SALES: 1-800-867-1380

Administering your Azure AD directory

Published: April 16, 2012

Updated: May 7, 2014

Applies To: Azure, Office 365, Windows Intune

noteNote
This topic provides online help content for cloud services, such as Windows Intune and Office 365, which rely on Microsoft Azure Active Directory for identity and directory services.

Azure Active Directory (AD) provides the core directory and identity management capabilities behind most of Microsoft’s cloud services. These services include, but are not limited to:

  • Azure

  • Microsoft Office 365

  • Microsoft Dynamics CRM Online

  • Windows Intune

As an administrator of one or more Microsoft cloud service subscriptions, you can either use the Azure Management Portal, the Windows Intune account portal, or the Office 365 Admin Center to manage your organizations directory data. You can also use the downloadable Microsoft Azure Active Directory Module for Windows PowerShell cmdlets to help you manage data stored in Azure AD. For more information about your directory, see What is an Azure AD directory?.

From either of these portals (or cmdlets), you can:

  • Create and manage user and group accounts

  • Manage related cloud service(s) your organization subscribes to

  • Set up on-premises integration with your directory service

The Azure Management Portal, Office 365 Admin Center, Windows Intune account portal and the cmdlets all read from and write to a single shared instance of Azure AD that is associated with your organization’s directory, as shown in the following illustration. In this way, portals (or cmdlets) act as a front-end interface that pull in and/or modify your directory data.

How portals work with Windows Azure AD

The above listed account portals and the associated Azure AD PowerShell cmdlets used to manage users and groups are built on top of the Azure AD platform.

CautionCaution
When you make a change to your organizations data using any of the portals (or cmdlets) while signed in under the context of one of these services, the change will also be shown in the other portals the next time you sign-in under the context of that service because this data is shared across the Microsoft cloud services you are subscribed to.

For example, if you used the Office 365 Admin Center to block a user from signing in, that action will block the user from signing in to any other service that your organization is currently subscribed to. If you were to pull up that same user’s account under the context of the Windows Intune account portal you will see that the user is blocked.

The Azure Management Portal is typically used to manage the services associated with your Azure subscription. One of the newer Azure services that you can use for identity management and directory tenant capabilities is the Active Directory service. If you are an administrator, you can manage these capabilities by clicking Active Directory extension in the Management Portal.

If you have an existing Azure subscription using your Microsoft account, you can also use the Management Portal to manage your directory. To create a new directory in the Management Portal, click Active Directory, click Add, and then specify your Domain Name, Country, and Organization Name that you want to use.

If you don’t have an Azure subscription, you can Sign up for Azure as an organization, so that you can begin using the Azure Management Portal to create, distribute and manage user accounts and other identity management capabilities for use by your organization. When you sign up for Azure as an organization, a directory tenant is created for you automatically based on the value of the Organization Name field that you provide during sign up.

You can use an account portal to manage your Office 365 or Windows Intune subscription and specify the users who can access its various services. From the account portal, you can perform tasks such as manually adding user accounts and security groups, setting up and managing service settings, checking service status, and accessing online Help.

Azure AD currently supports front-end access to your organizations subscription data using one or more of the following account portals, depending on whether you are subscribed to their corresponding service:

  • Office 365 account portal

  • Windows Intune account portal

Users can also access these account portals but only to change their password or to access the various services for which they have been assigned licenses.

Currently when you sign up for either Windows Intune or Office 365 services you have the ability to assign service-specific licenses to users in that service’s account portal. This means that if you were to eventually add both services to the same directory at some point, you will need to go to the Windows Intune account portal to manage Windows Intune licenses and Office 365 licenses will need to be managed separately within the Office 365 account portal.

In some situations, you may not be able to delete any user account that had been previously assigned a license from within the context of a different service. To delete user accounts in this case, you would need to sign out of the account portal you were using at the time of the deletion attempt, sign in to the appropriate account portal where the license was first assigned, remove the associated licenses, and then try to delete the user again.

You can use the Azure Active Directory Module for Windows PowerShell cmdlets to accomplish many Azure AD tenant-wide administrative tasks. For more information, see Manage Azure AD using Windows PowerShell.

Despite which method you use to manage your directory, you can assign different types of administrators to performing various tasks such as creating and editing users, managing billing operations, and resetting passwords. Global administrators grant permissions to different administrators within your organization based on the administrator role. For more information, see Assigning admin roles.

In addition to performing specific tasks related to their role, we recommend that all administrators have experience in the following areas:

  • Knowledge of the organization’s IT environment, network, and Internet connectivity

  • Experience supporting and administering operating systems and applications for personal computers

  • Experience providing user assistance or training

  • Ability to troubleshoot user issues

The following are examples of potential administrator responsibilities:

  • Create, change, or delete user accounts

  • Monitor service licenses and service health

  • Manage passwords

  • Resolve user issues with email and other services

  • Manage sites and site collections

  • Pay subscription fees

  • Migrate from the existing organizations environment to the cloud

  • Train and support workers on how to use cloud services

  • Escalate issues to Microsoft Support

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft