These past months have changed the way we work in so many ways. When businesses and schools went remote overnight, many of you had to adapt quickly to ensure your users could stay productive while working from home. Bad actors are trying to exploit these seismic shifts, making it more important than ever to secure access to your digital estate.
Those of us working in the Identity Division at Microsoft have learned from your resilience as we have tackled these challenges together. In July, I shared the four principles guiding our identity investments. Today on the virtual Microsoft Ignite stage, I’m pleased to announce several Azure Active Directory innovations shaped by what we have learned from working alongside you.
Empower your workforce without sacrificing control
Zero Trust principles are at the core of how we build and invest in identity. We never trust, and we always verify. Zero Trust starts with cloud identity, using real-time risk assessment powering fine-grained access controls. Many of you use Azure AD Conditional Access as your Zero Trust policy engine. Now, with Conditional Access insights in public preview, recommendations that identify gaps in your policies help you stay more protected. For example, a common recommendation is to block legacy authentication by default to protect your accounts from malicious authentication requests.
See the breakdown of sign-ins for each Conditional Access condition.
To help simplify configuration, the Azure AD Conditional Access API is now generally available in Microsoft Graph. You can use PowerShell or another custom scripting to automate and scale policy management.
Since organizations are engaging with an unprecedented number of external users, we’ve also made sure that Conditional Access works for all of your identities. Conditional Access and Identity Protection for Azure AD B2C, now available in public preview, is included in our unified Azure AD External Identities offer, so you can protect your customers’ accounts from compromise and make it easier for them to engage with your business. We’ve also enhanced our Identity Protection capabilities for all identity types, with updates such as an enhanced real-time risk engine and password spray risk detection.
Enable single sign-on for all employee apps, from any device
A seamless user experience is essential to productivity, especially when employees are collaborating from multiple locations and devices. One of the best ways to keep your users both protected and seamlessly connected to all their applications is by enabling single sign-on (SSO).
Azure AD is making it easier to provide secure and seamless access to applications of all types: to SaaS apps, to custom apps built decades ago, and to new cloud apps that you build. We enhanced Azure AD Application Proxy so that in addition to configuring SSO to legacy on-premises apps, you can connect apps that use header-based authentication, the most popular legacy authentication protocol. This update will be available in October 2020, when it reaches public preview.
Deliver consistent single sign-on experiences to legacy apps
We’ve continued to expand our ecosystem of secure hybrid access partnerships, adding Kemp, Palo Alto Networks, Cisco AnyConnect, Fortinet, and Strata. Any applications connected to existing networking and app delivery controllers from these partners can now benefit from cloud security powered by Azure AD.
And we’re continually working to make it effortless to manage your favorite SaaS apps. For example, we’ve built deeper integrations with popular applications like Adobe and ServiceNow to ensure efficient lifecycle management. With ServiceNow, IT and hiring managers can automatically provision application access with the Azure AD integration for new hires. And Adobe customers will soon be able to provision accounts using the SCIM standard for the core Adobe Identity Management platform across Adobe Creative Cloud, Adobe Document Cloud, and Adobe Experience Cloud. We’ve also worked with Apple to ensure that client apps connected to Azure AD have a seamless SSO experience on all iOS devices.
As application usage rises in the era of remote work—and with it, application-based compromises—it’s critical to empower end-users to access applications that are secure and trustworthy. At Build, we announced the preview of application consent policies that allow end-users to give applications you trust—such as applications from your organization or from verified publishers—permissions to access data. You can set up the admin consent workflow to give end-users a streamlined way to request admin approval for other applications. And with publisher verification now generally available, app developers can signal to admins and end-users that they have verified their identity using a Microsoft Partner Network account associated with the app registration.
Eliminate friction through future-proofed identity
The pandemic has accelerated digital transformation, bringing additional focus to our investments in the future of identity. At Microsoft, we believe that decentralized identifiers are core to the future of identity systems. We all want to trust that our information will be secure and only shared with our consent, so decentralized identity systems will empower users to own their own identity and the information attached to it. This is a community effort, built on new open standards. The model will easily integrate with your existing identity systems, and it uses an open-source blockchain solution designed so that no single organization owns or controls it—including Microsoft.
This vision is already becoming real. For example, we are partnering with the United States Department Defense (DOD) to pilot decentralized identity for their MilGears educational program. The MilGears program helps US military veterans and retiring service members enroll in higher education as they transition to civilian careers. Microsoft and the DOD are piloting verifiable credentials, a digital information validation feature so that MilGears participants can reduce the time it takes to confirm their skills and education from months to days. From the Microsoft Software and Systems Academy and Microsoft global skills initiative to our DOD pilot with MilGears, Microsoft is deeply invested in realizing the potential of this technology to eliminate career barriers for every individual.
2020 is a year we’ll all remember for its intensity and accelerated pace of change. Keeping your users secure, wherever they are, has been our collective priority. No matter how the “new normal” unfolds after this pandemic, identity will remain the heartbeat of all the services your users rely on. As you try out the new features we have announced at Microsoft Ignite, please send us your feedback so we can continue to build advancements that help you keep your employees secure and connected.
See these features in action when I take the Microsoft Ignite stage today by registering for free at Microsoft Ignite and watching my session here starting at 11:30 am PT, with future airings for other regions. Follow Microsoft identity at @AzureAD on Twitter for more news and best practices.