Azure AD


Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. 6/1/2016, Whitepaper
    Azure AD can be truly seen as an Identity Management as a Service (IdMaaS) cloud multi-tenant service. This document is intended for IT professionals, system architects, and...
  2. 5/30/2017, Mva
    This course focuses on important concepts such as what makes Azure AD different from on-premises AD, differences in managing users and groups and the implementing custom...
  3. 2/10/2017, Video, 1:06:06
    In this session, Simon will introduce the Microsoft Authentication and Authorization system. He'll cover the protocols (oAuth2, OpenID Connect), Libraries (MSAL, ADAL) and...
  4. 10/2/2018, Video, 0:46:22
    Join the Azure Active Directory customer success team and learn how they helped hundreds of customers around the world to accelerate digital transformation with identity and...

Upcoming Events


Latest Content

Subscribe to News about Azure AD


Web Content

Azure AD Documentation

1. Azure Active Directory Documentation
2. Overview
     2.1. What is Azure Active Directory?
     2.2. About Azure identity management
     2.3. Understand Azure identity solutions
     2.4. Associate Azure subscriptions
     2.5. Residency and data considerations
     2.6. FAQs
     2.7. What's New
3. Get started
     3.1. Sign up for Azure AD Premium
     3.2. Add a custom domain name
     3.3. Configure company branding
     3.4. Add users to Azure AD
     3.5. Assign licenses to users
     3.6. Configure Self-service password reset
     3.7. Add your organization's privacy info in Azure AD
     3.8. Access Azure Active Directory to create a new tenant
4. How to
     4.1. Plan and design
          4.1.1. Understand Azure AD architecture
          4.1.2. Claims mapping in Azure Active Directory
          4.1.3. Deploy a hybrid identity solution
      Determine requirements
           Directory sync
           Multi-factor auth
           Identity lifecycle strategy
      Plan for data security
           Data protection
           Content management
           Access control
           Incident response
      Plan your identity lifecycle
           Adoption strategy
      Next steps
      Tools comparison
     4.2. Manage users
          4.2.1. Add new users to Azure AD
          4.2.2. Manage user profiles
          4.2.3. Reset user passwords
          4.2.4. Assign users to admin roles
          4.2.5. Add guest users from another directory (B2B)
      Admins adding B2B users
      Information workers adding B2B users
      API and customization
      Google federation
      Code and Azure PowerShell samples
      Self-service sign-up portal sample
      Invitation email
      Invitation redemption
      Add B2B users without an invitation
      Allow or block invitations
      Conditional access for B2B
      B2B sharing policies
      Add a B2B user to a role
      Dynamic groups and B2B users
      Leave an organization
      Auditing and reports
      B2B for hybrid organizations
           Grant B2B users access to local apps
           Grant local users access to cloud apps
      B2B and Office 365 external sharing
      B2B licensing
      Current limitations
      Troubleshooting B2B
      Understand the B2B user
      B2B user token
      B2B for Azure AD integrated apps
      B2B user claims mapping
      Compare B2B collaboration to B2C
      Getting support for B2B
     4.3. Manage groups and members
          4.3.1. Manage groups
          4.3.2. Delete a group and its members
          4.3.3. Manage group settings
     4.4. Manage reports
          4.4.1. Sign-ins activity
          4.4.2. Audit activity
          4.4.3. Users at risk
          4.4.4. Risky sign-ins
          4.4.5. Risk events
          4.4.6. Monitoring logs using Azure Monitor
          4.4.7. FAQ
          4.4.8. Tasks
      Download a sign-in report
      Download an audit report
      Configure named locations
      Find activity reports
      Use the Azure AD Power BI Content Pack
      Remediate users flagged for risk
      Route activity logs to an Azure event hub
      Archive activity logs to an Azure storage account
      Integrate activity logs with Splunk using Azure Monitor
      Integrate activity logs with SumoLogic using Azure Monitor
      Integrate activity logs with Log Analytics using Azure Monitor
          4.4.9. Reference
      Audit activity reference
      Sign-in activity error codes
      Interpret the audit log schema in Azure Monitor
      Interpret the sign-in log schema in Azure Monitor
          4.4.10. Troubleshoot
      Missing data in Azure AD activity logs
      Missing data in downloads
      Errors in Azure AD Reporting API
          4.4.11. Programmatic Access
      Using certificates
     4.5. Manage passwords
     4.6. Manage apps
          4.6.1. Overview
          4.6.2. Getting started
          4.6.3. SaaS app integration tutorials
          4.6.4. User provisioning and deprovisioning to SaaS apps
      App integration tutorials
      Automate provisioning to SCIM-enabled apps
      Customize attribute mappings
      Write expressions for attribute mappings
      Use scoping filters
      Report on automatic user provisioning
      Troubleshoot user provisioning
          4.6.5. Access apps remotely with App Proxy
      Get started
           Enable App Proxy
           Publish apps
           Custom domains
      Single sign-on
           SSO with KCD
           SSO with headers
           SSO with password vaulting
           Upgrade from TMG or UAG
      Advanced configurations
           Publish on separate networks
           Proxy servers
           Claims-aware apps
           Native client apps
           Silent install
           Custom home page
           Translate inline links
           Remove personal data
      Publishing walkthroughs
           Remote Desktop
           Microsoft Teams
          4.6.6. Manage enterprise apps
      Add an application
      View tenant apps
      Configure single sign-on
      Assign users
      Customize branding
      Disable user sign-ins
      Remove users
      Manage user account provisioning
      Advanced certificate signing for SAML apps
      Hide an application from a user's experience
          4.6.7. Configure Sign-In Auto-Acceleration using HRD Policy
          4.6.8. Migrate AD FS apps to Azure AD
          4.6.9. Manage access to apps
      SSO access
      Certificates for SSO
      Tenant restrictions
      Use SCIM provision users
          4.6.10. Understanding Azure AD application consent experiences
          4.6.11. Troubleshoot
      Access Panel
           App not appearing
           Unexpected app appearing
           Can't sign in
           Error installing browser extension
           How to use self-service app access
           Error using self-service app access
      Adding an app
           Choose app type
           Common problems - gallery apps
           Common problems - non-gallery apps
      Application Proxy
           Problem displaying app page
           Application load is too long
           Links on application page not working
           What ports to open for my app
           No working connector in a connector group for my app
           Configure in admin portal
           Configure single sign-on to my app
           Problem creating an app in admin portal
           Configure Kerberos Constrained Delegation
           Configure with PingAccess
           "Can't Access this Corporate Application" error
           Problem installing the Application Proxy Agent Connector
      Application registration
           Enter fields for the application object
           Change token lifetime defaults
           Configure endpoints
      Conditional Access
           Customer did not meet Device Registration pre-reqs
           How and when do off corpnet rules take effect?
           How to increase the number of devices that user is allowed to register in Azure AD?
           How to set up Conditional Access for Exchange Online?
           How to set up Conditional Access for Windows 7 devices?
           Which applications are supported with conditional access?
      Find an API
           Find an API
      Managing access
           Assign users and groups to an app
           Remove a users access to an app
           Configure self-service app assignment
           Unexpected user assigned
           Unexpected app in the applications list
      Multi-tenant apps
           Configure a new app
           Add to the app gallery
           Choose permissions for an API
           Delegated vs application permissions
           Application consent
           How long it takes
           Taking hours - gallery app
           Configure user provisioning - gallery app
           Problem configuring user provisioning - gallery app
           Problem saving administrator credentials while configuring user provisioning gallery app
           Users are not provisioned - gallery app
           Wrong users provisioned - gallery app
           SCIM compatibility issues - non-gallery app
      Single sign-on
           Choose a method
           Configure federated - gallery apps
           Configuring federated common problems - gallery apps
           Configure federated - non-gallery apps
           Configure federated common problems - non-gallery apps
           Configure password - gallery apps
           Configure password common problems - gallery apps
           Configure password - non-gallery apps
           Configure password common problems - non-gallery apps
      User sign-in problems
           Unexpected consent prompt
           User consent error
           Problems signing in from custom portal
           Problems signing in from access panel
           Error on application sign-in page
           Problem with password single sign-on - non-gallery app
           Problem with password single sign-on - gallery app
           Problem signing into a Microsoft app
           Problem with federated single sign-on - non-gallery app
           Problem with federated single sign-on - gallery app
           Problem with custom-developed app
           Problem with on-premises app - Application Proxy
     4.7. Manage your directory
          4.7.1. Azure AD Connect
          4.7.2. Custom domain names
          4.7.3. Administer your directory
          4.7.4. Integrate on-premises identities using Azure AD Connect
          4.7.5. Configure token lifetimes
     4.8. Secure your identities
          4.8.1. Privileged Identity Management
     4.9. Troubleshoot
     4.10. Deploy Azure AD Proof of Concept (PoC)
          4.10.1. PoC Playbook: Introduction
          4.10.2. PoC Playbook: Ingredients
          4.10.3. PoC Playbook: Implementation
          4.10.4. PoC Playbook: Building Blocks
5. Reference
     5.1. Code samples
     5.2. Azure PowerShell cmdlets
     5.3. Java API Reference
     5.4. .NET API
6. Related
     6.1. Multi-Factor Authentication
     6.2. Azure AD Connect
     6.3. Azure AD Connect Health
     6.4. Azure AD for developers
     6.5. Azure AD Privileged Identity Management
7. Resources
     7.1. Azure AD deployment plans
     7.2. Azure feedback forum
     7.3. Azure Roadmap
     7.4. MSDN forum
     7.5. Pricing
     7.6. Pricing calculator
     7.7. Service updates
     7.8. Stack Overflow
     7.9. Videos

Online Training Content

Date Title
5/30/2017 Edx: Microsoft Azure Identity
1/27/2017 Evolution of Identity
9/30/2016 Microsoft Azure for IT Pros Content Series: Azure Active Directory
8/18/2016 EMS technical training available on Microsoft Virtual Academy (MVA)
12/30/2015 Extend Your Datacenter to the Cloud
12/11/2015 Accelerate Your Journey to the Cloud with Integrated Identity
12/11/2015 Add Identity into Your Cloud-Based Apps
12/10/2015 Manage and Secure Identities in a Cloud and Mobile World
10/13/2015 Security in a Cloud-Enabled World
6/17/2015 Support Corner: Accessing Azure AD Portal from Office 365

Page 1 of 2


Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).


Date Title Length
Helping Subscribers Get the Most out of Azure
How to register for Azure Multi-Factor Authentication
How to use Azure AD Logs in Azure Monitor Diagnostics
How to report UX and APIs in Azure Active Directory
How to add MFA to your Exchange on-premises or Exchange Online mailboxes in 20 - THR3024R
How to build a movie review app with Azure Cosmos DB and Azure Functions | Azure Makers Series
From the trenches: Hardening your Azure Active Directory tenant - THR2214
Staying secure with Azure AD and Microsoft Secure Score - THR3041
Securing your hybrid cloud environments with Azure ATP and AAD Identity Protection - BRK3237
Granting partners and suppliers access to resources using Azure Active Directory B2B - BRK3249

Page 1 of 37