You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/whats-new-archive.md
+288Lines changed: 288 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,294 @@ The What's new in Azure Active Directory? release notes provide information abou
27
27
- Deprecated functionality
28
28
- Plans for changes
29
29
30
+
---
31
+
32
+
## July 2022
33
+
34
+
### Public Preview - ADFS to Azure AD: SAML App Multi-Instancing
35
+
36
+
**Type:** New feature
37
+
**Service category:** Enterprise Apps
38
+
**Product capability:** SSO
39
+
40
+
Users can now configure multiple instances of the same application within an Azure AD tenant. It's now supported for both IdP, and Service Provider (SP), initiated single sign-on requests. Multiple application accounts can now have a separate service principal to handle instance-specific claims mapping and roles assignment. For more information, see:
41
+
42
+
- [Configure SAML app multi-instancing for an application - Microsoft Entra | Microsoft Docs](../develop/reference-app-multi-instancing.md)
43
+
- [Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md)
44
+
45
+
46
+
47
+
---
48
+
49
+
### Public Preview - ADFS to Azure AD: Apply RegEx Replace to groups claim content
50
+
51
+
**Type:** New feature
52
+
**Service category:** Enterprise Apps
53
+
**Product capability:** SSO
54
+
55
+
56
+
57
+
Administrators up until recently has the capability to transform claims using many transformations, however using regular expression for claims transformation wasn't exposed to customers. With this public preview release, administrators can now configure and use regular expressions for claims transformation using portal UX.
58
+
For more information, see:[Customize app SAML token claims - Microsoft Entra | Microsoft Docs](../develop/active-directory-saml-claims-customization.md).
59
+
60
+
61
+
---
62
+
63
+
64
+
65
+
### Public Preview - Azure AD Domain Services - Trusts for User Forests
66
+
67
+
**Type:** New feature
68
+
**Service category:** Azure AD Domain Services
69
+
**Product capability:** Azure AD Domain Services
70
+
71
+
72
+
You can now create trusts on both user and resource forests. On-premises AD DS users can't authenticate to resources in the Azure AD DS resource forest until you create an outbound trust to your on-premises AD DS. An outbound trust requires network connectivity to your on-premises virtual network on which you have installed Azure AD Domain Service. On a user forest, trusts can be created for on-premises AD forests that aren't synchronized to Azure AD DS.
73
+
74
+
To learn more about trusts and how to deploy your own, visit [How trust relationships work for forests in Active Directory](../../active-directory-domain-services/concepts-forest-trust.md).
75
+
76
+
77
+
78
+
---
79
+
80
+
81
+
82
+
### New Federated Apps available in Azure AD Application gallery - July 2022
83
+
84
+
**Type:** New feature
85
+
**Service category:** Enterprise Apps
86
+
**Product capability:** 3rd Party Integration
87
+
88
+
89
+
In July 2022 we've added the following 28 new applications in our App gallery with Federation support:
Pick a group of up to five members and provision them into your third-party applications in seconds. Get started testing, troubleshooting, and provisioning to non-Microsoft applications such as ServiceNow, ZScaler, and Adobe. For more information, see: [On-demand provisioning in Azure Active Directory](../app-provisioning/provision-on-demand.md).
111
+
112
+
113
+
---
114
+
115
+
116
+
### General Availability – Protect against by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD
We're delighted to announce a new security protection that prevents bypassing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD. When enabled for a federated domain in your Azure AD tenant, it ensures that a compromised federated account can't bypass Azure AD Multi-Factor Authentication by imitating that a multi factor authentication has already been performed by the identity provider. The protection can be enabled via new security setting, [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values&preserve-view=true).
124
+
125
+
126
+
We highly recommend enabling this new protection when using Azure AD Multi-Factor Authentication as your multi factor authentication for your federated users. To learn more about the protection and how to enable it, visit [Enable protection to prevent by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#enable-protection-to-prevent-by-passing-of-cloud-azure-ad-multi-factor-authentication-when-federated-with-azure-ad).
127
+
128
+
129
+
---
130
+
131
+
132
+
### Public preview - New provisioning connectors in the Azure AD Application Gallery - July 2022
133
+
134
+
**Type:** New feature
135
+
**Service category:** App Provisioning
136
+
**Product capability:** 3rd Party Integration
137
+
138
+
139
+
You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md).
144
+
145
+
146
+
---
147
+
148
+
149
+
### General Availability - Tenant-based service outage notifications
150
+
151
+
**Type:** New feature
152
+
**Service category:** Other
153
+
**Product capability:** Platform
154
+
155
+
156
+
Azure Service Health supports service outage notifications to Tenant Admins for Azure Active Directory issues. These outages will also appear on the Azure AD Admin Portal Overview page with appropriate links to Azure Service Health. Outage events will be able to be seen by built-in Tenant Administrator Roles. We'll continue to send outage notifications to subscriptions within a tenant for transition. More information is available at: [What are Service Health notifications in Azure Active Directory?](../reports-monitoring/overview-service-health-notifications.md).
157
+
158
+
159
+
160
+
---
161
+
162
+
163
+
164
+
### Public Preview - Multiple Passwordless Phone sign-in Accounts for iOS devices
165
+
166
+
**Type:** New feature
167
+
**Service category:** Authentications (Logins)
168
+
**Product capability:** User Authentication
169
+
170
+
171
+
End users can now enable passwordless phone sign-in for multiple accounts in the Authenticator App on any supported iOS device. Consultants, students, and others with multiple accounts in Azure AD can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same iOS device. The Azure AD accounts can be in either the same, or different, tenants. Guest accounts aren't supported for multiple account sign-ins from one device.
172
+
173
+
174
+
Note that end users are encouraged to enable the optional telemetry setting in the Authenticator App, if not done so already. For more information, see: [Enable passwordless sign-in with Microsoft Authenticator](../authentication/howto-authentication-passwordless-phone.md)
175
+
176
+
177
+
178
+
---
179
+
180
+
181
+
182
+
### Public Preview - Azure AD Domain Services - Fine Grain Permissions
183
+
184
+
**Type:** Changed feature
185
+
**Service category:** Azure AD Domain Services
186
+
**Product capability:** Azure AD Domain Services
187
+
188
+
189
+
190
+
Previously to set up and administer your AAD-DS instance you needed top level permissions of Azure Contributor and Azure AD Global Admin. Now for both initial creation, and ongoing administration, you can utilize more fine grain permissions for enhanced security and control. The prerequisites now minimally require:
191
+
192
+
- You need [Application Administrator](../roles/permissions-reference.md#application-administrator) and [Groups Administrator](../roles/permissions-reference.md#groups-administrator) Azure AD roles in your tenant to enable Azure AD DS.
193
+
- You need [Domain Services Contributor](../../role-based-access-control/built-in-roles.md#domain-services-contributor) Azure role to create the required Azure AD DS resources.
194
+
195
+
196
+
Check out these resources to learn more:
197
+
198
+
- [Tutorial - Create an Azure Active Directory Domain Services managed domain | Microsoft Docs](../../active-directory-domain-services/tutorial-create-instance.md#prerequisites)
199
+
- [Least privileged roles by task - Azure Active Directory | Microsoft Docs](../roles/delegate-by-task.md#domain-services)
200
+
- [Azure built-in roles - Azure RBAC | Microsoft Docs](../../role-based-access-control/built-in-roles.md#domain-services-contributor)
201
+
202
+
203
+
204
+
---
205
+
206
+
207
+
### General Availability- Azure AD Connect update release with new functionality and bug fixes
A new Azure AD Connect release fixes several bugs and includes new functionality. This release is also available for auto upgrade for eligible servers. For more information, see: [Azure AD Connect: Version release history](../hybrid/reference-connect-version-history.md#21150).
216
+
217
+
---
218
+
219
+
220
+
### General Availability - Cross-tenant access settings for B2B collaboration
221
+
222
+
**Type:** Changed feature
223
+
**Service category:** B2B
224
+
**Product capability:** B2B/B2C
225
+
226
+
227
+
228
+
Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now you’ll have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. For more information, see: [Cross-tenant access with Azure AD External Identities](../external-identities/cross-tenant-access-overview.md).
229
+
230
+
231
+
---
232
+
233
+
234
+
### General Availability- Expression builder with Application Provisioning
235
+
236
+
**Type:** Changed feature
237
+
**Service category:** Provisioning
238
+
**Product capability:** Outbound to SaaS Applications
239
+
240
+
241
+
Accidental deletion of users in your apps or in your on-premises directory could be disastrous. We’re excited to announce the general availability of the accidental deletions prevention capability. When a provisioning job would cause a spike in deletions, it will first pause and provide you visibility into the potential deletions. You can then accept or reject the deletions and have time to update the job’s scope if necessary. For more information, see [Understand how expression builder in Application Provisioning works](../app-provisioning/expression-builder.md).
242
+
243
+
244
+
---
245
+
246
+
247
+
248
+
### Public Preview - Improved app discovery view for My Apps portal
249
+
250
+
**Type:** Changed feature
251
+
**Service category:** My Apps
252
+
**Product capability:** End User Experiences
253
+
254
+
255
+
An improved app discovery view for My Apps is in public preview. The preview shows users more apps in the same space and allows them to scroll between collections. It doesn't currently support drag-and-drop and list view. Users can opt into the preview by selecting Try the preview and opt out by selecting Return to previous view. To learn more about My Apps, see [My Apps portal overview](../manage-apps/myapps-overview.md).
256
+
257
+
258
+
259
+
260
+
---
261
+
262
+
263
+
264
+
### Public Preview - New Azure AD Portal All Devices list
265
+
266
+
**Type:** Changed feature
267
+
**Service category:** Device Registration and Management
268
+
**Product capability:** End User Experiences
269
+
270
+
271
+
272
+
We're enhancing the All Devices list in the Azure AD Portal to make it easier to filter and manage your devices. Improvements include:
273
+
274
+
All Devices List:
275
+
276
+
- Infinite scrolling
277
+
- More devices properties can be filtered on
278
+
- Columns can be reordered via drag and drop
279
+
- Select all devices
280
+
281
+
For more information, see: [Manage devices in Azure AD using the Azure portal](../devices/device-management-azure-portal.md#view-and-filter-your-devices-preview).
282
+
283
+
284
+
285
+
286
+
---
287
+
288
+
289
+
290
+
### Public Preview - ADFS to Azure AD: Persistent NameID for IDP-initiated Apps
291
+
292
+
**Type:** Changed feature
293
+
**Service category:** Enterprise Apps
294
+
**Product capability:** SSO
295
+
296
+
297
+
Previously the only way to have persistent NameID value was to configure user attribute with an empty value. Admins can now explicitly configure the NameID value to be persistent along with the corresponding format.
298
+
299
+
For more information, see: [Customize app SAML token claims - Microsoft identity platform | Microsoft Docs](../develop/active-directory-saml-claims-customization.md#attributes).
300
+
301
+
302
+
---
303
+
304
+
305
+
306
+
### Public Preview - ADFS to Azure Active Directory: Customize attrname-format
307
+
308
+
**Type:** Changed feature
309
+
**Service category:** Enterprise Apps
310
+
**Product capability:** SSO
311
+
312
+
313
+
With this new parity update, customers can now integrate non-gallery applications such as Socure DevHub with Azure AD to have SSO via SAML.
314
+
315
+
For more information, see [Claims mapping policy - Microsoft Entra | Microsoft Docs](../develop/reference-claims-mapping-policy-type.md#claim-schema-entry-elements).
0 commit comments