Azure AD My Apps Collections and Risk Detections Commercially Released
Microsoft on Friday announced a couple of new commercially released Azure Active Directory features, namely My Apps "collections" and new "risk detections" capabilities.
Additionally, Microsoft described some Azure AD features that soon will be falling out of support.
My Apps Collections Feature GA
At "general availability" (GA) this month is a feature that lets end users create their own collections of apps in the Azure AD My Apps portal. End users can arrange their apps under so-called "tabs" in the My Apps portal, which lets them list apps by category, function or user role.
IT departments first need to have shared these applications with end users for them to use the collections feature, according to this Microsoft description. When end users arrange them under tab categories, they are just reorganizing what they already have the rights to use.
"A collection essentially applies a filter to the applications a user can already access, so the user sees only those applications in the collection that have been assigned to them," Microsoft explained in this document for IT pros. However, the document goes on to add that the collections feature requires an organization to have an "Azure AD Premium P1 or P2 license" to use it.
With the general availability release of the collections feature, Microsoft is planning to turn it on "by default in all tenants and no special URL is required," the announcement explained.
Risk Detections GA in Azure AD Identity Protection
Organizations using the Azure AD Identity Protection service are now getting three new protections that were borrowed from the Microsoft Cloud App Security service. These new Azure AD Identity Protection additions at GA release include the following signals for detecting sign-in risk:
- New Country, which looks for deviations in past user activity locations
- Activity from Anonymous IP Address, which detects the use of an anonymous proxy address for access
- Suspicious Inbox Forwarding Rules, which checks for possibly dubious forwarding rules, such as a rule that sends e-mails to an external address
These signals are now part of Azure AD Identity Protection service but IT pros can also link back to the Microsoft Cloud App Security solution to "investigate further if necessary," Microsoft's announcement explained.
Azure AD Features Losing Support
The announcement also described Azure AD features that will be falling out of support.
One capability losing support is associated with the Azure AD B2B (Business to Business) service. Apparently, some organizations have been creating "unmanaged Azure Active Directory accounts" to invite network guests in B2B resource-sharing scenarios. Microsoft had planned to put an end to that capability on March 31, 2021, but it's now extending that end date to Oct. 31, 2021. The end date was pushed back "based on your feedback," Microsoft indicated.
Microsoft's alternative approach to creating unmanaged Azure AD accounts to invite B2B guests is to use its one-time passcode authentication approach, where users get invited to access a network via e-mail. They get invited with passwords that are just good for a short period of time. The one-time passcode authentication feature for the Azure AD B2B service reached GA status in January.
Another capability losing support is older versions of Azure AD Connect Sync, Microsoft's tool for configuring Azure AD service connections. Versions of Azure AD Connect Sync that were "published before May 5, 2018," namely versions "1.1.751.0 and older," need to be upgraded "before February 29, 2024," the announcement indicated.
Microsoft suggest some resources and help regarding these older Azure AD Connect Sync versions.
"For help with your update, refer to our migration guide, reach out to our community experts, or open up a technical support request," the announcement indicated.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.