Use the SAML module to implement SSO. That works out of the box with Azure AD. See also https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
I always use SAML tracer a plugin for Firefox to test but Azure also has some test wizard that can be used.
For further integration you need Graph: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart
I only looked at it because it might be interesting to create AD users out of Mendix.
You could implement the SAML SSO module:
I have recently done research on this for my clients. One thing to keep in mind is that your AzureAD version will determine if the implementation is currently possible. If you a have paid Premium P1 or P2 AzureAD subscription, you can follow the pointers provided by Ronald without issues. However, the default AzureAD that comes with Office365 seems to be a bit tricky at the moment:
Office365 subscriptions normally come with the “FREE” or “OFFICE 365 APPS” tier of AzureAD (versions link) . It supports SSO, but only platforms that have been registered in the “Azure AD App Gallery” can be used for SSO.
From what I gather, this listing is free of charge and the only requirement is that Mendix sends a request to Microsoft for getting listed. I have filed a ticket to Mendix Support for this which was unfortunately declined at this point but I am planning to keep following this up. As it stands you would require “Premium P1 or P2” subscription for AzureAD to the best of my knowledge.