Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for March 2020:
What’s New
Disaster recovery: Download and store provisioning configuration
Service category: App provisioning
Product capability: Identity lifecycle management
The Azure AD provisioning service provides a rich set of configuration capabilities. Organizations need to be able to save their configuration so that they can refer to it later or roll back to a known good version. Microsoft has added the ability for Azure AD administrators to download their provisioning configuration as a JSON file and upload it when they need it.
Azure AD B2B Collaboration available in Azure Government
Service category: Business to Business (B2B)
Product capability: B2B/B2C
The Azure AD Business to Business (B2B) collaboration features are now available between some Azure Government tenants. To find out if your tenant is able to use these capabilities, follow the instructions at How can I tell if B2B collaboration is available in my Azure US Government tenant?.
Azure AD B2B is planned for Microsoft Azure operated by 21Vianet (Azure China 21Vianet) tenants.
Azure Monitor integration for Azure Logs available in Azure Government
Service category: Reporting
Product capability: Monitoring and reporting
Azure Monitor integration with Azure AD logs is now available in Azure Government. You can route Azure AD Logs (Audit and Sign-in Logs) to a storage account, Event Hub and Log Analytics.
Identity Protection Refresh in Azure Government
Service category: Identity protection
Product capability: Identity security and protection
Microsoft is excited to share that they have now rolled out the refreshed Azure AD Identity Protection experience in the Microsoft Azure Government portal.
What’s Changed
Azure AD sign-in logs are now available for all free tenants through the Azure portal
Service category: Reporting
Product capability: Monitoring and reporting
Starting now, organizations who have free tenants can access the Azure AD sign-in logs from the Azure portal for up to 7 days. Previously, sign-in logs were available only for customers with Azure Active Directory Premium licenses. With this change, all tenants can access these logs through the portal.
Note:
Organizations still need a premium license (Azure Active Directory Premium P1 or P2) to access the sign-in logs through Microsoft Graph API and Azure Monitor.
Password length is limited to 256 characters
Service category: Authentications (Logins)
Product capability: User authentication
To ensure the reliability of the Azure AD service, user passwords are now limited in length to 256 characters. Users with passwords longer than this will be asked to change their password on subsequent sign in, either by contacting their admin or by using the self-service password reset feature.
This change was enabled on March 13th, 2020, at 10AM PST (18:00 UTC), and the error is AADSTS 50052, InvalidPasswordExceedsMaxLength.
HomeRealmDiscovery policy changes appear in the audit logs
Service category: Audit
Product capability: Monitoring and reporting
Microsoft fixed a bug where changes to the HomeRealmDiscovery policy were not included in the audit logs. Admins can now see when and how the policy was changed, and by whom.
SSPR now requires two gates for admins in Azure China 21Vianet
Service category: Self-Service Password Reset
Product capability: Identity security and protection
Previously in Microsoft Azure operated by 21Vianet (Azure China 21Vianet), admins using self-service password reset (SSPR) to reset their own passwords needed only one "gate" (challenge) to prove their identity. In public and other national clouds, admins generally must use two gates to prove their identity when using SSPR. But because Microsoft didn't support SMS or phone calls in Azure China 21Vianet, Microsoft allowed one-gate password reset by admins.
Microsoft has created SSPR feature parity between Azure China 21Vianet and the public cloud. Going forward, admins must use two gates when using SSPR. SMS, phone calls, and Authenticator app notifications and codes are supported.
What’s deprecated
Deprecation of Directory-wide groups option from Groups General Settings on Azure portal
Service category: Group management
Product capability: Collaboration
To provide a more flexible way for organizations to create directory-wide groups that best meet their needs, Microsoft has replaced the Directory-wide Groups option from the Groups > General settings in the Azure portal with a link to dynamic group documentation. Microsoft has improved its documentation to include more instructions so administrators can create all-user groups that include or exclude guest users.
Login