You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/whats-new-archive.md
+241Lines changed: 241 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,247 @@ The What's new in Azure Active Directory? release notes provide information abou
27
27
- Deprecated functionality
28
28
- Plans for changes
29
29
30
+
---
31
+
32
+
## October 2022
33
+
34
+
### General Availability - Upgrade Azure AD Provisioning agent to the latest version (version number: 1.1.977.0)
35
+
36
+
37
+
38
+
**Type:** Plan for change
39
+
**Service category:** Provisioning
40
+
**Product capability:** Azure AD Connect Cloud Sync
41
+
42
+
Microsoft stops support for Azure AD provisioning agent with versions 1.1.818.0 and below starting Feb 1,2023. If you're using Azure AD cloud sync, make sure you have the latest version of the agent. You can view info about the agent release history [here](../app-provisioning/provisioning-agent-release-version-history.md). You can download the latest version [here](https://download.msappproxy.net/Subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/Connector/provisioningAgentInstaller)
43
+
44
+
You can find out which version of the agent you're using as follows:
45
+
46
+
1. Going to the domain server that you have the agent installed
47
+
1. Right-click on the Microsoft Azure AD Connect Provisioning Agent app
48
+
1. Select on “Details” tab and you can find the version number there
49
+
50
+
> [!NOTE]
51
+
> Azure Active Directory (AD) Connect follows the [Modern Lifecycle Policy](/lifecycle/policies/modern). Changes for products and services under the Modern Lifecycle Policy may be more frequent and require customers to be alert for forthcoming modifications to their product or service.
52
+
Product governed by the Modern Policy follow a [continuous support and servicing model](/lifecycle/overview/product-end-of-support-overview). Customers must take the latest update to remain supported. For products and services governed by the Modern Lifecycle Policy, Microsoft's policy is to provide a minimum 30 days' notification when customers are required to take action in order to avoid significant degradation to the normal use of the product or service.
53
+
54
+
---
55
+
56
+
### General Availability - Add multiple domains to the same SAML/Ws-Fed based identity provider configuration for your external users
57
+
58
+
59
+
60
+
**Type:** New feature
61
+
**Service category:** B2B
62
+
**Product capability:** B2B/B2C
63
+
64
+
An IT admin can now add multiple domains to a single SAML/WS-Fed identity provider configuration to invite users from multiple domains to authenticate from the same identity provider endpoint. For more information, see: [Federation with SAML/WS-Fed identity providers for guest users](../external-identities/direct-federation.md).
65
+
66
+
67
+
---
68
+
69
+
### General Availability - Limits on the number of configured API permissions for an application registration enforced starting in October 2022
70
+
71
+
72
+
73
+
**Type:** Plan for change
74
+
**Service category:** Other
75
+
**Product capability:** Developer Experience
76
+
77
+
In the end of October, the total number of required permissions for any single application registration must not exceed 400 permissions across all APIs. Applications exceeding the limit are unable to increase the number of permissions configured for. The existing limit on the number of distinct APIs for permissions required remains unchanged and may not exceed 50 APIs.
78
+
79
+
In the Azure portal, the required permissions list is under API Permissions within specific applications in the application registration menu. When using Microsoft Graph or Microsoft Graph PowerShell, the required permissions list is in the requiredResourceAccess property of an [application](/graph/api/resources/application) entity. For more information, see: [Validation differences by supported account types (signInAudience)](../develop/supported-accounts-validation.md).
80
+
81
+
82
+
---
83
+
84
+
### Public Preview - Conditional access Authentication strengths
85
+
86
+
87
+
88
+
**Type:** New feature
89
+
**Service category:** Conditional Access
90
+
**Product capability:** User Authentication
91
+
92
+
We're announcing Public preview of Authentication strength, a Conditional Access control that allows administrators to specify which authentication methods can be used to access a resource. For more information, see: [Conditional Access authentication strength (preview)](../authentication/concept-authentication-strengths.md). You can use custom authentication strengths to restrict access by requiring specific FIDO2 keys using the Authenticator Attestation GUIDs (AAGUIDs), and apply this through conditional access policies. For more information, see: [FIDO2 security key advanced options](../authentication/concept-authentication-strengths.md#fido2-security-key-advanced-options).
93
+
94
+
---
95
+
96
+
### Public Preview - Conditional access authentication strengths for external identities
97
+
98
+
99
+
**Type:** New feature
100
+
**Service category:** B2B
101
+
**Product capability:** B2B/B2C
102
+
103
+
You can now require your business partner (B2B) guests across all Microsoft clouds to use specific authentication methods to access your resources with **Conditional Access Authentication Strength policies**. For more information, see: [Conditional Access: Require an authentication strength for external users](../conditional-access/howto-conditional-access-policy-authentication-strength-external.md).
104
+
105
+
---
106
+
107
+
108
+
### Generally Availability - Windows Hello for Business, Cloud Kerberos Trust deployment
109
+
110
+
111
+
112
+
**Type:** New feature
113
+
**Service category:** Authentications (Logins)
114
+
**Product capability:** User Authentication
115
+
116
+
We're excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model to enable a password-less sign-in experience. With this new model, we’ve made Windows Hello for Business easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI), and Azure Active Directory (AD) Connect synchronization wait times. For more information, see: [Hybrid Cloud Kerberos Trust Deployment](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust).
117
+
118
+
---
119
+
120
+
### General Availability - Device-based conditional access on Linux Desktops
121
+
122
+
123
+
124
+
**Type:** New feature
125
+
**Service category:** Conditional Access
126
+
**Product capability:** SSO
127
+
128
+
This feature empowers users on Linux clients to register their devices with Azure AD, enroll into Intune management, and satisfy device-based Conditional Access policies when accessing their corporate resources.
129
+
130
+
- Users can register their Linux devices with Azure AD
131
+
- Users can enroll in Mobile Device Management (Intune), which can be used to provide compliance decisions based upon policy definitions to allow device based conditional access on Linux Desktops
132
+
- If compliant, users can use Microsoft Edge Browser to enable Single-Sign on to M365/Azure resources and satisfy device-based Conditional Access policies.
133
+
134
+
135
+
For more information, see:
136
+
[Azure AD registered devices](../devices/concept-azure-ad-register.md).
137
+
[Plan your Azure Active Directory device deployment](../devices/plan-device-deployment.md)
138
+
139
+
---
140
+
141
+
### General Availability - Deprecation of Azure Active Directory Multi-Factor Authentication.
Beginning September 30, 2024, Azure Active Directory Multi-Factor Authentication Server deployments will no longer service multi-factor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services, and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure Active Directory Multi-Factor Authentication service using the latest Migration Utility included in the most recent Azure Active Directory Multi-Factor Authentication Server update. For more information, see: [Migrate from MFA Server to Azure AD Multi-Factor Authentication](../authentication/how-to-migrate-mfa-server-to-azure-mfa.md).
150
+
151
+
---
152
+
153
+
### Public Preview - Lifecycle Workflows is now available
154
+
155
+
156
+
157
+
**Type:** New feature
158
+
**Service category:** Lifecycle Workflows
159
+
**Product capability:** Identity Governance
160
+
161
+
162
+
We're excited to announce the public preview of Lifecycle Workflows, a new Identity Governance capability that allows customers to extend the user provisioning process, and adds enterprise grade user lifecycle management capabilities, in Azure AD to modernize your identity lifecycle management process. With Lifecycle Workflows, you can:
163
+
164
+
- Confidently configure and deploy custom workflows to onboard and offboard cloud employees at scale replacing your manual processes.
165
+
- Automate out-of-the-box actions critical to required Joiner and Leaver scenarios and get rich reporting insights.
166
+
- Extend workflows via Logic Apps integrations with custom tasks extensions for more complex scenarios.
167
+
168
+
For more information, see: [What are Lifecycle Workflows? (Public Preview)](../governance/what-are-lifecycle-workflows.md).
169
+
170
+
---
171
+
172
+
### Public Preview - User-to-Group Affiliation recommendation for group Access Reviews
173
+
174
+
175
+
176
+
**Type:** New feature
177
+
**Service category:** Access Reviews
178
+
**Product capability:** Identity Governance
179
+
180
+
This feature provides Machine Learning based recommendations to the reviewers of Azure AD Access Reviews to make the review experience easier and more accurate. The recommendation detects user affiliation with other users within the group, and applies the scoring mechanism we built by computing the user’s average distance with other users in the group. For more information, see: [Review recommendations for Access reviews](../governance/review-recommendations-access-reviews.md).
181
+
182
+
---
183
+
184
+
### General Availability - Group assignment for SuccessFactors Writeback application
185
+
186
+
187
+
188
+
**Type:** New feature
189
+
**Service category:** Provisioning
190
+
**Product capability:** Outbound to SaaS Applications
191
+
192
+
When configuring writeback of attributes from Azure AD to SAP SuccessFactors Employee Central, you can now specify the scope of users using Azure AD group assignment. For more information, see: [Tutorial: Configure attribute write-back from Azure AD to SAP SuccessFactors](../saas-apps/sap-successfactors-writeback-tutorial.md).
193
+
194
+
---
195
+
196
+
### General Availability - Number Matching for Microsoft Authenticator notifications
197
+
198
+
199
+
200
+
**Type:** New feature
201
+
**Service category:** Microsoft Authenticator App
202
+
**Product capability:** User Authentication
203
+
204
+
To prevent accidental notification approvals, admins can now require users to enter the number displayed on the sign-in screen when approving an MFA notification in the Microsoft Authenticator app. We've also refreshed the Azure portal admin UX and Microsoft Graph APIs to make it easier for customers to manage Authenticator app feature roll-outs. As part of this update we have also added the highly requested ability for admins to exclude user groups from each feature.
205
+
206
+
The number matching feature greatly up-levels the security posture of the Microsoft Authenticator app and protects organizations from MFA fatigue attacks. We highly encourage our customers to adopt this feature applying the rollout controls we have built. Number Matching will begin to be enabled for all users of the Microsoft Authenticator app starting February 27 2023.
207
+
208
+
209
+
For more information, see: [How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy](../authentication/how-to-mfa-number-match.md).
210
+
211
+
---
212
+
213
+
### General Availability - Additional context in Microsoft Authenticator notifications
214
+
215
+
216
+
217
+
**Type:** New feature
218
+
**Service category:** Microsoft Authenticator App
219
+
**Product capability:** User Authentication
220
+
221
+
Reduce accidental approvals by showing users additional context in Microsoft Authenticator app notifications. Customers can enhance notifications with the following steps:
222
+
223
+
- Application Context: This feature shows users which application they're signing into.
224
+
- Geographic Location Context: This feature shows users their sign-in location based on the IP address of the device they're signing into.
225
+
226
+
The feature is available for both MFA and Password-less Phone Sign-in notifications and greatly increases the security posture of the Microsoft Authenticator app. We've also refreshed the Azure portal Admin UX and Microsoft Graph APIs to make it easier for customers to manage Authenticator app feature roll-outs. As part of this update, we've also added the highly requested ability for admins to exclude user groups from certain features.
227
+
228
+
We highly encourage our customers to adopt these critical security features to reduce accidental approvals of Authenticator notifications by end users.
229
+
230
+
231
+
For more information, see: [How to use additional context in Microsoft Authenticator notifications - Authentication methods policy](../authentication/how-to-mfa-additional-context.md).
232
+
233
+
---
234
+
235
+
### New Federated Apps available in Azure AD Application gallery - October 2022
236
+
237
+
238
+
239
+
**Type:** New feature
240
+
**Service category:** Enterprise Apps
241
+
**Product capability:** 3rd Party Integration
242
+
243
+
244
+
245
+
In October 2022 we've added the following 15 new applications in our App gallery with Federation support:
For more information about how to better secure your organization by using automated user account provisioning, see: [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments