What’s New in Azure Active Directory for December 2017

AzureAD

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following new functionality for Azure Active Directory for December 2017:

 

What’s New

Review of Terms of use in the access panel

Service Category: Terms of Use
Product Capability: Governance/Compliance

End users now have the ability to go to access panel and view the terms of use that they have previously accepted.

 

Add configuration to require the TOU to be expanded prior to accepting.

Service Category: Terms of Use
Product Capability: Governance

Microsoft has now added an option for admins to require their end users to expand the terms of use prior to accepting the terms.

Select either on or off for Require users to expand the terms of use. If this is set to on, end users will be required to view the terms of use prior to accepting them.

 

New Azure AD sign-in experience

Service Category: Azure AD
Product Capability: User Authentication

As part of the journey to converge the Azure AD and Microsoft account identity systems, Microsoft has redesigned the UI on both systems so that they have a consistent look and feel. In addition, Microsoft has paginated the Azure AD sign-in page so that Microsoft collects the user name first, followed by the credential on a second screen.

 

Fewer login prompts: A new “Keep me signed in” experience for Azure AD login

Service Category: Azure AD
Product Capability: User Authentication

Microsoft has replaced the Keep me signed in checkbox on the Azure AD login page with a new prompt that shows up after the user successfully authenticates.

If a user responds Yes to this prompt, the service gives them a persistent refresh token. This is the same behavior as when the user checks the Keep me signed in checkbox in the old experience. For federated tenants, this prompt will show after the user successfully authenticates with the federated service.

 

Scoped activation for eligible role assignments

Service Category: Privileged Identity Management
Product Capability: Privileged Identity Management

Scoped activation allows you to activate eligible Azure resource role assignments with less autonomy than the original assignment defaults. Scoping your activation may reduce the possibility of executing unwanted changes to critical Azure resources.

 

New federated apps in Azure AD app gallery

Service Category: Enterprise Apps
Product Capability: 3rd Party Integration

In December 2017, Microsoft has added the following new apps in the App gallery with Federation support:

  • EFI Digital Storefront
  • Vodeclic
  • Accredible
  • FactSet
  • MobileIron Azure AD Integration
  • IMAGE WORKS
  • SAML SSO for Bitbucket by resolution GmbH
  • SAML SSO for Bamboo by resolution GmbH
  • Communifire
  • MOBI
  • Reflektive
  • CybSafe
  • WebHR
  • Zenegy Azure AD Integration
  • Adobe Experience Manager

 

What’s Changed

Pass-through Authentication – Skype for Business support

Service Category: Authentications (Logins)
Product Capability: User Authentication

Pass-through Authentication (PTA) now supports user sign-ins to Skype for Business client applications that support modern authentication, including Online and Hybrid topologies.

 

Approval workflows for Azure AD directory roles

Service Category: Privileged Identity Management
Product Capability: Privileged Identity Management

Approval workflow for Azure AD directory roles is generally available (GA).

With approval workflow, privileged role administrators can require eligible role members to request role activation before they can use the privileged role. Multiple users and groups may be delegated approval responsibilities. Eligible role members receive notifications when the approval is complete and their role is active.

 

Updates to Azure Active Directory Privileged Identity Management (PIM) for Azure RBAC (preview)

Service Category: Privileged Identity Management
Product Capability: Privileged Identity Management

With the Public Preview Refresh of Azure Active Directory Privileged Identity Management (PIM) for Azure RBAC, you can now:

  • Use Just Enough Administration (JEA)
  • Require approval to activate resource roles
  • Schedule a future activation of a role that requires approval for both AAD and Azure RBAC Roles

leave your comment