Microsoft’s Identity Division made announcements and released functionality for Azure Active Directory during Microsoft Ignite 2019 (November 4th – November 8th, 2019) in Orlando, Florida:
Azure AD Security Defaults Public Preview
Security Defaults is a set of basic identity security mechanisms, recommended by Microsoft. When enabled, these recommendation will be automatically enforced. Admins and users will be better protected from common identity-related attacks.
Security defaults are available right now, from the tenant properties blade in the Azure Portal. Security Defaults replace the Baseline Policies in Conditional Access. When you enable Security Defaults, the Baseline Policies disappear.
Azure MFA for free
Microsoft announced that Azure Multi-factor Authentication (MFA) is now free.
Azure MFA will be enabled as part of the new Security Defaults feature for all new Azure Active Directory tenants for Microsoft 365, Office 365, Dynamics, and Azure.
As of November 1, 2019, there will be no charges for using multi-factor authentication or password-less authentication.
Password-less authentication for free
Organizations with any Azure Active Directory plan can now use the Microsoft Authenticator app to securely access their apps without a password. Previously, only customers with a paid plan could use the app for password-less authentication.
The password-less authentication methods feature in Azure Active Directory launched in Public Preview last year; General Availability is expected in 2020.
Refreshed Azure AD Identity Protection General Availability
The new Azure AD Identity Protection is now generally available. It offers new detections and capabilities. These new User and Entity Behavioral Analytics (UEBA) capabilities and their enhanced signals, massively improved APIs for integration with Security Operations Center (SOC) environments, and a new user interface, make Azure AD admins and their security counterparts more efficient.
Conditional Access Report-only mode Public Preview
Conditional Access Report-only mode allows admins to evaluate the potential impact of new Conditional Access policies before rolling them out. Organization with an Azure Monitor subscription can monitor the impact of Conditional Access policies in report-only mode using the new Conditional Access insights workbook. In combination with the Global Reader role this allows for further visibility into settings and policies without added risk.
Azure Active Directory Connect cloud provisioning Soon
Microsoft announced Azure Active Directory Connect cloud. It will become available for preview soon.
Azure Active Directory Connect cloud provisioning allows customers to easily consolidate disconnected on-premises Active Directory forests and eliminate the need for on-premises Azure AD Connect installations, all while enabling greater availability of connectivity (such as multiple deployments to disconnected forests for redundancy) and lowering costs.
Azure Active Directory Connect cloud provisioning provides a lightweight, on-premises agent that enables provisioning from multiple, disconnected on-premises Azure Directory forests and move all the synchronization complexity and data transformation logic to the cloud.
Inbound user provisioning from SAP SuccessFactors Public Preview
Microsoft announced the public preview of inbound user provisioning from SAP SuccessFactors. With this feature, admins can implement end-to-end identity lifecycle management covering the entire spectrum of Joiner-Mover-Leaver scenarios using SuccessFactors as the “system of record”. New employees can get up and running on their first day, and admins can modify or revoke access automatically based on the employee’s role and status in SuccessFactors.
Azure AD Entitlement Management Generally Available
34% of security breaches involve inside access, according to a 2019 Verizon report on data breaches. Microsoft is helping organizations manage access to information with entitlements management for Azure Active Directory, now generally available.
Entitlements management simplifies employee and partner access requests, approvals, auditing, and workflows.
Additionally, it allows organizations to create access packages that make it easier for employees and partners to request access to the information they need while ensuring that only the right people have access to the appropriate resources.
Azure Active Directory MyApps portal updates with new look and features Public PReview
A revamped look and more capabilities for the Azure Active Directory MyApps portal give users a simplified experience with all apps in one place.
The new features, now in preview, include a mobile-first launching experience for all enterprise apps, workspaces for administrator-curated apps, and a unified app launching experience with Microsoft 365 surfaces across the Office.com portal, Office 365 search, and Office navigation.
Easier sign-in and better security for firstline workers Soon
Microsoft announced new identity features in Microsoft 365 to help empower firstline workers to access company resources and work securely, whether on a personal or shared device.
The features, in private preview and available later this year, include:
- SMS sign-in that allows workers to sign in with their phone number and an SMS code for authentication, eliminating the need for passwords.
- Global sign-out, rolling out later this year for Android devices, that enables workers to sign out of all their apps with just one click and help ensure that nobody else can use the same devices under their account.
- Delegated user management that will enable scale and reduce stress on IT support by allowing firstline managers to manage users and credentials.
The capabilities will also be available on Teams, which also sees the rollout of off-shift access for firstline workers, which allows companies to grant Teams app access to firstline workers and still comply with designated work hours.
Azure Active Directory secure hybrid access with partners Soon
Microsoft announced secure hybrid access partnerships with Akamai, Citrix, F5 and Zscaler to simplify secure access to applications that use legacy protocols like header-based and Kerberos authentication.
With these new integrations, admins can apply the same risk-based Azure AD Conditional Access policies and Identity Governance processes to legacy authentication-based applications as to the rest of the digital environment.
MSAL for Python and Java Public Preview
Hot on the heels of the General Availability of Microsoft Authentication Libraries (MSAL) for Android, iOS and MacOS, Microsoft announced the Public Preview of the Microsoft Authentication Libraries (MSAL) for Java.
Azure AD Domain Services Resource Forest Public Preview
If you are looking to move your legacy authentication-based applications to the cloud, you can use the new Azure Active Directory Domain Services resource forest functionality, now in public preview.It allows organizations to create an instance of Azure AD DS that has a one-directional trust with the on-premises Active Directory domains and eliminates the need to synchronize password hashes to Azure AD DS.
Microsoft also made several enhancements to Azure AD Domain Services including additional availability zones, improved load balancer, Azure workbooks, audit logs, and a new set up experience.
Future of Identity
Microsoft has developed a Proof of Concept (PoC) for a decentralized identity system with the UK National Health Service (NHS), based on its research for an identity that lets individuals bring a digital identity with verifiable claims through blockchain technology.
NHS sponsors the project to help graduating doctors spend more time with patients, and less time onboarding and managing credentials.