My summer vacation is over for me, and slowly the rest of Norway starts waiking up and we will soon be back to full speed again.
Over the summer there have been several fantastic launches of new features from Microsoft within Microsoft Entra ID.
Here are some of the news big and small that have been launched over the last weeks when I have been relaxing and actually having some day`s off. 🙂
Microsoft Entra Suite
The Microsoft Entra Suite is a comprehensive collection of identity and access management tools designed to support organizations in adopting a Zero Trust security framework. This suite serves to integrate various aspects of identity verification and network access security into a cohesive platform. It ensures that only verified identities gain access to organizational resources, under the right conditions, with appropriate permissions. Furthermore, it encrypts data transmission channels and continually scrutinizes the system for any signs of compromise or unauthorized access, thereby enhancing the overall security posture of the organization.
Microsoft Entra Suite is a collection of Entra products and services. This is the complete collection of Entra products at this point in time.
- Microsoft Entra Private Access (Zero trust network access)
- Microsoft Entra Internet Access (Secure Web gateway)
- Microsoft Entra ID Governance (Identity Governance and administration)
- Microsoft Entra ID Protection (Identity protection)
- Microsoft Entra Verified ID (Premium capabilities)
Microsoft Security Service Edge (Global secure access)
- Microsoft Entra Internet Access
The Microsoft Security Service Edge solution, particularly the Microsoft Entra Internet Access component, is designed to safeguard access to internet resources, including SaaS applications and Microsoft services. This solution plays a critical role in defending organizations against various internet-based threats. By controlling and securing network traffic, it prevents malicious activities and filters out content that may be dangerous or non-compliant with established policies. This ensures that the organization’s data and resources are accessed securely, aligning with the principles of a Zero Trust security model where verification is required before granting access.
- Microsoft Entra Private Access
With Private Access, you can modernize how your organization’s users access private apps and resources and by utilizing Zero Trust user access and enabling your employees to securely access any cloud and on-premises application, with least privilege access, across public and private networks inside and outside your corporate perimeter.
Microsoft Entra Insider Risk in Conditional Access
Microsoft Entra ID Conditional Access integrated with Adaptive Protection—a powerful capability in Microsoft Purview. The integration will allow organizations to set up Conditional Access policies that will utilize insider risk signals from Adaptive Protection to enforce actions, like blocks, on users with insider risk levels. For example, a Conditional Access policy with the Insider Risk condition can block elevated risk users from all Microsoft 365 applications while allowing minor risk users to continue to access company resources.
Refactored account details screen in Microsoft Authenticator
In July, enhancements for the Microsoft Authenticator app UX roll-out. The account details page of a user account will be reorganized to help users better understand, and interact with, the information and buttons on the screen. Key actions that a user can do today will still be available in the refactored page, but they’re organized in three sections or categories that help better communicate to users:
- Credentials configured in the app
- Additional sign in methods they can configure
- Account management options in the app
You can read the release note here – learn.microsoft.com
Microsoft Entra certificate-based authentication enhancements
The password less authentication methd by using certificate-based authentication is getting enhancements!
Earlier this year there hav been several changes deployed and in July they all went to GA. The enhancements are username bindings, affinity bindings, policy rules, and advanced Certificate based authentication options in Conditional Access!
CBA username bindings, which CBA added support for three remaining username bindings and is now at parity with on-premises Active Directory. The three bindings that are being added are: IssuerAndSerialNumber, IssuerAndSubject, and Subject. More at Configure Username binding policy.   
CBA Affinity Binding allows admins to set affinity binding at the tenant level, as well as create custom rules to use high affinity or low affinity mapping for covering many potential scenarios our customers have in use today. More at CBA Affinity Bindings.    
CBA Authentication policy rules help determine the strength of authentication as either single-factor or multifactor. Multiple custom authentication binding rules can be created to assign default protection level for certificates based on the certificate attributes (Issuer or Policy Object Identifiers (OID) or by combining the Issuer and OID). More at Configure authentication binding policy.    
Advanced CBA options in Conditional Access allow access to specific resources based on the certificate Issuer or Policy OIDs properties. More at authentication strength advanced options.   
Migrate ADAL apps to MSAL with enhanced insights
As of June 2023, there have been no more security updates for ADAL apps and enterprises still are migrating over to MSAL!
With these enhanced insights we gain more insights on the usage of our apps!
Here’s what you can expect with the latest enhancements:
Comprehensive sign-in log aggregation: The workbook now consolidates logs from various types of sign-in events, including interactive, non-interactive, and service principal sign-ins.
Enhanced data visualization: We updated the report with new aggregated metrics to enable an all-up view of sign-ins across ADAL applications. To aid in your specific analytical needs, the workbook supports the application of custom filters and queries. This flexibility enables you to focus on the information that matters most to your ADAL migration efforts.
Integration with Microsoft Entra recommendations: You can now directly access this Sign-Ins workbook from the ADAL to MSAL recommendation page to dive deep into the list of ADAL applications listed on the recommendation details page. To use the workbooks for Microsoft Entra ID, you need a Microsoft Entra ID tenant with a P1 license.
More of the news can you find at the Microsoft Entra Blog at https://techcommunity.microsoft.com/t5/microsoft-entra-blog/bg-p/Identity
