Azure Active Directory deployment plans

Use the following guidance to help deploy Azure Active Directory (Azure AD). Learn about business value, planning considerations, and operational procedures. You can use a browser Print to PDF function to create offline documentation.

Your stakeholders

When beginning your deployment plans, include your key stakeholders. Identify and document stakeholders, roles, responsibilities. Titles and roles can differ from one organization to another, however the ownership areas are similar.

Role Responsibility
Sponsor An enterprise senior leader with authority to approve and/or assign budget and resources. The sponsor is the connection between managers and the executive team.
End user The people for whom the service is implemented. Users can participate in a pilot program.
IT Support Manager Provides input on the supportability of proposed changes 
Identity architect or Azure Global Administrator Defines how the change aligns with identity management infrastructure
Application business owner  Owns the affected application(s), which might include access management. Provides input on the user experience.
Security owner Confirms the change plan meets security requirements
Compliance manager Ensures compliance with corporate, industry, or governmental requirements

RACI

RACI is an acronym derived from four key responsibilities:

  • Responsible
  • Accountable
  • Consulted
  • Informed

Use these terms to clarify and define roles and responsibilities in your project, and for other cross-functional or departmental projects and processes.

Authentication

Use the following list to plan for authentication deployment.

Applications and devices

Use the following list to help deploy applications and devices.

  • Single sign-on (SSO) - Enable user access to apps and resources while signing in once, without being required to enter credentials again:
  • My Apps portal - A web-based portal to discover and access applications. Enable user productivity with self-service, for instance requesting access to groups, or managing access to resources on behalf of others.
  • Devices - Evaluate device integration methods with Azure AD, choose the implementation plan, and more.

Hybrid scenarios

The following list describes features and services for productivity gains in hybrid scenarios.

Users

Governance and reporting

Use the following list to learn about governance and reporting. Items in the list refer to Microsoft Entra.

Learn more: Secure access for a connected world—meet Microsoft Entra

Learn more: Azure governance documentation

Best practices for a pilot

Use pilots to test with a small group, before making a change for larger groups, or everyone. Ensure each use case in your organization is tested.

Pilot: Phase 1

In your first phase, target IT, usability, and other users who can test and provide feedback. Use this feedback to gain insights on potential issues for support staff, and to develop communications and instructions you send to all users.

Pilot: Phase 2

Widen the pilot to larger groups of users by using dynamic membership, or by manually adding users to the targeted group(s).

Learn more: Dynamic membership rules for groups in Azure Active Directory