Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for March 2021:
What’s Planned
Guidance on how to enable support for TLS 1.2 in preparation for upcoming Azure AD TLS 1.0/1.1 deprecation
Service category: N/A
Product capability: Standards
Azure Active Directory will deprecate the following protocols in Azure Active Directory worldwide regions starting June 30, 2021:
- TLS 1.0
- TLS 1.1
- 3DES cipher suite (TLS_RSA_WITH_3DES_EDE_CBC_SHA)
What’s New
Staged rollout to cloud authentication General Availability
Service category: AD Connect
Product capability: User Authentication
Staged rollout to cloud authentication is now generally available. The staged rollout feature allows organizations to selectively test groups of users with cloud authentication methods, such as Passthrough Authentication (PTA) or Password Hash Sync (PHS). Meanwhile, all other user objects in the federated domains continue to use federation services, such as AD FS or any other federation service to authenticate.
User Type attribute can now be updated in the Azure admin portal General Availability
Service category: User Experience and Management
Product capability: User Management
Organizations can now update the user type of Azure AD user objects when admins update user profile information from the Azure admin portal. The user type can be updated from Microsoft Graph also.
Replica Sets for Azure Active Directory Domain Services General Availability
Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services
The capability of replica sets in Azure AD DS is now generally available.
Collaborate with partners using Email One-Time Passcode in the Azure Government cloud General Availability
Service category: B2B
Product capability: B2B/B2C
Organizations in the Microsoft Azure Government cloud can now enable their guests to redeem invitations with Email One-Time Passcode (OTP). This ensures that any guest users with no Azure AD, Microsoft, or Gmail accounts in the Azure Government cloud can still collaborate with their partners by requesting and entering a temporary code to sign in to shared resources.
Header-based authentication SSO with Application Proxy General Availability
Service category: App Proxy
Product capability: Access Control
Azure AD Application Proxy native support for header-based authentication is now in general availability. With this feature, admins can configure the user attributes required as HTTP headers for applications without needing to deploy additional components.
Azure AD Entitlement management now supports multi-geo SharePoint Online Public Preview
Service category: Other
Product capability: Entitlement Management
For organizations using multi-geo SharePoint Online, admins can now include sites from specific multi-geo environments to Entitlement management access packages.
Restore deleted apps from App registrations Public Preview
Service category: Other
Product capability: Developer Experience
Admins can now view, restore, and permanently remove deleted app registrations from the Azure portal. This applies only to applications associated to a directory, not applications from a personal Microsoft account.
New "User action" in Conditional Access for registering or joining devices Public Preview
Service category: Conditional Access
Product capability: Identity Security & Protection
A Register or join devices user action in Conditional access is available. This user action allows organizations to control Multi-factor authentication (MFA) policies for Azure AD device registration.
Currently, this user action only allows organizations to enable MFA as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration are disabled with this user action.
Optimize connector groups to use the closest Application Proxy cloud service Public Preview
Service category: App Proxy
Product capability: Access Control
With this new capability, connector groups can be assigned to the closest regional Azure AD Application Proxy service an application is hosted in. This can improve app performance in scenarios where apps are hosted in regions other than the home tenant’s region.
External Identities Self-Service Sign-up in AAD using Email One-Time Passcode accounts Public Preview
Service category: B2B
Product capability: B2B/B2C
External users will now be able to use Email One-Time Passcode (OTP) accounts to sign up in to Azure AD 1st party and Line-of-Business (LoB) apps.
Availability of AD FS Sign-Ins in Azure AD Public Preview
Service category: Authentications (Logins)
Product capability: Monitoring & Reporting
AD FS sign-in activity can now be integrated with Azure AD activity reporting, providing a unified view of hybrid identity infrastructure. Using the Azure AD Sign-Ins report, Log Analytics, and Azure Monitor Workbooks, it's possible to perform in-depth analysis for both Azure AD and AD FS sign-in scenarios such as AD FS account lockouts, bad password attempts, and spikes of unexpected sign-in attempts.
New Federated Apps available in Azure AD Application gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In March 2021 Microsoft has added the following new applications in the Azure AD App gallery with Federation support:
- Bambuser Live Video Shopping
- DeepDyve Inc
- Moqups
- RICOH Spaces Mobile
- Flipgrid
- hCaptcha Enterprise
- SchoolStream ASA
- TransPerfect GlobalLink Dashboard
- SimplificaCI
- Thrive LXP
- Lexonis TalentScape
- Exium
- Sapient
- TrueChoice
- RICOH Spaces
- Saba Cloud
- Acunetix 360
- Exceed.ai
- GitHub Enterprise Managed User
- Enterprise Vault.cloud for Outlook
- Smartlook
- Accenture Academy
- Onshape
- Tradeshift
- JuriBlox
- SecurityStudio
- ClicData
- Evergreen
- Patchdeck
- FAX.PLUS
- ValidSign
- AWS Single Sign-on
- Nura Space
- Broadcom DX SaaS
- Interplay Learning
- SendPro Enterprise
- FortiSASE SIA
New provisioning connectors in the Azure AD Application Gallery
Service category: App Provisioning
Product capability: 3rd Party Integration
Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:
- AWS Single Sign-on
- Bpanda
- Britive
- GitHub Enterprise Managed User
- Grammarly
- LogicGate
- SecureLogin
- TravelPerk
What’s Changed
Introducing MS Graph API for Company Branding
Service category: MS Graph
Product capability: B2B/B2C
MS Graph API management for the Company Branding is available for the Azure AD or Microsoft 365 login experience to allow the management of the branding parameters programmatically.
What’s Deprecated
Two-way SMS for MFA Server is no longer supported
Service category: MFA Server
Product capability: Identity Security & Protection
Two-way SMS for MFA Server was originally deprecated in 2018, and will not be supported after February 24, 2021. Administrators should enable another method for users who still use two-way SMS.
I wonder if Adding "Register or join devices user action in Conditional access" is because they will remove the choice to require MFA for joining a device in the Devices > Device Settings some time in the future.