What’s New in Microsoft Azure Active Directory

Azure Active Directory is a comprehensive identity and access management cloud solution. It combines core directory services, advanced identity governance, security, and application access management. Azure AD also offers developers an identity management platform to deliver access control to their applications, based on centralized policy and rules.
In the last few months there’s been significant changes to the Azure Active Directory (AAD) features and capabilities and this post will give you a taste to some of them.
Subscription Management
Easier now for large teams to share a single subscription due to increased support for up to 200 co-administrators per subscription, a big change from 10.
Administration Roles include Billing, Service, User, & Password Administrator

 
 
 
 
 
 
 
 
 
 
 

Azure Rights Management (ARM)
 
You can now use custom templates to make it easier for users to apply information protection to files, connect your on-premises servers to use Azure Rights Management by installing the RMS connector, and deploy the Rights Management sharing application that supports protecting all file types on all devices.
Define Custom Templates in Azure Portal –Applicable to Office 365 and On-Premises using RMS Connector. This provides more flexibility and control over the default “Confidential” and “Confidential View Only” policies.
Features and Benefits

1. Supports IRM capabilities for Exchange Online, SharePoint Online, and Office 365.
2. Protected content easily shared in the same or across organizations.
3. Mobile device support for Windows Phone, Windows RT, iOS and Android.
4. Included with Office 365 Enterprise E3 and E4

Directory Management

• Delete an Active Directory

Developers and IT Professionals can now create an Active Directory for experimentation or Dev/Test purposes and delete it afterwards.

•  Rename an Active Directory

Changing the “friendly” name of the directory does not change the default domain (*.onminicrosoft.com) of a directory

•  Security Groups

Create and Delete Security Groups

• Assign User Access to SaaS Applications (AD Premium)

Also applies to groups synced from on-premises Server Active Directory
 
AZURE AD Premium
 
   Features

• Custom Branding

Customize the user sign-in experience beyond the Application Access Panel.

• Group Based Application Access

Use Security Groups to provision user access for SaaS Applications.

• Self-Service Password Reset

Not just for directory administrators. Regular users can reset passwords, reducing common help desk calls.

• Self-Service Group Management

Empower users to create groups, request access to groups, and even delegate group ownership for others to approve/deny/maintain group membership.

• Advanced Security Reports and Alerts

The IT Leader's Guide to Multicloud Readiness

This guide provides practical key insights and important factors to consider to make informed decisions in your multicloud journey.

Download the Guide

Machine learning algorithms can identify irregular sign-in activity based on location, time of day, or both.

• Multi-Factor Authentication (MFA)

Not just for directory administrators. Enable for all or specific users to further protect access to critical applications.

• Forefront Identity Manager (FIM)

Grant rights to use a FIM server (and CALs) located on-premises. No limit on FIM Servers, but CALs are granted based on the allocation of an Azure AD Premium User License.

• Enterprise SLA of 99.99%

            Users: Login, use Access Panel to launch apps & reset passwords
           Administrators: Perform CRUD operations in the directory and provision user access to applications.
 
How do I get it?
Available through Microsoft’s Enterprise Volume Licensing Programs.
 
Directory Synchronization

•  Azure Active Directory Sync (“AAD Sync”)

New “One Sync” Tool, eventually replacing DirSync. Available through the Microsoft Connect Program
Features

• Onboard Multi-Forest Server AD Deployments to Azure AD
• Advanced provisioning, mapping and filtering rules
• Map multiple on-premises Exchange organizations to a single tenant in Azure AD

Self-Services Password Reset with Writeback

• Write back capability enables password resets (not changes) to be persisted back to on-premises Server AD
• Added to the Azure Active Directory “DirSync” Tool
• Available for Azure AD Premium Customers

 
DirSync Intervals

• Directory Sync runs on 3 hour intervals.
• Password Sync runs on 2 minute intervals.
• Password Writeback after a Password Reset occurs instantly.

DirSync On-Demand
Start-OnlineCoexistenceSync (PowerShell)
Run ADFS on Azure Virtual Machines
 

• Typical ADFS on premise

• ADFS in Azure

 
Azure Internal Load Balancer
 

• Achieve High Availability for this workload without compromising on security!
• Workarounds such as ACL’s on the public VIP are still a viable path
• Introduces “some” network latency for on-premises users having to go through the Federation Server Proxies.
• Requires potential maintenance of the ACL’s in the event that services are added or modified.

Application Gallery
Discover Available SaaS Applications Without Signing into the Azure Management Portal
Access Panel for iOS7

• Provides SSO to Apps integrated with your Azure Active Directory
• Supports iPad and iPhone devices
• Full parity with the web-based Application Access Panel
• Install “My Apps – Azure Active Directory” from the Apple App Store

 
Cloud App Discovery

 
 
 
 
 
 
 
 
 
 
 

• Visibility

Gain visibility into which cloud applications are being used within an organization.

• Assess Risk and Remediate

See usage graphs based on users, requests, volume of data exchanged.

• Identify top cloud applications being used in the organization.
• Proceed with application integration (if appropriate).

 
 
 
 
 
Source: TechNet, MSDN, and Azure Team Blog