You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/whats-new-archive.md
-219Lines changed: 0 additions & 219 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9597,223 +9597,4 @@ For more information, see [Privileged Identity Management for Azure resources (p
9597
9597
9598
9598
---
9599
9599
9600
-
## November 2017
9601
-
9602
-
### Access Control service retirement
9603
-
9604
-
**Type:** Plan for change
9605
-
**Service category:** Access Control service
9606
-
**Product capability:** Access Control service
9607
-
9608
-
Azure Active Directory Access Control (also known as the Access Control service) will be retired in late 2018. More information that includes a detailed schedule and high-level migration guidance will be provided in the next few weeks. You can leave comments on this page with any questions about the Access Control service, and a team member will answer them.
9609
-
9610
-
---
9611
-
9612
-
### Restrict browser access to the Intune Managed Browser
9613
-
9614
-
**Type:** Plan for change
9615
-
**Service category:** Conditional Access
9616
-
**Product capability:** Identity security and protection
9617
-
9618
-
You can restrict browser access to Office 365 and other Azure AD-connected cloud apps by using the Intune Managed Browser as an approved app.
9619
-
9620
-
You now can configure the following condition for application-based Conditional Access:
9621
-
9622
-
**Client apps:** Browser
9623
-
9624
-
**What is the effect of the change?**
9625
-
9626
-
Today, access is blocked when you use this condition. When the preview is available, all access will require the use of the managed browser application.
9627
-
9628
-
Look for this capability and more information in upcoming blogs and release notes.
9629
-
9630
-
For more information, see [Conditional Access in Azure AD](../conditional-access/overview.md).
9631
-
9632
-
---
9633
-
9634
-
### New approved client apps for Azure AD app-based Conditional Access
9635
-
9636
-
**Type:** Plan for change
9637
-
**Service category:** Conditional Access
9638
-
**Product capability:** Identity security and protection
9639
-
9640
-
The following apps are on the list of [approved client apps](../conditional-access/concept-conditional-access-conditions.md#client-apps):
- [Azure AD app-based Conditional Access](../conditional-access/app-based-conditional-access.md)
9649
-
9650
-
---
9651
-
9652
-
### Terms-of-use support for multiple languages
9653
-
9654
-
**Type:** New feature
9655
-
**Service category:** Terms of use
9656
-
**Product capability:** Compliance
9657
-
9658
-
Administrators now can create new terms of use that contain multiple PDF documents. You can tag these PDF documents with a corresponding language. Users are shown the PDF with the matching language based on their preferences. If there is no match, the default language is shown.
9659
-
9660
-
---
9661
-
9662
-
### Real-time password writeback client status
9663
-
9664
-
**Type:** New feature
9665
-
**Service category:** Self-service password reset
9666
-
**Product capability:** User authentication
9667
-
9668
-
You now can review the status of your on-premises password writeback client. This option is available in the **On-premises integration** section of the [Password reset](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/PasswordReset) page.
9669
-
9670
-
If there are issues with your connection to your on-premises writeback client, you see an error message that provides you with:
9671
-
9672
-
- Information on why you can't connect to your on-premises writeback client.
9673
-
- A link to documentation that assists you in resolving the issue.
9674
-
9675
-
For more information, see [on-premises integration](../authentication/concept-sspr-howitworks.md#on-premises-integration).
9676
-
9677
-
---
9678
-
9679
-
### Azure AD app-based Conditional Access
9680
-
9681
-
**Type:** New feature
9682
-
**Service category:** Azure AD
9683
-
**Product capability:** Identity security and protection
9684
-
9685
-
You now can restrict access to Office 365 and other Azure AD-connected cloud apps to [approved client apps](../conditional-access/concept-conditional-access-conditions.md#client-apps) that support Intune app protection policies by using [Azure AD app-based Conditional Access](../conditional-access/app-based-conditional-access.md). Intune app protection policies are used to configure and protect company data on these client applications.
9686
-
9687
-
By combining [app-based](../conditional-access/app-based-conditional-access.md) with [device-based](../conditional-access/require-managed-devices.md) Conditional Access policies, you have the flexibility to protect data for personal and company devices.
9688
-
9689
-
The following conditions and controls are now available for use with app-based Conditional Access:
9690
-
9691
-
**Supported platform condition**
9692
-
9693
-
- iOS
9694
-
- Android
9695
-
9696
-
**Client apps condition**
9697
-
9698
-
- Mobile apps and desktop clients
9699
-
9700
-
**Access control**
9701
-
9702
-
- Require approved client app
9703
-
9704
-
For more information, see [Azure AD app-based Conditional Access](../conditional-access/app-based-conditional-access.md).
9705
-
9706
-
---
9707
-
9708
-
### Manage Azure AD devices in the Azure portal
9709
-
9710
-
**Type:** New feature
9711
-
**Service category:** Device registration and management
9712
-
**Product capability:** Identity security and protection
9713
-
9714
-
You now can find all your devices connected to Azure AD and the device-related activities in one place. There is a new administration experience to manage all your device identities and settings in the Azure portal. In this release, you can:
9715
-
9716
-
- View all your devices that are available for Conditional Access in Azure AD.
9717
-
- View properties, which include your hybrid Azure AD-joined devices.
9718
-
- Find BitLocker keys for your Azure AD-joined devices, manage your device with Intune, and more.
9719
-
- Manage Azure AD device-related settings.
9720
-
9721
-
For more information, see [Manage devices by using the Azure portal](../devices/device-management-azure-portal.md).
9722
-
9723
-
---
9724
-
9725
-
### Support for macOS as a device platform for Azure AD Conditional Access
9726
-
9727
-
**Type:** New feature
9728
-
**Service category:** Conditional Access
9729
-
**Product capability:** Identity security and protection
9730
-
9731
-
You now can include (or exclude) macOS as a device platform condition in your Azure AD Conditional Access policy. With the addition of macOS to the supported device platforms, you can:
9732
-
9733
-
- **Enroll and manage macOS devices by using Intune.** Similar to other platforms like iOS and Android, a company portal application is available for macOS to do unified enrollments. You can use the new company portal app for macOS to enroll a device with Intune and register it with Azure AD.
9734
-
- **Ensure macOS devices adhere to your organization's compliance policies defined in Intune.** In Intune on the Azure portal, you now can set up compliance policies for macOS devices.
9735
-
- **Restrict access to applications in Azure AD to only compliant macOS devices.** Conditional Access policy authoring has macOS as a separate device platform option. Now you can author macOS-specific Conditional Access policies for the targeted application set in Azure.
9736
-
9737
-
For more information, see:
9738
-
9739
-
- [Create a device compliance policy for macOS devices with Intune](/mem/intune/protect/compliance-policy-create-mac-os)
9740
-
- [Conditional Access in Azure AD](../conditional-access/overview.md)
9741
-
9742
-
---
9743
-
9744
-
### Network Policy Server extension for Azure AD Multi-Factor Authentication
9745
-
9746
-
**Type:** New feature
9747
-
**Service category:** Multifactor authentication
9748
-
**Product capability:** User authentication
9749
-
9750
-
The Network Policy Server extension for Azure Active Directory (Azure AD) Multi-Factor Authentication adds cloud-based multifactor authentication capabilities to your authentication infrastructure by using your existing servers. With the Network Policy Server extension, you can add phone call, text message, or phone app verification to your existing authentication flow. You don't have to install, configure, and maintain new servers.
9751
-
9752
-
This extension was created for organizations that want to protect virtual private network connections without deploying the Azure Active Directory Multi-Factor Authentication Server. The Network Policy Server extension acts as an adapter between RADIUS and cloud-based Azure AD Multi-Factor Authentication to provide a second factor of authentication for federated or synced users.
9753
-
9754
-
For more information, see [Integrate your existing Network Policy Server infrastructure with Azure AD Multi-Factor Authentication](../authentication/howto-mfa-nps-extension.md).
9755
-
9756
-
---
9757
-
9758
-
### Restore or permanently remove deleted users
9759
-
9760
-
**Type:** New feature
9761
-
**Service category:** User management
9762
-
**Product capability:** Directory
9763
-
9764
-
In the Azure AD admin center, you can now:
9765
-
9766
-
- Restore a deleted user.
9767
-
- Permanently delete a user.
9768
-
9769
-
**To try it out:**
9770
-
9771
-
1. In the Azure AD admin center, select [All users](https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/UserManagementMenuBlade/All) in the **Manage** section.
9772
-
9773
-
2. From the **Show** list, select **Recently deleted users**.
9774
-
9775
-
3. Select one or more recently deleted users, and then either restore them or permanently delete them.
9776
-
9777
-
---
9778
-
9779
-
### New approved client apps for Azure AD app-based Conditional Access
9780
-
9781
-
**Type:** Changed feature
9782
-
**Service category:** Conditional Access
9783
-
**Product capability:** Identity security and protection
9784
-
9785
-
The following apps were added to the list of [approved client apps](../conditional-access/concept-conditional-access-conditions.md#client-apps):
- [Azure AD app-based Conditional Access](../conditional-access/app-based-conditional-access.md)
9794
-
9795
-
---
9796
-
9797
-
### Use "OR" between controls in a Conditional Access policy
9798
-
9799
-
**Type:** Changed feature
9800
-
**Service category:** Conditional Access
9801
-
**Product capability:** Identity security and protection
9802
-
9803
-
You now can use "OR" (require one of the selected controls) for Conditional Access controls. You can use this feature to create policies with "OR" between access controls. For example, you can use this feature to create a policy that requires a user to sign in by using multifactor authentication "OR" to be on a compliant device.
9804
-
9805
-
For more information, see [Controls in Azure AD Conditional Access](../conditional-access/controls.md).
9806
-
9807
-
---
9808
-
9809
-
### Aggregation of real-time risk detections
9810
-
9811
-
**Type:** Changed feature
9812
-
**Service category:** Identity protection
9813
-
**Product capability:** Identity security and protection
9814
-
9815
-
In Azure AD Identity Protection, all real-time risk detections that originated from the same IP address on a given day are now aggregated for each risk detection type. This change limits the volume of risk detections shown without any change in user security.
9816
-
9817
-
The underlying real-time detection works each time the user signs in. If you have a sign-in risk security policy set up to multifactor authentication or block access, it is still triggered during each risky sign-in.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments