Microsoft’s contribution to the virtual 2021 RSA Conference between May 17, 2021 and May 20, 2021 was centered around the principle of Zero Trust. Certainly, announcements were made to fit the principals of Zero Trust from within Azure AD.
Azure AD features, announced at RSA 2021
Microsoft announced the following new Azure AD features:
GPS-based named locations Public Preview
Microsoft announced the GPS-based Named Locations functionality for Conditional Access at the 2021 RSA Conference. This feature follows Zero Trust’s Verify explicitly principle.
It enables organizations to require location services on mobile devices running Microsoft’s Authenticator app. The feature goes beyond location based on IP address ranges for countries to verify that people are within the geographic boundaries of a country to gain or restrict access.
Filters for devices condition Public Preview
Microsoft announced filters for devices for Conditional Access at the 2021 RSA Conference. Through a new rule builder using specific properties for devices like DisplayName, OperatingSystemVersion and TrustType, devices can be filtered to target policies granularly to some devices, or exclude certain devices from targeting.
Authentication Context Public Preview
Admins can now create Authentication Context to dynamically trigger a Conditional Access policy, when sensitive content in applications, services and/or systems is accessed. This extends Conditional Access’ functionality with step-up authentication requiring a compliant device, a GPS-based location or other controls.
One of the use cases that is already available today is to use Authentication Context in Conditional Access to apply to accessing a sensitive file, integrated with Cloud App Security and Microsoft Information Protection.
Azure AD login for Linux and Windows VMs in Azure Public PReview
Azure Infrastructure as a Service (IaaS) not supports Azure AD logins for RDP to Windows 10 and Windows Server 2019-based virtual machines. This feature also includes using Azure AD logins with SSH certificate-based authentication to SSH into Linux virtual machines.
This feature eliminates the need to create local accounts on these types of virtual machines, minimizing both the attack surface and management burden for managing local accounts.