Azure Active Directory documentation

Use Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra, to manage user identities and control access to your apps, data, and resources.

Overview

What is Azure AD?

What's new

What's new in Azure AD?

Concept

Azure AD feature deployment guide

Get Started

Microsoft Entra

Security and Zero Trust

• Overview
• Best practices
• Security baseline for Azure AD
• Security operations guide
• Securing identity with Zero Trust
• Build apps with Zero Trust

Microsoft Learn

• Identity concepts
• Services and identity types
• Create users and groups
• Allow users to reset their password
• Secure access to your apps
• See more >

Architecture Center

• Get started
• Guides
• Architectures
• Solution ideas

Microsoft Graph

• Get started
• REST API reference
• Identity and access
• Graph PowerShell overview
• Graph PowerShell get started
• Migrate to Graph PowerShell

Manage user identities

Fundamentals

Learn basic Azure Active Directory (Azure AD) concepts and processes.

Enterprise users

Create Azure AD tenants, manage user accounts, roles, and groups, and assign app access.

Roles

Manage admin permissions and apply the principle of least privilege using Azure AD role-based access control.

Privileged Identity Management (PIM)

Manage just-in-time role assignments to limit access to secure information and resources.

External partners (B2B)

Collaborate with partners using their own external identities (B2B).

Customers (B2C)

Manage customer identity and access management (CIAM) for your app.

Cloud sync

Create and manage user identities in Azure AD using Azure AD Connect cloud sync.

Application provisioning

Create and manage user identities in applications by provisioning from Azure AD.

Hybrid identity

Create a user identity that can access both on-premises and cloud resources by using Azure AD Connect.

Multi-tenant organizations

Collaborate across tenants within your organization.

Control access

Conditional Access

Control access to resources by enforcing policies based on user, location, device, and more.

Authentication

Configure sign-in methods and security features like self-service password reset, MFA, and more.

Device identity

Register and join devices to Azure AD for device management and Conditional Access.

Identity Protection

Automatically identify and address identity risks in your organization.

Apps, data, and resources

Application management

Develop, add, or connect an app to Azure AD and manage access.

Microsoft identity platform

Build your app on the Microsoft identity platform and use Azure AD as your authentication service.

Managed identities

Create an application identity that can connect to resources using Azure AD authentication.

Domain services

Move legacy apps to managed domains in the cloud while preserving user accounts, groups, and access.

Third-party applications

Integrate cloud-enabled, software as a service (SaaS) apps with Azure AD.

Monitor and audit

Identity governance

Protect, monitor, and audit access to critical assets throughout the identity and access lifecycles.

Reports and monitoring

Use logs and reports to determine usage of your apps and services, detect risks, and troubleshoot issues.