Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2019:
What’s Planned
Support for the SameSite attribute and Chrome 80
Service category: Authentications (Logins)
Product capability: User Authentication
As part of a secure-by-default model for cookies, the Chrome 80 browser is changing how it treats cookies without the SameSite
attribute. Any cookie that doesn't specify the SameSite
attribute will be treated as though it was set to SameSite=Lax
, which will result in Chrome blocking certain cross-domain cookie sharing scenarios that apps may depend on. To maintain the older Chrome behavior, apps can use the SameSite=None
attribute and add an additional Secure
attribute, so cross-site cookies can only be accessed over HTTPS connections. Chrome is scheduled to complete this change by February 4, 2020.
Microsoft recommends all developers to test their apps using this guidance:
- Set the default value for the Use Secure Cookie setting to Yes.
- Set the default value for the SameSite attribute to None.
- Add an additional
SameSite
attribute of Secure.
What’s New
Google social ID support for Azure AD B2B collaboration General Availability
Service category: B2B
Product capability: User Authentication
New support for using Google social IDs (Gmail accounts) in Azure AD helps to make collaboration simpler for users and partners. There's no longer a need for Google-based partners to create and manage a new Microsoft-specific account. Additionally, Microsoft Teams now fully supports Google users on all clients and across the common and tenant-related authentication endpoints.
For more information, see Add Google as an identity provider for B2B guest users.
Microsoft Edge Mobile Support for Conditional Access and Single Sign-on General Availability
Service category: Conditional Access
Product capability: Identity Security & Protection
Azure AD for Microsoft Edge on iOS and Android now supports Azure AD Single Sign-On and Conditional Access:
- Microsoft Edge single sign-on (SSO): Single sign-on is now available across native clients (such as Microsoft Outlook and Microsoft Edge) for all Azure AD-connected apps and services.
- Microsoft Edge conditional access: Through application-based Conditional Access policies, users must use Microsoft Intune-protected browsers, such as Microsoft Edge.
Azure AD entitlement management General Availability
Service category: Other
Product capability: Entitlement Management
Azure AD entitlement management is a new identity governance feature, which helps organizations manage identity and access lifecycle at scale. This new feature helps by automating access request workflows, access assignments, reviews, and expiration across groups, apps, and SharePoint Online sites.
With Azure AD entitlement management, Azure AD admins can more efficiently manage access both for employees and also for users outside your organization who need access to those resources.
Updates to the My Apps page along with new workspaces
Public Preview
Service category: My Apps
Product capability: 3rd Party Integration
Azure AD admins can now customize the way their organizations’ users view and access the refreshed My Apps experience. This new experience also includes the new workspaces feature, which makes it easier for users to find and organize apps.
For more information about the new My Apps experience and creating workspaces, see Create workspaces on the My Apps portal.
New AD FS app activity report to help migrate apps to Azure AD Public Preview
Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)
Azure AD Admins are welcome to use the new Active Directory Federation Services (AD FS) app activity report in the Azure portal. This way, admins can identify which of their apps are capable of being migrated to Azure AD. The report assesses all AD FS apps for compatibility with Azure AD, checks for any issues, and gives guidance about preparing individual apps for migration.
New workflow for users to request administrator consent Public Preview
Service category: Enterprise Apps
Product capability: Access Control
The new admin consent workflow gives Azure admins a way to grant access to apps that require admin approval. If a user tries to access an app, but is unable to provide consent, they can now send a request for admin approval. The request is sent by email, and placed in a queue that's accessible from the Azure portal to all the admins who have been designated as reviewers. After a reviewer takes action on a pending request, the requesting users are notified of the action.
New Azure AD App Registrations Token configuration experience for managing optional claims Public Preview
Service category: Other
Product capability: Developer Experience
The new Azure AD App Registrations Token configuration blade on the Azure portal now shows app developers a dynamic list of optional claims for their apps. This new experience helps to streamline Azure AD app migrations and to minimize optional claims misconfigurations.
New two-stage approval workflow in Azure AD entitlement management Public Preview
Service category: Other
Product capability: Entitlement Management
Microsoft has introduced a new two-stage approval workflow that allows Azure AD admins to require two approvers to approve a user's request to an access package. For example, they can set it so the requesting user's manager must first approve, and then they can also require a resource owner to approve. If one of the approvers doesn't approve, access isn't granted.
Automated user account provisioning for additional SaaS apps
Service category: Enterprise Apps
Product capability: 3rd Party Integration
Azure AD admins can now automate creating, updating, and deleting user accounts for these eight newly integrated apps:
- SAP Cloud Platform Identity Authentication Service
- RingCentral
- SpaceIQ
- Miro
- Cloudgate
- Infor CloudSuite
- OfficeSpace Software
- Priority Matrix
New Federated Apps available in Azure AD App gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In November 2019, Microsoft has added these 21 new apps with Federation support to the app gallery:
- Airtable
- Hootsuite
- Blue Access for Members (BAM)
- Bitly
- Riva
- ResLife Portal
- NegometrixPortal Single Sign On (SSO)
- TeamsChamp
- Motus
- MyAryaka
- BlueMail
- Beedle
- Visma
- OneDesk
- Foko Retail
- Qmarkets Idea & Innovation Management
- Netskope User Authentication
- uniFLOW Online
- Claromentis
- Jisc Student Voter Registration
- e4enable
What’s Changed
New and improved Azure AD application gallery
Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)
Microsoft has updated the Azure AD application gallery to make it easier for admins to find pre-integrated apps that support provisioning, OpenID Connect, and SAML on Azure Active Directory tenants.
Increased app role definition length limit from 120 to 240 characters
Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)
Based on feedback from customers that the length limit for the app role definition value in some apps and services is too short at 120 characters. Microsoft has increased the maximum length of the role value definition to 240 characters.
New hotfix for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2)
Service category: Microsoft Identity Manager
Product capability: Identity Lifecycle Management
A hotfix rollup package (build 4.6.34.0) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2). This rollup package resolves issues and adds improvements that are described in the "Issues fixed and improvements added in this update" section of 4512924 Microsoft Identity Manager 2016 Service Pack 2 (build 4.6.34.0) Update Rollup is available.
Login