Fill in your details below or click an icon to log in:. Email required Address never made public. Name required. Next Next post: Linux Integration Services 4. Follow Following. Sign me up. Already have a WordPress. Log in now. Loading Comments This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. In this article. A customizable self-service portal that tenants can use to provision, monitor, and manage services such as web site and virtual machine clouds.
Administrators can now create access reviews of only permanent or eligible assignments to privileged Azure AD or Azure resource roles. Assigning roles to Azure AD groups is now generally available.
In August , we have added following 46 new applications in our App gallery with Federation support:. To help administrators understand that their users are blocked for multi-factor authentication MFA as a result of fraud report, we have added a new audit event. This audit event is tracked when the user reports fraud. The audit log is available in addition to the existing information in the sign-in logs about fraud report. To learn how to get the audit report, see multifactor authentication Fraud alert.
To improve the quality of low risk alerts that Identity Protection issues, we've modified the algorithm to issue fewer low risk Risky Sign-Ins. Organizations may see a significant reduction in low risk sign-in in their environment. Identity Protection now emits risky sign-ins on non-interactive sign-ins. Admins can find these risky sign-ins using the sign-in type filter in the risky sign-ins report.
The permissions assignments to manage access packages and other resources in Entitlement Management are moving from the User Administrator role to the Identity Governance administrator role. Users that have been assigned the User administrator role can longer create catalogs or manage access packages in a catalog they don't own. If users in your organization have been assigned the User administrator role to configure catalogs, access packages, or policies in entitlement management, they will need a new assignment.
You should instead assign these users the Identity Governance administrator role. You need to make sure you're running a recent version of Azure AD Connect to receive an optimal support experience. If you run a retired version of Azure AD Connect it may unexpectedly stop working. You may also not have the latest security fixes, performance improvements, troubleshooting, and diagnostic tools and service enhancements.
Also, if you require support we can't provide you with the level of service your organization needs. Previously we announced that the exception for Embedded WebViews for Gmail authentication will expire in the second half of On July 7, , we learned from Google that some of these restrictions will apply starting July 12, Azure AD B2B and B2C customers who set up a new Google ID sign-in in their custom or line of business applications to invite external users or enable self-service sign-up will have the restrictions applied immediately.
As a result, end-users will be met with an error screen that blocks their Gmail sign-in if the authentication is not moved to a system webview. See the docs linked below for details. Most apps use system web-view by default, and will not be impacted by this change. This only applies to customers using embedded webviews the non-default setting. We advise customers to move their application's authentication to system browsers instead, prior to creating any new Google integrations.
NET documentation. About two months ago we announced that the exception for Embedded WebViews for Gmail authentication will expire in the second half of Rolling out globally beginning September 30, , Azure AD B2B guests signing in with their Gmail accounts will now be prompted to enter a code in a separate browser window to finish signing in on Microsoft Teams mobile and desktop clients.
This applies to invited guests and guests who signed up using Self-Service Sign-Up. To mitigate this, make sure to modify your apps to use the system browser for sign-in. As the device login flow will start rolling out on September 30, , it is likely that it may not be rolled out to your region yet in which case, your end-users will be met with the error screen shown in the documentation until it gets deployed to your region. For details on known impacted scenarios and what experience your users can expect, read Add Google as an identity provider for B2B guest users.
Application authentication method policies in MS Graph which allow IT admins to enforce lifetime on application password secret credential or block the use of secrets altogether. Policies can be enforced for an entire tenant as a default configuration and it can be scoped to specific applications or service principals. The Authenticator registration campaign helps admins to move their organizations to a more secure posture by prompting users to adopt the Microsoft Authenticator app.
Prior to this feature, there was no way for an admin to push their users to set up the Authenticator app. The registration campaign comes with the ability for an admin to scope users and groups by including and excluding them from the registration campaign to ensure a smooth adoption across the organization.
In Azure AD entitlement management, an administrator can define that an access package is incompatible with another access package or with a group. Users who have the incompatible memberships will be then unable to request more access. The onPremisesPublishing resource type now includes the property, "isBackendCertificateValidationEnabled" which indicates whether backend SSL certificate validation is enabled for the application.
For all new Application Proxy apps, the property will be set to true by default. For all existing apps, the property will be set to false. For more information, read the onPremisesPublishing resource type api.
Users can now use their existing authentication methods to directly sign into the Microsoft Authenticator app to set up their credential. This improves the user credential provisioning process for the Microsoft Authenticator app and gives the end user a self-service method to provision the app. Access packages in Azure AD entitlement management now support setting the user's manager as the reviewer for regularly occurring access reviews.
Users can now enable external users to self-service sign-up in Azure Active Directory using Microsoft accounts. Now users can enable external users to self-service sign-up in Azure Active Directory using their email and one-time passcode. Anomalous token detection is now available in Identity Protection. This feature can detect that there are abnormal characteristics in the token such as time active and authentication from unfamiliar IP address. The Register or join devices user action in Conditional access is now in general availability.
For more information about how to better secure your organization by using automated user account provisioning, read Automate user provisioning to SaaS applications with Azure AD. In the past, users could create security groups and Microsoft groups in the Azure portal.
Customers are required to verify and update the new settings have been configured for their organization. Learn More. In the My Apps portal, the collection that was called "All Apps" has been renamed to be called "Apps". As the product evolves, "Apps" is a more fitting name for this default collection.
For the Risky users, Risky sign-ins, and Risk detections reports in Identity Protection, the risk details of a selected entry will be shown in a context pane appearing from the right of the page July The change only impacts the user interface and won't affect any existing functionalities.
To learn more about the functionality of these features, refer to How To: Investigate risk. This ability can be enabled by tenant administrators through Azure AD access review settings and is disabled by default. When admins create access reviews of assignments to privileged roles, they can scope the reviews to only eligibly assigned users or only actively assigned users.
For more information, see mobilityManagementPolicy resource type. Azure AD entitlement management now supports the creation of custom questions in the access package request flow. This feature allows you to configure custom questions in the access package policy.
These questions are shown to requestors who can input their answers as part of the access request process. These answers will be displayed to approvers, giving them helpful information that empowers them to make better decisions on the access request.
Access packages in Entitlement Management now support multi-geo SharePoint sites for customers who use the multi-geo capabilities in SharePoint Online.
Users with this role have full permissions in Cloud App Security. Users in this role can create and manage all aspects of Windows Update deployments through the Windows Update for Business deployment service. The deployment service enables users to define settings for when and how updates are deployed. Also, users can specify which updates are offered to groups of devices in their tenant.
0コメント