By Kurt Mackie and Azure Security News
IT pros are getting a modest bump-up in oversight capabilities with the Azure Active Directory improvements that were announced this month.
One of the improvements is the ability to see tenant creation activities — not just in the logs of the newly created tenant, but also in the Azure AD audit logs. These logs now show “the new tenant ID, the UPN and Object ID of the user that created the tenant, and the tenant creation time and date,” the announcement explained. This capability is now at the “general availability” commercial-release stage.
Another improvement at the preview stage allows IT pros to view Active Directory Federation Services (ADFS) sign-ins in Azure AD activity reports. It’s a perk for so-called “federated” environments, where Azure AD and Active Directory on-premises get combined. The ADFS sign-in information can be sent to analysis tools, including Microsoft’s Azure Monitor portal and Log Analytics service, to create dashboard views. Organizations will need Azure AD Premium P1 or P2 licensing to use the new activity reports capability, though.
Microsoft also turned on one-time passcode messaging for its Azure Active Directory B2B government users. These one-time passcodes permit guests to access network resources for a period of time. Organizations initiate the process by sending an e-mail invitation with a link to the network resources. The e-mail invitations themselves can be time limited.
In other identity and access management news, Microsoft last week offered demos illustrating its claims that organizations now have everything they need to go without passwords if they’ve enabled multifactor authentication (a secondary identity verification process). Microsoft declared its FIDO2 integration and support for passwordless authentications as being at the general availability stage earlier this month during its Ignite conference.
The passwordless demos were shown by Joy Chik, corporate vice president for Microsoft Identity. She also described Temporary Access Pass, currently at public preview stage, which IT pros can use to issue temporary access to a verified user. The Temporary Access Pass is actually a help for some organizations in getting to a passwordless state.
“This Temporary Access Pass is a time-limited passcode that the user can apply to register their passwordless sign-in method, such as a FIDO key or the Microsoft Authenticator app,” Chik explained.
In other such news, Microsoft recently highlighted its partnership with AuthenTrend, a maker of FIDO2-based security keys that use fingerprints for identity verification. Other FIDO2 security key partners include ExcelSecu, Feitan Technologies, Hypersecu, Kona I, Token2 and Yubico.