Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for March 2023:
What's Planned
Number Matching for Microsoft Authenticator notifications General Availability
Service category: Microsoft Authenticator App
Product capability: User Authentication
Microsoft Authenticator app’s number matching feature has been generally available since November 2022! If admins haven't already used the rollout controls (via Azure portal Admin UX and MSGraph APIs) to smoothly deploy number matching for users of Microsoft Authenticator push notifications, Microsoft highly encourages admins to do so. Microsoft previously announced that the admin controls will be removed and the number match experience will be enforced tenant-wide for all users of Microsoft Authenticator push notifications starting February 27, 2023. After listening to organizations, Microsoft has extended the availability of the rollout controls for a few more weeks. Admins can continue to use the existing rollout controls until May 8, 2023, to deploy number matching in their organizations. Microsoft services will start enforcing the number matching experience for all users of Microsoft Authenticator push notifications after May 8, 2023. Microsoft will also remove the rollout controls for number matching after that date.
If organizations don’t enable number match for all Microsoft Authenticator push notifications prior to May 8, 2023, Authenticator users may experience inconsistent sign-ins while the services are rolling out this change. To ensure consistent behavior for all users, Microsoft highly recommends admins enable number match for Microsoft Authenticator push notifications in advance.
IPv6 coming to Azure AD Public Preview
Service category: Identity Protection
Product capability: Platform
Earlier, Microsoft announced its plan to bring IPv6 support to Azure AD, enabling organization to reach the services over IPv4, IPv6 or dual stack endpoints. This is just a reminder that Microsoft has started introducing IPv6 support into Azure AD services in a phased approach in late March 2023.
If admins utilize Conditional Access or Identity Protection, and have IPv6 enabled on any of the organization's devices, admins likely must take action to avoid impacting users. For most organizations, IPv4 won't completely disappear from their digital landscape, so Microsoft isn't planning to require IPv6 or to deprioritize IPv4 in any Azure AD features or services.
Modernizing Terms of Use Experiences
Service category: Terms of use
Product capability: Authorization and Access Delegation
Starting July 2023, Microsoft is modernizing the following Terms of Use end user experiences with an updated PDF viewer, and moving the experiences from https://account.activedirectory.windowsazure.com to https://myaccount.microsoft.com:
- View previously accepted terms of use
- Accept or decline terms of use as part of the sign-in flow
No functionalities will be removed. The new PDF viewer adds functionality and the limited visual changes in the end-user experiences will be communicated in a future update. If your organization has allow-listed only certain domains, you must ensure your allowlist includes the domains ‘myaccount.microsoft.com’ and ‘*.myaccount.microsoft.com’ for Terms of Use to continue working as expected.
What's New
Workload identity Federation for Managed Identities General Availability
Service category: Managed identities for Azure resources
Product capability: Developer Experience
Workload Identity Federation enables developers to use managed identities for their software workloads running anywhere and access Azure resources without needing secrets. Key scenarios include:
- Accessing Azure resources from Kubernetes pods running in any cloud or on-premises
- GitHub workflows to deploy to Azure, no secrets necessary
- Accessing Azure resources from other cloud platforms that support OIDC, such as Google Cloud Platform.
Converged Authentication Methods General Availability
Service category: Multi-factor Authentication (MFA)
Product capability: User Authentication
The Converged Authentication Methods Policy enables admins to manage all authentication methods used for multi-factor authentication (MFA) and Self-service Password Reset (SSPR) in one policy, migrate off the legacy MFA and SSPR policies, and target authentication methods to groups of users instead of enabling them for all users in your tenant.
Provisioning Insights Workbook General Availability
Service category: Provisioning
Product capability: Monitoring & Reporting
The new Provisioning Insights workbook makes it easier to investigate and gain insights into provisioning workflows in a given Azure AD tenant. This includes HR-driven provisioning, cloud sync, app provisioning, and cross-tenant sync.
Some key questions this workbook can help answer are:
- How many identities have been synced in a given time range?
- How many create, delete, update, or other operations were performed?
- How many operations were successful, skipped, or failed?
- What specific identities failed? And what step did they fail on?
- For any given user, what tenants / applications were they provisioned or deprovisioned to?
Microsoft cloud settings for Azure AD B2B General Availability
Service category: Business to Business (B2B)
Product capability: Business to Business (B2B) / Business to Consumer (B2C)
Microsoft cloud settings let organizations collaborate with organizations from different Microsoft Azure clouds. With Microsoft cloud settings, admins can establish mutual business to business (B2B) collaboration between the following clouds:
- Microsoft Azure commercial and Microsoft Azure Government
- Microsoft Azure commercial and Microsoft Azure China 21Vianet
Customize tokens with Custom Claims Providers Public Preview
Service category: Authentications (Logins)
Product capability: Extensibility
A custom claims provider lets admins call an application programming interface (API) and map custom claims into the token during the authentication flow. The API call is made after the end user has completed all their authentication challenges, and a token is about to be issued to the app.
New provisioning connectors in the Azure AD Application Gallery Public Preview
Service category: App Provisioning
Product capability: 3rd Party Integration
Microsoft has added the following new applications in the Azure AD App gallery with Provisioning support. Admins can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
What's Changed
New My Groups Experience Public Preview
Service category: Group Management
Product capability: End User Experiences
A new and improved My Groups experience is now available at https://www.myaccount.microsoft.com/groups. My Groups enables end users to easily manage groups, such as finding groups to join, managing groups they own, and managing existing group memberships. Based on feedback, the new My Groups supports sorting and filtering on lists of groups and group members, a full list of group members in large groups, and an actionable overview page for membership requests. This experience replaces the existing My Groups experience at https://www.mygroups.microsoft.com in May 2023.