Azure Active Directory is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft communicated the following planned, new and changed functionality for Azure Active Directory for November 2021:
What’s planned
Tenant enablement of combined security information registration for Azure Active Directory
Service category: Multi-factor authentication (MFA)
Product capability: Identity Security & Protection
Microsoft previously announced in April 2020 a new combined registration experience enabling users to register authentication methods for self-service password reset (SSPR) and multi-factor authentication (MFA) at the same time was generally available for existing customer to opt-in. Any Azure AD tenants created after August 2020 automatically have the default experience set to combined registration. Starting 2022, Microsoft will be enabling the MFA/SSPR combined registration experience for organizations using existing tenants pre-dating August 2020.
What’s New
Conditional Access Overview Dashboard Public Preview
Service category: Conditional Access
Product capability: Monitoring & Reporting
The new Conditional Access overview dashboard enables all tenants to see insights about the impact of their Conditional Access policies without requiring an Azure Monitor subscription. This built-in dashboard provides tutorials to deploy policies, a summary of the policies in the tenant, a snapshot of policy coverage, and security recommendations.
SPR writeback is now available using Azure AD Connect cloud sync Public Preview
Type: New feature
Service category: Azure AD Connect Cloud Sync
Product capability: Identity Lifecycle Management
The Public Preview feature for Azure AD Connect Cloud Sync Password writeback provides organizations the capability to writeback a user’s password changes in the cloud to the on-premises directory in real time using the lightweight Azure AD cloud provisioning agent.
Conditional Access for workload identities Public Preview
Service category: Conditional Access for workload identities
Product capability: Identity Security & Protection
Previously, Conditional Access policies applied only to users when they access apps and services like SharePoint online or the Azure portal. This preview adds support for Conditional Access policies applied to service principals owned by the organization. Admins can block service principals from accessing resources from outside trusted named locations or Azure Virtual Networks.
"Session Lifetime Policies Applied" property in the sign-in logs Public Preview
Service category: Authentications (Logins)
Product capability: Identity Security & Protection
Microsoft has recently added other property to the sign-in logs called "Session Lifetime Policies Applied". This property will list all the session lifetime policies that applied to the sign-in for example, Sign-in frequency, Remember multi-factor authentication and Configurable token lifetime.
Enriched reviews on access packages in entitlement management Public Preview
Service category: User Access Management
Product capability: Entitlement Management
Entitlement Management’s enriched review experience allows even more flexibility on access packages reviews. Admins can now choose what happens to access if the reviewers don't respond, provide helper information to reviewers, or decide whether a justification is necessary.
randomString and redact provisioning functions General availability
Service category: Provisioning
Product capability: Outbound to SaaS Applications
The Azure AD Provisioning service now supports two new functions, randomString() and Redact():
- randomString – generate a string based on the length and characters an admin would like to include or exclude in the string.
- redact – remove the value of the attribute from the audit and provisioning logs.
Now access review creators can select users and groups to receive notification on completion of reviews General availability
Service category: Access Reviews
Product capability: Identity Governance
Now access review creators can select users and groups to receive notification on completion of reviews.
Azure AD users can now view and report suspicious sign-ins and manage their accounts within Microsoft Authenticator General availability
Service category: Microsoft Authenticator App
Product capability: Identity Security & Protection
This feature allows Azure AD users to manage their work or school accounts within the Microsoft Authenticator app. The management features will allow users to view sign-in history and sign-in activity. Users can also report any suspicious or unfamiliar activity, change their Azure AD account passwords, and update the account's security information.
New Microsoft Authenticator app icon General availability
Service category: Microsoft Authenticator App
Product capability: Identity Security & Protection
New updates have been made to the Microsoft Authenticator app icon.
Azure AD single Sign on and device-based Conditional Access support in Firefox on Windows 10/11 General availability
Service category: Authentications (Logins)
Product capability: SSO
Microsoft now supports native single sign-on (SSO) support and device-based Conditional Access to Firefox browser on Windows 10 and Windows Server 2019 starting in Firefox version 91.
New provisioning connectors in the Azure AD Application Gallery
Service category: App Provisioning
Product capability: 3rd Party Integration
Organizations can now automate creating, updating, and deleting user accounts for these newly integrated apps:
New Federated Apps available in Azure AD Application gallery
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In November 2021, Microsoft has added following 32 new applications in the Azure AD App gallery with Federation support:
What’s Changed
Additional attributes available as claims Public Preview
Service category: Enterprise Apps
Product capability: Single Sign-on (SSO)
Several user attributes have been added to the list of attributes available to map to claims to bring attributes available in claims more in line with what is available on the user object in Microsoft Graph. New attributes include mobilePhone and ProxyAddresses.
Updated "switch organizations" user experience in My Account
Service category: My Profile/Account
Product capability: End User Experiences
This change for the My Account Portal visually improves the user interface (UI) and provides the end-user with clear instructions. Microsoft also added a manage organizations link to the Organizations blade.
What’s Fixed
Federated users will see prompts more often when switching user accounts
Service category: Authentications (Logins)
Product capability: User Authentication
A problematic interaction between Windows and a local Active Directory Federation Services (ADFS) instance can result in users attempting to sign into another account, but be silently signed into their existing account instead, with no warning. For federated Identity Providers (IdPs) such as AD FS, that support the prompt=login pattern, Azure AD will now trigger a fresh sign-in at AD FS when a user is directed to AD FS with a login hint. This ensures that the user is signed into the account they requested, rather than being silently signed into the account they're already signed in with.
Login