What's New in Azure Active Directory for April 2021

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for April 2021:

What’s Planned

Users can only create security and Microsoft 365 groups in Azure portal being deprecated

Service category: Group Management
Product capability: Directory

People in your organization will no longer be limited to create security and Microsoft 365 groups only in the Azure portal. The new setting will allow people to create security groups in the Azure portal, PowerShell, and API. Organizations will be required to verify and update the new setting.

What’s New

External Identities Self-Service Sign Up General availability

Service category: Business to business collaboration (B2B)
Product capability: B2B/B2C

Self-service sign-up for external users is now generally available. With this new feature, external users can now self-service sign up to an application.

Organizations can create customized experiences for these external users, including collecting information during the registration process and allowing external identity providers like Facebook and Google. Organizations can also integrate with third-party cloud providers for various functionalities like identity verification or approval of users.

Azure AD B2C Phone Sign-up and Sign-in using Built-in Policy General availability

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

B2C Phone Sign-up and Sign-in using a built-in policy enable administrators and developers of organizations to allow their end-users to sign in and sign-up using a phone number in user flows. With this feature, disclaimer links such as privacy policy and terms of use can be customized and shown on the page before the end-user proceeds to receive the one-time passcode via text message.

External Identities Self-Service Sign-up in AAD using Email One-Time Passcode accounts Public Preview

Service category: Business to business collaboration (B2B)
Product capability: B2B/B2C

External users can now use Email One-Time Passcode accounts to sign up or sign in to Azure AD 1st party and line-of-business applications.

New Federated Apps available in Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In April 2021, Microsoft added the following new applications in the Azure AD App gallery with Federation support

New provisioning connectors in the Azure AD Application Gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:

What’s Changed

Introducing new versions of page layouts for B2C

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

The page layouts for B2C scenarios on the Azure AD B2C has been updated to reduce security risks by introducing the new versions of jQuery and Handlebars JS.

Updates to Sign-in Diagnostic

Service category: Reporting
Product capability: Monitoring & Reporting

The scenario coverage of the Sign-in Diagnostic tool has increased. With this update, the following event-related scenarios will now be included in the sign-in diagnosis results:

  • Enterprise Applications configuration problem events
  • Enterprise Applications service provider (application-side) events
  • Incorrect credentials events

These results show contextual and relevant details about the event and actions to take to resolve these problems. Also, for scenarios where Microsoft doesn't offer deep contextual diagnostics, Sign-in Diagnostic will present more descriptive content about the error event.

What’s Fixed

Azure AD will no longer double-encode the state parameter in responses

Service category: Authentications
Product capability: User Authentication

Azure AD has identified, tested, and released a fix for a bug in the /authorize response to a client application. Azure AD was incorrectly URL encoding the state parameter twice when sending responses back to the client. This can cause a client application to reject the request, due to a mismatch in state parameters.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.