What’s New in Azure Active Directory for October 2019

Azure Active Directory

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for October 2019:

 

What’s Planned

Deprecation of the identityRiskEvent API for Azure AD Identity Protection risk detections

Service category: Identity Protection
Product capability: Identity Security & Protection

In response to developer feedback, admins for tenants with Azure AD Premium P2 subscription licenses in their Azure AD tenants can now perform complex queries on Azure AD Identity Protection’s risk detection data by using the new riskDetection API for Microsoft Graph.

The existing identityRiskEvent API beta version will stop returning data around January 10, 2020. If your organization is using the identityRiskEvent API, you should transition to the new riskDetection API.

 

Application Proxy support for the SameSite Attribute and Chrome 80

Service category: App Proxy
Product capability: Access Control

A couple of weeks prior to the Chrome 80 browser release, Microsoft plans to update how Application Proxy cookies treat the SameSite attribute. With the release of Chrome 80, any cookie that doesn’t specify the SameSite attribute will be treated as though it was set to SameSite=Lax.

To help avoid potentially negative impacts due to this change, Microsoft is updating Application Proxy access and session cookies by:

  • Setting the default value for the Use Secure Cookie setting to Yes.
  • Setting the default value for the SameSite attribute to None.

 

App registrations (legacy) and converged app management from the Application Registration Portal will no longer be available

Service category: N/A
Product capability: Developer Experience

In the near future, users with Azure AD accounts will no longer be able to register and manage converged applications using the Application Registration Portal (apps.dev.microsoft.com), or register and manage applications in the App registrations (legacy) experience in the Azure portal.

 

What’s New

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Microsoft has added additional capabilities to help admins customizing and sending claims in SAML tokens. These new capabilities include:

  • Additional claims transformation functions, helping admins to modify values sent in the claim
  • Ability to apply multiple transformations to a single claim
  • Ability to specify the claim source, based on the user type and the group to which the user belongs

 

New My Sign-ins page for end users in Azure AD

Service category: Authentications (Logins)
Product capability: Monitoring & Reporting

Microsoft has added a new My Sign-ins page (https://mysignins.microsoft.com) to users view their recent sign-in history to check for any unusual activity. This new page allows users to see:

  • If anyone is attempting to guess their password.
  • If an attacker successfully signed in to their account and from what location.
  • What apps the attacker tried to access.

 

Migration of Azure AD Domain Services (Azure AD DS) from classic to Azure Resource Manager virtual networks

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Admins can now perform a one-time migration of Azure AD Domain Services from a classic virtual network to an existing Resource Manager virtual network. After moving to the Resource Manager virtual network, admins will be able to take advantage of the additional and upgraded features such as, fine-grained password policies, email notifications, and audit logs.

 

Updates to the Azure AD B2C page contract layout

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

Microsoft has introduced some changes to version 1.2.0 of the page contract for Azure AD B2C. In this updated version, admins can now control the load order for elements. This might help to stop the flicker that happens when the style sheet (CSS) is loaded.

 

Update to the My Apps page along with new Workspaces
Public preview

Service category: My Apps
Product capability: Access Control

Azure AD admins can now customize the way their organization’s users view and access the brand-new My Apps experience, including using the new Workspaces feature to make it easier for them to find apps. The new Workspaces functionality acts as a filter for the apps users already have access to.

 

Support for the monthly active user-based billing model General availability

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

Azure AD B2C now supports monthly active users (MAU) billing. MAU billing is based on the number of unique users with authentication activity during a calendar month. Organizations can switch to this new billing method at any time.

Starting on November 1, 2019, all new organizations will automatically be billed using this method. This billing method benefits organizations through cost benefits and the ability to plan ahead.

 

What’s Changed

Users are no longer required to re-register during migration from per-user MFA to Conditional Access-based MFA

Service category: Multi-factor Authentication (MFA)
Product capability: Identity Security & Protection

Microsoft has fixed a known issue whereby when users were required to re-register if they were disabled for per-user Multi-Factor Authentication (MFA) and then enabled for MFA through a Conditional Access policy.

To require users to re-register, admins can select the Required re-register MFA option from the user’s authentication methods in the Azure AD portal.

 

Consolidated Security menu item in the Azure AD portal

Service category: Identity Protection
Product capability: Identity Security & Protection

You can now access all of the available Azure AD security features from the new Security menu item, and from the Search bar in the Azure portal. Additionally, the new Security landing page, called Security – Getting started, provides links to Microsoft’s public documentation, security guidance, and deployment guides.

The new Security menu includes:

  • Conditional Access
  • Identity Protection
  • Security Center
  • Identity Secure Score
  • Authentication methods
  • MFA
  • Risk reports – Risky users, Risky sign-ins, Risk detections

 

Office 365 groups expiration policy enhanced with autorenewal

Service category: Group Management
Product capability: Identity Lifecycle Management

The Office 365 groups expiration policy has been enhanced to automatically renew groups that are actively in use by its members. Groups will be autorenewed based on user activity across all the Office 365 apps, including Outlook, SharePoint, and Teams.

This enhancement helps to reduce group expiration notifications and helps to make sure that active groups continue to be available. If admins already have an active expiration policy for your Office 365 groups, they don’t need to do anything to turn on this new functionality.

 

Updated Azure AD Domain Services (Azure AD DS) creation experience

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Microsoft has updated Azure AD Domain Services (Azure AD DS) to include a new and improved creation experience, helping admins to create a managed domain in just three clicks! In addition, admins can now upload and deploy Azure AD DS from a template.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.