Azure AD

Official Documentation

Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. 9/27/2016, Webpage
    Azure Active Directory is a platform you can use to manage identity in your applications. This learning path will help you get started developing applications that use AAD to...
  2. 5/30/2017, Mva
    This course focuses on important concepts such as what makes Azure AD different from on-premises AD, differences in managing users and groups and the implementing custom...
  3. 4/8/2015, Mva
    Constantly resetting customer passwords? Want to extend your on-premises Active Directory? Join us to explore Azure Active Directory (Azure AD) as we kick off our Enterprise...
  4. 2/10/2017, Video, 1:06:06
    In this session, Simon will introduce the Microsoft Authentication and Authorization system. He'll cover the protocols (oAuth2, OpenID Connect), Libraries (MSAL, ADAL) and...

Latest Content

Subscribe to News about Azure AD


Web Content

Azure Documentation

1. Azure Active Directory Documentation
2. Overview
     2.1. What is Azure Active Directory?
     2.2. About Azure identity management
     2.3. Understand Azure identity solutions
     2.4. Choose a hybrid identity solution
     2.5. Associate Azure subscriptions
     2.6. FAQs
     2.7. What's New
3. Get started
     3.1. Get started with Azure AD
     3.2. Sign up for Azure AD Premium
     3.3. Add a custom domain name
     3.4. Configure company branding
     3.5. Add users to Azure AD
     3.6. Assign licenses to users
     3.7. Configure Self-service password reset
4. How to
     4.1. Plan and design
          4.1.1. Understand Azure AD architecture
          4.1.2. Claims mapping in Azure Active Directory
          4.1.3. Deploy a hybrid identity solution
      Determine requirements
           Directory sync
           Multi-factor auth
           Identity lifecycle strategy
      Plan for data security
           Data protection
           Content management
           Access control
           Incident response
      Plan your identity lifecycle
           Adoption strategy
      Next steps
      Tools comparison
     4.2. Manage users
          4.2.1. Add new users to Azure AD
          4.2.2. Manage user profiles
          4.2.3. Share accounts
          4.2.4. Assign users to admin roles
          4.2.5. Restore a deleted user
          4.2.6. Add guest users from another directory (B2B)
      Admins adding B2B users
      Information workers adding B2B users
      API and customization
      Code and Azure PowerShell samples
      Self-service sign-up portal sample
      Invitation email
      Invitation redemption
      Add B2B users without an invitation
      Allow or block invitations
      Conditional access for B2B
      B2B sharing policies
      Add a B2B user to a role
      Dynamic groups and B2B users
      Auditing and reports
      B2B for hybrid organizations
      B2B and Office 365 external sharing
      B2B licensing
      Current limitations
      Troubleshooting B2B
      Understand the B2B user
      B2B user token
      B2B for Azure AD integrated apps
      B2B user claims mapping
      Compare B2B collaboration to B2C
      Getting support for B2B
     4.3. Manage groups and members
          4.3.1. Manage groups
      Azure portal
      Azure AD PowerShell for Graph (v2)
      Azure AD PowerShell MSOnline (v1)
          4.3.2. Manage group members
          4.3.3. Manage group owners
          4.3.4. Manage group membership
          4.3.5. Assign licenses using groups
      Assign licenses to a group
      Identify and resolve license problems in a group
      Migrate individual licensed users to group-based licensing
      Migrate users between product licenses
      Additional scenarios for group-based licensing
      Azure PowerShell examples for group-based licensing
      Reference for products and service plans in Azure AD
          4.3.6. Set up Office 365 groups expiration
          4.3.7. Enforce a naming policy for groups
          4.3.8. View all groups
          4.3.9. Add group access to SaaS apps
          4.3.10. Restore a deleted Office 365 group
          4.3.11. Manage group settings
          4.3.12. Create advanced rules
      Azure portal
          4.3.13. Set up self-service groups
          4.3.14. Troubleshoot
     4.4. Manage reports
          4.4.1. Sign-ins activity
          4.4.2. Audit activity
          4.4.3. Users at risk
          4.4.4. Risky sign-ins
          4.4.5. Risk events
          4.4.6. FAQ
          4.4.7. Tasks
      Configure named locations
      Find activity reports
      Use the Azure Active Directory Power BI Content Pack
      Remediate users flagged for risk
          4.4.8. Reference
      Sign-in activity error codes
      Multi-factor authentication
          4.4.9. Troubleshoot
      Missing audit data
      Missing data in downloads
      Azure Active Directory Activity logs content pack errors
          4.4.10. Programmatic Access
      Audit reference
      Sign-in reference
      Audit samples
      Sign-in samples
      Using certificates
     4.5. Manage passwords
          4.5.1. Passwords overview
          4.5.2. User documents
      Reset or change your password
      Password best practices
      Register for self-service password reset
          4.5.3. SSPR How it works
          4.5.4. SSPR Deployment guide
          4.5.5. SSPR and Windows 10
          4.5.6. SSPR Policies
          4.5.7. SSPR Customization
          4.5.8. SSPR Data requirements
          4.5.9. SSPR Reporting
          4.5.10. IT Admins: Reset passwords
      Azure portal
          4.5.11. License SSPR
          4.5.12. Password writeback
          4.5.13. Troubleshoot
          4.5.14. FAQ
     4.6. Manage devices
          4.6.1. Introduction
          4.6.2. Using the Azure portal
          4.6.3. Plan Azure AD Join
          4.6.4. FAQs
          4.6.5. Tasks
      Set up Azure AD registered Windows 10 devices
      Set up Azure AD joined devices
      Set up hybrid Azure AD joined devices
      Deploy on-premises
      Azure AD join during Windows 10 first-run experience
          4.6.6. Troubleshoot
      Hybrid Azure AD joined Windows 10 and Windows Server 2016 devices
      Hybrid Azure AD joined legacy Windows devices
     4.7. Manage apps
          4.7.1. Overview
          4.7.2. Getting started
          4.7.3. SaaS app integration tutorials
          4.7.4. Cloud App Discovery
      Create snapshot reports
      Configure continuous reporting
      Use a custom log parser
      Agent-based discovery
           What is Cloud App Discovery?
           Update registry settings
           Understand security and privacy
          4.7.5. User provisioning and deprovisioning to SaaS apps
      App integration tutorials
      Automate provisioning to SCIM-enabled apps
      Customize attribute mappings
      Write expressions for attribute mappings
      Use scoping filters
      Report on automatic user provisioning
      Troubleshoot user provisioning
          4.7.6. Access apps remotely with App Proxy
      Get started
           Enable App Proxy
           GDPR support
           Publish apps
           Custom domains
      Single sign-on
           SSO with KCD
           SSO with headers
           SSO with password vaulting
           Upgrade from TMG or UAG
      Advanced configurations
           Publish on separate networks
           Proxy servers
           Claims-aware apps
           Native client apps
           Silent install
           Custom home page
           Translate inline links
           Wildcard applications
      Publishing walkthroughs
           Remote Desktop
           Microsoft Teams
           Qlik Sense
          4.7.7. Manage enterprise apps
      Assign users
      Customize branding
      Disable user sign-ins
      Remove users
      View all my apps
      Manage user account provisioning
      Manage single sign-on for enterprise apps
      Advanced certificate signing for SAML apps
      Hide an application from a user's experience
          4.7.8. Configure Sign-In Auto-Acceleration using HRD Policy
          4.7.9. Migrate AD FS apps to Azure AD
          4.7.10. Manage access to apps
      SSO access
      Certificates for SSO
      Tenant restrictions
      Use SCIM provision users
          4.7.11. Troubleshoot
      Application Development
           Configuration and Registration
      Application Management
                Verifying a user is provisioned
                Provisioning taking a long time
                How to configure user provisioning
                Problem configuring provisioning
                Problem saving administrator credentials
                No users are being provisioned
                Wrong users are being provisioned
           Managing Access
           Access Panel
           Application Proxy
           Conditional Access
          4.7.12. Develop apps
          4.7.13. Document library
     4.8. Manage your directory
          4.8.1. Azure AD Connect
          4.8.2. Custom domain names
      Add custom domain names
          4.8.3. Administer your directory
          4.8.4. Multiple directories
          4.8.5. Self-service signup
          4.8.6. Take over an unmanaged directory
          4.8.7. Enterprise State Roaming
      Group policy settings
      Windows 10 settings
          4.8.8. Integrate on-premises identities using Azure AD Connect
     4.9. Manage access to Azure
     4.10. Delegate access to resources
          4.10.1. Administrator roles
      Assign admin role to a user
      Compare member and guest user permissions
          4.10.2. Securing privileged access
          4.10.3. Create emergency access administrative accounts
          4.10.4. Administrative units
          4.10.5. Configure token lifetimes
     4.11. Access reviews
          4.11.1. Access reviews overview
          4.11.2. Complete an access review
          4.11.3. Create an access review
          4.11.4. How to perform an access review
          4.11.5. How to review your access
          4.11.6. Guest access with access reviews
          4.11.7. Managing user access with reviews
          4.11.8. Managing programs and controls
     4.12. Secure your identities
          4.12.1. Conditional access
      Location condition
      Get started
      Best practices
      Understand device policies for Office 365 services
      Migrate classic policies
      What if tool
           Migrate classic MFA policy
           Set up device-based conditional access
           Set up app-based conditional access
           Provide terms of use for users and apps
           Set up VPN connectivity
           Set up SharePoint and Exchange Online
      Technical reference
          4.12.2. Certificate-based Authentication
      Get started
          4.12.3. Azure AD Identity Protection
      Detect vulnerabilities
      Risk events
      Sign-in experience
      Simulate risk events
      Unblock users
      Microsoft Graph
          4.12.4. Privileged Identity Management
     4.13. Integrate other services with Azure AD
          4.13.1. Integrate LinkedIn with Azure AD
     4.14. Deploy AD DS on Azure VMs
          4.14.1. Windows Server Active Directory on Azure VMs
          4.14.2. Replica domain controller in an Azure virtual network
          4.14.3. New forest on an Azure virtual network
     4.15. Deploy AD FS in Azure
          4.15.1. High availability
          4.15.2. Change signature hash algorithm
     4.16. Troubleshoot
          4.16.1. Troubleshoot Active Directory item is missing or not available
     4.17. Deploy Azure AD Proof of Concept (PoC)
          4.17.1. PoC Playbook: Introduction
          4.17.2. PoC Playbook: Ingredients
          4.17.3. PoC Playbook: Implementation
          4.17.4. PoC Playbook: Building Blocks
5. Reference
     5.1. Code samples
     5.2. Azure PowerShell cmdlets
     5.3. Java API Reference
     5.4. .NET API
     5.5. Service limits and restrictions
6. Related
     6.1. Multi-Factor Authentication
     6.2. Azure AD Connect
     6.3. Azure AD Connect Health
     6.4. Azure AD for developers
     6.5. Azure AD Privileged Identity Management
7. Resources
     7.1. Azure feedback forum
     7.2. Azure Roadmap
     7.3. MSDN forum
     7.4. Pricing
     7.5. Pricing calculator
     7.6. Service updates
     7.7. Stack Overflow
     7.8. Videos

Web Pages

Content Type
Choosing the Right Authentication Method for Azure AD Option 2 Event
Choosing the Right Authentication Method for Azure AD Option 1 Event
Implementing Microsoft Azure Infrastructure Solutions Event
Implementing Microsoft Azure Infrastructure Solutions Event
Implementing Microsoft Azure Infrastructure Solutions Event
Implementing Microsoft Azure Infrastructure Solutions Event
Intro to Azure AD B2C: Make it easy for your customers to securely Sign In and Sign Up to your applications Option 3 Event
Intro to Azure AD B2C: Make it easy for your customers to securely Sign In and Sign Up to your applications Option 2 Event
Manage Partner and Vendor Access Using Azure B2B Collaboration - Option 2 Event
Manage Partner and Vendor Access Using Azure B2B Collaboration - Option 1 Event
Getting Ready for Azure AD - Option 3 Event
Getting Ready for Azure AD - Option 2 Event
Getting Ready for Azure AD - Option 1 Event
The Developer’s Guide to Microsoft Azure, Second Edition Ebook
Azure AD Learning Path Webpage
Entity and Complex Type Reference Webpage
Active Directory from on-premises to the cloud – Azure AD whitepapers Whitepaper
An Overview of Azure AD Whitepaper
A Guide to Claims-Based Identity and Access Control (2nd Edition) Ebook
Azure Active Directory GitHub Repository Website
Azure AD Code Samples Website
Getting started with Azure AD Webpage
Building Cloud Apps with Microsoft Azure Ebook
Troubleshooting Active Directory Lingering Objects Lab
Protecting Data in Microsoft Azure Whitepaper

Online Training Content

Date Title
5/30/2017 Azure204x - Microsoft Azure Identity
1/27/2017 Evolution of Identity
9/30/2016 Microsoft Azure for IT Pros Content Series: Azure Active Directory
8/18/2016 EMS technical training available on Microsoft Virtual Academy (MVA)
12/30/2015 Extend Your Datacenter to the Cloud
12/11/2015 Accelerate Your Journey to the Cloud with Integrated Identity
12/11/2015 Add Identity into Your Cloud-Based Apps
12/10/2015 Manage and Secure Identities in a Cloud and Mobile World
10/13/2015 Security in a Cloud-Enabled World
6/17/2015 Support Corner: Accessing Azure AD Portal from Office 365

Page 1 of 2


Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).


Date Title Length
How to configure VPN integration in Microsoft Advanced Threat Analytics
How to sign in without a username or password to Azure Active Directory using FIDO
Cybersecurity Reference Architecture & Strategies: How to Plan for and Implement a Cybersecurity Strategy
Identity on Azure Government
Get enterprise security for big data apps with Azure Databricks | T162
Get enterprise security for big data apps with Azure Databricks
Introduction to Azure Databricks
Windows Server System State with Azure Backup is now GA
Managing enterprise applications, permissions, and consent in Azure Active Directory | THR2071
Enterprise-grade security for your cloud apps with Microsoft Cloud App Security | THR2197R

Page 1 of 22