Microsoft announced some updates to Azure Active Directory at Ignite 2017. Among those are changes to conditional access, new IT controls, and improved security features. Here’s a rundown of the major enhancements you can expect in the Azure AD updates.
Azure AD updates: New conditional access admin experience
First off, Microsoft is expanding conditional access capabilities, including integration across EMS’ Azure Information Protection and Microsoft Cloud App Security services. These new features cover three different categories, including access control for devices and apps, session control and information protection, and new conditions and custom controls that let you customize the login and authentication process.
Pass-through authentication in the cloud
Additionally, pass-through authentication is now generally available as an Azure AD sign-in option alongside the password hash sync and federation methods. This feature is most applicable for organizations that can’t or don’t want to permit users’ passwords, even in hashed form, to leave their internal boundaries. Pass-through authentication allows users to sign into both on-premises and cloud applications using the same passwords, and uses a lightweight on-premises agent to securely validate users’ passwords directly against on-premises Active Directory. Microsoft is also extending seamless single sign-on to pass-through authentication and password hash sync to make the sign-in process even more seamless using those methods.
Cloud App Discovery tool upgrade
Microsoft is also upgrading the Cloud App Discovery tool to offer an enhanced experience that’s powered by Microsoft Cloud App Security. This upgrade should allow IT admins to discover more than 15,000 apps without the need for on-premises agents. Users can also receive detailed risk analysis updates, alerts for new apps in use, inbound and outbound traffic information, and information about the top users of discovered apps. All of this information can help IT admins gain a greater understanding of cloud app usage across an organization.
More governance and compliance options
Microsoft is also expanding its governance options by integrating Omada and Saviynt, two leaders in identity governance. This lets users seamlessly integrate solutions with Azure Active Directory Premium, providing rich governance capabilities like Access Requests, policy-based workflows and approvals, enhanced auditing and reporting and fine-grained lifecycle provisioning. Other new features include granular control functionality, a user-friendly access review experience, and an extended version of Azure AD Privileged Identity Management.