Azure AD

Official Documentation

Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. Azure AD Learning Path
    9/27/2016, Webpage
  2. Azure204x - Microsoft Azure Identity
    5/30/2017, Mva
  3. Azure Active Directory Core Skills Jump Start
    4/8/2015, Mva
  4. Introduction to Authentication on Azure Active Directory
    2/10/2017, Video, 1:06:06

Latest Content

Subscribe to News about Azure AD

Title  
Partners: Thanks for joining us at Microsoft Inspire! Blog
Azure Active Directory B2C UI change Blog
How Microsoft EMS can support you in your journey to EU GDPR compliance – Part 5 Blog
Mobility and Identity admins, get EMS up and running at Microsoft Ignite! Blog
Ransomware detection with Microsoft Advanced Threat Analytics and Cloud App Security Blog
Today at Microsoft Inspire–Next generation architecture for RDS hosting Blog
New Public Preview: Azure AD Domain Services admin UX in the new Azure Portal Blog
ADAL .NET 3.14.1 released Blog
Microsoft 365 and Enterprise Mobility + Security Blog
Protecting Windows Server 2016 using Azure Backup Blog
How Microsoft EMS Can Support You in Your Journey to EU GDPR Compliance – Part 4 Blog
Better together: Intune and Azure Active Directory team up to improve user access Blog
more...

Azure Documentation

1. Overview
     1.1. What is Azure Active Directory?
     1.2. About Azure identity management
     1.3. Understand Azure identity solutions
     1.4. Choose a hybrid identity solution
     1.5. FAQs
2. Get started
     2.1. Get an Azure AD tenant
     2.2. Sign up for Azure AD Premium
     2.3. Associate Azure subscriptions
     2.4. Manage Azure AD licensing
          2.4.1. Azure portal
          2.4.2. Classic portal
          2.4.3. Assign licenses using groups
               2.4.3.1. Assign licenses to a group
               2.4.3.2. Identify and resolve license problems in a group
               2.4.3.3. Migrate individual licensed users to group-based licensing
               2.4.3.4. Additional scenarios for group-based licensing
               2.4.3.5. PowerShell examples for group-based licensing
     2.5. How to get support for Azure Active Directory
     2.6. SaaS app integration tutorials
3. How to
     3.1. Plan and design
          3.1.1. Understand Azure AD architecture
          3.1.2. Recommended security policies and configurations
               3.1.2.1. Secure email recommended policies
                    3.1.2.1.1. Deploy recommended secure email policies
               3.1.2.2. EMS and Office 365 services overview
          3.1.3. Deploy a hybrid identity solution
          3.1.4. Claims mapping in Azure Active Directory
               3.1.4.1. Determine requirements
                    3.1.4.1.1. Identity
                    3.1.4.1.2. Directory sync
                    3.1.4.1.3. Multi-factor auth
                    3.1.4.1.4. Identity lifecycle strategy
               3.1.4.2. Plan for data security
                    3.1.4.2.1. Data protection
                    3.1.4.2.2. Content management
                    3.1.4.2.3. Access control
                    3.1.4.2.4. Incident response
               3.1.4.3. Plan your identity lifecycle
                    3.1.4.3.1. Tasks
                    3.1.4.3.2. Adoption strategy
               3.1.4.4. Next steps
               3.1.4.5. Tools comparison
     3.2. Manage users
          3.2.1. Add users
               3.2.1.1. Azure portal
               3.2.1.2. Classic portal
          3.2.2. Assign licenses using groups
               3.2.2.1. Assign licenses to a group
               3.2.2.2. Identify and resolve license problems in a group
               3.2.2.3. Migrate individual licensed users to group-based licensing
               3.2.2.4. Additional scenarios for group-based licensing
               3.2.2.5. PowerShell examples for group-based licensing
          3.2.3. Add users from other directories (classic portal)
          3.2.4. Delete users
          3.2.5. Manage user profiles
          3.2.6. Reset a password
          3.2.7. Manage user work information
          3.2.8. Share accounts
     3.3. Manage groups and members
          3.3.1. Manage groups
               3.3.1.1. Azure portal
               3.3.1.2. Classic portal
               3.3.1.3. PowerShell
          3.3.2. Manage group members
          3.3.3. Manage group owners
          3.3.4. Manage group membership
          3.3.5. Assign licenses using groups
               3.3.5.1. Assign licenses to a group
               3.3.5.2. Identify and resolve license problems in a group
               3.3.5.3. Migrate individual licensed users to group-based licensing
               3.3.5.4. Additional scenarios for group-based licensing
               3.3.5.5. PowerShell examples for group-based licensing
          3.3.6. View all groups
          3.3.7. Enable dedicated groups
          3.3.8. Add group access to SaaS apps
          3.3.9. Restore a deleted Office 365 group
          3.3.10. Manage group settings
               3.3.10.1. Azure portal
               3.3.10.2. Cmdlets
          3.3.11. Create advanced rules
               3.3.11.1. Azure portal
               3.3.11.2. Classic portal
          3.3.12. Set up self-service groups
          3.3.13. Troubleshoot
     3.4. Manage reports
          3.4.1. Sign-ins activity
          3.4.2. Audit activity
          3.4.3. Users at risk
          3.4.4. Risky sign-ins
          3.4.5. Risk events
          3.4.6. FAQ
          3.4.7. Tasks
               3.4.7.1. Configure named locations
               3.4.7.2. Find activity reports
               3.4.7.3. Use the Azure Active Directory Power BI Content Pack
          3.4.8. Reference
               3.4.8.1. Retention
               3.4.8.2. Latencies
               3.4.8.3. Notifications
               3.4.8.4. Sign-in activity error codes
          3.4.9. Troubleshoot
               3.4.9.1. Missing audit data
               3.4.9.2. Missing data in downloads
               3.4.9.3. Azure Active Directory Activity logs content pack errors
          3.4.10. Programmatic Access
               3.4.10.1. Audit reference
               3.4.10.2. Sign-in reference
               3.4.10.3. Prerequisites
               3.4.10.4. Audit samples
               3.4.10.5. Sign-in samples
               3.4.10.6. Using certificates
     3.5. Manage passwords
          3.5.1. User documents
               3.5.1.1. Reset or change your password
               3.5.1.2. Password best practices
               3.5.1.3. Register for self-service password reset
          3.5.2. Quick start: Self-service password reset
          3.5.3. License SSPR
          3.5.4. Deploy SSPR
          3.5.5. IT Admins: Reset passwords
               3.5.5.1. Azure portal
               3.5.5.2. Azure classic portal
          3.5.6. Understand SSPR policies
          3.5.7. Understand password reset
          3.5.8. Customize SSPR
          3.5.9. Data used by SSPR
          3.5.10. Reporting on SSPR
          3.5.11. Azure AD Connect
          3.5.12. Password writeback
          3.5.13. Password hash synchronization
          3.5.14. Troubleshoot
          3.5.15. FAQ
     3.6. Manage devices
          3.6.1. Register devices
               3.6.1.1. Setup
               3.6.1.2. Deploy on-premises
               3.6.1.3. FAQs
               3.6.1.4. Troubleshoot
                    3.6.1.4.1. Troubleshooting for Windows 10 and Windows Server 2016
                    3.6.1.4.2. Troubleshooting for Windows down-level clients
          3.6.2. Azure AD Join
               3.6.2.1. Plan
               3.6.2.2. Set up device registration
               3.6.2.3. Register new devices
               3.6.2.4. Deploy
               3.6.2.5. Understand Windows 10 integration
               3.6.2.6. Use Windows 10 devices
               3.6.2.7. Join your device
               3.6.2.8. Join a Windows 10 device
     3.7. Manage apps
          3.7.1. Overview
          3.7.2. Getting started
          3.7.3. Cloud App Discovery
               3.7.3.1. Update registry settings
               3.7.3.2. Understand security and privacy
          3.7.4. Access apps remotely with App Proxy
               3.7.4.1. Get started
                    3.7.4.1.1. Enable App Proxy
                    3.7.4.1.2. Publish apps
                    3.7.4.1.3. Custom domains
               3.7.4.2. SSO access
                    3.7.4.2.1. SSO with KCD
                    3.7.4.2.2. SSO with headers
                    3.7.4.2.3. SSO with password vaulting
               3.7.4.3. Concepts
                    3.7.4.3.1. Connectors
                    3.7.4.3.2. Security
                    3.7.4.3.3. Networks
                    3.7.4.3.4. Upgrade from TMG or UAG
               3.7.4.4. Advanced configurations
                    3.7.4.4.1. Publish on separate networks
                    3.7.4.4.2. Proxy servers
                    3.7.4.4.3. Claims-aware apps
                    3.7.4.4.4. Native client apps
                    3.7.4.4.5. Silent install
                    3.7.4.4.6. Custom home page
                    3.7.4.4.7. Translate inline links
               3.7.4.5. Publishing walkthroughs
                    3.7.4.5.1. Remote Desktop
                    3.7.4.5.2. SharePoint
                    3.7.4.5.3. Microsoft Teams
               3.7.4.6. Troubleshoot
               3.7.4.7. Use the classic portal
                    3.7.4.7.1. Download connectors
                    3.7.4.7.2. Publish apps
                    3.7.4.7.3. Use connectors
                    3.7.4.7.4. Conditional access
          3.7.5. Manage enterprise apps
               3.7.5.1. Assign users
               3.7.5.2. Customize branding
               3.7.5.3. Disable user sign-ins
               3.7.5.4. Remove users
               3.7.5.5. View all my apps
               3.7.5.6. Manage user account provisioning
          3.7.6. Manage access to apps
               3.7.6.1. Self-service access
               3.7.6.2. Certificates for SSO
               3.7.6.3. Tenant restrictions
               3.7.6.4. Use SCIM provision users
          3.7.7. Troubleshoot
               3.7.7.1. Application Development
                    3.7.7.1.1. Configuration and Registration
                    3.7.7.1.2. Development
               3.7.7.2. Application Management
                    3.7.7.2.1. Configuration
                    3.7.7.2.2. Sign-in
                    3.7.7.2.3. Provisioning
                    3.7.7.2.4. Managing Access
                    3.7.7.2.5. Access Panel
                    3.7.7.2.6. Application Proxy
                    3.7.7.2.7. Conditional Access
          3.7.8. Develop apps
          3.7.9. Document library
     3.8. Manage your directory
          3.8.1. Azure AD Connect
          3.8.2. Custom domain names
               3.8.2.1. Overview
               3.8.2.2. Add your domain name
                    3.8.2.2.1. Azure portal
                    3.8.2.2.2. Classic portal
                    3.8.2.2.3. With AD FS
               3.8.2.3. Assign users
               3.8.2.4. Manage domain names
                    3.8.2.4.1. Azure portal
                    3.8.2.4.2. Classic portal
          3.8.3. Customize the sign-in page
               3.8.3.1. Azure portal
               3.8.3.2. Language-specific
               3.8.3.3. Classic portal
          3.8.4. Administer your directory
          3.8.5. Multiple directories
          3.8.6. O365 directories
          3.8.7. Self-service signup
          3.8.8. Enterprise State Roaming
               3.8.8.1. Enable
               3.8.8.2. Group policy settings
               3.8.8.3. Windows 10 settings
               3.8.8.4. FAQs
               3.8.8.5. Troubleshoot
          3.8.9. Integrate partners with Azure AD B2B
               3.8.9.1. Admins adding B2B users
               3.8.9.2. Information workers adding B2B users
               3.8.9.3. API and customization
               3.8.9.4. Code and PowerShell samples
               3.8.9.5. Self-service sign-up portal sample
               3.8.9.6. Invitation email
               3.8.9.7. Invitation redemption
               3.8.9.8. Conditional access for B2B
               3.8.9.9. B2B sharing policies
               3.8.9.10. Add a B2B user to a role
               3.8.9.11. Dynamic groups and B2B users
               3.8.9.12. Auditing and reports
               3.8.9.13. B2B and Office 365 external sharing
               3.8.9.14. Licensing
               3.8.9.15. Current limitations
               3.8.9.16. FAQ
               3.8.9.17. Troubleshooting B2B
               3.8.9.18. Understand the B2B user
               3.8.9.19. B2B user token
               3.8.9.20. B2B for Azure AD integrated apps
               3.8.9.21. B2B user claims mapping
               3.8.9.22. Compare B2B collaboration to B2C
               3.8.9.23. Getting support for B2B
          3.8.10. Integrate on-premises identities using Azure AD Connect
     3.9. Delegate access to resources
          3.9.1. Administrator roles
               3.9.1.1. Assign admin roles
          3.9.2. Administrative units
          3.9.3. Resource access in Azure
          3.9.4. Role-Based Access Control
               3.9.4.1. Manage access assignments
                    3.9.4.1.1. By user
                    3.9.4.1.2. By resource
               3.9.4.2. Built-in roles
               3.9.4.3. Custom roles
               3.9.4.4. Assign custom roles for internal and external users
               3.9.4.5. Reporting
               3.9.4.6. More ways to manage roles
                    3.9.4.6.1. Azure CLI
                    3.9.4.6.2. PowerShell
                    3.9.4.6.3. REST
               3.9.4.7. Elevate tenant admin access
               3.9.4.8. Troubleshoot
               3.9.4.9. Resource Provider operations
          3.9.5. Configure token lifetimes
     3.10. Secure your identities
          3.10.1. Conditional access
               3.10.1.1. Get started
               3.10.1.2. Best practices
               3.10.1.3. Technical reference
               3.10.1.4. Supported apps
               3.10.1.5. Understand device policies
               3.10.1.6. Set up access to connected apps
               3.10.1.7. Remediation
               3.10.1.8. FAQs
               3.10.1.9. Classic portal
                    3.10.1.9.1. Get started
          3.10.2. Windows Hello
               3.10.2.1. Authenticate without passwords
               3.10.2.2. Enable Windows Hello for Business
          3.10.3. Certificate-based Authentication
               3.10.3.1. Android
               3.10.3.2. iOS
               3.10.3.3. Get started
          3.10.4. Azure AD Identity Protection
               3.10.4.1. Enable
               3.10.4.2. Detect vulnerabilities
               3.10.4.3. Risk events
               3.10.4.4. Notifications
               3.10.4.5. Sign-in experience
               3.10.4.6. Simulate risk events
               3.10.4.7. Unblock users
               3.10.4.8. FAQs
               3.10.4.9. Glossary
               3.10.4.10. Microsoft Graph
          3.10.5. Privileged Identity Management
     3.11. Deploy AD DS on Azure VMs
          3.11.1. Windows Server Active Directory on Azure VMs
          3.11.2. Replica domain controller in an Azure virtual network
          3.11.3. New forest on an Azure virtual network
     3.12. Deploy AD FS in Azure
          3.12.1. High availability
          3.12.2. Change signature hash algorithm
     3.13. Troubleshoot
     3.14. Deploy Azure AD Proof of Concept (PoC)
          3.14.1. PoC Playbook: Introduction
          3.14.2. PoC Playbook: Ingredients
          3.14.3. PoC Playbook: Implementation
          3.14.4. PoC Playbook: Building Blocks
4. Reference
     4.1. PowerShell cmdlets
     4.2. Java API Reference
     4.3. .NET API
     4.4. Service limits and restrictions
5. Related
     5.1. Multi-Factor Authentication
     5.2. Azure AD Connect
     5.3. Azure AD Connect Health
     5.4. Azure AD for developers
     5.5. Azure AD Privileged Identity Management
6. Resources
     6.1. Azure feedback forum
     6.2. Azure Roadmap
     6.3. MSDN forum
     6.4. Pricing
     6.5. Service updates
     6.6. Stack Overflow
     6.7. Videos

Online Training Content

Date Title
5/30/2017 Azure204x - Microsoft Azure Identity
1/27/2017 Evolution of Identity
9/30/2016 Microsoft Azure for IT Pros Content Series: Azure Active Directory
8/18/2016 EMS technical training available on Microsoft Virtual Academy (MVA)
12/30/2015 Extend Your Datacenter to the Cloud
12/11/2015 Accelerate Your Journey to the Cloud with Integrated Identity
12/11/2015 Add Identity into Your Cloud-Based Apps
12/10/2015 Manage and Secure Identities in a Cloud and Mobile World
10/13/2015 Security in a Cloud-Enabled World
6/17/2015 Support Corner: Accessing Azure AD Portal from Office 365

Page 1 of 2

Tools

Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).

Videos

Date Title Length
6/20/2017 Scary, I can hear your thoughts – What will Azure AD do for me? 0:47:05
5/17/2017 Azure Active Directory Identity Protection 0:10:08
5/10/2017 Azure Log Integration Videos - Azure AD Integration 0:01:40
5/10/2017 Azure Active Directory v2 endpoint and MSAL: What's new 0:35:44
5/8/2017 SAP Business Suites Netweaver on Azure (non-HANA) Architecture Design 2:00:03
5/4/2017 Securely sign-in your customers with Azure Active Directory B2C 0:18:36
5/4/2017 The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile and web apps 1:00:51
5/4/2017 Microsoft Graph: Build better apps with the API to your organization 1:07:30
4/14/2017 Azure Active Directory Identity Protection 0:10:07
4/10/2017 Common Identity 0:15:00

Page 1 of 14