<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Azure Active Directory &#8211; Enterprise Mobility and Security Blog</title> <atom:link href="https://blogs.technet.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" /> <link>https://blogs.technet.microsoft.com/enterprisemobility</link> <description>The most recent news and updates about Microsoft’s Enterprise Mobility offerings and events for enterprise technology professionals and developers.</description> <lastBuildDate>Fri, 09 Jun 2017 15:55:22 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <item> <title>The New Intune and Conditional Access Admin Consoles are GA</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/#respond</comments> <pubDate>Thu, 08 Jun 2017 15:00:46 +0000</pubDate> <dc:creator><![CDATA[BradAnderson]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52547</guid> <description><![CDATA[There are a handful of topics that consistently come up whenever I meet with our customers and partners and one of the most common has to do with how to balance productivity for end users with the need for security and control of company data. The tension between these two needs is the stage <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>There are a handful of topics that consistently come up whenever I meet with our customers and partners and one of the most common has to do with how to balance productivity for end users with the need for security and control of company data. The tension between these two needs is the stage upon which an even bigger challenge constantly looms: Every IT team on earth being asked to do more with less at a time when technology keeps accelerating and the landscape of their own industry shifts beneath their feet.</p>&#10;<p>The request I get in these meetings is very clear and consistent: We need efficient solutions that make it easier to manage and control growing complexity; can you help us reduce the complexity we are dealing with?</p>&#10;<p><strong>This is where we bring in the good news:</strong> Managing Intune and Conditional Access together with <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/">Azure AD</a> just got a lot easier for our rapidly growing community of IT Professionals. As of today, we have reached two important milestones for Microsoft Intune and for EMS <a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access">Conditional Access</a> capabilities: Both new admin experiences are now <strong>Generally Available in the Azure portal</strong>!</p>&#10;<h1><strong>Heres how Intunes redesign helps your organization</strong></h1>&#10;<p>Intunes move to the Azure portal is, in technical terms, a really big deal. Not only did the Intune console change, but all of the components of the EMS console experience have now come together. The process of migrating capabilities into the new portal was an incredible opportunity to reimagine the entire admin experience from the ground up and <strong>what we are shipping today is an expression of our unique vision for mobility management</strong> <strong>shaped by needs of our over 45K unique paying customers</strong>.</p>&#10;<p>I love the progress weve made here because <strong>Intune on Azure is great for our existing customers</strong> because they can now manage all Intune MAM and MDM capabilities in one consolidated admin experience, and they can leverage all of Azure AD seamlessly within one experience. Awesome.</p>&#10;<p>There is actually a whole lot more going on behind the scenes of the new administrative experience. Not only have the administrative experiences converged, but we also converged Intune and Azure Active Directory onto a common architecture and platform. Converging the architectures dramatically simplifies the work we do to support it, the work you do to use it, and it enables some incredible end-to-end scenarios across Identity and Enterprise Mobility Management.</p>&#10;<h1><strong>Here are the 3things you need to know about Intune on Azure:</strong></h1>&#10;<ol>&#10;<li><strong> </strong><strong>Its built to leverage Azures hyper scale<br />&#10;</strong>The Azure platform provides huge increases in elasticity and reliability for Intune, and it provides the foundation for nearly unlimited scale. The new admin experience will also run on <strong>any browser</strong> on <strong>any device</strong> form-factor. Now you can manage Intune from anywhere even from your phone!<br />&#10;The redesigned architecture and new console bring nearly unlimited scale to the service. We currently have customers that are <em>rapidly</em> growing to 100,000s of devices in a single tenant. No problem! One customers has shared that they associated a sophisticated policy to ~200,000 users and what took hours in the past was done in less than 3 minutes. Now, because this is built into the Azure console, you get all the rich role-based administration for delegation of authority.</li>&#10;</ol>&#10;<ol start="2">&#10;<li><strong> </strong><strong>Its optimized for cross-EMS workflows<br />&#10;</strong>With Intunes move to Azure and the Azure Portal, we now share a console experience with other core EMS services like Azure Active Directory and Azure Information Protection. Having the collective power of these services living side-by-side makes them more effective and easier to manage across identity and access management, MDM and MAM, and information protection workloads.<br />&#10;For example: If youve just finished creating a set of conditional access policies to control access to data using Intune in the same portal environment, youre now just a click away from adding additional app protection policies that ensure that your data is protected after its been accessed and is in use on mobile devices.<br />&#10;The Intune transition to Azure also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organizations on-premises Active Directory.</li>&#10;</ol>&#10;<ol start="3">&#10;<li><strong> </strong><strong>You can simplify, automate, and integrate management with Microsoft Graph<br />&#10;</strong>Built on the <a href="https://developer.microsoft.com/en-us/graph">Microsoft Graph API</a>, the new Intune experience also opens the door for broader systems integration and automation. This means that our customers can now simplify, automate and integrate workflows across Intune and the other services they are using however they see fit. For more information about what you can do with this, I really recommend <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/">this post</a>. Microsoft Graph API capabilities are currently in preview; expect a GA announcement for this functionality in the coming quarter<em>.</em></li>&#10;</ol>&#10;<p>If you havent tried Intune on Azure, we invite you to jump into this new experience with us. <strong>To check it out for yourself</strong>, log into the <a href="http://portal.azure.com">Microsoft Azure portal</a> right now. Were always listening and learning from your feedback, and we want to hear what you think! Since we put this into preview in December there have been <strong>more than 100k paying and trial tenants provisioned</strong>!</p>&#10;<h1><strong>Conditional Access the new admin experience in the Azure portal</strong></h1>&#10;<p>The new conditional access admin experience is also Generally Available today. Conditional access in Azure brings rich capabilities across Azure Active Directory and Intune together in one unified console. We built this functionality after getting requests for more integration across workloads and fewer consoles. The experience were delivering today does exactly that.</p>&#10;<p>Organizations everywhere face the challenge of enabling users on an ever-expanding array of mobile devices, while the data they are tasked with protecting is moving outside of their network perimeter to cloud services and all of this happens while the severity and sophistication of attacks are dramatically accelerating. IT teams need a way to quantify the risks around the identity, device, and app being used to access corporate data while also taking into consideration the physical location and then grant or block access to corporate apps/data based upon a holistic view of risk across these four vectors. This is how you win.</p>&#10;<p>Conditional access allows you to do this and ensure that only appropriately <strong>authenticated and validated users</strong>, from the <strong>compliant devices</strong>, from <strong>approved apps</strong>, and under the <strong>right conditions</strong> have access to your companys data. The functionality at work here is technologically incredible, but its not always obvious how granular and powerful these controls really are. The new conditional access experience on Azure now makes the power of this technology crystal clear by showcasing the deep controls you have at every level in one consolidated view:</p>&#10;<p><img width="946" height="634" class="alignnone size-full wp-image-52555" alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/xxxxx.png" /></p>&#10;<p>Now you can easily step through a consolidated flow that allows you to set granular policies that define access at the <strong>user</strong>, <strong>device</strong>, <strong>app</strong> and <strong>location</strong> levels. Over the last 6 months, as I have shown this integrated experience to 100s of customers, the most common comment has been: Now I completely see what Microsoft has been talking about how Identity management/protection has needed to work with Enterprise Mobility Management to protect our data. Microsofts <a href="https://www.microsoft.com/en-us/security/intelligence">Intelligent Security Graph</a> is also integrated here, delivering a dynamic risk based assessment into the conditional access decision.</p>&#10;<p>You can also control access to resources based on a users sign-in risk via the vast data in. Once your policies are set, users operating under the right conditions are granted real-time access to apps and data <em>however</em>, as conditions change, intelligent controls kick in to make sure that your data stays secure. These controls include:</p>&#10;<ul>&#10;<li>Challenging a user with MFA to prove that they are who they say they are.</li>&#10;<li>Prompting the user to enroll their device in Intune.</li>&#10;<li>Guiding the user to make adjustments to their device to meet your orgs security requirements</li>&#10;<li>Blocking access all together or even wiping a device.</li>&#10;<li>Granting different access privileges when using a native app (Word) vs. a web app (Word Online)</li>&#10;</ul>&#10;<p>We believe Microsoft is uniquely positioned to deliver solutions that are this comprehensive and sophisticated yet remain simple to operate. With EMS, these types of functionalities are possible because were building them together, from the ground up, to deliver on our commitment for secure and mobile productivity.</p>&#10;<p>You can access the new conditional access console in the menu within both the Intune and Azure AD blades. To see this functionality in action, check out <a href="https://channel9.msdn.com/Series/Endpoint-Zone/Endpoint-Zone-with-BRad-Anderson-1703">this <em>Endpoint Zone</em> episode</a>.</p>&#10;<h1><strong>Whats Next</strong></h1>&#10;<p>Our commitment to ongoing innovation means we never stop listening, shipping and reaching for whats next. <strong>Looking ahead</strong>, well continue to release new features and enhancements at a steady pace throughout the year. From this point forward, all new Intune and conditional access features will be delivered in the new portal, so keep an eye out.</p>&#10;<p><strong>Also:</strong> Dont hesitate to let us know what you think; our dialog with customers is <strong>our most valuable development input</strong>.</p>&#10;<p>One last note: This is a really significant day for all of us. I am so pleased with the work that has been done here at Microsoft on the architecture and administrative experiences. Im happy for the team and what has been accomplished. I am so pleased with the feedback that has come in from so many customers about the richness and vibrancy of the new admin experience as well as how performant the services are. And, at the risk of sounding redundant, Im happy to hear how much this has simplified your work while delivering incredible new, unique value such as the integrated Conditional Access.</p>&#10;<p>&nbsp;</p>&#10;<p>&nbsp;</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Azure AD Conditional Access now supports Microsoft Teams &#038; the Azure Portal</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/#comments</comments> <pubDate>Tue, 06 Jun 2017 16:01:49 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Conditional Access]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52435</guid> <description><![CDATA[Howdy folks, Quick blog post today. Many of you have asked when you&#8217;ll be able to use Conditional Access policies with Microsoft Teams and the Azure Portal. I&#8217;m happy to let you know that support for both services is now available. Nitika Gupta from my team has written a blog post with the details. You&#8217;ll <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Quick blog post today.</p>&#10;<p>Many of you have asked when you&#8217;ll be able to use Conditional Access policies with Microsoft Teams and the Azure Portal. I&#8217;m happy to let you know that support for both services is now available. Nitika Gupta from my team has written a blog post with the details. You&#8217;ll find it below.</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-</p>&#10;<p>Hi folks,</p>&#10;<p>I&#8217;m Nitika Gupta, a Program Manager in the Identity Security and Protection team at Microsoft. I&#8217;m excited to share that Microsoft Teams and Azure portal now support Azure AD Conditional Access.</p>&#10;<p>Till now, the only way to secure access to Azure portal was to require Multi-Factor Authentication all the time for an administrative account. This addressed the security need but came in the way of productivity. With this announcement, customers can require Multi-Factor Authentication only for access to Azure portal. Leveraging the power of Conditional Access, customers can allow access to Azure portal only under certain conditions (sign-in risk, location, device) and from trusted devices.</p>&#10;<p>To create a policy for Azure portal, you can simply select &#8220;Microsoft Azure Management&#8221; under <strong>Cloud apps</strong>.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/060617_0548_AzureADCond1.png" /></p>&#10;<p>The policy will impact all the Azure management endpoints (classic Azure portal, Azure portal, Azure Resource Manager provider, classic Service Management APIs, as well as PowerShell).</p>&#10;<p>While configuring a policy for Azure portal, be cautious! A bad configuration might lead to you locking yourself out.</p>&#10;<p>And making news is also Microsoft Teams, one of the newest members of the Office 365 family, which is now available as its own Cloud app for IT admins to configure Conditional Access policies on. This allows organizations to secure the data in Teams and prevent leakage on untrusted devices.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/060617_0548_AzureADCond2.png" /></p>&#10;<p>The policy applies to Teams app on Windows, macOS, iOS, Android and Windows Phone. It&#8217;s important to note that Conditional Access policies created for Exchange Online and SharePoint Online cloud apps also affect Microsoft Teams as the Teams clients rely heavily on these services for core productivity scenarios such as meetings, calendars and files.</p>&#10;<h1>Feedback</h1>&#10;<p>We would love to hear your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment at the bottom of this post, or tweet with the hashtag #AzureAD.</p>&#10;<p>Thanks,</p>&#10;<p>Nitika Gupta</p>&#10;<p><a href="https://twitter.com/_nitika_gupta">@_nitika_gupta</a></p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/06/azure-ad-conditional-access-now-supports-microsoft-teams-the-azure-portal/feed/</wfw:commentRss> <slash:comments>4</slash:comments> </item> <item> <title>We’ve made the Azure AD App Proxy even better!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/01/weve-made-the-azure-ad-app-proxy-even-better/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/01/weve-made-the-azure-ad-app-proxy-even-better/#respond</comments> <pubDate>Thu, 01 Jun 2017 16:36:18 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Authentication]]></category> <category><![CDATA[Cloud]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52295</guid> <description><![CDATA[Howdy folks, I&#8217;ve blogged before about how the Azure AD Application Proxy is our &#8220;hidden gem&#8221;. Many of our customers don&#8217;t even know it exists, but once they discover it they LOVE it! It&#8217;s not uncommon for customers to have 300+ internal applications connected to it and one of our largest customers (a customers with <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/01/weve-made-the-azure-ad-app-proxy-even-better/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>I&#8217;ve blogged before about how the <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-get-started">Azure AD Application Proxy</a> is our &#8220;hidden gem&#8221;. Many of our customers don&#8217;t even know it exists, but once they discover it they LOVE it! It&#8217;s not uncommon for customers to have 300+ internal applications connected to it and one of our largest customers (a customers with over 100k seats of Azure AD deployed) is about to go live using it to make their entire intranet available to mobile employees!</p>&#10;<p>I&#8217;m excited to share a few feature updates that will make it even easier for you to onboard to Azure AD Application Proxy, and use it with a wider range of applications.</p>&#10;<p>I&#8217;ve invited Program Manager Harshini Jayaram to share the details in a blog post, which you&#8217;ll find below. Try out these updates and let us know what you think! We&#8217;re eager to hear from you.</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="http://www.twitter.com/alex_a_simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;<p>&#8212;&#8212;&#8211;</p>&#10;<p>Hi folks,</p>&#10;<p>I&#8217;m excited to share these changes to Azure AD Application Proxy onboarding and application control. They will simplify your remote access story whether you are new to the feature or are one of the many customers already using it.</p>&#10;<h1>Easier onboarding</h1>&#10;<p>Onboarding and management are now much simpler with fewer required ports and additional connection options.</p>&#10;<p>You can now deploy Azure AD Application Proxy by opening only two standard outbound ports: 443 and 80. Azure AD Application Proxy continues to only use outbound connections so you still don&#8217;t need any components in a DMZ. For details, please see our <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-application-proxy-enable">configuration documentation</a>.</p>&#10;<p>Now it is also easier to restrict outbound access from the Azure AD Application Proxy Connector. If supported by your external proxy or firewall, you can now open your network by DNS instead of IP range. Azure AD Application Proxy services only require connections to *.msappproxy.net and *.servicebus.windows.net.</p>&#10;<p>All these features are available with the newest Connector version. To learn how to manually upgrade your Connector or how the automatic updates will roll out, please see our <a href="https://docs.microsoft.com/en-us/azure/active-directory/application-proxy-understand-connectors">Connector update documentation</a>. If you already have the newest Connector, you can close all ports other than 443 and 80 and reduce your overhead.</p>&#10;<h1>Enable access to more applications</h1>&#10;<p>You can now also use Azure AD Application Proxy with applications that take up to 180 seconds to respond to a request. Use the new <strong>Backend Application Timeout</strong> setting in the Azure Portal to publish these applications by changing the value from &#8220;Default&#8221; (85 seconds) to &#8220;Long&#8221; (180 seconds. This setting is in the &#8220;Application Proxy&#8221; menu for your application.</p>&#10;<p><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/06/060117_1629_Wevemadethe1.png" /></p>&#10;<p>If your application consistently responds in less than 85 seconds, we recommend keeping the default. This ensures the Application Proxy Connector does not consume unnecessary resources.</p>&#10;<h1>Tell us what you think!</h1>&#10;<p>We hope you&#8217;re as excited as we are about these changes! As always, we&#8217;d love to hear from you with any questions or feedback, so please leave a comment here or in the <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/160608-application-proxy">Admin Portal Forum</a>. You can also reach us directly at <a href="mailto:aadapfeedback@microsoft.com">aadapfeedback@microsoft.com</a>.</p>&#10;<p>Thanks,</p>&#10;<p>Harshini Jayaram (Twitter: <a href="https://twitter.com/ShiniJayaram">@ShiniJayaram</a>)</p>&#10;<p>Program Manager II</p>&#10;<p>Azure AD Application Proxy</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/06/01/weve-made-the-azure-ad-app-proxy-even-better/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>User provisioning from Workday to Azure AD is now in Public Preview!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/31/user-provisioning-from-workday-to-azure-ad-is-now-in-public-preview/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/31/user-provisioning-from-workday-to-azure-ad-is-now-in-public-preview/#comments</comments> <pubDate>Wed, 31 May 2017 16:00:27 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[Cloud Platform Services]]></category> <category><![CDATA[Identity Governance]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=52176</guid> <description><![CDATA[Howdy folks, We have some great news to share today! Customers can now use the public preview of Azure Active Directory&#8217;s cloud-based user provisioning service to orchestrate user provisioning from Workday to Azure Active Directory, Windows Server Active Directory, and more! Since we began building our Workday integratios, we&#8217;ve worked hand in hand with our <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/31/user-provisioning-from-workday-to-azure-ad-is-now-in-public-preview/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>We have some great news to share today! Customers can now use the public preview of Azure Active Directory&#8217;s cloud-based user provisioning service to orchestrate user provisioning from Workday to Azure Active Directory, Windows Server Active Directory, and more!</p>&#10;<p>Since we began building our Workday integratios, we&#8217;ve worked hand in hand with our private preview customers and received lots of feedback that account provisioning from Workday needs to be solved end-to-end. When a new employee is hired, they need to be provisioned into Azure Active Directory, Windows Server Activity Directory, Office 365, and third-party apps. And when their employee account in Workday changesa name change, title change, manager change, or terminationthose changes need to be synchronized to all these systems. Additionally, key user attributes like email addresses need to be automatically written back to Workday when mailboxes are provisioned or updated in your organization&#8217;s email system.</p>&#10;<p>With the public preview of Workday Inbound Provisioning to Azure Active Directory, customers can now do all of this from the cloud! Azure AD&#8217;s cloud-based user provisioning service can extract and query users from Workday and synchronize them directly to either on-premises Active Directory or to Azure Active Directory for cloud-only users. The provisioning service can synchronize directly to on-premises Active Directory using a new thin client that is deployed alongside Azure AD Connect.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/053117_0507_Useraccount1.png" /></p>&#10;<p>By using Azure AD Connect and our existing library of SaaS app connectors in conjunction with these new features, customers can now achieve end-to-end user provisioning from Workday to their identity systems and SaaS apps.</p>&#10;<p>This feature is available in public preview today for all customers using Azure AD Premium P1. To get started, check out our <a href="https://docs.microsoft.com/azure/active-directory/active-directory-saas-workday-inbound-tutorial"><strong>Tutorial for Configuring Workday for Inbound Synchronization</strong></a> which guides you through configuring and deploying a solution using the new Azure management portal.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/053117_0507_Useraccount2.png" /></p>&#10;<p>Please take this new preview for a spin and let us know what you think. And, as always, we&#8217;d like to say a special thank you to our partners at Workday for helping us make this feature a reality for our mutual customers!</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: @Alex_A_Simons)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/31/user-provisioning-from-workday-to-azure-ad-is-now-in-public-preview/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Breaking down EMS Conditional Access: Part 3</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/26/breaking-down-ems-conditional-access-part-3/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/26/breaking-down-ems-conditional-access-part-3/#respond</comments> <pubDate>Fri, 26 May 2017 20:15:15 +0000</pubDate> <dc:creator><![CDATA[Enterprise Mobility Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51995</guid> <description><![CDATA[This post is the third of a three-part series detailing Conditional Access from Microsoft Enterprise Mobility + Security. Today we are re-publishing the third installment with the white paper Protect your data at the front door with conditional access. Through this blog series, weve taken a closer look at conditional access with Enterprise Mobility + <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/26/breaking-down-ems-conditional-access-part-3/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p><em>This post is the third of a three-part series detailing </em><a href="https://www.microsoft.com/en-us/cloud-platform/conditional-access"><em>Conditional Access</em></a><em> from Microsoft Enterprise Mobility + Security. Today we are re-publishing the third installment with the white paper </em><a href="https://info.microsoft.com/EMS-Conditional-Access-Whitepaper.html"><em>Protect your data at the front door with conditional access</em></a><em>.</em></p>&#10;<p>Through this blog series, weve taken a closer look at conditional access with Enterprise Mobility + Security and the innovations that can help you define and inform your policies with different layers of controls for <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/10/31/breaking-down-ems-conditional-access-part-1/">user/location, applications</a>, and <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/05/breaking-down-ems-conditional-access-part-2/">devices</a>. Most of the scenarios weve discussed have addressed user-based vulnerabilities, but its important to take into consideration the broader threat landscape and its complex risks.</p>&#10;<h3>Risk-based conditional access</h3>&#10;<p>Although attacks are increasingly sophisticated, each one leaves revealing traces, a calling card. This data can be used to find patterns that will help us protect against attacks. But processing such tremendous volume is no small taskso we got to work. Every month we update more than 1 billion PCs, service more than 450 billion authentications, and analyze more than 200 billion emails for malware and malicious websites. We see just about every kind of attack there is, and we push the data directly into our <a href="https://www.microsoft.com/en-us/security/intelligence">Microsoft Intelligent Security Graph</a>.</p>&#10;<p>The graph pulls together all of the telemetry and signals that come in from the hundreds of cloud services operated by Microsoft, extensive and ongoing research, and data from partnerships with industry leaders and law enforcement organizations. This graph is unique to Microsoft. We apply our machine learning and data analytics to identify suspicious and anomalous activities that characterize modern sophisticated attacks. The graph makes it possible for us to deliver recommendations and automated actions that protect, detect, and respond across different attack vectors.</p>&#10;<p>You can use the Microsoft Intelligence Graph to inform your conditional access policies to protect against risk events by blocking access when risk is detected.</p>&#10;<h3>Leaked credentials</h3>&#10;<p>Microsoft security researchers search for credentials that have been posted on the dark web, which usually appear in plain text. Machine learning algorithms compare these credentials with Azure Active Directory credentials and report any match as leaked credentials.</p>&#10;<h3>Impossible travel or atypical locations</h3>&#10;<p>Machine intelligence detects when two sign-ins originate from different geographic locations within a window of time too short to accommodate travel from one to the other. This is a pretty good indicator that a bad actor succeeded in logging on.</p>&#10;<p>Machine intelligence also flags sign-ins at atypical locations by comparing them against past sign-ins of every user. Sign-ins from familiar devices or sign-ins from or near familiar locations will pass.</p>&#10;<h3>Sign-ins from potentially infected devices</h3>&#10;<p>The Microsoft Intelligent Security Graph maintains a list of IP addresses known to have been in contact with a bot server. Devices that attempt to contact resources from these IP addresses are possibly infected with malware and are therefore flagged.</p>&#10;<h3>Sign-ins from anonymous IP addresses</h3>&#10;<p>People who want to hide their devices IP address, often with malicious intent, frequently use anonymous proxy IP addresses. A successful sign-in from an anonymous IP address is flagged as a risky event. If the risk score is medium, a risk-based conditional access policy can require MFA as additional proof of identity.</p>&#10;<h3>Sign-ins from IP addresses with suspicious activity</h3>&#10;<p>Multiple failed sign-in attempts that occur over a short period of time, across multiple user accounts, and that originate from a single IP address, also trigger a risk event. Traffic patterns that match those of IP addresses used by attackers are a strong indication that accounts are either already compromised or will be very soon, although the traffic pattern may also originate from an IP address shared with multiple devices via a router or similar device.</p>&#10;<h2>Beyond access control</h2>&#10;<p>Microsoft Enterprise Mobility + Security (EMS) delivers innovative security technologies that provide a holistic, <a href="http://download.microsoft.com/download/E/C/7/EC78FF06-02BB-4DFD-9EBB-CADB66BB594F/Microsoft_Identity Driven Security_Datasheet_EN_US.pdf">identity-driven approach</a> to mobility, identity, and security in a mobile-first, cloud-first world.</p>&#10;<p>While our risk-based conditional access helps protect your data at the front door, EMS also gives you visibility into user, device, and data activity on-premises and in the cloud, and includes solutions that allow you to protect your corporate data from user mistakes with stronger controls and enforcement.</p>&#10;<p>&nbsp;</p>&#10;<h4>To get a full picture of conditional access from EMS, <a href="https://info.microsoft.com/EMS-Conditional-Access-Whitepaper.html">download our white paper today</a>.</h4>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/26/breaking-down-ems-conditional-access-part-3/feed/</wfw:commentRss> <slash:comments>0</slash:comments> </item> <item> <title>Azure AD Privileged Identity Management Approval Workflows are now in Public Preview!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/#comments</comments> <pubDate>Wed, 24 May 2017 16:00:54 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Identity-driven Security]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51835</guid> <description><![CDATA[Howdy folks, I am thrilled to be able to share some news today. We&#8217;ve just turned on the public preview of some major updates to the Azure AD Privileged Identity Management service: A new, improved user experience New approval workflow for improved role security Audit History for everyone in temporary role assignments The redesigned user <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>I am thrilled to be able to share some news today. We&#8217;ve just turned on the public preview of some major updates to the Azure AD Privileged Identity Management service:</p>&#10;<ul>&#10;<li>A new, improved user experience</li>&#10;<li>New approval workflow for improved role security</li>&#10;<li>Audit History for everyone in temporary role assignments</li>&#10;</ul>&#10;<p>The redesigned user experience, Audit History, and Approval Workflow are available now for current Azure AD P2 customers (paid and trial). Don&#8217;t have PIM? <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">Get your free trial of Enterprise Mobility + Security E5.</a></p>&#10;<p>Read on for more details about this exciting new preview!For those of you unfamiliar with PIM for Azure AD, this feature helps you:</p>&#10;<ul>&#10;<li>Discover and manage privileged role assignments in your directory at scale</li>&#10;<li>Reduce the risk of permanent assignments by allowing users to activate their roles Just-In-Time (JIT)</li>&#10;<li>Easily review role assignments for compliance, internal audit, or general lifecycle management</li>&#10;<li>Detect potential rists and fix them with a click of a button via preconfigured alerts and activity logs</li>&#10;<li>Provide contractors and vendors the ability to self-activate administration privileges at any time</li>&#10;</ul>&#10;<p><strong>Strengthen the security of your organization&#8217;s applications with Approval Workflow!<br />&#10;</strong></p>&#10;<p>This preview allows organizations to require approval for any directory role or Global Administrator role requests, and also define the users who can approve or deny these access requests.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/052417_1424_AzureADPriv1.png" /></p>&#10;<p>Requesting a role that requires approval is simple. Select the role, provide your reason for access, validate your identity with multi-factor authentication (if required), and click activate. You will receive an email when your role is approved.</p>&#10;<p>Approvers are automatically notified to view and approve pending requests, either individually or in bulk, via the Azure Portal or API.</p>&#10;<p style="text-align: center">d<img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/052417_1424_AzureADPriv2.png" /></p>&#10;<p><strong>View all temporary role assignments with the new &#8220;My Audit History</strong>&#8221;</p>&#10;<p>When you request to activate a role that requires approval, it&#8217;s critical that you have a way to view the status of the request. So we are introducing My Audit History, a new viewin the updated user interface that lets you see status and activation history for all your temporary role assignments.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/052417_1424_AzureADPriv3.png" /></p>&#10;<p><strong>Try it out!<br />&#10;</strong></p>&#10;<p>I hope you&#8217;ll try out these new features and let us know what you think. Visit our documentation for more information or <a href="mailto:pim_preview@microsoft.com?subject=Feedback">send us feedback</a> directly we&#8217;re always listening.</p>&#10;<p>Best regards,</p>&#10;<p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/feed/</wfw:commentRss> <slash:comments>1</slash:comments> </item> <item> <title>Get Intune PowerShell samples for Microsoft Graph API</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/get-intune-powershell-samples-for-microsoft-graph-api/</link> <pubDate>Mon, 15 May 2017 16:00:49 +0000</pubDate> <dc:creator><![CDATA[Microsoft Intune Team]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Office 365]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51425</guid> <description><![CDATA[In a recent blog post, you saw how the Microsoft Graph API enables you to automate workflows, access data, and integrate your applications using a single endpoint for Intune, Azure Active Directory, and Office 365. ]]></description> <content:encoded><![CDATA[<p>In a <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/03/20/microsoft-enterprise-mobility-security-and-the-microsoft-graph-api/">recent blog post</a>, you saw how the <a href="https://developer.microsoft.com/en-us/graph/">Microsoft Graph API</a> enables you to automate workflows, access data, and integrate your applications using a single endpoint for Intune, Azure Active Directory, and Office 365. Microsoft Graph API gives you access to Intune data such as configuration profiles, mobile applications, conditional access policies, and more &#8211; but in a programmatic way.</p>&#10;<p>&nbsp;</p>&#10;<p><a href="https://msdnshared.blob.core.windows.net/media/2017/05/Microsoft-Graph-API.png"><img width="843" height="577" title="Microsoft Graph API" class="aligncenter" style="float: none;padding-top: 0px;padding-left: 0px;margin-left: auto;padding-right: 0px;margin-right: auto;border-width: 0px" alt="Microsoft Graph API" src="https://msdnshared.blob.core.windows.net/media/2017/05/Microsoft-Graph-API_thumb.png" border="0" /></a></p>&#10;<p>&nbsp;</p>&#10;<p>A lot of our customers were excited to get started with Microsoft Graph API, and we would like to give you a jump start. Weve put a set of PowerShell sample scripts in Github for you: <a href="https://github.com/microsoftgraph/powershell-intune-samples">https://github.com/microsoftgraph/powershell-intune-samples</a>. These sample scripts demonstrate how you can use Microsoft Graph API to create or update mobile applications, compliance policy, RBAC roles, and configuration profiles among other common tasks.</p>&#10;<p>To get started, visit <a href="https://github.com/microsoftgraph/powershell-intune-samples">Github</a>, ensure you have all the prerequisites installed (check out readme.md), and that youre using a test tenant. Then give the scripts a try and let us know what you think!</p>&#10;<p>Note: The Intune and Azure AD APIs are available in preview now as part of the Microsoft Graph API beta and will be generally available later in 2017.*For a closer look, check out the documentation on how to use <a href="https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview">Intune</a> and <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api">Azure Active Directory</a> APIs.</p>&#10;<hr />&#10;<p><em>*Use of a Microsoft online service requires a valid license. Therefore, accessing EMS, Microsoft Intune, or Azure Active Directory Premium features via Microsoft Graph API requires paid licenses of the applicable service and compliance with Microsoft Graph API Terms of Use.</em></p>&#10;]]></content:encoded> </item> <item> <title>The new Azure AD Admin Console is GA!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/#comments</comments> <pubDate>Mon, 15 May 2017 16:00:33 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51556</guid> <description><![CDATA[Howdy folks, Today is a big day for our customers. I&#8217;m incredibly excited to announce that the Azure Active Directory Admin Console (in the new Azure portal) is now Generally Available! Last September, we kicked off the public preview of our new console at http://portal.azure.com and since over 750k admins from 500k organizations have tried <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Today is a big day for our customers. I&#8217;m incredibly excited to announce that the Azure Active Directory Admin Console (in the new Azure portal) is now Generally Available!</p>&#10;<p>Last <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/09/12/the-azuread-admin-experience-in-the-new-azure-portal-is-now-in-public-preview/">September</a>, we kicked off the public preview of our new console at <a href="http://portal.azure.com">http://portal.azure.com</a> and since over 750k admins from 500k organizations have tried it out.You&#8217;ve told us that you love the new experience, so we hope you&#8217;re as excited today as we are!</p>&#10;<p>This has been a huge effort across the entire Identity Division and we are looking forward to having you use it.</p>&#10;<p>Give it a try at <a href="http://aad.portal.azure.com">http://aad.portal.azure.com</a>, or watch the overview video below, and let us know what you think.</p>&#10;<p><iframe width="960" height="540" src="https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Azure-Active-Directory-Admin-Experience-in-the-Azure-Portal/player" allowfullscreen="allowfullscreen" frameborder="0"></iframe></p>&#10;<p>If you&#8217;d like more detail, keep reading. I&#8217;ve asked Principal Program Manager Ilana Smith to tell you a bit about what we built. <span style="background-color: yellow"><br />&#10;</span></p>&#10;<p>Best Regards,</p>&#10;<p>Alex Simons (Twitter: @Alex_A_Simons)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;<p>&#8212;&#8211;</p>&#10;<p>As we migrated the admin console to the new Azure portal, we began by listening to you, our customers. You told us you wanted a better view into your organization. To easily understand what kind of activity was occurring. To be able to quickly figure out what information was available. To understand who had access to what and to understand how and when users were granted access.</p>&#10;<p>Based on that feedback, we designed the new experience to:</p>&#10;<ul>&#10;<li>Be simple and optimized for getting work done.</li>&#10;<li>Provide <em>insight</em> to help you make the right decisions.</li>&#10;<li>Give you easy access to information.</li>&#10;<li>Give you information you didn&#8217;t previously have.</li>&#10;<li>Enable you to dig into all the nitty gritty details.</li>&#10;</ul>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/051517_0529_ThenewAzure1.png" /></p>&#10;<p style="text-align: center"><a href="http://aad.portal.azure.com"><em>http://aad.portal.azure.com</em></a></p>&#10;<p><strong>Know Your Organization<br />&#10;</strong></p>&#10;<p>The new experience begins with our brand-new landing page and dashboard. This scoped version of the Azure portal is new for our GA release and is available at <a href="http://aad.portal.azure.com">http://aad.portal.azure.com</a>. Here we focus purely on directory functionality and provide access to all Azure Active Directory features.</p>&#10;<p>From this dashboard, you can get an overview of the state of your organization, and easily dive into managing the directory, users, or application access.</p>&#10;<p><strong>Understand access<br />&#10;</strong></p>&#10;<p>Understanding what a user has access to, and when and how that access was granted, is essential for managing and securing your organization. A key part of our experience is the holistic view of access that we provide, pivoted on a user. From this view you can see the groups that user is a member of, what role they have, what licenses have been assigned, and their Azure resources.</p>&#10;<p>New in this GA release is the view of what applications a user has access to, either assigned or consented. This is a ground-breaking new view of directory information, and we will dig into it further in a future blog post.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/051517_0529_ThenewAzure2.png" /><em><br />&#10;</em></p>&#10;<p style="text-align: center"><em>All the applications a user has access to</em></p>&#10;<p><strong>Story of your organization<br />&#10;</strong></p>&#10;<p>We took a fresh approach to reporting on activity. Rather than providing a number of fixed reports, we now provide audit and sign-in activity as streams of data with rich filtering and search capabilities. You can see the activity for the whole organization, or dive into a single user, group, or application, and then slice and dice the information in whatever way is most useful for you.</p>&#10;<p style="text-align: center"><img alt="" src="https://msdnshared.blob.core.windows.net/media/2017/05/051517_0529_ThenewAzure3.png" /></p>&#10;<p style="text-align: center"><em>View all activity for your organization or a single user, group, or application.<br />&#10;</em></p>&#10;<p>These activity reports are also available via API, so they can easily be pulled into things like your existing SIEM tool. We even have a <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/01/20/admins-rejoice-azure-active-directory-meets-power-bi/">PowerBI content pack</a> ready to go. Find out more about <a href="https://blogs.technet.microsoft.com/enterprisemobility/2016/11/08/azuread-weve-just-turned-on-detailed-auditing-and-sign-in-logs-in-the-new-azure-portal/">our reporting capabilities</a>.</p>&#10;<p><strong>Integration with other services<br />&#10;</strong></p>&#10;<p>One of the most exciting things about moving to the new Azure portal is the opportunity to integrate with the other services you use. While we have a scoped directory experience, our full functionality continues to be available at <a href="http://portal.azure.com">http://portal.azure.com</a>, so you can make the most of it while working with other Azure services such as Microsoft Intune and our Enterprise Mobility + Security conditional access experience.</p>&#10;<p>The new portal does not require an Azure subscription, which streamlines access, especially for Office 365 admins, whose lives will be made easier with our new <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/02/22/announcing-the-public-preview-of-azure-ad-group-based-license-management-for-office-365-and-more/">group-based licensing</a> functionality.</p>&#10;<p><strong>What&#8217;s Next<br />&#10;</strong></p>&#10;<p>Our team is working hard to continue innovating and adding value, so, to that end, we have a couple more features on the way, including MFA provider management and Azure AD Domain Services.</p>&#10;<p>We&#8217;d all like to thank you so much for your contributions to this release.A project this important could not have been successful without the continual guidance of your feedback.Our work is never done, so keep it coming! You can always talk to us in the &#8216;Admin Portal&#8217; section of our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/162510-admin-portal">feedback forum</a>.</p>&#10;<p>Thanks,</p>&#10;<p>Ilana Smith</p>&#10;<p>Principal PM Manager</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/feed/</wfw:commentRss> <slash:comments>4</slash:comments> </item> <item> <title>Azure Active Directory at Microsoft Build 2017</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/10/azure-active-directory-at-microsoft-build-2017/</link> <pubDate>Wed, 10 May 2017 19:00:02 +0000</pubDate> <dc:creator><![CDATA[John Justice [MSFT]]]></dc:creator> <category><![CDATA[Announcements]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51385</guid> <description><![CDATA[Hi everyone, Happy Build week! Every team in the Identity Division is focusing more than ever on making developers successful on our identity platform, so were really excited to share todays news: Azure Active Directory B2C enhancements and the new Microsoft Authentication Libraries (MSAL), both available in preview. Azure Active Directory B2C: Super simple or <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/10/azure-active-directory-at-microsoft-build-2017/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Hi everyone,</p>&#10;<p>Happy Build week!</p>&#10;<p>Every team in the Identity Division is focusing more than ever on making developers successful on our identity platform, so were really excited to share todays news: Azure Active Directory B2C enhancements and the new Microsoft Authentication Libraries (MSAL), both available in preview.</p>&#10;<h2>Azure Active Directory B2C: Super simple or as customized as you need!</h2>&#10;<p>Since its <a target="_blank" href="https://azure.microsoft.com/en-us/blog/azuread-b2c-ga-announcement/">general availability in July 2016</a>, Azure AD B2C has helped organizations around the world connect with millions of customers through its scalability, reliability, and flexibility. Driven by your feedback, weve added several new capabilities over the last 10 months: <a target="_blank" href="https://blogs.msdn.microsoft.com/appserviceteam/2016/06/22/app-service-auth-and-azure-ad-b2c/">Support for App Service</a>, <a target="_blank" href="https://azure.microsoft.com/en-us/blog/azure-ad-b2c-access-tokens-now-in-public-preview/">Access tokens</a>, <a target="_blank" href="https://azure.microsoft.com/en-us/blog/new-in-azure-ad-b2c/">Single-page app (SPA) support, Usage reporting APIs, Friction-free consumer sign-up</a>.</p>&#10;<p>Last month we made the service globally available and also offered organizations the option to choose datacenter location in either Europe or the US only, to help with data protection regulations. Today we are providing even more flexibility by adding support for 37 languages and enabling two different configuration options:</p>&#10;<ul>&#10;<li><strong>Simple:</strong> The standard, out-of-the-box option that requires minimal or no code will still be available for those projects that are straightforward and dont require customization.</li>&#10;<li><strong>Custom:</strong> For more demanding sign-up and sign-in scenarios, Azure Active Directory B2C will expose the power of the core engine of Azure Active Directory platform for a fully customizable user experience.</li>&#10;</ul>&#10;<p>This new custom configuration option, which is currently in public preview, lets developers:</p>&#10;<ul>&#10;<li>Integrate with existing user databases of customers/citizens/employees, CRM systems, and marketing analytics tools</li>&#10;<li>Define user journeys step-by-step as exchanges between claims providers</li>&#10;<li>Define conditional branching in user journeys</li>&#10;<li>Integrate REST API-enabled services in custom authentication user journeys</li>&#10;<li>Enable federation with identity providers compliant with the OpenID Connect standard.</li>&#10;<li>Enable federation with identity providers adhering to the SAML 2.0 protocol</li>&#10;</ul>&#10;<p>We hope you find these new features as critical to your business as the team from the <a target="_blank" href="https://customers.microsoft.com/en-us/story/indianaofficeoftechnology">State of Indiana</a> did:</p>&#10;<p><em><strong>Having the ability to do everything as efficiently as possible helps make Indiana a great state to live in and do business [in]. Were one of the more business-friendly states in the Midwest, and INBiz with Azure AD B2C ensures that we can strengthen that position.</strong></em></p>&#10;<p>Jim Obermaier, Program Manager for INBiz, Indiana Secretary of State</p>&#10;<p>Visit the <a target="_blank" href="https://azure.microsoft.com/en-us/services/active-directory-b2c/">Azure AD B2C website</a> for more details.</p>&#10;<h2>Azure Active Directory and Microsoft Accounts: New public preview libraries</h2>&#10;<p>We are also announcing the new Microsoft Authentication Library (MSAL) for <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-js">JavaScript</a>, <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-objc">iOS</a>, and <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-android">Android</a>, as well as updates to the already-available MSAL preview for <a target="_blank" href="https://github.com/AzureAD/microsoft-authentication-library-for-dotnet">.Net</a>. Using the new protocol endpoint of Azure Active Directory, MSAL enables developers to build web, mobile, and PC applications that allow users to sign in from both Microsoft personal accounts and Azure Active Directory work and school accounts, as well as get access tokens to call the Microsoft Graph. MSAL is also the library to use if you are building apps with Azure AD B2C.</p>&#10;<p>We have heard your feedback that integrating with Azure Active Directory and Microsoft Accounts needs to be really simple. We are pleased to announce our new interactive guided walkthroughs for apps looking to integrate with the MSAL libraries for .Net and Android. To try these guided walkthroughs, go to the <a target="_blank" href="https://apps.dev.microsoft.com/">Application Registration Portal</a> and click add an app. Additional guided walkthroughs are coming soon.</p>&#10;<p>MSAL is the successor to the Active Directory Authentication Library (ADAL), which will remain fully supported while MSAL is in preview. Please read this <a target="_blank" href="https://azure.microsoft.com/en-us/blog/start-writing-applications-today-with-the-new-microsoft-authentication-sdks/">blog post by Vittorio Bertocci</a> for more details.</p>&#10;<p>The identity team is also working on Microsoft Graph. I suggest you <a target="_blank" href="https://dev.office.com/blogs/microsoft-graph-at-build-2017">read this blog</a> to learn whats new for Office on Microsoft Graph.</p>&#10;<h2>Come talk to us at Microsoft Build 2017</h2>&#10;<p>If youre attending Microsoft Build 2017 this week in Seattle, do join us at the Azure Active Directory booth in the expo area, or come to our sessions where well be sharing more detail on these exciting new capabilities:</p>&#10;<ul>&#10;<li>The keys to the cloud: Use Microsoft identities to sign in and access API from your mobile and web apps by Vittorio Bertocci(T4CD93)</li>&#10;<li>Securely sign-in your customers with Azure Active Directory B2C by Gerardo Saca (TD0863)</li>&#10;<li>Azure Active Directory v2 endpoint and MSAL: What&#8217;s new by Stuart Kwan (prerecorded session TCC1AF)</li>&#10;<li>Microsoft Graph: Build better apps with the API to your organization by Yina Arenas (T485A8)</li>&#10;<li>Add custom data to Microsoft Graph by Dan Kershaw (prerecorded session T8A08C)</li>&#10;<li>Build end-to-end solutions across the Common Data Service, Microsoft Dynamics 365, and Office 365 by Chris Garty and Suresh Jayabalan (prerecorded session TB95B4)</li>&#10;<li>Microsoft Graph delta query and webhooks by Jeff Sakowicz (prerecorded session T838C7)</li>&#10;<li>Using Microsoft Graph to connect to Office 365 data by Yina Arenas (T2F889)</li>&#10;</ul>&#10;<p>Stay on top of news and announcements by following us on <a target="_blank" href="http://www.twitter.com/azuread">Twitter</a>, and visit our new <a target="_blank" href="https://azure.microsoft.com/en-us/develop/identity/">Azure AD for developers website</a>.</p>&#10;<p>We hope you try out these new features and, as always, look forward for your feedback and <a target="_blank" href="https://feedback.azure.com/forums/169401-azure-active-directory/category/160596-b2c?query=github">suggestions</a>!</p>&#10;<p>John Justice</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Developer Platform</p>&#10;]]></content:encoded> </item> <item> <title>Azure AD and third-party apps: It’s a bigger deal than you might think!</title> <link>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/</link> <comments>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/#comments</comments> <pubDate>Mon, 01 May 2017 16:00:52 +0000</pubDate> <dc:creator><![CDATA[Alex_SimonsMS]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Apps]]></category> <category><![CDATA[Cloud]]></category> <category><![CDATA[SaaS]]></category> <category><![CDATA[SSO]]></category> <guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=51195</guid> <description><![CDATA[Howdy folks, Today I&#8217;ve got a new batch of data to share that I hope many of you will find interesting and useful. Those of you who follow the blog know that Azure AD works well with a ton of applications and that our app gallery features over 2,800 pre-integrated third-party apps. (Third-party meaning apps <p><a class="read-more" href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/">Continue reading</a></p>]]></description> <content:encoded><![CDATA[<p>Howdy folks,</p>&#10;<p>Today I&#8217;ve got a new batch of data to share that I hope many of you will find interesting and useful.</p>&#10;<p>Those of you who follow the blog know that Azure AD works well with a ton of applications and that our app gallery features over 2,800 pre-integrated third-party apps. (Third-party meaning apps that were written by someone other than Microsoft).</p>&#10;<p>But did you ever wonder which apps people use the most? Or how many people use Azure AD with third-party apps? Well today your questions will be answered.</p>&#10;<p>Let&#8217;s start with the top-level numbers.</p>&#10;<ul>&#10;<li>In April, <strong>6.7 million unique active users</strong> signed into a third-party app using Azure AD. Pretty amazing right? And that number is growing 10-12% every month!</li>&#10;<li>Those 6.7 million unique active users signed into more than <strong>190k </strong><strong>third-party apps</strong>! And that number grows by 10k to 20k apps per month. (Yes, this numbers blows my mind too!)</li>&#10;</ul>&#10;<p>Those are some really big numbers. They give you an idea of just how big the use of Azure AD as a cloud IDaaS service is. Even more exciting for us is how fast usage is growing, both in terms of the number of unique active users and unique active applications. Let&#8217;s take a look at the growth in these numbers over the last 12 months:</p>&#10;<p style="text-align: left"><img width="957" height="786" class="size-full wp-image-51235 aligncenter" alt="unique-users-vs-apps" src="https://msdnshared.blob.core.windows.net/media/2017/04/unique-users-vs-apps.png" /></p>&#10;<p style="text-align: left">The number of Azure AD tenants (a good proxy for customers) that have a user using third-party apps is growing at a similar pace:</p>&#10;<p style="text-align: center"><img width="954" height="789" class="alignnone wp-image-51245 size-full" alt="unique-users-vs-tenants" src="https://msdnshared.blob.core.windows.net/media/2017/04/unique-users-vs-tenants.png" /></p>&#10;<p style="text-align: left">Now, you might also be wondering: what kinds of apps are these people using?</p>&#10;<p>As you would expect, customers use Azure AD with Office 365 and Azure more than anything else, but they also use Azure AD with a boatload of third-party SaaS apps, custom line-of-business apps and on-premises apps. Many of our largest customers have all of these types of apps integrated with Azure AD. One of our customers already has 1,329 unique third-party applications their employees access using Azure AD!</p>&#10;<p>You&#8217;re probably also curious about which third-party SaaS apps Azure AD users use the most. Here&#8217;s a chart with the top 15 third-party SaaS apps by usage month for the last nine months:</p>&#10;<p style="text-align: center"><img width="1024" height="537" class="size-large wp-image-51225 aligncenter" alt="top-3rd-party-apps" src="https://msdnshared.blob.core.windows.net/media/2017/04/Top-3rd-party-apps-1024x537.png" /></p>&#10;<p style="text-align: left">Pretty cool, right? Who would have guessed that there would be a lot of customers using Azure AD with Google Apps, Workday, or ServiceNow? When we started working on Azure AD Premium five years ago, I hoped this would be the case. It&#8217;s exciting to see it&#8217;s happening!</p>&#10;<p>Hopefully this was interesting information, and you found it useful. If we see a lot of interest, I&#8217;ll start publishing this data on a regular basis.</p>&#10;<p>And thanks to our customers for betting on us and making this happen. We really appreciate your vote of confidence and we wouldn&#8217;t be here without the awesome input and feedback you&#8217;ve given us.</p>&#10;<p>Best Regards,</p>&#10;<p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p>&#10;<p>Director of Program Management</p>&#10;<p>Microsoft Identity Division</p>&#10;]]></content:encoded> <wfw:commentRss>https://blogs.technet.microsoft.com/enterprisemobility/2017/05/01/azure-ad-and-third-party-apps-its-a-bigger-deal-than-you-might-think/feed/</wfw:commentRss> <slash:comments>4</slash:comments> </item> </channel> </rss>