Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for May 2023:
What's New
Cross-tenant synchronization General Availability
Service category: Provisioning
Product capability: Identity Lifecycle Management
Cross-tenant synchronization allows admins to set up a scalable and automated solution for users to access applications across tenants in the organization. It builds upon the External ID functionality and automates creating, updating, and deleting External IDs within tenants in the organization.
Conditional Access authentication strength for members, external users and FIDO2 restrictions General Availability
Service category: Conditional Access
Product capability: Identity Security & Protection
Authentication strength is a Conditional Access control that allows admins to specify which combination of authentication methods can be used to access a resource. For example, they can make only phishing-resistant authentication methods available to access a sensitive resource. Likewise, to access a non-sensitive resource, they can allow less secure multifactor authentication (MFA) combinations such as password + SMS.
Conditional Access Granular control for external user types General Availability
Service category: Conditional Access
Product capability: Identity Security & Protection
When configuring a Conditional Access policy, organizations now have granular control over the types of external users they want to apply the policy to. External users are categorized based on how they authenticate (internally or externally) and their relationship to the organization (guest or member).
Authenticator Lite (In Outlook) General Availability
Service category: Microsoft Authenticator App
Product capability: User Authentication
Authenticator Lite (in Outlook) is an authentication solution for users that haven't yet downloaded the Microsoft Authenticator app. Users are prompted in Outlook on their mobile device to register for multi-factor authentication. After they enter their password at sign-in, they'll have the option to send a push notification to their Android or iOS device.
Due to the security enhancement this feature provides users, the Microsoft managed value of this feature will be changed from ‘disabled’ to ‘enabled’ on June 9. We’ve made some changes to the feature configuration, so if admins made an update before GA, May 17, please validate that the feature is in the correct state for the tenant prior to June 9. If admins don't wish for this feature to be enabled on June 9, move the state to ‘disabled’, or set users to include and exclude groups.
Admins can restrict their users from creating tenants General Availability
Service category: User Access Management
Product capability: User Management
The ability for users to create tenants from the Manage Tenant overview has been present in Azure AD since almost the beginning of the Azure portal. This new capability in the User Settings pane allows admins to restrict their users from being able to create new tenants.
Admins can now restrict users from self-service accessing their BitLocker keys General Availability
Service category: Device Access Management
Product capability: User Management
Admins can now restrict their users from self-service accessing their BitLocker keys through the Devices Settings page. Turning on this capability hides the BitLocker key(s) of all non-admin users. This helps to control BitLocker access management at the admin level.
Devices Self-Help Capability for Pending Devices General Availability
Service category: Device Access Management
Product capability: End User Experiences
In the All Devices view under the Registered column, people can now select any pending devices they have, and it opens a context pane to help troubleshoot why a device may be pending.
SAML/Ws-Fed based identity provider authentication for External IDs in US Sec and US Nat clouds General Availability
Service category: Business 2 Business collaboration
Product capability: External ID
SAML/Ws-Fed based identity providers for authentication in Azure AD B2B are generally available in:
- US Sec cloud
- US Nat cloud
- China cloud
Verified threat actor IP sign-in detection General Availability
Service category: Identity Protection
Product capability: Identity Security & Protection
Identity Protection has added a new detection, using the Microsoft Threat Intelligence database, to detect sign-ins performed from IP addresses of known nation state and cyber-crime actors and allow organizations to block these sign-ins by using risk-based conditional access policies.
PowerShell and Web Services connector support through the Azure AD provisioning agent General Availability
Service category: Provisioning
Product capability: Outbound to On-premises Applications
The Azure AD on-premises application provisioning feature now supports both the PowerShell and web services connectors. Admins can now provision user objects into a flat file using the PowerShell connector or an app such as SAP ECC using the web services connector.
Managed Identity in Microsoft Authentication Library for .NET General Availability
Service category: Authentications (Logins)
Product capability: User Authentication
The latest version of MSAL.NET graduates the Managed Identity APIs into the General Availability mode of support, which means that developers can integrate them safely in production workloads.
Managed identities are a part of the Azure infrastructure, simplifying how developers handle credentials and secrets to access cloud resources. With Managed Identities, developers don't need to manually handle credential retrieval and security. Instead, they can rely on an automatically managed set of identities to connect to resources that support Azure Active Directory authentication.
Microsoft Entra Permissions Management Azure Active Directory Insights General Availability
Service category: Other
Product capability: Permissions Management
The Azure Active Directory Insights tab in Microsoft Entra Permissions Management provides a view of all permanent role assignments assigned to Global Administrators, and a curated list of highly privileged roles. Administrators can then use the report to take further action within the Azure Active Directory console.
Custom Extensions in Entitlement Management Public Preview
Service category: Entitlement management
Product capability: Identity Governance
Last year Microsoft announced the public preview of custom extensions in Entitlement Management allowing admins to automate complex processes when access is requested or about to expire. Microsoft has recently expanded the public preview to allow for the access package assignment request to be paused while an external process is running. In addition, the external process can now provide feedback to Entitlement Management to either surface additional information to end users in MyAccess or even stop the access request. This expands the scenarios of custom extension from notifications to additional stakeholders or the generation of tickets to advanced scenarios such as external governance, risk and compliance checks. In the course of this update, Microsoft has also improved the audit logs, token security and the payload sent to the Logic App.
In portal guide to configure multi-factor authentication Public Preview
Service category: MFA
Product capability: Identity Security & Protection
The in portal guide to configure multi-factor authentication helps admins get started with Azure Active Directory's MFA capabilities. Admins can find this guide under the Tutorials tab in the Azure AD Overview.
New provisioning connectors in the Azure AD Application Gallery
Service category: App Provisioning
Product capability: 3rd Party Integration
Microsoft has added the following new applications in the Azure AD App gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
New Federated Apps available in Azure AD Application gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In May 2023 Microsoft added the following new applications in the Azure AD App gallery with Federation support:
- INEXTRACK
- Valotalive Digital Signage Microsoft 365 integration
- Tailscale
- MANTL
- ServusConnect
- Jigx MS Graph Demonstrator
- Delivery Solutions
- Radiant IOT Portal
- Cosgrid Networks
- voya SSO
- Redocly
- Glaass Pro
- TalentLyftOIDC
- Cisco Expressway
- IBM TRIRIGA on Cloud
- Avionte Bold SAML Federated SSO
- InspectNTrack
- CAREERSHIP
- Cisco Unity Connection
- HSC-Buddy
- teamecho
- Uni-tel A/S
- AskFora
- Enterprise Bot
- CMD+CTRL Base Camp
- Debitia Collections
- EnergyManager
- Visual Workforce
- Uplifter
- AI2
- TES Cloud
- VEDA Cloud
- SOC SST
- Alchemer
- Cleanmail Swiss
- WOX
- WATS
- Data Quality Assistant
- Softdrive
- Fluence Portal
- Humbol
- Document360
- Engage by Local Measure
- Gate Property Management Software
- Locus
- Banyan Infrastructure
- Proactis Rego Invoice Capture
- SecureTransport
- Recnice
What's Changed
My Security-info now shows Microsoft Authenticator type General Availaibility
Service category: MFA
Product capability: Identity Security & Protection
Microsoft has improved My Sign-ins and My Security-Info to give admins more clarity on the types of Microsoft Authenticator or other Authenticator apps a user has registered. Users will now see Microsoft Authenticator registrations with additional information showing the app as being registered as Push-based MFA or Password-less phone sign-in (PSI) and for other Authenticator apps (Software OATH) Microsoft now indicates they're registered as a Time-based One-time password method.
New My Groups Experience Public Preview
Service category: Group Management
Product capability: End User Experiences
A new and improved My Groups experience is now available at myaccount.microsoft.com/groups. This experience replaces the existing My Groups experience at mygroups.microsoft.com in May.
Login