Howdy folks,
Today, I am excited to announce the release of two new features for Azure Active Directory (Azure AD) Terms of Use that provide more granular reports and flexibility with Terms of Use scheduling. Previously, users only had to consent to a Terms of Use once. Based on feedback from our customers, you now have the option to require each user to consent on each device. We also added support to expire consents on a regular schedule.
I’m also pleased to introduce new Terms of Use scenarios for B2B guests, Azure Information Protection, and Microsoft Intune. These features are now in public preview for Azure AD Premium customers. Read on for details on both our new features and these scenarios.
Require each user to consent on each device
Previously, each user only had to consent to a Terms of Use one time. We heard feedback that the current report—showing which user consent to which Terms of Use and when—was not sufficient and that more granularity for HBI resources was needed. Going forward, you can require each user to consent on each device.
Expire consents on a regular schedule
For customers who have a compliance requirement or regulation requiring users to consent to a Terms of Use on a recurring basis, we added support to expire consents on a regular schedule. Now, you can configure consents to expire on a per user schedule and/or a per Terms of Use schedule.
New scenarios for B2B guests, Azure Information Protection, and Intune
We also added three new scenarios of Azure AD Terms of Use:
- Terms of Use for B2B guests—Most organizations have a process in place (whether it’s good or bad) for their employees to consent to their organization's terms of use and privacy statements. But how can you enforce the same consents for B2B guests when they’re added via SharePoint or Microsoft Teams? Using conditional access and Terms of Use you can now enforce a policy directly towards B2B guest users. During the invitation redemption flow, the user is presented with the terms of use.
- Terms of Use for Azure Information Protection—Now, you can configure a conditional access policy to the Azure Information Protection app and require a terms of use when a user accesses a protected document. This will trigger a terms of use prior to a user accessing a protected document for the first time.
- Terms of Use for Intune—You also now have the ability to target the Terms of Use to the Intune enrollment app. This will display the Terms of Use prior to the enrollment of a device in Intune.
Read Choosing the right Terms of Use solution for your organization to learn more.
Check out the documentation on how to set up and configure Azure AD Terms of Use. Let us know what you think in the comments below. As always, we’d love to hear any feedback or suggestions you have.
Best regards,
Alex Simons (@Alex_A_Simons )
Corporate VP of Program Management
Microsoft Identity Division