywhere. With Intune, we can push policies and secure the data.
The audit logs are very good for seeing everything.View full review »
The most valuable feature is the ability to deploy and make changes to every workstation that I need to. We use it to control policy and I can apply the right policies to all our 1,500 workstations, notebooks, et cetera.View full review »
Senior Information Technology Manager at a manufacturing company with 10,001+ employees
The scalability of the solution is good.
Technical support can be helpful.View full review »
The most valuable feature is the single sign-on, which allows any application that is SAML or OAuth compatible to use Azure as an identity provider for seamless sign-in.
I like the SCIM provisioning, where Azure is the single database and it can push to Google cloud, as well as Oracle cloud. This means that the user directory is synchronized across platforms, so if I am managing Azure AD then my other platforms are also managed.View full review »
Executive Director at a financial services firm with 1,001-5,000 employees
The single sign-on across multiple platforms is really the true advantage here. That gives you one ID and password for access to all your systems. You don't need to manage a plethora of different user IDs and passwords to all the systems that you're going to access.View full review »
The most important thing about this solution is the capabilities for multifactor authentication and single sign-on that it offers for native Microsoft solutions and non-native Microsoft solutions.
The solution has features that have helped improve our security posture. Azure Active Directory works with some technologies around security such as mobile device management, mobile application management, and Azure Information Protection as well as Conditional Access and multifactor authentication. These capabilities give us a good level of security.
The solution has affected our end-user experience. For example, we work with several technologies in the Cloud, such as Salesforce. Azure Active Directory allows us to work within a single sign-on model. This allows us to work more easily, and not have to remember a bunch of different passwords for various applications. With a single sign-on, we can work in a more transparent way and we can be more productive, having direct access to our applications in the cloud.
This is a feature-rich solution.
It offers features that improve our security posture such as multifactor authentication, which is the second layer of protection that is used when we log into the cloud.View full review »
It is quite stable. Being a Microsoft product, it easily integrates with most of the Microsoft solutions. It is very easy to integrate with most of the Microsoft solutions, such as Windows, Microsoft Office, etc. If you have your own internal web applications or you want to integrate with other solutions from other providers, such as AWS or Google, you can link those to Azure AD. If you want to integrate with on-prem resources, you can use your Azure AD on the cloud as the authentication point to give people access to the resources and so on.
It can be used to grant access at a granular level. It provides secure access and many ways to offer security to your user resources. It provides a good level of security for any access on Azure. It gives you options like multi-factor authentication where apart from your password, you can use other factors for authentication, such as a code is sent to your phone or the authenticator app that you can use login.
It even offers the next level of access management, which gives a password for authentication, and you just use the authenticator app to log in. It enables you to configure things like identity risk awareness to detect if someone logs in from a suspicious location from where they don't normally log in. So, it provides a good level of security features for controlling access to your resources.
Principal Security Architect at a computer software company with 51-200 employees
It certainly centralizes usernames, and it certainly centralizes credentials. Companies have different tolerances for synchronizing those credentials versus redirecting to on-prem. The use case of maturing into the cloud helps from a SaaS adoption standpoint, and it also tends to be the jumping-off point for larger organizations to start doing PaaS and infrastructure as a service. So, platform as a service and infrastructure as a service kind of dovetail off the Active Directory synchronization piece and the email and SharePoint. It becomes a natural step for people, who wouldn't normally do infrastructure as a service, because they're already exposed to this, and they have already set up their email and SharePoint there. All of the components are there.
The most valuable features of this solution are security, the conditional access feature, and multifactor authentication.
The conditional access policies allow us to restrict logins based on security parameters. It helps us to reduce attacks for a more secure environment.
Multifactor authentication is for a more secure way of authenticating our use.
All our on-premises identities are synchronized to Azure Active Directory. We have an advanced license that enables conditional access based on logins, and suspicious behaviors.
Active Directory is able to determine if a particular user signing in from a trusted IP or if there are two different sign-ins from two different locations. It will flag this latter incident as a potential compromise of a user's account.
In terms of security, it provides us with the features to alert us if there are any fraudulent attempts from a user identity perspective.
It provides access to our Azure infrastructure and allows us to assign roles and specific aspects to different subscriptions. It has several built-in roles that you can assign to individual users based on their job scope. It allows for granular provisioning.
With onboarding applications, you are able to register applications in Azure Active Directory, which allows you to use it as a portal for access as well.
Azure Active Directory enhances the user experience because they do not have various IDs for different applications. They are using one single on-premises ID to synchronize and they are able to access various different applications that are presented to them.
If you have a new application, you will export the application within Azure AD and we add access to those who need that application and you are able to use the corporate ID and password to access it.
Azure Active Directory is a good platform for us. We rely heavily on providing our users a good system and interface that we seldom have issues with.View full review »
IAM manager at a retailer with 10,001+ employees
It's a quite comprehensive solution and it scales quite well within our required scale as well, which is very useful.
The product has helped to improve our security posture. The Azure stack has built out a lot of analytics features. Now, we can more effectively investigate issues.
The solution has positively affected our end-user experience by improving our usability and reducing friction.
Lead Global Cloud Architect at a transportation company with 10,001+ employees
- There is tech support to help with any OIDC-based setups between organizations.
- It has good support for SAML 2.0 and OIDC-based setups for our remote identity providers.
The solution has come a long way. Now, with the Azure AD B2C offering integrated as well, we've got a full IAM-type solution for our customer-facing identity management. In addition, when it comes to user journeys we now can hook in custom flows for different credential checking and authorizations for specific conditional access.View full review »
Solution architect at a insurance company with 5,001-10,000 employees
The single sign-on of the solution is the most valuable aspect.
The initial setup is straightforward.
The solution offers good bundles that include Office 365.
The pricing is pretty decent.
The product is pretty user-friendly and offers good customization capabilities.View full review »
Cloud Admin at a tech services company with 10,001+ employees
The security and infrastructure management features are the most valuable ones for us.
It offers multifactor authentication for setting up development pipelines.View full review »
In terms of the features that I have found most valuable, it is cloud based so it is always updated, that part you don't have to take care of. It is public cloud. It is actually AD as a service, so it's a kind of an infrastructure. It is more infrastructure as a service.View full review »
We use all of the services that are offered by Azure AD. We use Azure AD Connect, SSPR, app registration, application proxy, and more. We use everything for different services that include conditional access, authentication methods, etc.
Conditional Access is a helpful feature because it allows us to provide better security for our users.View full review »
IT Consultant at a tech services company with 1-10 employees
The most valuable features are authentication, authorization, and identity access.
Conditional access is a very important feature where a specific user can be restricted such that they cannot connect to the application if they travel outside of the US.
Multifactor authentication is very important.
They have a velocity check, powered by artificial intelligence and machine learning, where if you have been logging in at a location in the US but suddenly you try to log in from a different country, it flags it as an unusual amount of travel in a short time and it will ask you to prove your identity. This is a security feature that assumes it is a phishing attack and is one of the important protections in the product.View full review »
Among the valuable features are MDM and Microsoft Endpoint Manager. They are very useful. Intune is built-in. And deploying to MDM has features that are very advanced. It reduces the administration work. And security-wise, it has very advanced technology.
It also has features that help improve security posture. The most important of these features include multifactor authentication, which is very useful for connecting to the organization, especially from outside the boundaries of the organization. That is very helpful when it comes to user security. And in the COVID situation, MDM is very helpful for us due to work-from-home. It enables us to very easily connect to our domain and align new systems with the end-users. That is very helpful for us.View full review »
Info Security Manager at a tech services company with 501-1,000 employees
We are satisfied with this solution because we use all of its features.View full review »
Sr. Cloud Engineer at a tech services company with 1,001-5,000 employees
Azure AD, overall, is quite good for securing your applications as well as the infrastructure.
I like that they provide most of the authentication flows out-of-the-box, so you do not need to do anything specific to tackle any authentication flows.
Azure AD has affected our organization's security positively. In terms of the application, it's quite good. There was very minimal leakage. We had a single instance and that user was already compromised. Otherwise, it's quite good.
We very much like Conditional Access. We also like the risky sign-ins and Identity Protection. These features provide us the security that lets us fulfill our security requirements as a company.
Azure Active Directory features have helped improve our security posture. The remote working has been a massive help during the pandemic.
The solution has made our end user experience a lot easier and smoother.View full review »
We're satisfied with the product in general.
The most valuable aspect of the solution is the connectivity with our on-premise Active Directory.
We've found the performance to be very good.
The stability is good.
The scalability of the product is decent.
The installation process is straightforward.View full review »
The most valuable feature is Conditional Access. As there are more and more people working from home, security is a challenge for a lot of companies. To build a general trust solution, we need Conditional Access to make sure the right people use the right device and access the right content.
In our company, we use Conditional Access with Trend to make sure that our employees can use the device from the company. We can make sure that there is higher security. We can also use Trend to set up a group policy and to set up Windows Defender as well.
Microsoft Azure AD is easy to install and is a stable solution.View full review »
Software Engineer at a computer software company with 10,001+ employees
This solution is easy to manage.
The ability to grant access to other organizations is helpful.
It integrates well with a large number of applications.View full review »
Senior System Administrator at a financial services firm with 1,001-5,000 employees
It is very usable and easy to use.
It is easy to manage. I can manage systems with policies and automate our systems. Any professional system can be easily integrated with Azure Active Directory. It is widely used with Windows versions.
IT Senior Consultant and trainer at a tech vendor with 51-200 employees
Active Directory Federation Services (ADFS) stores the identities of our customers.
Powershell IT Admin Cert at a tech services company with 10,001+ employees
The advantage of Azure Active Directory is that it's a cloud environment, so just about anybody can get to it. As long as you can get to the cloud, you can get to the internet. You can authenticate offshore resources to client services, which is what my present company does. That kind of authentication is much more advantageous as an Active Directory solution.
If you want to replicate a website at the frontend in Azure, it's very easy to do it globally.
As soon as you authenticate to the web storage, where you hit the frontend, then you can redirect to whatever resources locally that are duplicated.
The most valuable feature is that it is very easy to implement, you don't need a lot of effort to set up the solution. This is the most advantageous point, that you can do anything on Azure without taking too much time.View full review »
The most valuable feature is the ability to set up conditional access, where you can enforce users to connect using multifactor authentication. This is one of the things that we are using it for. It means that users who are accessing the applications remotely are authentic.View full review »
The solution has some great features, such as identity governance, and user self-service. The Outlook application is very good and is used by a lot of people even if they are using Google services.View full review »
Integration Manager at a healthcare company with 10,001+ employees
The solution is stable.
It's a very easy product to set up.
The product can scale well.
Technical support has been great.
It's an affordable solution.View full review »
Multi-factor authentication really secures our environments and gives us the flexibility to use location-based policies. Azure AD also gives us a lot of flexibility in our scope of integration.
It's easy to configure Microsoft products with Azure AD. It is almost an instant integration. In hybrid installations it is a bit more complex to configure, but not that much. In short, it is good for most Microsoft customers and the products they use.View full review »
The access control aspect of the authentication is the solution's most valuable aspect.
The single sign-on is very convenient for us.View full review »
Head of IT at a non-profit with 51-200 employees
The ability to see and control PCs and mobile devices is the most valuable. I can see where they are and how many we have. I can also see the age and retention of PCs.
Within Azure Active Directory, the single sign-on feature is the best aspect. Right now, the world is moving to the cloud. Nowadays, every vendor is developing their cloud. With this, I can have a single sign-on and move around from place to place easily.
The technical support is pretty good.
The initial setup is pretty straightforward.
I have found the solution to be stable so far.
The scalability potential is good.
The pricing of the product is reasonable.
The interface, in general, looks okay.
The solution has built-in backup capabilities.View full review »
Sr. System Engineer at PT Smartfren Telecom Tbk
Azure Active Directory has useful policy assigning and management.View full review »
Systems Administrator at a tech services company with 11-50 employees
Azure Active Directory is a very simple utility to use, it has very good visibility and transparency, and an easy-to-use panel.View full review »
The best thing about Active Directory is its compatibility. It works with lots of third-party vendors. We're using multiple products, and they're all integrated with our Active Directory.View full review »
The most valuable features are the B2B connector and the external identity connection functionality. These are helpful.
User group management works well.
The interface is well laid out and it is easy to navigate. You can get to things quickly and it works.
The portal allows you to create reports, which is a nice feature.View full review »
Security Architect at a hospitality company with 10,001+ employees
Its ability to provide secure connections to people at all locations is the most valuable. It is mostly used by enterprises.View full review »
The feature that I have found most valuable is its authentication security. That is Azure Active Directory's purpose - making cloud services' security and integration easier.View full review »
The portal version of the Azure active directory is pretty robust.
The solution is very good for different types of management, including, user, group and policy management requirements.View full review »
Associate Technical Lead at a computer software company with 5,001-10,000 employees
The solution has a variety of tools. Two of the most valuable features are the ability to create users and to replicate the user account from on-premise to the cloud.View full review »
Advisor at a tech services company with 201-500 employees
All of the features are amazing, such as identity governance and privileged identity management.View full review »
Solutions Specialist at Software One Indonesia
I like Intune's MDM and MI.View full review »
Systems and Networks Engineer at a insurance company with 1,001-5,000 employees
The scalability is quite good.
It's a very necessary product in today's technological landscape.View full review »
With Azure Active Directory we were able to manage with different options the access for different users.View full review »
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.