Microsoft Releases Previews of Azure Active Directory Management Features

Microsoft this week announced a couple of previews for IT pros using the Azure Active Directory identity and access management service.

One preview lets IT pros control the frequency of sign-ins by end users. The other preview is a governance enhancement that automates employee and partner access to Software-as-a-Service (SaaS) applications and network resources. Both will require Premium Azure AD licensing to use.

Authentication Session Management Preview
The Azure AD sign-in control capability is called "authentication session management." It provides a graphical user interface-based set of controls that IT pros can use to set things like "Sign-in frequency" and "Persistent browser session" for end users when they access browser-based applications.

Organizations can change Microsoft's default settings used in the authentication session management interface when they need greater control for some sign-ins. Microsoft generally doesn't advocate enforcing frequent sign-ins, though.

"Asking users to frequently sign-in may not make sessions more secure and can hinder a productive user experience," Microsoft's announcement explained. "So it's important to consider if changing the default configuration is necessary for your environment."

Authentication session management is actually a replacement for Microsoft's "configurable token lifetimes" Azure AD capability, which was previewed way back in 2016. The configurable token lifetimes capability required the use of PowerShell, and it seemed like a somewhat more complex scheme to use.

When commercially released, the authentication session management capability will require having an Azure AD Premium 1 subscription in place.

Entitlement Management Preview
The other preview announced this week, "entitlement management," adds some automation when organizations need to share access to SaaS apps and network resources, provided that they are managed under Azure AD.

The entitlement management scheme works by creating an "access package," which specifies who can access certain applications and for how long. There's a graphical user interface for setting things up. Approvals for granting access can be specified using the interface. It's also possible to set time limits on the access to apps and resources.

The automation aspect happens after these access packages are set up.

"When an employee requests an access package, and their request is approved, the employee is automatically provisioned access to the groups, apps, and other resources in the access package," Microsoft's announcement explained.

The Azure AD entitlement management capability, accessible via the Azure Portal, works with the Azure AD B2B (Business to Business) service, which is used by organizations to collaborate with business partners. Microsoft's early adopter on this feature was Avanade, which currently uses entitlement management for its client and business partner collaborations.

When commercially available, the entitlement management capability will require an "Azure AD Premium P2 feature as part of Enterprise Mobility + Security (EMS) E5" suite, Microsoft's announcement indicated.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Azure Active Directory ID Protection 'Refresh' Now Available

    Microsoft's enhancements to the Azure Active Directory Identity Protection service are now said to be "generally available" (GA), or ready for commercial use, per a Wednesday announcement.

  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.