What’s New in Azure Active Directory for May 2018

Azure AD

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following new functionality for Azure Active Directory for May 2018:

     

What’s New

Graph APIs for administrative scenarios for Terms of use

Service category: Terms of Use
Product capability: Developer Experience

Microsoft has added Microsoft Graph APIs for administration operation of the Azure AD Terms of Use feature. You are now able to create, update and delete the Terms of Use object.

    

Add Azure AD multi-tenant endpoint as an identity provider in Azure AD B2C

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

Using custom policies, you can now add the Azure AD common endpoint as an identity provider in Azure AD B2C. This allows you to have a single point of entry for all Azure AD users that are signing into your applications.

    

Improvements to the B2B redemption experience and leave an org

Service category: B2B
Product capability: B2B/B2C

Three improvements have been made to Azure AD B2B feature:

  1. Just in time redemption
  2. Modern redemption experience
  3. Guest users can leave the org

    

Use Internal URLs to access apps from anywhere with the My Apps Sign-in Extension and the Azure AD Application Proxy

Service category: My Apps
Product capability: SSO

Users can now access applications through internal URLs even when outside your corporate network by using the My Apps Secure Sign-in Extension for Azure AD. This will work with any application that you have published using the Azure AD Application Proxy, on any browser that also has the Access Panel browser extension installed. The URL redirection functionality is automatically enabled once a user logs into the extension. The extension is available for download on Edge, Chrome, and Firefox.

    

Enterprise Applications Search – Load More Apps

Service category: Enterprise Apps
Product capability: SSO

Microsoft has added the ability to load more applications in your enterprise applications all applications list. This helps when you’re having trouble finding applications and/or security principals. By default, 20 applications are shown. Admins can now click load more to view additional applications.

    

View legacy authentications through Sign-ins activity logs

Service category: Reporting
Product capability: Monitoring & Reporting

With the introduction of a field called Client App in the Sign-in activity logs, Customers now can see users that are using legacy authentications. Customers will be able to access this information using the Sign-ins MS Graph API or through the Sign-in activity logs in Azure AD portal where you can use the Client App control to filter on legacy authentications.

     

New Federated Apps available in Azure AD App gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In May 2018, Microsoft has added the following 18 new apps in the Azure AD App gallery with Federation support:

    

New user provisioning SaaS app integrations

Service category: App Provisioning
Product capability: 3rd Party Integration

Azure AD allows you to automate the creation, maintenance and removal of user identities in SaaS applications such as Dropbox, Salesforce, ServiceNow and more. For May 2018, we have added user provisioning support for the following applications in the Azure AD app gallery:

   

Azure AD access reviews of groups and app access now provides recurring reviews

Service category: Access Reviews
Product capability: Governance

Access reviews of groups and apps is now generally available (GA) as part of Azure AD Premium P2. Administrators will be able to configure access reviews of group memberships and application assignments to automatically recur at regular intervals, such as monthly or quarterly.

   

Azure AD Activity logs (sign-ins and audit) are now available through Microsoft Graph

Service category: Reporting
Product capability: Monitoring & Reporting

Azure AD Activity logs, which, includes Sign-ins and Audit logs, are now available through MS Graph. We have exposed 2 end points through MS Graph to access these logs.

     

What’s Changed

Public Preview of new and improved Sign-ins User experience in Azure Portal  

Service category: Reporting
Product capability: Monitoring & Reporting

With the new Sign-ins User experience, customers now can get the following:

  • Improved latency from 2 hours to within 5 mins.
  • Ability to add filters dynamically using the “Columns” button. By adding columns to the Sign-in report in UX, you can automatically see them as filters for you to use.
  • Ability to sort by Date, User Name and Application.
  • Inclusion of legacy authentications and ability to filter for legacy authentications using the “Client App” column.
  • Inclusion of a downloadable PowerShell script which is customized based on the filter conditions you choose in the UX. With this PowerShell script, you can get as many rows of data as you want (based on your filter criteria) which will provide the output in a .csv format.

     

Azure AD access reviews: auto-apply

Service category: Access Reviews
Product capability: Governance

Access reviews of groups and apps are now generally available as part of Azure AD Premium P2. An administrator can configure to automatically apply the reviewer’s changes to that group or app as the access review completes. The administrator can also specify what happens to the user’s continued access if reviewers didn’t respond, remove access, keep access or take system recommendations.

    

ID tokens can no longer be returned using the query response_mode for new apps.

Service category: Authentications (Logins)
Product capability: User Authentication

Apps created on or after 4/25/2018 will no longer be able to request an id_token using the query response_mode. This brings Azure AD inline with the Open ID Connect (OIDC) specifications and helps reduce your apps’ attack surface.

   

Concluding

Not a technical change, but more of a legal change, is the advent of a Microsoft Docs page that details where data is stored for Azure Active Directory tenants in the North Europe and West Europe regions.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.