What's New in Azure Active Directory for August 2021

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for August 2021:

What's New

Azure AD single Sign on and device-based Conditional Access support in Firefox on Windows 10 Public Preview

Service category: Authentications (Logins)
Product capability: Single Sign-on (SSO)

Microsoft now supports native single sign-on (SSO) support and device-based Conditional Access to the Firefox browser on Windows 10 and Windows Server 2019. Support is available in Firefox version 91.

Beta MS Graph API for Azure AD access reviews returns list of contacted reviewer names Public Preview

Service category: Access Reviews
Product capability: Identity Governance

Microsoft has released the beta MS Graph API for Azure AD access reviews. The API has methods to return a list of contacted reviewer names in addition to the reviewer type.

"Register or join devices" user action in Conditional Access Generally available

Service category: Conditional Access
Product capability: Identity Security & Protection

The Register or join devices user action allows admins to control multi-factor authentication (MFA) policies for Azure Active Directory (AD) device registration.

Currently, this user action only allows admins to enable MFA as a control when users register or join devices to Azure AD. Other controls that are dependent on or not applicable to Azure AD device registration continue to be disabled with this user action.

Organizations can scope reviews of privileged roles to eligible or permanent assignments Generally available

Service category: Access Reviews
Product capability: Identity Governance

Admins can now create access reviews of only permanent or eligible assignments to privileged Azure AD or Azure resource roles.

Assign roles to Azure Active Directory (AD) groups Generally available

Service category: Role-based Access Control (RBAC)
Product capability: Access Control

Assigning roles to Azure AD groups can simplify the management of role assignments in Azure AD for accounts with the Global Administrator and Privileged Role Administrator roles.

New Federated Apps available in Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In August 2021, Microsoft has added following 46 new applications in the Azure AD App gallery with Federation support:

New provisioning connectors in the Azure AD Application

Service category: App Provisioning
Product capability: 3rd Party Integration

Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:

  1. Chatwork
  2. Freshservice
  3. InviteDesk
  4. Maptician

What's Changed

Multi-factor (MFA) fraud report – new audit event

ervice category: Multi-factor Authentication (MFA)
Product capability: Identity Security & Protection

To help admins understand that their users are blocked for Multi-factor Authentication (MFA) as a result of fraud report, Microsoft has added a new audit event. This audit event is tracked when the user reports fraud. The audit log is available in addition to the existing information in the sign-in logs about fraud report.

Improved Low-Risk Detections

Service category: Identity Protection
Product capability: Identity Security & Protection

To improve the quality of low risk alerts that Identity Protection issues, Microsoft has modified the algorithm to issue fewer low risk Risky Sign-Ins. Organizations may see a significant reduction in low risk sign-in in their environment.

Non-interactive risky sign-ins

Service category: Identity Protection
Product capability: Identity Security & Protection

Identity Protection now emits risky sign-ins on non-interactive sign-ins. Admins can find these risky sign-ins using the sign-in type filter in the risky sign-ins report.

Change from User Administrator to Identity Governance Administrator in Entitlement Management

Service category: Roles
Product capability: Identity Governance

The permissions assignments to manage access packages and other resources in Entitlement Management are moving from the User Administrator role to the Identity Governance administrator role.

Users that have been assigned the User administrator role can longer create catalogs or manage access packages in a catalog they don't own. If users in the organization have been assigned the User administrator role to configure catalogs, access packages, or policies in entitlement management, they will need a new assignment. Admins should instead assign these users the Identity Governance administrator role.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.