Microsoft has recently announced improvements to Azure Active Directory conditional access policy and sync services. The company also outlined security best practices for organizations across the world using on-premises Active Directory and Azure AD for identity and access management.
Microsoft is advocating organizations to adopt zero trust for network traffic with Active Directory along with passwordless verification of user identities using Microsoft Authenticator, Windows Hello for Business or Yubico. It also wants organizations to adopt multifactor authentication (MFA) for strengthening identity security. Microsoft has announced that starting Feb.1 , it will use public phone numbers also as part of this MFA scheme perhaps to support the widespread remote working.
The changes to Conditional Access Policy include a new search bar in its Azure Portal that makes it easier for IT admins to find and sort conditional access policies. Additionally, admins can now sort Azure AD conditional access policies by “policy name, state, creation date and modified date.” The portal will also display the count of the conditional Access policies that were created.
There are improvements to its Azure AD Connect solution, as well, a tool that can be used to connect with the Azure AD service. Microsoft explained that Azure AD Connect can use two sync services viz., “Azure AD Connect sync which lives on-premises, and Azure AD Connect cloud sync which is powered by the cloud”. Azure AD Connect Sync is used by organizations that use a hybrid of on-premises and cloud authentication, whereas, Azure AD Connect Cloud Sync according to Microsoft is the future of hybrid identity sync capabilities. Microsoft announced that it has added improvements to the Azure AD Connect Cloud Sync service earlier known as Azure AD Connect Cloud Provisioning. It now has the ability to sync large directories with up to 150,000 directory objects per configuration and large groups with up to 50,000 members. While removing the condition of having domain admin credentials to run the service, Microsoft has also added troubleshooting tools and service health monitoring capabilities to the service.