What’s New in Identity from Microsoft Inspire 2020

Microsoft Inspire 2020

Microsoft Inspire is Microsoft’s annual event where it kicks off its fiscal year with its partner community. Inspire is Microsoft’s way to explain what’s coming in the year ahead and work together to find shared solutions for customers.

This year’s Inspire event brought us the following Identity-related news:


New Surface Hub OS featuring Azure AD Join Updates Public Preview

Microsoft is excited to announce the latest version of the Surface Hub operating system: Windows 10 Team 2020 Update, is now available for preview through the Windows Insider Program.

This update addresses top customer requests, starting with full support for organizations using Azure Active Directory (Azure AD) to manage their Surface Hub devices:

  • Single sign-on (SSO) for Azure AD joined devices
    When users sign in with their Microsoft 365 credentials to “My meetings and files”, their user credentials flow seamlessly from app to app – including Microsoft 365 experiences in the browser.
  • Conditional access (CA) for Azure AD joined devices
    IT admins can deploy device-level security policies to their Azure AD joined Surface Hub to control access to organizational resources in accordance with corporate security and compliance requirements.
  • Support for non-Global admins for Azure AD joined devices
    Organizations can choose a more granular set of admins within their admin hierarchy to manage Surface Hub. For more information, see Admin group management.
  • Modern authentication for cloud device accounts
    Surface Hub supports Exchange Web Services (EWS) and Active Directory Authentication Library (ADAL) based authentication to connect to Exchange, allowing organizations to deprecate the use of Basic authentication. For details, see Modern authentication on Surface Hub.

Learn more.


Microsoft Authentication Library (MSAL) for JavaScript Generally Available

The Microsoft Authentication Library (MSAL) for JavaScript has now been released as version 2.0 and allows organizations to use the authorization code flow in production. MSAL.js 2.0 will first make a request to the /authorize endpoint to receive an authorization code protected by Proof Key for Code Exchange (PKCE). This code is sent to the Cross Origin Resource Sharing (CORS) enabled /token endpoint and exchanged for an access token and 24 hour refresh token, which can be used to silently obtain new access tokens.

To take advantage of the latest recommended authentication flow in browser-based applications, follow the quickstart or tutorial.


Windows Admin Center version 2007 offers a new version of the Active Directory tool Generally available

Windows Admin Center version 2007 has been announced generally available.

This release is pronounced as “twenty oh-seven” in regard to this year and month, and not in reference to the year 2007.

This release includes a new version, version 0.85.0, of the Active Directory tool based on all the feedback Microsoft received from User Voice! Some of the changes from the preview version include:

  • Search with more descriptive queries using PowerShell Expression Language syntax
  • Filter by object type or run range-based queries
  • Search for users with a password count over a certain threshold
  • More connected experience
  • Ability to unlock users

Go to Settings > Extensions to install it the new version of the Active Directory tool.



A newly designed Yammer, with a reimagined user experience for both web and mobile built with the Fluent Design System, is now loaded with new features and integrations that power communities, engagement and knowledge across Microsoft 365.

Yammer now supports external guests in communities, powered by Azure AD B2B, so that all communities can host live events and take advantage of Microsoft 365 compliance benefits. AzureAD  B2B also brings external communities to organizations using Yammer in the European Union.

Microsoft 365 Global Admins can configure access to the new Yammer through the Yammer admin portal. Admins can enable the toggle in the suite header and choose the default experience for their network: classic Yammer or the new Yammer.

Learn more.



Coming soon to Teams, a new feature in the Shifts scheduling module will make it easier for managers to create team schedules while alerting them to potential schedule conflicts. Task publishing, now in private preview, enables teams to delegate tasks to specific locations — such as a retail store — and track their progress through real-time reports.

For IT administrators, firstline worker and manager policy packages, now generally available, will streamline policy assignment with pre-defined settings tailored for their entire firstline workforce. Shifts audit logs are now generally available, providing IT admins a unified view and ability to search for Shifts activities such as clocking in or out and editing Shifts.

Learn more.



Dynamics 365 Fraud Protection, now available, adds two new capabilities: Account Protection and Loss Prevention.

  • Account Protection helps protect online revenue and reputation by counteracting fraudulent account access, fake account creation and account takeover, and by safeguarding user accounts from abuse and fraud.
  • Loss Prevention helps protect revenue by identifying potential fraud on returns and discounts arising from omni-channel purchases, enabling store managers and investigators to quickly take action to mitigate losses. Both capabilities were previously available via preview.

Learn more.



Double Key Encryption for Microsoft 365 allows organizations to protect the most confidential data while maintaining full control of the encryption key. It is new and is available in public preview today, July 21.

With Microsoft Information Protection, Microsoft has been helping organizations classify and protect their sensitive data that meets most of their data protection needs. However, in highly regulated industries such as financial services and healthcare, organizations have data that need the highest level of protection and even more control. This could include trade secrets, formulae, designs, code, and algorithms, etc. This capability provides greater depth for protecting data that might represent a small volume of the overall data but is nevertheless mission critical.

Double Key Encryption for Microsoft 365 protects data by encrypting it with two keys, one key in control  of the organization and the second key stored securely in Microsoft Azure. To view the data, one must have access to both keys. Since Microsoft can access only the key in Azure (with all the BYOK assurances), data is unavailable to Microsoft, ensuring enhanced data privacy and security.

Learn more.


AKS-managed Azure Active Directory support generally available

Azure Kubernetes Service (AKS)-managed Azure Active Directory (Azure AD) support is now generally available. This simplifies AKS integration with Azure AD. Organizations are no longer required to create client apps or service apps or require tenant owners to grant elevated permissions. AKS creates appropriate roles/role bindings with group memberships though delegated permissions to facilitate administration.

Learn more


Further Reading

Building better identity solutions with our partners at Microsoft Inspire
New Surface Hub OS update released for public preview
MSAL.js 2.0 is now generally available with support for authorization code flow
AKS-managed Azure Active Directory support is now generally available
Windows Admin Center version 2007 is now generally available!

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.