As part of the identity and access control management on Azure AD, you can now use Azure AD Entitlement (also known as Azure AD Identity Governance) (in preview) to easily and automatically manage access to your groups or applications by your users, both internal (corporate) or external (guest). By using Azure AD Entitlement, you can […]
2 new settings have been introduced for the Session Control in Azure AD Conditional Access: Sign-in frequency: defines the time period before a user is asked to sign-in again when attempting to access a resource. This means that if the security posture of the authentication session has not changed, users will be asked to re-authenticate
Azure AD – New Session control settings available in preview for Conditional Access Read More »
When publishing application using Active Directory Federation Services (AD FS) or other identity provider, you often use group membership as claim is a user’s token. Until now, this was not possible to use group membership as claim in Azure AD Application; now you can To start using group membership claim for your Azure AD Application,
Azure AD – You can now use group claims in SAML and OIDC/Oauth token Read More »
As you know, Azure AD Conditional Access allows you to define conditions to allow or block access to Azure/Office 365 resource (https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview). When configuring such conditional access, you define to which set of users/groups this apply (or not – aka exclude). Now, you can apply the conditional access policy by using the Directory Roles to
Azure AD – You can now use Directory Roles when configuring Conditional Access Read More »
As Office 365 and Azure AD are evolving, the need for more granular administration role is more and more important. 2 new administration roles have been introduced to reduce the need for more elevated privileges: Information Protection Administrator: to grant all Azure Information Protection (AIP) administration aspects without granting global administrator permission. This covers Azure
Office 365 / Azure AD – New administration roles available Read More »
You may already know that for quite some time there has been a new Azure security feature in preview called Azure AD Password Protection to help protect you against password based attacks and restrict the usage of bad/too well known password (see https://t.co/PnWZiWbWic) Well, the feature is now generally available. If you have been using
Azure AD – Azure AD Password Protection is now GA Read More »
A new version (1.3.90.0) of the directory synchronization (Azure AD Connect) tool for Office 365 / Azure AD is going to be release soon (https://go.microsoft.com/fwlink/?LinkId=615771) This new version of Azure AD Connect is not only resolving few issues (SQL reconnect logic for ADSync service, issue where installation of Azure AD PowerShell on a server could
Azure AD Connect – A new version is coming Read More »
It has been in preview for quite some time, now the time has come and Azure Storage support for Azure Active Directory (AAD) access based in now generally available for Azure Storage Blobs and Queues. You can then take advantage of the advanced access control from Azure AD, like multi-factor authentication or conditional access. You
Azure – Azure Storage support for Azure AD access based now GA Read More »
The long awaited and requested Azure Active Directory (AAD) administrator role is now available in preview: Authentication Administrators. The Authentication Administrators role can manage authentication process for end-user, like manage multi-factor authentication (MFA) requirements for end-users (from activating to revoke the ‘remembering device’). You can manage Authentication Administrators role membership from your Azure AD (either
Azure AD – New administration role available in preview: Authentication Administrators Read More »
Azure Active Directory (Azure AD) is making things easier to collaborate with external users (guest) by supporting email one-time password. This new capability (in preview) allows external users (guests) to sign in and authenticate against your Azure AD using a one time password (OTP) send by email when they do not have already a Microsoft
Azure – Azure AD B2B now supports one time password (preview) Read More »
