A Recap of Identity-related Announcements from Microsoft Ignite 2020

Microsoft Ignite 2020

Microsoft organized Ignite 2020 as a free digital event between Tuesday September 22nd and Thursday September 24th.

Ignite is Microsoft’s yearly event for IT Professionals and developers. At Microsoft Ignite they connect with IT leaders from around the world. They hear from industry thought-leaders on the changing landscape of IT, they find new technology partners and they see how others are transforming businesses. Ignite is a one-of-a-kind experience designed to fuel business, connections, and the future forward.

During Microsoft Ignite 2020, Microsoft made the following Identity-related announcements:

Header-based authentication in Azure AD Application Proxy Coming Soon

The Azure AD Application Proxy currently provides access to on-premises web application through SAML-based, Integrated Windows or password-based authentication, or through a link in the Azure AD Access Panel or Office 365 App launcher.

Header-based authentication in Azure AD Application Proxy enables organizations to move header-based authentication apps from legacy on-premises authentication systems, and natively connect them to Azure AD.

This Azure AD App Proxy feature will be available in Public Preview by November 2020.

New Partners for Secure Hybrid Access

Next to Akamai, Citrix, F5 and ZScaler, the following organizations will provide secure hybrid access:

  • Cisco
  • Fortinet
  • Kemp
  • PaloAlto
  • Strata

These integrations enable secure single sign-on for legacy applications that require Integrated Windows Authentication, header-based, LDAP, SSH and non-HTTP authorization.

Single Sign-on for Apple iOS Public Preview

The Microsoft Enterprise SSO plug-in for Apple devices provides single sign-on (SSO) for Azure AD accounts across all applications that support Apple's Enterprise Single Sign-On feature. Microsoft worked closely with Apple to develop this plug-in to increase your application's usability while providing the best protection that Apple and Microsoft can provide.

In this Public Preview release, available since September 15th, 2020, the Enterprise SSO plug-in is available only for iOS devices and is distributed in certain Microsoft applications.

The Microsoft Enterprise SSO plug-in for Apple devices offers the following benefits:

  • Provides SSO for Azure AD accounts across all applications that support Apple's Enterprise Single Sign-On feature.
  • Delivered automatically in the Microsoft Authenticator and can be enabled by any mobile device management (MDM) solution.


Deep app integrations for user lifecycle

Organizations that adopt popular SaaS applications will get new capabilities to simplify user lifecycle management thanks to the deep integrations between Azure AD and leading SaaS apps. Here are two new integrations:

  • With ServiceNow’s upcoming Paris Release (September 2020 platform update), IT and hiring managers can automatically provision application access for new hires through Azure AD, increasing productivity for new hires and support teams. This integration automates the whole onboarding workflow from case creation in ServiceNow HR Service Delivery, to role assignment by hiring manager, and application provisioning by IT based on the new hire’s role. This integration is Generally Available on September 16th, 2020.
  • Adobe has announced app provisioning integration with Azure AD based on the SCIM standard for its core Adobe Identity Management platform across Adobe Creative Cloud, Adobe Document Cloud and Adobe Experience Cloud. This includes an updated Adobe admin experience based on insights from Microsoft IT. This integration will be in a Private Preview by the end of September 2020 and publicly available for Azure AD and Adobe customers by December 2020.

Organizations can leverage these new features within the app administration consoles.

Conditional Access APIs General Availability

Conditional Access is a policy engine in Azure Active Directory that helps organizations set granular adaptive access controls for the right balance of security and productivity. The new capabilities will protect users more comprehensively and at scale, with new insights, automation, and at lower total cost of ownership.

Quickly enabling remote work while keeping company data safe presents new challenges in identity and access management and amplifies the old challenges. Organizations need to be able to deploy access policies quickly and at scale and be confident in their coverage.

Conditional Access APIs in Microsoft Graph allow administrators to manage all aspects of Conditional Access policies as code, achieving greater scale and automation.

To get going with the Conditional Access APIs, take a look at aka.ms/AzureAD_CA_APIs.

Conditional Access Insights General Availability

Conditional Access Insights and recommendations for enforced Conditional Access policy are now available in the Azure AD advisor tool to help administrators understand the gap in policy coverage and troubleshoot issues.

Unified pricing and security features for External Identities Public Preview

As shared by Alex Simons in the September 1st blogpost on ‘Azure Active Directory External Identities goes premium with advanced security for B2C’, you can now use Conditional Access policies for Azure AD B2C and Identity Protection for Azure AD B2C.

Additionally, an update was shred to the pricing that makes all Azure AD External Identities features more predictable and affordable with support for premium security features, like Conditional Access and (dynamic) group memberships.

Whether an organization uses Azure AD B2C, B2B collaboration or the new self-service sign-up features in Azure AD, securing and managing external users is more affordable than ever, with the first 50,000 monthly active users (MAU) free at both the Premium P1 and Premium P2 tiers.

Decentralized Identity and Verifiable Credentials Pilot

Microsoft is partnering with the MilGears program for the U.S. Department of Defense and Trident University on a Decentralized Identity pilot, using verifiable credentials. MilGears helps service members plan for their next career steps by highlighting future possibilities and helping them visualize how to reach those goals.

Verifiable credentials are digital cards that prove information about people, organizations and things, based on a new identity open standard. By using verifiable credentials in this program, we are making it faster and easier for military veterans and retiring service members to enroll in higher education and jump-start their civilian careers.

Service members in this pilot program can now have a verified service record and transcript of completed courses in a digital wallet on their phone. They can share this record directly with a university or employer. Universities can validate personal information from service members in seconds without the burden of storing records or other sensitive data. It helps protect privacy for the individual and saves time and resources for organizations.

These new capabilities seamlessly integrate with the existing identity systems. To enable this new type of credential verification, DoD MilGears creates a digital transcript using verifiable credentials. When service members log into their account, they can scan a QR code with the Microsoft Authenticator app, accept the credential and add it as a card in their app.

The credential is now owned by the individual and can be stored locally on the device and shared with a university (for right now, Trident University) or an employer.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.