Microsoft Entra ID

1) Simplicity is key. It is very easy and fast to add SSO configurations, and it can be done in the UI in seconds. At the same time, there are some more complex things (like the ent. apps policies) that are hidden in the API and can be used in more advanced scenarios if needed. 2) Automation capabilities. Everything you see in the portal can be called through the Graph API. It gives so much power for automation and integration with 3rd party systems (like Service Now or Azure DevOps). So, it is possible to provide most of the functionality as a service for your internal customers through that. 3) Road-map. A lot of new features are planned/coming. Entra is a key Microsoft product and the only Identity Provider vendor they have. So it gives a very good feeling of safety that it will be developed further for many years and it will stay.

Seamless integration with Microsoft 365 and Identity Governance features. We've seen a reduction in unauthorized access incidents and an improvement in compliance thanks to automation and better visibility.

What i appreciate most about Microsoft Entra ID is how it combines security with efficiency in a way that truly fits our operational needs. The single sign-on feature allows our team to access multiple applications using one set of credentials, streamlining the login processes and maintaining high productivity across the production line. Multifactor authentication adds an essential layer of security by requiring our team members to provide two or more verification factors to gain access to applications and resources. This is especially valuable when accessing sensitive manufacturing data remotely or from shared devices. I also value the self-service password reset capability, which empowers us to reset our passwords and manage credentials independently, reducing the burden on our IT teams and help avoid workflow disruptions. Conditional access is another key benefit. It ensures that only compliant devices and properly authorized users can access our critical systems, based on location or device risk. Lastly, the Identity protection feature enhances our security posture with real-time threat detection and machine learning to identify and respond to suspicious activity proactively.

1) Additional (and sometimes unexpected) costs. Entra IGAs, Verified ID, and some other features require additional licenses in fact on top of the M365 E5 license. This is not expected in a way that you might think that E5 should be enough for everything (as it is a top license). The same is applicable for external identities that require some licenses on top of E5. 2) Confusion and overlapping of some B2B vs B2C functionality. Some features have the same name (e.g. Sign-Up flow) but different meaning and implementation for B2B and B2C. E.g. Something that works for B2C may not work for B2B (and that is expected). It creates confusion and requires effort to do a very good scoping and fully understand what you plan to achieve and by which tools. 3) It would be great to have more customisation options for MFA methods. It is not possible to allow some MFA methods for SSPR (self-service password reset) and not allow it for MFA. It is not possible, for example, to allow phone/SMS for SSPR but block it for MFA (as it is not reliable). This has created issues in some areas where MFA Authenticator app access can be challenging (e.g. for companies who have offices in EU/US and China).

The user interface is unintuitive, particularly for advanced features like entitlement management. Licensing is also confusing and requires careful planning to avoid hidden costs. Support responsiveness can vary.

Microsoft Entra ID is costly and complex to implement during the initial setup phase. It requires a significant upfront investment of licensing fee, time and internal resources to properly integrate it with existing systems.