MSDN Documentation

Your Gateway to Microsoft Technologies

Azure AD Identity Management

Secure, manage, and govern your identities across Azure and your applications.

Understanding Azure Active Directory Identity Management

Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service. It helps your employees sign in and access resources, whether they're on-premises or in the cloud. Azure AD provides core identity and access management capabilities, including single sign-on (SSO) to thousands of SaaS applications and access to your own applications.

Key Concepts

  • Users: Represent individuals who need access to resources.
  • Groups: Collections of users, devices, or other groups used to manage access.
  • Applications: SaaS apps, custom apps, or on-premises apps that users need to access.
  • Roles: Define permissions and responsibilities within Azure AD.
  • Conditional Access: Policies that control how users can access applications based on conditions.

Core Features

Azure AD offers a robust set of features for managing digital identities:

  • Identity Protection: Detect and remediate risks by monitoring user sign-ins and activities.
  • Multi-Factor Authentication (MFA): Enhance security by requiring more than one form of verification.
  • Single Sign-On (SSO): Allow users to sign in once to access multiple applications.
  • Device Management: Manage and secure devices that access your organization's resources.
  • Application Proxy: Provide secure remote access to on-premises web applications.

Getting Started with Azure AD

To begin managing identities with Azure AD, you'll typically perform the following steps:

  1. Create or Integrate an Azure AD Tenant: You can start with a new tenant or integrate your existing on-premises Active Directory.
  2. Add Users and Groups: Populate your tenant with users and organize them into groups for efficient management.
  3. Configure Applications: Register and configure SaaS or custom applications for SSO and access control.
  4. Implement Security Policies: Set up MFA, Conditional Access policies, and Identity Protection to secure your environment.
  5. Monitor and Report: Utilize Azure AD's reporting and monitoring tools to track sign-ins, risks, and access.

Example: Enabling Multi-Factor Authentication

Enabling MFA is a critical step in securing user access. Here's a simplified conceptual example of how you might configure a Conditional Access policy:


# Azure CLI example (conceptual)
az ad conditional-access policy create \
  --name "Require MFA for Admins" \
  --conditions '{"users":{"includeGroups":[""]},"applications":{"includeApplications":["*"]}}' \
  --grant-controls '{"operator":"OR", "mfa":true, "approvedApplication":false, "termsOfUse":false}' \
  --state "enabled"

Further Reading