Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for August 2023:
What's New
Tenant Restrictions v2 General Availability
Service category: Authentications (Sign-ins)
Product capability: Identity Security & Protection
v2 of the Tenant Restrictions functionality is now generally available for authentication plane via proxy. It allows organizations to enable safe and productive cross-company collaboration while containing data exfiltration risk. Admins can control what external tenants people in the organization can access from the organization's devices or network, using externally issued identities and provide granular access control on a per organisation, user, group, and application basis.
v2 of the Tenant Restrictions functionality uses the cross-tenant access policy, and offers both authentication and data plane protection. It enforces policies during user authentication, and on data plane access with:
- Exchange Online
- SharePoint Online
- Teams
- MSGraph
Note:
While data plane support with Windows Group Policy and Global Secure Access is still in public preview, authentication plane support with proxy is now generally available.
Continuous Access Evaluation for Workload Identities available in Public and Gov clouds General Availability
Service category: Continuous Access Evaluation
Product capability: Identity Security & Protection
Real-time enforcement of risk events, revocation events, and Conditional Access location policies are now generally available for workload identities. Service principals on line of business (LoB) applications are now protected on access requests to the Microsoft Graph.
Real-Time Strict Location Enforcement Public Preview
Service category: Continuous Access Evaluation
Product capability: Access Control
With real-time strict location enforcement, admins can strictly enforce Conditional Access policies in real-time using Continuous Access Evaluation towards services like Microsoft Graph, Exchange Online, and SharePoint Online to block access requests from disallowed locations as part of a layered defense against token replay and other unauthorized access.
Cross-tenant access settings supports custom RBAC roles and protected actions Public Preview
Service category: Business to Business (B2B)
Product capability: External Collaboration
Cross-tenant access settings can be managed with custom roles defined by your organization. This enables admins to define finely-scoped roles to manage cross-tenant access settings instead of using one of the built-in roles for management. Admins can also now protect privileged actions inside of cross-tenant access settings using Conditional Access. For example, admins can require multi-factor authentication (MFA) before allowing changes to default settings for Business to Business (B2B) collaboration.
New provisioning connectors in the Entra ID Application Gallery Public Preview
Service category: App Provisioning
Product capability: 3rd Party Integration
Microsoft has added the following new applications in the Entra ID Application Gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
- Airbase
- Airtable
- Cleanmail Swiss
- Informacast
- Kintone
- O'reilly learning platform
- Tailscale
- Tanium SSO
- Vbrick Rev Cloud
- Xledger
What's Changed
Additional settings in Entitlement Management auto-assignment policy General Availability
Service category: Entitlement Management
Product capability: Entitlement Management
In the Entra ID Governance entitlement management auto-assignment policy, there are three new settings. This allows an organization to select to:
- not have the policy create assignments
- not remove assignments
- delay assignment removal
Setting for guest losing access Public Preview
Service category: Entitlement Management
Product capability: Entitlement Management
An admin can configure that when a guest brought in through entitlement management has lost their last access package assignment, they're deleted after a specified number of days.
Login