Administering your Azure AD directory
Published: April 16, 2012
Updated: February 28, 2014
Applies To: Office 365, Windows Azure, Windows Intune
|This topic provides online help content for cloud services, such as Windows Intune and Office 365, which rely on Windows Azure Active Directory for identity and directory services.|
Windows Azure Active Directory provides the core directory and identity management capabilities behind most of Microsoft’s cloud services. These services include, but are not limited to:
Microsoft Office 365
Microsoft Dynamics CRM Online
As an administrator of one or more Microsoft cloud service subscriptions, you can either use the Windows Azure Management Portal, the Windows Intune account portal, or the Office 365 account portal to manage your organizations tenant data. You can also use the downloadable Windows Azure Active Directory Module for Windows PowerShell cmdlets to help you manage your tenant data stored in Windows Azure AD. For more information about your tenant, see What is an Azure AD tenant?.
From either of these portals (or cmdlets), you can:
Create and manage user and group accounts
Manage related cloud service(s) your organization subscribes to
Set up on-premises integration with your directory service
The Windows Azure Management Portal, Office 365 account portal, Windows Intune account portal and the cmdlets all read from and write to a single shared instance of Windows Azure AD that is associated with your organization’s tenant, as shown in the following illustration. In this way, portals (or cmdlets) act as a front-end interface that pull in and/or modify your tenant data.
The above listed account portals and the associated Windows PowerShell cmdlets used for Windows Azure AD to manage users and your subscription, are built on top of the Windows Azure AD platform.
|When you make a change to your organizations data using any of the portals (or cmdlets) shown in the illustration above while signed in under the context of one of these services, it is important you understand that this change will also be shown in either of the other portals the next time you sign-in under the context of that service because this data is shared across the services you are subscribed to in your tenant. For example, if you used the Office 365 account portal to block a user from signing in, that action will block the user from signing in to any other service that your organization is currently subscribed to, and if you were to then pull up that same users account under the context of the Windows Intune account portal you will see that the user is blocked.|
The Windows Azure Management Portal is typically used to manage the services associated with your Windows Azure subscription. One of the newer Windows Azure services that you can use for identity management and directory tenant capabilities is the Active Directory service. If you are an administrator, you can manage these capabilities by clicking on Active Directory in the left-nav of the Management Portal.
If you have an existing Windows Azure subscription using your Microsoft account, you can also use the Management Portal to create, and later manage your new directory tenant. To create a new directory tenant associated with your Microsoft account by using the Management Portal, click Active Directory, click Create, and then specify your Domain Name, Country, and Organization Name that you want to use.
If you don’t have an existing Windows Azure subscription, you can Sign up for Windows Azure as an organization, so that you can begin using the Windows Azure Management Portal to create, distribute and manage user accounts and other identity management capabilities for use by your organization. When you sign up for Windows Azure as an organization, a directory tenant is created for you automatically based on the value of the Organization Name field used during sign up.
You can use an account portal to manage your Office 365 or Windows Intune subscription and specify the users who can access its various services. From the account portal, you can perform tasks such as manually adding user accounts and security groups, setting up and managing service settings, checking service status, and accessing online Help.
Windows Azure AD currently supports front-end access to your organizations subscription data using one or more of the following account portals, depending on whether you are subscribed to their corresponding service:
Office 365 account portal
Windows Intune account portal
Users can also access these account portals but only to change their password or to access the various services for which they have been assigned licenses.
Despite which method you use to manage your tenant, you can assign different types of administrators to performing various tasks such as creating and editing users, managing billing operations, and resetting passwords. Global administrators grant permissions to different administrators within your organization based on the administrator role. For more information, see Assigning administrator roles.
In addition to performing specific tasks related to their role, we recommend that all administrators have experience in the following areas:
Knowledge of the organization’s IT environment, network, and Internet connectivity
Experience supporting and administering operating systems and applications for personal computers
Experience providing user assistance or training
Ability to troubleshoot user issues
The following are examples of potential administrator responsibilities:
Create, change, or delete user accounts
Monitor service licenses and service health
Resolve user issues with email and other services
Manage sites and site collections
Pay subscription fees
Migrate from the existing organizations environment to the cloud
Train and support workers on how to use cloud services
Escalate issues to Microsoft Support
ConceptsSimilarities between Active Directory and Azure AD
Other ResourcesWhat is Windows Azure Active Directory?