Azure Active Directory documentation

Use Azure Active Directory (Azure AD), part of Microsoft Entra, to manage user identities and control access to your apps, data, and resources.

Overview

Concept

Concept

Security and Zero Trust

Microsoft Learn

Architecture Center

Microsoft Graph

Manage user identities

Fundamentals

Learn basic Azure Active Directory (Azure AD) concepts and processes.

Enterprise users

Create Azure AD tenants, manage user accounts, roles, and groups, and assign app access.

Roles

Manage admin permissions and apply the principle of least privilege using Azure AD role-based access control.

Manage just-in-time role assignments to limit access to secure information and resources.

Collaborate with partners using their own external identities (B2B).

Customers (B2C)

Manage customer identity and access management (CIAM) for your app.

Hybrid identity

Create a user identity that can access both on-premises and cloud resources by using Azure AD Connect.

Conditional Access

Control access to resources by enforcing policies based on user, location, device, and more.

Authentication

Configure sign-in methods and security features like self-service password reset, MFA, and more.

Device identity

Develop, add, or connect an app to Azure AD and manage access.

Build your app on the Microsoft identity platform and use Azure AD as your authentication service.

Managed identities

Create an application identity that can connect to resources using Azure AD authentication.

Domain services

Move legacy apps to managed domains in the cloud while preserving user accounts, groups, and access.

Identity governance

Protect, monitor, and audit access to critical assets throughout the identity and access lifecycles.

Use logs and reports to determine usage of your apps and services, detect risks, and troubleshoot issues.