Forum Widgets
Latest Discussions
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
We're excited to announce that the general availability rollout of the new Azure AD sign-in and “Keep me signed in” experiences has started! These experiences should reach all users globally by the end of the week. Users who go to our sign-in page will start to see the new experiences by default, but a link allowing users to go back to the old experiences will be available until early December to give you some extra time to make the transition. We'd like to take this opportunity to acknowledge the delays we have had with these features and thank you all for your patience. When we released these experiences in preview, we received a lot of great feedback from you and it was pretty clear we needed to take a little extra time to ensure the new experiences worked well with all the scenarios Azure AD sign-in is used for. Read about it in the Enterprise Mobility & Security blog.
Azure AD SCIM Validator is in General Availability (GA) Status
You can now validate the compatibility of your SCIM provisioning endpoint and Azure AD code base using our Azure AD SCIM Validator. This tool can be used by ISVs who want to build SCIM compatible servers either for gallery app or generic app and developers building their line of business SCIM apps. https://learn.microsoft.com/azure/active-directory/app-provisioning/scim-validator-tutorial
Azure Active Directory Webinar Community
Our 12-part AAD Webinar program has now concluded. Check back here soon to learn about our FY21 webinar plans! Want to watch and listen to these webinars? Check back a few weeks after each webinar session at https://aka.ms/AADWebinarRecordings. Time & Date Webinar Topics March 5, 2020 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Your journey to passwordless (You will learn about options to minimize use of passwords today and how to work toward a passwordless future.) March 12, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Manage Partner Access with B2B (You will learn how to collaborate with your partners in a secure manner.) March 19, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Enable New Customer Experiences with B2C (You will learn how to enable new customer experiences with Azure AD B2C.) June 11, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Identity Governance for Modern Organizations (We will introduce tools to govern the lifecycle of user and guest identities in your Azure AD and Office 365 deployment.) June 18, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Getting started with Azure AD Reporting and Insights (You will learn how to Interpret Azure AD Logs, Integrate with your SIEM tools and Gather Insights about your Azure AD Service.) June 25, 2020 1. 0700 PT / 1000 ET / 1400 GMT 2. 1100 PT / 1400 ET / 1800 GMT Registration closed Azure AD as the New Security Control Plane (You will learn how to assess and implement a modern approach to secure your organization identities with Azure AD.) 2019 Webinar Dates 2019 Webinar Topics September 5, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Getting started with hybrid identity Learn how and why to integrate your on-premises identities with Azure AD. September 12, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Integrating your applications with Azure Active Directory Learn how integrating your line of business and SaaS apps using Azure Active Directory enables advanced security, single sign-on, and convenience for you and your users. September 19, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Take your apps to the next level with provisioning Simplify identity lifecycle management with Azure AD automatic user and group provisioning for SaaS applications. October 3, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Upgrade your security with multi-factor authentication Protect your users by leveraging Azure AD and 3rd party multi-factor authentication. October 10, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Starting your journey to Zero Trust with Conditional Access & Identity Protection Today's cloud technology and mobile workforce challenge traditional approaches to security. Learn how to shore-up your environment by following zero trust methodologies and Azure AD technologies. October 17, 2019 1. 0700 PT / 1000 ET / 1500 GMT 2. 1100 PT / 1400 ET / 1900 GMT Registration closed Empower your users with better IT scalability Learn how Azure AD enables your users to reset their passwords securely and manage their own security and allows you to scale IT management of groups. Want to listen to the recording? Check back a few weeks after the webinar session at https://aka.ms/AADWebinarRecordings.Azure Active Directory Webinar Recordings
Below you will find links for the recordings of the Azure Active Directory webinar sessions in YouTube format. Note, these webinar recordings will be available roughly 2-3 weeks after each of the live webinars. Live links will be posted as soon as they are available. We will also post a pdf of the PPT used in each webinar as soon as we have that available. ALSO NOTE: COVID has delayed recordings of March and June sessions, but we hope to have those posted below by end of June / early July. Please also note: Depending on your Internet connection it may take up to fifteen seconds or so for the recording to start. Check in at our webinar community for FY21 updates: https://aka.ms/AADWebinarCommunity. Date Topic Recording PPT Presentation March 5, 2020 Your journey to passwordless (You will learn about options to minimize use of passwords today and how to work toward a passwordless future.) YouTube Link March 12, 2020 Manage Partner Access with B2B (You will learn how to collaborate with your partners in a secure manner.) YouTube Link March 19, 2020 Enable New Customer Experiences with B2C (You will learn how to enable new customer experiences with Azure AD B2C.) YouTube Link June 11, 2020 Identity Governance for Modern Organizations (We will introduce tools to govern the lifecycle of user and guest identities in your Azure AD and Office 365 deployment.) YouTube Link June 18, 2020 Getting started with Azure AD Reporting and Insights (You will learn how to Interpret Azure AD Logs, Integrate with your SIEM tools and Gather Insights about your Azure AD Service.) YouTube Link June 25, 2020 Azure AD as the New Security Control Plane (You will learn how to assess and implement a modern approach to secure your organization identities with Azure AD.) YouTube Link 2019 Recordings & PowerPoint Presentations September 5, 2019 Getting started with hybrid identity Learn how and why to integrate your on-premises identities with Azure AD. YouTube Link September 12, 2019 Integrating your applications with Azure Active Directory Learn how integrating your line of business and SaaS apps using Azure Active Directory enables advanced security, single sign-on, and convenience for you and your users. YouTube Link September 19, 2019 Take your apps to the next level with provisioning Simplify identity lifecycle management with Azure AD automatic user and group provisioning for SaaS applications. YouTube Link October 3, 2019 Upgrade your security with multi-factor authentication Protect your users by leveraging Azure AD and 3rd party multi-factor authentication. YouTube Link October 10, 2019 Starting your journey to Zero Trust with Conditional Access & Identity Protection Today's cloud technology and mobile workforce challenged traditional approaches to security. Learn how to shore-up your environment by following zero trust methodologies and Azure AD technologies. YouTube Link October 17, 2019 Empower your users with better IT scalability Learn how Azure AD enables your users to reset their passwords securely and manage their own security and allows you to scale IT management of groups. YouTube Link Thanks for watching and please feel free to share these links!Azure AD group-based license management for Office 365 and more
This looks awesome - simplify licence management for Office 365, EMS, Dynamics 365 and more with the new group-based licensing preview in Azure AD: Microsoft cloud services such as Office 365, Enterprise Mobility + Security, Dynamics CRM, and other similar products require licenses to be assigned to each user who needs access to these services. Until now, licenses could only be assigned at individual user level, which can male large-scale management difficult for our customers. We have introduced a new capability of the Azure AD license management system: group-based licensing. It is now possible to assign one or more product licenses to a group. Azure AD will make sure that the licenses are assigned to all members of the group. Any new members joining the group will be assigned the appropriate licenses and when they leave the group those licenses will be removed. This eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis. Here is the documentation with the steps to get started - What is group-based licensing in Azure Active Directory?
Azure AD B2C authorization code and refresh token size increase update
Update September 11, 2023: This post is irrelevant anymore As part of ongoing security improvement efforts in Azure Active Directory (AAD), part of Microsoft Entra, Azure AD B2C will be rolling out a format change that increases the size of OAuth 2.0 (and OpenID Connect) authorization code and refresh tokens returned to your application. If your application is configured to accept the OAuth2 authorization code as query string parameter or URL fragment, this change might impact users in the following scenarios: Users with old web browsers such as internet explorer may exceed the URL length limit. If your application runs on web servers, behind firewalls or reverse proxies with low URL length limits or configuration. The OAuth2 (and OpenID Connect) protocol specifies three response modes which specify how the authorization code is returned to your application. With the query and fragment mode the authorization code is returned as a query parameter or fragment of the URL. In the form_post mode, response parameters will be encoded as HTML form values that are transmitted via the HTTP POST method and encoded in the body. For information, check out the OAuth 2.0 authorization code flow in Azure Active Directory B2C article. To mitigate URL lengths issues: For web applications, we recommend using OAuth2 response_mode set to form_post, to ensure the most secure transfer of tokens to your application. For single page application with authorization code flow and PKCE, reduce the number of claims omitted to your application. In the user flows, and custom policies remove claims that are unnecessary for your app. You can use the user info endpoint to return claims about the authenticated user. This will minimize the size of the authorization code and the refresh token. This change should not affect device-installed apps, such as mobile and desktop apps. The change also impacts the size of the refresh token. MSAL library caches a token after it has been acquired. For web applications with in-memory cache, or a distributed token cache, make sure your cache system can handle the size of the refresh token, or reduce the size of the refresh token as described in the previous section. YoelExchange Online and Azure AD Connect
Hi everyone, We are planning to implement Azure AD Connect in a Password Hash Synchronization with Seamless Sign On scenario, hosted on Azure B1ms Windows Server 2016 AD DC connect to on-prem AD via S2S VPN. My company of around 100 users have had O365 for several years and the on-prem and AAD environments are totally separate for now. One thing that has come up in my research is with Azure AD Connect in place, on-prem AD must be the source of all objects, attributes, and changes - makes sense. Where there is confusion is Exchange Online attributes. Several older threads on Tech Community and other forums state you cannot change EXO attributes, in an AAD Connect environment, without on-prem Exchange installed or at least its schema changes. On review, the only EXO attributes we would change that aren't in the default AD schema are mailbox delegation (SendAs, AccessRights, etc) and email addresses (multiple SMTP addresses). Other attributes that show in EXO such as Job Title, Address, and Tel Numbers are all available in the default schema via AD Users & Computers, so my presumption is they're not of concern. Can anyone shed some light on this and confirm how we'd manage things like multiple SMTP addresses without the Exchange scheme in our on-prem AD? Does this differ depending on where the object is managed (cloud only vs hybrid) or user mailbox vs shared? Thank you, Ruairidh
