What’s New in Azure Active Directory for April 2019

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for April 2019:


What’s New

Azure Active Directory (Azure AD) entitlement management is now available Public preview

Service category: Identity Governance
Product capability: Identity Governance

Azure AD entitlement management, now in public preview, helps customers to delegate management of access packages, which defines how employees and business partners can request access, who must approve, and how long they have access. Access packages can manage membership in Azure AD and Office 365 groups, role assignments in enterprise applications, and role assignments for SharePoint Online sites. Entitlement management requires Azure AD Premium P2 licenses.


Configure a naming policy for Office 365 groups in Azure AD portal Public preview

Service category: Group Management
Product capability: Collaboration

Administrators can now configure a naming policy for Office 365 groups, using the Azure AD portal. This change helps to enforce consistent naming conventions for Office 365 groups created or edited by users in your organization.

You can configure naming policy for Office 365 groups in two different ways:

  1. Define prefixes or suffixes, which are automatically added to a group name.
  2. Upload a customized set of blocked words for your organization, which are not allowed in group names (for example, “CEO, Payroll, HR”).


Azure AD Activity logs are now available in Azure Monitor General availability

Service category: Reporting
Product capability: Monitoring & Reporting

To help address feedback about visualizations with the Azure AD Activity logs, Microsoft introduces a new Insights feature in Log Analytics. This feature helps administrators gain insights about Azure AD resources by using interactive templates, called Workbooks. These pre-built Workbooks can provide details for apps or users, and include:

  • Sign-ins. Provides details for apps and users, including sign-in location, the in-use operating system or browser client and version, and the number of successful or failed sign-ins.
  • Legacy authentication and conditional access. Provides details for apps and users using legacy authentication, including Multi-Factor Authentication usage triggered by conditional access policies, apps using conditional access policies, and so on.
  • Sign-in failure analysis. Helps you to determine if sign-in errors are occurring due to a user action, policy issues, or your infrastructure.
  • Custom reports. Admins can create new, or edit existing Workbooks to help customize the Insights feature for their organization.


New Federated Apps available in Azure AD app gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In April 2019, we've added these 21 new apps with Federation support to the app gallery:


New access reviews frequency option and multiple role selection

Service category: Access Reviews
Product capability: Identity Governance

New updates in Azure AD access reviews allow you to:

  • Change the frequency of your access reviews to semi-annually, in addition to the previously existing options of weekly, monthly, quarterly, and annually.
  • Select multiple Azure AD and Azure resource roles when creating a single access review. In this situation, all roles are set up with the same settings and all reviewers are notified at the same time.


Increased security using the app protection-based conditional access policy in Azure AD Public preview

Service category: Conditional Access
Product capability: Identity Security & Protection

App protection-based conditional access is now available by using the Require app protection policy. This new policy helps to increase your organization's security by helping to prevent:

  • Users gaining access to apps without a Microsoft Intune license.
  • Users being unable to get a Microsoft Intune app protection policy.
  • Users gaining access to apps without a configured Microsoft Intune app protection policy.


New support for Azure AD single sign-on and conditional access in Microsoft Edge Public preview

Service category: Conditional Access
Product capability: Identity Security & Protection

Microsoft has enhanced the Azure AD support for Microsoft Edge, including providing new support for Azure AD single sign-on and conditional access. If you've previously used Microsoft Intune Managed Browser, you can now use Microsoft Edge instead.


What’s Changed

Azure AD Connect email alert system(s) are transitioning, sending new email sender information for some customers

Service category: AD Sync
Product capability: Platform

Azure AD Connect is in the process of transitioning our email alert system(s), potentially showing some customers a new email sender. To address this, administrators must add azure-noreply@microsoft.com to their organization's whitelist or they won't be able to continue receiving important alerts from your Office 365, Azure, or your Sync services.


UPN suffix changes are now successful between Federated domains in Azure AD Connect

Service category: AD Sync
Product capability: Platform

Administrators can now successfully change a user's userPrincipalName suffix from one federated domain to another federated domain in Azure AD Connect. This fix means they should no longer experience the following error message during the synchronization cycle or receive a notification email stating:


Unable to update this object in Azure Active Directory, because the attribute [FederatedUser.UserPrincipalName], is not valid. Update the value in your local directory services.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.