Between COVID and vacation and Microsoft’s end-of-fiscal and a busy content schedule it’s been tough to keep all my notes of what’s been coming out of Redmond this summer, but we have Inspire literally tomorrow to shake the dust off and build some momentum toward the fall. But just because I’ve been quiet doesn’t mean some really cool stuff hasn’t made its way into the world.
First up, and answering the long-standing prayers of many, is Adobe’s announcement that Acrobat will now natively support Microsoft Information Protection (MIP) sensitivity labels! .png?width=974&name=MicrosoftTeams-image%20(119).png)
This plugs a years-old gap in the use cases for MIP and has been one of the most requested feature improvements, and while it was technically possible before, it was not a friendly experience. Now it’s just bundled in the installer. Woohoo!
Secondary benefits include the ability to bundle activations, so if the group requires multiple roles, just assign those roles to the group and a single activation gets everything. And the super neat thing is that there's a native report for viewing these assignable groups built directly into AAD groups.
- Everybody in the group gets the role, so be cautious and scope the assignments very carefully
- Auditing of group activation isn't currently supported
Next up is group writeback in Azure AD, which brings AAD and ADDS closer to feature-parity in terms of object creation and authoring. Group writeback is an AAD Premium feature that requires a fairly recent version of AAD Connect (though you should have that solution in your regular update cycle and protected as a Tier 0 asset). It’s worth noting that the capability is currently in public preview, but this is one that’s absolutely going to become GA.
There are some pretty interesting limitations during preview, but one that isn’t mentioned is that this is an all-or-nothing setting. You write all the groups or none of them. No granular group selection exists…yet. I’ve been following some conversations where this has been discussed.
But that’s not all for groups, because in a mind-bending bit of logic, you can now dynamically nest groups! Sorta! Another preview feature is the ability to include an object in a Security Group based on its ‘memberof’ attribute contents. Just like you can dynamically build a group by city, jobtitle, department, etc, you can now build a dynamic group with ‘memberof’, but as with writeback, be ready for limitations. Microsoft has some extremely tight limits on how this can be used, and with good reason as so much is built on groups. For instance, right now if you choose to use ‘memberof’, that’s the ONLY attribute you can use. And dynamic groups cannot be based on other dynamic groups. And you won’t find it in the rule-builder dropdowns yet, so you’ll have to know the syntax and enter it directly into the editor..png?width=625&name=MicrosoftTeams-image%20(120).png)
Speaking of groups and identity, we have our monthly webinar on Thursday right after Inspire and we’ll be covering all things Entra! Last month we covered Purview, which unified all the compliance offerings in the Microsoft 365 and Azure toolkit. Entra brings a pretty new dashboard, Permissions Management (courtesy of the CloudKnox acquisition last year), and Microsoft’s first real foray into decentralized identity: Verified ID!
Comments