Azure AD

Official Documentation

Service Description

Microsoft Azure Active Directory is a directory service in which users and their organizational affiliations can be stored. Users can log in using this service. They will then receive a security token that they can pass to applications verify their user identity. Azure also allows synchronization of content with a locally operated Windows Server Active Directory. The Microsoft Azure Active Directory is primarily designed for use with cloud-based applications (such as Office 365). In scenarios requiring a full Active Directory (e.g., if a customer's data center is to be expanded to the cloud using Virtual Machines and Virtual Network), a virtual machine with a conventional Windows Server Active Directory should be used.

The Microsoft Azure Active Directory Graph provides a RESTful API for access to the Microsoft Azure Active Directory. This makes it possible to read a user's organizational affiliations and linkages with other users, the Social Graph.

Getting Started

  1. Azure AD Learning Path
    9/27/2016, Webpage
  2. Azure Active Directory Core Skills Jump Start
    4/8/2015, Mva

Azure Documentation

1. Overview
     1.1. What is Azure Active Directory?
     1.2. Choose edition
     1.3. About Azure identity management
     1.4. Preview the Azure AD portal experience
2. Get started
     2.1. Get an Azure AD tenant
     2.2. Sign up for Azure AD Premium
     2.3. Associate Azure subscriptions
     2.4. Manage Azure AD licensing
          2.4.1. Azure portal
          2.4.2. Classic portal
     2.5. Get Azure for your organization
     2.6. FAQs
     2.7. SaaS app tutorials
3. How to
     3.1. Plan and design
          3.1.1. Deploy a hybrid identity solution
               3.1.1.1. Determine requirements
                    3.1.1.1.1. Identity
                    3.1.1.1.2. Directory sync
                    3.1.1.1.3. Multi-factor auth
                    3.1.1.1.4. Identity lifecycle strategy
               3.1.1.2. Plan for data security
                    3.1.1.2.1. Data protection
                    3.1.1.2.2. Content management
                    3.1.1.2.3. Access control
                    3.1.1.2.4. Incident response
               3.1.1.3. Plan your identity lifecycle
                    3.1.1.3.1. Tasks
                    3.1.1.3.2. Adoption strategy
               3.1.1.4. Next steps
               3.1.1.5. Tools comparison
     3.2. Manage users
          3.2.1. Add users
               3.2.1.1. Azure portal
               3.2.1.2. Classic portal
          3.2.2. Add users from other directories (classic portal)
          3.2.3. Delete users
          3.2.4. Manage user profiles
          3.2.5. Reset a password
          3.2.6. Manage user work information
          3.2.7. Share accounts
     3.3. Manage groups and members
          3.3.1. Manage groups
               3.3.1.1. Azure portal
               3.3.1.2. Classic portal
               3.3.1.3. PowerShell
          3.3.2. Manage group members
          3.3.3. Manage group owners
          3.3.4. Manage group membership
          3.3.5. View all groups
          3.3.6. Enable dedicated groups
          3.3.7. Add group access to SaaS apps
          3.3.8. Restore a deleted Office 365 group
          3.3.9. Manage group settings
               3.3.9.1. Azure portal
               3.3.9.2. Cmdlets
          3.3.10. Create advanced rules
               3.3.10.1. Azure portal
               3.3.10.2. Classic portal
          3.3.11. Group-based licensing
               3.3.11.1. Assign licenses to a group
               3.3.11.2. Identify and resolve license problems for a group
               3.3.11.3. Migrate individual licensed users to group-based licensing
               3.3.11.4. Additional scenarios for group-based licensing
               3.3.11.5. PowerShell examples for group-based licensing
          3.3.12. Set up self-service groups
          3.3.13. Troubleshoot
     3.4. Manage reports
          3.4.1. Sign-ins activity
          3.4.2. Audit activity
          3.4.3. Users at risk
          3.4.4. Risky sign-ins
          3.4.5. Risk events
          3.4.6. Named networks
          3.4.7. Report migration
          3.4.8. Retention
          3.4.9. Latencies
          3.4.10. FAQ
          3.4.11. Troubleshoot
               3.4.11.1. Missing audit data
               3.4.11.2. Missing data in downloads
          3.4.12. Access
               3.4.12.1. Audit reference
               3.4.12.2. Audit samples
               3.4.12.3. Prerequisites
               3.4.12.4. Sign-in reference
               3.4.12.5. Sign-in samples
          3.4.13. Classic portal
               3.4.13.1. Azure AD reporting
               3.4.13.2. Reporting guide
               3.4.13.3. Known networks
               3.4.13.4. API
               3.4.13.5. Audit events
               3.4.13.6. Latencies
               3.4.13.7. Notifications
               3.4.13.8. Understand reports
                    3.4.13.8.1. Irregular sign-in
                    3.4.13.8.2. Multiple failures
                    3.4.13.8.3. Suspicious IP addresses
                    3.4.13.8.4. Multiple geographies
                    3.4.13.8.5. Possibly infected devices
                    3.4.13.8.6. Unknown sources
                    3.4.13.8.7. Anomalous sign-ins
     3.5. Manage passwords
          3.5.1. Reset or change your password
          3.5.2. Register for self-service password reset
          3.5.3. Administrators enable self-service password reset
          3.5.4. Understand password management
          3.5.5. Understand policies and restrictions
          3.5.6. Reset passwords
               3.5.6.1. Azure portal
               3.5.6.2. Classic portal
          3.5.7. Set expiration policies
          3.5.8. Enable password management
               3.5.8.1. Get started
               3.5.8.2. Deploy
               3.5.8.3. Customize
               3.5.8.4. View reports
               3.5.8.5. Learn more
               3.5.8.6. FAQs
               3.5.8.7. Troubleshoot
     3.6. Manage devices
          3.6.1. Register devices
               3.6.1.1. Setup
               3.6.1.2. Deploy on-premises
               3.6.1.3. FAQs
               3.6.1.4. Troubleshoot
                    3.6.1.4.1. Troubleshooting for Windows 10 and Windows Server 2016
                    3.6.1.4.2. Troubleshooting for Windows down-level clients
          3.6.2. Azure AD Join
               3.6.2.1. Plan
               3.6.2.2. Set up device registration
               3.6.2.3. Register new devices
               3.6.2.4. Deploy
               3.6.2.5. Understand Windows 10 integration
               3.6.2.6. Use Windows 10 devices
               3.6.2.7. Join your device
               3.6.2.8. Join a Windows 10 device
     3.7. Manage apps
          3.7.1. Overview
          3.7.2. Getting started
          3.7.3. Cloud App Discovery
               3.7.3.1. Update registry settings
               3.7.3.2. Understand security and privacy
          3.7.4. Give remote access to your apps
               3.7.4.1. Enable App Proxy
               3.7.4.2. Understand connectors
               3.7.4.3. Publish apps
               3.7.4.4. Security
               3.7.4.5. Networks
               3.7.4.6. Remote Desktop
               3.7.4.7. SharePoint
               3.7.4.8. Publish on separate networks
               3.7.4.9. Proxy servers
               3.7.4.10. Custom domains
               3.7.4.11. Access apps
                    3.7.4.11.1. Azure portal
               3.7.4.12. SSO with KCD
               3.7.4.13. SSO with headers
               3.7.4.14. Claims-aware apps
               3.7.4.15. Native client apps
               3.7.4.16. Custom home page
               3.7.4.17. Conditional access
               3.7.4.18. Silent install
               3.7.4.19. Microsoft Forefront
               3.7.4.20. Troubleshoot
               3.7.4.21. Use the classic portal
                    3.7.4.21.1. Download connectors
                    3.7.4.21.2. Publish apps
                    3.7.4.21.3. Use connectors
          3.7.5. Manage enterprise apps
               3.7.5.1. Assign users
               3.7.5.2. Customize branding
               3.7.5.3. Disable user sign-ins
               3.7.5.4. Remove users
               3.7.5.5. View all my apps
               3.7.5.6. Manage user account provisioning
          3.7.6. Develop
               3.7.6.1. Assign users
               3.7.6.2. Assign groups
               3.7.6.3. Require assignment
               3.7.6.4. Develop LoB apps
          3.7.7. Manage access to apps
               3.7.7.1. Self-service access
               3.7.7.2. Certificates for SSO
               3.7.7.3. Tenant restrictions
               3.7.7.4. Use SCIM provision users
          3.7.8. Troubleshoot
               3.7.8.1. Application Development
                    3.7.8.1.1. Configuration and Registration
                    3.7.8.1.2. Development
               3.7.8.2. Application Management
                    3.7.8.2.1. Configuration
                    3.7.8.2.2. Sign-in
                    3.7.8.2.3. Provisioning
                    3.7.8.2.4. Managing Access
                    3.7.8.2.5. Access Panel
                    3.7.8.2.6. Application Proxy
                    3.7.8.2.7. Conditional Access
          3.7.9. Document library
     3.8. Manage your directory
          3.8.1. Azure AD Connect
          3.8.2. Custom domain names
               3.8.2.1. Overview
               3.8.2.2. Add your domain name
                    3.8.2.2.1. Azure portal
                    3.8.2.2.2. Classic portal
                    3.8.2.2.3. With AD FS
               3.8.2.3. Assign users
               3.8.2.4. Manage domain names
                    3.8.2.4.1. Azure portal
                    3.8.2.4.2. Classic portal
          3.8.3. Customize the sign-in page
               3.8.3.1. Azure portal
               3.8.3.2. Language-specific
               3.8.3.3. Classic portal
          3.8.4. Administer your directory
          3.8.5. Multiple directories
          3.8.6. O365 directories
          3.8.7. Self-service signup
          3.8.8. Enterprise State Roaming
               3.8.8.1. Enable
               3.8.8.2. Group policy settings
               3.8.8.3. Windows 10 settings
               3.8.8.4. FAQs
               3.8.8.5. Troubleshoot
          3.8.9. Integrate partners with Azure AD B2B
               3.8.9.1. Admins adding B2B users
               3.8.9.2. Information workers adding B2B users
               3.8.9.3. API and customization
               3.8.9.4. Code and PowerShell samples
               3.8.9.5. Self-service sign-up portal sample
               3.8.9.6. Invitation email
               3.8.9.7. Invitation redemption
               3.8.9.8. Conditional access for B2B
               3.8.9.9. B2B sharing policies
               3.8.9.10. Add a B2B user to a role
               3.8.9.11. Dynamic groups and B2B users
               3.8.9.12. Auditing and reports
               3.8.9.13. B2B and Office 365 external sharing
               3.8.9.14. Licensing
               3.8.9.15. Current limitations
               3.8.9.16. FAQ
               3.8.9.17. Troubleshooting B2B
               3.8.9.18. Understand the B2B user
               3.8.9.19. B2B user token
               3.8.9.20. B2B for Azure AD integrated apps
               3.8.9.21. B2B user claims mapping
               3.8.9.22. Compare B2B collaboration to B2C
               3.8.9.23. Getting support for B2B
          3.8.10. Integrate on-premises identities using Azure AD Connect
     3.9. Delegate access to resources
          3.9.1. Administrator roles
               3.9.1.1. Assign admin roles
          3.9.2. Administrative units
          3.9.3. Resource access in Azure
          3.9.4. Role-Based Access Control
               3.9.4.1. Manage access assignments
                    3.9.4.1.1. By user
                    3.9.4.1.2. By resource
               3.9.4.2. Built-in roles
               3.9.4.3. Custom roles
               3.9.4.4. Reporting
               3.9.4.5. More ways to manage roles
                    3.9.4.5.1. Azure CLI
                    3.9.4.5.2. PowerShell
                    3.9.4.5.3. REST
               3.9.4.6. Troubleshoot
          3.9.5. Configure token lifetimes
     3.10. Secure your identities
          3.10.1. Conditional access
               3.10.1.1. Get started
               3.10.1.2. Supported apps
               3.10.1.3. Understand device policies
               3.10.1.4. Set up access to connected apps
               3.10.1.5. FAQs
               3.10.1.6. Troubleshoot
               3.10.1.7. Reference
          3.10.2. Windows Hello
               3.10.2.1. Authenticate without passwords
               3.10.2.2. Enable Windows Hello for Business
          3.10.3. Certificate-based Authentication
               3.10.3.1. Android
               3.10.3.2. iOS
               3.10.3.3. Get started
          3.10.4. Azure AD Identity Protection
               3.10.4.1. Enable
               3.10.4.2. Detect vulnerabilities
               3.10.4.3. Risk events
               3.10.4.4. Notifications
               3.10.4.5. Sign-in experience
               3.10.4.6. Simulate risk events
               3.10.4.7. Unblock users
               3.10.4.8. Glossary
               3.10.4.9. Microsoft Graph
          3.10.5. Privileged Identity Management
     3.11. Deploy AD DS on Azure VMs
          3.11.1. Windows Server Active Directory on Azure VMs
          3.11.2. Replica domain controller in an Azure virtual network
          3.11.3. New forest on an Azure virtual network
     3.12. Deploy AD FS in Azure
          3.12.1. High availability
          3.12.2. Change signature hash algorithm
     3.13. Troubleshoot
     3.14. Deploy Azure AD Proof of Concept (PoC)
          3.14.1. PoC Playbook: Introduction
          3.14.2. PoC Playbook: Ingredients
          3.14.3. PoC Playbook: Implementation
          3.14.4. PoC Playbook: Building Blocks
4. Reference
     4.1. PowerShell cmdlets
     4.2. Java API Reference
     4.3. .NET API
     4.4. Service limits and restrictions
5. Related
     5.1. Multi-Factor Authentication
     5.2. Azure AD Connect
     5.3. Azure AD Connect Health
     5.4. Azure AD for developers
     5.5. Azure AD Privileged Identity Management
6. Resources
     6.1. Pricing
     6.2. MSDN forum
     6.3. Stack Overflow
     6.4. Videos
     6.5. Service updates
     6.6. Azure feedback forum

Tools

Tool Description
Azure Active Directory Extended Schema Manager GUI editor to register / unregister Azure Active Directory extended properties(schemas).