Another Microsoft Ignite event comes to a close. Microsoft’s latest Ignite event was organized as a free digital event between Tuesday March 2nd and Thursday March 4th, 2021, labeled the 2021 Spring Edition.
During Microsoft Ignite 2021 Spring Edition, Microsoft made the following Identity-related announcements, next to the announcements on their monthly recurring release notes for Azure AD:
Passwordless Authentication General Availability
Passwordless authentication in Azure AD is now generally available. People at organizations that activate passwordless authentication will no longer need to use passwords to sign into the network. Instead, they can sign in with a look or tap using Windows Hello for Business, Microsoft Authenticator app or compatible FIDO2 security keys.
Azure AD also now enables configuration of policies for different users, groups and types of credentials, and provides reporting and APIs.
Header-based authentication in Azure AD Application Proxy General Availability
General availability of support for header-based authentication in Azure AD Application Proxy enable organizations to move header-based authentication apps from systems like SiteMinder and Oracle Access Manager, and natively connect them to Azure AD. This enables organizations to apply consistent Conditional Access policies to all apps, allowing remote workers to connect more securely.
AWS Single Sign-on in the App Gallery General Availability
AWS Single Sign-On (SSO), a cloud-based service that simplifies SSO access across multiple Amazon Web Services (AWS) accounts and resources, is now pre-integrated in the Azure Active Directory (Azure AD) app gallery.
Organizations can now quickly configure single sign-on and user provisioning to AWS SSO using the Azure AD App Gallery. People in the organization can then sign into AWS SSO using their Azure AD credentials to access all their assigned AWS resources.
Azure AD External Identities Coming Soon
Azure AD External Identities is a set of capabilities that enable organizations to secure and manage access for customers and partners. Azure AD External Identities will be generally available beginning this month.
Organizations can protect their business to business (B2B) and business to consumer (B2C) apps and users with adaptive, machine learning-driven security with Azure AD Identity Protection, plus flexible low-code/no-code customization and controls over the user experience.
Application Template API Coming Soon
The Application Template API will be generally available this month. The Application Template API in Microsoft Graph allows admins and developers to programmatically manage applications in the Azure AD app gallery. This API allows admins and developers to list, search, update or create applications in the Azure AD app gallery via an API.
Admin Consent Workflow Coming Soon
The Admin Consent Workflow will be generally available this month. The Admin Consent Workflow gives admins a secure way to grant access to applications for users who require approval. When users try to access an application that requires admin consent, they can now send a request to admins during the sign-in flow.
AD Federation Services (AD FS) activity and insights report Coming Soon
The AD Federation Services (FS) activity and insights report, available in the Azure portal, lets admins quickly identify which applications are capable of being upgraded to Azure AD. It assesses all AD FS applications for compatibility with Azure AD, checks for any issues and provides guidance on preparing individual applications for migration to Azure AD.
New secure hybrid access integrations Coming Soon
Several new secure hybrid access integrations enable admins to connect and protect their legacy applications, such as non-HTTP, LDAP and SSH apps, to Azure AD. Expanded partnerships include Silverfort, Datawiza, Perimeter 81 and Strata.
These integrations help organizations to unify their identity management with Azure Active Directory (Azure AD), which can reduce costs of managing multiple identity providers, strengthen security and provide people with seamless access to all apps.
Temporary Access Pass Public Preview
Temporary Access Pass, a time-limited code used for setup and recovery of a passwordless credential, has been released to public preview. With Temporary Access Pass, new people in your organization receive a one-time password to log in and register their account and then register a passwordless credential, such as the Authenticator app, to use going forward. Temporary Access Pass can also be used to replace a lost credential or recover an account.
Azure AD App Proxy Geo Routing Public Preview
Azure AD App Proxy Geo Routing is now available in public preview. This feature allows organizations to designate which region their Azure AD App Proxy service connector group should use so that they can choose the same region their application is in with the service connector, improving performance and reducing the latency to the App Proxy service.
Azure Key Vault Managed HSM Public Preview
Azure Key Vault Managed Hardware Security Module (HSM) offers a fully managed, highly available, single-tenant key management service with FIPS 140-2 Level 3 validated hardware security modules (HSMs).
Cosmos DB Role-based Access Control Public Preview
Role-based Access Control (RBAC) for Cosmos DB provides organizations with enhanced security for data in Azure. The introduction of RBAC to Cosmos DB with Azure Active Directory (Azure AD) integration enables organizations to assign roles to users and applications, which provides a granular, well-defined way to control data access from users and applications. Organizations can determine the identity used to perform a database operation by retrieving the information in diagnostic logs.
Azure AD verifiable credentials Coming Soon
Azure AD verifiable credentials will be available in public preview in April 2021. This capability enables organizations to issue digital claims about identity attributes based on open standards. Individuals can manage credentials in the Microsoft Authenticator app and developers will be able to request and verify credentials via an application software development kit (SDK).
Conditional Access authentication context Coming Soon
Azure AD Conditional Access Authentication Context is coming soon to public preview. Azure AD Conditional Access enables organizations to configure and fine-tune their access policies with factors such as user, device, location and real-time risk information to control what a specific user can access, as well as when and how they can access it.
By enabling more granular security at the app level, authentication context lets organizations move away from one-size-fits-all controls and adopt more balanced policies that appropriately protect important information without unduly restricting access to less-sensitive content.