Understanding Azure Active Directory

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Develop your talent with more than 10,000 online courses from LinkedIn Learning

Let's take a look at how the Azure Active Directory, or Azure AD, identity model is able to effectively provide us with an Active Directory lite from the cloud. Azure AD may sound complex, but it isn't really. It's the default identity model for Office 365. So you may have already used it when creating users in Office 365. Imagine a database containing just a few user attributes, such as name, tenant, role, and password, all stored in the cloud using the highly available Azure Cloud Services that can scale to millions of records, an Active Directory lite, if you will, all without the layers and complexity that an on-premises Active Directory gives you.

There are no costs for using Azure Active Directory. There are, however, additional paid subscription levels for using the Azure Active Directory Basic and Premium tiers. These provide value-added features, such as company branding on the portal and user self-service password reset. To understand the Azure AD life cycle, let's first run through a typical scenario. A new user is created and then managed in Office 365.

The user account information is stored in Azure AD. And then whenever the user needs to be verified, all identity and access management is performed by Azure AD. This is always available, and it uses cloud-based Infrastructure as a Service, or IaaS. Azure AD allows you to move your Active Directory authentication services to the cloud. Whether these are public or private clouds, the data is always safe and available and stored in the data center.

If you want to retain local ownership, you can use Federation Services to provide on-premises identity whilst at the same time allowing you to extend your Active Directory environment to the cloud. We know that the cloud offers scalability and always-on availability. Because Azure AD is hosted in the cloud, it can be depended upon and accessed anywhere. Microsoft is able to expose Azure AD to other services via web-based protocols and application programming interfaces, or APIs, which allow trusted communications with Azure AD.

With these secure APIs, Azure AD can integrate with other services, such as on-premises AD, and allow the ability to have a single sign-on, or SSO, between separate services. Azure AD simplifies authentication by providing identity as a service. That is, Azure AD is responsible for verifying the identity of users. This can be achieved through a number of industry standard protocols, such as OAuth 2.0, SAML 2.0, OpenID Connect, and Web Services Federation, or WS-Federation.

When you use Office 365, Azure, or Intune, you are indirectly interfacing with Azure AD. There are also a number of tools to manage Azure AD. If you already have an Azure subscription, you can use the Azure portal if you only need to add or modify a few users. The Azure AD Connect tool, which replaces DirSync, is the primary synchronization tool and allows on-premises Active Directory accounts to be synced with Azure AD.

For more complex environments, you can manage on-premises resources with Active Directory Directory Services, or AD DS, with the Lightweight Directory Access Protocol, or LDAP. And Active Directory Federation Services, AD FS, can then be deployed on site, and this then provides single sign-on control locally. If you prefer working at the command line, you can also interact directly with Azure AD using the AD Graph API, which is a REST API, or by using the Azure AD PowerShell cmdlets, such as Get-AzureADUser and New-AzureADUser.

LinkedIn Learning

LinkedIn Learning is an online learning platform that combines industry-leading content from Lynda.com with LinkedIn’s professional network of more than 500 million member profiles to provide highly personalized course recommendations and a more intuitive learning experience. Learn more.


  • Learn from recognized industry experts, and get the business, tech, and creative skills that are most in demand.

  • Receive personal recommendations based on your LinkedIn profile.

  • Stream courses from your computer or mobile device.

  • Take courses for every level – beginner to advanced.

  • Practice while you learn with quizzes, exercise files, and coding windows.

  • Provide learning for your team or entire organization, with an easy to use experience for managing users, curating content and measuring engagement

For businesses with 150+ licenses Request Office 365 onboarding assistance from FastTrack

You can request remote and personalized assistance with onboarding. Our FastTrack engineers will help you plan your Office 365 project, assess your technical environment, provide remediation guidance, and provide user adoption assistance. For businesses with at least 500 licenses, Microsoft also provides personalized assistance to migrate data to Office 365.

See the FastTrack Center Video: http://aka.ms/meetfasttrack

Get started today: http://fasttrack.microsoft.com

Tip: Businesses with 1-149 licenses still have access to FastTrack guidance via links in the Admin Center and also available at https://aka.ms/setupguidance.

Learn how to keep your users secure and up to date by configuring cloud identity and authentication with Azure AD and Office 365, and enterprise-level mobile device management with Intune. This course covers key topics related to the administration of these services, including users, groups, policies, and roles, and maps to the related domain of Microsoft's Cloud Fundamentals certification exam (98-369). It's ideal for IT professionals responsible for their company's cloud operations as well as those pursuing certification for the first time. Follow along with Andrew Bettany as he covers creating user groups within both Office 365 and Intune, assigning administrative roles, and configuring mobile device management.

Topics include:

  • Understanding cloud identity and authentication

  • Managing Office 365 users and groups

  • Assigning administrative roles

  • Configuring password expiration policy

  • Exploring Service Health for Office 365 and Intune

  • Managing users and devices in Intune

  • Deploying Intune clients

  • Setting up mobile device management

  • Managing Intune policies

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.