Azure Active Directory Sign-On Gets a New Look

No More Views Over Rio

Office 365 notification MC204985 published on February 27 brings the news that Microsoft is updating the default background image displayed when users sign into Azure Active Directory. The change is being made to reduce the bandwidth consumed by the view of Rio de Janeiro (Figure 1).

Signing into OWA with Rio in the background
Figure 1: Signing into OWA with Rio in the background

According to Microsoft roadmap item 61054, the new image is “1% the size of the previous default image which will reduce bandwidth requirements and improve perceived page load times.” The change is intended to benefit users in bandwidth-constrained locations. Deployment starts in early April and full deployment should be achieved in early May.

Important to Tell Users

Normally the change in a background image isn’t worth commenting upon, but given the number of phishing attempts that trick unwary users into entering their credentials into a false site, it’s important that people are informed about the change and expect to see the new slimmed-down background image, which is startlingly different in its plainness (Figure 2).

The new slimmed-down Azure Active Directory sign-in
Figure 2: The new slimmed-down Azure Active Directory sign-in

Do It Yourself Sign-In Backgrounds

A sign-in to Azure Active Directory has two phases: collect the username and then collect the password. The screens displayed differ depending on what you connect to:

  • If you connect using a generic URL for an Office 365 service, like outlook.office.com, the Azure Active Directory sign-in page first captures the username and then captures the password. This is the page that is changing.
  • If you connect using a domain variable, like outlook.office.com/office365itpros.com, Azure Active Directory checks if branding is specified for the tenant and applies it when displaying pages to collect the username and then the password.

Tenants that add customized elements for the sign-in page, usually some branding elements like logos or corporate colors, don’t need to recustomize their sign-in page after Microsoft updates the Azure Active Directory sign-in page.

Applying custom branding is easy to do. I created the effect shown in Figure in less than ten minutes. The trick is to select the graphics you need in advance and make sure that they are the right dimensions (1920 x 1080 pixels for the background, less than 300 KB).

 A customized sign-in for Office 365
Figure 3: A customized sign-in for Office 365

FIDO2 Keys

The availability of FIDO2 keys has authentication easier for me recently. I have keys for both USB and USB-C from eWBM (Goldengate G310 and G320) and Yubico. Both work really well as a second source for multi-factor authentication against Azure Active Directory. Instead of receiving a code via SMS when prompted to authenticate, I plug a key into my PC to make Azure Active Directory happy…

FIDO2 keys for authentication against Azure Active Directory
Figure 4: FIDO2 keys for authentication

Understanding Azure Active Directory Authentication

All of which brings me to the topic of authentication. Understanding how the authentication flow works from the time that someone sees the sign-in screen through MFA challenges and so on to reach an application is important knowledge. As we move from the era of basic authentication (simple) to modern authentication (different), it’s a good idea to refresh what we know about this important topic.

A series of videos featuring Stuart Kwan, Principal Program Manager in the Microsoft Identity Division explain how Azure Active Directory authentication works. These videos are available:

Authentication fundamentals: The basics | Azure Active Directory

Authentication fundamentals: Web applications | Azure Active Directory

Authentication fundamentals: Web single sign-on | Azure Active Directory

Authentication fundamentals: Federation | Azure Active Directory

The topic of modern authentication is dealt with in:

Authentication fundamentals: Native client applications- Part 1 | Azure Active Directory

and

Authentication fundamentals: Native client applications- Part 2 | Azure Active Directory

Good stuff and worth viewing.


The Office 365 for IT Pros eBook covers Azure Active Directory in its own chapter. Lots of good information written by a master of directories.

Advertisements

4 Replies to “Azure Active Directory Sign-On Gets a New Look”

  1. I would prefer it to be monochrome instead of mimicking MS logo colors. Also, dark mode enthusiast voice their concerns with this light bg blasting at their eyes at night 🙂

  2. Office went from a view of the sunset, to “need some sun in your eyes, bro!” As with us, a lot of people use Office for professional reasons. And I get MS wanted to white-wash the professional into the UI, but this is too gentrified for anybody! I engineer AI for a living, and this is too boring even for me!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.