Protect your business with identity and access management in the cloud
Get single sign-on to thousands of cloud apps and access to web apps that you run on-premises with Azure Active Directory Premium. Built for ease of use, Azure Active Directory management tools enable collaboration and deliver holistic identity protection and adaptive access control.
Benefits of Active Directory
Single sign-on to any cloud and on-premises web app
Azure Active Directory provides secure single sign-on to cloud and on-premises applications including Microsoft Office 365 and thousands of SaaS applications such as Salesforce, Workday, DocuSign, ServiceNow, and Box.
See more supported SaaS apps
Easily extend Active Directory to the cloud
Connect Active Directory and other on-premises directories to Azure Active Directory in just a few clicks and maintain a consistent set of users, groups, passwords, and devices across both environments.
Connect on-premises directories with Azure
Works with iOS, Mac OS X, Android and Windows devices
Users can launch applications from a personalized web-based access panel, mobile app, Office 365, or custom company portals using their existing work credentials—and have the same experience whether they’re working on iOS, Mac OS X, Android and Windows devices.
Protect sensitive data and applications
Enhance application access security with unique identity protection capabilities that provide a consolidated view into suspicious sign-in activities and potential vulnerabilities. Take advantage of advanced security reports, notifications, remediation recommendations and risk-based policies to protect your business from current and future threats.
Protect on-premises web applications with secure remote access
Access your on-premises web applications from everywhere and protect with multi-factor authentication, conditional access policies, and group-based access management. Users can access SaaS and on-premises web apps from the same portal.
Reduce costs and enhance security with self-service capabilities
Delegate important tasks such as resetting passwords and the creation and management of groups to your employees. Providing self-service application access and password management through verification steps can reduce helpdesk calls and enhance security.
Enterprise scale and SLA
Azure Active Directory Premium offers enterprise-grade scale and reliability. As the directory for Office 365, it already hosts hundreds of millions of users and handles billions of authentications every day. The high availability service is hosted in globally distributed datacenters in 17 regions, with worldwide technical support that provides a 99.9% SLA.
Azure Active Directory applications: New apps
Clockworks
FileCloud
Cezanne HR
Flat for Education
Insider Track
BGS Online
Nexonia
Proofpoint on Demand
Lifesize Cloud
Reward Gateway
Pacific Timesheet
Cisco Spark
Recognize
Yonyx Interactive Guides
Identity Panel
Hall Monitor
MediaValet
Origami Risk
Complion
Predictix
Mojo Helpdesk
SharpCloud Standard
Boost mobile productivity with secured access to applications
Using Azure Active Directory Premium, Bristow Group provided its helicopter pilots and support crews—a highly mobile workforce—easier access to critical enterprise applications, both on-premises and in the cloud.
Read the case study
Save time with simplified identity management
Royal Dutch Shell chose Azure Active Directory to simplify identity management for vendors and employees. Now the company provides fast, secured access to external vendors, cutting onboarding time from months to less than a week.
Read the case study
<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>Azure Active Directory – Enterprise Mobility + Security</title>
<atom:link href="https://cloudblogs.microsoft.com/enterprisemobility/feed/?product=azure-active-directory" rel="self" type="application/rss+xml" />
<link>https://cloudblogs.microsoft.com/enterprisemobility</link>
<description></description>
<lastBuildDate>Wed, 08 Nov 2017 19:49:13 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>hourly</sy:updatePeriod>
<sy:updateFrequency>1</sy:updateFrequency>
<generator>https://wordpress.org/?v=4.8.3</generator>
<item>
<title>New Azure Active Directory resilience features: action required</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/27/new-azure-active-directory-resilience-features-action-required/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/27/new-azure-active-directory-resilience-features-action-required/#comments</comments>
<pubDate>Fri, 27 Oct 2017 16:00:50 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[Authentication]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=67036</guid>
<description><![CDATA[Howdy folks, If you are federating a separate identity system with your Azure Active Directory tenant, such as Active Directory Federation Server (ADFS), this blog post is for you! Were totally committed to maximizing Azure Active Directory service availability. As part of that commitment were adding more resilience features over the coming months. For most <p><a class="read-more" title="New Azure Active Directory resilience features: action required" aria-label="Read more about New Azure Active Directory resilience features: action required" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/27/new-azure-active-directory-resilience-features-action-required/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>If you are <strong>federating</strong> a separate identity system with your Azure Active Directory tenant, such as Active Directory Federation Server (ADFS), this blog post is for you!</p> <p>Were totally committed to maximizing Azure Active Directory service availability. As part of that commitment were adding more resilience features over the coming months. For most users, especially those who authenticate directly with Azure Active Directory, these benefits are completely transparent and just automatically deliver more reliability. However, organizations that use another identity system federated to Azure Active Directory for user authentication will need to make some configuration changes to see the benefits. This post will provide you with the information you need to make the necessary changes and take full advantage of these enhancements.</p> <p>The new Azure Active Directory features will enable an additional layer of failover. I’ll blog more about these new features in the coming weeks, but if you want to get them benefits of the extra availability they provide, your federation server needs to be configured to accept requests from additional URLs. If these URLs are not configured there is no impact compared with today, but the users of the federated system wont see the additional resilience benefits.</p> <h2>Running ADFS with AD Connect?</h2> <p>If you are running ADFS and an up-to-date version of AD Connect then AD Connect will make these changes for you and you dont need to take any action. You can use the information in this post, however, to check that the ADFS configuration has been updated.</p> <h2>ADFS without AD Connect?</h2> <p>If you are running ADFS without AD Connect or a different IdP federated to AAD, you will need to make the configuration changes yourself, and you can do that now, so your systems are ready to go.</p> <p>Below youll find:</p> <ul> <li>The new URLs that should be configured as valid endpoints on Identity Providers federated with AAD</li> <li>Specific instructions for manually making the configuration changes to ADFS</li> <li>How to check that your ADFS configuration has been updated if you have AD Connect set up in your environment</li> <li>How to roll-back the ADFS changes (if you need to)</li> </ul> <h2>New endpoints required in Relying Party Trust Configuration</h2> <p>Your federated identity provider will need to handle the following set of reply URLs in the Relying Party Trust configuration:</p> <pre>https://stamp2.login.microsoftonline.com/login.srf https://ccs.login.microsoftonline.com/ccs/login.srf https://ccs-sdf.login.microsoftonline.com/ccs/login.srf</pre> <h2>Specific instructions to update ADFS</h2> <p>Use PowerShell to update your ADFS configuration. This needs to be done on one ADFS node.</p> <p>For Windows 2008 and earlier systems you may need to load the ADFS powershell module if you havent already done so.</p> <pre>$rp = Get-AdfsRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline $endpoints = New-Object System.Collections.ArrayList if ( $rp.AdditionalWSFedEndpoint ) { $rp.AdditionalWSFedEndpoint | %{$endpoints.add($_)} } $endpoints.add("<a href="https://stamp2.login.microsoftonline.com">https://stamp2.login.microsoftonline.com</a>/login.srf") $endpoints.add("<a href="https://ccs.login.microsoftonline.com">https://ccs.login.microsoftonline.com</a>/ccs/login.srf") $endpoints.add("<a href="https://ccs-sdf.login.microsoftonline.com/ccs/login.srf">https://ccs-sdf.login.microsoftonline.com/ccs/login.srf</a>") set-adfsrelyingpartytrust -targetname $rp.Name -AdditionalWSFedEndpoint $endpoints</pre> <h2>Checking your ADFS configuration</h2> <p>To verify current settings use the PowerShell command:</p> <pre>Get-AdfsRelyingPartyTrust</pre> <h2>Rolling back</h2> <p>If you need to roll back your changes for any reason, heres how to do that in PowerShell:</p> <pre>$rp = Get-AdfsRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline $endpoints = New-Object System.Collections.ArrayList if ( $rp.AdditionalWSFedEndpoint ) { $rp.AdditionalWSFedEndpoint | %{$endpoints.add($_)} } $endpoints.remove("https://stamp2.login.microsoftonline.com/login.srf") $endpoints.remove("https://ccs.login.microsoftonline.com/ccs/login.srf") $endpoints.remove("https://ccs-sdf.login.microsoftonline.com/ccs/login.srf") set-adfsrelyingpartytrust -targetname $rp.Name -AdditionalWSFedEndpoint $endpoints</pre> <h2>Wrapping up</h2> <p>We strongly encourage you to take advantage of these changes to maximize the reliability of your system. Have feedback or thoughts about these changes? Wed like to hear them. Please share with us in the comments below. We look forward to hearing from you!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/alex_a_simons" target="_blank" rel="noopener">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> <p> </p> <p><strong>Update 11/1/17:</strong> Corrected Get-AdfsRelyingPartyTrust syntax to -Identifier from -Name and added version of AD Connect required for auto-update of relying party trust<span data-ccp-props="{"201341983":0,"335559739":160,"335559740":259}"> .</span></p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/27/new-azure-active-directory-resilience-features-action-required/feed/</wfw:commentRss>
<slash:comments>13</slash:comments>
</item>
<item>
<title>You asked, we’re delivering: Release notes for Azure Active Directory!</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/24/you-asked-were-delivering-release-notes-for-azure-active-directory/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/24/you-asked-were-delivering-release-notes-for-azure-active-directory/#comments</comments>
<pubDate>Tue, 24 Oct 2017 16:26:59 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=66895</guid>
<description><![CDATA[Howdy folks, I’m really pumped up about today’s news as it’s something new we’ve never tried before. A ton of you have let us know that its critically important you get information around new Azure AD feature releases and plan-for-change communications so you can better plan and maintain your IT infrastructure. We’ve never had a <p><a class="read-more" title="You asked, we’re delivering: Release notes for Azure Active Directory!" aria-label="Read more about You asked, we’re delivering: Release notes for Azure Active Directory!" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/24/you-asked-were-delivering-release-notes-for-azure-active-directory/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>I’m really pumped up about today’s news as it’s something new we’ve never tried before.</p> <p>A ton of you have let us know that its critically important you get information around new Azure AD feature releases and plan-for-change communications so you can better plan and maintain your IT infrastructure. We’ve never had a good system in the past to do that as we’ve optimized our systems for maximum agility and innovation and release notes take time and central coordination. But we know you REALLY need these detailed notes, so I’m really happy to share that weve come up with a model for publishing detailed release notes (What’s new), and our first set has just gone live this week.</p> <p>You can find all release notes at <a href="https://docs.microsoft.com/en-us/azure/active-directory/whats-new" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/azure/active-directory/whats-new</a>.</p> <p><img class="aligncenter size-large wp-image-66898" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/Azure-AD-Release-Notes-1024x562.png" alt="Azure AD release notes" width="1024" height="562" srcset="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/Azure-AD-Release-Notes-1024x562.png 1024w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/Azure-AD-Release-Notes-300x165.png 300w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/Azure-AD-Release-Notes-768x422.png 768w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/Azure-AD-Release-Notes-330x181.png 330w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/Azure-AD-Release-Notes.png 1581w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p>Well be covering all type of releases in these notes, including:</p> <ul> <li>New features</li> <li>Changed features</li> <li>Plan-for-change updates (including deprecations, changes to your environment, UX changes, and more)</li> <li>Bug fixes</li> </ul> <h2>A few more details</h2> <p>To begin with, well be publishing release notes monthly while we work the kinks out of the system. Plan-for-change communications or any known issues will be published out of cycle. Once we have the process ironed out, our goal will be to publish release notes once every two weeks.</p> <p>Were always looking for feedback, and that goes for our release notes, too. You can share your thoughts with us on these notes in the Comments section on our documentation site well take your feedback and incorporate it as we can to make these notes as useful as possible. Thanks for your continued support, and be sure to let us know what you think!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="http://twitter.com/alex_a_simons/" target="_blank" rel="noopener">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/24/you-asked-were-delivering-release-notes-for-azure-active-directory/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>This one is important: Time to migrate your v1.0 Conditional Access policies to v2.0!</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/23/this-one-is-important-time-to-migrate-your-v1-0-conditional-access-policies-to-v2-0/</link>
<pubDate>Mon, 23 Oct 2017 16:49:00 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://cloudblogs.microsoft.com/enterprisemobility/?p=66859</guid>
<description><![CDATA[Howdy folks, Azure AD Conditional Access policies in the new Azure portal offer a powerful integrated experience to meet your organizations security and compliance needs. As we approach the sunset date of Azure AD in the classic Azure portal, its important that you move from policies at an app level in the classic portal to <p><a class="read-more" title="This one is important: Time to migrate your v1.0 Conditional Access policies to v2.0!" aria-label="Read more about This one is important: Time to migrate your v1.0 Conditional Access policies to v2.0!" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/23/this-one-is-important-time-to-migrate-your-v1-0-conditional-access-policies-to-v2-0/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Azure AD Conditional Access policies in the new Azure portal offer a powerful integrated experience to meet your organizations security and compliance needs. As we approach the sunset date of Azure AD in the classic Azure portal, its important that you move from policies at an app level in the classic portal to Azure AD Conditional Access policies. We want your journey to be smooth, so to that end, well be providing:</p> <ol> <li><strong>A view of classic policies in the new Azure portal.</strong> This view will show you policies created in the classic Azure portal, Intune Silverlight portal, and the Intune App Protection portal.</li> <li><strong>A disable option for each classic policy.</strong> Once youve re-created the policies, youll need to disable the old classic policy.</li> </ol> <p>With these features youll be able to access your policies even after the classic portal sunsets and migrate on a timeline that works best for you. Please note that the classic policies will continue to be enforced until you disable them or choose to migrate them.</p> <h2>Get started with migration</h2> <p>Take a look at the detailed guidance and examples we’ve put together on <a href="https://aka.ms/camigration" target="_blank" rel="noopener">how to migrate to Azure AD conditional access policies</a>. Please reach out to us at <a href="mailto:azureadcamigration@microsoft.com" target="_blank" rel="noopener">azureadcamigration@microsoft.com</a> with any questions or feedback you have as you get started. We look forward to hearing from you.</p> <p>Best Regards,</p> <p>Alex Simons (Twitter: <a href="http://twitter.com/alex_a_simons" target="_blank" rel="noopener">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
</item>
<item>
<title>Improving access control with three new Azure AD public previews</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/10/05/improving-access-control-with-three-new-azure-ad-public-previews/</link>
<pubDate>Thu, 05 Oct 2017 18:26:42 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[leadership]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=56275</guid>
<description><![CDATA[Howdy folks, It was great to get to meet so many of you at Ignite last week! Thanks a ton for stopping by the booth and making time to attend our sessions. If you were at Ignite or follow our blog, you know we announced a ton of new Azure AD capabilities last week. As <p><a class="read-more" title="Improving access control with three new Azure AD public previews" aria-label="Read more about Improving access control with three new Azure AD public previews" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/10/05/improving-access-control-with-three-new-azure-ad-public-previews/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>It was great to get to meet so many of you at Ignite last week! Thanks a ton for stopping by the booth and making time to attend our sessions. If you were at Ignite or follow our blog, you know we announced a ton of new Azure AD capabilities last week. As a follow-up, we’re going to do a few posts that cover the new capabilities we turned on in more detail. First up, let’s take a look at some of the new access control features we’ve just put into public preview.</p> <p>As customers increasingly adopt Azure AD, we’ve received a ton of request for features that help <span style="color: black">make sure the right people have access to the right resources, and that give enterprises control of and visibility into this access.</span> In response to that feedback, we’re pushing three new and exciting features in Azure AD to public preview:</p> <ol> <li>Extending Azure AD Privileged Identity Management to include Azure RBAC roles.</li> <li>Automated, periodic access reviews</li> <li>Automated Terms of Use administration and reporting</li> </ol> <p>Here’s a quick tour of each of these new public previews.</p> <p><strong>Privileged Identity Management – extended to managing in Azure<br /> </strong></p> <p>Azure AD Privileged Identity Management (PIM) is already generally available for managing <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-management-configure">Azure AD roles</a>, which are used to administer Azure AD and other Microsoft online services. The top request we’ve seen in the <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/171225-privileged-identity-management">feedback forum</a> for Azure AD PIM is to bring just-in-time role activation, access reviews, and reports to Azure resources. We know these upgrades will help organizations address the challenges of large-scale IaaS administration, so we’ve added them and are now making them available in public preview.</p> <p>This new preview shows up in the Azure portal as part of the Azure AD PIM UI alongside the recent <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/24/azure-ad-privileged-identity-management-approval-workflows-are-now-in-public-preview/">approval workflows</a> preview.</p> <p>With this Azure AD PIM preview for Azure RBAC, you can now:</p> <ul> <li>Ensure the right users are assigned to Azure subscriptions, by starting an access review of any role in the subscription and asking a resource owner or the users themselves to confirm they still need access</li> <li>Control exposure of business-critical Azure assets by making users, either individually or via a group, eligible to activate a role to manage resources</li> <li>Limit how long a user can be activated in a role, and set an expiration date for a user’s or group’s role membership</li> <li>Get reports about users and groups with role assignments in Azure subscriptions, resource groups and resources, who activated their roles, and what users did in Azure while activated</li> <li>Let users take charge of their own role activity and requiring them to provide a justification or requiring that they authenticate with multi-factor authentication prior to when they need to activate a role</li> </ul> <p>For example, you can make a user, including a guest user, eligible for an Azure resource group’s role. Once you’ve done that, that user can activate the role when they need to make a change to the resource, and you can see a report of the changes the user made in Azure while they were activated.</p> <p>If you’re already using Azure AD PIM, you’ll see “Azure resources” in the Manage section.</p> <p style="text-align: center"><img src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/100517_1818_Improvingac1.png" alt="" /></p> <p>If you’re not already using PIM, take a look at the instructions to <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-management-configure">enable Privileged Identity Management for your directory</a> to get started. Read more about this exciting new preview at <a href="https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/azure-pim-resource-rbac">PIM for Azure resources (Preview)</a>.</p> <p><em>Note: Azure PIM is an Azure AD Premium 2 feature.<br /> </em></p> <p><strong>Access reviews for attestation<br /> </strong></p> <p>The second new feature in preview is access reviews of users in groups and assigned access to applications. We’ve already included access reviews for admins in directory roles in Azure AD PIM, and now we’re expanding how access reviews can be used for groups and application access.</p> <p>There are quite a few ways to control application access in Azure AD. A lot of organizations use groups in AD or Azure AD to control access. Users can also <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-self-service-application-access">request application access</a>. And now, the new Office 365 groups feature allows more users across your organization to create their own groups and pick who they want in those groups. (We’ve added a preview of <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/09/automated-expiration-for-office-365-groups-using-azure-ad-is-now-in-public-preview/">automatic expiration of Office 365 groups</a> to ensure the number of groups doesn’t get overwhelming).</p> <p>Of course, over time, group memberships and application access assignments can get stale people change jobs or no longer need access to a particular application. Maybe a guest who was given access isn’t affiliated with their original organization any longer. This staleness can cause a problem for protecting business-sensitive assets or applications subject to compliance. To avoid access getting out of hand, organizations can now schedule access reviews to make sure only the users they want to have access to their assets and applications are able to access those things.</p> <p>An access review asks users to recertify (or “attest”) to access rights to an app or membership in a group. You can ask users to review their own rights or select reviewers to review everyone in a group or everyone assigned access to an app. You can also ask the group owners to review. And finally, for those organizations that have other processes in place to manage employee access, you can scope the review to include only guest members or guests who have access.</p> <p style="text-align: center"><img src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/100517_1818_Improvingac2.png" alt="" /></p> <p>Reviewers will receive an email so they can see the reviews in the access panel. Azure AD includes access highlights and recommendations that help reduce how long it takes for a review to be completed.</p> <p style="text-align: center"><img src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/100517_1818_Improvingac3.png" alt="" /></p> <p>The results are aggregated and then, based on those results, the admin can choose when to make changes and remove the denied users’ access.</p> <p style="text-align: center"><img src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/100517_1818_Improvingac4.png" alt="" /></p> <p>This particular preview includes access reviews for:</p> <ul> <li>Members of Office 365 groups</li> <li>Members of security groups and DLs, including groups originating from on-premises AD</li> <li>Users who have application access, including users who are members of groups assigned to enterprise applications</li> </ul> <p>And we’ll be adding more features and scenarios in the future!</p> <p>For even more information on access reviews, you can check out the <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azure-ad-controls-access-reviews-overview">access review overview</a> and turn on the preview for your tenant at <a href="https://aka.ms/azureadaccessreviews">https://aka.ms/azureadaccessreviews</a>.</p> <p><em>Note: Access reviews are an Azure AD Premium 2 feature<br /> </em></p> <p><strong>Terms of use<br /> </strong></p> <p>Our third preview being announced today is a terms of use access control we’ve added to Conditional Access.</p> <p>With terms of use, you can require a user to view and consent to your organization’s terms of use before they’re able access to an application. The terms can be any document relevant to your organization’s business or legal policies. Just start by uploading a PDF of that document to Azure AD, then, through conditional access policies, target the terms to be visible to groups of users or specific applications. If a user is in scope of this control, they’ll only receive access to the application if they’ve agreed to the terms presented.</p> <p style="text-align: center"><img src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/100517_1818_Improvingac5.png" alt="" /></p> <p>You can see in the Azure AD audit reports who consented to each terms of use and when they consented.</p> <p>You can also configure multiple conditional access policies, using different policies for different applications or groups of users. For example, you might want to have everyone who access to a privacy-sensitive application use multi-factor authentication to sign in and to agree to the terms of use for that application.</p> <p style="text-align: center"><img src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/10/100517_1818_Improvingac6.png" alt="" /><span style="background-color: yellow"><br /> </span></p> <p>Read more about this feature at <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tou">Azure Active Directory Terms of Use (Preview)</a>.</p> <p><span style="color: #41424e"><em>Note: Terms of Use is an Azure AD Premium 1 feature<br /> </em></span></p> <p><span style="color: #41424e"><strong>Try them out!</strong></span></p> <p><span style="color: #41424e">I hope you’ll try out these new features and let us know what you think. </span>If you’re interested in taking these new features for a test drive and you don’t have EMS yet, <a href="https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security-trial">get a free trial of Enterprise Mobility + Security E5</a>.</p> <p><span style="color: #41424e">Please keep sharing your ideas on the <a href="https://feedback.azure.com/forums/169401-azure-active-directory">Azure AD feedback forum</a>. We want to hear from you!</span></p> <p>Best Regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons"><span style="text-decoration: underline">@Alex_A_Simons</span></a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
</item>
<item>
<title>What’s new with Azure Active Directory @ Ignite 2017</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-azure-active-directory-ignite-2017/</link>
<pubDate>Wed, 27 Sep 2017 13:00:56 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Azure MFA]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[Conditional Access]]></category>
<category><![CDATA[Hybrid]]></category>
<category><![CDATA[Identity Governance]]></category>
<category><![CDATA[Identity-driven Security]]></category>
<category><![CDATA[Multi-factor authentication]]></category>
<category><![CDATA[Public Preview]]></category>
<category><![CDATA[SaaS]]></category>
<category><![CDATA[Self Provisioning]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=55986</guid>
<description><![CDATA[Howdy folks! What an amazing week! Its the third day of Ignite and its been awesome getting to meet so many of you in person, especially when we have so much news to share! Leading up to the conference, the team worked hard to turn on important new Azure AD capabilities and Im excited to <p><a class="read-more" title="Whats new with Azure Active Directory @ Ignite 2017" aria-label="Read more about Whats new with Azure Active Directory @ Ignite 2017" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-azure-active-directory-ignite-2017/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks!</p> <p>What an amazing week! Its the third day of Ignite and its been awesome getting to meet so many of you in person, especially when we have so much news to share!</p> <p>Leading up to the conference, the team worked hard to turn on important new Azure AD capabilities and Im excited to share a quick recap of everything we announced.</p> <h2>The next wave of conditional access starts now</h2> <p>In June we announced the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/06/08/the-new-intune-and-conditional-access-admin-consoles-are-ga/" target="_blank" rel="noopener noreferrer">general availability of the new conditional access admin experience</a> in the Azure portal. This powerful new experience makes it easy to manage policies that bring together services across EMS, including Azure Active Directory, Microsoft Intune. Conditional access also takes advantage of the Microsoft Intelligent Security Graph, which scans billions of signals to determine user risk levels.</p> <p>Now, were bringing to life a new wave of scenarios that expand our conditional access capabilities, including integration across EMS Azure Information Protection and Microsoft Cloud App Security services. Weve grouped the new features into three broad categories:</p> <ul> <li>Devices and apps</li> <li>Session control and information protection</li> <li>New conditions and custom controls</li> </ul> <p>Below are highlights from each feature category weve previewed at Ignite.</p> <h3>Devices and apps</h3> <p>We recently announced <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/23/azure-ad-and-intune-now-support-macos-in-conditional-access/" target="_blank" rel="noopener noreferrer">device-based conditional access support for macOS</a>, and now were introducing new application-based conditional access capabilities. With this new level of control you can restrict access to services so that only client applications that support Intune app protection policies can use them. And you can combine app-based conditional access policies with device-based policies to protect data for both personal and corporate devices.</p> <p>Additionally, our conditional access policies now allow you to protect VPN connectivity in your Windows 10 device. So, any users with Windows 10 devices can connect automatically to your VPN only if they’re compliant with device policies.</p> <p>One more exciting feature were introducing is the ability to manage device identities in the Azure portal. With this new feature, you can manage device attributes, retrieve BitLocker keys for devices, see device authentication-related audit logs, and find support resources related to devices, all in the Azure portal.</p> <h3>Session control and information protection</h3> <p>The EMS team has also been making some incredible headway improving session control and data protection.</p> <p>Session controls allow you to limit access to resources. Weve had support for SharePoint restricted mode, one of our session control technologies, in public preview . Today, Im happy to let you know that were expanding our session controls in Azure AD Conditional Access to integrate with Microsoft Cloud App Security.</p> <p>Microsoft <a href="http://www.cloudappsecurity.com/" target="_blank" rel="noopener noreferrer">Cloud App Security</a> performs real-time monitoring and helps IT gain control over both authorized and unauthorized cloud application usage. This capability is currently in private preview. It will be available in public preview soon and will give you the ability to limit and control the actions your users take in SaaS applications using conditional access policy. For example, you will be able to let users access SaaS apps from an unfamiliar location or unmanaged device, but prevent them from downloading sensitive documents.</p> <p>And our new conditional access integration with Azure Information Protection (currently in public preview) allows you to apply access polices to protected files. Now, you can set a policy that prompts a user to complete a MFA challenge before accessing a protected document. You can even have the policy serve up a MFA challenge when users are off the corporate network or are flagged as an elevated risk by Identity Protection.</p> <h3>New Conditions & Custom Controls</h3> <p>Weve just turned on a public preview of country/region-defined IP range conditions. These new conditions make it easy to block access from specific countries and regions based on automatic IP address checks.</p> <p>Weve also unveiled custom <a href="https://docs.microsoft.com/en-us/azure/active-directory/active-directory-tou" target="_blank" rel="noopener noreferrer">Terms of Use</a> (ToU) as a control in conditional access. With ToU, you can require a user to consent to your organization’s terms of use before they get access to an application. The terms can be any document relevant to your organization’s business or legal policies. When you combine ToU with access reviews, you can collaborate across companies confidently, knowing the right level of information protection is in place.</p> <p>Finally, we’ve integrated two-step authentication solutions from Duo, RSA, and Trusona. So, if you’re using one of these providers to support two-step authentication, you can easily use them within the Azure AD conditional access engine.</p> <h2>Continuing to enable customers journey to the cloud</h2> <p>Weve heard stories from numerous customers that prove how important it is for their users passwords stay firmly within internal boundaries. So, we developed pass-through authentication! This authentication method allows you to use Azure AD for single sign-on without compromising any of your security requirements.</p> <p>Today, I’m happy to tell you pass-through authentication is now generally available!</p> <p>Pass-through authentication is an Azure AD sign-in options (along with password hash sync and federation). Its most appropriate for organizations who cant or dont want to permit users’ passwords, even in hashed form, to leave their internal boundaries. Pass-through authentication allows users to sign into both on-premises and cloud applications using the same passwords, and works by securely validating users passwords directly against on-premises Active Directory using a lightweight on-premises agent.</p> <p>To ensure a smooth user experience, were also extending seamless single sign-on to pass-through authentication and password hash sync. Hybrid customers will only need to sign into their device once. They will not be prompted again for another login, regardless of which authentication method they use, to access Azure AD-integrated applications on their AD-joined devices within their corporate network.</p> <p>For more details on this great functionality watch our <a href="https://youtu.be/PyeAC85Gm7w" target="_blank" rel="noopener noreferrer">Microsoft Mechanics show</a>, and visit the <a href="http://aka.ms/ptauth" target="_blank" rel="noopener noreferrer">pass-through authentication</a> and <a href="http://aka.ms/hybrid/sso" target="_blank" rel="noopener noreferrer">seamless single sign-on</a> documentation pages.</p> <h2>Casting a light on shadow IT</h2> <p><a href="http://www.computing.co.uk/ctg/news/2321750/more-than-80-per-cent-of-employees-use-non-approved-saas-apps-report" target="_blank" rel="noopener noreferrer">More than 80 percent of employees</a> admit to using non-approved SaaS applications for work, and discovering which apps theyre using is the first step to managing shadow IT. To that end, were upgrading the Cloud App Discovery tool to an enhanced experience powered by Microsoft Cloud App Security.</p> <p>With this upgrade, IT admins can now discover more than 15,000 apps without needing on-premises agents to do so. They can also receive detailed on-going risk analysis and alerts for new apps in use, get inbound and outbound traffic information, and uncover the top users of discovered apps all important pieces in gaining a greater understanding of cloud app usage across an organization.</p> <h2>More Governance and Compliance options for Azure AD customers</h2> <p>In addition to Sailpoint, were expanding our partnerships in advanced governance with the integration of Omada and Saviynt, two leaders in identity governance. Now you can seamlessly integrate their solutions with Azure Active Directory Premium which gives you rich governance capabilities like Access Requests, Policy based workflows and approvals, enhanced auditing and reporting and fine-grained lifcycle provisioning. If your looking for a great governance solution for Azure AD, you can’t go wrong with any of these partner solutions.</p> <p>Azure Active Directory is also adding more granular control functionality so enterprises can determine who has access to what across their hybrid deployments and cloud services. These new features, currently in public preview, enable customers to:</p> <ul> <li>ask group owners or group members to attest to their need for continued group membership, by starting an access review of that group.</li> <li>ask users with access to an enterprise application, or others in the organization, to recertify their need for continued application access.</li> </ul> <p>Weve made the Azure AD <a href="https://aka.ms/azureadaccessreviews" target="_blank" rel="noopener noreferrer">access review</a> experience more user-friendly by just showing access highlights, including whether the user being reviewed has signed into the application recently.</p> <p>Azure AD Privileged Identity Management (PIM) is also being extended to manage Azure subscriptions and resources, further governing who can manage resources in Azure. The new Azure AD PIM preview includes just in time and time-limited membership of Azure RBAC roles alongside its existing controls of Azure AD and Microsoft Online Services roles.</p> <h2>Wrapping Up</h2> <p>Theres so much to share, and in the weeks to come well be posting more detailed blog posts that get into the meat of many of these new features. Please continue to <a href="https://www.microsoft.com/en-us/ignite/default.aspx" target="_blank" rel="noopener noreferrer">watch us online</a> or visit us throughout the rest of Ignite, and keep an eye on this blog for more information. We want to hear from you and look forward to connecting!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/alex_a_simons" target="_blank" rel="noopener noreferrer">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
</item>
<item>
<title>Fewer login prompts: The new “Keep me signed in” experience for Azure AD is in preview</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/19/fewer-login-prompts-the-new-keep-me-signed-in-experience-for-azure-ad-is-in-preview/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/19/fewer-login-prompts-the-new-keep-me-signed-in-experience-for-azure-ad-is-in-preview/#comments</comments>
<pubDate>Tue, 19 Sep 2017 09:00:16 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=55335</guid>
<description><![CDATA[Howdy folks, A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the Keep me signed in checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox is very low. But we know from talking to customers, that cutting down on the number of signin prompts is REALLY important. Nobody wants to have to signin to an app multiple times! So today Im happy to share that were improving how Keep me signed in option is shown to users. Were also adding intelligence to ensure users are prompted to remain signed in only when its safe to do so. First, as a quick refresher, heres what the existing Keep me signed in experience is like. As you might guess, most users cruise right past the check box and never think twice.]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>A common request we get from our customers is to reduce the number of times users are prompted to sign into Azure AD. One way to reduce the frequency of prompts is to check the “Keep me signed in” checkbox on the sign-in flow, but our telemetry shows that usage of that checkbox is very low. But we know from talking to customers, that cutting down on the number of signin prompts is REALLY important. Nobody wants to have to signin to an app multiple times!</p> <p>So today I’m happy to share that we’re improving how “Keep me signed in” option is shown to users. We’re also adding intelligence to ensure users are prompted to remain signed in only when it’s safe to do so.</p> <p>First, as a quick refresher, here’s what the existing “Keep me signed in” experience is like. As you might guess, most users cruise right past the check box and never think twice.</p> <p><img class="size-large wp-image-55397 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Old-KMSI-1024x524.jpg" alt="" width="1024" height="524" srcset="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Old-KMSI-1024x524.jpg 1024w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Old-KMSI-300x154.jpg 300w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Old-KMSI-768x393.jpg 768w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Old-KMSI.jpg 1512w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <h3>What’s changing</h3> <p>We’re replacing the “Keep me signed in” checkbox with a prompt that displays after the user successfully signs in. This prompt asks the user if they’d like to remain signed in. If a user responds “Yes” to this prompt, the service gives them a persistent refresh token. This is the same behavior that currently occurs when a user checks the “Keep me signed in” checkbox. For federated tenants, this prompt will show after the user successfully authenticates with the federated identity service.</p> <p style="text-align: center;"><img class="alignnone size-large wp-image-55395" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/New-KMSI-1024x501.jpg" alt="" width="1024" height="501" srcset="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/New-KMSI-1024x501.jpg 1024w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/New-KMSI-300x147.jpg 300w, https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/New-KMSI-768x376.jpg 768w" sizes="(max-width: 1024px) 100vw, 1024px" /></p> <p>And for those of you who are security minded, you be happy to know that we’ve built a lot of smarts into this flow and the “Stay signed in?” option won’t display if our machine learning system detects a high risk signin or a signin from a shared device.</p> <h3>Some things to know</h3> <ul style="margin-left: 54pt;"> <li>During the public preview period of the <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/02/the-new-azure-ad-signin-experience-is-now-in-public-preview/">new sign-in experience</a>, the updated “Keep me signed in” prompt will only show when users opt into the new sign-in experience. Users using the old experience will continue to see the checkbox and will not get the prompt.</li> <li>Admins can choose to hide this new prompt for users by using the “Show option to remain signed in” setting in <a href="https://docs.microsoft.com/en-us/azure/active-directory/customize-branding">company branding</a>. <p style="margin-left: 18pt;"><em>(Note: Existing configurations of this setting will carry forward, so if you previously chose to hide the “Keep me signed in” checkbox in your tenant, we won’t show the new prompt to users in your tenant.)<br /> </em></p> </li> <li>This change won’t affect any token lifetime settings you have configured.</li> </ul> <h3>An additional note about security</h3> <p>Because “Keep me signed in” drops a persistent refresh token, some members of the IT community have asked if this might alter the security posture of their organization. We’ve done a significant amount of analysis on this topic and have concluded that increasing refresh token lifetime improves the user experience without reducing security posture. For more on that topic, please see our recent blog post on <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/08/31/changes-to-the-token-lifetime-defaults-in-azure-ad/">changes to default refresh token lifetimes</a>.</p> <h3>Let us know what you think!</h3> <p>Look for this new “Keep me signed in” prompt to start rolling out on the new sign-in experience in early October.</p> <p>Let us know if you have any questions, and head on over to the <a href="https://aka.ms/AzureActiveDirectoryCommunity">Azure Active Directory community</a> to share your feedback and suggestions with us we look forward to hearing from you!</p> <p>Best regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/19/fewer-login-prompts-the-new-keep-me-signed-in-experience-for-azure-ad-is-in-preview/feed/</wfw:commentRss>
<slash:comments>10</slash:comments>
</item>
<item>
<title>Marching into the future of the Azure AD admin experience: retiring the Azure AD classic portal</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/18/marching-into-the-future-of-the-azure-ad-admin-experience-retiring-the-azure-classic-portal/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/18/marching-into-the-future-of-the-azure-ad-admin-experience-retiring-the-azure-classic-portal/#comments</comments>
<pubDate>Mon, 18 Sep 2017 16:00:57 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=55255</guid>
<description><![CDATA[Howdy folks, Since we announced General Availability of the new Azure AD admin center in May, it’s been used by over 800,000 users from 500,000 organizations in almost every country in the world. The new admin center is the future for administration of Azure AD. For over a year, we’ve been listening to your feedback <p><a class="read-more" title="Marching into the future of the Azure AD admin experience: retiring the Azure AD classic portal" aria-label="Read more about Marching into the future of the Azure AD admin experience: retiring the Azure AD classic portal" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/18/marching-into-the-future-of-the-azure-ad-admin-experience-retiring-the-azure-classic-portal/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Since we <a href="https://blogs.technet.microsoft.com/enterprisemobility/2017/05/15/the-new-azure-ad-admin-console-is-ga/">announced General Availability</a> of the new <a href="https://aad.portal.azure.com/">Azure AD admin center</a> in May, it’s been used by over 800,000 users from 500,000 organizations in almost every country in the world. The new admin center is the future for administration of Azure AD.</p> <p>For over a year, we’ve been listening to your feedback and working to improve the new portal and the new experience. And we’ve heard you loud and clear that we have too many portals, that you want a single place where you can manage identity and access for your organization. So, on November 30, we’ll be retiring the Azure AD admin experience in the <a href="https://manage.windowsazure.com)">classic Azure portal</a>.</p> <p>Moving all admin capabilities to the new admin center and retiring our classic portal experience is a key milestone in our efforts to simplify the admin experience for Azure AD.</p> <h2>Azure AD admin center: the present and future for Azure AD administration</h2> <p>Now, the Azure AD admin center is where you can go to find admin experiences for the latest and greatest Azure AD capabilities. By focusing on the Azure AD admin center, we can make our admin experiences more consistent, and easier to use. And we can deliver them faster.</p> <p>At the moment, there are a few tasks that can still only be done in the classic Azure portal. Don’t worry, these capabilities will be added to our new admin experience in the next few weeks, well before November 30.</p> <h2>Azure Information Protection and Access Control Service</h2> <p>The Azure Information Protection (or AIP, formerly Rights Management Service) admin experiences will also be retired in the Azure classic portal on November 30, but can be found <a href="https://portal.azure.com/">here</a> in the new Azure portal.</p> <p>To learn more about Azure Information Protection, read our <a href="https://docs.microsoft.com/en-us/information-protection/">documentation</a>. To share feedback about Azure Information Protection, send <span style="color: #002060;">an email to <a href="mailto:msipapp-feedback@microsoft.com">MSIPAppFeedback</a></span>.</p> <p>Additionally, after November 30, admin experiences for Access Control Services will be available at a different URL. We’ll communicate the details of that change soon.</p> <h2>Wrapping up</h2> <p>We hope you love using the Azure AD admin center! If you have questions about using or administering Azure AD, reach out to our engineering team and our community in our <a href="https://techcommunity.microsoft.com/t5/Azure-Active-Directory/bd-p/Azure-Active-Directory">forum</a>. And if you’ve got specific feedback on our admin portal experience, like bug reports or feature requests, post them in the ‘Admin portal’ section of our <a href="https://feedback.azure.com/forums/169401-azure-active-directory/category/162510-admin-portal">feedback forum</a>.</p> <p>Thanks for your continued feedback! It’s what guides us as we work to make the admin experience the best it can be for you. Keep sharing your thoughts we’re always listening.</p> <p>Best Regards,</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/18/marching-into-the-future-of-the-azure-ad-admin-experience-retiring-the-azure-classic-portal/feed/</wfw:commentRss>
<slash:comments>4</slash:comments>
</item>
<item>
<title>Managed Service Identities and Azure AD: Helping Azure developers keep their secrets secret!</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/14/managed-service-identities-and-azure-ad-helping-azure-developers-keep-their-secrets-secret/</link>
<pubDate>Thu, 14 Sep 2017 18:05:37 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<category><![CDATA[Apps]]></category>
<category><![CDATA[Authentication]]></category>
<category><![CDATA[Cloud]]></category>
<category><![CDATA[PKI]]></category>
<category><![CDATA[SaaS]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=55135</guid>
<description><![CDATA[Howdy folks, Just a quick note today! I am excited to announce a preview of a new integration between Azure and Azure Active Directory that is designed to make life easier for developers. It’s called Managed Service Identity, and it makes it simpler to build apps that call Azure services. Typically, to call a cloud <p><a class="read-more" title="Managed Service Identities and Azure AD: Helping Azure developers keep their secrets secret!" aria-label="Read more about Managed Service Identities and Azure AD: Helping Azure developers keep their secrets secret!" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/14/managed-service-identities-and-azure-ad-helping-azure-developers-keep-their-secrets-secret/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Just a quick note today! I am excited to announce a preview of a new integration between Azure and Azure Active Directory that is designed to make life easier for developers. It’s called <a href="https://docs.microsoft.com/azure/active-directory/msi-overview" target="_blank" rel="noopener noreferrer">Managed Service Identity</a>, and it makes it simpler to build apps that call Azure services.</p> <p>Typically, to call a cloud service you need to send a credential (i.e. an API key or the like) to authenticate your app. Managing these credentials can be tricky. They are, by definition, secrets! You don’t want them to show up on dev/ops workstations or get checked into source control. But they must be available to your code when your code is running.</p> <p>So how do you get them there without anyone seeing them? Managed Service Identities!</p> <p>Managed Service Identities simplifies solves this problem by giving a computing resource like an Azure VM an automatically-managed, first class identity in Azure AD. You can use this identity to call Azure services without needing any credentials to appear in your code. If the service you are calling doesn’t support Azure AD authentication, you can still use Managed Service Identity to authenticate to Azure Key Vault and fetch the credentials you need at runtime. Presto, no credentials in code!</p> <p>You can read more about the <a href="https://azure.microsoft.com/blog/keep-credentials-out-of-code-introducing-azure-ad-managed-service-identity/" target="_blank" rel="noopener noreferrer">Managed Service Identity preview on the Azure blog</a>.</p> <p>Happy coding!</p> <p>Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> ]]></content:encoded>
</item>
<item>
<title>Azure AD B2B Collaboration in Microsoft Teams</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/11/azure-ad-b2b-collaboration-in-microsoft-teams/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/11/azure-ad-b2b-collaboration-in-microsoft-teams/#comments</comments>
<pubDate>Mon, 11 Sep 2017 13:00:52 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Announcements]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=54985</guid>
<description><![CDATA[Howdy folks, Today I am excited to let you know that we’ve just enabled Guest Access in Microsoft Teams, built on the B2B collaboration features of Azure AD! You can now enable partner collaboration in Teams for interactions across chat, apps, and file sharing, all with the ease of use and enterprise-grade protection Azure Active <p><a class="read-more" title="Azure AD B2B Collaboration in Microsoft Teams" aria-label="Read more about Azure AD B2B Collaboration in Microsoft Teams" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/11/azure-ad-b2b-collaboration-in-microsoft-teams/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p>Howdy folks,</p> <p>Today I am excited to let you know that we’ve just enabled <a href="https://blogs.office.com/en-us/2017/09/11/expand-your-collaboration-with-guest-access-in-microsoft-teams/" target="_blank" rel="noopener noreferrer">Guest Access in Microsoft Teams</a>, built on the B2B collaboration features of Azure AD!</p> <p>You can now enable partner collaboration in Teams for interactions across chat, apps, and file sharing, all with the ease of use and enterprise-grade protection Azure Active Directory has long enabled for your employees.</p> <p><img class="size-full wp-image-55065 aligncenter" src="https://cloudblogs.microsoft.com/enterprisemobility/wp-content/uploads/sites/2/2017/09/Guest-Access-GIF_2.gif" alt="" width="900" height="650" /></p> <p>Now anyone with an Azure Active Directory account in any organization can be invited as a guest user in Microsoft Teams!</p> <p>Customers have already created more than 8 million guest users using the B2B features of Azure AD and we’re only getting started. Adding support for Microsoft Teams has been a top customer request, so we’re excited to turn on this new capability to keep the momentum going. I hope you’ll give it a try today!</p> <p>So, go ahead, <a href="http://teams.microsoft.com/start" target="_blank" rel="noopener noreferrer">log in to Teams</a> today and invite your partners to work with you.</p> <p>And as always, <a href="https://techcommunity.microsoft.com/t5/Azure-Active-Directory-B2B/bd-p/AzureAD_B2b" target="_blank" rel="noopener noreferrer">connect with us</a> for any feedback, discussions, and suggestions. You know were listening!</p> <p>Best Regards,</p> <p>Alex Simons (@Twitter:<a href="https://twitter.com/Alex_A_Simons" target="_blank" rel="noopener noreferrer">@Alex_A_Simons</a>)</p> <p>Director of Program Management</p> <p>Microsoft Identity Division</p> <p>P.S.: We are already working to add additional Azure AD capabilities in Teams, including support for external users with any corporate or consumer email account. Look for more news on that soon!</p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/11/azure-ad-b2b-collaboration-in-microsoft-teams/feed/</wfw:commentRss>
<slash:comments>3</slash:comments>
</item>
<item>
<title>Azure Active Directory Premium is now in limited preview in Microsoft Azure Government Cloud</title>
<link>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/07/azure-active-directory-premium-is-now-in-limited-preview-in-us-government-cloud/</link>
<comments>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/07/azure-active-directory-premium-is-now-in-limited-preview-in-us-government-cloud/#comments</comments>
<pubDate>Thu, 07 Sep 2017 16:07:25 +0000</pubDate>
<dc:creator><![CDATA[Alex Simons]]></dc:creator>
<category><![CDATA[Uncategorized]]></category>
<guid isPermaLink="false">https://blogs.technet.microsoft.com/enterprisemobility/?p=54965</guid>
<description><![CDATA[Howdy folks, Today I’m happy to announce the limited preview for Azure Active Directory Premium on the Microsoft Azure Government Cloud. This preview is for customers that have specific compliance needs (e.g., FedRAMP or DoD requirements), and while certifications aren’t in place yet, we plan to have them in place for General Availability. Getting started <p><a class="read-more" title="Azure Active Directory Premium is now in limited preview in Microsoft Azure Government Cloud" aria-label="Read more about Azure Active Directory Premium is now in limited preview in Microsoft Azure Government Cloud" href="https://cloudblogs.microsoft.com/enterprisemobility/2017/09/07/azure-active-directory-premium-is-now-in-limited-preview-in-us-government-cloud/">Read more</a></p>]]></description>
<content:encoded><![CDATA[<p><span style="font-size: 12pt;">Howdy folks,<br /> </span></p> <p><span style="font-size: 12pt;">Today I’m happy to announce the limited preview for Azure Active Directory Premium on the Microsoft Azure Government Cloud.<br /> </span></p> <p><span style="font-size: 12pt;">This preview is for customers that have specific compliance needs (e.g., FedRAMP or DoD requirements), and while certifications aren’t in place yet, we plan to have them in place for General Availability.<br /> </span></p> <h2>Getting started</h2> <p><span style="font-size: 12pt;">To gain access to this limited preview, just complete our <a href="https://survey.microsoft.com/447837">onboarding survey</a> and someone from our engineering team will connect with you to discuss next steps.<br /> </span></p> <p><span style="font-size: 12pt;">We know you probably have questions, and we’ve tackled a few of the big ones below.<br /> </span></p> <h2>Pricing and licensing<span style="font-size: 12pt;"><br /> </span></h2> <p>The Azure Active Directory Premium for Microsoft Azure Government Cloud is free during this preview period. We will announce pricing details as we get closer to General Availability.</p> <h2>Is there a preview for other EMS services?</h2> <p>This preview is currently limited to Azure Active Directory Premium. Other EMS services are not currently in preview. We’re planning to conduct additional previews in the future and will be sure to announce them as they’re rolled out.</p> <h2>Where I do learn more about Azure for Government?</h2> <p><span style="font-size: 12pt;">To learn more about Azure for Government, take a look at the <a href="https://blogs.msdn.microsoft.com/azuregov/">Azure Government Cloud blog</a>, <a href="https://azure.microsoft.com/en-us/overview/clouds/government/">Azure Government website</a>, and our <a href="https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome">“Welcome to Azure Government” docs page</a>. To learn more about Microsoft’s stance on compliance accreditations and regulations, please visit the <a href="https://www.microsoft.com/en-us/trustcenter">Microsoft Trust Center</a>.<br /> </span></p> <h2>Feedback</h2> <p><span style="font-size: 12pt;">We look forward to hearing your feedback! If you have any suggestions for us, questions, or issues to report, please leave a comment at the bottom of this post, or tweet with the hashtag #AzureAD.<br /> </span></p> <p><span style="font-size: 12pt;">Best regards,<br /> </span></p> <p><span style="font-size: 12pt;">Alex Simons (Twitter: <a href="https://twitter.com/Alex_A_Simons">@Alex_A_Simons</a>)<br /> </span></p> <p><span style="font-size: 12pt;">Director of Program Management<br /> </span></p> <p><span style="font-size: 12pt;">Microsoft Identity Division<br /> </span></p> ]]></content:encoded>
<wfw:commentRss>https://cloudblogs.microsoft.com/enterprisemobility/2017/09/07/azure-active-directory-premium-is-now-in-limited-preview-in-us-government-cloud/feed/</wfw:commentRss>
<slash:comments>1</slash:comments>
</item>
</channel>
</rss>
