Public preview: JavaScript and page contracts in Azure Active Directory B2C policies

Requested multiple times Microsoft has now released the usage of Javascript in Azure AD B2C custom policies.

Public preview: JavaScript and page contracts in Azure Active Directory B2C policies

This currently only works with custom policies from the Identity Experience Framework.

You need to select a different DataUri in your ContentDefinition by selecting an immutable package that won’t change during it’s lifetime.

See: https://docs.microsoft.com/en-us/azure/active-directory-b2c/page-contract

After that you can add Javascript to your content, see the following page for details and some samples:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/javascript-samples

MIM 2016: New hotfix rollup build 4.5.286.0 available

Yesterday Microsoft released an important Hotfix rollup package for MIM 2016 SP1, the build number is 4.5.286.0.

Info: Hotfix rollup package (build 4.5.286.0) is available for Microsoft Identity Manager 2016 Service Pack 1

Download: Update for Microsoft Identity Manager 2016 SP1 (KB4469694)

The main issue fixed is the following:

After installing MIM build 4.5.26.0 or 4.5.202.0, the ma-data objects are deleted and not recreated in the FIMService, causing all synchronization rules to fail.  After installing this update, this problem no longer happens.

Both builds causing the issue are still listed but not available for download any more. But if you installed one of the above hotfixes I highly recommend to update to the lastest hotfix.

The issue was also discussed here: MIM Portal Sync Rules have become orphaned

Azure PIM: Internal Server Error (500) using PIM Graph API

I have some implementation where I created a MIM PowerShell Connector for Azure PIM (Privileged Identity Management. This Connector imports on-Premises AD groups and transfers the members to Azure PIM role assignments.

A couple of days ago the scripts of that connector throw errors in my implementation as well as at a customer.

I tried to reach the following endpoints in Graph Explorer and even there I get an error:

• https://graph.microsoft.com/beta/privilegedRoles
• https://graph.microsoft.com/beta/privilegedRoleAssignments

Graph Explorer states the following error:

{
  "error": {
    "code": "UnknownError",
    "message": "{"message":"An error has occurred."}",
  "innerError": {
    "request-id": "16e184f8-86cb-4424-abff-4fd3ac4a010e",
    "date": "2018-11-12T12:40:15"
    }
  }
}

While PowerShell throws an Internal Server Error (500) Continue reading “Azure PIM: Internal Server Error (500) using PIM Graph API”

Azure AD group-based license management is now generally available

A long journey’s end: Azure AD group-based licensing is now GA!

Yeahhh !!!

See: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-group-based-license-management-is-now-generally/ba-p/281355

• Developer APIs in Microsoft Graph to allow you to programmatically read group-based licensing assignments on groups, as well as programmatically get assignment status and errors.
• Ability to reprocess group-based licensing assignments for a single user.
• Simplified licensing requirements for group-based licensing. Users who are targeted for group-based licensing need Azure Active Directory (Azure AD) Basic (and above), or Office 365 E3/A3 (and above).

So you need at least any paid Azure AD license to use GBL.

To start using group-based licensing, look at our Assign licenses to users by group membership in Azure AD documentation

Azure AD Connect: New version 1.2.65.0 available

A new version of Azure AD Connect was released some days ago, the current build is 1.2.65.0.
This update mainly add some additional diagnostic options and full support of TLS 1.2

See the announcement here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history#12650

You can always get the newest version from the AADConnect Download Page

Continue reading “Azure AD Connect: New version 1.2.65.0 available”

Azure AD: New and updated features of October 2018

Here are the updated and new features of Azure AD of October 2018. Because Ignite just ended you will see a lot of improvements.

The update this month contains:

• Changed features
• New features

Continue reading “Azure AD: New and updated features of October 2018”

Azure AD: New and updated features of September 2018

Here are the updated and new features of Azure AD of September 2018. Because Ignite just ended you will see a lot of improvements.

The update this month contains:

• Changed and fixed features
• New features
• Plan for changes

Continue reading “Azure AD: New and updated features of September 2018”

Azure AD B2B direct federation, one-time passcodes and more coming soon.

There was a great session on Ignite showing what is coming next on Azure AD B2B. Here are the facts that, I assume, you can’t await to have it in your tenant.

This are the 5 new features I will talk about:

1. Azure B2B Direct Federation
2. One-time Passcodes
3. Guest Access Reviews (new enhancements)
4. Entitlements and Access Requests
5. Admin consent for guests

Continue reading “Azure AD B2B direct federation, one-time passcodes and more coming soon.”

Add a terms of use consent page to Azure AD B2C user journey with custom policies

In those modern times of compliance getting important, when providing a service to customer and consumer we need to agree them to our terms of use/service.

When using Azure AD B2C (Business to Consumer) you can easily do that with custom policies from the Identity Experience Framework.

The described solution is based on the LocalAccount templates from the Custom Policies Starter Pack GitHub repository.

Beside editing your policy with the steps below, you can download the complete files from my GitHub repository: B2C-custom-policy-with-consent

What it does:

• Present a page in the sign-up user journey with terms of use required to consent to.
• When accepted the current version (date or number) of the terms of use are stored in an extension attribute of the users profile.
• If you create a new version of your terms of use and modify the version (date or number) in the custom policy users are required, on the next login, to agree to those new terms of use again.

Continue reading “Add a terms of use consent page to Azure AD B2C user journey with custom policies”

AzureAD: Identity Governance with Access Requests and Entitlements

At Ignite Mark Wahl and Joseph Dadzie showed a very exciting new feature that will come up in the near future to manage access with entitlements and approvals for B2B user and employees.

It also will be possible to create a life-cycle on B2B accounts by auto-invite them if an employee from business grants those user an access by an entitlement and also removes or disables the user after expiration.

The key-points are:

• B2B and employee access requests via a new user facing portal.
• B2B and employee approval workflows for access
• Access reviews of guests
• Entitlement management (to hand over access control to business users)

Watch out their great session recording: