You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/whats-new.md
+282-2Lines changed: 282 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -1,4 +1,4 @@
1
-
---
1
+
---
2
2
title: What's new? Release notes for Azure Active Directory | Microsoft Docs
3
3
description: Learn what is new with Azure Active Directory (Azure AD), such as the latest release notes, known issues, bug fixes, deprecated functionality, and upcoming changes.
4
4
services: active-directory
@@ -15,7 +15,7 @@ ms.workload: identity
15
15
ms.tgt_pltfrm: na
16
16
ms.devlang: na
17
17
ms.topic: article
18
-
ms.date: 04/26/2018
18
+
ms.date: 05/25/2018
19
19
ms.author: markvi
20
20
ms.reviewer: dhanyahk
21
21
@@ -38,6 +38,286 @@ Azure AD receives improvements on an ongoing basis. To stay up to date with the
38
38
This page is updated monthly, so revisit it regularly.
39
39
40
40
41
+
## May 2018
42
+
43
+
44
+
45
+
### Microsoft Graph API's for administrative scenarios for TOU
46
+
47
+
**Type:** New feature
48
+
**Service category:** Terms of Use
49
+
**Product capability:** Developer Experience
50
+
51
+
52
+
We have added Microsoft Graph API's for administration operation of Azure AD Terms of Use. You are able to create, update, delete the Terms of Use object.
53
+
54
+
---
55
+
56
+
57
+
58
+
### Add Azure AD multi-tenant endpoint as an identity provider in Azure AD B2C
Using custom policies, you can now add the Azure AD common endpoint as an identity provider in Azure AD B2C. This allows you to have a single point of entry for all Azure AD users that are signing into your applications. For more information, see [Azure Active Directory B2C: Allow users to sign in to a multi-tenant Azure AD identity provider using custom policies](https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom).
66
+
67
+
68
+
69
+
---
70
+
71
+
72
+
### Use Internal URLs to access apps from anywhere with our My Apps Sign-in Extension and the Azure AD Application Proxy
73
+
74
+
**Type:** New feature
75
+
**Service category:** My Apps
76
+
**Product capability:** SSO
77
+
78
+
79
+
Users can now access applications through internal URLs even when outside your corporate network by using the My Apps Secure Sign-in Extension for Azure AD. This will work with any application that you have published using Azure AD Application Proxy, on any browser that also has the Access Panel browser extension installed. The URL redirection functionality is automatically enabled once a user logs into the extension. The extension is available for download on [Edge](https://go.microsoft.com/fwlink/?linkid=845176), [Chrome](https://go.microsoft.com/fwlink/?linkid=866367), and [Firefox](https://go.microsoft.com/fwlink/?linkid=866366).
80
+
81
+
82
+
---
83
+
84
+
85
+
86
+
### View legacy authentications through Sign-ins activity logs
87
+
88
+
**Type:** New feature
89
+
**Service category:** Reporting
90
+
**Product capability:** Monitoring & Reporting
91
+
92
+
93
+
With the introduction of a field called **Client App** in the Sign-in activity logs, Customers now can see users that are using legacy authentications. Customers will be able to access this information using the Sign-ins MS Graph API or through the Sign-in activity logs in Azure AD portal where you can use the **Client App** control to filter on legacy authentications. Check out the documentation for more details.
94
+
95
+
96
+
---
97
+
98
+
99
+
### Azure Active Directory - Data in Europe for Europe customers
100
+
101
+
**Type:** New feature
102
+
**Service category:** Other
103
+
**Product capability:** GoLocal
104
+
105
+
106
+
Customers in Europe requires their data to stay in Europe and not replicated outside of European datacenters for meeting privacy and European laws. This [article](https://go.microsoft.com/fwlink/?linkid=872328%20) provides the specific details on what identity information will be stored within Europe and also provide details on information that will be stored outside European datacenters.
107
+
108
+
109
+
110
+
---
111
+
112
+
113
+
### New user provisioning SaaS app integrations - May 2018
114
+
115
+
**Type:** New feature
116
+
**Service category:** App Provisioning
117
+
**Product capability:** 3rd Party Integration
118
+
119
+
120
+
Azure AD allows you to automate the creation, maintenance and removal of user identities in SaaS applications such as Dropbox, Salesforce, ServiceNow and more. For May 2018, we have added user provisioning support for the following applications in the Azure AD app gallery:
For a list of all applications that support user provisioning in the Azure AD gallery, see [https://aka.ms/appstutorial](https://aka.ms/appstutorial).
129
+
130
+
131
+
132
+
---
133
+
134
+
135
+
### Azure AD access reviews of groups and app access now provides recurring reviews
136
+
137
+
**Type:** New feature
138
+
**Service category:** Access Reviews
139
+
**Product capability:** Governance
140
+
141
+
142
+
Access reviews of groups and apps is now generally available as part of Azure AD Premium P2. Administrators will be able to configure access reviews of group memberships and application assignments to automatically recur at regular intervals, such as monthly or quarterly.
143
+
144
+
145
+
---
146
+
147
+
148
+
### Azure AD Activity logs (sign-ins and audit) are now available through MS Graph
149
+
150
+
**Type:** New feature
151
+
**Service category:** Reporting
152
+
**Product capability:** Monitoring & Reporting
153
+
154
+
155
+
Azure AD Activity logs, which, includes Sign-ins and Audit logs, are now available through MS Graph. We have exposed 2 end points through MS Graph to access these logs. Please check out our [documents](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-api-getting-started-azure-portal) for programmatic access to Azure AD Reporting APIs to get started.
156
+
157
+
158
+
---
159
+
160
+
161
+
162
+
163
+
### Improvements to the B2B redemption experience and leave an org
164
+
165
+
**Type:** New feature
166
+
**Service category:** B2B
167
+
**Product capability:** B2B/B2C
168
+
169
+
170
+
**Just in time redemption:** Once you share a resource with a guest user using B2B API – you don’t need to send out a special invitation email. In most cases, the guest user can simply access the resource and will be taken through the redemption experience just in time. No more impact due to missed emails. No more asking your guest users “Did you click on that redemption link the system sent you?”. This means once SPO uses the invitation manager – cloudy attachments can have the same canonical URL for all users – internal and external – in any state of redemption.
171
+
172
+
**Modern redemption experience:** No more split screen redemption landing page. Users will see a modern consent experience with the inviting organization's privacy statement, just like they do for 3rd party apps.
173
+
174
+
175
+
**Guest users can leave the org:** Once a user’s relationship with an org is over, they can self-serve leaving the organization. No more calling the inviting org’s admin to “be removed”, no more raising support tickets.
176
+
177
+
178
+
---
179
+
180
+
181
+
182
+
### New Federated Apps available in Azure AD App gallery - May 2018
183
+
184
+
**Type:** New feature
185
+
**Service category:** Enterprise Apps
186
+
**Product capability:** 3rd Party Integration
187
+
188
+
189
+
In May 2018 we have added following 18 new apps in our App gallery with Federation support:
You can also find the documentation of all the applications [here](https://aka.ms/appstutorial).
198
+
199
+
For listing your application in the Azure AD app gallery, see [List your application in the Azure Active Directory application gallery](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-app-gallery-listing).
200
+
201
+
202
+
203
+
---
204
+
205
+
206
+
### Deployment Plans - Guidance to get you started with Azure Active Directory
207
+
208
+
**Type:** New feature
209
+
**Service category:** Other
210
+
**Product capability:** Directory
211
+
212
+
213
+
Looking for step by step guidance to deploy (SSPR, SSO, CA, App Proxy, User Provisioning, ADFS to PTA, or ADFS to PHS?). We've got deployment plans to help!
214
+
215
+
Go to [Aka.ms/DeploymentPlans](http://Aka.ms/DeploymentPlans) where you can access end to end guides to start getting value from those capabilities.
216
+
217
+
218
+
219
+
-[How can I get the deployment plans](Aka.ms/DeploymentPlans)?
220
+
221
+
- You can provide can feedback [here](http://aka.ms/DeploymentPlanFeedback)
### Enterprise Applications Search - Load More Apps
235
+
236
+
**Type:** New feature
237
+
**Service category:** Enterprise Apps
238
+
**Product capability:** SSO
239
+
240
+
241
+
Having trouble finding your applications / service principals? We've added the ability to load more applications in your enterprise applications all applications list. By default, we show 20 applications. You can now click load more to view additional applications.
242
+
243
+
244
+
---
245
+
246
+
247
+
248
+
### Public Preview of new and improved Sign-ins User experience in Azure Portal
249
+
250
+
**Type:** Changed feature
251
+
**Service category:** Reporting
252
+
**Product capability:** Monitoring & Reporting
253
+
254
+
255
+
We are excited to introduce the new and improved Sign-in logs user experience from within the Azure AD portal. With the new Sign-ins User experience, customers now can get the following:
256
+
257
+
- Improved latency from 2 hours to within 5 mins. Check out our [latency](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-latencies-azure-portal) docs for more information.
258
+
259
+
- Ability to add filters dynamically using the "Columns" button. By adding columns to the Sign-in report in UX, you can automatically see them as filters for you to use.
260
+
261
+
- Ability to sort by Date, User Name and Application.
262
+
263
+
- Inclusion of legacy authentications and ability to filter for legacy authentications using the "Client App" column.
264
+
265
+
- Inclusion of a downloadable PowerShell script which is customized based on the filter conditions you choose in the UX. With this PowerShell script, you can get as many rows of data as you want (based on your filter criteria) which will provide the output in a .csv format.
266
+
267
+
For more details of this feature, see [Sign-in activity reports in the Azure Active Directory portal](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-activity-sign-ins).
268
+
269
+
270
+
---
271
+
272
+
273
+
274
+
### The May release of AADConnect contains a public preview of the integration with PingFederate, important security updates, many bug fixes and new great new troubleshooting tools.
The May release of AADConnect contains a public preview of the integration with PingFederate, important security updates, many bug fixes and new great new troubleshooting tools. You can find the release notes [here](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-version-history#118190).
282
+
283
+
284
+
285
+
---
286
+
287
+
288
+
289
+
### Azure AD access reviews: auto-apply
290
+
291
+
**Type:** Changed feature
292
+
**Service category:** Access Reviews
293
+
**Product capability:** Governance
294
+
295
+
296
+
Access reviews of groups and apps are now generally available as part of Azure AD Premium P2. An administrator can configure to automatically apply the reviewer's changes to that group or app as the access review completes. The administrator can also specify what happens to the user's continued access if reviewers didn't respond, remove access, keep access or take system recommendations.
297
+
298
+
299
+
300
+
---
301
+
302
+
303
+
304
+
### ID tokens can no longer be returned using the query response_mode for new apps.
305
+
306
+
**Type:** Changed feature
307
+
**Service category:** Authentications (Logins)
308
+
**Product capability:** User Authentication
309
+
310
+
311
+
Apps created on or after 4/25/2018 will no longer be able to request an **id_token** using the **query** response_mode. This brings Azure AD inline with the OIDC specifications and helps reduce your apps attack surface. Apps created before 4/25/2018 are not blocked from using the **query** response_mode with a response_type of **id_token**. The error returned, when requesting an id_token from AAD, is **AADSTS70007: ‘query’ is not a supported value of ‘response_mode’ when requesting a token**.
312
+
313
+
The **fragment** and **form_post** response_modes continue to work - when creating new application objects (e.g. for App Proxy usage), ensure use of one of these response_modes before they create a new application.
0 commit comments