What’s New in Azure Active Directory for March 2019

Azure Active Directory

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for March 2019:

        

What’s Planned

Updates to condition evaluation by Exchange ActiveSync (EAS) Breaking change

Service category: Conditional Access
Product capability: Access Control

Microsoft is in the process of updating how Exchange ActiveSync (EAS) evaluates the following conditions:

  • User location, based on country, region, or IP address
  • Sign-in risk
  • Device platform

If, as an admin, you’ve previously used these conditions in your Conditional Access policies, be aware that the condition behavior might change. For example, if you previously used the user location condition in a policy, you might find the policy now being skipped based on the location of your end-users.

            

What’s New

Identity Experience Framework and custom policy support in Azure Active Directory B2C Generally Available

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

Admins can now create custom policies in Azure AD B2C, including the following tasks, which are supported at-scale and under Microsoft’s Azure Service Level Agreement (SLA):

  • Create and upload custom authentication user journeys by using custom policies.
  • Describe user journeys step-by-step as exchanges between claims providers.
  • Define conditional branching in user journeys.
  • Transform and map claims for use in real-time decisions and communications.
  • Use REST API-enabled services in custom authentication user journeys. For example, with email providers, CRMs, and proprietary authorization systems.
  • Federate with identity providers who are compliant with the OpenIDConnect protocol. For example, with multi-tenant Azure AD, social account providers, or two-factor verification providers.

   

New Federated Apps available in Azure AD app gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In March 2019, Microsoft has added these 14 new apps with Federation support to the Azure AD App Gallery:

        

New Zscaler and Atlassian provisioning connectors in the Azure AD gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

Automate creating, updating, and deleting user accounts for the following apps with the new provisioning connectors from the Azure AD Gallery:

       

Restore and manage deleted Office 365 groups in the Azure AD portal

Service category: Group Management
Product capability: Collaboration

Admins can now view and manage deleted Office 365 groups from the Azure AD portal. This change helps them to see which groups are available to restore, along with letting them permanently delete any groups that aren’t needed by the organization.

        

Single sign-on for Azure AD SAML-secured on-premises apps through the Azure AD Application Proxy public preview

Service category: App Proxy
Product capability: Access Control

Admins can now provide a single sign-on (SSO) experience for on-premises, SAML-authenticated apps, along with remote access to these apps through the Azure AD Application Proxy.

       

Client apps in request loops will be interrupted to improve reliability and user experience

Service category: Authentications (Logins)
Product capability: User Authentication

Client apps can incorrectly issue hundreds of the same login requests over a short period of time. These requests, whether they’re successful or not, all contribute to a poor user experience and heightened workloads for the IDP, increasing latency for all users and reducing the availability of the Identity Provider (IdP).

     

What’s Changed

New Audit Logs user experience now available

Service category: Reporting
Product capability: Monitoring & Reporting

Microsoft has created a new Azure AD Audit logs page to help improve both readability and how admins search for information. To see the new Audit logs page, select Audit logs in the Activity section of Azure AD.

      

New warnings and guidance to help prevent accidental administrator lockout from misconfigured Conditional Access policies

Service category: Conditional Access
Product capability: Identity Security & Protection

To help prevent administrators from accidentally locking themselves out of their own tenants through misconfigured Conditional Access policies, Microsoft has created new warnings and updated guidance in the Azure portal.

Improved end-user Terms of use experiences on mobile devices

Service category: Terms of Use
Product capability: Governance

Microsoft has updated their existing Terms of Use (ToU) experiences to help improve how admins review and consent to Terms of Use on a mobile device. End-users can now zoom in and out, go back, download the information, and select hyperlinks.

  

New Azure AD Activity logs download experience available

Service category: Reporting
Product capability: Monitoring & Reporting

Admins can now download large amounts of activity logs directly from the Azure portal. This update lets them:

  • Download up to 250,000 rows.
  • Get notified after the download completes.
  • Customize the file name.
  • Determine the output format, either JSON or CSV.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.