Azure AD: New and updated features of September 2018

Azure Active Directory_COLOR

Here are the updated and new features of Azure AD of September 2018. Because Ignite just ended you will see a lot of improvements.

The update this month contains:

  • Changed and fixed features
  • New features
  • Plan for changes

Continue reading “Azure AD: New and updated features of September 2018”


Azure AD B2B direct federation, one-time passcodes and more coming soon.

There was a great session on Ignite showing what is coming next on Azure AD B2B. Here are the facts that, I assume, you can’t await to have it in your tenant.

This are the 5 new features I will talk about:

  1. Azure B2B Direct Federation
  2. One-time Passcodes
  3. Guest Access Reviews (new enhancements)
  4. Entitlements and Access Requests
  5. Admin consent for guests

Continue reading “Azure AD B2B direct federation, one-time passcodes and more coming soon.”

Add a terms of use consent page to Azure AD B2C user journey with custom policies

Azure Active Directory_COLOR

In those modern times of compliance getting important, when providing a service to customer and consumer we need to agree them to our terms of use/service.

When using Azure AD B2C (Business to Consumer) you can easily do that with custom policies from the Identity Experience Framework.

The described solution is based on the LocalAccount templates from the Custom Policies Starter Pack GitHub repository.

Beside editing your policy with the steps below, you can download the complete files from my GitHub repository: B2C-custom-policy-with-consent

What it does:

  • Present a page in the sign-up user journey with terms of use required to consent to.
  • When accepted the current version (date or number) of the terms of use are stored in an extension attribute of the users profile.
  • If you create a new version of your terms of use and modify the version (date or number) in the custom policy users are required, on the next login, to agree to those new terms of use again.

Continue reading “Add a terms of use consent page to Azure AD B2C user journey with custom policies”

AzureAD: Identity Governance with Access Requests and Entitlements

At Ignite Mark Wahl and Joseph Dadzie showed a very exciting new feature that will come up in the near future to manage access with entitlements and approvals for B2B user and employees.

It also will be possible to create a life-cycle on B2B accounts by auto-invite them if an employee from business grants those user an access by an entitlement and also removes or disables the user after expiration.

The key-points are:

  • B2B and employee access requests via a new user facing portal.
  • B2B and employee approval workflows for access
  • Access reviews of guests
  • Entitlement management (to hand over access control to business users)

Watch out their great session recording:

Ignite: Privileged Access Management for Office 365 general available


Another great announcement from Ignite,
Privileged Access Management in Office 365 is now Generally Available

How it works

Privileged access management in Office 365 goes beyond traditional access control capabilities by enabling access governance more granularity for specific tasks.

It’s based on the principle of Zero Standing Access, which means users who need privileged access, must request permissions for access, and once received it is just-in-time and just-enough access to perform the job at hand.

Therefore, Zero Standing Access, combined with access governance, can be an effective deterrent to misuse of privileged access by:

  • Requiring users to elevate permissions to execute tasks that may expose sensitive data.
  • Providing Just-Enough-Access (JEA) to specific tasks, coupled with Just-In-Time access so access is only allowed for a specific period of time.
  • Removing the dependency on having a set of privileged accounts with standing access.


Get Started Today!

Privileged access management in Office 365 is now generally available and rolling out to customers with Office 365 E5 and Advanced Compliance SKUs.

You can get started by reviewing the below resources:

Ignite: Staged (Pilot) migration of AAD authentication methods preview is coming

Azure Active Directory_COLOR

There was a great session at Ignite 2018 helping you to find the right authentication method whether is is ADFS, PTA/SSO or PHS/SSO.

There where 2 interesting announcements in that session:

  1. Seamless SSO will support Edge Browser shortly
    (Currently only possible with hybrid join)
  2. Staged migration of authentication methods will be available in October as an public preview. So you can change auth method user-by-user.


Watch out the video Choosing the right authentication method:

Ignite: How to get started with Azure MFA the right way

Multi-Factor Authentication

Most organizations have understood the need for securing cloud identities with a second factor of authentication like Azure Multi-Factor Authentication (MFA). Still, a lot are doing it wrong. It is not complicated to do Azure MFA the right way with using Microsoft Intune and conditional access. Spend 20 minutes on this session and see how to protect all cloud apps and identities with a few simple steps.

Watch out that short but informative 18 mins Session from Ignite 2018 on How to get started with Azure MFA the right way: