Ignite 2021: Zero Trust, Conditional Access, and other improvements now in preview or GA

Quoted from: Neowin

In the sea of announcements at its Ignite event, covering security as well as compliance solutions, Microsoft also took the time to spotlight some of the identity solution enhancements it has made.

For one, AWS Single Sign-On (SSO) is now pre-integrated in the Azure AD app gallery for easier AWS access with Azure AD credentials. To further help admins manage identities via Azure AD, two new capabilities will start to be available this month: the AD Federation Services (ADFS) activity and insights report (available via the Azure portal) – which assesses ADFS apps for Azure AD compatibility -, and new secure hybrid access integrations from Silverfort, Datawiza, Perimeter 81, and Strata.

Moving on to generally available services, there’s passwordless authentication in Azure AD, which will see folks use Windows Hello for Business, the Microsoft Authenticator app, or FIDO2 security keys from partners of the Microsoft Intelligent Security Association (MISA), like Yubico, Feitian, AuthenTrend, and others.

On a related note, Temporary Access Pass – a time-limited code that’s used to set up and recover passwordless credentials – is now in public preview. It can also be used to replace a lost credential or recover an account.

As far as Azure AD Application Proxy is concerned, it also has two new additions to its feature set, including the GA of header-based authentication – the public preview of which was announced in December of last year -, and App Proxy geo routing. The latter allows, now in public preview, allows for the designation of the App Proxy service connector group region to reduce latency.

Also in public preview is Azure AD Conditional Access authentication context, allowing for the configuration of access policies with factors like user, device, location, real-time risk information, and more. This means admins can restrict access to important information without affecting access to less sensitive resources.

Moving to generally available services, Azure AD External Identities (also known as External Identifiers) is set to enter its GA phase at the beginning of this month. Initially announced in preview in May of 2020, the tool allows organizations to manage resource access for customers and partners.

In addition to the above, also generally available this month will be Application Template API – allowing for programmatic management of application in the Azure AD app gallery -, and Admin Consent Workflow. The latter allows admins to securely grant access to apps for users who require approval, and was initially announced in public preview in September 2020.

Last but not least, we have Azure AD verifiable credentials, set to be made available in public preview starting in April. It allows organizations to “issue digital claims about identity attributes based on open standards”, with individuals managing these credentials via the Microsoft Authenticator app. The capability is created in partnership with identity verification vendors like LexisNexis, Onfido, Socure, and others, and allows companies to confirm things like education or the professional certifications somebody holds without collecting and storing personal data.

Check out our other Ignite 2021 coverage right here.