diff --git a/modules/users/server/config/strategies/aad.js b/modules/users/server/config/strategies/aad.js
new file mode 100644
index 0000000..e8f5e13
--- /dev/null
+++ b/modules/users/server/config/strategies/aad.js
@@ -0,0 +1,42 @@
+'use strict';
+/**
+ * Module dependencies.
+ */
+var passport = require('passport'),
+    OIDCStrategy = require('passport-azure-ad').OIDCStrategy,
+    users = require('../../controllers/users.server.controller');
+module.exports = function (config) {
+  passport.use(new OIDCStrategy({
+      identityMetadata: 'https://login.microsoftonline.com/common/.well-known/openid-configuration',
+      clientID: config['azuread-openidconnect'].clientID,
+      responseType: 'id_token',
+      responseMode: 'form_post',
+      redirectUrl: process.env.AZUREAD_REPLY_URL,
+      allowHttpForRedirectUrl: (config.secure && config.secure.ssl === true) ? false : true,
+      clientSecret: config['azuread-openidconnect'].clientSecret,
+      validateIssuer: false,
+      isB2C: false,
+      issuer: null,
+      passReqToCallback: true,
+      scope: ['profile', 'email'],
+      loggingLevel: 'info',
+      nonceLifetime: null,
+      },
+      function(req, iss, sub, profile, done) {
+        // Create the user OAuth profile
+        var providerUserProfile = {
+          firstName: profile.name.givenName,
+          lastName: profile.name.familyName,
+          displayName: profile.displayName,
+          email: profile.upn,
+          username:  profile.upn,
+          upn: profile.upn,
+          provider: 'azuread-openidconnect',
+          providerIdentifierField: 'upn',
+          providerData: profile._json
+        };
+        // Save the user OAuth profile
+        users.saveOAuthUserProfile(req, providerUserProfile, done);
+      }
+  ));
+};