What’s New in Azure Active Directory for April 2018

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following new functionality for Azure Active Directory for April 2018:

What’s New

New federated apps available in Azure AD App gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In April 2018, Microsoft has added following 13 new apps in our App gallery with Federation support:


Test single sign-on configuration for SAML-based applications

Service category: Enterprise Apps
Product capability: SSO

When configuring SAML based SSO applications you are able to test the integration on the configuration page. If you encounter an error during sign-in, you can provide the error in the testing experience and Azure AD provides you with resolution steps to solve the specific issue.

Easy app configuration with metadata file or URL

Service category: Enterprise Apps
Product capability: SSO

On the Enterprise applications page, administrators can upload a SAML metadata file to configure SAML based sign-on for AAD Gallery and Non-Gallery application.

Additionally, you can use Azure AD application federation metadata URL to configure SSO with the targeted application.


Azure AD Terms of use now generally available

Service category: Terms of Use
Product capability: Compliance

Azure AD Terms of Use has moved from public preview to generally available (GA).

Azure AD Terms of Use now has per user reporting

Service category: Terms of Use
Product capability: Compliance

Administrators can now select a given Terms of Use (ToU) and see all the users that have consented to that Terms of Use (ToU) and what date and time it took place.


Azure AD Connect Health: Risky IP for AD FS extranet lockout protection

Service category: Other
Product capability: Monitoring & Reporting

Azure AD Connect Health now supports the ability to detect IP addresses that exceed a threshold of failed logins using username/password combinations on an hourly or daily basis. The capabilities provided by this feature are:

  • A comprehensive report showing IP address and the number of failed logins generated on an hourly/daily basis with a customizable threshold.
  • Email-based alerts showing when a specific IP address has exceeded the threshold of failed username/password logins on an hourly/daily basis.
  • A download option to do a detailed analysis of the data

Azure AD B2C Access Token are GA

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

You can now access web APIs secured by Azure AD B2C using access tokens. The feature is moving from public preview to GA. The UI experience to configure Azure AD B2C applications and web APIs has been improved, and other minor improvements were made.


Allow or block invitations to B2B users from specific organizations

Service category: B2B
Product capability: B2B/B2C

You can now specify which partner organizations you want to share and collaborate with in Azure AD B2B Collaboration. To do this, you can choose to create list of specific allow or deny domains. When a domain is blocked using these capabilities, employees can no longer send invitations to people in that domain.

This helps you to control access to your resources, while enabling a smooth experience for approved users.

This B2B Collaboration feature is available for all Azure Active Directory customers and can be used in conjunction with Azure AD Premium features like conditional access and identity protection for more granular control of when and how external business users sign in and gain access.


Grant B2B users in Azure AD access to your on-premises applications (public preview)

Service category: B2B
Product capability: B2B/B2C

As an organization that uses Azure Active Directory (Azure AD) B2B collaboration capabilities to invite guest users from partner organizations to your Azure AD, you can now provide these B2B users access to on-premises apps. These on-premises apps can use SAML-based authentication or Integrated Windows Authentication (IWA) with Kerberos constrained delegation (KCD).


What’s Changed

Get SSO integration tutorials from the Azure Marketplace

Service category: Other
Product capability: 3rd Party Integration

If an application that is listed in the Azure marketplace supports SAML based single sign-on (SSO), clicking Get it now provides you with the integration tutorial associated with that application.


Faster performance of Azure AD automatic user provisioning to SaaS applications

Service category: App Provisioning
Product capability: 3rd Party Integration

Previously, customers using the Azure Active Directory user provisioning connectors for SaaS applications (for example Salesforce, ServiceNow, and Box) could experience very slow performance if their Azure AD tenants contained over 100,000 combined users and groups, and they were using user and group assignments to determine which users should be provisioned.

On April 2nd, very significant performance enhancements were deployed to the Azure AD provisioning service that greatly reduce the amount of time needed to perform initial synchronizations between Azure Active Directory and target SaaS applications.

As a result, many customers that had initial synchronizations to apps that took many days or never completed, are now completing within a matter of minutes or hours.


Self-service password reset from Windows 10 lock screen for hybrid Azure AD joined machines

Service category: Self Service Password Reset
Product capability: User Authentication

Microsoft has updated the Windows 10 Self-Service Password Reset (SSPR) feature to include support for machines that are hybrid Azure AD joined. This feature is available in Windows 10 RS4. Users who are enabled and registered for self-service password reset can utilize this feature to reset their password from the lock screen of a Windows 10 machine.

One Response to What’s New in Azure Active Directory for April 2018


    Hi Sander,

    On the Official Microsoft doc about SSPR Login Screen, it’s explicitely mentioned that Hybrid AD Azure joined devices are supported.

    In my environment, it’s not working with a 1803 W10 device.

    Do you already test it ?


leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.