Microsoft Releases Previews of Azure Active Directory Management Features

Microsoft this week announced a couple of previews for IT pros using the Azure Active Directory identity and access management service.

One preview lets IT pros control the frequency of sign-ins by end users. The other preview is a governance enhancement that automates employee and partner access to Software-as-a-Service (SaaS) applications and network resources. Both will require Premium Azure AD licensing to use.

Authentication Session Management Preview
The Azure AD sign-in control capability is called "authentication session management." It provides a graphical user interface-based set of controls that IT pros can use to set things like "Sign-in frequency" and "Persistent browser session" for end users when they access browser-based applications.

Organizations can change Microsoft's default settings used in the authentication session management interface when they need greater control for some sign-ins. Microsoft generally doesn't advocate enforcing frequent sign-ins, though.

"Asking users to frequently sign-in may not make sessions more secure and can hinder a productive user experience," Microsoft's announcement explained. "So it's important to consider if changing the default configuration is necessary for your environment."

Authentication session management is actually a replacement for Microsoft's "configurable token lifetimes" Azure AD capability, which was previewed way back in 2016. The configurable token lifetimes capability required the use of PowerShell, and it seemed like a somewhat more complex scheme to use.

When commercially released, the authentication session management capability will require having an Azure AD Premium 1 subscription in place.

Entitlement Management Preview
The other preview announced this week, "entitlement management," adds some automation when organizations need to share access to SaaS apps and network resources, provided that they are managed under Azure AD.

The entitlement management scheme works by creating an "access package," which specifies who can access certain applications and for how long. There's a graphical user interface for setting things up. Approvals for granting access can be specified using the interface. It's also possible to set time limits on the access to apps and resources.

The automation aspect happens after these access packages are set up.

"When an employee requests an access package, and their request is approved, the employee is automatically provisioned access to the groups, apps, and other resources in the access package," Microsoft's announcement explained.

The Azure AD entitlement management capability, accessible via the Azure Portal, works with the Azure AD B2B (Business to Business) service, which is used by organizations to collaborate with business partners. Microsoft's early adopter on this feature was Avanade, which currently uses entitlement management for its client and business partner collaborations.

When commercially available, the entitlement management capability will require an "Azure AD Premium P2 feature as part of Enterprise Mobility + Security (EMS) E5" suite, Microsoft's announcement indicated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.