| Last Updated | 01 March 2022 |
| Document Tag | tch-research-next-gen-authz |
| Author | simonm@thecyberhut.com |
| Part of Research Product | Next Generation Authorization Technology |
Microsoft list 4 main products as part of their Azure Identity strategy:
- Azure Active Directory
- Azure Active Directory External Identities
- Azure Active Directory Domain Services
- Azure Information Protection
Azure AD services can be mapped into the following feature areas:
- SSO simplifies access to your apps from anywhere
- Conditional access and multi factor authentication help secure data
- A single identity control plane grants full visibility and control of your environment
- Governance ensures the right people have access to the right resources, and only when they need it
Specific functionality can be mapped as per the following:
| Feature | Details |
| Conditional Access | The modern security perimeter now extends beyond an organization’s network to include user and device identity. Organizations can use identity-driven signals as part of their access control decisions. Conditional Access brings signals together, to make decisions, and enforce organizational policies. Azure AD Conditional Access is at the heart of the new identity-driven control plane. |
| Identity Protection | Identity Protection is a tool that allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to your SIEM. |
All Microsoft Identity feature updates can be viewed here.
Features with a specific authorization capability are listed below:
| Date | Feature | Details |
| April 2021 | System Assigned Managed Identities Available for Azure Automation | Azure Automation now supports system-assigned managed identities for cloud and hybrid jobs in Azure public and Gov regions. Hybrid jobs could be running on an hybrid runbook worker running on an Azure or non-Azure VM.A managed identity from Azure Active Directory (Azure AD) allows your runbook to easily access other Azure AD-protected resources. The identity is managed by the Azure platform and users don’t have to manage service principals on their own. |
| Sept 2019 | Secure Hybrid App Access using F5 | This Azure AD integration with F5 Networks simplifies secure access to your legacy applications that use protocols such as header-based and Kerberos authentication. By centralising access to all your applications, you can leverage all the benefits that Azure AD offers. |
| Aug 2019 | Custom Roles for App Registration Management | Gain fine-grained control over what access your admins have. You can now create a role to assign permissions for managing app registrations. Custom RBAC roles for Azure AD surfaces the underlying permissions of built-in admin roles, so you can create and organise your own custom roles. |
| May 2019 | Identity Secure Score now Available in AAD Portal | Gain visibility and control over your security posture by discovering opportunities that will help to improve security across your organisation. These opportunities are surfaced as recommendations, which are coupled with the guidance and the workflows necessary to help security administrators implement each recommendation – all surfaced and actionable within the Azure AD portal. |
| May 2019 | Improved B2C Delegated Administration Roles | Public preview of new B2C Azure AD administrator roles for B2C tenants. The new roles areB2C User Flow AdministratorB2C User Flow Attribute AdministratorB2C IEF Keyset AdministratorB2C IEF Policy Administrator |
| May 2019 | Session Management Properties Available to Conditional Access Policies | Authentication session management capabilities allow you to configure how often your users need to provide sign-in credentials and whether they need to provide credentials after closing and reopening browsers – giving you fine-grained controls that can offer more security and flexibility in your environment. |
| April 2019 | AAD Entitlement Management | Govern employee and business partner access to resources at enterprise scale with compliance and auditing controls. Azure AD entitlement management removes barriers to internal and external collaboration by automating employee and partner access requests, approvals, auditing and review for Office 365, for thousands of popular SaaS apps or for any line of business app integrated with Azure AD. |