What’s New in Azure Active Directory in August 2020

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for August 2020:

What’s Planned

Updates to Azure Multi-Factor Authentication Server firewall requirements

Service category: Multi-Factor Authentication (MFA)
Product capability: Identity Security & Protection

Starting October 1st, 2020, Azure MFA Server firewall requirements will require additional IP ranges.

If you have outbound firewall rules in your organization, update the rules so that your MFA servers can communicate with all the necessary IP ranges. The IP ranges are documented in Azure Multi-Factor Authentication Server firewall requirements.

Upcoming changes to user experience in Identity Secure Score

Service category: Identity Protection
Product capability: Identity Security & Protection

Microsoft is updating the Identity Secure Score portal to align with the changes introduced in Microsoft Secure Score’s new release.

The preview version with the changes will be available at the beginning of September. The changes in the preview version include:

  • “Identity Secure Score” renamed to “Secure Score for Identity” for brand alignment with Microsoft Secure Score
  • Points normalized to standard scale and reported in percentages instead of points

In this preview, admins can toggle between the existing experience and the new experience. This preview will last until the end of November 2020. After the preview, admins will automatically be directed to the new experience.

What’s New

New Restricted Guest Access Permissions in Azure AD Public Preview

Service category: Access Control
Product capability: User Management

Microsoft has updated the directory level permissions for guest users.

These permissions allow administrators to require additional restrictions and controls on external guest user access. Admins can now add additional restrictions for external guests' access to user and groups' profile and membership information. With this public preview feature, organizations can manage external user access at scale by obfuscating group memberships, including restricting guest users from seeing memberships of the group(s) they are in.

delta queries for service principals and OAuth2PermissionGrant General Availability

Service category: MS Graph
Product capability: Developer Experience

Microsoft Graph Delta Query now supports the Service Principal and OAuth2PermissionGrant resource type in v1.0.

Now organizations can programmatically track changes to these resources efficiently and provides the best solution to synchronize changes to those resources with a local data store.

New Federated Apps available in Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In August 2020, Microsoft has added the following new applications in the App gallery with Federation support:

Resource Forests for Azure AD Domain Services General Availability

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

The capability of resource forests in Azure AD Domain Services is now generally available. Organizations can now enable authorization without Password Hash Synchronization (PHS) to use Azure AD Domain Services, including smart-card authorization.

Regional replica support for Azure AD DS managed domains General Availability

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Admins can expand a managed domain to have more than one replica set per Azure AD tenant. Replica sets can be added to any peered virtual network in any Azure region that supports Azure AD Domain Services. Additional replica sets in different Azure regions provide geographical disaster recovery for legacy applications if an Azure region goes offline.

Azure AD My Sign-Ins General Availability

Service category: Authentications (Logins)
Product capability: End User Experiences

Azure AD My Sign-Ins is a new feature that allows enterprise users to review their sign-in history to check for any unusual activity. Additionally, this feature allows end-users to report “This wasn’t me” or “This was me” on suspicious activities.

SAP SuccessFactors HR driven user provisioning to Azure AD General Availability

Service category: App Provisioning
Product capability: Identity Lifecycle Management

Organizations can now integrate SAP SuccessFactors as the authoritative identity source with Azure AD and automate the end-to-end identity lifecycle using HR events like new hires and terminations to drive provisioning and de-provisioning of accounts in Azure AD.

Custom Open ID Connect MS Graph API support for Azure AD B2C

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

Previously, Custom Open ID Connect providers could only be added or managed through the Azure portal. Now the Azure AD B2C customers can add and manage them through Microsoft Graph APIs beta version as well.

Assign Azure AD built-in roles to cloud groups Public Preview

Type: New feature
Service category: Azure AD roles
Product capability: Access Control

Organizations can now assign Azure AD built-in roles to cloud groups with this new feature. For example, the SharePoint Administrator role can be assigned to the Contoso_SharePoint_Admins group. Organizations can also leverage their investments in Azure AD Privileged Identity Management (PIM) to make the group an eligible member of the role, instead of granting standing access.

Insights Business Leader and Insights Administrator built-in roles now available

Service category: Azure AD roles
Product capability: Access Control

Microsoft introduces two new built-in roles:

  1. Insights Business Leader
    Users in the Insights Business Leader role can access a set of dashboards and insights via the M365 Insights application. This includes full access to all dashboards and presented insights and data exploration functionality. However, users in this role don't have access to product configuration settings, which is the responsibility of the Insights Administrator role.
  2. Insights Administrator
    Users in the Insights Administrator role can access the full set of administrative capabilities in the M365 Insights application. A user in this role can read directory information, monitor service health, file support tickets, and access the Insights administrator settings aspects.

What’s Changed

Application Admin and Cloud Application Admin can manage extension properties of applications

Service category: Azure AD roles
Product capability: Access Control

Previously, only the Global Administrator could manage the extension property. Microsoft has now enabled this capability for the Application Administrator and Cloud Application Administrator as well.

MIM 2016 SP2 hotfix 4.6.263.0 and connectors 1.1.1301.0

Service category: Microsoft Identity Manager
Product capability: Identity Lifecycle Management

A hotfix rollup package (build 4.6.263.0) is available for Microsoft Identity Manager (MIM) 2016 Service Pack 2 (SP2). This rollup package contains updates for the MIM CM, MIM Synchronization Manager, and PAM components. In addition, the MIM generic connectors build 1.1.1301.0 includes updates for the Graph connector.

One Response to What’s New in Azure Active Directory in August 2020

  1.  

    Nice informative blog. Got to know all the upcoming updates. Thanks

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.