What's New in Azure Active Directory for February 2023

Reading Time: 4 minutes

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for February 2023:

 

What's Planned

New My Groups Experience Public Preview

Service category: My groups
Product capability: End User Experiences

Microsoft will be replacing the existing My Groups experience with the new and improved My Groups in mid-May 2023.

My Groups enables end users to easily manage groups, such as finding groups to join, managing groups they own, and managing existing group memberships. Based on customer feedback, Microsoft added:

  • sorting and filtering on lists of groups and group members,
  • a full list of group members in large groups, and
  • an actionable overview page for membership requests.

In May, users will no longer be able to access the existing My Groups and will need to adjust to the new experience. Today, end users can get the richer benefits of the new My Groups by proactively switching. Navigation between the old and new experiences is available via notification banners on each site. In May, the old experience will be retired. The previous URL (mygroups.microsoft.com) will redirect users to the new experience at myaccount.microsoft.com/groups.

 

System-preferred Multi-factor Authentication Public Preview

Service category: Multi-factor Authentication
Product capability: Identity Security and Protection

Today, various authentication methods are employed by users to provide varying levels of security. Depending on the situation, certain methods may be more secure than others, so it is important to have a range of options available to ensure the right level of security is provided.

The solution for this challenge from Microsoft is System-preferred authentication for MFA. With this setting enabled, the authentication platform evaluates at runtime which is the most secure method for the user of the methods the user has registered. This helps organizations move away from the erstwhile concept of the user selecting a default method and always being prompted for that method first, even when more secure methods are registered and available.

 

What's New

Follow Azure AD best practices with recommendations General Availability

Service category: Reporting
Product capability: Monitoring & Reporting

Azure AD recommendations help organizations improve the Azure AD tenant posture by surfacing opportunities to implement best practices. On a daily basis, Azure AD analyzes the configuration of the tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of the tenant. If a recommendation is flagged as applicable to the Azure AD tenant, the recommendation appears in the Recommendations tab on the Azure AD Overview pane.

This release includes the first 3 Azure AD recommendations:

  • Convert from per-user MFA to Conditional Access MFA
  • Migration applications from AD FS to AAD
  • Minimize MFA prompts from known devices

 

Expanding Privileged Identity Management Role Activation across the Azure portal General Availability

Service category: Privileged Identity Management
Product capability: Privileged Identity Management

Azure AD Privileged Identity Management (PIM) role activation has been expanded to the Billing and AD extensions in the Azure portal. Shortcuts have been added to Subscriptions (billing) and Access Control (IAM) (AD) to allow users to activate PIM roles directly from these blades.

From the Subscriptions blade, select View eligible subscriptions in the horizontal command menu to check eligible, active, and expired assignments. From there, admins can activate an eligible assignment in the same pane. In Access control (IAM) for a resource, admins can now select View my access to see currently active and eligible role assignments and activate directly. By integrating PIM capabilities into different Azure portal blades, this new feature allows admins to gain temporary access to view or edit subscriptions and resources more easily.

 

Conditional Access for Privileged Identity Management Public Preview

Service category: Privileged Identity Management
Product capability: Privileged Identity Management

Now admins can require delegated admins who are eligible for a role in Azure AD Privileged Identity Management (PIM) to satisfy Conditional Access policy requirements for activation:

  • Use a specific authentication method enforced through Authentication Strengths
  • Activate from Intune compliant device
  • Comply with Terms of Use
  • Use 3rd party MFA and satisfy location requirements

 

Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Azure AD App gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

 

Service category: Enterprise Apps
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Azure AD App gallery with Federation support:

  1. PROCAS
  2. Tanium Cloud SSO
  3. LeanDNA
  4. CalendarAnything LWC
  5. courses.work
  6. Udemy Business SAML
  7. Canva
  8. Kno2fy
  9. IT-Conductor
  10. ナレッジワーク(Knowledge Work)
  11. Valotalive Digital Signage Microsoft 365 integration
  12. Priority Matrix HIPAA
  13. Priority Matrix Government
  14. Beable
  15. Grain
  16. DojoNavi
  17. Global Validity Access Manager
  18. FieldEquip
  19. Peoplevine
  20. Respondent
  21. WebTMA
  22. ClearIP
  23. Pennylane
  24. VsimpleSSO
  25. Compliance Genie
  26. Dataminr Corporate
  27. Talon

 

What's Changed

More information on why a sign-in was flagged as unfamiliar General Availability

Service category: Identity Protection
Product capability: Identity Security & Protection

Unfamiliar sign-in properties risk detection now provides risk reasons as to which properties are unfamiliar for organizations to better investigate that risk. Azure AD Identity Protection now surfaces the unfamiliar properties in the Azure portal, the Entra Poral and through the Microsoft Graph API as Additional Info with a user-friendly description explaining that the following properties are unfamiliar for this sign-in of the given user.

There is no additional work to enable this feature, the unfamiliar properties will be shown by default.

Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at DirTeam.com and ServerCore.net. He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.