Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for February 2020:
What’s Planned
Identity Secure Score – MFA improvement action updates
Service category: MFA
Product capability: Identity Security & Protection
To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score is removing three improvement actions centered around multi-factor authentication (MFA), and adding two.
The following improvement actions will be removed:
- Register all users for MFA
- Require MFA for all users
- Require MFA for Azure AD privileged roles
The following improvement actions will be added:
- Ensure all users can complete MFA for secure access
- Require MFA for administrative roles
These new improvement actions will require Azure AD admins to register their organization’s users or admins for MFA across the Azure AD tenant and establishing the right set of policies that fit the organization’s needs.
The main goal is to have flexibility while ensuring all users and admins can authenticate with multiple factors or risk-based identity verification prompts. This can take the form of:
- Setting security defaults that let Microsoft decide when to challenge users for MFA, or ;
- Having multiple Conditional Access policies that apply scoped decisions.
Note:
As part of these improvement action updates, Baseline protection policies will no longer be included in scoring calculations.
What’s New
Azure AD Domain Services SKU selection
Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services
Microsoft has heard feedback that organizations using Azure Active Directory Domain Services (Azure AD DS) need more flexibility in selecting performance levels for their instances.
On February 1, 2020, Microsoft switched from a dynamic model (where Azure AD determines the performance and pricing tier based on object count) to a self-selection model.
Organizations can choose a performance tier that matches their environment. This change also allows Microsoft to enable new scenarios like Resource Forests, and Premium features like daily backups.
The object count is now unlimited for all SKUs, but Microsoft will continue to offer object count suggestions for each tier.
No immediate customer action is required.
For organizations already using Azure Active Directory Domain Services (Azure AD DS), the dynamic tier that was in use on February 1, 2020, determines their new default tier. There is no pricing or performance impact as the result of this change.
Going forward, organizations will need to evaluate performance requirements as their directory size and workload characteristics change. Switching between service tiers will continue to be a no-downtime operation, and Microsoft will no longer automatically move organizations using Azure AD DS to new tiers based on the growth of their directory.
New Federated Apps available in Azure AD App gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In February 2020 Microsoft has added these 31 new apps with Federation support to the app gallery:
- IamIP Patent Platform
- Experience Cloud
- NS1 SSO For Azure
- Barracuda Email Security Service
- ABa Reporting
- In Case of Crisis – Online Portal
- BIC Cloud Design
- Beekeeper Azure AD Data Connector
- Korn Ferry Assessments
- Verkada Command
- Splashtop
- Syxsense
- EAB Navigate
- New Relic (Limited Release)
- Thulium
- Ticket Manager
- Template Chooser for Teams
- Beesy
- Health Support System
- MURAL
- Hive
- LavaDo
- Wakelet
- Firmex VDR
- ThingLink for Teachers and Schools
- Coda
- NearpodApp
- WEDO
- InvitePeople
- Reprints Desk – Article Galaxy
- TeamViewer
New provisioning connectors in the Azure AD Application Gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
Azure AD admins can now automate creating, updating, and deleting user accounts for these newly integrated apps:
Azure AD support for FIDO2 security keys in hybrid environments Public Preview
Service category: Authentications (Logins)
Product capability: User Authentication
Microsoft is announcing the public preview of Azure AD support for FIDO2 security keys in Hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get single sign-on to their on-premises and cloud resources.
Support for Hybrid environments has been the top most-requested feature from organizations on the passwordless journey, since Microsoft initially launched the public preview for FIDO2 support in Azure AD joined devices. Passwordless authentication using advanced technologies like biometrics and public/private key cryptography provide convenience and ease-of-use while being secure. With this public preview, people can now use modern authentication like FIDO2 security keys to access traditional Active Directory-integrated resources.
New My Account experience Generally Available
Service category: My Profile/Account
Product capability: End User Experiences
My Account, the one stop shop for all end-user account management needs, is now generally available! End users can access this new site via https://myaccount.microsoft.com, or in the header of the new My Apps experience.
Hey Sander, looks the URL for My Account is myworkaccount.microsoft.com for AAD accounts.