What's new in Azure Active Directory at Microsoft Ignite 2020

Published Sep 22 2020 08:15 AM 15.8K Views

Howdy folks,


I’m excited to join all of you tuning into this year’s digital edition of Microsoft Ignite. Over the past months, we have been inspired by your resilience as many of you adapted to remote work, with identity at the heart of how you secure access and protect your users. Later this morning, my boss, Joy Chik will take the virtual stage to share several exciting Azure Active Directory announcements that have been shaped by what we learned from you.


Be sure to tune in to Azure Active Directory: our vision and roadmap to help you secure remote access and boost employee p... today, September 22nd starting at 11:30 am PT to watch our latest identity features in action, with later airings for additional regions. Tomorrow, I will also be recapping our latest investments in Azure Active Directory, live on September 23rd at 12:45 pm PT.


Join us virtually, live or on-demand


No matter where you are in the world, I hope you will join us through our live and pre-recorded sessions. Join the conversation on Twitter and LinkedIn with the hashtag #MSIgnite.


Additional live events covering our top identity news

  • Achieve resilience with Security, Compliance, and Identity first airing on Tuesday, September 22nd at 10:45am PT
  • Save money by securing access to all your apps with Azure AD first airing on Tuesday, September 22nd at 1:45 pm PT
  • Implementing the Zero Trust Maturity Model at Microsoft airing Tuesday, September 22nd at 1:45 pm PT
  • Zero Trust – the road ahead first airing Wednesday, September 23rd at 11:30 am PT
  • Winning Azure AD strategies for identity security and governance first airing on Wednesday, September 23rd at 1:45pm PT
  • Taking identity and privacy to a new level | Verifiable Credentials with decentralized identity using blockchain airing Wednesday, September 23rd at 2:00 pm PT


On-demand sessions focused on technical deep dives and best practices

  • Accelerate your hybrid identity journey with Azure ADwatch now
  • Assume Breach! Zero Trust attack response!watch now
  • Azure AD best practices for managing your remote workforcewatch now
  • Bridge the gap between HR, IT and business with Azure ADwatch now
  • Build experiences that customers and partners will love with Azure AD External Identitieswatch now
  • Develop secure and trustworthy apps that reach thousands of enterprise customerswatch now
  • Get to least privilege in Azure AD and Microsoft 365 using RBAC and PIMwatch now
  • Govern access for employees and partners with Azure AD Identity Governancewatch now
  • Identity for the Firstline Workforce: Empowering IT, managers, and Firstline Workers  – watch now
  • Implementing Zero Trust at Microsoftwatch now
  • Integrating CASB into IAM for a comprehensive identity security strategywatch now
  • Integrating on-premises resources in your Zero Trust journeywatch now
  • Ninja skills: manage your Conditional Access policies at scalewatch now
  • Reduce IT friction with seamless identity end-user experienceswatch now
  • Reduce your on-premises authentication infrastructure with Azure AD – Coming soon
  • Simplify authentication and authorization with the Microsoft identity platform – watch now
  • The science behind Azure AD Identity Protectionwatch now
  • The state of passwordless in the enterprisewatch now
  • Zero Trust for all your users – employees, partners, vendors and customers watch now


Opportunities to engage with our identity experts


Best Regards,


Alex Simons

Corporate Vice President Program Management

Microsoft Identity Division

Senior Member

Hi Alex and team.

Our company is using Azure application proxy for a number of mission critical apps and we like it a lot.

Thousands of our employees use it daily and it made them more productive (no more VPN).

However, there is a problem with a product.

Our security team recently found out that Azure proxy is using outdated cipher suites (CBC).

We created an incident with premier support and they were not very helpful.

After 3 months of buck passing they finally told us that they cannot fix it, since TLS is terminated on Azure LB which is shared and if they disable CBC suites, old clients (like Windows XP) may have issues accessing websites behind the proxy. We don't have any Windows XP systems, but since Azure LBs are shared between clients, other companies may have issues if they disable these cipher suites.

The problem is if we don't fix that issue, we will have to stop using Azure proxy, which will be catastrophic since it will affect thousands of our employees who use it every singe day.

Is there anything that can be done to help us? Maybe have a dedicated Azure LB per organization or allow to change azure proxy security settings per tenant?

Thank you very much in advance!

User Voice ticket:


@Dmitry Gladyshev Thank you for reaching out and sharing your feedback. Our product group directly reviewed your support case and we made a few improvements such as adding additional ciphers which will allow you to prefer these higher ciphers. However, as you mentioned in the short term we cannot easily turn CBC for all, due to being multi tenant service. That said we are trying to come up with a long term approach for this and analyzing the customer need for this scenario. It would be great if we can connect with you to get a few additional details on your scenarios and make sure we have a good understanding of what your organization needs. Please feel free to reach out to our team to continue the conversation at aadapfeedback@microsoft.com

Senior Member

Thank you!

Will do.

Version history
Last update:
‎Sep 22 2020 07:38 AM
Updated by: