You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/whats-new-archive.md
+260-3Lines changed: 260 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,15 +2,15 @@
2
2
title: Archive for What's new in Azure Active Directory? | Microsoft Docs
3
3
description: The What's new release notes in the Overview section of this content set contains 6 months of activity. After 6 months, the items are removed from the main article and put into this archive article.
4
4
services: active-directory
5
-
author: eross-msft
5
+
author: msmimart
6
6
manager: daveba
7
7
8
8
ms.service: active-directory
9
9
ms.subservice: fundamentals
10
10
ms.workload: identity
11
11
ms.topic: conceptual
12
-
ms.date: 12/10/2019
13
-
ms.author: lizross
12
+
ms.date: 01/27/2020
13
+
ms.author: mimart
14
14
ms.reviewer: dhanyahk
15
15
ms.custom: "it-pro, seo-update-azuread-jan"
16
16
ms.collection: M365-identity-device-management
@@ -30,6 +30,263 @@ The What's new in Azure Active Directory? release notes provide information abou
30
30
31
31
---
32
32
33
+
## July 2019
34
+
35
+
### Plan for change: Application Proxy service update to support only TLS 1.2
36
+
37
+
**Type:** Plan for change
38
+
**Service category:** App Proxy
39
+
**Product capability:** Access Control
40
+
41
+
To help provide you with our strongest encryption, we're going to begin limiting Application Proxy service access to only TLS 1.2 protocols. This limitation will initially be rolled out to customers who are already using TLS 1.2 protocols, so you won't see the impact. Complete deprecation of the TLS 1.0 and TLS 1.1 protocols will be complete on August 31, 2019. Customers still using TLS 1.0 and TLS 1.1 will receive advanced notice to prepare for this change.
42
+
43
+
To maintain the connection to the Application Proxy service throughout this change, we recommend that you make sure your client-server and browser-server combinations are updated to use TLS 1.2. We also recommend that you make sure to include any client systems used by your employees to access apps published through the Application Proxy service.
44
+
45
+
For more information, see [Add an on-premises application for remote access through Application Proxy in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/manage-apps/application-proxy-add-on-premises-application).
46
+
47
+
---
48
+
49
+
### Plan for change: Design updates are coming for the Application Gallery
50
+
51
+
**Type:** Plan for change
52
+
**Service category:** Enterprise Apps
53
+
**Product capability:** SSO
54
+
55
+
New user interface changes are coming to the design of the **Add from the gallery** area of the **Add an application** blade. These changes will help you more easily find your apps that support automatic provisioning, OpenID Connect, Security Assertion Markup Language (SAML), and Password single sign-on (SSO).
56
+
57
+
---
58
+
59
+
### Plan for change: Removal of the MFA server IP address from the Office 365 IP address
We're removing the MFA server IP address from the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service). If you currently rely on these pages to update your firewall settings, you must make sure you're also including the list of IP addresses documented in the **Azure Multi-Factor Authentication Server firewall requirements** section of the [Getting started with the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfaserver-deploy#azure-multi-factor-authentication-server-firewall-requirements) article.
66
+
67
+
---
68
+
69
+
### App-only tokens now require the client app to exist in the resource tenant
70
+
71
+
**Type:** Fixed
72
+
**Service category:** Authentications (Logins)
73
+
**Product capability:** User Authentication
74
+
75
+
On July 26, 2019, we changed how we provide app-only tokens through the [client credentials grant](https://docs.microsoft.com/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow). Previously, apps could get tokens to call other apps, regardless of whether the client app was in the tenant. We've updated this behavior so single-tenant resources, sometimes called Web APIs, can only be called by client apps that exist in the resource tenant.
76
+
77
+
If your app isn't located in the resource tenant, you'll get an error message that says, `The service principal named <app_name> was not found in the tenant named <tenant_name>. This can happen if the application has not been installed by the administrator of the tenant.` To fix this problem, you must create the client app service principal in the tenant, using either the [admin consent endpoint](https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#using-the-admin-consent-endpoint) or [through PowerShell](https://docs.microsoft.com/azure/active-directory/develop/howto-authenticate-service-principal-powershell), which ensures your tenant has given the app permission to operate within the tenant.
78
+
79
+
For more information, see [What's new for authentication?](https://docs.microsoft.com/azure/active-directory/develop/reference-breaking-changes#app-only-tokens-for-single-tenant-applications-are-only-issued-if-the-client-app-exists-in-the-resource-tenant).
80
+
81
+
> [!NOTE]
82
+
> Existing consent between the client and the API continues to not be required. Apps should still be doing their own authorization checks.
83
+
84
+
---
85
+
86
+
### New passwordless sign-in to Azure AD using FIDO2 security keys
87
+
88
+
**Type:** New feature
89
+
**Service category:** Authentications (Logins)
90
+
**Product capability:** User Authentication
91
+
92
+
Azure AD customers can now set policies to manage FIDO2 security keys for their organization's users and groups. End users can also self-register their security keys, use the keys to sign in to their Microsoft accounts on web sites while on FIDO-capable devices, as well as sign-in to their Azure AD-joined Windows 10 devices.
93
+
94
+
For more information, see [Enable passwordless sign in for Azure AD (preview)](/azure/active-directory/authentication/concept-authentication-passwordless) for administrator-related information, and [Set up security info to use a security key (Preview)](https://docs.microsoft.com/azure/active-directory/user-help/security-info-setup-security-key) for end-user-related information.
95
+
96
+
---
97
+
98
+
### New Federated Apps available in Azure AD App gallery - July 2019
99
+
100
+
**Type:** New feature
101
+
**Service category:** Enterprise Apps
102
+
**Product capability:** 3rd Party Integration
103
+
104
+
In July 2019, we've added these 18 new apps with Federation support to the app gallery:
For more information about the apps, see [SaaS application integration with Azure Active Directory](https://aka.ms/appstutorial). For more information about listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](https://aka.ms/azureadapprequest).
109
+
110
+
---
111
+
112
+
### Automate user account provisioning for these newly supported SaaS apps
113
+
114
+
**Type:** New feature
115
+
**Service category:** Enterprise Apps
116
+
**Product capability:** Monitoring & Reporting
117
+
118
+
You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning)
133
+
134
+
---
135
+
136
+
### New Azure AD Domain Services service tag for Network Security Group
137
+
138
+
**Type:** New feature
139
+
**Service category:** Azure AD Domain Services
140
+
**Product capability:** Azure AD Domain Services
141
+
142
+
If you're tired of managing long lists of IP addresses and ranges, you can use the new **AzureActiveDirectoryDomainServices** network service tag in your Azure network security group to help secure inbound traffic to your Azure AD Domain Services virtual network subnet.
143
+
144
+
For more information about this new service tag, see [Network Security Groups for Azure AD Domain Services](../../active-directory-domain-services/network-considerations.md#network-security-groups-and-required-ports).
145
+
146
+
---
147
+
148
+
### New Security Audits for Azure AD Domain Services (Public Preview)
149
+
150
+
**Type:** New feature
151
+
**Service category:** Azure AD Domain Services
152
+
**Product capability:** Azure AD Domain Services
153
+
154
+
We're pleased to announce the release of Azure AD Domain Service Security Auditing to public preview. Security auditing helps provide you with critical insight into your authentication services by streaming security audit events to targeted resources, including Azure Storage, Azure Log Analytics workspaces, and Azure Event Hub, using the Azure AD Domain Service portal.
155
+
156
+
For more information, see [Enable Security Audits for Azure AD Domain Services (Preview)](https://docs.microsoft.com/azure/active-directory-domain-services/security-audit-events).
157
+
158
+
---
159
+
160
+
### New Authentication methods usage & insights (Public Preview)
161
+
162
+
**Type:** New feature
163
+
**Service category:** Self Service Password Reset
164
+
**Product capability:** Monitoring & Reporting
165
+
166
+
The new Authentication methods usage & insights reports can help you to understand how features like Azure Multi-Factor Authentication and self-service password reset are being registered and used in your organization, including the number of registered users for each feature, how often self-service password reset is used to reset passwords, and by which method the reset happens.
167
+
168
+
For more information, see [Authentication methods usage & insights (preview)](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-methods-usage-insights).
169
+
170
+
---
171
+
172
+
### New security reports are available for all Azure AD administrators (Public Preview)
All Azure AD administrators can now select the banner at the top of existing security reports, such as the **Users flagged for risk** report, to start using the new security experience as shown in the **Risky users** and the **Risky sign-ins** reports. Over time, all of the security reports will move from the older versions to the new versions, with the new reports providing you the following additional capabilities:
179
+
180
+
- Advanced filtering and sorting
181
+
182
+
- Bulk actions, such as dismissing user risk
183
+
184
+
- Confirmation of compromised or safe entities
185
+
186
+
- Risk state, covering: At risk, Dismissed, Remediated, and Confirmed compromised
187
+
188
+
For more information, see [Risky users report](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risky-users) and [Risky sign-ins report](https://docs.microsoft.com/azure/active-directory/identity-protection/howto-investigate-risk#risky-sign-ins).
189
+
190
+
---
191
+
192
+
### New Security Audits for Azure AD Domain Services (Public Preview)
193
+
194
+
**Type:** New feature
195
+
**Service category:** Azure AD Domain Services
196
+
**Product capability:** Azure AD Domain Services
197
+
198
+
We're pleased to announce the release of Azure AD Domain Service Security Auditing to public preview. Security auditing helps provide you with critical insight into your authentication services by streaming security audit events to targeted resources, including Azure Storage, Azure Log Analytics workspaces, and Azure Event Hub, using the Azure AD Domain Service portal.
199
+
200
+
For more information, see [Enable Security Audits for Azure AD Domain Services (Preview)](https://docs.microsoft.com/azure/active-directory-domain-services/security-audit-events).
201
+
202
+
---
203
+
204
+
### New B2B direct federation using SAML/WS-Fed (Public Preview)
205
+
206
+
**Type:** New feature
207
+
**Service category:** B2B
208
+
**Product capability:** B2B/B2C
209
+
210
+
Direct federation helps to make it easier for you to work with partners whose IT-managed identity solution is not Azure AD, by working with identity systems that support the SAML or WS-Fed standards. After you set up a direct federation relationship with a partner, any new guest user you invite from that domain can collaborate with you using their existing organizational account, making the user experience for your guests more seamless.
211
+
212
+
For more information, see [Direct federation with AD FS and third-party providers for guest users (preview)](https://docs.microsoft.com/azure/active-directory/b2b/direct-federation).
213
+
214
+
---
215
+
216
+
### Automate user account provisioning for these newly supported SaaS apps
217
+
218
+
**Type:** New feature
219
+
**Service category:** Enterprise Apps
220
+
**Product capability:** Monitoring & Reporting
221
+
222
+
You can now automate creating, updating, and deleting user accounts for these newly integrated apps:
For more information about how to better secure your organization by using automated user account provisioning, see [Automate user provisioning to SaaS applications with Azure AD](https://docs.microsoft.com/azure/active-directory/manage-apps/user-provisioning).
237
+
238
+
---
239
+
240
+
### New check for duplicate group names in the Azure AD portal
241
+
242
+
**Type:** New feature
243
+
**Service category:** Group Management
244
+
**Product capability:** Collaboration
245
+
246
+
Now, when you create or update a group name from the Azure AD portal, we'll perform a check to see if you are duplicating an existing group name in your resource. If we determine that the name is already in use by another group, you'll be asked to modify your name.
247
+
248
+
For more information, see [Manage groups in the Azure AD portal](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal?context=azure/active-directory/users-groups-roles/context/ugr-context).
249
+
250
+
---
251
+
252
+
### Azure AD now supports static query parameters in reply (redirect) URIs
253
+
254
+
**Type:** New feature
255
+
**Service category:** Authentications (Logins)
256
+
**Product capability:** User Authentication
257
+
258
+
Azure AD apps can now register and use reply (redirect) URIs with static query parameters (for example, `https://contoso.com/oauth2?idp=microsoft`) for OAuth 2.0 requests. The static query parameter is subject to string matching for reply URIs, just like any other part of the reply URI. If there's no registered string that matches the URL-decoded redirect-uri, the request is rejected. If the reply URI is found, the entire string is used to redirect the user, including the static query parameter.
259
+
260
+
Dynamic reply URIs are still forbidden because they represent a security risk and can't be used to retain state information across an authentication request. For this purpose, use the `state` parameter.
261
+
262
+
Currently, the app registration screens of the Azure portal still block query parameters. However, you can manually edit the app manifest to add and test query parameters in your app. For more information, see [What's new for authentication?](https://docs.microsoft.com/azure/active-directory/develop/reference-breaking-changes#redirect-uris-can-now-contain-query-string-parameters).
263
+
264
+
---
265
+
266
+
### Activity logs (MS Graph APIs) for Azure AD are now available through PowerShell Cmdlets
267
+
268
+
**Type:** New feature
269
+
**Service category:** Reporting
270
+
**Product capability:** Monitoring & Reporting
271
+
272
+
We're excited to announce that Azure AD activity logs (Audit and Sign-ins reports) are now available through the Azure AD PowerShell module. Previously, you could create your own scripts using MS Graph API endpoints, and now we've extended that capability to PowerShell cmdlets.
273
+
274
+
For more information about how to use these cmdlets, see [Azure AD PowerShell cmdlets for reporting](https://docs.microsoft.com/azure/active-directory/reports-monitoring/reference-powershell-reporting).
275
+
276
+
---
277
+
278
+
### Updated filter controls for Audit and Sign-in logs in Azure AD
279
+
280
+
**Type:** Changed feature
281
+
**Service category:** Reporting
282
+
**Product capability:** Monitoring & Reporting
283
+
284
+
We've updated the Audit and Sign-in log reports so you can now apply various filters without having to add them as columns on the report screens. Additionally, you can now decide how many filters you want to show on the screen. These updates all work together to make your reports easier to read and more scoped to your needs.
285
+
286
+
For more information about these updates, see [Filter audit logs](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-audit-logs#filtering-audit-logs) and [Filter sign-in activities](https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins#filter-sign-in-activities).
287
+
288
+
---
289
+
33
290
## June 2019
34
291
35
292
### New riskDetections API for Microsoft Graph (Public preview)
0 commit comments