Azure Identity & Access Management

Stay informed about the latest enhancements and changes.

Latest Updates for Identity & Access Management

Published: 2023-10-27

New Conditional Access Policies for Streamlined Access New

We've introduced new predefined Conditional Access policy templates to simplify common security scenarios. These templates offer recommended configurations for protecting privileged access, securing cloud apps, and managing access for external users.

Key improvements:

  • Pre-configured policies for common use cases.
  • Guided setup experience.
  • Enhanced security posture out-of-the-box.

Learn more about Conditional Access policy templates.

Azure AD B2C Identity Protection Enhancements Improved

Azure Active Directory (Azure AD) B2C Identity Protection now offers advanced risk detection capabilities. This includes improved anomaly detection for sign-ins, identity compromise detection, and suspicious token acquisition.

What's new:

  • Real-time risk assessment for B2C user identities.
  • Integration with Azure AD Identity Protection reporting.
  • Automated remediation actions based on risk levels.

Explore the Azure AD B2C Identity Protection features.

Public Preview: Granular Permissions for Azure AD Roles

We are excited to announce the public preview of granular permissions for Azure AD custom roles. This feature allows you to define precise permissions for administrative roles, reducing the need for overly broad assignments and enhancing the principle of least privilege.

Benefits:

  • Tailor roles to specific tasks and responsibilities.
  • Increase security by limiting access to only necessary operations.
  • Simplify role management for complex organizations.

Find out more in the Azure AD custom roles documentation.

Deprecation of Legacy Authentication Protocols

As part of our ongoing commitment to security, we are continuing the process of disabling support for legacy authentication protocols (e.g., POP, IMAP, SMTP authenticated via basic auth) in Azure AD. This change helps protect your tenants from brute-force and credential stuffing attacks.

Action required: Ensure your applications and services are using modern authentication methods. For more information on how to identify and migrate, please refer to our migration guide.

Recent Additions to Authentication Methods

Several new authentication methods are now available, including passwordless options and enhanced multi-factor authentication (MFA) experiences.

  • Passwordless Sign-in with FIDO2 Security Keys: Enhanced support and deployment guidance.
  • Microsoft Authenticator Push Notifications: Improved user experience and reduced fraud.

Authorization and Access Control Updates

Recent updates focus on improving access control management and auditing capabilities within Azure.

  • Azure Role-Based Access Control (RBAC) Improvements: New built-in roles and enhanced scope management.
  • Access Reviews for Entitlement Management: Streamlined processes for requesting and approving access packages.

Identity Protection & Threat Management

We continue to strengthen Azure's defenses against identity-based threats.

  • New Sign-in Risk Policies: Expanded options for responding to risky sign-ins.
  • Integration with Microsoft Sentinel: Enhanced threat hunting and incident response capabilities.