News

Microsoft Rolls Out Azure AD Improvements

Microsoft recently unveiled several improvements to Azure Active Directory (AD), including enhancements to the Azure AD Application Proxy service that make it easier for organizations to connect remote end users to company-hosted Web applications.

Organizations can use Azure AD Application Proxy as a cloud-based substitute for maintaining a demilitarized zone on-premises when permitting single sign-on access to Web apps. The benefits of using Azure AD Application Proxy, according to Microsoft, are that it doesn't require setting up inbound connections through a firewall and organizations get to use Azure-based security analytics tools. Azure AD Application Proxy is a feature that's available with Azure AD Premium subscriptions.

The onboarding process to set up Azure AD Application Proxy has now been improved such that only two outbound ports are required, namely Port 443 and Port 80. Microsoft also simplified matters by only requiring connections via two domains, namely "*.msappproxy.net and *.servicebus.windows.net." The latest connector update needs to be used to get those benefits, according to Microsoft's announcement last week.

Lastly, Microsoft added a new "Long" 180-second timeout option to the Azure AD Application Proxy service. The Long option can be used for those Web apps that take longer than the default 85-second period to respond.

Work Folders Integration
In another announcement, Microsoft announced that the Windows Work Folders role now works with the Azure AD Application Proxy service. It provides a means for end users to access their work files remotely via single sign-on without opening connections through a firewall.

To use Work Folders with the Azure AD Application Proxy service, organizations need to be running Windows Server 2012 R2 or Windows Server 2016. In addition, local AD accounts need to be synchronized to Azure AD using Azure AD Connect.

Windows 10 version 1703 clients can be used to access Work Folders under this scheme, as well as Android and iOS clients. Microsoft described a few of the client nuances in this announcement.

Workday Provisioning
Microsoft also announced last week that it has launched a preview of a new capability that will make it easier for organizations using Workday software-as-a-service (SaaS) applications to move the provisioning information over to Azure AD or Windows Server AD. Workday is a provider of SaaS applications for finance and human resource needs.

The preview is called "Workday Inbound Provisioning to Azure Active Directory" and is available for use by Azure AD Premium P1 subscribers. It uses a "new thin client that is deployed alongside Azure AD Connect" to synchronize the Workday information to AD on-premises or Azure AD.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured