Entra ID Feature Update July 2024

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today's video is sponsored by spec ops password policy the ultimate solution in securing your active directory passwords and continuously blocking over 4 billion breached passwords visit them today at spec op soft.com in today's episode let's check out what's new and cool in entra ID and there's some pretty good stuff coming you best buckle up [Music] hey everyone how are you nice to see you again I really do appreciate you dropping by well on today's episode I thought I would take a look at what's new and cool in entra ID or AKA aure active directory and there's been quite a few changes both in security as well as some new features in authentication and I thought you know I'm going to take you through uh some of these okay now if you have any questions about this or in fact any of my other sessions then don't hesitate to uh get your comments down below I really do appreciate it and if you want a little bit more why not consider signing up to my patreon site and you'll get access to full courses and so much more details are down below now just before I jump in with the demos I just want to quickly mention that in July I'm running a couple of my own own master classes on online so I'm running a cyber security master class as well as an identity master class as well so if you want to take your skills to a whole new level then check out the link below uh for more details on those courses and it would be great uh to see you join me all right so I think without any further Ado uh I think it's about time we jump in all right so again any questions again get them down below and in the meantime you enjoy okay so what I'm going to do is I'm coming in here into entra ID and I'm going to scroll down and in uh entra what I'm going to do is I'm going to come into the protection tab now one of the new features that you'll notice here is we now have application policies and it was kind of the missing link actually I just like to mention by the way that I can't fully demo this um because I this particular tenant that I'm using uh doesn't have an Azure ad workload identity license so one of the first things that you would need is you would need to go ahead and set that up but needless to say I can still demo it for you so what we have here is with an authentication or an application policy rather um you've got a default policy and you can also create a custom policy as well and you can see it's looking for a particular application ID so you could do this on a on a default ID kind of basis and you've got password restrictions and you've also got certificate restrictions as well so I can come into the password restrictions here and you can set this up on let's say application restrictions or registrations so for example you can put uh policies or application policies based on those application registrations so for example I could say you know um any uh registrations let's say before the 1st of September um you can set up a you know a password lifetime for those um if you have any uh settings configured you can actually uh copy those to the uh various Enterprise apps as well so rather than managing to do this in two different places you can just do this uh in one place um you can also set the password life time as well so any apps that create passwords again you can set for example um apps created after a certain date or you can set the maximum lifetime in days for a particular app so I can say yeah you might for example set the app password at you know remember n 90 days um symmetric key so if you're using symmetric keys for additional layers of security again you can uh manage that you can also configure the key lifetime as well so if you wanted to regenerate fresh Keys um so again those features are really useful and you can also block things like custom passwords as well um so it's just that little extra layer of uh of security there now um the other thing that we've got is you can also configure uh certificates as well so you can put certificate restrictions for both app registrations and Enterprise apps so again you can specify the key lifetime for the asymmetric that's the public private keeper fair and you can you can enforce this after a specific time I either a date or and again a number of days there now um so app registrations again we can then go to Enterprise apps and again you can do the same thing for there as well so uh you know if you register your own apps within your organization and you're just looking for that additional layer of kind of security and specifically when it comes to app registration you know things like passwords for that it's really nice to see this now available in one place now for my number two I just want to mention a few kind of interface improvements because there's definitely been a number of improvements and for this I'm going to come into the settings pane in authentication methods here and what we now have is we have something called reporting suspicious activ activity and what this does is you can allow users to report suspicious activities during their login attempts and the idea is that you work with your users to try and determine if there are any potential underlying issues now at the moment this new feature is currently Microsoft managed however um you can choose to either enable this and manage it yourself or you can switch this feature off but essentially it works alongside things like conditional access um and if you are using risk-based conditional access now just to remind you that um for risk-based um you do need the identity protection so that's a P2 license however the conditional access license of course is just a P1 license all right um so really useful by default it's targeted to all users but you can Target this to specific groups and you can set your own reporting uh mode here as well you can also this is where you can configure things like a system preferred uh multiactor authentication method and again this is another Microsoft managed feature um so essentially it delegates whether or designates rather whether the most secure authentication method is presented to users um uh and as it says here if it's sent set to Microsoft managed it will be enabled by Microsoft uh in the appropriate time so again you can either set this to all users or exclude specific users again the default as you can see is on but you can choose to enable it so you manage it or you can make that decision whether you're just going to let Microsoft manage it more information on that uh again there's a couple of uh links here that take you through to the learn uh documentation on learn. microsoft.com but there we go suspicious reporting activity really nice feature so up next I want to talk about uh authentication methods and one of my favorites of course is pass keys if you've not seen my pass Keys video then go ahead and check it out a pass key by the way is essentially a pho key a pho key is a normally a hardware based token that uses public and private key and it uses something called at a station in other words it has to prove who you are and it typically does this through a biometric but of course the problem with these little Keys is they're really simple to eat lose so now we can actually assign these to our mobile devices and it's super easy to set up you can just basically go in here to the Microsoft authenticator preview and you can see it's generated three keys here and one of these is for Windows devices iOS devices and of course Android devices here so typically you allow self-service sign up enforce at a station and you would then set up what we call a key registration policies now every app you can see that we have what we call an AA GD an attestation uh unique identifier so applications have these um devices have these and you can add these if you want to allow them or to block them and it's currently in public preview so once you've assigned this and the user signs in essentially it's a pretty simple process so rather than signing in with a username and password the user can simply use their mobile device and it will combine it with a biometric and it will allow the user to authenticate I got to tell you this absolutely rocks and I really do believe that this will finally get rid of passwords so definitely check it out more details on learn. microsoft.com and this is passwordless authentication absolutely brilliant check it out today along with that we also have another new feature as well this is authentication methods or add an external authentication method I should say and this is pretty simple to do um so this replaces the the custom uh extensions for applications the authentication extensions that we previously had so what I'm doing is I'm adding in the values from my vendor so the application uh here is from from Cisco and I'm adding this in I'm um authenticating it so I'm going to say yep that's fine I'm going to Target this and I want to make it uh enabled for all of my users of course you can Target it for specific users as well once you've done that you simp simply pop over it into conditional access and we'll need to create a conditional access policy for this so what was kind of a complex thing that involv code is now considerably easier so I'm just going to give the application a name I'm targeting it to my users and in this example I'm just going to Target it to one user just to try it and you should always do that by the way with conditional access just Target it to one user just to make sure that it's actually working working and therefore it saves you having any potential issues I'm choosing multiactor authentication and I'm just going to click on assign and I'm going to switch this particular policy on I'm going to switch over into private browser and I'm going to log in I'm going to sign in as Bill Gates and you can see now that that uh extension has come in so the first time I log in I'll just need to prompt for my password and now now you can see it's asking me now to verify my identity using that thirdparty Cisco authentication mechanism and once that processes you can see that I am now redirected back to the vendor and now I get my application if there is a thirdparty authentication I go ahead and do that and I now get my desktop very nice so for the last feature I just want to come in here back into enter ID and I'm going to come up to manage tenants now there's a few things um that's recently changed if I try and go first of all and create a new tenant then it gives me the choice do you want to create a new Workforce tenant or do you want to create an external now something that's been quite controversial recently is Microsoft's decision to not let you create just regular Workforce tenants these are the tenants that we use in our day-to-day business businesses now uh unfortunately you can only do this and as it says here is if you've got a paid subscription so the one that you can create again this is something new um if you're working with for example third party applications and if you want to allow single sign on for your applications but let's say not to enter ID but to let's say third party applications like Facebook or Google and things like that so you can use those third-party authentication providers and I can simply Say Hey I want to come up and I want to create an external portal now do you want to create a free trial or do you want to use an Asher subscription I'm going to go ahead and just go with the free trial solution so yes of course I agree to everything and off it goes and I'll get my free trial tenant now the free trial tenant what this does is allows you to uh essentially set up those thirdparty ident providers for your entra ID and this is particularly useful if you're producing or generating your own custom code your own applications and it just means that you can then integrate that with third-party identity providers okay so now we can come in and you can see sign in your uh users in one of three easy steps so do you want them to come in via email so again uh IR respects if of whatever email you're using or do you want them to come in using an email on a one-time passcode so again you can make that uh options for me I'm going to just go ahead and choose email and password here now one of the things you might want to do is if you've got a logo and you can uh bring in your logo here and you can also set your background color here as well so you can choose you know whichever background color you want to choose so again for me I'll go with the blue here blue is always a good color isn't it uh and the next thing then is do you want to choose a typical layout so do you want to be Center or do you want to be right aligned again I'll go with Center you get a little preview here uh and then I'm just going to go ahead I'm going to continue okay so now I'm going to go ahead I'm going to click continue and now you can see okay what type of app do you want to configure is it going to be a desktop app or is it going to be a mobile app so again I could choose a mobile app so which value or which app do you want to use and again this is where you can choose the language that you're developing the app in again if it was a a app here you can see I'm using uh net at the moment so again I'm just going to configure and continue and now uh I'm going to go ahead and take me to the admin Center so now that this has been completed it's a case of hey I'm ready to go so you can see here I'm currently under free subscription um beyond that you would need to add in a trial subscription here but needless to say is I can now start adding in my own apps I can customize that and of course I can change the way the users sign in so do I want once you've added those apps in what I can now do is I can now go into userflows which is in the external identities portal and I can now create that all important new workflow so uh again you get like a little demo here um so I can click into that and have a look at that of course and you can see it talks about you know what identity provider so I've just chosen an email with a password I can choose uh that it's talking to the email address and so on um and you can then run that uh user workflow there now the other thing um I can also do is I can go back and I can say Hey you know I want to do another workflow here what type of workflow do you want it to be so again it could be a onetime passcode but you can choose to align it and also require certain attributes that you want to collect okay so again just call it whatever you want to call it um choose the identity provider now it is expected that with the full license you're going to get additional ones here so things like Google Facebook um all of those um initial sign inss so basically if you want to have a look at the multiple tenants like I said you can have a go at this it's totally free at the moment um so go ahead and check out that external tenant uh portal okay there you go so there you have it what's new and cool in entra ID AKA asure active directory I really hope that you enjoyed it thanks so much for joining me and remember if you've not subscribed BMP the Subscribe button ring that Bell come and join us right I'll see you next time take care hey thanks so much for dropping by today here's a couple of videos that you may enjoy and while you're here go ahead click on the Subscribe button and you won't miss out [Music]

Info

Channel: Andy Malone MVP

Views: 7,274

Rating: undefined out of 5

Keywords: Entra ID, Axure AD, Azure Active Directory, What's New in Entra ID, Microsoft 365, Andy Malone MVP

Id: pJeDcjyK2uA

Channel Id: undefined

Length: 18min 30sec (1110 seconds)

Published: Wed Jun 19 2024