News from the last quarter of 2019 year in the field of Azure Active Directory

Successor of Azure AD Connect: Azure AD Connect cloud

Azure AD authentication to Windows VMs

Conditional Access report-only mode

Evaluate impacts of new policies before rolling them out across the entire organization.

Monitor impact with Azure Monitor and the new Conditional Access Insights workbook.

News in Identity Protection

  • Added and enhanced signals
  • New detections
  • Improved APIs
  • New user interface
  • Azure Sentinel integration

Security Defaults

Preconfigured security settings for common attacks

Basic level of security at no extra cost

New build-in roles in Azure AD

  • Global reader
  • Authentication admin
  • Privileged authentication admin
  • Azure DevOps admin
  • Security operator
  • Several B2C roles
  • Group admin
  • Office apps admin
  • Compliance data admin
  • External identity provider admin
  • Kaizala admin
  • Message center privacy reader
  • Password admin
  • Search admin
  • Search editor

Azure AD entitlement management

  • Govern employee and partner access at enterprise scale
  • Automate employee and partner access requests, approvals, auditing and review

Admin consent workflow

Admin consent workflow – gives end users a way to request access to applications that require admin consent.

Without an admin consent workflow, a user in a tenant where user consent is disabled will be blocked when they try to access any app that requires permissions to access organizational data.

  • Users can request access when user consent is disabled
  • Users can request access when apps request permissions that require admin consent
  • Gives admins a secure way to receive and process access requests
  • Users are notified of admin action

Secure legacy apps with app delivery controllers and networks

  • Simplify secure access to on-premises legacy-auth based apps
  • Access apps that use Kerberos, header-based auth, form-based auth, LDAP, NTLM, RDP, SSH
  • F5, Citrix, Akamai, ZScaler
  • Allow use of conditional access and password less auth with on-prem apps

Migrate to cloud authentication by using staged rollout

Configure groups of users to use cloud authentication instead of federation

Passwordless security key sign in to on-premises resources

Forest trust to an on-premises domain in Azure Active Directory Domain Services

Microsoft identity platform authentication libraries updates

Direct federation with AD FS and third-party providers for guest users

Tutorials for integrating SaaS applications with Azure Active Directory