Azure Active Directory® Plugin

What Does the Azure AD Plugin Do?

Azure Active Directory is a cloud-based directory service used for managing the access rights and identities of your Microsoft services, as well as external SaaS applications and other resources (via REST interfaces). To manage the AAD, you must use either the Azure Portal or PowerShell. However, with tenfold’s Azure AD plugin, you do not need either of these. tenfold is perfectly integrated with Azure AD, meaning that you can manage identities and access rights on premise and in the cloud centrally via tenfold’s intuitive user interface.

Regular Synchronization

Of course, you can still make changes directly in Azure AD. To ensure tenfold is always updated with these changes, the plugin regularly synchronizes tenfold with Azure Active Directory®.

Required License

System Requirements

For integration with Azure AD, the following requirements must be met:

  • tenfold must be set up as an app with the appropriate permissions.
  • Authentication requires a certificate.
  • The EXO2 modules must be installed on the tenfold computer (for the agent) (more information).


  • Assign licenses and apps
  • Remove licenses and apps
  • Block lists for certain license types and apps
  • Support for all group types: Office 365, Security, Mail-Enabled, Distribution and Teams.
  • Assign groups
  • Remove groups
  • Active guest accounts
  • Active guest accounts with Teams assignment
  • Deactivated Office 365 accounts with active license assignments

  • Automation: tenfold transmits changes to privileges and users automatically, which saves time because you no longer have to perform such tasks manually.

  • Reporting: At the click of a button, tenfold provides a clear overview of which users or groups have access to which privileges, or which privileges a specific user or group has access to. Learn more about tenfold’s reporting feature.

  • Profiles/Roles: Privileges can be grouped together with resources and privileges from other target systems and linked to organizational units. This way, privileges will be assigned and revoked to users and groups automatically, e.g. when users change departments. Learn more about roles.

  • Approval workflows: Both one-step and multi-step workflows are supported.

  • Recertification: Data owners can regularly review permissions for users and groups to ensure they are up to date and mark obsolete entries for removal. tenfold then removes flagged permissions automatically. Learn more about recertification with tenfold.

  • Auditing: Changes to permissions and groups are documented automatically. You can access historical data at any time and track which user or group had access to sensitive data. Learn more about change tracking.

  • Integration of data owners: Specify data owners whose job it is to look over certain privileges and who must approve requests as well as review privileges at regular intervals. Learn more about data owners in tenfold.