What's New in Azure Active Directory for November 2021

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2021:

  

What’s planned

Tenant enablement of combined security information registration for Azure Active Directory

Service category: Multi-factor authentication (MFA)
Product capability: Identity Security & Protection

Microsoft previously announced in April 2020 a new combined registration experience enabling users to register authentication methods for self-service password reset (SSPR) and multi-factor authentication (MFA) at the same time was generally available for existing customer to opt-in. Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting 2022, Microsoft will be enabling the MFA/SSPR combined registration experience for organizations using existing tenants pre-dating August 2020.

  

What’s New

Conditional Access Overview Dashboard Public Preview

Service category: Conditional Access
Product capability: Monitoring & Reporting

The new Conditional Access overview dashboard enables all tenants to see insights about the impact of their Conditional Access policies without requiring an Azure Monitor subscription. This built-in dashboard provides tutorials to deploy policies, a summary of the policies in the tenant, a snapshot of policy coverage, and security recommendations.

  

SPR writeback is now available using Azure AD Connect cloud sync Public Preview

Type: New feature
Service category: Azure AD Connect Cloud Sync
Product capability: Identity Lifecycle Management

The Public Preview feature for Azure AD Connect Cloud Sync Password writeback provides organizations the capability to writeback a user’s password changes in the cloud to the on-premises directory in real time using the lightweight Azure AD cloud provisioning agent.

  

Conditional Access for workload identities Public Preview

Service category: Conditional Access for workload identities
Product capability: Identity Security & Protection

Previously, Conditional Access policies applied only to users when they access apps and services like SharePoint online or the Azure portal. This preview adds support for Conditional Access policies applied to service principals owned by the organization. Admins can block service principals from accessing resources from outside trusted named locations or Azure Virtual Networks.

  

"Session Lifetime Policies Applied" property in the sign-in logs Public Preview

Service category: Authentications (Logins)
Product capability: Identity Security & Protection

Microsoft has recently added other property to the sign-in logs called "Session Lifetime Policies Applied". This property will list all the session lifetime policies that applied to the sign-in for example, Sign-in frequency, Remember multi-factor authentication and Configurable token lifetime.

  

Enriched reviews on access packages in entitlement management Public Preview

Service category: User Access Management
Product capability: Entitlement Management

Entitlement Management’s enriched review experience allows even more flexibility on access packages reviews. Admins can now choose what happens to access if the reviewers don't respond, provide helper information to reviewers, or decide whether a justification is necessary.

  

randomString and redact provisioning functions General availability

Service category: Provisioning
Product capability: Outbound to SaaS Applications

The Azure AD Provisioning service now supports two new functions, randomString() and Redact():

  • randomString – generate a string based on the length and characters an admin would like to include or exclude in the string.
  • redact – remove the value of the attribute from the audit and provisioning logs.

  

Now access review creators can select users and groups to receive notification on completion of reviews General availability

Service category: Access Reviews
Product capability: Identity Governance

Now access review creators can select users and groups to receive notification on completion of reviews.

  

Azure AD users can now view and report suspicious sign-ins and manage their accounts within Microsoft Authenticator General availability

Service category: Microsoft Authenticator App
Product capability: Identity Security & Protection

This feature allows Azure AD users to manage their work or school accounts within the Microsoft Authenticator app. The management features will allow users to view sign-in history and sign-in activity. Users can also report any suspicious or unfamiliar activity, change their Azure AD account passwords, and update the account's security information.

  

New Microsoft Authenticator app icon General availability

Service category: Microsoft Authenticator App
Product capability: Identity Security & Protection

New updates have been made to the Microsoft Authenticator app icon.

  

Azure AD single Sign on and device-based Conditional Access support in Firefox on Windows 10/11 General availability

Service category: Authentications (Logins)
Product capability: SSO

Microsoft now supports native single sign-on (SSO) support and device-based Conditional Access to Firefox browser on Windows 10 and Windows Server 2019 starting in Firefox version 91.

  

New provisioning connectors in the Azure AD Application Gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:

  

New Federated Apps available in Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In November 2021, Microsoft has added following 32 new applications in the Azure AD App gallery with Federation support:

  

What’s Changed

Additional attributes available as claims Public Preview

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Several user attributes have been added to the list of attributes available to map to claims to bring attributes available in claims more in line with what is available on the user object in Microsoft Graph. New attributes include mobilePhone and ProxyAddresses.

  

Updated "switch organizations" user experience in My Account

Service category: My Profile/Account
Product capability: End User Experiences

This change for the My Account Portal visually improves the user interface (UI) and provides the end-user with clear instructions. Microsoft also added a manage organizations link to the Organizations blade.

  

What’s Fixed

Federated users will see prompts more often when switching user accounts

Service category: Authentications (Logins)
Product capability: User Authentication

A problematic interaction between Windows and a local Active Directory Federation Services (ADFS) instance can result in users attempting to sign into another account, but be silently signed into their existing account instead, with no warning. For federated Identity Providers (IdPs) such as AD FS, that support the prompt=login pattern, Azure AD will now trigger a fresh sign-in at AD FS when a user is directed to AD FS with a login hint. This ensures that the user is signed into the account they requested, rather than being silently signed into the account they're already signed in with.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.