News

Proxy and B2C Improvements Arriving in Azure AD

• By Kurt Mackie
• 02/08/2018

Microsoft delivered another set of improvements to Azure Active Directory (AD) this week, making it easier to publish applications using the Application Proxy service, as well as adding new Business to Consumer (B2C) features.

The new improvements come close on the heels of recently announced policy, printing and user perks.

On the Azure AD Application Proxy service side, publishing apps is now easier for IT pros. They now have the ability to use wildcard characters within the Azure AD Admin Center's user interface, according to a Wednesday Microsoft announcement.

For instance, the asterisk wildcard character can be used to publish multiple applications for use by the Azure AD Application Proxy service. Typing "https://*.adventure-works.com," per Microsoft's example, will publish all of the Web apps associated with that domain, making them available for remote access by end users.

It's possible to use the asterisk wildcard even when exceptions need to be indicated. For instance, an organization might not want to grant access to all Web apps for all remote users. In such cases, IT pros can type the whole URL for a particular Web app, and it'll override any wildcard specification. Here's how Microsoft described it:

The settings and access for the most specific URL always take precedence over wildcards. To learn more about how to exclude applications from a wildcard publishing, see our documentation.

The Azure AD Application Proxy service is a Premium licensing feature and is Microsoft's alternative to having to maintain a virtual private network or demilitarized zone on premises to enable remote end user access to Web applications housed by an organization. It enables single sign-on access to these applications.

Azure AD B2C Improvements
Microsoft also had some news this week about its Azure AD B2C service. The Azure AD B2C service lets businesses collaborate with consumers via social media log-ins or customized apps. It also can be used by organizations for partner collaborations. Microsoft launched the Azure AD B2C service worldwide last year.

The Azure AD B2C service is now getting some customizations (mostly at the preview stage), event audit log additions (in preview) and additional ID providers.

The new identity providers supported by the Azure AD B2C service include the Twitter messaging service (at "general availability") and the GitHub developer collaboration portal (at "preview"). Users of those services can use those same sign-in credentials to access the Azure AD B2C service.

IT pros also now have use of the "altsecid" property in the Azure Portal, a capability that's at the general availability stage. It permits end users with multiple social media accounts to get migrated to the Azure AD B2C service without losing connections. Here's Microsoft's altsecid property description:

This property allows users to have multiple social accounts tied to their local user account. This means that if you currently have users with social identities in your existing solutions, you can migrate them to Azure AD B2C while keeping their social account linked.

Language customization in Azure AD B2C is still at the preview stage, but Microsoft added a new "regional variants" capability this week. It has a drawback, though. The Azure Portal will assign a code to a language that Microsoft doesn't support, but organizations will "have to provide all the translations."

Customizations for password complexity are being added at the preview stage. It'll let IT pros enforce the use of uppercase and lowercase letters, numbers and symbols in passwords, for instance.

Microsoft is previewing customizations of B2C-specific events in the Azure Portal for auditing purposes. Microsoft plans to add log events for "ID token issuance," "access token issuance," "authorization code issuance," and "local and social account login events (through sign up or sign in policy)."

Azure AD B2C Deprecations
While Microsoft is adding new audit events to the Azure Portal for Azure AD B2C, it's also deprecating two existing reports. The "UserJourneySummaryEvent" and the "@b2cUserJourneyEvents" reports will become inactive on April 3, 2018, Microsoft explained in an announcement this week.

There's currently no replacement for the Summary Events report. Microsoft suggests aggregating the raw event information to get the details. There is a substitute for the B2C Events report, though. The Azure Portal has a "Category: B2C" selection for viewing the overall sign-in details.

Microsoft also has plans to deprecate "the usage reporting API" used with billing data. It'll no longer be supported in the first half of this year, and will be replaced by events reporting.