Launch of Azure Active Directory conditional access and virtual machine management benefits –


Azure Active Directory conditional access and published virtual machine management benefits

Microsoft on Wednesday announced Azure Active Directory management enhancements for Azure AD Conditional Access Service, as well as authentication benefits for Azure Virtual Machine (VM) management.

The enhancements were released at the preview stage and at the “General Availability” (GA) commercial release stage. Most of the time, they make security enhancements for IT departments using Azure AD service.

The announcements are security news coming ahead of the RSA’s security conference, which begins Monday, May 17.

General availability features
GA features include support for policy lookups when using the Azure AD Conditional Access service, as well as IPv6 support for the “Named Locations” control. Additionally, IT pros can now use their Azure AD credentials to manage Windows VMs hosted on Azure datacenters.

Conditional access policy search: Users of the Azure AD Conditional Access Service, a service that allows IT professionals to define device network access policies, can now find, sort, and filter these policies in the Azure portal. Policies can be filtered by name or by creation date, for example. This capability is in GA, but Microsoft is “gradually rolling out the functionality in government clouds.”

Named locations IPv6 support: Azure AD Conditional Access users can now configure network locations named based on IPv6 address ranges, such as identifying an organization’s headquarters with such an address range. This Named locations IPv6 support is now in GA stage. Previously, only IPv4 address ranges were supported. In addition, the named location limit is now extended to 195 locations (from 90 locations) and the ranges are extended to 2,000 addresses (from 1,200 addresses).

Azure AD credentials for Windows virtual machines: On the Azure VM management front, IT pros can now use their Azure AD corporate credentials to authenticate and manage their Azure VMs based on Windows Server 2019 Datacenter edition. Azure AD also works to access Azure virtual machines running Windows 10 version 1809 or later. This feature, which uses the remote desktop protocol to access virtual machines, is currently in the GA stage for Azure Global and Government subscribers, according to a Microsoft document. Additionally, IT professionals can take advantage of Azure role-based access control and conditional access policies to add additional protections to virtual machine management. The ability to leverage Azure AD credentials for virtual machine management also extends to organizations using federation services (on-premises AD linked to Azure AD).

Feature overview
Azure AD credentials for Linux virtual machines: The ability to use Azure AD credentials to manage Azure virtual machines is also extended to Linux. This feature is in the preview stage for Azure Global users now and will be available for preview in June for Azure Government users, according to this document.

Azure AD access to these Azure Linux virtual machines is through a Secure Shell (SSH) cryptographic network protocol connection. However, under this Azure AD scheme, IT pros are exempt from having to provision SSH public keys. Additionally, IT pros have the flexibility to define Azure AD role-based access control and conditional access policies for additional safeguards.

Locations named via GPS: At the preview stage, it is also possible to use the Global Positioning System (GPS) to further define the named locations. This approach is considered an assurance of compliance because the exact locations of users are sometimes obscured by VPNs or other circumstances. Microsoft is also planning to preview the use of GPS with its Azure AD conditional access policies, “later this month.”

Filters for devices: Microsoft is previewing a “Filters for devices” feature that allows Azure AD conditional access policies to be set based on device attributes. This ability can be used to restrict device access to privileged resources, for example. Microsoft suggested that it will be familiar to IT pros using “Azure AD dynamic device groups.” Filters for devices for conditional access to Azure AD are also expected to be consistent with “the new filter capacity in Microsoft Endpoint Manager. “

The audit log displays the policy changes: The Azure AD Conditional Access Service now allows IT professionals to see policy changes that have been made in audit logs, a feature that is in the preview stage. It allows IT professionals to see which “assignments, conditions or controls have been changed” for better visibility. With this feature it is possible to revert to an older strategy, but it requires copying and pasting the old JavaScript Object Notation (JSON) code, Microsoft explained.

About the Author

Kurt Mackie is Senior News Producer for 1105 Media’s Converge360 Group.

About Jon Moses

Check Also

Intel promises “substantial contributions” to the growth of RISC-V • The Register

Analysis Here’s something that would have seemed odd just a few years ago: to help …

Leave a Reply

Your email address will not be published.