Successor of Azure AD Connect: Azure AD Connect cloud

https://docs.microsoft.com/en-us/azure/active-directory/cloud-provisioning/what-is-cloud-provisioning

Azure AD authentication to Windows VMs

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/azure-ad-authentication-to-windows-vms-in-azure-now-in-public/ba-p/827840

Conditional Access report-only mode

Evaluate impacts of new policies before rolling them out across the entire organization.

Monitor impact with Azure Monitor and the new Conditional Access Insights workbook.

News in Identity Protection

• Added and enhanced signals
• New detections
• Improved APIs
• New user interface
• Azure Sentinel integration

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

Security Defaults

Preconfigured security settings for common attacks

Basic level of security at no extra cost

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

New build-in roles in Azure AD

• Global reader
• Authentication admin
• Privileged authentication admin
• Azure DevOps admin
• Security operator
• Several B2C roles
• Group admin
• Office apps admin
• Compliance data admin
• External identity provider admin
• Kaizala admin
• Message center privacy reader
• Password admin
• Search admin
• Search editor

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/16-new-built-in-roles-including-global-reader-now-available-in/ba-p/900749

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles

Azure AD entitlement management

• Govern employee and partner access at enterprise scale
• Automate employee and partner access requests, approvals, auditing and review

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

Admin consent workflow

Admin consent workflow – gives end users a way to request access to applications that require admin consent.

Without an admin consent workflow, a user in a tenant where user consent is disabled will be blocked when they try to access any app that requires permissions to access organizational data.

• Users can request access when user consent is disabled
• Users can request access when apps request permissions that require admin consent
• Gives admins a secure way to receive and process access requests
• Users are notified of admin action

https://aka.ms/adminconsentworkflow/

Secure legacy apps with app delivery controllers and networks

• Simplify secure access to on-premises legacy-auth based apps
• Access apps that use Kerberos, header-based auth, form-based auth, LDAP, NTLM, RDP, SSH
• F5, Citrix, Akamai, ZScaler
• Allow use of conditional access and password less auth with on-prem apps

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/secure-hybrid-access

Migrate to cloud authentication by using staged rollout

Configure groups of users to use cloud authentication instead of federation

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-staged-rollout

Passwordless security key sign in to on-premises resources

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/replace-passwords-with-a-biometric-security-key/ba-p/827844

Forest trust to an on-premises domain in Azure Active Directory Domain Services

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-forest-trust

Microsoft identity platform authentication libraries updates

https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries

Direct federation with AD FS and third-party providers for guest users

https://docs.microsoft.com/pl-pl/azure/active-directory/b2b/direct-federation

Tutorials for integrating SaaS applications with Azure Active Directory

https://docs.microsoft.com/azure/active-directory/saas-apps/tutorial-list