diff --git a/src/EPR.Calculator.Frontend/EPR.Calculator.Frontend.csproj b/src/EPR.Calculator.Frontend/EPR.Calculator.Frontend.csproj
index 224e755..2416566 100644
--- a/src/EPR.Calculator.Frontend/EPR.Calculator.Frontend.csproj
+++ b/src/EPR.Calculator.Frontend/EPR.Calculator.Frontend.csproj
@@ -24,8 +24,12 @@
 		<PackageReference Include="Microsoft.AspNetCore.Mvc.Localization" Version="2.2.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.6" />
 		<PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="8.0.6" />
+		<PackageReference Include="Microsoft.Identity.Web" Version="3.1.0" />
+		<PackageReference Include="Microsoft.Identity.Web.UI" Version="3.1.0" />
+		<PackageReference Include="Microsoft.Identity.Web.Diagnostics" Version="3.1.0" />
+		<PackageReference Include="Microsoft.Identity.Web.DownstreamApi" Version="3.1.0" />
 		<PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.20.1" />
-		<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.3" />
+		<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.5" />
 	</ItemGroup>
 
 	<ItemGroup>
diff --git a/src/EPR.Calculator.Frontend/Program.cs b/src/EPR.Calculator.Frontend/Program.cs
index 5a34682..c636f75 100644
--- a/src/EPR.Calculator.Frontend/Program.cs
+++ b/src/EPR.Calculator.Frontend/Program.cs
@@ -1,7 +1,29 @@
-var builder = WebApplication.CreateBuilder(args);
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc.Authorization;
+using Microsoft.Identity.Web;
+using Microsoft.Identity.Web.UI;
+
+var builder = WebApplication.CreateBuilder(args);
+
+IEnumerable<string>? initialScopes = builder.Configuration["DownstreamApi:Scopes"]?.Split(' ');
+builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration, "AzureAd")
+    .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
+        .AddDownstreamApi("DownstreamApi", builder.Configuration.GetSection("DownstreamApi"))
+        .AddInMemoryTokenCaches();
+
+// </ms_docref_add_msal>
+
+// <ms_docref_add_default_controller_for_sign-in-out>
+builder.Services.AddRazorPages().AddMvcOptions(options =>
+{
+    var policy = new AuthorizationPolicyBuilder()
+                  .RequireAuthenticatedUser()
+                  .Build();
+    options.Filters.Add(new AuthorizeFilter(policy));
+}).AddMicrosoftIdentityUI();
 
 // Add services to the container.
-builder.Services.AddControllersWithViews();
+builder.Services.AddControllersWithViews().AddMicrosoftIdentityUI();
 
 builder.Services.AddDistributedMemoryCache();
 
@@ -36,6 +58,8 @@
 
 app.UseAuthorization();
 
+app.UseAuthentication();
+
 app.MapControllerRoute(
     name: "default",
     pattern: "{controller=Dashboard}/{action=Index}");
diff --git a/src/EPR.Calculator.Frontend/Views/Dashboard/Index.cshtml b/src/EPR.Calculator.Frontend/Views/Dashboard/Index.cshtml
index ef58dae..b62d41e 100644
--- a/src/EPR.Calculator.Frontend/Views/Dashboard/Index.cshtml
+++ b/src/EPR.Calculator.Frontend/Views/Dashboard/Index.cshtml
@@ -13,8 +13,8 @@
     </div>
     <div class="govuk-grid-column-one-quarter govuk-body-s govuk-!-margin-top-4">
         <div class="account-info">
-            <span class="your-name" id="bannerUserName">Jamie Roberts</span>
-            <a class="account-link" href="details" id="signout-link">Sign out</a>
+            <span class="your-name" id="bannerUserName">@User?.Identity?.Name</span>
+            <a asp-controller="Account" asp-action="Signout" asp-area="MicrosoftIdentity" class="account-link">Sign out</a>
         </div>
     </div>
 </div>
diff --git a/src/EPR.Calculator.Frontend/Views/Shared/_Layout.cshtml b/src/EPR.Calculator.Frontend/Views/Shared/_Layout.cshtml
index 6b9db0d..b4c2465 100644
--- a/src/EPR.Calculator.Frontend/Views/Shared/_Layout.cshtml
+++ b/src/EPR.Calculator.Frontend/Views/Shared/_Layout.cshtml
@@ -65,7 +65,7 @@
 
         <main class="govuk-main-wrapper govuk-!-padding-top-4" id="main-content" role="main">
             @RenderBody()
-
+            <partial name="_LoginPartial" />
         </main>
     </div>
 
diff --git a/src/EPR.Calculator.Frontend/Views/Shared/_LoginPartial.cshtml b/src/EPR.Calculator.Frontend/Views/Shared/_LoginPartial.cshtml
new file mode 100644
index 0000000..ff386ac
--- /dev/null
+++ b/src/EPR.Calculator.Frontend/Views/Shared/_LoginPartial.cshtml
@@ -0,0 +1,19 @@
+@using System.Security.Principal
+
+<ul class="navbar-nav">
+    @if (User.Identity?.IsAuthenticated == true)
+    {
+        <li class="nav-item">
+            <span class="navbar-text text-dark">Hello @User.Identity?.Name!</span>
+        </li>
+        <li class="nav-item">
+            <a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignOut">Sign out</a>
+        </li>
+    }
+    else
+    {
+        <li class="nav-item">
+            <a class="nav-link text-dark" asp-area="MicrosoftIdentity" asp-controller="Account" asp-action="SignIn">Sign in</a>
+        </li>
+    }
+</ul>
diff --git a/src/EPR.Calculator.Frontend/Views/Shared/_LoginPartial.cshtml.cs b/src/EPR.Calculator.Frontend/Views/Shared/_LoginPartial.cshtml.cs
new file mode 100644
index 0000000..36dece1
--- /dev/null
+++ b/src/EPR.Calculator.Frontend/Views/Shared/_LoginPartial.cshtml.cs
@@ -0,0 +1,12 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace EPR.Calculator.Frontend.Views.Shared
+{
+    public class _LoginPartialModel : PageModel
+    {
+        public void OnGet()
+        {
+        }
+    }
+}
diff --git a/src/EPR.Calculator.Frontend/appsettings.Development.json b/src/EPR.Calculator.Frontend/appsettings.Development.json
index 253d9fa..45a715e 100644
--- a/src/EPR.Calculator.Frontend/appsettings.Development.json
+++ b/src/EPR.Calculator.Frontend/appsettings.Development.json
@@ -1,4 +1,24 @@
 {
+  "AzureAd": {
+    "Instance": "https://login.microsoftonline.com/",
+    "TenantId": "6f504113-6b64-43f2-ade9-242e05780007",
+    "ClientId": "Enter the client ID obtained from the Microsoft Entra admin center",
+    "ClientCertificates": [
+      {
+        "SourceType": "StoreWithThumbprint",
+        "CertificateStorePath": "CurrentUser/My",
+        "CertificateThumbprint": "Enter the certificate thumbprint obtained the Microsoft Entra admin center"
+      }
+    ],
+    "CallbackPath": "/signin-oidc"
+  },
+  "DownstreamApi": {
+    "BaseUrl": "https://graph.microsoft.com/v1.0/",
+    "RelativePath": "me",
+    "Scopes": [
+      "user.read"
+    ]
+  },
   "Logging": {
     "LogLevel": {
       "Default": "Information",