Azure Active Directory (AAD)
Overview
Azure AD is Microsoft’s cloud-based identity and access management service. It enables secure access to resources and supports SSO, MFA, and conditional access.
Real-life Use Cases
Cloud Architect: Design secure, multi-tenant authentication for SaaS apps.
DevOps Engineer: Automate user and group provisioning for CI/CD pipelines.
Terraform Example
resource "azuread_group" "devops" {
display_name = "DevOps Team"
}
Bicep Example
resource aadGroup 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(resourceGroup().id, 'DevOps Team')
properties: {
roleDefinitionId: 'role-guid'
principalId: 'user-guid'
}
}
Azure CLI Example
az ad group create --display-name "DevOps Team" --mail-nickname devops
Best Practices
Use conditional access policies.
Enable MFA for all users.
Common Pitfalls
Over-permissioned service principals.
Not monitoring sign-in logs.
Joke: Why did the Azure AD user get locked out? Too many conditional relationships!
Last updated