Azure AD

Official Documentation

Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. 9/27/2016, Webpage
    Azure Active Directory is a platform you can use to manage identity in your applications. This learning path will help you get started developing applications that use AAD to...
  2. 6/1/2016, Whitepaper
    Azure AD can be truly seen as an Identity Management as a Service (IdMaaS) cloud multi-tenant service. This document is intended for IT professionals, system architects, and...
  3. 5/30/2017, Mva
    This course focuses on important concepts such as what makes Azure AD different from on-premises AD, differences in managing users and groups and the implementing custom...
  4. 4/8/2015, Mva
    Constantly resetting customer passwords? Want to extend your on-premises Active Directory? Join us to explore Azure Active Directory (Azure AD) as we kick off our Enterprise...
  5. 2/10/2017, Video, 1:06:06
    In this session, Simon will introduce the Microsoft Authentication and Authorization system. He'll cover the protocols (oAuth2, OpenID Connect), Libraries (MSAL, ADAL) and...



Upcoming Events

Title

Latest Content

Subscribe to News about Azure AD

Title  
Blog
Podcast
Video
Video
Blog
Blog
Blog
Blog
Blog
Video
Video
Blog
more...


Web Content

Azure AD Documentation

1. Azure Active Directory Documentation
2. Overview
     2.1. What is Azure Active Directory?
     2.2. About Azure identity management
     2.3. Understand Azure identity solutions
     2.4. Choose a hybrid identity solution
     2.5. Associate Azure subscriptions
     2.6. Residency and data considerations
     2.7. FAQs
     2.8. What's New
3. Get started
     3.1. Sign up for Azure AD Premium
     3.2. Add a custom domain name
     3.3. Configure company branding
     3.4. Add users to Azure AD
     3.5. Assign licenses to users
     3.6. Configure Self-service password reset
     3.7. Add your organization's privacy info in Azure AD
     3.8. Access Azure Active Directory to create a new tenant
4. How to
     4.1. Plan and design
          4.1.1. Understand Azure AD architecture
          4.1.2. Claims mapping in Azure Active Directory
          4.1.3. Deploy a hybrid identity solution
               4.1.3.1. Determine requirements
                    4.1.3.1.1. Identity
                    4.1.3.1.2. Directory sync
                    4.1.3.1.3. Multi-factor auth
                    4.1.3.1.4. Identity lifecycle strategy
               4.1.3.2. Plan for data security
                    4.1.3.2.1. Data protection
                    4.1.3.2.2. Content management
                    4.1.3.2.3. Access control
                    4.1.3.2.4. Incident response
               4.1.3.3. Plan your identity lifecycle
                    4.1.3.3.1. Tasks
                    4.1.3.3.2. Adoption strategy
               4.1.3.4. Next steps
               4.1.3.5. Tools comparison
     4.2. Manage users
          4.2.1. Add new users to Azure AD
          4.2.2. Manage user profiles
          4.2.3. Reset user passwords
          4.2.4. Share accounts
          4.2.5. Assign users to admin roles
          4.2.6. Add guest users from another directory (B2B)
               4.2.6.1. Admins adding B2B users
               4.2.6.2. Information workers adding B2B users
               4.2.6.3. API and customization
               4.2.6.4. Google federation
               4.2.6.5. Code and Azure PowerShell samples
               4.2.6.6. Self-service sign-up portal sample
               4.2.6.7. Invitation email
               4.2.6.8. Invitation redemption
               4.2.6.9. Add B2B users without an invitation
               4.2.6.10. Allow or block invitations
               4.2.6.11. Conditional access for B2B
               4.2.6.12. B2B sharing policies
               4.2.6.13. Add a B2B user to a role
               4.2.6.14. Dynamic groups and B2B users
               4.2.6.15. Leave an organization
               4.2.6.16. Auditing and reports
               4.2.6.17. B2B for hybrid organizations
                    4.2.6.17.1. Grant B2B users access to local apps
                    4.2.6.17.2. Grant local users access to cloud apps
               4.2.6.18. B2B and Office 365 external sharing
               4.2.6.19. B2B licensing
               4.2.6.20. Current limitations
               4.2.6.21. FAQ
               4.2.6.22. Troubleshooting B2B
               4.2.6.23. Understand the B2B user
               4.2.6.24. B2B user token
               4.2.6.25. B2B for Azure AD integrated apps
               4.2.6.26. B2B user claims mapping
               4.2.6.27. Compare B2B collaboration to B2C
               4.2.6.28. Getting support for B2B
     4.3. Manage groups and members
          4.3.1. Manage groups
          4.3.2. Delete a group and its members
          4.3.3. Manage group settings
     4.4. Manage reports
          4.4.1. Sign-ins activity
          4.4.2. Audit activity
          4.4.3. Users at risk
          4.4.4. Risky sign-ins
          4.4.5. Risk events
          4.4.6. Monitoring logs using Azure Monitor
          4.4.7. FAQ
          4.4.8. Tasks
               4.4.8.1. Download a sign-in report
               4.4.8.2. Download an audit report
               4.4.8.3. Configure named locations
               4.4.8.4. Find activity reports
               4.4.8.5. Use the Azure AD Power BI Content Pack
               4.4.8.6. Remediate users flagged for risk
               4.4.8.7. Route activity logs to an Azure event hub
               4.4.8.8. Archive activity logs to an Azure storage account
               4.4.8.9. Integrate activity logs with Splunk using Azure Monitor
               4.4.8.10. Integrate activity logs with SumoLogic using Azure Monitor
               4.4.8.11. Integrate activity logs with Log Analytics using Azure Monitor
          4.4.9. Reference
               4.4.9.1. Retention
               4.4.9.2. Latencies
               4.4.9.3. Audit activity reference
               4.4.9.4. Sign-in activity error codes
               4.4.9.5. Interpret the audit log schema in Azure Monitor
               4.4.9.6. Interpret the sign-in log schema in Azure Monitor
          4.4.10. Troubleshoot
               4.4.10.1. Missing data in Azure AD activity logs
               4.4.10.2. Missing data in downloads
               4.4.10.4. Errors in Azure AD Reporting API
          4.4.11. Programmatic Access
               4.4.11.1. Prerequisites
               4.4.11.2. Using certificates
     4.5. Manage passwords
     4.6. Manage apps
          4.6.1. Overview
          4.6.2. Getting started
          4.6.3. SaaS app integration tutorials
          4.6.4. User provisioning and deprovisioning to SaaS apps
               4.6.4.1. App integration tutorials
               4.6.4.2. Automate provisioning to SCIM-enabled apps
               4.6.4.3. Customize attribute mappings
               4.6.4.4. Write expressions for attribute mappings
               4.6.4.5. Use scoping filters
               4.6.4.6. Report on automatic user provisioning
               4.6.4.7. Troubleshoot user provisioning
          4.6.5. Access apps remotely with App Proxy
               4.6.5.1. Get started
                    4.6.5.1.1. Enable App Proxy
                    4.6.5.1.2. Publish apps
                    4.6.5.1.3. Custom domains
               4.6.5.2. Single sign-on
                    4.6.5.2.1. SSO with KCD
                    4.6.5.2.2. SSO with headers
                    4.6.5.2.3. SSO with password vaulting
               4.6.5.3. Concepts
                    4.6.5.3.1. Connectors
                    4.6.5.3.2. Security
                    4.6.5.3.3. Networks
                    4.6.5.3.4. Upgrade from TMG or UAG
               4.6.5.4. Advanced configurations
                    4.6.5.4.1. Publish on separate networks
                    4.6.5.4.2. Proxy servers
                    4.6.5.4.3. Claims-aware apps
                    4.6.5.4.4. Native client apps
                    4.6.5.4.5. Silent install
                    4.6.5.4.6. Custom home page
                    4.6.5.4.7. Translate inline links
                    4.6.5.4.8. Wildcards
                    4.6.5.4.9. Remove personal data
               4.6.5.5. Publishing walkthroughs
                    4.6.5.5.1. Remote Desktop
                    4.6.5.5.2. SharePoint
                    4.6.5.5.3. Microsoft Teams
                    4.6.5.5.4. Tableau
                    4.6.5.5.5. Qlik
               4.6.5.6. PowerShell
               4.6.5.7. Troubleshoot
          4.6.6. Manage enterprise apps
               4.6.6.1. Add an application
               4.6.6.2. View tenant apps
               4.6.6.3. Configure single sign-on
               4.6.6.4. Assign users
               4.6.6.5. Customize branding
               4.6.6.6. Disable user sign-ins
               4.6.6.7. Remove users
               4.6.6.8. Manage user account provisioning
               4.6.6.9. Advanced certificate signing for SAML apps
               4.6.6.10. Hide an application from a user's experience
          4.6.7. Configure Sign-In Auto-Acceleration using HRD Policy
          4.6.8. Migrate AD FS apps to Azure AD
          4.6.9. Manage access to apps
               4.6.9.1. SSO access
               4.6.9.2. Certificates for SSO
               4.6.9.3. Tenant restrictions
               4.6.9.4. Use SCIM provision users
          4.6.10. Understanding Azure AD application consent experiences
          4.6.11. Troubleshoot
               4.6.11.1. Access Panel
                    4.6.11.1.1. App not appearing
                    4.6.11.1.2. Unexpected app appearing
                    4.6.11.1.3. Can't sign in
                    4.6.11.1.4. Error installing browser extension
                    4.6.11.1.5. How to use self-service app access
                    4.6.11.1.6. Error using self-service app access
               4.6.11.2. Adding an app
                    4.6.11.2.1. Choose app type
                    4.6.11.2.2. Common problems - gallery apps
                    4.6.11.2.3. Common problems - non-gallery apps
               4.6.11.3. Application Proxy
                    4.6.11.3.1. Problem displaying app page
                    4.6.11.3.2. Application load is too long
                    4.6.11.3.3. Links on application page not working
                    4.6.11.3.4. What ports to open for my app
                    4.6.11.3.5. No working connector in a connector group for my app
                    4.6.11.3.6. Configure in admin portal
                    4.6.11.3.7. Configure single sign-on to my app
                    4.6.11.3.8. Problem creating an app in admin portal
                    4.6.11.3.9. Configure Kerberos Constrained Delegation
                    4.6.11.3.10. Configure with PingAccess
                    4.6.11.3.11. "Can't Access this Corporate Application" error
                    4.6.11.3.12. Problem installing the Application Proxy Agent Connector
               4.6.11.4. Application registration
                    4.6.11.4.1. Enter fields for the application object
                    4.6.11.4.2. Change token lifetime defaults
               4.6.11.5. Authentication
                    4.6.11.5.1. Configure endpoints
               4.6.11.6. Conditional Access
                    4.6.11.6.1. Customer did not meet Device Registration pre-reqs
                    4.6.11.6.2. How and when do off corpnet rules take effect?
                    4.6.11.6.3. How to increase the number of devices that user is allowed to register in Azure AD?
                    4.6.11.6.4. How to set up Conditional Access for Exchange Online?
                    4.6.11.6.5. How to set up Conditional Access for Windows 7 devices?
                    4.6.11.6.6. Which applications are supported with conditional access?
               4.6.11.7. Find an API
                    4.6.11.7.1. Find an API
               4.6.11.8. Managing access
                    4.6.11.8.1. Assign users and groups to an app
                    4.6.11.8.2. Remove a users access to an app
                    4.6.11.8.3. Configure self-service app assignment
                    4.6.11.8.4. Unexpected user assigned
                    4.6.11.8.5. Unexpected app in the applications list
               4.6.11.9. Multi-tenant apps
                    4.6.11.9.1. Configure a new app
                    4.6.11.9.2. Add to the app gallery
               4.6.11.10. Permissions
                    4.6.11.10.1. Choose permissions for an API
                    4.6.11.10.2. Grant permissions to my app
                    4.6.11.10.3. Delegated vs application permissions
                    4.6.11.10.4. Application consent
               4.6.11.11. Provisioning
                    4.6.11.11.1. How long it takes
                    4.6.11.11.2. Taking hours - gallery app
                    4.6.11.11.3. Configure user provisioning - gallery app
                    4.6.11.11.4. Problem configuring user provisioning - gallery app
                    4.6.11.11.5. Problem saving administrator credentials while configuring user provisioning gallery app
                    4.6.11.11.6. Users are not provisioned - gallery app
                    4.6.11.11.7. Wrong users provisioned - galler app
               4.6.11.12. Single sign-on
                    4.6.11.12.1. Choose a method
                    4.6.11.12.2. Configure
                    4.6.11.12.3. Configure federated - gallery apps
                    4.6.11.12.4. Configuring federated common problems - gallery apps
                    4.6.11.12.5. Configure federated - non-gallery apps
                    4.6.11.12.6. Configure federated common problems - non-gallery apps
                    4.6.11.12.7. Configure password - gallery apps
                    4.6.11.12.8. Configure password common problems - gallery apps
                    4.6.11.12.9. Configure password - non-gallery apps
                    4.6.11.12.10. Configure password common problems - non-gallery apps
               4.6.11.13. User sign-in problems
                    4.6.11.13.1. Unexpected consent prompt
                    4.6.11.13.2. User consent error
                    4.6.11.13.3. Problems signing in from custom portal
                    4.6.11.13.4. Problems signing in from access panel
                    4.6.11.13.5. Error on application sign-in page
                    4.6.11.13.6. Problem with password single sign-on - non-gallery app
                    4.6.11.13.7. Problem with password single sign-on - gallery app
                    4.6.11.13.8. Problem signing into a Microsoft app
                    4.6.11.13.9. Problem with federated single sign-on - non-gallery app
                    4.6.11.13.10. Problem with federated single sign-on - gallery app
                    4.6.11.13.11. Problem with custom-developed app
                    4.6.11.13.12. Problem with on-premises app - Application Proxy
          4.6.12. Develop apps
     4.7. Manage your directory
          4.7.1. Azure AD Connect
          4.7.2. Custom domain names
               4.7.2.1. Quickstart
          4.7.3. Administer your directory
          4.7.4. Enterprise State Roaming
               4.7.4.1. Enable
               4.7.4.2. Group policy settings
               4.7.4.3. Windows 10 settings
               4.7.4.4. FAQs
               4.7.4.5. Troubleshoot
          4.7.5. Integrate on-premises identities using Azure AD Connect
          4.7.6. Configure token lifetimes
     4.8. Secure your identities
          4.8.1. Privileged Identity Management
     4.9. Deploy AD FS in Azure
          4.9.1. High availability
          4.9.2. Change signature hash algorithm
     4.10. Troubleshoot
     4.11. Deploy Azure AD Proof of Concept (PoC)
          4.11.1. PoC Playbook: Introduction
          4.11.2. PoC Playbook: Ingredients
          4.11.3. PoC Playbook: Implementation
          4.11.4. PoC Playbook: Building Blocks
5. Reference
     5.1. Code samples
     5.2. Azure PowerShell cmdlets
     5.3. Java API Reference
     5.4. .NET API
6. Related
     6.1. Multi-Factor Authentication
     6.2. Azure AD Connect
     6.3. Azure AD Connect Health
     6.4. Azure AD for developers
     6.5. Azure AD Privileged Identity Management
7. Resources
     7.1. Azure AD deployment plans
     7.2. Azure feedback forum
     7.3. Azure Roadmap
     7.4. MSDN forum
     7.5. Pricing
     7.6. Pricing calculator
     7.7. Service updates
     7.8. Stack Overflow
     7.9. Videos

Online Training Content

Date Title
5/30/2017 Azure204x - Microsoft Azure Identity
1/27/2017 Evolution of Identity
9/30/2016 Microsoft Azure for IT Pros Content Series: Azure Active Directory
8/18/2016 EMS technical training available on Microsoft Virtual Academy (MVA)
12/30/2015 Extend Your Datacenter to the Cloud
12/11/2015 Accelerate Your Journey to the Cloud with Integrated Identity
12/11/2015 Add Identity into Your Cloud-Based Apps
12/10/2015 Manage and Secure Identities in a Cloud and Mobile World
10/13/2015 Security in a Cloud-Enabled World
6/17/2015 Support Corner: Accessing Azure AD Portal from Office 365

Page 1 of 2

Tools

Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).

Videos

Date Title Length
10/19/2018
Azure Active Directory: New features and roadmap - BRK2254
1:10:25
10/18/2018
Azure Blob Storage: Build secure scalable cloud applications - BRK3292
1:15:14
10/12/2018
Enterprise Mobile DevOps: Build and distribute apps faster with App Center - BRK2023
0:45:22
10/12/2018
How to run the Azure Government PaaS sample
0:06:04
10/6/2018
An IT pros guide to Open ID Connect OAuth 2.0 with the V1 and V2 Azure Active - BRK3234
1:14:15
10/5/2018
Moving beyond KMS and MAK with Windows 10 Subscription Activation - THR3117
0:26:35
10/5/2018
Manage and secure your on-premises apps in Azure Active Directory - THR3044
0:16:31
10/5/2018
Registering and managing apps through Microsoft Azure Portal and Microsoft Graph API - THR2079
0:20:45
10/5/2018
Customer story: How to protect and restore Active Directory from malicious or - BRK2429
1:12:31
10/2/2018
Govern access to your resources with Azure Active Directory identity governance and - BRK3242
1:17:24

Page 1 of 34