Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for December 2021:
Tenant enablement of combined security information registration
Service category: Multi-factor Authentication (MFA)
Product capability: Identity Security & Protection
Microsoft previously announced in April 2020, a new combined registration experience enabling users to register authentication methods for Self-service password reset (SSPR) and multi-factor authentication (MFA) at the same time was generally available for organizations to opt-in.
Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting in 2022 Microsoft will be enabling the combined registration experience for MFA and SSPR for existing Azure AD tenants.
Pre-authentication error events removed from Azure AD Sign-in Logs
Service category: Reporting
Product capability: Monitoring & Reporting
Microsoft is no longer publishing sign-in logs with the following error codes because these events are pre-authentication events that occur before our service has authenticated a user:
- 50058 Session information is not sufficient for single-sign-on.
- 16000 Either multiple user identities are available for the current request or selected account is not supported for the scenario.
- 81012 The user trying to sign in to Azure AD is different from the user signed into the device.
Because these events happen before authentication, the service is not always able to correctly identify the user. If a user continues on to authenticate, the user sign-in will show up in the tenant’s sign-in logs. These logs are no longer visible in the Azure portal, and querying these error codes in the Graph API will no longer return results.
Number Matching in the Authenticator App Public Preview
Service category: Microsoft Authenticator App
Product capability: User Authentication
To prevent accidental notification approvals, admins can now require users to enter the number displayed on the sign-in screen when approving an multi-factor authentication notification in the Authenticator app. This feature adds an additional security measure to the Microsoft Authenticator app.