New Features and Enhancements
October 2025
This section describes the enhancements included in App Portal/App Broker 2025 R1 SP1.
Data Sync Improvements
Set the backend app setting UseOnPremisesSamAccountNameForUseName to TRUE to support the hybrid IAM scenario. This will allow the use of both ConfigMgr and Intune for syncing user data, including computer and user-computer relationship details. The UniqueName value will be constructed as UserDomain\UserName, utilizing OnPremisesSamAccountName and OnPremisesDomainName for the respective components in the WD_User table for Users.
By default the UseOnPremisesSamAccountNameForUseName value is set to FALSE.
To enable the app setting UseOnPremisesSamAccountNameForUseName value to TRUE, execute the below query:
IF EXISTS ( SELECT * FROM WD_AppSettings WHERE KeyName = 'UseOnPremisesSamAccountNameForUserName')
BEGIN
UPDATE WD_AppSettings set Value = 'true'
WHERE KeyName = 'UseOnPremisesSamAccountNameForUserName'
END
ELSE
BEGIN
INSERT INTO WD_Appsettings(KeyName,Value) VALUES('UseOnPremisesSamAccountNameForUserName','true')
END
GO
IF EXISTS (SELECT * FROM WD_AppSettings WHERE KeyName ='UseOnPremisesDomainNameForUserDomain')
BEGIN
UPDATE WD_AppSettings set Value = 'true'
WHERE KeyName = 'UseOnPremisesDomainNameForUserDomain'
END
ELSE
BEGIN
INSERT INTO WD_Appsettings(KeyName,Value) VALUES('UseOnPremisesDomainNameForUserDomain','true')
END
GO
June 2025
This section describes the new features included in App Portal/App Broker 2025 R1.
Support Hybrid IAM (Active Directory + Microsoft Entra ID)
With this update, hybrid IAM enables to use of the Active Directory (AD) and Microsoft Entra ID (Entra ID) Identity and Access Management concurrently or individually according to the need. This enables the customer to migrate from legacy on-prem Active Directory to cloud Microsoft Entra ID. Also, this further provides the benefits of leveraging the users/groups and their attributes in different capabilities functioning across the App Portal.
As part of Microsoft Entra ID integration, following below features are not supported today.
- Approval Groups
- ITAM/FNMS integration (License Reclamation)
- My Apps
- Retire campaign
- Upgrade campaign
- Smart Uninstall
- Scheduling/Leasing
- Service Now integration
- Operating System Deployment
- Clone/Migrate
- Support Tools
- Notifications
- Cloud Apps
- Reclamation Dashboard
- Questions
With this release the existing customers can continue to use the Active Directory as identity and access management (IAM) in the upgraded version of App Portal 2025 R1 with resolved issues and with an ability to utilize the Microsoft Entra ID integration with limited features as follows:
- Data sync
- Admin security
- Catalog security
- Deployment via Intune and ConfigMgr
- Security Groups
- Visibility conditions
- Category Security
- Approval Conditions
- Software CI with license enabled (lic availability and lic reservation)
- Request On Behalf options
Unified view to manage multiple Identity and Access Management
A new Identity Management view has been introduced to the App Portal menu. This view provides a streamlined interface to set up and manage user authentication through AD, Microsoft Entra ID, or both. It supports simultaneous use of AD and Entra ID users and groups. This is beneficial for customers transitioning from AD to Entra, allowing a smooth migration. The setup ensures seamless login access to the App Portal for both AD and Entra users, with the flexibility to choose one or multiple identity providers based on organizational needs.
The following operations can be performed under the Identity Management view:
- Configuring Identities
- Enabling Identities
- Deleting Identities
- Selecting Primary IAM
For more information, see Configuring Identity Management.
The user types are defined based on the user association with ADS path and Intune ID as displayed in the User view (Site Management > Imported Users and Computers > Users):
- Hybrid users are associated with both an ADS path and an Intune ID.
- AD users are linked only to an ADS path.
- Entra users are identified solely by their Intune ID association.
Ability to Provide Permissions to Users/Groups
The App Portal now supports seamless integration with both Active Directory (AD) and Entra ID, allowing administrators to search and select users or groups from either identity source or both. If a user is not found in the primary identity source during login, App Portal will automatically fall back to the secondary source for authentication.
Permissions can be assigned at:
-
Admin Security— Administrators can now search and select users or groups from both AD and Entra ID when configuring Admin Security. They can assign, edit, or delete permissions with ease. The system also provides a visual indicator of the identity source (AD or Entra), helping admins quickly identify where the user or group belongs.
-
Catalog Security— Administrators have the ability to assign permissions to users or groups from both AD and Entra ID. Permissions can be granted, modified, or removed based on catalog requirements. The system also provides a visual indicator of the identity source (AD or Entra), helping admins quickly identify where the user or group belongs.
Ability to Leverage Active Directory / Microsoft Entra ID Attributes
The following attributes are added to leverage Active Directory / Microsoft Entra ID:
-
Visibility Condition— App Portal administrators can now add AD and Entra ID users/groups, along with Organizational Units (OUs) or Administrative Units (AUs), simultaneously streamlining configuration and access management. Catalog items are displayed to end users based on AD or Entra ID attributes evaluated through defined visibility conditions.
-
Category Security— App Portal administrators can now add AD and Entra ID users/groups, along with Organizational Units (OUs) or Administrative Units (AUs), simultaneously streamlining configuration and access management. Catalog categories are displayed to end users based on AD or Entra ID attributes, enabling a personalized experience aligned with each user’s identity type.
-
Approval Condition— App Portal administrators can now add AD and Entra ID users/groups, as well as Organizational Units (OUs) or Administrative Units (AUs), simultaneously. Approval workflows are automatically initiated based on AD or Entra ID attributes configured in the approval conditions.
Ability to Add Targets via Security Groups into Active Directory / Microsoft Entra ID
App Portal administrators can now configure users, devices or both into the specified groups in both AD and Entra ID groups at the same time, simplifying configuration. Targets are automatically added to their respective groups in AD and Entra ID based on the Security Group configurations and User Type.
Support Entra ID in Workflows
App Portal administrators can now create workflows using Entra ID users/groups. Entra users can be assigned as approvers and are enabled to perform approval actions, such as approving or rejecting incoming requests.
Today, only basic workflow capabilities are supported, and the following functionalities are not supported:
- Custom Workflow
- Workflow Conditions
- Workflow Step Conditions
- Approval Workflow Groups
Ability to Submit Request
Hybrid, AD, and Entra users can now submit requests with enhanced flexibility, including options for submission without approval, basic approval workflows, license position checks and reservations, and the ability to request on behalf of other users.
Synchronization Support for Users and Computers
Basic support has been introduced to enable the simultaneous synchronization of Users and Computers from both Microsoft Configuration Manager (ConfigMgr) and Intune.
In Site Management > Settings > Deployment view, under the Intune tab, two new check boxes have been added to provide enhanced control over synchronization:
- Sync Users— Enables synchronization of user data from Intune.
- Sync Computers— Enables synchronization of computer or device data from Intune.
These options give administrators the ability to manage user and computer synchronization independently, improving flexibility and control in directory integration.
To synchronize users and computers from both ConfigMgr and Intune, you must select ConfigMgr as the value for Sync Users and Sync Computers under the Common tab (Site Management > Settings > Deployment > Common), and also check the S ync Users and Sync Computers options under the Intune tab.
Installer Now Supports Configuring Multiple IAM
The App Portal installation and configuration experience has been enhanced to support flexible combinations of Authentication Types and Identity Providers.
With this update, users now have the ability to select the desired authentication type during installation, allowing for configured identity management based on deployment needs.
App Portal supports the following configurations under the Identity Management settings:
-
Windows Authentication + Active Directory Forest
-
Single Sign-On + Active Directory Forest
-
Single Sign-On + Active Directory Forest and Microsoft Entra ID
-
Windows Authentication + Active Directory Forest and Microsoft Entra ID
noteToday, the combination of Windows Authentication with Microsoft Entra ID as the Identity is not officially supported and is therefore not recommended.
-
Single Sign-On + Microsoft Entra ID
Support for ServiceNow Yokohama
App Portal now includes support for the Yokohama version of ServiceNow. Customers upgrading from previous version of ServiceNow to either the Yokohama version can use all the capabilities on these new versions.
Add the following roles to the basic integration user in the newer version of ServiceNow (Yokohama):
- Asset-Adding this role is required to provide the list of computers assigned to the user. The end user will also require this role, apart from basic integration user.
- ITIL-Adding this role is required to update request status back in ServiceNow.