You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/fundamentals/whats-new.md
+254Lines changed: 254 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,6 +32,260 @@ Azure AD receives improvements on an ongoing basis. To stay up to date with the
32
32
This page is updated monthly, so revisit it regularly. If you're looking for items older than six months, you can find them in [Archive for What's new in Azure Active Directory](whats-new-archive.md).
33
33
34
34
35
+
## October 2022
36
+
37
+
### General Availability - Upgrade Azure AD Provisioning agent to the latest version (version number: 1.1.977.0)
38
+
39
+
40
+
41
+
**Type:** Plan for change
42
+
**Service category:** Provisioning
43
+
**Product capability:** AAD Connect Cloud Sync
44
+
45
+
Microsoft will stop support for Azure AD provisioning agent with versions 1.1.818.0 and below starting Feb 1,2023. If you are using Azure AD cloud sync, please make sure you have the latest version of the agent. You can info about the agent release history [here](../app-provisioning/provisioning-agent-release-version-history.md). You can download the latest version [here](https://download.msappproxy.net/Subscription/d3c8b69d-6bf7-42be-a529-3fe9c2e70c90/Connector/provisioningAgentInstaller)
46
+
47
+
You can find out which version of the agent you are using as follows:
48
+
49
+
1. Going to the domain server which you have the agent installed
50
+
1. Right-click on the Microsoft Azure AD Connect Provisioning Agent app
51
+
1. Click on “Details” tab and you can find the version number there
52
+
53
+
> [!NOTE]
54
+
> Azure Active Directory (AD) Connect follows the [Modern Lifecycle Policy](/lifecycle/policies/modern). Changes for products and services under the Modern Lifecycle Policy may be more frequent and require customers to be alert for forthcoming modifications to their product or service.
55
+
Product governed by the Modern Policy follow a [continuous support and servicing model](/lifecycle/overview/product-end-of-support-overview). Customers must take the latest update to remain supported. For products and services governed by the Modern Lifecycle Policy, Microsoft's policy is to provide a minimum 30 days' notification when customers are required to take action in order to avoid significant degradation to the normal use of the product or service.
56
+
57
+
---
58
+
59
+
### General Availability - Add multiple domains to the same SAML/Ws-Fed based identity provider configuration for your external users
60
+
61
+
62
+
63
+
**Type:** New feature
64
+
**Service category:** B2B
65
+
**Product capability:** B2B/B2C
66
+
67
+
An IT admin can now add multiple domains to a single SAML/WS-Fed identity provider configuration to invite users from multiple domains to authenticate from the same identity provider endpoint. For more information, see: [Federation with SAML/WS-Fed identity providers for guest users](../external-identities/direct-federation.md).
68
+
69
+
70
+
---
71
+
72
+
### General Availability - Limits on the number of configured API permissions for an application registration will be enforced starting in October 2022
73
+
74
+
75
+
76
+
**Type:** Plan for change
77
+
**Service category:** Other
78
+
**Product capability:** Developer Experience
79
+
80
+
In the end of October, the total number of required permissions for any single application registration must not exceed 400 permissions across all APIs. Applications exceeding the limit won't be able to increase the number of permissions they're configured for. The existing limit on the number of distinct APIs for which permissions are required remains unchanged and may not exceed 50 APIs.
81
+
82
+
In the Azure portal, the required permissions are listed under API Permissions within specific applications in the application registration menu. When using Microsoft Graph or Microsoft Graph PowerShell, the required permissions are listed in the requiredResourceAccess property of an [application](/graph/api/resources/application) entity. For more information, see: [Validation differences by supported account types (signInAudience)](../develop/supported-accounts-validation.md).
83
+
84
+
85
+
---
86
+
87
+
### Public Preview - Conditional access Authentication strengths
88
+
89
+
90
+
91
+
**Type:** New feature
92
+
**Service category:** Conditional Access
93
+
**Product capability:** User Authentication
94
+
95
+
Announcing Public preview of Authentication strength, a Conditional Access control that allows administrators to specify which authentication methods can be used to access a resource. For more information, see: [Conditional Access authentication strength (preview)](../authentication/concept-authentication-strengths.md). You can use custom authentication strengths to restrict access by requiring specific FIDO2 keys using the Authenticator Attestation GUIDs (AAGUIDs), and apply this through conditional access policies. For more information, see: [FIDO2 security key advanced options](../authentication/concept-authentication-strengths.md#fido2-security-key-advanced-options).
96
+
97
+
---
98
+
99
+
### Public Preview - Conditional access authentication strengths for external identities
100
+
101
+
102
+
**Type:** New feature
103
+
**Service category:** B2B
104
+
**Product capability:** B2B/B2C
105
+
106
+
You can now require your business partner (B2B) guests across all Microsoft clouds to use specific authentication methods to access your resources with **Conditional Access Authentication Strength policies**. For more information, see: [Conditional Access: Require an authentication strength for external users](../conditional-access/howto-conditional-access-policy-authentication-strength-external.md).
107
+
108
+
---
109
+
110
+
111
+
### Generally Availability - Windows Hello for Business, Cloud Kerberos Trust deployment
112
+
113
+
114
+
115
+
**Type:** New feature
116
+
**Service category:** Authentications (Logins)
117
+
**Product capability:** User Authentication
118
+
119
+
We're excited to announce the general availability of hybrid cloud Kerberos trust, a new Windows Hello for Business deployment model to enable a password-less sign-in experience. With this new model, we’ve made Windows Hello for Business much easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI), and Azure Active Directory (AD) Connect synchronization wait times. For more information, see: [Hybrid Cloud Kerberos Trust Deployment](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust).
120
+
121
+
---
122
+
123
+
### General Availability - Device-based conditional access on Linux Desktops
124
+
125
+
126
+
127
+
**Type:** New feature
128
+
**Service category:** Conditional Access
129
+
**Product capability:** SSO
130
+
131
+
This feature empowers users on Linux clients to register their devices with Azure AD, enroll into Intune management, and satisfy device-based Conditional Access policies when accessing their corporate resources.
132
+
133
+
- Users can register their Linux devices with Azure AD
134
+
- Users can enroll in Mobile Device Management (Intune), which can be used to provide compliance decisions based upon policy definitions to allow device based conditional access on Linux Desktops
135
+
- If compliant, users can use Edge Browser to enable Single-Sign on to M365/Azure resources and satisfy device-based Conditional Access policies.
136
+
137
+
138
+
For more information, see:
139
+
[Azure AD registered devices](../devices/concept-azure-ad-register.md).
140
+
[Plan your Azure Active Directory device deployment](../devices/plan-device-deployment.md)
141
+
142
+
---
143
+
144
+
### General Availability - Deprecation of Azure Multi-Factor Authentication Server
Beginning September 30, 2024, Azure Multi-Factor Authentication Server deployments will no longer service multi-factor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services, and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure AD Multi-Factor Authentication service using the latest Migration Utility included in the most recent Azure AD Multi-Factor Authentication Server update. For more information, see: [Migrate from MFA Server to Azure AD Multi-Factor Authentication](../authentication/how-to-migrate-mfa-server-to-azure-mfa.md).
153
+
154
+
---
155
+
156
+
### General Availability - Change of Default User Consent Settings
157
+
158
+
159
+
160
+
**Type:** New feature
161
+
**Service category:** Enterprise Apps
162
+
**Product capability:** Developer Experience
163
+
164
+
Starting Sept 30th, 2022, Microsoft will require all new tenants to follow a new user consent configuration. While this won't impact any existing tenants that were created before September 30, 2022, all new tenants created after September 30, 2022, will have the default setting of “Enable automatic updates (Recommendation)” under User consent settings. This change reduces the risk of malicious applications attempting to trick users into granting them access to your organization's data. For more information, see: [Configure how users consent to applications](../manage-apps/configure-user-consent.md).
165
+
166
+
---
167
+
168
+
### Public Preview - Lifecycle Workflows is now available
169
+
170
+
171
+
172
+
**Type:** New feature
173
+
**Service category:** Lifecycle Workflows
174
+
**Product capability:** Identity Governance
175
+
176
+
177
+
We're excited to announce the public preview of Lifecycle Workflows, a new Identity Governance capability that allows customers to extend the user provisioning process, and adds enterprise grade user lifecycle management capabilities, in Azure AD to modernize your identity lifecycle management process. With Lifecycle Workflows, you can:
178
+
179
+
- Confidently configure and deploy custom workflows to onboard and offboard cloud employees at scale replacing your manual processes.
180
+
- Automate out-of-the-box actions critical to required Joiner and Leaver scenarios and get rich reporting insights.
181
+
- Extend workflows via Logic Apps integrations with custom tasks extensions for more complex scenarios.
182
+
183
+
For more information, see: [What are Lifecycle Workflows? (Public Preview)](../governance/what-are-lifecycle-workflows.md).
184
+
185
+
---
186
+
187
+
### Public Preview - User-to-Group Affiliation recommendation for group Access Reviews
188
+
189
+
190
+
191
+
**Type:** New feature
192
+
**Service category:** Access Reviews
193
+
**Product capability:** Identity Governance
194
+
195
+
This feature provides Machine Learning based recommendations to the reviewers of Azure AD Access Reviews to make the review experience easier and more accurate. The recommendation detects user affiliation with other users within the group, and leverages the scoring mechanism we built by computing the user’s average distance with other users in the group. For more information, see: [Review recommendations for Access reviews](../governance/review-recommendations-access-reviews.md).
196
+
197
+
---
198
+
199
+
### General Availability - Group assignment for SuccessFactors Writeback application
200
+
201
+
202
+
203
+
**Type:** New feature
204
+
**Service category:** Provisioning
205
+
**Product capability:** Outbound to SaaS Applications
206
+
207
+
When configuring writeback of attributes from Azure AD to SAP SuccessFactors Employee Central, you can now specify the scope of users using Azure AD group assignment. For more information, see: [Tutorial: Configure attribute write-back from Azure AD to SAP SuccessFactors](../saas-apps/sap-successfactors-writeback-tutorial.md).
208
+
209
+
---
210
+
211
+
### General Availability - Number Matching for Microsoft Authenticator notifications
212
+
213
+
214
+
215
+
**Type:** New feature
216
+
**Service category:** Microsoft Authenticator App
217
+
**Product capability:** User Authentication
218
+
219
+
To prevent accidental notification approvals, admins can now require users to enter the number displayed on the sign-in screen when approving an MFA notification in the Microsoft Authenticator app. We've also refreshed the Azure portal admin UX and Microsoft Graph APIs to make it easier for customers to manage Authenticator app feature roll-outs. As part of this update we have also added the highly requested ability for admins to exclude user groups from each feature.
220
+
221
+
The number matching feature greatly up-levels the security posture of the Microsoft Authenticator app and protects organizations from MFA fatigue attacks. We highly encourage our customers to adopt this feature leveraging the rollout controls we have built. Number Matching will begin to be enabled for all users of the Microsoft Authenticator app starting 27th of February 2023.
222
+
223
+
224
+
For more information, see: [How to use number matching in multifactor authentication (MFA) notifications - Authentication methods policy](../authentication/how-to-mfa-number-match.md).
225
+
226
+
---
227
+
228
+
### General Availability - Additional context in Microsoft Authenticator notifications
229
+
230
+
231
+
232
+
**Type:** New feature
233
+
**Service category:** Microsoft Authenticator App
234
+
**Product capability:** User Authentication
235
+
236
+
Reduce accidental approvals by showing users additional context in Microsoft Authenticator app notifications. Customers can enhance notifications with the following:
237
+
238
+
- Application Context: This feature will show users which application they're signing into.
239
+
- Geographic Location Context: This feature will show users their sign-in location based on the IP address of the device they're signing into.
240
+
241
+
The feature is available for both MFA and Password-less Phone Sign-in notifications and greatly increases the security posture of the Microsoft Authenticator app. We've also refreshed the Azure portal Admin UX and Microsoft Graph APIs to make it easier for customers to manage Authenticator app feature roll-outs. As part of this update, we've also added the highly requested ability for admins to exclude user groups from certain features.
242
+
243
+
We highly encourage our customers to adopt these critical security features to reduce accidental approvals of Authenticator notifications by end users.
244
+
245
+
246
+
For more information, see: [How to use additional context in Microsoft Authenticator notifications - Authentication methods policy](../authentication/how-to-mfa-additional-context.md).
247
+
248
+
---
249
+
250
+
### New Federated Apps available in Azure AD Application gallery - October 2022
251
+
252
+
253
+
254
+
**Type:** New feature
255
+
**Service category:** Enterprise Apps
256
+
**Product capability:** 3rd Party Integration
257
+
258
+
259
+
260
+
In October 2022 we've added the following 15 new applications in our App gallery with Federation support:
For more information about how to better secure your organization by using automated user account provisioning, see: [Automate user provisioning to SaaS applications with Azure AD](../app-provisioning/user-provisioning.md).
283
+
284
+
285
+
286
+
---
287
+
288
+
35
289
## September 2022
36
290
37
291
### General Availability - SSPR writeback is now available for disconnected forests using Azure AD Connect cloud sync
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments