|
| 1 | +--- |
| 2 | +title: Archive for What's new in Sovereign Clouds? |
| 3 | +description: The What's new in sovereign cloud release notes in the Overview section of this content set contain six months of activity. After six months, the items are removed from the main article and put into this archive article for the next two years. |
| 4 | +services: active-directory |
| 5 | +author: owinfreyATL |
| 6 | +manager: amycolannino |
| 7 | +ms.service: active-directory |
| 8 | +ms.subservice: fundamentals |
| 9 | +ms.workload: identity |
| 10 | +ms.topic: overview |
| 11 | +ms.date: 4/13/2023 |
| 12 | +ms.author: owinfrey |
| 13 | +ms.collection: M365-identity-device-management |
| 14 | +--- |
| 15 | + |
| 16 | +# Archive for What's new in Azure Sovereign Clouds? |
| 17 | + |
| 18 | +The primary [What's new in sovereign clouds release notes](whats-new-sovereign-clouds.md) article contains updates for the last six months, while this article contains older information up to two years. |
| 19 | + |
| 20 | + |
| 21 | +--- |
| 22 | + |
| 23 | + |
| 24 | +## September 2022 |
| 25 | + |
| 26 | + |
| 27 | +### General Availability - No more waiting, provision groups on demand into your SaaS applications. |
| 28 | + |
| 29 | +**Type:** New feature |
| 30 | +**Service category:** Provisioning |
| 31 | +**Product capability:** Identity Lifecycle Management |
| 32 | + |
| 33 | + |
| 34 | +Pick a group of up to five members and provision them into your third-party applications in seconds. Get started testing, troubleshooting, and provisioning to non-Microsoft applications such as ServiceNow, ZScaler, and Adobe. For more information, see: [On-demand provisioning in Azure Active Directory](../app-provisioning/provision-on-demand.md). |
| 35 | + |
| 36 | +--- |
| 37 | + |
| 38 | +### General Availability - Devices Overview |
| 39 | + |
| 40 | +**Type:** New feature |
| 41 | +**Service category:** Device Registration and Management |
| 42 | +**Product capability:** Device Lifecycle Management |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | +The new Device Overview in the Azure portal provides meaningful and actionable insights about devices in your tenant. |
| 47 | + |
| 48 | +In the devices overview, you can view the number of total devices, stale devices, noncompliant devices, and unmanaged devices. You'll also find links to Intune, Conditional Access, BitLocker keys, and basic monitoring. For more information, see: [Manage device identities by using the Azure portal](../devices/device-management-azure-portal.md). |
| 49 | + |
| 50 | +--- |
| 51 | + |
| 52 | +### General Availability - Support for Linux as Device Platform in Azure AD Conditional Access |
| 53 | + |
| 54 | +**Type:** New feature |
| 55 | +**Service category:** Conditional Access |
| 56 | +**Product capability:** User Authentication |
| 57 | + |
| 58 | + |
| 59 | + |
| 60 | +Added support for “Linux” device platform in Azure AD Conditional Access. |
| 61 | + |
| 62 | +An admin can now require a user is on a compliant Linux device, managed by Intune, to sign-in to a selected service (for example ‘all cloud apps’ or ‘Office 365’). For more information, see: [Device platforms](../conditional-access/concept-conditional-access-conditions.md#device-platforms) |
| 63 | + |
| 64 | +--- |
| 65 | + |
| 66 | +### General Availability - Cross-tenant access settings for B2B collaboration |
| 67 | + |
| 68 | +**Type:** Changed feature |
| 69 | +**Service category:** B2B |
| 70 | +**Product capability:** B2B/B2C |
| 71 | + |
| 72 | + |
| 73 | + |
| 74 | +Cross-tenant access settings enable you to control how users in your organization collaborate with members of external Azure AD organizations. Now you’ll have granular inbound and outbound access control settings that work on a per org, user, group, and application basis. These settings also make it possible for you to trust security claims from external Azure AD organizations like multi-factor authentication (MFA), device compliance, and hybrid Azure AD joined devices. For more information, see: [Cross-tenant access with Azure AD External Identities](../external-identities/cross-tenant-access-overview.md). |
| 75 | + |
| 76 | +--- |
| 77 | + |
| 78 | +### General Availability - Location Aware Authentication using GPS from Authenticator App |
| 79 | + |
| 80 | +**Type:** New feature |
| 81 | +**Service category:** Conditional Access |
| 82 | +**Product capability:** Identity Security & Protection |
| 83 | + |
| 84 | + |
| 85 | + |
| 86 | +Admins can now enforce Conditional Access policies based off of GPS location from Authenticator. For more information, see: [Named locations](../conditional-access/location-condition.md#named-locations). |
| 87 | + |
| 88 | +--- |
| 89 | + |
| 90 | +### General Availability - My Sign-ins now supports org switching and improved navigation |
| 91 | + |
| 92 | +**Type:** Changed feature |
| 93 | +**Service category:** MFA |
| 94 | +**Product capability:** End User Experiences |
| 95 | + |
| 96 | + |
| 97 | + |
| 98 | +We've improved the My Sign-ins experience to now support organization switching. Now users who are guests in other tenants can easily switch and sign-in to manage their security info and view activity. More improvements were made to make it easier to switch from My Sign-ins directly to other end user portals such as My Account, My Apps, My Groups, and My Access. For more information, see: [Sign-in logs in Azure Active Directory - preview](../reports-monitoring/concept-all-sign-ins.md) |
| 99 | + |
| 100 | +--- |
| 101 | + |
| 102 | +### General Availability - Temporary Access Pass is now available |
| 103 | + |
| 104 | +**Type:** New feature |
| 105 | +**Service category:** MFA |
| 106 | +**Product capability:** User Authentication |
| 107 | + |
| 108 | + |
| 109 | + |
| 110 | +Temporary Access Pass (TAP) is now generally available. TAP can be used to securely register password-less methods such as Phone Sign-in, phishing resistant methods such as FIDO2, and even help Windows onboarding (AADJ and WHFB). TAP also makes recovery easier when a user has lost or forgotten their strong authentication methods and needs to sign in to register new authentication methods. For more information, see: [Configure Temporary Access Pass in Azure AD to register Passwordless authentication methods](../authentication/howto-authentication-temporary-access-pass.md). |
| 111 | + |
| 112 | +--- |
| 113 | + |
| 114 | +### General Availability - Ability to force reauthentication on Intune enrollment, risky sign-ins, and risky users |
| 115 | + |
| 116 | +**Type:** New feature |
| 117 | +**Service category:** Conditional Access |
| 118 | +**Product capability:** Identity Security & Protection |
| 119 | + |
| 120 | + |
| 121 | + |
| 122 | +In some scenarios customers may want to require a fresh authentication, every time before a user performs specific actions. Sign-in frequency Every time support requiring a user to reauthenticate during Intune device enrollment, password change for risky users and risky sign-ins. |
| 123 | + |
| 124 | +More information: [Configure authentication session management](../conditional-access/howto-conditional-access-session-lifetime.md#require-reauthentication-every-time). |
| 125 | + |
| 126 | +--- |
| 127 | + |
| 128 | +### General Availability - Non-interactive risky sign-ins |
| 129 | + |
| 130 | +**Type:** Changed feature |
| 131 | +**Service category:** Identity Protection |
| 132 | +**Product capability:** Identity Security & Protection |
| 133 | + |
| 134 | + |
| 135 | + |
| 136 | +Identity Protection now emits risk (such as unfamiliar sign-in properties) on non-interactive sign-ins. Admins can now find these non-interactive risky sign-ins using the "sign-in type" filter in the Risky sign-ins report. For more information, see: [How To: Investigate risk](../identity-protection/howto-identity-protection-investigate-risk.md). |
| 137 | + |
| 138 | +--- |
| 139 | + |
| 140 | + |
| 141 | +### General Availability - Workload Identity Federation with App Registrations are available now |
| 142 | + |
| 143 | +**Type:** New feature |
| 144 | +**Service category:** Other |
| 145 | +**Product capability:** Developer Experience |
| 146 | + |
| 147 | + |
| 148 | + |
| 149 | +Entra Workload Identity Federation allows developers to exchange tokens issued by another identity provider with Azure AD tokens, without needing secrets. It eliminates the need to store, and manage, credentials inside the code or secret stores to access Azure AD protected resources such as Azure and Microsoft Graph. By removing the secrets required to access Azure AD protected resources, workload identity federation can improve the security posture of your organization. This feature also reduces the burden of secret management and minimizes the risk of service downtime due to expired credentials. |
| 150 | + |
| 151 | +For more information on this capability and supported scenarios, see: [Workload identity federation](../develop/workload-identity-federation.md). |
| 152 | + |
| 153 | + |
| 154 | +--- |
| 155 | + |
| 156 | +### General Availability - Continuous Access Evaluation |
| 157 | + |
| 158 | +**Type:** New feature |
| 159 | +**Service category:** Other |
| 160 | +**Product capability:** Access Control |
| 161 | + |
| 162 | + |
| 163 | + |
| 164 | +With Continuous access evaluation (CAE), critical security events and policies are evaluated in real time. This includes account disable, password reset, and location change. For more information, see: [Continuous access evaluation](../conditional-access/concept-continuous-access-evaluation.md) |
| 165 | + |
| 166 | +--- |
| 167 | + |
| 168 | + |
| 169 | +### Public Preview – Protect against by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD |
| 170 | + |
| 171 | +**Type:** New feature |
| 172 | +**Service category:** MS Graph |
| 173 | +**Product capability:** Identity Security & Protection |
| 174 | + |
| 175 | + |
| 176 | +We're delighted to announce a new security protection that prevents bypassing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD. When enabled for a federated domain in your Azure AD tenant, it ensures that a compromised federated account can't bypass Azure AD Multi-Factor Authentication by imitating that a multi factor authentication has already been performed by the identity provider. The protection can be enabled via new security setting, [federatedIdpMfaBehavior](/graph/api/resources/internaldomainfederation?view=graph-rest-beta#federatedidpmfabehavior-values&preserve-view=true). |
| 177 | + |
| 178 | +We highly recommend enabling this new protection when using Azure AD Multi-Factor Authentication as your multi factor authentication for your federated users. To learn more about the protection and how to enable it, visit [Enable protection to prevent by-passing of cloud Azure AD Multi-Factor Authentication when federated with Azure AD](/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs#enable-protection-to-prevent-by-passing-of-cloud-azure-ad-multi-factor-authentication-when-federated-with-azure-ad). |
| 179 | + |
| 180 | +--- |
0 commit comments