What's New in Azure Active Directory for July 2022

Reading Time: 4 minutes

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for July 2022:

What’s New

Here’s what’s new:

No more waiting, provision groups on demand into your SaaS applications General Availability

Service category: Provisioning
Product capability: Identity Lifecycle Management

Pick a group of up to five members and provision them into your third-party applications in seconds. Get started testing, troubleshooting, and provisioning to non-Microsoft applications such as ServiceNow, ZScaler, and Adobe.

Protect against by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD General Availability

Service category: Microsoft Graph API
Product capability: Identity Security and Protection

Microsoft is delighted to announce a new security protection that prevents bypassing of cloud Azure AD Multi-Factor Authentication (MFA) when federated with Azure AD. When enabled for a federated domain in the Azure AD tenant, it ensures that a compromised federated account can't bypass Azure AD MFA by imitating that a multi-factor authentication has already been performed by the identity provider. The protection can be enabled via new security setting, federatedIdpMfaBehavior.

Microsoft highly recommends enabling this new protection when using Azure AD MFA as your organization’s multi-factor authentication solution for federated users.

Tenant-based service outage notifications General Availability

Service category: Other
Product capability: Platform

Azure Service Health supports service outage notifications to tenant admins for Azure Active Directory issues. These outages will also appear on the Overview page in the Azure AD Admin portal with appropriate links to Azure Service Health. Outage events will be able to be seen by built-in tenant administrator roles.

Multiple Passwordless Phone sign-in Accounts for iOS devices Public PReview

Service category: Authentications (Logins)
Product capability: User Authentication

End users can now enable passwordless phone sign-in for multiple accounts in the Authenticator App on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to the Microsoft Authenticator app and use passwordless phone sign-in for all of them from the same iOS device.

ADFS to Azure AD: SAML App Multi-Instancing Public PReview

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Admins can now configure multiple instances of the same application within an Azure AD tenant. It's now supported for both Identity Provider (IdP), and Service Provider (SP) initiated single sign-on requests. Multiple application accounts can now have a separate service principal to handle instance-specific claims mapping and roles assignment.

ADFS to Azure AD: Apply RegEx Replace to groups claim content Public PReview

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

Up until recently, admins had the capability to transform claims using many transformations. However, using regular expression for claims transformation wasn't exposed. With this public preview release, admins can now configure and use regular expressions for claims transformation using the portal.

Trusts for User Forests in Azure AD Domain Services Public PReview

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Admins can now create trusts on both user and resource forests.

On-premises Active Directory Domain Services (AD DS) users can't authenticate to resources in the Azure AD DS resource forest until admins create an outbound trust to their on-premises AD DS environment(s).

An outbound trust requires network connectivity to the virtual network on which Azure AD Domain Services is deployed . On a user forest, trusts can be created for on-premises Active Directory forests that aren't synchronized to Azure AD DS.

New provisioning connectors in the Azure AD Application Gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

Admins can now automate creating, updating, and deleting user accounts for Tableau Cloud.

New Federated Apps available in the Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In July 2022 Microsoft has added the following new applications in the Azure AD App gallery with Federation support:

  1. Lunni Ticket Service
  2. TESMA
  3. Spring Health
  4. Sorbet
  5. Rainmaker UPS
  6. Planview ID
  7. Karbonalpha
  8. Headspace
  9. SeekOut
  10. Stackby
  11. Infrascale Cloud Backup
  12. Keystone
  13. LMS・教育管理システム Leaf
  14. ZDiscovery
  15. ラインズeライブラリアドバンス (Lines eLibrary Advance)
  16. Rootly
  17. Articulate 360
  18. Rise.com
  19. SevOne Network Monitoring System (NMS)
  20. PGM
  21. TouchRight Software
  22. Tendium
  23. Training Platform
  24. Znapio
  25. Preset
  26. itslearning MS Teams sync
  27. Veza
  28. Trax

What’s Changed

Here’s what’s changed:

Cross-tenant access settings for B2B collaboration General Availability

Service category: Business to Business (B2B) collaboration
Product capability: B2B/B2C collaboration

Cross-tenant access settings enable admins to control how users in their organization(s) collaborate with members of external Azure AD organizations. Now admins have granular inbound and outbound access control settings that work on a per organization, user, group, and application basis. These settings also make it possible for admins to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD-joined devices.

Expression builder with Application Provisioning General Availability

Service category: Provisioning
Product capability: Outbound to SaaS Applications

Accidental deletion of users in apps or in the on-premises directory could be disastrous. Microsoft is excited to announce the general availability of the accidental deletions prevention capability. When a provisioning job would cause a spike in deletions, it will first pause and provide you visibility into the potential deletions. Admins can then accept or reject the deletions and have time to update the job’s scope if necessary.

Azure AD Domain Services – Fine Grain Permissions Public PReview

Service category: Azure AD Domain Services
Product capability: Azure AD Domain Services

Previously, to set up and manage an Azure AD Domain Services instance, admins needed top level permissions of Azure Contributor and the Azure AD Global Administrator role.

Now for both initial creation, and ongoing administration, you can utilize more fine grain permissions for enhanced security and control.

Improved app discovery view for My Apps portal Public PReview

Service category: My Apps
Product capability: End User Experiences

An improved app discovery view for My Apps is in public preview. The preview shows users more apps in the same space and allows them to scroll between collections. It doesn't currently support drag-and-drop and list view. Users can opt into the preview by clicking Try the preview and opt out by clicking Return to previous view.

New Azure AD Portal All Devices list Public PReview

Service category: Device Registration and Management
Product capability: End User Experiences

Microsoft is enhancing the All Devices list in the Azure AD Portal to make it easier to filter and manage your organization’s devices. Improvements include:

  • Infinite scrolling
  • More devices properties can be filtered on
  • Columns can be reordered via drag and drop
  • Select all devices

ADFS to Azure AD: Persistent NameID for IDP-initiated Apps Public PReview

Service category: Enterprise Apps

Product capability:
Single Sign-on (SSO)

Previously the only way to have a persistent NameID value was to configure the user attribute with an empty value. Admins can now explicitly configure the NameID value to be persistent along with the corresponding format.

ADFS to Azure AD: Customize attrname-format​ Public PReview

Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)

With this new parity update, admins can now integrate non-gallery applications such as Socure DevHub with Azure AD to have single sign-on (SSO) via SAML.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.