Again, August 2018 brought some changes (also planned once) and new feature to Azure AD. Here is a list of what is new or what has changed or was enhanced in detail:
Converged security info management for self-service password (SSPR) and Multi-Factor Authentication (MFA)
Type: New feature
Service category: SSPR
Product capability: User Authentication
This new feature helps people manage their security info (such as, phone number, mobile app, and so on) for SSPR and MFA in a single location and experience; as compared to previously, where it was done in two different locations.
This converged experience also works for people using either SSPR or MFA. Additionally, if your organization doesn’t enforce MFA or SSPR registration, people can still register any MFA or SSPR security info methods allowed by your organization from the My Apps portal.
This is an opt-in public preview. Administrators can turn on the new experience (if desired) for a selected group or for all users in a tenant. For more information about the converged experience, see the Converged experience blog
Continue reading “Azure AD: Updated an new features of August 2018”
Since a lot of visitors like my posts around Azure AD B2B (in fact is is the most popular post) watch out the great article from Darren ‘Doc’ Robinson about:
Automating Azure AD B2B Guest Invitations using Microsoft Identity Manager
A new version of the very helpful FIM/MIM Configuration Documenter is available.
You can get ist from the GitHub repo: https://github.com/Microsoft/MIMConfigDocumenter/releases
Beside some fixes there are also some significant performance improvements:
- Performance improvements. The configuration report should get generated much more quickly now.
- Fixed an issue where a configuration setting did not render correctly if it had html markup characters.
You can find the requirements and instructions for usage in the projects Wiki page.
The reference documentation for all access review options is available:
Microsoft Graph Azure AD Access Reviews reference documentation
It covers the API for all possible access reviews in Azure AD.
- Application access
- Group memberships
- PIM AAD role assignments
Continue reading “Azure AD access reviews Microsoft Graph reference documentation available”
There is an “important” update to the July 2018 release notes of Azure AD that I posted 2 weeks ago.
2 new address ranges will be available shortly and you maybe need to update your firewall setting if you have configured specific ranges to connect to Azure AD before.
So here is the complete update:
Changes to Azure Active Directory IP address ranges
Type: Plan for change
Service category: Other
Product capability: Platform
We’re introducing larger IP ranges to Azure AD, which means if you’ve configured Azure AD IP address ranges for your firewalls, routers, or Network Security Groups, you’ll need to update them. We’re making this update so you won’t have to change your firewall, router, or Network Security Groups IP range configurations again when Azure AD adds new endpoints.
Network traffic is moving to these new ranges over the next two months. To continue with uninterrupted service, you must add these updated values to your IP Addresses before September 10, 2018:
We strongly recommend not removing the old IP Address ranges until all of your network traffic has moved to the new ranges. For updates about the move and to learn when you can remove the old ranges, see Office 365 URLs and IP address ranges.
As you can see in my previous post on what is new in Azure AD for July 2018 there is an opt-in public preview of an new converged security info management (registration and management) available for Azure AD SSPR (Self Service Password Reset) and MFA (Multi Factor Authentication).
Currently you have to manage each security info in an separate portal which is now combined into one experience.
You can opt-in only a subset of your users (like a pilot group) by using a Azure AD group and activate the new feature only for that group or all users at one.
Once you activate the new experience the old one is no longer available until you disable the user for the public preview.
Once you enable this experience, users who register or confirm their phone number or mobile app through the new experience will have the ability to use them for MFA and SSPR, if those methods are enabled in the MFA and SSPR policies. If you then disable this experience, users who navigate to the previous SSPR registration page at aka.ms/ssprsetup will be required to perform MFA before they can access the page.
Continue reading “Exploring the new converged Azure SSPR and MFA registration experience”
Again, July 2018 brought some changes and new feature to Azure AD.
Here is a list of what is new or what has changed or was enhanced in detail:
Azure AD Activity Logs are now available through Azure Monitor
Service category: Reporting
Product capability: Monitoring & Reporting
The Azure AD Activity Logs are now available in public preview for the Azure Monitor (Azure’s platform-wide monitoring service). Azure Monitor offers you long-term retention and seamless integration, in addition to these improvements:
- Long-term retention by routing your log files to your own Azure storage account.
- Seamless SIEM integration, without requiring you to write or maintain custom scripts.
- Seamless integration with your own custom solutions, analytics tools, or incident management solutions.
For more information about these new capabilities, see our blog Azure AD activity logs in Azure Monitor diagnostics is now in public preview and our documentation, Azure Active Directory activity logs in Azure Monitor (preview).
Continue reading “Azure AD: Updated and new features of July 2018”