Microsoft Entra Change Announcements – November 2022 Train

By December 1, 2022AzureAD

[ad_1]

Hello everyone,

Our change management announcements cover all changes across Microsoft Entra where we communicate product retirement news biannually and breaking/feature change announcements quarterly. In between these announcements, you will see specific blog posts for new product and feature launches. For example, since our Sept Change Announcements Blog, we launched the general availability of a new region in Japan.

Today, we’re sharing our November train for feature and breaking changes. We also communicate these changes on release notes and via email. We also continue to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center.

November 2022 change announcements:

Microsoft Authenticator Number Matching

Microsoft Authenticator Number Matching and Additional Context are now generally available (as of 24-Oct-2022). With number matching, admins can prevent accidental approvals by requiring users to enter the number displayed on the sign-in screen when approving an MFA request in the Authenticator app. Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can now selectively choose to enable the following: 

  1. Application context: Show users which application they’re signing into.
  2. Geographic location context: Show users their sign-in location based on the IP address of the device they’re signing into. 

With MFA fatigue attacks increasing, these features are critical to help protect your organizations. Please leverage the rollout features (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy these critical security features in your organization.

Microsoft will begin enabling number matching for all users of the Microsoft Authenticator app starting 27th of February 2023. Learn more at Defend your users from MFA fatigue attacks – Microsoft Community Hub | Advanced Microsoft Authenticator security features are now generally available! – Microsoft Communit…

IPv6 coming to Azure AD

With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.

Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).

For most customers, IPv4 won’t completely disappear from their digital landscape, so we aren’t planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services.

We’ll begin introducing IPv6 support into Azure AD services in a phased approach, beginning March 31st, 2023.

We have guidance below specifically for Azure AD customers, who use IPv6 addresses and use Named Locations in their Conditional Access policies.

Customers who use named locations to identify specific network boundaries in their organization, need to:

  1. Conduct an audit of existing named locations to anticipate potential impact;
  2. Work with your network partner to identify egress IPv6 addresses in use in your environment;
  3. Review and update existing named locations to include the identified IPv6 ranges. 

Customers who use Conditional Access location-based policies, to restrict and secure access to their apps from specific networks, need to:

  1. Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact
  2. Review and update existing Conditional Access location-based policies to ensure they continue to meet your organization’s security requirements.

We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.

Azure AD Domain Services classic VNET support

As previously announced, in 2017 Azure AD Domain Services became available to host in an Azure Resource Manager network. Since then, we’ve built a more secure service using the Azure Resource Manager ‘s modern capabilities. Because Azure Resource Manager deployments fully replace classic deployments, Azure AD DS classic virtual network deployments will be retired on March 1, 2023. Learn more about Migrate Azure AD Domain Services from a Classic virtual network | Microsoft Docs.

Follow ongoing monthly updates on our release notes page: What’s new? Release notes – Azure Active Directory – Microsoft Entra | Microsoft Docs.

Below is a quick snapshot of our communication schedule:

Category

Definition

Communication schedule

Retirement announcement

Signals the retirement of a feature, capability, or product in a specified period.

Typically, at this point, new customers are not permitted to adopt the service/feature, and engineering investments are reduced for the specified feature.

At a later date, the feature will no longer be available to any customer as it reaches the “end-of-life” state.

2 x per year (Mar and Sep)

Breaking change announcement, feature change announcement

Breaking change: Expected to break the customer/partner experience if the customer doesn’t act or make a change in their workload for continued operation.

Feature change: Change to an existing Identity feature​ that doesn’t require customer action but is noticeable to the customer. These are typically UI/UX changes.

These changes generally happen more often and require a more frequent communication schedule.

4 x per year (Mar, June, Sep, and Nov)

Follow ongoing monthly updates on our release notes page: What’s new? Release notes – Azure Active Directory – Microsoft Entra | Microsoft Docs.

As always, we’d love to hear your feedback or suggestions. Let us know what you think in the comments below or on the Azure AD feedback forum. You may also send your questions, open issues, and feature requests through Microsoft Q&A by using the tag #AzureADChangeManagementNov2022Train.

Learn more about Microsoft Entra:

[ad_2]
Source link

Share this post via

Leave a Reply