What’s New in Azure Active Directory in February 2020

Azure Active Directory

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for February 2020:

 

What’s Planned

Identity Secure Score – MFA improvement action updates

Service category: MFA
Product capability: Identity Security & Protection

To reflect the need for businesses to ensure the upmost security while applying policies that work with their business, Microsoft Secure Score is removing three improvement actions centered around multi-factor authentication (MFA), and adding two.

The following improvement actions will be removed:

  • Register all users for MFA
  • Require MFA for all users
  • Require MFA for Azure AD privileged roles

The following improvement actions will be added:

  • Ensure all users can complete MFA for secure access
  • Require MFA for administrative roles

These new improvement actions will require Azure AD admins to register their organization’s users or admins for MFA across the Azure AD tenant and establishing the right set of policies that fit the organization’s needs.

The main goal is to have flexibility while ensuring all users and admins can authenticate with multiple factors or risk-based identity verification prompts. This can take the form of:

  • Setting security defaults that let Microsoft decide when to challenge users for MFA, or ;
  • Having multiple Conditional Access policies that apply scoped decisions.

Note:
As part of these improvement action updates, Baseline protection policies will no longer be included in scoring calculations.

 

What’s New

Azure AD Domain Services SKU selection

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Microsoft has heard feedback that organizations using Azure Active Directory Domain Services (Azure AD DS) need more flexibility in selecting performance levels for their instances.

On February 1, 2020, Microsoft switched from a dynamic model (where Azure AD determines the performance and pricing tier based on object count) to a self-selection model.

Organizations can choose a performance tier that matches their environment. This change also allows Microsoft to enable new scenarios like Resource Forests, and Premium features like daily backups.

The object count is now unlimited for all SKUs, but Microsoft will continue to offer object count suggestions for each tier.

No immediate customer action is required.
For organizations already using Azure Active Directory Domain Services (Azure AD DS), the dynamic tier that was in use on February 1, 2020, determines their new default tier. There is no pricing or performance impact as the result of this change.

Going forward, organizations will need to evaluate performance requirements as their directory size and workload characteristics change. Switching between service tiers will continue to be a no-downtime operation, and Microsoft will no longer automatically move organizations using Azure AD DS to new tiers based on the growth of their directory.

 

New Federated Apps available in Azure AD App gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In February 2020 Microsoft has added these 31 new apps with Federation support to the app gallery:

 

New provisioning connectors in the Azure AD Application Gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

Azure AD admins can now automate creating, updating, and deleting user accounts for these newly integrated apps:

 

Azure AD support for FIDO2 security keys in hybrid environments Public Preview

Service category: Authentications (Logins)
Product capability: User Authentication

Microsoft is announcing the public preview of Azure AD support for FIDO2 security keys in Hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get single sign-on to their on-premises and cloud resources.

Support for Hybrid environments has been the top most-requested feature from organizations on the passwordless journey, since Microsoft initially launched the public preview for FIDO2 support in Azure AD joined devices. Passwordless authentication using advanced technologies like biometrics and public/private key cryptography provide convenience and ease-of-use while being secure. With this public preview, people can now use modern authentication like FIDO2 security keys to access traditional Active Directory-integrated resources.

 

New My Account experience Generally Available

Service category: My Profile/Account
Product capability: End User Experiences

My Account, the one stop shop for all end-user account management needs, is now generally available! End users can access this new site via https://myaccount.microsoft.com, or in the header of the new My Apps experience.

One Response to What’s New in Azure Active Directory in February 2020

  1.  

    Hey Sander, looks the URL for My Account is myworkaccount.microsoft.com for AAD accounts.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.