What’s New in Azure Active Directory for October 2017

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following new functionality for Azure Active Directory for October 2017:


What’s Planned

Deprecating Azure AD reports

Service Category: Reporting
Product Capability: Identity Lifecycle Management

The Azure portal provides you with:

  • A new Azure Active Directory administration console
  • New APIs for activity and security reports

Due to these new capabilities, the report APIs under the /reports endpoint will be retired on December 10, 2017.


What’s New

New Multi-Factor Authentication features

Service Category: Multi-Factor Authentication (MFA)
Product Capability: Identity Security & Protection

Multi-Factor authentication (MFA) is an essential part of protecting your organization. To make credentials more adaptive and the experience more seamless, the following features have been added:

  • Integration of multi-factor challenge results directly into the Azure AD sign-in report, including programmatic access to MFA results
  • Deeper integration of the MFA configuration into the Azure AD configuration experience in the Azure portal

With this public preview, MFA management and reporting are an integrated part of the core Azure AD configuration experience. Aggregating both features enables you to manage the MFA management portal functionality within the Azure AD experience.

terms of use

Type: New feature
Service Category: Terms of Use (ToU)
Product Capability: Governance

Azure AD terms of use provide you with a simple method to present information to end users. This ensures that users see relevant disclaimers for legal or compliance requirements.

You can use Azure AD terms of use in the following scenarios:

  • General terms of use for all users in your organization.
  • Specific terms of use based on a user’s attributes (ex. doctors vs nurses or domestic vs international employees, done by dynamic groups).
  • Specific terms of use for accessing high business impact apps, like Salesforce.


Enhancements to privileged identity management

Service Category: PIM
Product Capability: Privileged Identity Management

With Azure Active Directory Privileged Identity Management (PIM), you can now manage, control, and monitor access to Azure Resources (Preview) within your organization to:

  • Subscriptions
  • Resource groups
  • Virtual machines.

All resources within the Azure portal that leverage the Azure Role Based Access Control (RBAC) functionality can take advantage of all the security and lifecycle management capabilities Azure AD PIM has to offer.

access reviews

Type: New feature
Service Category: Access Reviews
Product Capability: Governance

Access reviews (preview) enable organizations to efficiently manage group memberships and access to enterprise applications:

  • You can recertify guest user access using access reviews of their access to applications and memberships of groups. The insights provided by the access reviews enable reviewers to efficiently decide whether guests should have continued access.
  • You can recertify employees access to applications and group memberships with access reviews.

You can collect the access review controls into programs relevant for your organization to track reviews for compliance or risk-sensitive applications.

Hiding third-party applications from My Apps and the Office 365 launcher

Service Category: My Apps
Product Capability: Single Sign-On

You can now better manage apps that show up on your user portals through a new hide app property. Hiding apps helps with cases where app tiles are showing up for backend services or duplicate tiles and end up cluttering user’s app launchers. The toggle is located on the properties section of the third-party app and is labeled Visible to user? You can also hide an app programmatically through PowerShell.

What’s Changed

Automatic sign-in field detection

Service Category: My Apps
Product Capability: Single Sign-On (SSO)

Azure Active Directory supports automatic sign-in field detection for applications that render an HTML username and password field. These steps are documented in How to automatically capture sign-in fields for an application. You can find this capability by adding a Non-Gallery application on the Enterprise Applications page in the Azure portal. Additionally, you can configure the Single Sign-on mode on this new application to Password-based Single Sign-on, entering a web URL, and then saving the page.

Due to a service issue, this functionality was temporarily disabled for a period of time. The issue has been resolved and the automatic sign-in field detection is available again.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.