What's New in Azure Active Directory for December 2022

Reading Time: 4 minutes

Azure Active Directory

Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for December 2022:

 

What's Planned

ADAL End of Support

Service category: Other
Product capability: Developer Experience

As part of Microsoft's ongoing initiative to improve the developer experience, service reliability, and security of customer applications, Microsoft ends support for the Azure Active Directory Authentication Library (ADAL). The final deadline to migrate your applications to Microsoft Authentication Library (MSAL) has been extended to June 1, 2023.

 

What's New

Multiple Password-less Phone Sign-in for iOS Devices General Availability

Service category: Authentications (Logins)
Product capability: User Authentication

People can now enable password-less phone sign-in for multiple accounts in the Authenticator App on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use password-less phone sign-in for all of them from the same iOS device. The Azure AD accounts can be in the same tenant or different tenants. Guest accounts are not supported for multiple account sign-in from one device.

People  are not required to enable the optional telemetry setting in the Authenticator App.

 

Administrative Unit support for devices General Availability

Service category: Directory Management
Product capability: AuthZ/Access Delegation

Admins can now use Administrative Units (AUs) to delegate management of specified devices in the tenant by adding devices to an administrative unit, and assigning built-in and custom device management roles scoped to that administrative unit.

 

On-premises application provisioning General Availability

Service category: Provisioning
Product capability: Outbound to On-premises Applications

Azure AD supports provisioning user objects into applications hosted on-premises or in a virtual machine, without having to open up any firewalls. If the application supports SCIM, or a SCIM gateway is available to connect to the legacy application, admins can use the Azure AD Provisioning agent to directly connect with the application and automate provisioning and deprovisioning. Legacy applications that don't support SCIM and rely on an LDAP user store, or a SQL database are also supported.

 

Converged Authentication Methods Policy Public Preview

Service category: Multi-factor Authentication (MFA)
Product capability: User Authentication

The Converged Authentication Methods Policy enables you to manage all authentication methods used for Multi-factor Authentication (MFA) and Self-service Password Reset (SSPR) in one policy, migrate off the legacy MFA and SSPR policies, and target authentication methods to groups of users instead of enabling them for all users in the tenant.

 

Admins can restrict their users from creating tenants Public Preview

Service category: User Access Management
Product capability: User Management

The ability for users to create tenants from the Manage Tenant overview page  has been present in Azure AD since almost the beginning of the Azure portal. This new capability in the User Settings blade allows admins to restrict their users from being able to create new tenants. There is also a new Tenant Creator role to allow specific users to create tenants.

 

Consolidated My Apps settings and new preview settings Public Preview

Service category: My Apps
Product capability: End User Experiences

Microsoft has consolidated relevant app launcher settings in a new App launchers section in the Azure and Entra portals. The entry point can be found under Enterprise applications, where Collections used to be. You can find the Collections blade by selecting App launchers.

In addition, Microsoft has added a new App launchers Settings blade. This blade has some settings you may already be familiar with like the Microsoft 365 settings. The new Settings blade also has controls for previews. Administrators can choose to try out new app launcher features while they are in preview. Enabling a preview feature means that the feature is turned on for the organization, and will be reflected in the My Apps portal and other app launchers for all of your users.

 

Enabling customization capabilities for the conditional error messages in Company Branding Public Preview

Service category: Other
Product capability: End User Experiences

This features updates the Company Branding functionality on the Azure AD/Microsoft 365 sign-in experience to allow customizing Conditional Access error messages.

 

Windows 10+ Troubleshooter for Diagnostic Logs Public Preview

Service category: Audit
Product capability: Monitoring & Reporting

This feature analyzes uploaded client-side logs, also known as diagnostic logs, from Windows 10+ devices that are having issues and suggests remediation steps to resolve the issues. Admins can work with end users to collect client-side logs, and then upload them to this troubleshooter in the Entra Portal.

 

Frontline workers using shared devices can now use Edge and Yammer apps on Android Public Preview

Service category: N/A
Product capability: Single Sign-on (SSO)

Companies often provide mobile devices to frontline workers that need to be shared between shifts. Microsoft’s shared device mode allows frontline workers to easily authenticate by automatically signing users in and out of all the apps that have enabled this feature. In addition to Microsoft Teams and Managed Home Screen being generally available, Microsoft is excited to announce that Edge and Yammer apps on Android are now also in Public Preview.

 

New provisioning connectors in the Azure AD Application Gallery

Service category: App Provisioning
Product capability: 3rd Party Integration

We've added the following new applications in our App gallery with Provisioning support. You can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

 

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In December 2022, Microsoft has added the following new applications in the Azure AD App gallery with Federation support:

  1. Bionexo IDM
  2. SMART Meeting Pro
  3. Venafi Control Plane – Datacenter
  4. HighQ
  5. Drawboard PDF
  6. ETU Skillsims
  7.  TencentCloud IDaaS
  8. TeamHeadquarters Email Agent OAuth
  9. Verizon MDM
  10. QRadar SOAR
  11. Tripwire Enterprise
  12. Cisco Unified Communications Manager
  13. Howspace
  14. Flipsnack SAML
  15. Albert
  16. Altinget.no
  17. Coveo Hosted Services
  18. Cybozu(cybozu.com)
  19. BombBomb
  20. VMware Identity Service
  21. Cimmaron Exchange Sync – Delegated
  22. HexaSync
  23. Trifecta Teams
  24. VerosoftDesign
  25. Mazepay
  26. Wistia
  27. Begin.AI
  28. WebCE
  29. Dream Broker Studio
  30. PKSHA Chatbot
  31. PGM-BCP
  32. ChartDesk SSO
  33. Elsevier SP
  34. GreenCommerce IdentityServer
  35. Fullview
  36. Aqua Platform
  37. SpedTrack
  38. Pinpoint
  39. Darzin Outlook Add-in
  40. Simply Stakeholders Outlook Add-in
  41. tesma
  42. Parkable
  43. Unite Us

 

What's Changed

Updates to Conditional Access templates Public Preview

Service category: Conditional Access
Product capability: Identity Security & Protection

Conditional Access templates provide a convenient method to deploy new policies aligned with Microsoft recommendations. In total, there are 14 Conditional Access policy templates, filtered by five different scenarios; secure foundation, zero trust, remote work, protect administrators, and emerging threats.

In this Public Preview refresh, Microsoft has enhanced the user experience with an updated design and added four new improvements:

  • Admins can create a Conditional Access policy by importing a JSON file.
  • Admins can duplicate existing policy.
  • Admins can view more detailed policy information.
  • Admins can query templates programmatically via MSGraph API.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.