Microsoft Lights Up Active Directory Features for Azure Portal
- By Kurt Mackie
- May 16, 2017
The Azure AD Admin Console, an addition to the Azure Portal, is now generally available (GA) after being in preview since September, Microsoft announced on Monday.
Microsoft has added one new capability to the console since the September preview: the ability to view the applications that a user can access. In the future, Microsoft is planning to add multifactor authentication "provider management" to the console, along with an "Azure AD Domain Services" feature, according to the announcement.
The Azure AD Admin Console's most prominent feature is its dashboard page, showing users and groups, user signs (in graph form), recommended activities and "quick tasks" links (see screenshot).
The console lets IT pros automate tasks, such as adding or removing users or groups, adding SaaS apps, managing Microsoft licenses and enabling users to reset their passwords, according to a Microsoft video. The console will integrate with Active Directory on premises. There's an ability to set "dynamic membership rules" that will automatically add new users in certain departments to certain groups. Similarly, licenses can be automatically assigned as users are added.
The console also can be used to assign single-sign access to more than 2,000 applications that are preintegrated with Azure AD, as housed in the Azure Application Gallery. It's also possible to enforce multifactor authentication for access to apps.
The console can be used to control which users can automatically reset their passwords. There are drill-down capabilities to see end user application use, as well as license assignments. The "Audit Logs" view can display information about the success of end users in terms of their log-in attempts and ability to access apps.
The console now shows "streams of data with rich filtering and search capabilities" rather than showing reports. The information can be viewed across the organization or at the individual user level, Microsoft's announcement explained. The data also can be pulled into security information and event management (SIEM) applications using an API. Microsoft also released a Power BI content pack for use with the console.
Previous console descriptions by Microsoft had suggested that Azure AD Premium subscriptions were needed, in some cases, to use some of the console's features. Possibly, that's still true, but the announcement suggested otherwise.
"The new portal does not require an Azure subscription, which streamlines access, especially for Office 365 admins, whose lives will be made easier with our new group-based licensing functionality," Microsoft's announcement stated.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.