Azure AD

Official Documentation

Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. Azure AD Learning Path
    9/27/2016, Webpage
  2. Azure Active Directory Core Skills Jump Start
    4/8/2015, Mva

Azure Documentation

1. Overview
     1.1. What is Azure Active Directory?
     1.2. Choose edition
     1.3. About Azure identity management
     1.4. Preview the Azure AD portal experience
2. Get started
     2.1. Get an Azure AD tenant
     2.2. Sign up for Azure AD Premium
     2.3. Associate Azure subscriptions
     2.4. Manage Azure AD licensing
          2.4.1. Azure portal
          2.4.2. Classic portal
     2.5. Get Azure for your organization
     2.6. FAQs
     2.7. SaaS app tutorials
3. How to
     3.1. Plan and design
          3.1.1. Deploy a hybrid identity solution
      Determine requirements
           Directory sync
           Multi-factor auth
           Identity lifecycle strategy
      Plan for data security
           Data protection
           Content management
           Access control
           Incident response
      Plan your identity lifecycle
           Adoption strategy
      Next steps
      Tools comparison
     3.2. Manage users
          3.2.1. Add users
      Azure portal
      Classic portal
          3.2.2. Add users from other directories (classic portal)
          3.2.3. Delete users
          3.2.4. Manage user profiles
          3.2.5. Reset a password
          3.2.6. Manage user work information
          3.2.7. Share accounts
     3.3. Manage groups and members
          3.3.1. Manage groups
      Azure portal
      Classic portal
          3.3.2. Manage group members
          3.3.3. Manage group owners
          3.3.4. Manage group membership
          3.3.5. View all groups
          3.3.6. Enable dedicated groups
          3.3.7. Add group access to SaaS apps
          3.3.8. Restore a deleted Office 365 group
          3.3.9. Manage group settings
      Azure portal
          3.3.10. Create advanced rules
      Azure portal
      Classic portal
          3.3.11. Group-based licensing
      Assign licenses to a group
      Identify and resolve license problems for a group
      Migrate individual licensed users to group-based licensing
      Additional scenarios for group-based licensing
      PowerShell examples for group-based licensing
          3.3.12. Set up self-service groups
          3.3.13. Troubleshoot
     3.4. Manage reports
          3.4.1. Sign-ins activity
          3.4.2. Audit activity
          3.4.3. Users at risk
          3.4.4. Risky sign-ins
          3.4.5. Risk events
          3.4.6. Named networks
          3.4.7. Report migration
          3.4.8. Retention
          3.4.9. Latencies
          3.4.10. FAQ
          3.4.11. Troubleshoot
      Missing audit data
      Missing data in downloads
          3.4.12. Access
      Audit reference
      Audit samples
      Sign-in reference
      Sign-in samples
          3.4.13. Classic portal
      Azure AD reporting
      Reporting guide
      Known networks
      Audit events
      Understand reports
           Irregular sign-in
           Multiple failures
           Suspicious IP addresses
           Multiple geographies
           Possibly infected devices
           Unknown sources
           Anomalous sign-ins
     3.5. Manage passwords
          3.5.1. Reset or change your password
          3.5.2. Register for self-service password reset
          3.5.3. Administrators enable self-service password reset
          3.5.4. Understand password management
          3.5.5. Understand policies and restrictions
          3.5.6. Reset passwords
      Azure portal
      Classic portal
          3.5.7. Set expiration policies
          3.5.8. Enable password management
      Get started
      View reports
      Learn more
     3.6. Manage devices
          3.6.1. Register devices
      Deploy on-premises
           Troubleshooting for Windows 10 and Windows Server 2016
           Troubleshooting for Windows down-level clients
          3.6.2. Azure AD Join
      Set up device registration
      Register new devices
      Understand Windows 10 integration
      Use Windows 10 devices
      Join your device
      Join a Windows 10 device
     3.7. Manage apps
          3.7.1. Overview
          3.7.2. Getting started
          3.7.3. Cloud App Discovery
      Update registry settings
      Understand security and privacy
          3.7.4. Give remote access to your apps
      Enable App Proxy
      Understand connectors
      Publish apps
      Remote Desktop
      Publish on separate networks
      Proxy servers
      Custom domains
      Access apps
           Azure portal
      SSO with KCD
      SSO with headers
      Claims-aware apps
      Native client apps
      Custom home page
      Conditional access
      Silent install
      Microsoft Forefront
      Use the classic portal
           Download connectors
           Publish apps
           Use connectors
          3.7.5. Manage enterprise apps
      Assign users
      Customize branding
      Disable user sign-ins
      Remove users
      View all my apps
      Manage user account provisioning
          3.7.6. Develop
      Assign users
      Assign groups
      Require assignment
      Develop LoB apps
          3.7.7. Manage access to apps
      Self-service access
      Certificates for SSO
      Tenant restrictions
      Use SCIM provision users
          3.7.8. Troubleshoot
      Application Development
           Configuration and Registration
      Application Management
           Managing Access
           Access Panel
           Application Proxy
           Conditional Access
          3.7.9. Document library
     3.8. Manage your directory
          3.8.1. Azure AD Connect
          3.8.2. Custom domain names
      Add your domain name
           Azure portal
           Classic portal
           With AD FS
      Assign users
      Manage domain names
           Azure portal
           Classic portal
          3.8.3. Customize the sign-in page
      Azure portal
      Classic portal
          3.8.4. Administer your directory
          3.8.5. Multiple directories
          3.8.6. O365 directories
          3.8.7. Self-service signup
          3.8.8. Enterprise State Roaming
      Group policy settings
      Windows 10 settings
          3.8.9. Integrate partners with Azure AD B2B
      Admins adding B2B users
      Information workers adding B2B users
      API and customization
      Code and PowerShell samples
      Self-service sign-up portal sample
      Invitation email
      Invitation redemption
      Conditional access for B2B
      B2B sharing policies
      Add a B2B user to a role
      Dynamic groups and B2B users
      Auditing and reports
      B2B and Office 365 external sharing
      Current limitations
      Troubleshooting B2B
      Understand the B2B user
      B2B user token
      B2B for Azure AD integrated apps
      B2B user claims mapping
      Compare B2B collaboration to B2C
      Getting support for B2B
          3.8.10. Integrate on-premises identities using Azure AD Connect
     3.9. Delegate access to resources
          3.9.1. Administrator roles
      Assign admin roles
          3.9.2. Administrative units
          3.9.3. Resource access in Azure
          3.9.4. Role-Based Access Control
      Manage access assignments
           By user
           By resource
      Built-in roles
      Custom roles
      More ways to manage roles
           Azure CLI
          3.9.5. Configure token lifetimes
     3.10. Secure your identities
          3.10.1. Conditional access
      Get started
      Supported apps
      Understand device policies
      Set up access to connected apps
          3.10.2. Windows Hello
      Authenticate without passwords
      Enable Windows Hello for Business
          3.10.3. Certificate-based Authentication
      Get started
          3.10.4. Azure AD Identity Protection
      Detect vulnerabilities
      Risk events
      Sign-in experience
      Simulate risk events
      Unblock users
      Microsoft Graph
          3.10.5. Privileged Identity Management
     3.11. Deploy AD DS on Azure VMs
          3.11.1. Windows Server Active Directory on Azure VMs
          3.11.2. Replica domain controller in an Azure virtual network
          3.11.3. New forest on an Azure virtual network
     3.12. Deploy AD FS in Azure
          3.12.1. High availability
          3.12.2. Change signature hash algorithm
     3.13. Troubleshoot
     3.14. Deploy Azure AD Proof of Concept (PoC)
          3.14.1. PoC Playbook: Introduction
          3.14.2. PoC Playbook: Ingredients
          3.14.3. PoC Playbook: Implementation
          3.14.4. PoC Playbook: Building Blocks
4. Reference
     4.1. PowerShell cmdlets
     4.2. Java API Reference
     4.3. .NET API
     4.4. Service limits and restrictions
5. Related
     5.1. Multi-Factor Authentication
     5.2. Azure AD Connect
     5.3. Azure AD Connect Health
     5.4. Azure AD for developers
     5.5. Azure AD Privileged Identity Management
6. Resources
     6.1. Pricing
     6.2. MSDN forum
     6.3. Stack Overflow
     6.4. Videos
     6.5. Service updates
     6.6. Azure feedback forum


Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).