Azure AD

Official Documentation

Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. 9/27/2016, Webpage
    Azure Active Directory is a platform you can use to manage identity in your applications. This learning path will help you get started developing applications that use AAD to...
  2. 5/30/2017, Mva
    This course focuses on important concepts such as what makes Azure AD different from on-premises AD, differences in managing users and groups and the implementing custom...
  3. 4/8/2015, Mva
    Constantly resetting customer passwords? Want to extend your on-premises Active Directory? Join us to explore Azure Active Directory (Azure AD) as we kick off our Enterprise...
  4. 2/10/2017, Video, 1:06:06
    In this session, Simon will introduce the Microsoft Authentication and Authorization system. He'll cover the protocols (oAuth2, OpenID Connect), Libraries (MSAL, ADAL) and...



Latest Content

Subscribe to News about Azure AD

Title  
Blog
Blog
Blog
Blog
Blog
Blog
Blog
Blog
Blog
Blog
Blog
Blog
more...


Azure Documentation

1. Overview
     1.1. What is Azure Active Directory?
     1.2. About Azure identity management
     1.3. Understand Azure identity solutions
     1.4. Choose a hybrid identity solution
     1.5. Associate Azure subscriptions
     1.6. FAQs
     1.7. What's New
2. Get started
     2.1. Get started with Azure AD
     2.2. Sign up for Azure AD Premium
     2.3. Add a custom domain name
     2.4. Configure company branding
     2.5. Add users to Azure AD
     2.6. Assign licenses to users
     2.7. Configure Self-service password reset
3. How to
     3.1. Plan and design
          3.1.1. Understand Azure AD architecture
          3.1.2. Claims mapping in Azure Active Directory
          3.1.3. Deploy a hybrid identity solution
               3.1.3.1. Determine requirements
                    3.1.3.1.1. Identity
                    3.1.3.1.2. Directory sync
                    3.1.3.1.3. Multi-factor auth
                    3.1.3.1.4. Identity lifecycle strategy
               3.1.3.2. Plan for data security
                    3.1.3.2.1. Data protection
                    3.1.3.2.2. Content management
                    3.1.3.2.3. Access control
                    3.1.3.2.4. Incident response
               3.1.3.3. Plan your identity lifecycle
                    3.1.3.3.1. Tasks
                    3.1.3.3.2. Adoption strategy
               3.1.3.4. Next steps
               3.1.3.5. Tools comparison
     3.2. Manage users
          3.2.1. Add new users to Azure AD
          3.2.2. Manage user profiles
          3.2.3. Share accounts
          3.2.4. Assign users to admin roles
          3.2.5. Add guest users from another directory (B2B)
               3.2.5.1. Admins adding B2B users
               3.2.5.2. Information workers adding B2B users
               3.2.5.3. API and customization
               3.2.5.4. Code and Azure PowerShell samples
               3.2.5.5. Self-service sign-up portal sample
               3.2.5.6. Invitation email
               3.2.5.7. Invitation redemption
               3.2.5.8. Add B2B users without an invitation
               3.2.5.9. Conditional access for B2B
               3.2.5.10. B2B sharing policies
               3.2.5.11. Add a B2B user to a role
               3.2.5.12. Dynamic groups and B2B users
               3.2.5.13. Auditing and reports
               3.2.5.14. B2B and Office 365 external sharing
               3.2.5.15. B2B licensing
               3.2.5.16. Current limitations
               3.2.5.17. FAQ
               3.2.5.18. Troubleshooting B2B
               3.2.5.19. Understand the B2B user
               3.2.5.20. B2B user token
               3.2.5.21. B2B for Azure AD integrated apps
               3.2.5.22. B2B user claims mapping
               3.2.5.23. Compare B2B collaboration to B2C
               3.2.5.24. Getting support for B2B
     3.3. Manage groups and members
          3.3.1. Manage groups
               3.3.1.1. Azure portal
               3.3.1.2. Azure PowerShell
          3.3.2. Manage group members
          3.3.3. Manage group owners
          3.3.4. Manage group membership
          3.3.5. Assign licenses using groups
               3.3.5.1. Assign licenses to a group
               3.3.5.2. Identify and resolve license problems in a group
               3.3.5.3. Migrate individual licensed users to group-based licensing
               3.3.5.4. Additional scenarios for group-based licensing
               3.3.5.5. Azure PowerShell examples for group-based licensing
               3.3.5.6. Reference for products and service plans in Azure AD
          3.3.6. Set up Office 365 groups expiration
          3.3.7. View all groups
          3.3.8. Add group access to SaaS apps
          3.3.9. Restore a deleted Office 365 group
          3.3.10. Manage group settings
               3.3.10.1. Azure portal
               3.3.10.2. Cmdlets
          3.3.11. Create advanced rules
               3.3.11.1. Azure portal
          3.3.12. Set up self-service groups
          3.3.13. Troubleshoot
     3.4. Manage reports
          3.4.1. Sign-ins activity
          3.4.2. Audit activity
          3.4.3. Users at risk
          3.4.4. Risky sign-ins
          3.4.5. Risk events
          3.4.6. FAQ
          3.4.7. Tasks
               3.4.7.1. Configure named locations
               3.4.7.2. Find activity reports
               3.4.7.3. Use the Azure Active Directory Power BI Content Pack
          3.4.8. Reference
               3.4.8.1. Retention
               3.4.8.2. Latencies
               3.4.8.3. Notifications
               3.4.8.4. Sign-in activity error codes
               3.4.8.5. Multi-factor authentication
          3.4.9. Troubleshoot
               3.4.9.1. Missing audit data
               3.4.9.2. Missing data in downloads
               3.4.9.3. Azure Active Directory Activity logs content pack errors
          3.4.10. Programmatic Access
               3.4.10.1. Audit reference
               3.4.10.2. Sign-in reference
               3.4.10.3. Prerequisites
               3.4.10.4. Audit samples
               3.4.10.5. Sign-in samples
               3.4.10.6. Using certificates
     3.5. Manage passwords
          3.5.1. Passwords overview
          3.5.2. User documents
               3.5.2.1. Reset or change your password
               3.5.2.2. Password best practices
               3.5.2.3. Register for self-service password reset
          3.5.3. SSPR How it works
          3.5.4. SSPR Deployment guide
          3.5.5. SSPR and Windows 10
          3.5.6. SSPR Policies
          3.5.7. SSPR Customization
          3.5.8. SSPR Data requirements
          3.5.9. SSPR Reporting
          3.5.10. IT Admins: Reset passwords
               3.5.10.1. Azure portal
          3.5.11. License SSPR
          3.5.12. Password writeback
          3.5.13. Troubleshoot
          3.5.14. FAQ
     3.6. Manage devices
          3.6.1. Introduction
          3.6.2. Using the Azure portal
          3.6.3. Plan Azure AD Join
          3.6.4. FAQs
          3.6.5. Tasks
               3.6.5.1. Set up Azure AD registered Windows 10 devices
               3.6.5.2. Set up Azure AD joined devices
               3.6.5.3. Set up hybrid Azure AD joined devices
               3.6.5.4. Deploy on-premises
               3.6.5.5. Azure AD join during Windows 10 first-run experience
          3.6.6. Troubleshoot
               3.6.6.1. Hybrid Azure AD joined Windows 10 and Windows Server 2016 devices
               3.6.6.2. Hybrid Azure AD joined legacy Windows devices
     3.7. Manage apps
          3.7.1. Overview
          3.7.2. Getting started
          3.7.3. SaaS app integration tutorials
          3.7.4. Cloud App Discovery
               3.7.4.1. Create snapshot reports
               3.7.4.2. Configure continuous reporting
               3.7.4.3. Use a custom log parser
               3.7.4.4. Agent-based discovery
                    3.7.4.4.1. What is Cloud App Discovery?
                    3.7.4.4.2. Update registry settings
                    3.7.4.4.3. Understand security and privacy
          3.7.5. Access apps remotely with App Proxy
               3.7.5.1. Get started
                    3.7.5.1.1. Enable App Proxy
                    3.7.5.1.2. Publish apps
                    3.7.5.1.3. Custom domains
               3.7.5.2. Single sign-on
                    3.7.5.2.1. SSO with KCD
                    3.7.5.2.2. SSO with headers
                    3.7.5.2.3. SSO with password vaulting
               3.7.5.3. Concepts
                    3.7.5.3.1. Connectors
                    3.7.5.3.2. Security
                    3.7.5.3.3. Networks
                    3.7.5.3.4. Upgrade from TMG or UAG
               3.7.5.4. Advanced configurations
                    3.7.5.4.1. Publish on separate networks
                    3.7.5.4.2. Proxy servers
                    3.7.5.4.3. Claims-aware apps
                    3.7.5.4.4. Native client apps
                    3.7.5.4.5. Silent install
                    3.7.5.4.6. Custom home page
                    3.7.5.4.7. Translate inline links
               3.7.5.5. Publishing walkthroughs
                    3.7.5.5.1. Remote Desktop
                    3.7.5.5.2. SharePoint
                    3.7.5.5.3. Microsoft Teams
               3.7.5.6. Troubleshoot
          3.7.6. Manage enterprise apps
               3.7.6.1. Assign users
               3.7.6.2. Customize branding
               3.7.6.3. Disable user sign-ins
               3.7.6.4. Remove users
               3.7.6.5. View all my apps
               3.7.6.6. Manage user account provisioning
               3.7.6.7. Manage single sign-on for enterprise apps
               3.7.6.8. Advanced certificate signing for SAML apps
               3.7.6.9. Hide a third-party app from a user's experience
          3.7.7. Configure Sign-In Auto-Acceleration using HRD Policy
          3.7.8. Manage access to apps
               3.7.8.1. SSO access
               3.7.8.2. Certificates for SSO
               3.7.8.3. Tenant restrictions
               3.7.8.4. Use SCIM provision users
          3.7.9. Troubleshoot
               3.7.9.1. Application Development
                    3.7.9.1.1. Configuration and Registration
                    3.7.9.1.2. Development
               3.7.9.2. Application Management
                    3.7.9.2.1. Configuration
                    3.7.9.2.2. Sign-in
                    3.7.9.2.3. Provisioning
                    3.7.9.2.4. Managing Access
                    3.7.9.2.5. Access Panel
                    3.7.9.2.6. Application Proxy
                    3.7.9.2.7. Conditional Access
          3.7.10. Develop apps
          3.7.11. Document library
     3.8. Manage your directory
          3.8.1. Azure AD Connect
          3.8.2. Custom domain names
               3.8.2.1. Quickstart
               3.8.2.2. Add custom domain names
          3.8.3. Administer your directory
          3.8.4. Multiple directories
          3.8.5. Self-service signup
          3.8.6. Take over an unmanaged directory
          3.8.7. Enterprise State Roaming
               3.8.7.1. Enable
               3.8.7.2. Group policy settings
               3.8.7.3. Windows 10 settings
               3.8.7.4. FAQs
               3.8.7.5. Troubleshoot
          3.8.8. Integrate on-premises identities using Azure AD Connect
     3.9. Manage access to Azure
     3.10. Delegate access to resources
          3.10.1. Administrator roles
               3.10.1.1. Assign admin roles
          3.10.2. Administrative units
          3.10.3. Configure token lifetimes
     3.11. Access reviews
          3.11.1. Access reviews overview
          3.11.2. Complete an access review
          3.11.3. Create an access review
          3.11.4. How to perform an access review
          3.11.5. How to review your access
          3.11.6. Guest access with access reviews
          3.11.7. Managing user access with reviews
          3.11.8. Managing programs and controls
     3.12. Secure your identities
          3.12.1. Conditional access
               3.12.1.1. Controls
               3.12.1.2. Get started
               3.12.1.3. Best practices
               3.12.1.4. Understand device policies for Office 365 services
               3.12.1.5. Migrate classic policies
               3.12.1.6. Tasks
                    3.12.1.6.1. Migrate classic MFA policy
                    3.12.1.6.2. Set up device-based conditional access
                    3.12.1.6.3. Set up app-based conditional access
                    3.12.1.6.4. Provide terms of use for users and apps
                    3.12.1.6.5. Set up VPN connectivity
                    3.12.1.6.6. Set up SharePoint and Exchange Online
                    3.12.1.6.7. Remediation
               3.12.1.7. Technical reference
               3.12.1.8. FAQs
          3.12.2. Windows Hello
               3.12.2.1. Authenticate without passwords
               3.12.2.2. Enable Windows Hello for Business
          3.12.3. Certificate-based Authentication
               3.12.3.1. Android
               3.12.3.2. iOS
               3.12.3.3. Get started
          3.12.4. Azure AD Identity Protection
               3.12.4.1. Enable
               3.12.4.2. Detect vulnerabilities
               3.12.4.3. Risk events
               3.12.4.4. Notifications
               3.12.4.5. Sign-in experience
               3.12.4.6. Simulate risk events
               3.12.4.7. Unblock users
               3.12.4.8. FAQs
               3.12.4.9. Glossary
               3.12.4.10. Microsoft Graph
          3.12.5. Privileged Identity Management
     3.13. Integrate other services with Azure AD
          3.13.1. Enable LinkedIn integration
     3.14. Deploy AD DS on Azure VMs
          3.14.1. Windows Server Active Directory on Azure VMs
          3.14.2. Replica domain controller in an Azure virtual network
          3.14.3. New forest on an Azure virtual network
     3.15. Deploy AD FS in Azure
          3.15.1. High availability
          3.15.2. Change signature hash algorithm
     3.16. Troubleshoot
          3.16.1. Troubleshoot Active Directory item is missing or not available
     3.17. Deploy Azure AD Proof of Concept (PoC)
          3.17.1. PoC Playbook: Introduction
          3.17.2. PoC Playbook: Ingredients
          3.17.3. PoC Playbook: Implementation
          3.17.4. PoC Playbook: Building Blocks
4. Reference
     4.1. Code samples
     4.2. Azure PowerShell cmdlets
     4.3. Java API Reference
     4.4. .NET API
     4.5. Service limits and restrictions
5. Related
     5.1. Multi-Factor Authentication
     5.2. Azure AD Connect
     5.3. Azure AD Connect Health
     5.4. Azure AD for developers
     5.5. Azure AD Privileged Identity Management
6. Resources
     6.1. Azure feedback forum
     6.2. Azure Roadmap
     6.3. MSDN forum
     6.4. Pricing
     6.5. Pricing calculator
     6.6. Service updates
     6.7. Stack Overflow
     6.8. Videos

Online Training Content

Date Title
5/30/2017 Azure204x - Microsoft Azure Identity
1/27/2017 Evolution of Identity
9/30/2016 Microsoft Azure for IT Pros Content Series: Azure Active Directory
8/18/2016 EMS technical training available on Microsoft Virtual Academy (MVA)
12/30/2015 Extend Your Datacenter to the Cloud
12/11/2015 Accelerate Your Journey to the Cloud with Integrated Identity
12/11/2015 Add Identity into Your Cloud-Based Apps
12/10/2015 Manage and Secure Identities in a Cloud and Mobile World
10/13/2015 Security in a Cloud-Enabled World
6/17/2015 Support Corner: Accessing Azure AD Portal from Office 365

Page 1 of 2

Tools

Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).

Videos

Date Title Length
11/21/2017 Cybersecurity Reference Architecture & Strategies: How to Plan for and Implement a Cybersecurity Strategy 0:33:49
11/20/2017 Identity on Azure Government 0:25:25
11/17/2017 Get enterprise security for big data apps with Azure Databricks | T162 0:08:38
11/15/2017 Get enterprise security for big data apps with Azure Databricks 0:08:37
11/15/2017 Introduction to Azure Databricks 0:03:38
11/9/2017 Windows Server System State with Azure Backup is now GA 0:05:05
10/10/2017 Managing enterprise applications, permissions, and consent in Azure Active Directory | THR2071 0:37:11
10/5/2017 Enterprise-grade security for your cloud apps with Microsoft Cloud App Security | THR2197R 0:17:00
10/5/2017 Ensure users have the right access with Azure Active Directory | BRK3013 1:20:33
10/5/2017 Windows 10 management with Microsoft 365 Business (Repeat) | THR2216R 0:18:35

Page 1 of 22