Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for September 2022:
What’s New
Self-Service Password Reset writeback for disconnected forests with Azure AD Connect Cloud Sync General Availability
Service category: Azure AD Connect Cloud Sync
Product capability: Identity Lifecycle Management
Azure AD Connect Cloud Sync Password writeback now provides organizations the ability to synchronize Azure AD password changes made in the cloud to an on-premises directory in real time. This can be accomplished using the lightweight Azure AD cloud provisioning agent.
This is the first writeback functionality that is made available through Azure AD Connect Cloud Sync.
Device-based conditional access on Linux devices General Availability
Service category: Conditional Access
Product capability: Single Sign-on (SSO)
This feature empowers users on Linux clients to register their devices with Azure AD, enroll into Intune management, and satisfy device-based Conditional Access policies when accessing corporate resources.
- Users can register their Linux devices with Azure AD.
- Users can enroll in Mobile Device Management (Intune), which can be used to provide compliance decisions, based upon policy definitions to allow device-based Conditional Access on Linux devices.
- If compliant, users can use Edge Browser to satisfy device-based Conditional Access policies and enable Single Sign-on (SSO) to Microsoft 365, Azure and other Azure AD-integrated apps, services and systems .
Azure AD SCIM Validator General Availability
Service category: Provisioning
Product capability: Outbound to SaaS Applications
Independent Software Vendors (ISVs) and developers can self-test their System for Cross-domain Identity Management (SCIM) endpoints for compatibility: Microsoft has made it easier for ISVs to validate that their endpoints are compatible with the SCIM-based Azure AD provisioning services.
Prevent accidental deletions General Availability
Service category: Provisioning
Product capability: Outbound to SaaS Applications
Accidental deletion of users in any system could be disastrous. Microsoft is excited to announce the general availability of the accidental deletions prevention capability as part of the Azure AD provisioning service.
When the number of deletions to be processed in a single provisioning cycle spikes above the organization-defined threshold, the Azure AD provisioning service will pause, provide visibility into the potential deletions, and allow admins to accept or reject the deletions.
This functionality has historically been available for Azure AD Connect, and Azure AD Connect Cloud Sync. It's now available across the various provisioning flows, including both HR-driven provisioning and application provisioning.
Identity Protection Anonymous and Malicious IP for ADFS on-premises sign-ins General Availability
Service category: Identity Protection
Product capability: Identity Security and Protection
Identity Protection expands its anonymous and malicious IP detections to protect Active Directory Federation Services (AD FS) sign-ins.
This will automatically apply to all organizations who have AD Connect Health for AD FS deployed and enabled, and will show up as the existing Anonymous IP or Malicious IP detections with a token issuer type of AD Federation Services.
New Federated Apps available in the Azure AD Application gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In September 2022, Microsoft added the following new applications in the Azure AD App gallery with Federation support:
Login