What's New in Azure Active Directory for June 2021

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for June 2021:

 

What’s Planned

Context panes to display risk details in Identity Protection Reports

Service category: Identity Protection
Product capability: Identity Security and Protection

For the Risky users, Risky sign-ins, and Risk detections reports in Azure AD Identity Protection, the risk details of a selected entry will be shown in a context pane appearing from the right of the page starting July 2021. The change only impacts the user interface and won't affect any existing functionalities.

 

My* experiences: End of support for Internet Explorer 11

Service category: My Apps
Product capability: End User Experiences

Microsoft 365 and other apps are ending support for Internet Explorer 11 on August 21, 2021, and this includes the My* experiences. The My*s accessed via Internet Explorer won't receive bug fixes or any updates, which may lead to issues.

Note:
These dates are being driven by Microsoft's Edge team and may be subject to change.

 

Malware linked IP address detection in Identity Protection

Service category: Identity Protection
Product capability: Identity Security and Protection

Starting October 1, 2021, Azure AD Identity Protection will no longer generate the Malware linked IP address detection. No action is required and organizations will remain protected by the other detections provided by Identity Protection.

 

What’s New

Create Azure AD access reviews of Service Principals that are assigned to privileged roles Public Preview

Service category: Access Reviews
Product capability: Identity Governance

Admins can use Azure AD Access Reviews to review the access of service principals (SPs) to privileged Azure AD and Azure resource roles.

 

Group owners in Azure AD can create and manage Azure AD access reviews for their groups Public Preview

Service category: Access Reviews
Product capability: Identity Governance

Group owners in Azure AD can now create and manage Azure AD Access Reviews on their groups. This ability can be enabled by tenant administrators through Azure AD Access Review settings and is disabled by default.

 

Organizations can scope access reviews of privileged roles to just users with eligible or active access Public Preview

Service category: Access Reviews
Product capability: Identity Governance

When admins create Access Reviews of assignments to privileged roles, they can scope the reviews to only eligibly assigned users or only actively assigned users.

 

Microsoft Graph APIs for Mobility (MDM/MAM) management policies Public Preview

Service category: Other
Product capability: Device Lifecycle Management

Microsoft Graph support for the Mobility (MDM/MAM) configuration in Azure AD is in public preview. Admins can configure user scope and URLs for MDM applications like Intune using Microsoft Graph v1.0.

 

Custom questions in access package request flow in Azure Active Directory entitlement management Generally Available

Service category: User Access Management
Product capability: Entitlement Management

Azure AD entitlement management now supports the creation of custom questions in the access package request flow. This feature allows admins to configure custom questions in the access package policy. These questions are shown to requestors who can input their answers as part of the access request process. These answers will be displayed to approvers, giving them helpful information that empowers them to make better decisions on the access request.

 

Multi-geo SharePoint sites as resources in Entitlement Management Access Packages Generally Available

Service category: User Access Management
Product capability: Entitlement Management

Access packages in Entitlement Management now support multi-geo SharePoint sites for organizations who use the multi-geo capabilities in SharePoint Online.

 

Knowledge Admin and Knowledge Manager built-in roles Generally Available

Service category: Role-based Access Control (RBAC)
Product capability: Access Control

Two new roles, Knowledge Administrator and Knowledge Manager are now in general availability.

  • Users in the Knowledge Administrator role have full access to all Organizational knowledge settings in the Microsoft 365 admin center. They can create and manage content, like topics and acronyms. Additionally, these users can create content centers, monitor service health, and create service requests.
  • Users in the Knowledge Manager role can create and manage content and are primarily responsible for the quality and structure of knowledge. They have full rights to topic management actions to confirm a topic, approve edits, or delete a topic. This role can also manage taxonomies as part of the term store management tool and create content centers.

 

Cloud App Security Administrator built-in role Generally Available

Service category: Role-based Access Control (RBAC)
Product capability: Access Control

Users with the Cloud App Security Administrator role have full permissions in Cloud App Security. They can add administrators, add Microsoft Cloud App Security (MCAS) policies and settings, upload logs, and do governance actions.

 

Windows Update Deployment Administrator built-in role Generally Available

Service category: Role-based Access Control (RBAC)
Product capability: Access Control

Users in the Windows Update Deployment Administrator role can create and manage all aspects of Windows Update deployments through the Windows Update for Business deployment service. The deployment service enables users to define settings for when and how updates are deployed. Also, users can specify which updates are offered to groups of devices in their tenant. It also allows users to monitor the update progress.

 

Access Reviews MS Graph APIs now in v1.0 Generally Available

Service category: Access Reviews
Product capability: Identity Governance

Azure Active Directory access reviews MS Graph APIs are now in v1.0 support fully configurable Access Reviews features.

 

New provisioning connectors in the Azure AD Application Gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:

 

New Federated Apps available in Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In June 2021, Microsoft has added the following new applications in the Azure AD App gallery with Federation support:

 

What’s Changed

Device code flow now includes an app verification prompt

Service category: Authentications (Logins)
Product capability: User Authentication

The device code flow has been updated to include one extra user prompt. While signing in, the user will see a prompt asking them to validate the app they're signing into. The prompt ensures that they aren't subject to a phishing attack.

 

User last sign-in date and time is now available on Azure portal

Service category: User Management
Product capability: User Management

You can now view your users' last sign-in date and time stamp on the Azure portal. The information is available for each user on the user profile page. This information helps you identify inactive users and effectively manage risky events.

 

MIM BHOLD Suite impact of end of support for Microsoft Silverlight

Service category: Microsoft Identity Manager
Product capability: Identity Governance

Microsoft Silverlight will reach its end of support on October 12, 2021.

Users who haven't installed Microsoft Silverlight in their browser can't use the BHOLD Suite modules which require Silverlight. This includes the BHOLD Model Generator, BHOLD FIM Self-service integration, and BHOLD Analytics.

Organizations with an existing BHOLD deployment of one or more of those modules should plan to uninstall those modules from their BHOLD server computers by October 2021. Also, they should plan to uninstall Silverlight from any user computers that were previously interacting with that BHOLD deployment.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.