Microsoft recently released new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA). With these features, the company intends to simplify identity and access management while also enhancing the customization and controls.
With the GA of user-based collections in Azure AD, users can now create and manage their personalized app collections in the My Apps Portal. With the My Apps collections, users can create tabs organized by app function, role, or other categories that make it easier to discover and access apps. Furthermore, these collections can also be surfaced in the Office portal – when users want to combine broad app launch within their Office productivity hub. Users will need to have an Azure AD Premium P1 or P2 license, to create the collections through the My Apps portal via the Azure portal.
Lastly, with the GA release of collections, Microsoft stated it would be available by default in all tenants, and no particular URL is required.
Besides My Apps collections, the company also released new risk detections in Azure AD Identity Protection. These new risk detections are the Microsoft Cloud App Security (MCAS):
- New Country - which looks for deviations in past user activity locations,
- Activity from Anonymous IP Address - which detects the use of an anonymous proxy address for access,
- and Suspicious Inbox Forwarding Rules - which checks for possibly dubious forwarding rules, such as a rule that sends e-mails to an external address.
Mustafa Toroman, Microsoft MVP and CyberSecurity aficionado told InfoQ:
New risk detections in Azure AD Identity Protection will improve the existing set and make our job a little easier. For me, 'New Country' and 'Activity from Anonymous IP address' are fascinating. As someone who usually travels a lot, if we ignore this last year, I will probably be the person who will trigger them once things return to normal. New risk detections will help evaluate such activities and take necessary steps to allow or block other activities on flagged accounts.
Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory – and with the expansion of detections, organizations will gain more insights into suspicious activities and the ability to respond quickly. Although the new detections are a part of the Azure AD Identity Protection service, users can still link back to the MCAS UI in the risk details to investigate further if necessary.
Furthermore, users can stream logs from Azure AD Identity Protection into Azure Sentinel to stream alerts into Azure Sentinel to view dashboards, create custom alerts, and improve investigation. To be able to do this, they will need an Azure AD Premium 2 subscription.
More details of Azure AD Identity Protection are available on the documentation landing page.