What’s New in Azure Active Directory for November 2019

Azure Active Directory

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2019:

  

What’s Planned

Support for the SameSite attribute and Chrome 80

Service category: Authentications (Logins)
Product capability: User Authentication

As part of a secure-by-default model for cookies, the Chrome 80 browser is changing how it treats cookies without the SameSite attribute. Any cookie that doesn’t specify the SameSite attribute will be treated as though it was set to SameSite=Lax, which will result in Chrome blocking certain cross-domain cookie sharing scenarios that apps may depend on. To maintain the older Chrome behavior, apps can use the SameSite=None attribute and add an additional Secure attribute, so cross-site cookies can only be accessed over HTTPS connections. Chrome is scheduled to complete this change by February 4, 2020.

Microsoft recommends all developers to test their apps using this guidance:

  • Set the default value for the Use Secure Cookie setting to Yes.
  • Set the default value for the SameSite attribute to None.
  • Add an additional SameSite attribute of Secure.

What’s New

Google social ID support for Azure AD B2B collaboration General Availability

Service category: B2B
Product capability: User Authentication

New support for using Google social IDs (Gmail accounts) in Azure AD helps to make collaboration simpler for users and partners. There’s no longer a need for Google-based partners to create and manage a new Microsoft-specific account. Additionally, Microsoft Teams now fully supports Google users on all clients and across the common and tenant-related authentication endpoints.

For more information, see Add Google as an identity provider for B2B guest users.

Microsoft Edge Mobile Support for Conditional Access and Single Sign-on General Availability

Service category: Conditional Access
Product capability: Identity Security & Protection

Azure AD for Microsoft Edge on iOS and Android now supports Azure AD Single Sign-On and Conditional Access:

  • Microsoft Edge single sign-on (SSO): Single sign-on is now available across native clients (such as Microsoft Outlook and Microsoft Edge) for all Azure AD-connected apps and services.
  • Microsoft Edge conditional access: Through application-based Conditional Access policies, users must use Microsoft Intune-protected browsers, such as Microsoft Edge.

Azure AD entitlement management General Availability

Service category: Other
Product capability: Entitlement Management

Azure AD entitlement management is a new identity governance feature, which helps organizations manage identity and access lifecycle at scale. This new feature helps by automating access request workflows, access assignments, reviews, and expiration across groups, apps, and SharePoint Online sites.

With Azure AD entitlement management, Azure AD admins can more efficiently manage access both for employees and also for users outside your organization who need access to those resources.

Updates to the My Apps page along with new workspaces
Public Preview

Service category: My Apps
Product capability: 3rd Party Integration

Azure AD admins can now customize the way their organizations’ users view and access the refreshed My Apps experience. This new experience also includes the new workspaces feature, which makes it easier for users to find and organize apps.

For more information about the new My Apps experience and creating workspaces, see Create workspaces on the My Apps portal.

New AD FS app activity report to help migrate apps to Azure AD Public Preview

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Azure AD Admins are welcome to use the new Active Directory Federation Services (AD FS) app activity report in the Azure portal. This way, admins can identify which of their apps are capable of being migrated to Azure AD. The report assesses all AD FS apps for compatibility with Azure AD, checks for any issues, and gives guidance about preparing individual apps for migration.

New workflow for users to request administrator consent Public Preview

Service category: Enterprise Apps
Product capability: Access Control

The new admin consent workflow gives Azure admins a way to grant access to apps that require admin approval. If a user tries to access an app, but is unable to provide consent, they can now send a request for admin approval. The request is sent by email, and placed in a queue that’s accessible from the Azure portal to all the admins who have been designated as reviewers. After a reviewer takes action on a pending request, the requesting users are notified of the action.

New Azure AD App Registrations Token configuration experience for managing optional claims Public Preview

Service category: Other
Product capability: Developer Experience

The new Azure AD App Registrations Token configuration blade on the Azure portal now shows app developers a dynamic list of optional claims for their apps. This new experience helps to streamline Azure AD app migrations and to minimize optional claims misconfigurations.

New two-stage approval workflow in Azure AD entitlement management Public Preview

Service category: Other
Product capability: Entitlement Management

Microsoft has introduced a new two-stage approval workflow that allows Azure AD admins to require two approvers to approve a user’s request to an access package. For example, they can set it so the requesting user’s manager must first approve, and then they can also require a resource owner to approve. If one of the approvers doesn’t approve, access isn’t granted.

Automated user account provisioning for additional SaaS apps

Service category: Enterprise Apps
Product capability: 3rd Party Integration

Azure AD admins can now automate creating, updating, and deleting user accounts for these eight newly integrated apps:

New Federated Apps available in Azure AD App gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In November 2019, Microsoft has added these 21 new apps with Federation support to the app gallery:

What’s Changed

New and improved Azure AD application gallery

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Microsoft has updated the Azure AD application gallery to make it easier for admins to find pre-integrated apps that support provisioning, OpenID Connect, and SAML on Azure Active Directory tenants.

Increased app role definition length limit from 120 to 240 characters

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Based on feedback from customers that the length limit for the app role definition value in some apps and services is too short at 120 characters. Microsoft has increased the maximum length of the role value definition to 240 characters.

 

New hotfix for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2)

Service category: Microsoft Identity Manager
Product capability: Identity Lifecycle Management

A hotfix rollup package (build 4.6.34.0) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2). This rollup package resolves issues and adds improvements that are described in the “Issues fixed and improvements added in this update” section of 4512924 Microsoft Identity Manager 2016 Service Pack 2 (build 4.6.34.0) Update Rollup is available.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.