Enterprise Mobility and Security Blog

RSS

Howdy folks,

Today Azure AD reaches an important milestone.

I am excited to announce that OpenID Connect and OAuth 2.0 support in Azure Active Directory reached general availability!

Industry-standard protocol support is at the very heart of any Identity as a Service solution. We invested a lot of time and energy to ensure we would offer you a world-class experience end to end, from the endpoints performance, manageability and compliance to the usability of our developer libraries. Here there is what we are making available for you today:

ADAL v2 for the Microsoft platforms follows closely the GA of the 1.0 versions of ADAL for iOS, Android and OSX – announced from this blog in July.

Microsoft has been deeply involved in the standards work for both OAuth 2.0 and OpenID Connect. In AAD we take this participation in the standards community seriously and have worked hard to ensure interoperability. We have been very pleased with the results we have seen interoperating with other implementations, this success was an important criteria for declaring general availability.

This is an important moment for Azure Active Directory and for the development community. OpenID Connect represents the state of the art in modern authentication protocols, and we are excited to do our part to help fulfil its promises in the world of real applications. You will now be able to leverage OpenID Connect in your production apps to take advantage of all the features that our service provides: Azure AD authentication, Directory Graph API, Office 365 API, Azure API, Intune API and all the resources that customers and partners such as yourself are adding every day to the Azure AD ecosystem.

The fact that we reached GA does not mean that we no longer need feedback! As always, we look forward to your feedback and suggestions on what we released today and anything else you’d like us to include in our offering.

Best Regards,

Alex Simons (Twitter:
@Alex_A_Simons
)

Director of PM

Active Directory Team

 

P.S. If you are an admin and you want to turn off user consent for applications, you can do so using PowerShell. Go here to learn more: http://technet.microsoft.com/en-us/library/dn194127.aspx

The switch you want to use is:

    – UsersPermissionToUserConsentToAppEnabled <Boolean>

        Indicates whether to allow users to consent to apps that require access to their cloud user data, such as directory user profile or Office 365 mail and OneDrive for business.

        This setting is applied company-wide. Set to False to disable users’ ability to grant consent to applications.

       
 

        Required?                    false

        Position?                    named

        Default value                true

        Accept pipeline input?       false

        Accept wildcard characters?  false