Microsoft has released a preview of the new sign-in experience for Azure Active Directory (AD) that aligns with the Microsoft Account identity system, which is familiar to users of the company’s online and cloud services.
The shared interface elements and behind-the-scenes technologies will make the transition between both systems less jarring for users, according to Alex Simons, director of program management at Microsoft’s Identity Division. For businesses, the new paginated approach means fewer login mishaps and a more adaptable authentication system overall, Simons asserts.
“The new design prompts you to enter your username on the first screen followed by a credential (typically a password) on a second screen. We’ve done a lot of testing of this design and our telemetry shows that people are able to sign in with a notably higher success rate using this approach,” wrote Simons in a blog post. “It also sets us up to be able to easily introduce new forms of authentication like phone sign-in and certificate-based authentication.”
Microsoft is still working on porting some features, such as multifactor authentication, to the new system. To give Azure AD customers time to prepare, the company is making the new sign-in experience available as an opt-in preview before switching over to the new interface during the last week of September.
Before that, Microsoft is changing the way Azure AD Conditional Access policies are enforced for Office.com users.
In another bid to ensure consistency between experiences, Office.com users will be required to satisfy policies set in SharePoint Online and Exchange Online. In a separate Aug. 4 announcement, Simons explained that if a customer uses device compliance or authentication policies to govern access to SharePoint or Exchange, users must also satisfy those requirements to log into Office.com.
Microsoft is making the change after complaints that some Office.com functionality, like viewing calendars and document search, would fail due to an incompatible policy in Exchange or SharePoint. Simons recommended that users take steps to come into compliance with existing policies for a seamless transition before the switch is enacted.
And earlier this week, the software giant announced a new integration that can help Azure AD users combat shadow IT within their organizations.
Shadow IT, a term commonly used to describe the unsanctioned use of cloud applications and services in the workplace, is a growing problem for security-conscious enterprises. Recently, Netskope found that of the 1,071 cloud services used by an enterprise on average, less than seven percent are what could be considered enterprise-grade.
Microsoft’s Cloud App Security offering can now use data from Azure AD to provide administrators with improved visibility into third-party cloud service and software-as-a-service (SaaS) application usage in their organizations. Cloud App Security is based, in part, on technology from the company’s acquisition of cloud security specialist Adallom in 2015.
By activating the new data integration feature, usernames are matched to their Azure AD identities, allowing users to investigate incidences of shadow IT caused by users registered in Azure AD. Administrators can also use the new insights to generate shadow IT reports based on a specific user group or department.