What’s New in Azure Active Directory for May 2019

Azure Active Directory

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for May2019:

                   

What’s Planned

Future support for only TLS 1.2 protocols on the Azure AD Application Proxy service

Service category: App Proxy
Product capability: Access Control

To help provide best-in-class encryption for our customers, Microsoft is limiting access to only TLS 1.2 protocols on the Azure AD Application Proxy service. This change is gradually being rolled out, first to customers who are already only using TLS 1.2 protocols.

Deprecation of TLS 1.0 and TLS 1.1 happens on August 31, 2019. Microsoft will provide additional advanced notice, so you’ll have time to prepare for this change. To prepare for this change make sure your client-server and browser-server combinations, including any clients your users use to access apps published through Application Proxy, are updated to use the TLS 1.2 protocol to maintain the connection to the Application Proxy service.

                     

What’s New

Identity secure score is now available in Azure AD
General availability

Product capability: Identity Security & Protection

You can now monitor and improve your identity security posture by using the identity secure score feature in Azure AD. The identity secure score feature uses a single dashboard to help you:

  • Objectively measure your identity security posture
  • Plan for your identity security improvements
  • Review the success of your security improvements

                 

New App registrations experience is now available
General availability

Service category: Authentications (Logins)
Product capability: Developer Experience

The new App registrations experience is now in general availability. This new experience includes all the key features admins are familiar with from the Azure portal and the Application Registration portal and improves upon them through:

  • Better app management. Instead of seeing their apps across different portals, admins can now see all their apps in one location.
  • Simplified app registration. From the improved navigation experience to the revamped permission selection experience, it’s now easier for admins to register and manage apps.
  • More detailed information. Admins can find more details about their app, including quickstart guides and more.

                                  

Conditional access for the combined registration process Public preview

Service category: Conditional Access
Product capability: Identity Security & Protection

Admins can now create Conditional Access policies for use by the combined SSPR/MFA registration page. This includes applying policies to allow registration if:

  • Users are on a trusted network.
  • Users are a low sign-in risk.
  • Users are on a managed device.
  • Users agree to the organization’s terms of use (TOU).

                           

Use the usage and insights report to view your app-related sign-in data

Service category: Enterprise Apps
Product capability: Monitoring and Reporting

Admins can now use the usage and insights report, located in the Enterprise applications area of the Azure portal, to get an application-centric view of the sign-in data, including info about:

  • Top used apps for your organization
  • Apps with the most failed sign-ins
  • Top sign-in errors for each app

                         

Automate your user provisioning to cloud apps using Azure AD

Service category: Enterprise Apps
Product capability: Monitoring and Reporting

Follow these new tutorials to use the Azure AD Provisioning Service to automate the creation, deletion, and updating of user accounts for the following cloud-based apps:

You can also follow this new Dropbox tutorial, which provides info about how to provision group objects.

                     

New capabilities available in the Risky Users API for Identity Protection

Service category: Identity Protection
Product capability: Identity Security & Protection

Microsoft is pleased to announce that admins can now use the Risky Users API to retrieve users’ risk history, dismiss risky users, and to confirm users as compromised. This change helps admins to more efficiently update the risk status of their users and understand their risk history.

                    

New Federated Apps available in Azure AD app gallery – May 2019

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In May 2019, Microsoft has added these 21 new apps with Federation support to the app gallery:

  1. Freedcamp
  2. Real Links
  3. Kianda
  4. Simple Sign
  5. Braze
  6. Displayr
  7. Templafy
  8. Marketo Sales Engage
  9. ACLP
  10. OutSystems
  11. Meta4 Global HR
  12. Quantum Workplace
  13. Cobalt
  14. webMethods API Cloud
  15. RedFlag
  16. Whatfix
  17. Control
  18. JOBHUB
  19. NEOGOV
  20. Foodee
  21. MyVR

                                

Improved groups creation and management experiences in the Azure AD portal

Service category: Group Management
Product capability: Collaboration

Microsoft has made improvements to the groups-related experiences in the Azure AD portal. These improvements allow admins to better manage groups lists, members lists, and to provide additional creation options. Improvements include:

  • Basic filtering by membership type and group type.
  • Addition of new columns, such as Source and Email address.
  • Ability to multi-select groups, members, and owner lists for easy deletion.
  • Ability to choose an email address and add owners during group creation.

                

What’s Changed

Configure a naming policy for Office 365 groups in Azure AD portal General availability

Service category: Group Management
Product capability: Collaboration

Admins can now configure a naming policy for Office 365 groups, using the Azure AD portal. This change helps to enforce consistent naming conventions for Office 365 groups created or edited by users in your organization.

                                  

Microsoft Graph API endpoints are now available for Azure AD activity logs General availability

Service category: Reporting
Product capability: Monitoring & Reporting

Microsoft is happy to announce general availability of Microsoft Graph API endpoints support for Azure AD activity logs. With this release, admins can now use Version 1.0 of both the Azure AD audit logs, as well as the sign-in logs APIs.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.