A Recap of Identity-related Announcements from Microsoft Build 2021

Reading Time: 2 minutes

Another Microsoft Build event comes to a close. Microsoft organized Microsoft Build as a free digital event between Tuesday May 25th 5 PM CEST and Thursday May 27th 5 PM CEST.

Microsoft Build is Microsoft’s annual conference event, aimed at software engineers and web developers using Windows, Microsoft Azure and other Microsoft technologies. First held in 2011, it serves as a successor for Microsoft's previous developer events, the Professional Developers Conference (PDC) and MIX.

During Build 2021, Microsoft made the following Identity-related announcements:

Continuous Access Evaluation in Microsoft Graph Public Preview

Continuous Access Evaluation (CAE), an authentication feature in Azure Active Directory (Azure AD), is now in Microsoft Graph in preview. Developers can update and test apps that use Microsoft Graph APIs to make their apps more secure. Using Microsoft Graph APIs with CAE support, apps are more resilient due to the optimizations for token lifetime and token refresh.

Instead of waiting for the access token expiration, commonly set at 60 minutes, CAE in Azure AD reevaluates active user sessions in real time and can revoke access to protected resources in response to events such as device loss, user password changes or disabling of the user’s account. CAE can also be used to stop a user from accessing secured resources when they change location.

Azure AD Access Reviews for Service Principals

In Azure AD, a service principal is typically created for an app or code that needs to access or modify resources that can only be facilitated through an identity with the necessary permissions. As organizations move more apps to the cloud and procure third-party software as a service (SaaS) apps, these service principals are assigned privileged roles, which often go ungoverned.

Now, with Azure AD Access Reviews and Privileged Identity Management (PIM), organizations can periodically review the assignments of privileged roles to service principals in the tenant.

This way, Azure AD Access Reviews enable periodic reviews of service principals and apps assigned to directory roles, as well as roles in Azure subscriptions. This capability helps organizations ensure that their services and apps, just like their employees, are abiding by established least-privilege policies, helping reduce the damage caused by an attack.

Azure Cosmos DB role-based access control (RBAC) Generally Available

Azure Cosmos DB RBAC with Azure AD integration for the Core (SQL) API enables organizations to have enhanced control over data security.

Account administrators can set up clearly defined rules about what each identity is able to do within the database, and then apply the roles to Azure AD profiles to determine access level. For example, an IoT device could enter data, but it would not have the ability to read, change or update data.

Microsoft Identity App Sync Public Preview

Microsoft Identity App Sync, a new command line tool in Visual Studio 2019.10, simplifies the developer experience for registering and configuring ASP.NET Core apps.

Using Identity App Sync, developers can register an app and have code changes made locally with only a few commands. The tool can also be used to update code from an existing Azure AD or Azure AD Business to Consumer (B2C) app.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.