Microsoft Rescinds New Login Behavior for Azure Active Directory Portal
Microsoft has temporarily rolled back an Azure Active Directory login portal change that it had instituted earlier this month.
The change was supposed to make the login process more intuitive for end users by using portal images or "branding" in a specific way. The idea specifically aimed to clarify business-to-business (B2B) scenarios in which a user logs into Azure AD through their portal to access another company's applications.
Microsoft had originally instituted the change because organizations didn't like the B2B experience or "logic," according to Ariel Gordon, a principal program manager in the Identity Division at Microsoft.
"For example, when a Contoso user would sign in to a Fabrikam website, all of the branding used to switch to Fabrikam, losing context of the destination," Gordon explained in comments to Microsoft's original April 7 announcement. "The new logic ensures that all users, including business guests, can keep track of the destination."
However, today Microsoft admitted in an announcement that its portal branding switch didn't work for many of its customers. It was sprung on them, too.
"We learned that we took many you by surprise and did not give you enough time to alert and train your employees about the change," said Alex Simons, director of program management at Microsoft's Identity Division.
Microsoft has now rolled back this new login portal branding behavior. It's promising to provide "advance notice" to its business customers of future such changes. Apparently, organizations didn't get a notice of the coming changes in their management portals.
Microsoft claimed it had tested the new Azure AD portal behavior with business customers beforehand, but it's now promising to "incorporate a Preview period" to get feedback before relaunching it. Lastly, Microsoft promised to give a 30-day notice about its Azure AD "disruptive design changes."
The portal change is still part of Microsoft's plans. It is part of an effort to "reconcile the branding logic between Azure AD and Microsoft accounts, as a prerequisite to merging the two login experiences later this year," Gordon explained.
Based on early comments, it seems that Microsoft's login portal change had the effect of wrecking the portal branding experiences that organizations had already set up. Commenters also complained about having no documentation on the change, and that Microsoft Support personnel didn't know about it or just directed them to read Microsoft's April 7 blog post.
In his April 7 comments, Gordon said that Microsoft planned to bring the new Azure AD portal logic to "SharePoint and OWA." One caveat is that the new login behavior depends on applications sending "login traffic to tenanted login endpoints, e.g. login.microsoftonline.com/contoso.com/," he added.
Microsoft currently doesn't support the new login portal branding behavior for non-Microsoft applications, but Gordon commented that Microsoft was "working on it." The new behavior also doesn't permit customization of the login portal's message to either use a work or school account, which one commenter said "doesn't make sense" for corporate environments.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.