What's New in Azure Active Directory for January 2022

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for January 2022:

What’s New

Continuous Access Evaluation General Availability

Service category: Other
Product capability: Access Control

With Continuous access evaluation (CAE), critical security events and policies are evaluated in real time. This includes account disable, password reset, and location change.

User management enhancements General Availability

Service category: User Management
Product capability: User Management

The Azure AD portal has been updated to make it easier to find users in the All users and Deleted users pages. Changes include:

  • More visible user properties including object ID, directory sync status, creation type, and identity issuer.
  • Search now allows substring search and combined search of names, emails, and object IDs.
  • Enhanced filtering by user type (member, guest, and none), directory sync status, creation type, company name, and domain name.
  • New sorting capabilities on properties like name, user principal name, creation time, and deletion date.
  • A new total users count that updates with any searches or filters.

My Apps customization of default Apps view General Availability

Service category: My Apps
Product capability: End User Experiences

Customization of the default

Management

Download a list of your organization's devices to a .csv file for easier reporting and management.

Custom security attributes Public Preview

Service category: Directory Management
Product capability: Directory

Custom security attributes enable admins to define business-specific attributes that can be assigned to Azure AD objects. These attributes can be used to store information, categorize objects, or enforce fine-grained access control. Custom security attributes can be used with Azure attribute-based access control.

Filter groups in tokens using a substring match Public Preview

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

In the past, Azure AD only permitted groups to be filtered based on whether they were assigned to an application. Now, admins can also use Azure AD to filter the groups included in the token. Admins can filter with the substring match on the display name or onPremisesSAMAccountName attributes of the group object on the token. Only groups that the user is a member of will be included in the token. This token will be recognized whether it's on the ObjectID or the on-premises sAMAccountName or security identifier (SID).

This feature can be used together with the setting to include only groups assigned to the application if desired to further filter the list.

New provisioning connectors in the Azure AD App Gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:

New Federated Apps available in Azure AD App gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In January 2022, Microsoft has added the following new applications in the Azure AD App gallery with Federation support:

What’s Changed

Azure Ad access reviews reviewer recommendations now account for non-interactive sign-in information

Service category: Access Reviews
Product capability: Identity Governance

Azure AD access reviews reviewer recommendations now account for non-interactive sign-in information, improving upon original recommendations based on interactive last sign-ins only. Reviewers can now make more accurate decisions based on the last sign-in activity of the users they’re reviewing.

Risk reason for offline Azure AD Threat Intelligence risk detection

Service category: Identity Protection
Product capability: Identity Security & Protection

The offline Azure AD Threat Intelligence risk detection can now have a risk reason that will help organizations with the risk investigation. If a risk reason is available, it will show up as Additional Info in the risk details of that risk event. The information can be found in the Risk detections report. It will also be available through the additionalInfo property of the riskDetections API.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.