There is a new enhanced branding experience in Azure AD allowing for more flexible customization of the sign-in experience for internal end external users. Join me in a deep dive into these new functionalities.
Table of Contents
Exploring the new sign-in experience
I have earlier done a blog-post covering the Complete Branding for your Tenant and Managed Endpoints. The new functionality that has been released will be a natural extension of everything that was discussed in my previous post.
Microsoft has opened for enhanced branding of the authentication screens for Azure AD. The new experience will cover sign-in experiences for users in the internal Azure Active Directory of the tenant, as well as external users. This will include B2B (Business To Business), B2E (Business To Employee), and B2C (Business To Consumer).
The previous company branding opportunities had some basic settings available covering background image, banner logo, username hint, and sign-in page text.
These were all great opportunities to put a personal touch on the tenant’s login experience. But it was still limited and set to a given template.
The new experience has been significantly enriched. I will now explore these new settings in my demo tenant known from my previous mention blog post covering the total branding experience.
Customize the enhanced branding in a tenant
I will log in to https://portal.azure.com, open Azure Active Directory, and navigate to the Company Branding blade. The setting is also available through the new Entra portal (https://entra.microsoft.com) under User experiences – Company Branding.
Here I can start editing the branding based on the existing configuration.
The new sign-in experience configuration has several new tabs.
I will cover all the new settings found in each tab
The Basics tab
The first new setting is the Favicon found in the Basic tab. If configured, the browser icon will be rendered in the web browser tab instead of the Microsoft logo set as the default value.
I will use the Square Logo from my previous configuration scaled down to the image size 32x32px, max 5KB. PNG is the preferred format, but JPG is supported. This time I am using the free photo editor Krita instead of Adobe PhotoShop.
The icon is uploaded to the configuration before saving the config.
Please note, it takes about 60 seconds from applying the settings until it is applied at the sign-in experience. This gives me a branded favorite icon on the sign-in page.
This is a neat detail that could help users verify they are on a legally known sign-in page.
The Layout tab
The new Layout tab allows you to choose new web page layout templates and set up core web page elements such as the header, footer, and styling with CSS. This is the place where we can make some big changes to the sign-in experience.
I will start by switching from the traditional full-screen background to the new partial-screen background template and configure the Header and Footer.
Next, I will add a Custom CSS. I will download a CSS template stylesheet from Microsoft and edit the settings I care about. In my example I add some color changes for links and the buttons.
These are the concrete changes added in my example:
By testing the sign-in experience, I now see the following:
The template has changed with the user dialogue placed on the right side of the screen. The links and buttons have a new color and the hover functionality is working as expected. I have a header and footer in place, even though there seems to be a missing logo in the header.
The Header tab
Since I did choose to enable the header in the Layout tab, I can now upload a logo file under the Header tab. The logo should be a transparent PNG file sized 280x60px with a max size of 10KB. I use Krita to adopt the company’s logo to these preferences (or simply reuse the logo file used earlier since it has the same requirements).
Please note that the preview seems kind of stretched even though the image uploaded holds the correct dimensions.
The Footer tab
Testing the new Header and Footer experience gives the following result.
For users signing in to their own tenant, the two identical logos might be overload and maybe confusing. The logo in the header will make more sense in situations where guest accounts are signing in to the tenant (B2E and B2C).
The Sign-in form tab
The last tab is covering the other elements of the Sign-in experience such as images, text, and hyperlinks. These were all covered in my previous post, and the settings have been inherited to the new experience.
For advanced use, you can use some formatting on the Sign-in page text. This includes Bold, Italic, Underline and even links!
It is also possible to hide or customize the self-service password reset URL available on the account collection and password collection screens.
I always prefer to automate configuration whenever possible. Sander Rozemuller has done a brilliant post on how these settings can be implemented through Graph API in his blog-post Automate user sign-in experience with company branding (rozemuller.com). Absolut worth studying!
These new settings are all welcomed additions to give a customized branding experience to the Microsoft Azure AD sign-in experience. If you found these settings of interest, you will have the great pleasure of also reading my previous article Simon does… Complete Branding for your Tenant and Managed Endpoints (skotheimsvik.no)