What's New in Azure Active Directory for December 2021

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for December 2021:

What’s Planned

Tenant enablement of combined security information registration

Service category: Multi-factor Authentication (MFA)
Product capability: Identity Security & Protection

Microsoft previously announced in April 2020, a new combined registration experience enabling users to register authentication methods for Self-service password reset (SSPR) and multi-factor authentication (MFA) at the same time was generally available for organizations to opt-in.

Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting in 2022 Microsoft will be enabling the combined registration experience for MFA and SSPR for existing Azure AD tenants.

What’s Deprecated

Pre-authentication error events removed from Azure AD Sign-in Logs

Service category: Reporting
Product capability: Monitoring & Reporting

Microsoft is no longer publishing sign-in logs with the following error codes because these events are pre-authentication events that occur before our service has authenticated a user:

  • 50058 Session information is not sufficient for single-sign-on.
  • 16000 Either multiple user identities are available for the current request or selected account is not supported for the scenario.
  • 500581 Fetching sessions for single-sign-on on V2 with prompt=none requires JavaScript to verify if any MSA accounts are signed in.
  • 81012 The user trying to sign in to Azure AD is different from the user signed into the device.

Because these events happen before authentication, the service is not always able to correctly identify the user. If a user continues on to authenticate, the user sign-in will show up in the tenant’s sign-in logs. These logs are no longer visible in the Azure portal, and querying these error codes in the Graph API will no longer return results.

What’s New

Number Matching in the Authenticator App Public Preview

Service category: Microsoft Authenticator App
Product capability: User Authentication

To prevent accidental notification approvals, admins can now require users to enter the number displayed on the sign-in screen when approving an multi-factor authentication notification in the Authenticator app. This feature adds an additional security measure to the Microsoft Authenticator app.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.