Azure Active Directory (AD) is a cloud-based identity and access management service from Microsoft. It allows organizations to manage user identities and access resources across a variety of devices and applications. With Azure AD, businesses can easily manage access to cloud and on-premises resources, as well as control access to applications and services from a single platform. The service also includes advanced features such as multi-factor authentication, conditional access, and self-service password reset. Azure AD integrates seamlessly with other Microsoft services such as Office 365, Dynamics 365, and Azure, making it an ideal solution for businesses that use these services. Overall, Azure AD is a powerful and versatile tool that helps organizations improve security and streamline access management.
Let’s start with Azure Active Directory setup:
Setting up Azure Active Directory
This article will provide instructions on setting up an Azure Account and setting up synchronization from on-premise Active Directory to the Azure Active Directory (AAD). It should be noted that this process should be discussed and performed by your experienced internal IT resource. There are many ways of going about this task. Some customers will already have Azure AD. If you’re using Microsoft Office 365 for example, you must already have Azure AD. Again, check with your IT resources to be sure.
NOTE: This is one of many steps for customers to meet 2015 CEHRT Requirements for Promoting Interoperability. To see the complete list of steps GO HERE
A current Active Directory Domain
A registered and publicly routable domain name (ie. example.com)
Your cell phone
A credit card (** you must supply a credit card for any/all azure services. AAD is free up to 500,000 objects)
A Microsoft account (create one here)
I. Sign up for Microsoft’s Azure Service
II. Add Azure Active Directory Services
III. Sync your on-premise AD to Azure AD
I. Sign up for Microsoft’s Azure Service here.
1. Start by clicking the green “Start Free” button
- Click ‘Start Free” again
- If you already have a Microsoft account, Login. Otherwise, you’ll need to create one.
- When you login, some of your details may be pre-populated for you. Complete the registration and click ‘Next’
- Follow the prompts to verify your account details. We used text messages.
- Although Azure AD is a free service, you’ll need to supply a valid credit card. (prepaid cards won’t do the trick). Once you’ve entered your card details, agree to the terms and conditions and click ‘Sign Up’
- After just a few seconds, your Azure account should be ready to go. You can log in to your Azure Tenant at https://Portal.azure.com
II. Login to your Azure Tenant at https://portal.azure.com and Add Azure Active Directory Services
1. In your Azure portal, click the green + sign in the upper right-hand corner. Search for “Azure Active Directory”
- Once selected, to the right of your search results, you can add Azure Active Directory by clicking the ‘Create’ button.
- Enter your Organization Name and your Initial Domain name and Click Create. Your Azure AD is now being created. It can take a minute or two.
- You now have an Azure Active Directory , but you’ll still want to add your domain. In the navigation pane of your Azure Portal, click the Azure AD icon
- Click on “Domain Names” or “Custom Domain Names”
- Click on “Add Custom Domain”
- Add your registered and routable domain name
- In order to use YourDomain.com you’ll need to create a new TXT record in your DNS with the provided information and be able to verify it. (This step will likely require IT assistance)
- Once your domain shows as Verified, Click on it, and set it to be your Primary Domain.
III. Sync your on-premise AD to Azure AD
Before proceeding, it is recommended that you determine if there is a need to update on-premise AD user’s UPNs (See: How to prepare a non-routable domain (such as a .local domain) for directory synchronization ) .
1. Download and install the Azure AD connect tool to an on-premise AD controller. (Download Link). We will present here the Express setup option. If you’re environment requires you to use the advanced options, expert IT resources should be consulted.
2. These steps were taken from Micorsoft’s Technet and can be found here as well. Now that AD Connect has been installed, Open the application.
3. Agree to the license terms, and click ‘Continue’ on the welcome page.
- Click ‘Use Express Settings’
- In this next step, you’ll enter in the credentials of the Global Admin account that was used to create your Azure tenant.
- Next, enter in credentials of an on-premise Administrator-level account and click ‘Next’
- You’ll now be presented with a summary page of your settings. Be sure to click the ‘Start the synchronization process as soon as the configuration completes” box.
- When your installation is complete, you will get a confirmation page. Now just wait a few minutes for your AD users to sync into your Azure AD.
- Login to your Azure tenant at https://portal.azure.com and navigate to Azure AD -> ALL USERS. Objects should begin to appear in your Azure AD as shown below.