Yes - Edge can make authorization decisions based on tokens, specifically JWT, that are issued by Windows Azure Active Directory.

The typical way an app would get such a token would be through OpenID Connect, which is supported with WAAD. Once the app has the JWT, it presents the JWT to Edge with each call. Edge can verify the signature on the JWT and then read and use the scope, audience, iat, etc (all other claims) to make decisions. I Described ad demonstrated this in a presentation at ILoveAPIs 2015 in SJ, and then reprised that talk in a webcast here. Here is the original announcement of the webcast .

And you can get the working code on github.

Another option is to have the app present a JWT to Edge, which will then create an opaque oauth token and hand that back to the app. The advantage here is that validating the opaque oauth token on subsequent calls will be slightly more efficient. Validating the JWT requires verifying a signature done with a Public/private keypair. Validating an opaque token just involves a database lookup, which is fast.

Of course you could cache either kind of token for improved performance. This will matter really, only at very high scale. In my tests it takes <4ms now to verify a signature, and less than that to verify an opaque oauth token.

let me know if you have more questions.