Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for June 2021:
What’s Planned
Context panes to display risk details in Identity Protection Reports
Service category: Identity Protection
Product capability: Identity Security and Protection
For the Risky users, Risky sign-ins, and Risk detections reports in Azure AD Identity Protection, the risk details of a selected entry will be shown in a context pane appearing from the right of the page starting July 2021. The change only impacts the user interface and won't affect any existing functionalities.
My* experiences: End of support for Internet Explorer 11
Service category: My Apps
Product capability: End User Experiences
Microsoft 365 and other apps are ending support for Internet Explorer 11 on August 21, 2021, and this includes the My* experiences. The My*s accessed via Internet Explorer won't receive bug fixes or any updates, which may lead to issues.
Note:
These dates are being driven by Microsoft's Edge team and may be subject to change.
Malware linked IP address detection in Identity Protection
Service category: Identity Protection
Product capability: Identity Security and Protection
Starting October 1, 2021, Azure AD Identity Protection will no longer generate the Malware linked IP address detection. No action is required and organizations will remain protected by the other detections provided by Identity Protection.
What’s New
Create Azure AD access reviews of Service Principals that are assigned to privileged roles Public Preview
Service category: Access Reviews
Product capability: Identity Governance
Admins can use Azure AD Access Reviews to review the access of service principals (SPs) to privileged Azure AD and Azure resource roles.
Group owners in Azure AD can create and manage Azure AD access reviews for their groups Public Preview
Service category: Access Reviews
Product capability: Identity Governance
Group owners in Azure AD can now create and manage Azure AD Access Reviews on their groups. This ability can be enabled by tenant administrators through Azure AD Access Review settings and is disabled by default.
Organizations can scope access reviews of privileged roles to just users with eligible or active access Public Preview
Service category: Access Reviews
Product capability: Identity Governance
When admins create Access Reviews of assignments to privileged roles, they can scope the reviews to only eligibly assigned users or only actively assigned users.
Microsoft Graph APIs for Mobility (MDM/MAM) management policies Public Preview
Service category: Other
Product capability: Device Lifecycle Management
Microsoft Graph support for the Mobility (MDM/MAM) configuration in Azure AD is in public preview. Admins can configure user scope and URLs for MDM applications like Intune using Microsoft Graph v1.0.
Custom questions in access package request flow in Azure Active Directory entitlement management Generally Available
Service category: User Access Management
Product capability: Entitlement Management
Azure AD entitlement management now supports the creation of custom questions in the access package request flow. This feature allows admins to configure custom questions in the access package policy. These questions are shown to requestors who can input their answers as part of the access request process. These answers will be displayed to approvers, giving them helpful information that empowers them to make better decisions on the access request.
Multi-geo SharePoint sites as resources in Entitlement Management Access Packages Generally Available
Service category: User Access Management
Product capability: Entitlement Management
Access packages in Entitlement Management now support multi-geo SharePoint sites for organizations who use the multi-geo capabilities in SharePoint Online.
Knowledge Admin and Knowledge Manager built-in roles Generally Available
Service category: Role-based Access Control (RBAC)
Product capability: Access Control
Two new roles, Knowledge Administrator and Knowledge Manager are now in general availability.
- Users in the Knowledge Administrator role have full access to all Organizational knowledge settings in the Microsoft 365 admin center. They can create and manage content, like topics and acronyms. Additionally, these users can create content centers, monitor service health, and create service requests.
- Users in the Knowledge Manager role can create and manage content and are primarily responsible for the quality and structure of knowledge. They have full rights to topic management actions to confirm a topic, approve edits, or delete a topic. This role can also manage taxonomies as part of the term store management tool and create content centers.
Cloud App Security Administrator built-in role Generally Available
Service category: Role-based Access Control (RBAC)
Product capability: Access Control
Users with the Cloud App Security Administrator role have full permissions in Cloud App Security. They can add administrators, add Microsoft Cloud App Security (MCAS) policies and settings, upload logs, and do governance actions.
Windows Update Deployment Administrator built-in role Generally Available
Service category: Role-based Access Control (RBAC)
Product capability: Access Control
Users in the Windows Update Deployment Administrator role can create and manage all aspects of Windows Update deployments through the Windows Update for Business deployment service. The deployment service enables users to define settings for when and how updates are deployed. Also, users can specify which updates are offered to groups of devices in their tenant. It also allows users to monitor the update progress.
Access Reviews MS Graph APIs now in v1.0 Generally Available
Service category: Access Reviews
Product capability: Identity Governance
Azure Active Directory access reviews MS Graph APIs are now in v1.0 support fully configurable Access Reviews features.
New provisioning connectors in the Azure AD Application Gallery
Service category: App Provisioning
Product capability: 3rd Party Integration
Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:
- askSpoke
- Cloud Academy – SSO
- CheckProof
- GoLinks
- Holmes Cloud
- H5mag
- LimbleCMMS
- LogMeIn
- SECURE DELIVER
- Sigma Computing
- Smallstep SSH
- Tribeloo
- Twingate
New Federated Apps available in Azure AD Application gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In June 2021, Microsoft has added the following new applications in the Azure AD App gallery with Federation support:
- Taksel
- IDrive360
- VIDA
- ProProfs Classroom
- WAN-Sign
- Citrix Cloud SAML SSO
- Fabric
- DssAD
- RICOH Creative Collaboration RICC
- Styleflow
- Chaos
- Traced Connector
- Squarespace
- MX3 Diagnostics Connector
- Ten Spot
- Finvari
- Mobile4ERP
- WalkMe US OpenID Connect
- Neustar UltraDNS
- cloudtamer.io
- A Cloud Guru
- PetroVue
- Postman
- ReadCube Papers
- Peklostroj
- SynCloud
- Polymerhq.io
- Bonos
- Astra Schedule
- Draup, Inc
- Applied Mental Health
- iHASCO Training
- Nexsure
- XEOX
- Plandisc
- foundU
- Standard for Success Accreditation
- Penji Teams
- CheckPoint Infinity Portal
- Teamgo
- Hopsworks.ai
- HoloMeeting 2
What’s Changed
Device code flow now includes an app verification prompt
Service category: Authentications (Logins)
Product capability: User Authentication
The device code flow has been updated to include one extra user prompt. While signing in, the user will see a prompt asking them to validate the app they're signing into. The prompt ensures that they aren't subject to a phishing attack.
User last sign-in date and time is now available on Azure portal
Service category: User Management
Product capability: User Management
You can now view your users' last sign-in date and time stamp on the Azure portal. The information is available for each user on the user profile page. This information helps you identify inactive users and effectively manage risky events.
MIM BHOLD Suite impact of end of support for Microsoft Silverlight
Service category: Microsoft Identity Manager
Product capability: Identity Governance
Microsoft Silverlight will reach its end of support on October 12, 2021.
Users who haven't installed Microsoft Silverlight in their browser can't use the BHOLD Suite modules which require Silverlight. This includes the BHOLD Model Generator, BHOLD FIM Self-service integration, and BHOLD Analytics.
Organizations with an existing BHOLD deployment of one or more of those modules should plan to uninstall those modules from their BHOLD server computers by October 2021. Also, they should plan to uninstall Silverlight from any user computers that were previously interacting with that BHOLD deployment.
Login