diff --git a/Gemfile b/Gemfile
index b7125830..68cd0cd0 100644
--- a/Gemfile
+++ b/Gemfile
@@ -38,6 +38,7 @@ gem 'bootsnap', '>= 1.1.0', require: false
 
 gem 'rspec-rails'
 gem 'omniauth'
+gem 'omniauth-azure-activedirectory'
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
diff --git a/Gemfile.lock b/Gemfile.lock
index d902c6d0..fa57a649 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -86,6 +86,7 @@ GEM
     jbuilder (2.7.0)
       activesupport (>= 4.2.0)
       multi_json (>= 1.2)
+    jwt (1.5.6)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -110,6 +111,9 @@ GEM
     omniauth (1.8.1)
       hashie (>= 3.4.6, < 3.6.0)
       rack (>= 1.6.2, < 3)
+    omniauth-azure-activedirectory (1.0.0)
+      jwt (~> 1.5)
+      omniauth (~> 1.1)
     pg (1.0.0)
     public_suffix (3.0.2)
     puma (3.11.4)
@@ -222,6 +226,7 @@ DEPENDENCIES
   jbuilder (~> 2.5)
   listen (>= 3.0.5, < 3.2)
   omniauth
+  omniauth-azure-activedirectory
   pg (>= 0.18, < 2.0)
   puma (~> 3.11)
   rails (~> 5.2.0)
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index df9d04e2..084d3f79 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -2,11 +2,13 @@ class SessionsController < ApplicationController
   skip_before_action :verify_authenticity_token, only: :create
 
   def create
-    session[:current_user] = {
-      name: auth_hash.info.name,
-      email: auth_hash.info.email
-    }
+    logger.info auth_hash
+    session[:current_user] = { name: auth_hash.info.name }
+    redirect_to root_path
+  end
 
+  def destroy
+    session.delete(:current_user)
     redirect_to root_path
   end
 
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index 63130f29..790ed305 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -13,8 +13,9 @@
     <p>
       <% if user_signed_in? %>
         You are logged in as <%= session[:current_user]['name'] %>
+        (<%= link_to 'Logout', logout_path, method: :delete %>)
       <% else %>
-        <%= link_to 'Login (developer)', '/auth/developer' %>
+        <%= link_to 'Login (AzureAD)', '/auth/azureactivedirectory' %>
       <% end %>
     </p>
 
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index b320bae3..17baa2f9 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,5 +1,7 @@
+require './lib/omniauth/strategies/azure_activedirectory.rb'
+
 OmniAuth.config.logger = Rails.logger
 
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :developer
+  provider :azure_activedirectory, ENV['AAD_CLIENT_ID'], ENV['AAD_TENANT']
 end
diff --git a/config/routes.rb b/config/routes.rb
index 78fbc6af..436732fa 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,5 +3,6 @@
 
   root 'stuffs#index'
 
+  delete '/logout', to: 'sessions#destroy'
   post '/auth/:provider/callback', to: 'sessions#create'
 end
diff --git a/lib/omniauth/strategies/azure_activedirectory.rb b/lib/omniauth/strategies/azure_activedirectory.rb
new file mode 100644
index 00000000..9d0b4805
--- /dev/null
+++ b/lib/omniauth/strategies/azure_activedirectory.rb
@@ -0,0 +1,5 @@
+# Until "Add missing require to azure_activedirectory.rb" PR [1] is added in, we
+# will manually have to include net/http for the Azure AD provider to be usable
+# [1] https://github.com/AzureAD/omniauth-azure-activedirectory/pull/31
+
+require 'net/http'