What's New in Entra ID (Azure Active Directory) for September 2023 : Sander Berkouwer

What's New in Entra ID (Azure Active Directory) for September 2023
by: Sander Berkouwer
blow post content copied from  The DirTeam.com / ActiveDir.org Weblogs
click here to view original post

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for September 2023:


What's New

Recovery of deleted application and service principals General Availability

Service category: Enterprise Apps
Product capability: Identity Lifecycle Management

With this release, admins can now recover applications along with their original service principals, eliminating the need for extensive reconfiguration and code changes. It significantly improves the application recovery story and addresses a long-standing customer need. This change is beneficial in the following ways:

  • Faster Recovery: Admins can now recover their systems in a fraction of the time it used to take, reducing downtime and minimizing disruptions.
  • Cost Savings: With quicker recovery, admins can save on operational costs associated with extended outages and labor-intensive recovery efforts.
  • Preserved Data: Previously lost data, such as SMAL configurations, is now retained, ensuring a smoother transition back to normal operations.
  • Improved User Experience: Faster recovery times translate to improved user experience and customer satisfaction, as applications are back up and running swiftly.


Support for Microsoft admin portals in Conditional Access General Availability 

Service category: Conditional Access
Product capability: Identity Security & Protection

When a Conditional Access policy targets the Microsoft Admin Portals cloud app, the policy is enforced for tokens issued to application IDs of the following Microsoft administrative portals:

  • Azure portal
  • Exchange admin center
  • Microsoft 365 admin center
  • Microsoft 365 Defender portal
  • Microsoft Entra admin center
  • Microsoft Intune admin center
  • Microsoft Purview compliance portal


Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Azure AD App gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:


What's Changed

Web Sign-In for Windows General Availability

Service category: Authentications (Logins)
Product capability: User Authentication

Microsoft is thrilled to announce that as part of the Windows 11 moment 4 update (KB5030310), a new Web Sign-In experience is released that expands the number of supported scenarios and greatly improve security, reliability, performance, and overall end-to-end experience for users.

Web Sign-In (WSI) is a credential provider on the Windows lock/sign-in screen for Entra-joined devices that provide a web experience used for authentication and returns an authentication token back to the operating system to allow the user to unlock/sign-in to the device.

Web Sign-In was initially intended to be used for a wide range of authentication credential scenarios; however, it was only previously released for limited scenarios such as: Simplified EDU Web Sign-In and recovery flows via Temporary Access Password (TAP).

The underlying provider for Web Sign-In has been re-written from the ground up with security and improved performance in mind. This release moves the Web Sign-in infrastructure from the Cloud Host Experience (CHX) WebApp to a newly written Login Web Host (LWH) for the moment 4 update (KB5030310). This release provides better security and reliability to support previous EDU and TAP experiences and new workflows enabling using various authentication methods to unlock/login to the device.


Device-bound passkeys as an authentication method Public Preview

Service category: Authentications (sign-ins)
Product capability: User Authentication

Beginning January 2024, Microsoft Entra ID will support device-bound passkeys stored on computers and mobile devices as an authentication method in preview, in addition to the existing support for FIDO2 security keys. This enables people in the organization to perform phishing-resistant authentication using the devices that they already have.

Microsoft will expand the existing FIDO2 authentication methods policy and end user registration experience to support this preview release. If your organization requires or prefers FIDO2 authentication using physical security keys only, then please enforce key restrictions to only allow security key models that admins accept in their FIDO2 policy. Otherwise, the new preview capabilities enable users to register for device-bound passkeys stored on Windows, macOS, iOS, and Android.

The post What's New in Entra ID (Azure Active Directory) for September 2023 appeared first on The DirTeam.com / ActiveDir.org Weblogs.

October 05, 2023 at 07:01PM
Click here for more details...

The original post is available in The DirTeam.com / ActiveDir.org Weblogs by Sander Berkouwer
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.