Azure Active Directory

Getting Started with Azure Active Directory

Welcome to Azure Active Directory (Azure AD)! This guide will help you set up your first Azure AD tenant and understand the fundamental steps to start managing identities and access for your organization.

What is Azure Active Directory?

Azure Active Directory is a cloud-based identity and access management service. It allows you to manage users, groups, and applications, and to control who has access to what resources. Azure AD is the backbone for many Microsoft cloud services, including Microsoft 365, Azure, and Dynamics 365.

Step 1: Create an Azure AD Tenant

A tenant represents your organization in Azure AD. It's a dedicated instance that your users, groups, and applications are associated with.

To create your Azure AD tenant:

  1. Sign in to the Azure portal with an account that has an Azure subscription.
  2. In the Azure portal, search for and select Azure Active Directory.
  3. On the Azure Active Directory overview page, click Create a tenant.
  4. Choose the tenant type:
    • Azure AD: For managing your organization's users and applications.
    • Azure AD B2C: For customer-facing applications that manage user identities.
  5. Click Next: Configuration.
  6. Enter the organization details, including the domain name. The domain name must be unique across Azure AD. For example, yourcompany.onmicrosoft.com.
  7. Review the details and click Create.

Step 2: Add Users

Once your tenant is set up, you can start adding users. These users can then be granted access to applications and resources.

  1. In your Azure AD tenant, navigate to Users.
  2. Click New user.
  3. Choose between:
    • Create new user: For users within your organization.
    • Invite external user: For users from other organizations.
  4. Fill in the required user details, such as name, username, and initial password.
  5. Click Create.

Step 3: Assign Roles

Azure AD uses role-based access control (RBAC) to manage permissions. You can assign built-in roles or create custom roles to grant specific permissions to users.

Common roles include:

  • Global Administrator: Has access to all administrative features. Use sparingly.
  • User Administrator: Can manage users and groups.
  • Application Administrator: Can manage application registrations and enterprise applications.

To assign a role:

  1. Navigate to the user you want to assign a role to.
  2. Click on Assigned roles.
  3. Click Add assignments and select the desired role.

Note: It's a best practice to assign the least privilege necessary. Avoid assigning the Global Administrator role unless absolutely required.

Step 4: Connect an Application

Azure AD enables you to manage access to a wide range of applications, from Microsoft services to third-party SaaS applications.

  1. In your Azure AD tenant, navigate to Enterprise applications.
  2. Click New application.
  3. Browse or search for the application you want to add. Azure AD offers a gallery of pre-integrated applications.
  4. Select the application and click Create.
  5. Follow the prompts to configure single sign-on (SSO) and user assignments for the application.

Important: Secure your applications by configuring multi-factor authentication (MFA) for all users, especially administrators.

Next Steps

Congratulations! You've completed the initial setup for Azure AD. Here are some recommendations for your next steps:

Explore Core Concepts