What's New in Azure Active Directory for August 2022

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for August 2022:

 

What’s New

Ability to force reauthentication on Intune enrollment, risky sign-ins, and risky users General Availability

Service category: Conditional Access
Product capability: Identity Security & Protection

Organizations can now require a fresh authentication each time a person performs a certain action. Forced reauthentication supports requiring a person to reauthenticate during Intune device enrollment, password change for risky users, and risky sign-ins.

 

Workload Identity Federation with App Registrations General Availability

Service category: Other
Product capability: Developer Experience

Entra Workload Identity Federation allows developers to exchange tokens issued by another identity provider (IdP) with Azure AD tokens, without needing secrets. It eliminates the need to store, and manage, credentials inside the code or secret stores to access Azure AD protected resources such as Azure and Microsoft Graph.

By removing the secrets required to access Azure AD protected resources, workload identity federation can improve the security posture of the organization. This feature also reduces the burden of secret management and minimizes the risk of service downtime due to expired credentials.

 

External user leave settings Public Preview

Service category: Enterprise Apps
Product capability: Business to Business (B2B)/ Business to Consumer (B2C)

Currently, users can self-service leave an organization without the visibility of their IT administrators. Some organizations may want more control over this self-service process.

With this feature, IT administrators can now allow or restrict external identities to leave an organization by Microsoft provided self-service controls via Azure Active Directory in the Microsoft Entra portal. In order to restrict users to leave an organization, customers need to include a Global privacy contact and Privacy statement URL under Properties.

 

Restrict self-service BitLocker for devices Public Preview

Service category: Device Registration and Management
Product capability: Access Control

In some situations, admins may want to restrict the ability for end users to self-service access to BitLocker Drive Encryption (BDE) recovery keys. With this new functionality, admins can now turn off self-service access to BDE recovery keys, so that only specific individuals with right privileges can use a BitLocker recovery key.

 

Identity Protection Alerts in Microsoft 365 Defender Public Preview

Service category: Identity Protection
Product capability: Identity Security & Protection

Identity Protection risk detections (alerts) are now also available in the Microsoft 365 Defender portal to provide a unified investigation experience for security professionals.

 

New Federated Apps available in the Azure AD Application gallery

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In August 2022, Microsoft has added the following new applications to the Azure AD App gallery with Federation support:

  1. Albourne Castle
  2. Adra by Trintech
  3. workhub
  4. 4DX
  5. Ecospend IAM V1
  6. TigerGraph
  7. Sketch
  8. Lattice
  9. snapADDY Single Sign On
  10. RELAYTO Content Experience Platform
  11. oVice
  12. Arena
  13. QReserve
  14. Curator
  15. NetMotion Mobility
  16. HackNotice
  17. ERA_EHS_CORE
  18. AnyClip Teams Connector
  19. Wiz SSO
  20. Tango Reserve by AgilQuest (EU Instance)
  21. valid8Me
  22. Ahrtemis
  23. KPMG Leasing Tool
  24. Mist Cloud Admin SSO
  25. Work-Happy
  26. Ediwin SaaS EDI
  27. LUSID
  28. Next Gen Math
  29. Total ID
  30. Cheetah For Benelux
  31. Live Center Australia
  32. Shop Floor Insight
  33. Warehouse Insight
  34. myAOS
  35. Hero
  36. FigBytes
  37. VerosoftDesign
  38. ViewpointOne – UK
  39. EyeRate Reviews
  40. Lytx DriveCam

 

New provisioning connectors in the Azure AD Application Gallery Public Preview

Service category: App Provisioning
Product capability: 3rd Party Integration

Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:

  1. Ideagen Cloud
  2. Lucid (All Products)
  3. Palo Alto Networks Cloud Identity Engine – Cloud Authentication Service
  4. SuccessFactors Writeback
  5. Tableau Cloud

 

 

What’s Changed

Multi-Stage Access Reviews General Availability

Service category: Access Reviews
Product capability: Identity Governance

Organizations can now meet their complex audit and recertification requirements through multiple stages of reviews.

 

Entitlement management automatic assignment policies Public Preview

Service category: Entitlement Management
Product capability: Identity Governance

In Azure AD entitlement management, a new form of access package assignment policy is being added. The automatic assignment policy includes a filter rule, similar to a dynamic group, that specifies the users in the tenant who should have assignments.

When user accounts come into scope of matching that filter rule criteria, an assignment is automatically created, and when they no longer match, the assignment is removed.

Posted on September 5, 2022 by Sander Berkouwer in Azure Active Directory, What's New

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.