Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for December 2022:
What's Planned
ADAL End of Support
Service category: Other
Product capability: Developer Experience
As part of Microsoft's ongoing initiative to improve the developer experience, service reliability, and security of customer applications, Microsoft ends support for the Azure Active Directory Authentication Library (ADAL). The final deadline to migrate your applications to Microsoft Authentication Library (MSAL) has been extended to June 1, 2023.
What's New
Multiple Password-less Phone Sign-in for iOS Devices General Availability
Service category: Authentications (Logins)
Product capability: User Authentication
People can now enable password-less phone sign-in for multiple accounts in the Authenticator App on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use password-less phone sign-in for all of them from the same iOS device. The Azure AD accounts can be in the same tenant or different tenants. Guest accounts are not supported for multiple account sign-in from one device.
People are not required to enable the optional telemetry setting in the Authenticator App.
Administrative Unit support for devices General Availability
Service category: Directory Management
Product capability: AuthZ/Access Delegation
Admins can now use Administrative Units (AUs) to delegate management of specified devices in the tenant by adding devices to an administrative unit, and assigning built-in and custom device management roles scoped to that administrative unit.
On-premises application provisioning General Availability
Service category: Provisioning
Product capability: Outbound to On-premises Applications
Azure AD supports provisioning user objects into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If the application supports SCIM, or a SCIM gateway is available to connect to the legacy application, admins can use the Azure AD Provisioning agent to directly connect with the application and automate provisioning and deprovisioning. Legacy applications that don't support SCIM and rely on an LDAP user store, or a SQL database are also supported.
Converged Authentication Methods Policy Public Preview
Service category: Multi-factor Authentication (MFA)
Product capability: User Authentication
The Converged Authentication Methods Policy enables you to manage all authentication methods used for Multi-factor Authentication (MFA) and Self-service Password Reset (SSPR) in one policy, migrate off the legacy MFA and SSPR policies, and target authentication methods to groups of users instead of enabling them for all users in the tenant.
Admins can restrict their users from creating tenants Public Preview
Service category: User Access Management
Product capability: User Management
The ability for users to create tenants from the Manage Tenant overview page has been present in Azure AD since almost the beginning of the Azure portal. This new capability in the User Settings blade allows admins to restrict their users from being able to create new tenants. There is also a new Tenant Creator role to allow specific users to create tenants.
Consolidated My Apps settings and new preview settings Public Preview
Service category: My Apps
Product capability: End User Experiences
Microsoft has consolidated relevant app launcher settings in a new App launchers section in the Azure and Entra portals. The entry point can be found under Enterprise applications, where Collections used to be. You can find the Collections blade by selecting App launchers.
In addition, Microsoft has added a new App launchers Settings blade. This blade has some settings you may already be familiar with like the Microsoft 365 settings. The new Settings blade also has controls for previews. Administrators can choose to try out new app launcher features while they are in preview. Enabling a preview feature means that the feature is turned on for the organization, and will be reflected in the My Apps portal and other app launchers for all of your users.
Enabling customization capabilities for the conditional error messages in Company Branding Public Preview
Service category: Other
Product capability: End User Experiences
This features updates the Company Branding functionality on the Azure AD/Microsoft 365 sign-in experience to allow customizing Conditional Access error messages.
Windows 10+ Troubleshooter for Diagnostic Logs Public Preview
Service category: Audit
Product capability: Monitoring & Reporting
This feature analyzes uploaded client-side logs, also known as diagnostic logs, from Windows 10+ devices that are having issues and suggests remediation steps to resolve the issues. Admins can work with end users to collect client-side logs, and then upload them to this troubleshooter in the Entra Portal.
Frontline workers using shared devices can now use Edge and Yammer apps on Android Public Preview
Service category: N/A
Product capability: Single Sign-on (SSO)
Companies often provide mobile devices to frontline workers that need to be shared between shifts. Microsoft’s shared device mode allows frontline workers to easily authenticate by automatically signing users in and out of all the apps that have enabled this feature. In addition to Microsoft Teams and Managed Home Screen being generally available, Microsoft is excited to announce that Edge and Yammer apps on Android are now also in Public Preview.
New provisioning connectors in the Azure AD Application Gallery
Service category: App Provisioning
Product capability: 3rd Party Integration
We've added the following new applications in our App gallery with Provisioning support. You can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
New Federated Apps available in Azure AD Application gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In December 2022, Microsoft has added the following new applications in the Azure AD App gallery with Federation support:
- Bionexo IDM
- SMART Meeting Pro
- Venafi Control Plane – Datacenter
- HighQ
- Drawboard PDF
- ETU Skillsims
- TencentCloud IDaaS
- TeamHeadquarters Email Agent OAuth
- Verizon MDM
- QRadar SOAR
- Tripwire Enterprise
- Cisco Unified Communications Manager
- Howspace
- Flipsnack SAML
- Albert
- Altinget.no
- Coveo Hosted Services
- Cybozu(cybozu.com)
- BombBomb
- VMware Identity Service
- Cimmaron Exchange Sync – Delegated
- HexaSync
- Trifecta Teams
- VerosoftDesign
- Mazepay
- Wistia
- Begin.AI
- WebCE
- Dream Broker Studio
- PKSHA Chatbot
- PGM-BCP
- ChartDesk SSO
- Elsevier SP
- GreenCommerce IdentityServer
- Fullview
- Aqua Platform
- SpedTrack
- Pinpoint
- Darzin Outlook Add-in
- Simply Stakeholders Outlook Add-in
- tesma
- Parkable
- Unite Us
What's Changed
Updates to Conditional Access templates Public Preview
Service category: Conditional Access
Product capability: Identity Security & Protection
Conditional Access templates provide a convenient method to deploy new policies aligned with Microsoft recommendations. In total, there are 14 Conditional Access policy templates, filtered by five different scenarios; secure foundation, zero trust, remote work, protect administrators, and emerging threats.
In this Public Preview refresh, Microsoft has enhanced the user experience with an updated design and added four new improvements:
- Admins can create a Conditional Access policy by importing a JSON file.
- Admins can duplicate existing policy.
- Admins can view more detailed policy information.
- Admins can query templates programmatically via MSGraph API.
Login