Active Directory (AD) is Microsoft’s directory service for centrally managing user accounts, groups, computers, and access policies in Windows networks. The cloud variant is called Microsoft Entra ID (formerly Azure AD).
Within an ISMS, Active Directory typically forms the backbone of access control. ISO 27001 Annex A controls A.5.15 (Access Control), A.5.16 (Identity Management), and A.8.2 (Privileged Access Rights) require that permissions are granted traceably and reviewed regularly — AD is the system where most organizations implement these requirements operationally. Group Policy Objects (GPOs) enforce password rules, screen locks, and software restrictions. Regular reviews of AD group memberships are among the most common audit evidence items.