Protect your business with identity and access management in the cloud
Get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.
Benefits of Active Directory
Single sign-on to any cloud and on-premises web app
Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.
See more supported SaaS apps
Easily extend Active Directory to the cloud
Connect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.
Connect on-premises directories with Azure
Works with iOS, Mac OS X, Android and Windows devices
Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.
Protect sensitive data and applications
Enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activities and potential vulnerabilities. Take advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.
Protect on-premises web applications with secure remote access
Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal.
Reduce costs and enhance security with self-service capabilities
Delegate important tasks such as resetting passwords and the creation and management of groups to your employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.
Enterprise scale and SLA
Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.
Azure Active Directory applications: New apps
Clockworks
FileCloud
Cezanne HR
Flat for Education
Insider Track
BGS Online
Nexonia
Proofpoint on Demand
Lifesize Cloud
Reward Gateway
Pacific Timesheet
Cisco Spark
Recognize
Yonyx Interactive Guides
Identity Panel
Hall Monitor
MediaValet
Origami Risk
Complion
Predictix
Mojo Helpdesk
SharpCloud Standard
Boost mobile productivity with secured access to applications
Using Azure Active Directory Premium, Bristow Group provided its helicopter pilots and support crews—a highly mobile workforce—easier access to critical enterprise applications, both on-premises and in the cloud.
Read the case study
Save time with simplified identity management
Royal Dutch Shell chose Azure Active Directory to simplify identity management for vendors and employees. Now the company provides fast, secured access to external vendors, cutting onboarding time from months to less than a week.
Read the case study
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Azure Active Directory – Enterprise Mobility and Security Blog</title>
<atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" />
<link>https://blogs.technet.microsoft.com/enterprisemobility</link>
<description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description>
<lastBuildDate>Thu, 02 Mar 2017 17:14:06 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<item>
<title>First ever Azure AD Ask Me Anything (AMA)! March 9th, 10am – 1pm Pacific</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/#respond</comments>
<pubDate>Thu, 02 Mar 2017 16:34:06 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48325</guid>
<description><![CDATA[Howdy folks, I’m excited to announce that we’re going to host our first ever Azure AD Ask Me Anything session! When: March 9, 2017 from 10:00 am to 1:00 pm Pacific Time. You’ll be able to access the AAD AMA when it goes live on March 8. What’s an AMA session? We’ll have folks from <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-family: Segoe UI;font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">I’m excited to announce that we’re going to host our first ever Azure AD Ask Me Anything session!<br /> </span></p> <h1>When:</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt"><strong>March 9, 2017</strong> from <strong>10:00 am</strong> to <strong>1:00 pm</strong><br /> <strong>Pacific Time. </strong>You’ll be able to access the <a href="http://aka.ms/azuread-reddit-ama">AAD AMA</a> when it goes live on March 8.<br /> </span></p> <h1>What’s an AMA session?</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt">We’ll have folks from across the Azure Active Directory Engineering team available to answer any questions you have. You can ask us anything about our products, services, or even our team!<br /> </span></p> <h1>Why are we doing an AMA?</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt">As you know, we love learning from our customers and the overall identity community. We want to know how you use Azure Active Directory and how your experience has been using it. Your questions provide insights into how we can make the service better.<br /> </span></p> <h1>Who will be there?</h1> <p style="margin-left: 36pt"><span style="font-family: Segoe UI;font-size: 12pt">Well, first we really hope you’ll be there! We’ll have a broad set of Program Managers and Developers from the Azure Active Directory team participating throughout the day.<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Go ahead, ask us anything about our public products or the team. But please note, we cannot comment on unreleased features and future plans.<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">So head over to the <a href="http://aka.ms/azuread-reddit-ama">Azure Active Directory AMA</a><span style="color: #505050"><br /> </span>on March 9!<span style="text-decoration: underline"><br /> </span>We’re looking forward to having a conversation with you!<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Best Regards,<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a><span style="color: #505050">)<br /> </span></span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-family: Segoe UI;font-size: 12pt">Microsoft Identity Division</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/03/02/first-ever-azure-ad-ask-me-anything-ama-march-9th-10am-1pm-pacific/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>#AzureAD Connect Health: Monitoring for Windows Server AD DS and Sync Error Reports are GA + simplified licensing</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/azuread-connect-health-monitoring-for-windows-server-ad-ds-and-sync-error-reports-are-ga-simplified-licensing/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/azuread-connect-health-monitoring-for-windows-server-ad-ds-and-sync-error-reports-are-ga-simplified-licensing/#respond</comments>
<pubDate>Mon, 27 Feb 2017 17:00:15 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Domain Controller]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[On-Prem]]></category>
<category><![CDATA[Public Preview]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=48066</guid>
<description><![CDATA[Howdy folks, It’s a big day for Azure AD! I’m happy to let you know that: Azure AD Connect Health for Windows Server AD DS is now GA! Azure AD Connect Health Sync Error Reports is now GA! Based onyour feedback, we’vesimplified the Azure AD Connect Health licensing model. I’ve invited two program managers from <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/azuread-connect-health-monitoring-for-windows-server-ad-ds-and-sync-error-reports-are-ga-simplified-licensing/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt">It’s a big day for Azure AD! I’m happy to let you know that:<br /> </span></p> <ul style="margin-left: 38pt"> <li><span style="font-size: 12pt">Azure AD Connect Health for Windows Server AD DS is now GA!<br /> </span></li> <li><span style="font-size: 12pt">Azure AD Connect Health Sync Error Reports is now GA!<br /> </span></li> <li><span style="font-size: 12pt">Based onyour feedback, we’vesimplified the Azure AD Connect Health licensing model.<br /> </span></li> </ul> <p><span style="font-size: 12pt">I’ve invited two program managers from my team, Varun Karandikar and Arturo Lucatero, to give you all the details here. Their blog is below.<br /> </span></p> <p><span style="font-size: 12pt">As you read through these updates and begin exploring, share your feedback with us. We’re always listening!<br /> </span></p> <p><span style="font-size: 12pt">Best regards,<br /> </span></p> <p><span style="font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt">Microsoft Identity Division<br /> </span></p> <p><span style="font-size: 12pt">—-<br /> </span></p> <p><span style="font-size: 12pt">Hello everyone,<br /> </span></p> <p><span style="font-size: 12pt">We couldn’t be more thrilled to share the latest updates on Azure AD Connect Health with you! Before we get started, we’d recommend that if you haven’t tried this service yet, you really should! Please visit our <a href="http://aka.ms/aadchdocs">documentation</a> page, and <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health">give it a try</a>! (Note: Azure AD Connect Health requires Azure AD Premium licenses)<br /> </span></p> <p><span style="font-size: 13pt"><strong>General Availability of Connect Health for Windows Server AD</strong><br /> </span></p> <p><span style="font-size: 12pt">You can now monitor your on-premises Active Directory (AD DS) infrastructure from the cloud using Connect Health for AD DS!<br /> </span></p> <p><span style="font-size: 12pt">In the six months Connect Health for AD DS lived in preview, we received all kinds of feedback from the community. You told us about areas that needed polishing, capabilities that were working well, and new features you would like to see included. Your feedback has been invaluable in helping us improve our offering and get to general availability status.<br /> </span></p> <p><span style="font-size: 12pt">Here are some of the updates we made during the preview:<br /> </span></p> <ul> <li><span style="font-size: 12pt">The Domain Controllers dashboard contains more information. Adding OS Name was one of the most popular requests we received.<br /> </span></li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022717_0635_AzureADConn1.png" /><span style="font-size: 12pt"><br /> </span></p> <ul> <li><span style="font-size: 12pt">Support for monitoring Read Only Domain Controllers & identifying RODCs in the Domain Controllers dashboard.<br /> </span></li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022717_0635_AzureADConn2.png" /><span style="font-size: 12pt"><br /> </span></p> <ul> <li><span style="font-size: 12pt">Big performance improvements to the portal. The main dashboards load ten times faster, leading to a smooth experience for forests with 100+ Domain Controllers.<br /> </span></li> <li><span style="font-size: 12pt">A new entry point to the Performance Monitors Collection. Now you can easily pin the monitors collection to your Azure dashboard.<br /> </span></li> </ul> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022717_0635_AzureADConn3.png" /><span style="font-size: 12pt"><br /> </span></p> <ul> <li><span style="font-size: 12pt">Alert coverage for all the essential services running on your DCs. If an essential service like Kerberos Key Distribution Center or Netlogon stops, you will quickly be notified about it.<br /> </span></li> <li><span style="font-size: 12pt">Refinements to existing alerts to minimize noisy notifications. Improving the detection logic of alerts is highly important and something we’re always investing in.<br /> </span></li> </ul> <p><span style="font-size: 12pt">On behalf of the entire Connect Health team, we thank everyone who has deployed this feature, reported issues, and sent feedback, and we encourage others to do the same!<br /> </span></p> <p><span style="font-size: 13pt"><strong>General Availability of Sync Error Reports<br /> </strong></span></p> <p><span style="font-size: 12pt">You may encounter <a href="https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-troubleshoot-sync-errors/">Object Level Sync Errors</a> while syncing data from your on-premises AD to Azure AD. With the <a href="https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health-sync">Sync Error Reports within Azure AD Connect Health for Sync</a> it’s now easy to get all the relevant information about sync errors in one place. This reduces the time required to fix errors and helps your users embrace the cloud.<br /> </span></p> <p><span style="font-size: 12pt">The Sync Error Reports are now generally available to all Azure AD Premium customers using Azure AD Connect (version 1.1.281.0 or higher). Here are a few key points to note about them:<br /> </span></p> <ul> <li><span style="font-size: 12pt">Provide an overview of errors based on error type and root cause.<br /> </span></li> <li><span style="font-size: 12pt">Allow you to download the report with all errors as a single CSV.<br /> </span></li> <li><span style="font-size: 12pt">Make it easy to understand the root cause and steps to fix the error.<br /> </span></li> <li><span style="font-size: 12pt">Side-by-side comparison of objects for errors due to duplicates.<br /> </span></li> <li><span style="font-size: 12pt">Allow you to delegate report access to users who are not global admins via Role Based Access Control.<br /> </span></li> <li><span style="font-size: 12pt">Provide weekly email notifications.<br /> </span></li> </ul> <p><span style="font-size: 12pt"> Here’s a demo of the report available in the new Azure Portal:<br /> </span></p> <p><span><iframe width="960" height="540" src="https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Monitor-sync-errors-with-Azure-Active-Directory-Connect-Health/player" allowfullscreen="allowfullscreen" frameborder="0"></iframe></span></p> <p><span style="font-size: 13pt"><strong>Licensing Update<br /> </strong></span></p> <p><span style="font-size: 12pt">We also heard your feedback regarding our licensing model and that it was complicated to understand and to manage. In response, we made the following changes to make it simpler:<br /> </span></p> <ul> <li><span style="font-size: 12pt">First Connect Health agent requires at least one Azure AD Premium license.<br /> </span></li> <li><span style="font-size: 12pt">Each additional agent requires 25 additional incremental AADP licenses.<br /> </span></li> <li><span style="font-size: 12pt">Agent count is equivalent to the total number of agents registered per role (AD FS, Azure AD Connect, AD DS) per server. <strong><br /> </strong></span></li> </ul> <p><span style="font-size: 12pt">You can also find this information on the <a href="https://azure.microsoft.com/en-us/pricing/details/active-directory/">Azure AD Pricing page</a>. <strong><br /> </strong></span></p> <p><span style="font-size: 12pt">Congratulations! You are officially caught up with Azure AD Connect Health news.<br /> </span></p> <p><span style="font-size: 12pt">Now it’s time for that last request: please share your thoughts on Azure AD Connect Health! Comments, questions, and suggestions are strongly encouraged and extremely important to us. Post below, in our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/165591-azure-ad-connect-health">discussion forum</a>, or send us a note at <a href="askaadconnecthealth@microsoft.com">askaadconnecthealth@microsoft.com</a>. We look forward to hearing from you.<br /> </span></p> <p><span style="font-size: 12pt">Thanks for reading!<br /> </span></p> <p><span style="font-size: 12pt">– <a href="https://twitter.com/varundikar">Varun</a>, <a href="https://twitter.com/arlucaid">Arturo</a> and The Azure AD Connect Health Team</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/27/azuread-connect-health-monitoring-for-windows-server-ad-ds-and-sync-error-reports-are-ga-simplified-licensing/feed/</wfw:commentRss>
<slash:comments>0</slash:comments>
</item>
<item>
<title>#AzureAD now supports Federated SSO and Provisioning with Slack</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/#comments</comments>
<pubDate>Thu, 23 Feb 2017 17:00:16 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[SSO]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=47955</guid>
<description><![CDATA[Howdy folks, We have a very cool integration to announce today: Azure AD now supports both automated user provisioning and federated single sign-on to Slack! With this integration, businesses can now use Azure AD to automatically provision and manage employee access to Slack, based on things like group membership or account status. In addition to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt">We have a very cool integration to announce today: Azure AD now supports both automated user provisioning and federated single sign-on to <a href="https://slack.com/">Slack</a>!<br /> </span></p> <p><span style="font-size: 12pt">With this integration, businesses can now use Azure AD to automatically provision and manage employee access to Slack, based on things like group membership or account status. In addition to provisioning user accounts, Azure AD can also create and manage groups inside of Slack, based on groups in Azure AD and Active Directory.<br /> </span></p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/022317_0711_AzureADnows1.png" /><span style="font-size: 12pt"><br /> </span></p> <p><span style="font-size: 12pt">As one of the featured apps in the Azure AD app gallery, Azure AD also supports fully-federated single sign-on with Slack, in addition to an easy click-through setup for admins.<br /> </span></p> <p><span style="font-size: 12pt">See our documentation for more information on <a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-saas-slack-provisioning-tutorial&data=02%7C01%7Casmalser%40microsoft.com%7Cb60f91042ef246b4e03508d450e7a2bb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636222403196204559&sdata=wEMfIl4Ux99I8agtL3VuK3H6gqQFHrQ9WutyftKW0dY%3D&reserved=0">setting up user provisioning between Azure AD and Slack</a>. The Azure AD Integration is available for customers on Slack’s Plus plan or those using their recently-announced Enterprise Grid product.<br /> </span></p> <p><span style="font-size: 12pt">We’d like to thank the Slack team for their great partnership and support in delivering this integration, and look forward to continuing our work with them to deliver great experiences for our mutual customers!<br /> </span></p> <p><span style="font-size: 12pt">Let us know what you think about this integration! Leave us your comments at the end of this post or reach out to us on Twitter. We’re always listening.<br /> </span></p> <p><span style="font-size: 12pt">Best regards,<br /> </span></p> <p><span style="font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt">Microsoft Identity Division<br /> </span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/23/azuread-now-supports-federated-sso-and-provisioning-with-slack/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>Announcing the public preview of Azure AD group-based license management for Office 365 (and more)!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/#comments</comments>
<pubDate>Wed, 22 Feb 2017 17:00:00 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Exchange]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[Office 365]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=47795</guid>
<description><![CDATA[Howdy folks, One of the toprequests we hear fromAzure AD and Office 365is forrichertoolsto manage licenses for Microsoft Online Serviceslike Office 365 and the Enterprise Mobility + Security. Admins need easier tools to control who gets a product license and which services are enabled. Some customers have even had todelay service roll-outsas they struggled to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>One of the toprequests we hear fromAzure AD and Office 365is forrichertoolsto manage licenses for Microsoft Online Serviceslike Office 365 and the Enterprise Mobility + Security. Admins need easier tools to control who gets a product license and which services are enabled. Some customers have even had todelay service roll-outsas they struggled to find a reliable solution that works at scale.</p> <p>Today, were happy to be able to fulfill this request by announcing the public preview of a much-anticipated new capability in Azure AD: group-based license management! With this new feature you can define a license templateand assignit to asecurity group in Azure AD. Azure AD willautomatically assign and remove licenses as users join and leave the group.</p> <p>This preview also includes the highly-requested ability to selectively disable service components in product licenses, making it possible to stage the deployment of large service suites such as Office 365 Enterprise E5.</p> <p>Keep reading to get an overview of this new capability, or dive straight into our <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-whatis-azure-portal">detailed documentation</a>.</p> <h2>Overview</h2> <p>Here are a few key facts about group-based license management:</p> <ul> <li>Licenses can be assignedusing any security group in Azure AD, whether synced from on-premises or created directly in Azure AD.</li> <li>All Microsoft Online Services that require user-level licensing are supported.</li> <li>The administrator can disable one or more servicecomponents when assigning a license to a group. This allows staged deployments of rich products like Office 365 Enterprise E5 at scale.</li> <li>The feature is only available in the <a target="_blank" href="https://portal.azure.com/">Azure portal</a>.</li> <li>Licenses are typically added or removed within minutes of a user joining or leaving a group.</li> </ul> <p>There are more details below, or, if youre ready to dig in, just jump straight into our <a target="_blank" href="https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products">new license management experience in the Azure portal</a>. Thats right, no more going back to the classic portal to license your EMS or Azure AD users! If youre not using Azure AD Basic or above, <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">sign up for a trial</a>.</p> <h2>Easily assign licenses to many users</h2> <p>To <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-assignment-azure-portal">assign a license</a>, just choose an individual user or a group. In the example below, Im rolling out the Office 365 Enterprise E3 suite to all information workers in the organization. Since Im doing a staged rollout, I will initially enable only a handful of online services in the suite:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL1.png"><img width="610" height="223" title="AAD_CBL1" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL1" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL1_thumb.png" border="0" /></a></p> <p>After all users in the group are processed they will inherit licenses from the Information Workers group.</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL2.png"><img width="610" height="225" title="AAD_CBL2" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL2" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL2_thumb.png" border="0" /></a></p> <p>From now on, any newly added group members will be licensed, and when they leave the group the license will be removed from them. You can do more cool things with this, like have users inherit licenses from multiple groups at the same time. <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-advanced">Check out this article</a> to learn more about how this functionality works.</p> <h2>Automate even more with dynamic group membership</h2> <p>If you have an Azure AD Premium P1 subscription you can combine dynamic group membership with license management to create an automated license management flow.</p> <p>Here is an example of two groups that look at extensionAttribute1 and assign licenses based on its value:</p> <p><em>“O365 E5 base services”</em></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL3.png"><img width="610" height="164" title="AAD_CBL3" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL3" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL3_thumb.png" border="0" /></a></p> <p><em>“EMS E5 licensed users”</em></p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL4.png"><img width="610" height="164" title="AAD_CBL4" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL4" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL4_thumb.png" border="0" /></a></p> <p>A user with attribute value of <em>EMS;E5_baseservices;</em> automatically inherits both licenses:</p> <p><a href="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL5.png"><img width="610" height="192" title="AAD_CBL5" class="aligncenter" style="padding-top: 0px;padding-left: 0px;padding-right: 0px;border-width: 0px" alt="AAD_CBL5" src="https://msdnshared.blob.core.windows.net/media/2017/02/AAD_CBL5_thumb.png" border="0" /></a></p> <p>This functionality keeps you from having to write and maintain scripts to manage licenses and group memberships. All the heavy lifting is done in the cloud, by Azure AD!</p> <p>Find out more about <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-advanced#group-based-licensing-using-dynamic-groups">how to use these features</a>.</p> <h2>Let your users sign up for licenses!</h2> <p>As the admin, you control license assignment in Azure AD, but you can choose to open a group for users so you dont have to be involved in managing a certain product, like Power BI (free).</p> <p>With Azure AD Premium P1, you can use the <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-self-service-group-management">powerful self-service management features</a> directly in the cloud to let users decide if they need product licenses by requesting to join a group.</p> <h2>How can I try it?</h2> <p>Visit the <a target="_blank" href="https://portal.azure.com/#blade/Microsoft_AAD_IAM/LicensesMenuBlade/Products">Azure portal</a> and give the license management experience a try!</p> <p>While group-based license management is in public preview you will need an active subscription for Azure AD Basic (or above) in your tenant to assign licenses to groups. If you dont have one, just <a target="_blank" href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">sign up for an Enterprise Mobility + Security trial</a>. Later, when this functionality becomes generally available it will be included in Office 365 Enterprise E3 and similar products.</p> <p>As with all previews there are some limits to what we currently support. You can find details about those limitations in our <a target="_blank" href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-advanced#limitations-and-known-issues">documentation</a>, which we will be updating consistently as things change.</p> <p>Let us know what you think by leaving a comment below or emailing the Azure AD License Management team. We look forward to hearing from you!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a target="_blank" href="http://twitter.com/alex_a_simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/feed/</wfw:commentRss>
<slash:comments>31</slash:comments>
</item>
<item>
<title>Azure AD and SailPoint: Advanced identity governance across your on-premises and cloud resources</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/#comments</comments>
<pubDate>Fri, 10 Feb 2017 18:00:39 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Identity Governance]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[Public Cloud]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=47295</guid>
<description><![CDATA[Howdy folks, Over the past year, we’ve had the privilege to work closely with our largest customers in highly regulated industries like healthcare, financial services and pharma, helping them to successfully deploy and use Azure AD Premium. Through this close partnering, we’ve learned that to meet their unique security and compliance requirements, they need some <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt">Over the past year, we’ve had the privilege to work closely with our largest customers in highly regulated industries like healthcare, financial services and pharma, helping them to successfully deploy and use Azure AD Premium. Through this close partnering, we’ve learned that to meet their unique security and compliance requirements, they need some pretty advanced access governance controls across their on-premises and cloud resources, in addition to the industry leading identity management and security they get with Azure AD Premium.<br /> </span></p> <p><span style="font-size: 12pt">Today, we’ve got good news for these customers.<br /> </span></p> <p><span style="font-size: 12pt">I am thrilled to announce our technical collaboration with SailPoint, a proven leader in identity governance. SailPoint’ s identity governance capabilities, combined with Azure AD’s secure access and risk-based identity protection, will help cover the most demanding security and compliance needs of our joint customers. The SailPoint integration extends Azure Active Directory Premium to provide full, fine-grained provisioning and lifecycle governance across enterprise systems on-premises and in the cloud.<br /> </span></p> <p><span style="font-size: 12pt">Let’s take a look at how the integration works through the lens of a few specific scenarios.<br /> </span></p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/021017_0614_AzureADandS1.png" /></p> <p><span style="font-size: 12pt"><strong>Identity and context synchronization</strong><br /> </span></p> <p><span style="font-size: 12pt">The first step in enabling advanced access governance is to synchronize the Azure AD view of users and their access to applications with SailPoint. This is performed using a direct connector that automatically aggregates user accounts, group permissions, and Microsoft Access Panel tiles and maps each of these to the SailPoint Identity Cube. It also provides the basis for SailPoint to send change events back to Azure AD when access is modified during a governance mitigation process.<br /> </span></p> <p><span style="font-size: 12pt">In addition to this, SailPoint will connect to applications managed outside of Azure AD, including on-premises applications like EPIC, which is widely used in healthcare. This creates a 360-degree view of all access in the organization and creates a strong foundation for comprehensive control.<br /> </span></p> <p><span style="font-size: 12pt"><strong>Access request and lifecycle events</strong><br /> </span></p> <p><span style="font-size: 12pt">User access request and approval is at the core of any identity management and governance solution. The integration of SailPoint with Azure AD adds support for self service access requests and approvals. Additionally the integration propogates access changes based on employee lifecycle events like join, move, or leave across all applications (cloud or on-premises) to ensure that access is granted according to business policy.<br /> </span></p> <p><span style="font-size: 12pt">In both cases, the SailPoint-Microsoft combination enables end-to-end coverage of all provisioning events with full synchronization of access changes to the Microsoft Access Panel.<br /> </span></p> <p><span style="font-size: 12pt"><strong>Identity governance certification, segregation of duty policies, and more</strong><br /> </span></p> <p><span style="font-size: 12pt">A key component of strong identity governance is the ability to review access on a regular basis. The integration provides a simple and effective way to automate the entire access certification process.<br /> </span></p> <p><span style="font-size: 12pt">SailPoint’s access certifications combine data collected from the identity and context synchronization process described above with account and entitlement data from all application sources to create a single view of all access. After that, a fully automated access review process can be initiated to business and IT owners. Changes to access that resulted from the access review process are automatically propagated to the Azure AD Access Panel.<br /> </span></p> <p><span style="font-size: 12pt">Another important governance control is the ability to enforce SOD policies throughout a user’s lifecycle with an organization. SOD policies can be defined and enforced by SailPoint during access reviews or access request processes to provide an additional level of policy control.<br /> </span></p> <p><span style="font-size: 12pt">SailPoint also delivers audit and compliance reporting that demonstrates the effectiveness of the identity controls operating across the organization. This significantly reduces the burden on IT operations teams and improves visibility for the business.<br /> </span></p> <p><span style="font-size: 12pt"><strong>Self-service password reset extension</strong><br /> </span></p> <p><span style="font-size: 12pt">In addition to the governance capabilities described above, the integration with SailPoint enables an important password management use case the combined solution can automatically propagate an Azure AD password change to all connected systems in SailPoint that share a common password policy. This allows a user to change their password once in Azure AD and have it synchronized across a wide variety of on-premises and cloud-based systems.<br /> </span></p> <p><span style="font-size: 12pt">We’re excited to bring this partnership to you and want to hear your feedback. Leave your comments below and reach out to us via Twitter! As always, we’re listening.<br /> </span></p> <p><span style="font-size: 12pt">Best regards,<br /> </span></p> <p><span style="font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt">Microsoft Identity Division<br /> </span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/10/azure-ad-and-sailpoint-advanced-identity-governance-across-your-on-premises-and-cloud-resources/feed/</wfw:commentRss>
<slash:comments>5</slash:comments>
</item>
<item>
<title>Azure AD News: Azure MFA cloud based protection for on-premises VPNs is now in public preview!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/06/azure-ad-news-azure-mfa-cloud-based-protection-for-on-premises-vpns-is-now-in-public-preview/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/06/azure-ad-news-azure-mfa-cloud-based-protection-for-on-premises-vpns-is-now-in-public-preview/#comments</comments>
<pubDate>Mon, 06 Feb 2017 17:00:58 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Azure MFA]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Cloud Platform Services]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[Multi-factor authentication]]></category>
<category><![CDATA[On-Prem]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=46875</guid>
<description><![CDATA[Howdy folks, One of the top requests we hear from customers is to be able to secure their on-premises VPNs using Azure AD and our cloud-based MFA service. Today we’re announcing the public preview of NPS Extension support in Azure MFA. This cool enhancement gives you the ability to protect your VPN using Azure MFA <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/06/azure-ad-news-azure-mfa-cloud-based-protection-for-on-premises-vpns-is-now-in-public-preview/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt">One of the top requests we hear from customers is to be able to secure their on-premises VPNs using Azure AD and our cloud-based MFA service. Today we’re announcing the public preview of NPS Extension support in Azure MFA. This cool enhancement gives you the ability to protect your VPN using Azure MFA (which is included in Azure AD Premium) without having to install a new on-premises server.<br /> </span></p> <p><span style="font-size: 12pt">This is another step along the road to realizing our vision of making Azure AD a complete, cloud based “Identity Control Plane” service that makes it easy for enterprises to assure their employees, partners and customers have access to all the right cloud and on-premises resources while assuring the highest levels of compliance and security.<br /> </span></p> <p><span style="font-size: 12pt">To give you the details about this release, I’ve asked Yossi Banai to write a blog about this cool new capability. His blog is below.<br /> </span></p> <p><span style="font-size: 12pt">I hope you’ll find this update useful for improving the security of your organization!<br /> </span></p> <p><span style="font-size: 12pt">And as always, we would love to receive any feedback or suggestions you have.<br /> </span></p> <p><span style="font-size: 12pt">Best Regards,<br /> </span></p> <p><span style="font-size: 12pt">Alex Simons (Twitter: <a href="https://twitter.com/alex_a_simons"><span style="color: blue;text-decoration: underline">@Alex_A_Simons</span></a>)<br /> </span></p> <p><span style="font-size: 12pt">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt">Microsoft Identity Division<br /> </span></p> <p><span style="font-size: 12pt">——————<br /> </span></p> <p><span style="font-size: 12pt">Hello,<br /> </span></p> <p><span style="font-size: 12pt">I’m Yossi Banai, a Program Manager on the Azure Active Directory team. As you know, multi-factor authentication is an important tool to help safeguard data and applications while meeting user demands for a simple sign-in process. With <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication"><span style="color: blue;text-decoration: underline">Azure Multi-factor authentication</span></a> (MFA), customers currently can <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started"><span style="color: blue;text-decoration: underline">choose between</span></a> MFA Server (an on-premises solution) and cloud-based MFA (a cloud-based solution supported and maintained by Microsoft).<br /> </span></p> <p><span style="font-size: 12pt">While <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server"><span style="color: blue;text-decoration: underline">MFA Server</span></a> provides a rich set of features, more and more customers are choosing to use <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-cloud"><span style="color: blue;text-decoration: underline">cloud-based MFA</span></a> to secure their environment, to simplify it, reduce cost, and take advantage of powerful Azure AD features such as <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access"><span style="color: blue;text-decoration: underline">Conditional Access</span></a> and <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection"><span style="color: blue;text-decoration: underline">Azure AD Identity Protection</span></a>.<br /> </span></p> <p><span style="font-size: 12pt">However, since cloud-based MFA services like Azure AD have not traditionally supported <a href="https://technet.microsoft.com/en-us/library/cc995145.aspx">RADIUS authentication</a>, customers who wanted to secure on-premises clients such as VPN had no choice but to deploy MFA Servers on-premises. With today’s release of the NPS Extension for Azure MFA, I’m excited to announce that we have closed this gap, and added the ability to secure RADIUS clients using cloud-based MFA!<br /> </span></p> <p><span style="font-size: 12pt">The NPS extension for Azure MFA provides a simple way to add cloud-based MFA capabilities to your authentication infrastructure using your existing <a href="https://technet.microsoft.com/en-us/network/bb545879.aspx"><span style="color: blue;text-decoration: underline">NPS servers</span></a>. With the NPS extension, you’ll be able to add phone call, SMS, or phone app MFA to your existing authentication flow without having to install, configure, and maintain new servers.<br /> </span></p> <p><span style="font-size: 12pt"><strong>How does the NPS Extension for Azure MFA work?</strong><br /> </span></p> <p><span style="font-size: 12pt">With the NPS Extension for Azure MFA, which is installed as an extension to existing NPS Servers, the authentication flow includes the following components:<br /> </span></p> <ul> <li><span style="font-size: 12pt"><strong>User/VPN Client: </strong>Initiates the authentication request.<br /> </span></li> <li><span style="font-size: 12pt"><strong>NAS Server/VPN Server:</strong> Receives requests from VPN clients and converts them into RADIUS requests to NPS servers.<br /> </span></li> <li><span style="font-size: 12pt"><strong>NPS Server: </strong>Connects to Active Directory to perform the primary authentication for the RADIUS requests and, if successful, pass the request to any installed NPS extensions.<br /> </span></li> <li><span style="font-size: 12pt"><strong>NPS Extension</strong>: Triggers an MFA request to <a href="https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-cloud/"><span style="color: blue;text-decoration: underline">Azure cloud-based MFA</span></a> to perform the secondary authentication. Once it receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim issued by Azure STS.<br /> </span></li> <li><span style="font-size: 12pt"><strong>Azure MFA</strong>: Communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured for the user.<br /> </span></li> </ul> <p><span style="font-size: 12pt">The following diagram illustrates the high-level authentication request flow:<br /> </span></p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/02/020617_0251_AzureADNews1.png" /><span style="font-size: 12pt"><br /> </span></p> <p><span style="font-size: 12pt"><strong>Getting started</strong><br /> </span></p> <p><span style="font-size: 12pt">I encourage you to download and install the NPS extension for Azure MFA from the <a href="https://aka.ms/npsmfa"><span style="color: blue;text-decoration: underline">Microsoft Download Center</span></a> and start testing this feature.<br /> </span></p> <p><span style="font-size: 12pt">The NPS Extension for Azure MFA is available to customers with <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication"><span style="color: blue;text-decoration: underline">licenses for Azure Multi-Factor authentication</span></a> (included with Azure AD Premium, EMS, or an MFA subscription). In addition, you will need Windows Server 2008 R2 SP1 or above with the NPS component enabled.<br /> </span></p> <p><span style="font-size: 12pt">All users using the NPS extension must be synced to Azure Active Directory using Azure AD Connect and be registered for MFA.<br /> </span></p> <p><span style="font-size: 12pt">To install the extension, simply run the installation package and the PowerShell script it generates, which associates the extension with your tenant. Then, configure your RADIUS client to authenticate through your NPS Server.<br /> </span></p> <p><span style="font-size: 12pt"><strong>The fine print</strong><br /> </span></p> <p><span style="font-size: 12pt">This release of the NPS Extension for Azure MFA targets new deployments and does not include tools to migrate users and settings from MFA Server to the cloud.<br /> </span></p> <p><span style="font-size: 12pt">Like with MFA Server, once you enable MFA for a RADIUS client using the NPS Extension, all authentications for this client will be required to perform MFA. If you want to enable MFA for some RADIUS clients but not others, you can configure two NPS servers and install the extension on only one of them. Configure RADIUS clients that you want to use MFA with to send requests to the NPS server configured with the extension, and other RADIUS clients to send requests to the NPS server that don’t have the extensions.<br /> </span></p> <p><span style="font-size: 12pt"><strong>We appreciate your feedback</strong><br /> </span></p> <p><span style="font-size: 12pt">We would love to hear your feedback. If you have any suggestions for us, questions, or issues to report, please leave a comment at the bottom of this post, send a note to the <a href="mailto:npsamfas@microsoft.com"><span style="color: blue;text-decoration: underline">NPS Extension</span></a> team, or tweet with the hashtag #AzureAD.</span></p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/06/azure-ad-news-azure-mfa-cloud-based-protection-for-on-premises-vpns-is-now-in-public-preview/feed/</wfw:commentRss>
<slash:comments>16</slash:comments>
</item>
<item>
<title>Azure AD B2B: New updates make cross-business collab easy</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/01/azure-ad-b2b-new-updates-make-cross-business-collab-easy/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/01/azure-ad-b2b-new-updates-make-cross-business-collab-easy/#comments</comments>
<pubDate>Wed, 01 Feb 2017 18:35:01 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[B2B]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Multi-factor authentication]]></category>
<category><![CDATA[Public Cloud]]></category>
<category><![CDATA[Public Preview]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=46736</guid>
<description><![CDATA[Howdy folks, I’ve been looking forward to writing this blog post for a while! Those of you who follow the blog know that Azure AD B2B collaboration is a set of capabilities that makes it easy for IT pros and information workers to invite people from any organization in the world to collaborate online. The <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/01/azure-ad-b2b-new-updates-make-cross-business-collab-easy/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="color: black">Howdy folks,<br /> </span></p> <p><span style="color: black">I’ve been looking forward to writing this blog post for a while!<br /> </span></p> <p><span style="color: black">Those of you who follow the blog know that Azure AD B2B collaboration is a set of capabilities that makes it easy for IT pros and information workers to invite people from any organization in the world to collaborate online. The goal of Azure AD B2B is to enable organizations of all sizes and industries – even those with complex compliance and governance requirements – to work easily and securely with collaborators around the world.<br /> </span></p> <p><span style="color: black">I’m excited to let you know that we’ve just turned on a boat load of new enhancements in our B2B public preview.<br /> </span></p> <p><span style="color: black">Millions of users and thousands customers have been using the public preview of our B2B Collaboration capabilities since we first announced the public preview. Those customers have been incredibly generous with their time and feedback. All of the enhancements we’re announcing today are based their suggestions and we can’t thank them enough for their partnership.<br /> </span></p> <h2>Key new features of Azure AD B2B Collaboration</h2> <p>In today’s release, you’ll find the following new features and functionality:</p> <ol> <li>UX enhancements to the B2B <a href="https://portal.azure.com/">admin experience</a>, including the ability for admins to invite B2B users to the directory or to any group or application.</li> <li>B2B self-service invitation capabilities in the <a href="https://myapps.microsoft.com/">Access Panel</a>, so information workers can invite B2B users to any self-service group or application they manage.</li> <li>Ability to invite a user with any email address to collaborate. Whether a user has an Office365 or on-premises Exchange email address, an outlook.com email address, or any social email address, he/she can now seamlessly access the invited organization with inline, lightweight creation of an Azure AD or Microsoft Account.</li> <li>Professional, tenant branded invitation emails.</li> <li>The option to build customize onboarding experience using our invitation APIs.</li> <li>The ability to require and provide MFA for B2B guest accounts.</li> <li>Ability to delegate responsibility for inviting B2B guest accounts to non-administrators.</li> <li>PowerShell support for B2B.</li> <li>Auditing and reporting capabilities.<span style="font-size: 9pt"><br /> </span></li> </ol> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/01/020117_0159_AzureADB2BN1.png" /></p> <p style="text-align: center"><span style="color: black"><em>Fig 1: A custom branded invitation, one of our most highly requested features<br /> </em></span></p> <p><span style="color: black">We are also releasing <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b">updated, detailed documentation</a> to help you understand the capabilities really well and guide you in using them as efficiently as possible.<br /> </span></p> <p><span style="color: black">Our next milestone is to take the service to Generally Availability. So please send us any final or suggestions you have ASAP. We will put them all to good use!<br /> </span></p> <h2>Give it a try!</h2> <p>Getting started is simple. <a href="https://portal.azure.com/"><strong>Go to the user list in your tenant</strong></a> and add any external email address today!</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/01/020117_0159_AzureADB2BN2.png" /><strong><br /> </strong></p> <p style="text-align: center"><em>Fig 2: Inviting a B2B Guest User in the new Azure Portal<br /> </em></p> <p>And like always, we would love to receive and feedback our suggestions you have in our <a target="_blank" href="https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/bd-p/AzureAD_B2b"><b>Microsoft Tech Community</b></a>!</p> <h2>Learn More</h2> <p>There’s much more detail about the new Azure AD B2B Collaboration features in our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b">updated documentation</a>. Dive in and let us know if you have any questions! <span style="color: black">And if you haven’t seen it yet, check out our<a href="https://www.youtube.com/watch?v=jtBaQHvAUsQ"><span style="color: #0078d7">Ignite Azure AD B2B collaboration talk</span></a><span style="color: #0078d7">,<span style="color: #41424e"> too.</span><br /> </span></span></p> <p>Best Regards,<br /> Alex Simons (@Twitter:<span style="color: #41424e"><a href="https://twitter.com/Alex_A_Simons"><span style="color: #0078d7"><strong>@Alex_A_Simons</strong></span></a></span>)<br /> Director of Program Management<br /> Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/02/01/azure-ad-b2b-new-updates-make-cross-business-collab-easy/feed/</wfw:commentRss>
<slash:comments>5</slash:comments>
</item>
<item>
<title>New enhanced access controls in Azure AD: Tenant Restrictions is now Generally Available!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/31/new-enhanced-access-controls-in-azure-ad-tenant-restrictions-is-now-generally-available/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/31/new-enhanced-access-controls-in-azure-ad-tenant-restrictions-is-now-generally-available/#comments</comments>
<pubDate>Tue, 31 Jan 2017 18:00:15 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Hybrid Cloud]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=46705</guid>
<description><![CDATA[Howdy folks, Today I’m happy to announce that our new Tenant Restrictions capability is Generally Available! We built Tenant Restrictions with extensive input from our customer in finance, healthcare and pharmaceutical, industries which have relatively strict information access and compliance requirements. Tenant restrictions gives customers with these kinds of requirements enhanced control over access to <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/31/new-enhanced-access-controls-in-azure-ad-tenant-restrictions-is-now-generally-available/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Today I’m happy to announce that our new Tenant Restrictions capability is Generally Available! We built Tenant Restrictions with extensive input from our customer in finance, healthcare and pharmaceutical, industries which have relatively strict information access and compliance requirements.</p> <p>Tenant restrictions gives customers with these kinds of requirements enhanced control over access to SaaS cloud applications. Admins can now restrict employees using their corporate network to only being able to use Azure AD identities in tenants they have approved. <span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>To give you the details about this important new capability, I’ve asked Yossi Banai, a PM in our Identity Security and Protection team to write a blog about this feature. You’ll find it below.</p> <p>I those of you in highly regulated industries will find this featureuseful! And as always, we would love to receive any feedback or suggestions you have!<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>Best Regards,<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>Alex Simons (Twitter: <a target="_blank" href="https://twitter.com/alex_a_simons"><span style="color: blue;text-decoration: underline">@Alex_A_Simons</span></a>)<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>Director of Program Management<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>Microsoft Identity Division<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>________<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>Hello,<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p>I’m Yossi Banai, a Program Manager on the Azure Active Directory team. In today’s blog post I’ll cover Tenant Restrictions a new feature we released today for general availability.<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <h1><span style="color: #2e74b5"><span style="font-family: Calibri Light">Overview</span><br /> </span></h1> <p style="text-align: justify">Companies that want to move their employees to SaaS apps like Office 365 are sometimes worried about opening their networks to information leaks. If users can access Office 365 with their corporate identity, they can also access these same services with other identities.</p> <p style="text-align: justify">Before cloud services, network admins could simply block access to unwanted apps or websites by blocking their URL or IP address. This is no longer an option with SaaS apps, where a single endpoint (like outlook.office.com) is used by all consumers of the SaaS app.</p> <p style="text-align: justify">Our solution for this common IT challenge is Tenant Restrictions. This new feature enables organizations to control access based on the <a target="_blank" href="https://msdn.microsoft.com/en-us/library/azure/jj573650.aspx"><span style="color: #0563c1;text-decoration: underline">Azure AD tenant</span></a> the applications use for single sign-on. For example, you can use Tenant Restrictions to allow access to your organization’s Office 365 applications, while preventing access to other organizations’ instances of these same applications.<span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <h1><span style="font-family: Calibri Light">How it works<span style="color: #2e74b5;font-size: 16pt"><br /> </span></span></h1> <p style="text-align: justify">An on-premises proxy server is configured to intercept authentication traffic going to Azure AD. The Proxy inserts a new header called “<span style="font-family: Consolas;font-size: 10pt">Restrict-Access-To-Tenants”</span> that lists the tenants that users on the network are permitted to access. Azure AD reads the permitted tenant list from the header, and only issues security tokens if the user or resource is in a tenant on that list.</p> <p style="text-align: justify">The following diagram illustrates the high-level traffic flow. <span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/01/013117_1437_Newenhanced1.png" /><span style="font-family: Times New Roman;font-size: 12pt"><br /> </span></p> <h1>End-user Experience</h1> <p style="text-align: justify">If a user on the Contoso network tries to sign in to the outlook.office.com instance of an unpermitted tenant, he or she will see this message on the web page:</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/01/013117_1437_Newenhanced2.png" /></p> <h1>Admin Experience</h1> <p>While configuration of Tenant Restrictions is done on the corporate proxy infrastructure, admins can access the Tenant Restrictions reports in the Azure Portal directly from the Overview page of Azure Active Directory, under ‘Other capabilities’.</p> <p>Using the report, the admin for the tenant specified as the “Restricted-Access-Context” can see all sign-ins blocked because of the Tenant Restrictions policy, including the identity used and the target Tenant ID:</p> <p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/01/013117_1437_Newenhanced3.png" /></p> <h1>Learn more</h1> <p>When you’re ready to get started, see <a href="https://docs.microsoft.com/azure/active-directory/active-directory-tenant-restrictions">Use Tenant Restrictions to manage access to SaaS cloud applications</a> for more information.</p> <h1>We appreciate your feedback</h1> <p style="text-align: justify">As always, we want to hear your feedback about this new feature. If you have any feedback, questions, or issues to report, please leave a comment at the bottom of this post or tweet with the hashtag #AzureAD.</p> <p>Best regards,</p> <p>Yossi</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/31/new-enhanced-access-controls-in-azure-ad-tenant-restrictions-is-now-generally-available/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>#AzureAD Mailbag: MFA Q&A, Round 7!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/27/azuread-mailbag-mfa-qa-round-7/</link>
<pubDate>Fri, 27 Jan 2017 19:16:51 +0000</pubDate>
<dc:creator><![CDATA[Mark Morowczynski [MSFT]]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Azure MFA]]></category>
<category><![CDATA[Mailbag]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=45855</guid>
<description><![CDATA[Hey yall, Mark Morowczynski here with the second part of our two part MFA mailbag. To read part 1 click here. Also for those that haven’t been reading these mailbags since the beginning you can read all the previous 21 posts using the ‘mailbag‘ tag. We are trying to make these Friday posts a regular <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/27/azuread-mailbag-mfa-qa-round-7/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p>Hey yall, Mark Morowczynski here with the second part of our two part MFA mailbag. To read part 1 click <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/06/azuread-mailbag-mfa-qa-round-6/">here</a>. Also for those that haven’t been reading these mailbags since the beginning you can read all the previous 21 posts using the ‘<a href="https://blogs.technet.microsoft.com/enterprisemobility/tag/mailbag/">mailbag</a>‘ tag. We are trying to make these Friday posts a regular thing and next week will cover App Proxy. If there are topics you’d like to see us discuss, even some that might require a much deeper dive let us know. Now on to the questions.</p> <p><strong></strong></p> <p><strong>Question 6:</strong></p> <p>If you publish the on-prem <a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-portal">MFA User Portal</a>/<a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server-webservice">MFA Server Mobile App Web Service</a> with Azure AD Application Proxy, does this require a public cert? Can a private cert be used?</p> <p><strong>Answer 6:</strong></p> <p>Technically, you can use a self-signed cert for MFA User Portal if you are willing to have users ignore the cert warnings/errors, but that isnt recommended for an optimal end user experience. The MFA Server Mobile App Web Service on the other hand does in fact require a public certificate. Otherwise, the Microsoft Authenticator App will not be able to connect to the web service successfully, preventing the a successful activation.</p> <p> </p> <p><strong>Question 7:</strong></p> <p>Is there any equivalent feature in the Azure MFA Server for “<a href="https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-whats-next#remember-multi-factor-authentication-for-devices-users-trust">Allow users to remember multi-factor authentication on devices they trust</a>” that is available in Azure MFA?</p> <p><strong>Answer 7:</strong></p> <p>No, except when using IIS Authentication to secure IIS-based websites. In that case, a cookie can be set to only require MFA every X minutes but it isnt something the end user opts into by checking a box. The cookie is set on whichever browser the user signs in from. When using RADIUS or LDAP, MFA is performed with every verification request. Thats typically desired because the verifications are generally for remote access. When securing ADFS, ADFS has full control over when MFA is required and when it isnt.</p> <p> </p> <p><strong>Question 8:</strong></p> <p>Can we use both Azure MFA Server to secure on-premises applications and Azure MFA for Office 365? How do /can they both these work together?</p> <p><strong>Answer 8:</strong></p> <p>You can use Azure MFA Server to secure both on-premises applications and cloud applications that federate to ADFS, including O365 and other apps that federate to Azure AD. It is best to not use both Azure MFA Server and Azure MFA for the same set of users though because they would have to register and manage MFA enrollment data in both places. It make sense to utilize Azure MFA for your cloud-based users and Azure MFA Server for your federated sync’ed users.</p> <p>If you use both, it is best to control it with groups so that certain groups use on-prem MFA and everyone else uses cloud-based MFA. Youll need to ensure that the SupportsMfa setting in the tenant DomainFederationSettings is set to False in this case. When AAD sends the user to ADFS for primary auth, ADFS will force users that are members of designated groups to perform MFA on-premises. So, ADFS will return the AuthMethodsReferences claim indicating that MFA was performed for those users, but not for the other users that arent members of those groups. Then Azure AD can perform cloud-based MFA for all of the other users. This design will apply to all auth flows on the reliant party trust (e.g. all applications that use Azure AD as the IdP).</p> <p> </p> <p><strong>Question 9:</strong></p> <p>Is there a way for us to migrate users [from our Azure MFA Server] to Azure MFA so there is no action required from the users perspective?</p> <p><strong>Answer 9:</strong></p> <p>We dont have a way to migrate users today from Azure MFA Server to cloud-based Azure MFA. We have heard this feedback previously and it is something that we are discussing.</p> <p> </p> <p><strong>Question 10:</strong></p> <p>We currently use TMG to proxy the ADFS front end to determine whether the user is coming from external. If they are external, the user is directed to Azure MFA Server to perform MFA. Any issues with this strategy ? Wed like to deprecate TMG over time, but not lose functionality.</p> <p><strong>Answer 10:</strong></p> <p>No issues with that approach. ADFS should be returning the InsideCorporateNetwork claim to Azure AD when users are inside the network, and thus not going through TMG or WAP. InsideCorporateNetwork claim can also be sent to Azure AD to determine whether you are on or off the network as well.</p> <p> </p> <p><strong>Question 11:</strong></p> <p>Can you/How do you secure on-prem OWA with MFA?</p> <p><strong>Answer 11:</strong></p> <p>To secure on-prem OWA (not rich clients), you have the following options:</p> <ol> <li>Publish OWA using Azure AD App Proxy. This allows the customer to either use cloud-based Azure MFA (<a href="https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-cloud/">https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-cloud/</a>) or to use Azure MFA Server with ADFS (<a href="https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-adfs-w2k12/">https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-adfs-w2k12/</a>).</li> <li>Configure OWA for claims-based auth to ADFS. Use MFA Server to secure ADFS. This requires Exchange 2013 or higher.</li> </ol> <p>If using a reverse proxy such as F5 in front of OWA that can do pre-authenticate via RADIUS or LDAP, you can point the RADIUS or LDAP authentication to MFA Server</p> <p> </p> <p>Thanks for reading. Check back next week for more mailbag goodness.</p> <p>For any questions you can reach us at<br /> <a>AskAzureADBlog@microsoft.com</a>, the <a href="https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD">Microsoft Forums</a> and on Twitter <a href="https://twitter.com/AzureAD">@AzureAD</a>, <a href="https://twitter.com/markmorow">@MarkMorow</a> and <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a></p> <p> </p> <p>Chad Hasbrook, Mark Morowczynski, Shawn Bishop, Todd Gugler</p> ]]></content:encoded>
</item>
<item>
<title>Identity Admins rejoice: Azure Active Directory meets Power BI!</title>
<link>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/20/admins-rejoice-azure-active-directory-meets-power-bi/</link>
<comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/20/admins-rejoice-azure-active-directory-meets-power-bi/#comments</comments>
<pubDate>Fri, 20 Jan 2017 16:00:42 +0000</pubDate>
<dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=46086</guid>
<description><![CDATA[Howdy folks, We’ve heard from many of our largest customers that it’s critically important to them to have easy access to information that helps them understand how their employees and partners are using Azure Active Directory. That understanding allows them to plan their IT infrastructure, to increase usage and maximize the business value they get <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/20/admins-rejoice-azure-active-directory-meets-power-bi/">Continue reading</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 10pt">Howdy folks,<br /> </span></p> <p><span style="font-size: 10pt">We’ve heard from many of our largest customers that it’s critically important to them to have easy access to information that helps them understand how their employees and partners are using Azure Active Directory. That understanding allows them to plan their IT infrastructure, to increase usage and maximize the business value they get from Azure AD.<br /> </span></p> <p><span style="font-size: 10pt">The<a href="https://portal.azure.com/">usage and activity reports</a>in the Azure admin portal are a great starting point for accessing and digesting usage trends. But many of you have told us you want the ability to gather richer insights into what’s going on with the various capabilities you rely on in Azure Active Directory. So, today I am excited to announce the new Power BI Content Pack for Azure Active Directory!<br /> </span></p> <p><span style="font-size: 10pt">With this integration of Azure Active Directory APIs with Power BI, you can easily download pre-built content packs and dig deeper into all the activities within your Azure Active Directory, and all this data is enhanced by the rich visualization experience Power BI offers. And you can create your own dashboard and share it easily with anyone in your organization.<br /> </span></p> <p><img class="aligncenter" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/01/011917_0047_Adminsrejoi1.png" /></p> <h3><span style="color: #404040;font-family: Segoe UI;font-size: 18pt">Richer Usage, App Trends and Audit insights<br /> </span></h3> <p><span style="font-size: 10pt">The Azure AD Power BI content pack has three main reports you can use to create your dashboard view. The default dashboard view shows the specific metrics around usage of your Azure AD features. You can get detailed access by clicking into the metrics.<br /> </span></p> <p><span style="font-size: 10pt">Here are the key reports you get with this content pack:<br /> </span></p> <ul> <li><span style="font-size: 10pt"><strong>App Usage and Trend report: </strong>Provides insight into the apps used in your organization, including which ones are being used the most and when. Use this report to see how an app you recently rolled out in your organization is being used or find out which apps are popular. By doing this, you can improve usage if you see the app is not being used.<br /> </span></li> <li><span style="font-size: 10pt"><strong>Sign-ins by location and users: </strong>Provides insight into all the sign-ins performed using Azure Identity and into the identity of the users. With this report, you can look at individual sign-ins to find information such as where a user signed in from, which user has signed in the most, and whether the sign-in was successful. And you can drill into details by clicking on a specific date or location.<strong><br /> </strong></span></li> </ul> <h3><span style="color: #404040;font-family: Segoe UI;font-size: 18pt">Let us know what you think!<br /> </span></h3> <p>It’s important to note that you need to have <a href="https://azure.microsoft.com/en-us/pricing/details/active-directory/">Azure AD Premium</a> to access this content pack. You can learn more about <a href="https://powerbi.microsoft.com/en-us/blog/azure-active-directory-meets-power-bi/preview/"><span style="font-family: Segoe UI"><strong>how to install and get started with the Azure AD</strong></span></a> content pack by checking out the Azure AD content pack documentation.<span style="color: #333333;font-family: Segoe UI;font-size: 10pt"><br /> </span></p> <p><a></a>Give these new features a try and let the<a href="mailto:aadreportinghelp@microsoft.com?subject=Azure%20AD%20Activity%20Logs%20Power%20BI%20Content%20Pack%20Feedback">AAD Reporting team</a> know what you think! We read every piece of feedback to make sure the Azure AD administration experience is top-notch, so let us know what works for you and what doesn’t. I look forward to hearing from you!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="http://www.twitter.com/alex_a_simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/01/20/admins-rejoice-azure-active-directory-meets-power-bi/feed/</wfw:commentRss>
<slash:comments>4</slash:comments>
</item>
</channel>
</rss>
