Identity and access management

Provide users with single sign-on for access to all their corporate resources and manage those identities across your datacenter and in the cloud with powerful identity and access management capabilities.

Learn about the Azure Active Directory cloud identity and access management solutionsLearn about the Windows Server 2012 R2 access and information protection solutionsLearn about Forefront Identity Manager
Hybrid Identity helps make users more productive

With the proliferation of consumer devices in the corporate world and the ease of adoption that cloud-based SaaS applications offer, maintaining control of users’ access to applications across both internal datacenters and cloud platforms has become a significant challenge.

Microsoft has a rich history in identity management through Windows Server Active Directory and Forefront Identity Manager, and now it’s expanded to include cloud-based identity and access management solutions on Azure Active Directory, providing our customers with a powerful set of identity and access management solutions.

Enhance productivity with self-service and single sign-on experiences

You can make users more productive by providing them each with a single identity to use no matter what they are accessing, whether they are working in the office, working remotely, or connecting to a cloud-based SaaS application. Having a single username and password to remember makes for happy users.

By providing users with self-service solutions to perform tasks such as resetting their password when they forget, or creating and managing their own groups for collaboration and access to resources, you enable them to work autonomously and focus on their jobs, reducing support costs and unproductive downtime.

Manage and control access to all corporate resources

Of course, IT needs to retain control of all that information and access to applications and resources across the corporate datacenter and into the cloud.

For authentication, we provide solutions for identity sync and federation to create a single identity for each user, as well as the ability to enforce additional levels of user validation, such as multi-factor authentication. We also enable conditional access polices, such as device registration.

And we help customers understand usage patterns and identify potential security issues with reporting and alerting. We also provide risk mitigation, such as monitoring for inconsistent access patterns.


  • Create and manage a single identity for each user across all your datacenter-based directories, keeping attributes in sync and providing self-service and single sign-on for users
  • Sync user identities between your datacenter directories and Azure Active Directory for a single identity across all corporate resources in the datacenter and cloud
  • Leverage identity federation to maintain all authentication against your datacenter-based directory
  • Provide single sign-on access to hundreds of cloud-based SaaS applications
  • Enforce strong authentication to sensitive applications and information with conditional access policies and multi-factor authentication
  • Keep users productive with self-service password reset and group management for both datacenter- and cloud-based directories