Microsoft Entra releases and announcements
This article provides information about the latest releases and change announcements across the Microsoft Entra family of products over the last six months (updated monthly). If you're looking for information that's older than six months, see Archive for What's new in Microsoft Entra.
For a more dynamic experience, you can now find this information in the Microsoft Entra admin center. To learn more, see What's new (preview).
Get notified about when to revisit this page for updates by copying and pasting this URL:
https://learn.microsoft.com/api/search/rss?search=%22Release+notes+-+Azure+Active+Directory%22&locale=en-usinto yourfeed reader.
Note
If you're currently using Azure Active Directory today or are have previously deployed Azure Active Directory in your organizations, you can continue to use the service without interruption. All existing deployments, configurations, and integrations continue to function as they do today without any action from you.
November 2024
General Availability - Microsoft Entra Connect Sync Version 2.4.27.0
Type: Changed feature
Service category: Provisioning
Product capability: Identity Governance
On November 14, 2025, we released Microsoft Entra Connect Sync Version 2.4.27.0 that uses the OLE DB version 18.7.4 that further hardens our service. Upgrade to this latest version of connect sync to improve your security. More details are available in the release notes.
Public Preview - Microsoft Entra new store for certificate-based authentication
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication
Microsoft Entra ID has a new scalable PKI (Public Key Infrastructure) based CA (Certificate Authorities) store with higher limits for the number of CAs and the size of each CA file. PKI based CA store allows CAs within each different PKI to be in its own container object allowing administrators to move away from one flat list of CAs to more efficient PKI container based CAs. PKI-based CA store now supports up to 250CAs, 8KB size for each CA and also supports issuers hints attribute for each CA. Administrators can also upload the entire PKI and all the CAs using the "Upload CBA PKI" feature or create a PKI container and upload CAs individually. For more information, see: Step 1: Configure the certificate authorities with PKI-based trust store (Preview).
Changed feature - expansion of WhatsApp as an MFA one-time passcode delivery channel for Entra ID
Type: Changed feature
Service category: MFA
Product capability: User Authentication
In late 2023, Entra started leveraging WhatsApp as an alternate channel to deliver multifactor authentication (MFA) one-time passcodes to users in India and Indonesia. We saw improved deliverability, completion rates, and satisfaction when leveraging the channel in both countries. The channel was temporarily disabled in India in early 2024. Starting early December 2024, we will be re-enabling the channel in India, and expanding its use to additional countries.
Starting December 2024, users in India, and other countries can start receiving MFA text messages via WhatsApp. Only users that are enabled to receive MFA text messages as an authentication method, and already have WhatsApp on their phone, will get this experience. If a user with WhatsApp on their device is unreachable or doesn’t have internet connectivity, we will quickly fall back to the regular SMS channel. In addition, users receiving OTPs via WhatsApp for the first time will be notified of the change in behavior via SMS text message.
If you don’t want your users to receive MFA text messages through WhatsApp, you can disable text messages as an authentication method in your organization or scope it down to only be enabled for a subset of users. Please note that we highly encourage organizations move to using more modern, secure methods like Microsoft Authenticator and passkeys in favor of telecom and messaging app methods. For more information, see: Text message verification.
Public Preview - Updating profile photo in MyAccount
Type: New feature
Service category: My Profile/Account
Product capability: End User Experiences
On November 13, 2024, users received the ability to update their profile photo directly from their MyAccount portal. This change exposes a new edit button on the profile photo section of the user’s account.
In some environments, it’s necessary to prevent users from making this change. Global Administrators can manage this using a tenant-wide policy with Microsoft Graph API, following the guidance in the Manage user profile photo settings in Microsoft 365 document.
Retirement - MFA Fraud Alert will be retired on March 1st 2025
Type: Deprecated
Service category: MFA
Product capability: Identity Security & Protection
Microsoft Entra multifactor authentication (MFA) fraud alert allows end users to report MFA voice calls, and Microsoft Authenticator push requests, they didn't initiate as fraudulent. Beginning March 1, 2025, MFA Fraud Alert will be retired in favor of the replacement feature Report Suspicious Activity which allows end users to report fraudulent requests, and is also integrated with Identity Protection for more comprehensive coverage and remediation. To ensure users can continue reporting fraudulent MFA requests, organizations should migrate to using Report Suspicious Activity, and review how reported activity is remediated based on their Microsoft Entra licensing. For more information, see: Configure Microsoft Entra multifactor authentication settings.
Public Preview - Microsoft Entra Health Monitoring, Alerts Feature
Type: Changed feature
Service category: Other
Product capability: Monitoring & Reporting
Intelligent alerts in Microsoft Entra health monitoring notify tenant admins, and security engineers, whenever a monitored scenario breaks from its typical pattern. Microsoft Entra's alerting capability watches the low-latency health signals of each scenario, and fires a notification in the event of an anomaly. The set of alert-ready health signals and scenarios will grow over time. This alerts feature is now available in Microsoft Entra Health as an API-only public preview release (UX release is scheduled for February 2025). For more information, see: How to use Microsoft Entra Health monitoring alerts (preview).
General Availability - Microsoft Entra Health Monitoring, Health Metrics Feature
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
Microsoft Entra health monitoring, available from the Health pane, includes a set of low-latency pre-computed health metrics that can be used to monitor the health of critical user scenarios in your tenant. The first set of health scenarios includes MFA, CA-compliant devices, CA-managed devices, and SAML authentications. This set of monitor scenarios will grow over time. These health metrics are now released as general availability data streams, in conjunction with the public preview of an intelligent alerting capability. For more information, see: What is Microsoft Entra Health?.
General Availability - Log analytics sign-in logs schema is in parity with MSGraph schema
Type: Plan for change
Service category: Authentications (Logins)
Product capability: Monitoring & Reporting
To maintain consistency in our core logging principles, we've addressed a legacy parity issue where the Azure Log Analytics sign-in logs schema did not align with the MSGraph sign-in logs schema. The updates include fields such as ClientCredentialType, CreatedDateTime, ManagedServiceIdentity, NetworkLocationDetails, tokenProtectionStatus, SessionID, among others. These changes will take effect in the first week of December 2024.
We believe this enhancement will provide a more consistent logging experience. As always, you can perform pre-ingestion transformations to remove any unwanted data from your Azure Log Analytics storage workspaces. For guidance on how to perform these transformations, see: Data collection transformations in Azure Monitor.
Deprecated - MIM hybrid reporting agent
Type: Deprecated
Service category: Microsoft Identity Manager
Product capability: Monitoring & Reporting
The hybrid reporting agent, used to send a MIM Service event log to Microsoft Entra to surface in password reset and self-service group management reports, is deprecated. The recommended replacement is to use Azure Arc to send the event logs to Azure Monitor. For more information, see: Microsoft Identity Manager 2016 reporting with Azure Monitor.
October 2024
Public Preview - Passkey authentication in brokered Microsoft apps on Android
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication
Microsoft Entra ID users can now use a passkey to sign into Microsoft apps on Android devices where an authentication broker like Microsoft Authenticator, or Microsoft Intune Company Portal, is installed. For more information, see: Support for FIDO2 authentication with Microsoft Entra ID.
Public Preview Refresh - Passkeys in Microsoft Authenticator
Type: New feature
Service category: Microsoft Authenticator App
Product capability: User Authentication
Public preview of passkeys in the Microsoft Authenticator will now support additional features. Admins can now require attestation during registration of a passkey, and Android native apps now supports signing in with passkeys in the Authenticator. Additionally, users are now prompted to sign in to the Authenticator app to register a passkey when initiating the flow from MySignIns. The Authenticator app passkey registration wizard walks the user through meeting all the prerequisites within the context of the app before attempting registration. Download the latest version of the Authenticator app and give us feedback as you pilot these changes in your organization. For more information, see: Enable passkeys in Microsoft Authenticator (preview).
Public Preview - Authentication methods migration wizard
Type: New feature
Service category: MFA
Product capability: User Authentication
The authentication methods migration guide (preview) in the Microsoft Entra admin center lets you automatically migrate method management from the legacy MFA and SSPR policies to the converged authentication methods policy. In 2023, it was announced that the ability to manage authentication methods in the legacy MFA and SSPR policies would be retired in September 2025. Until now, organizations had to manually migrate methods themselves by leveraging the migration toggle in the converged policy. Now, you can migrate in just a few selections by using the migration guide. The guide evaluates what your organization currently has enabled in both legacy policies, and generates a recommended converged policy configuration for you to review and edit as needed. From there, simply confirm the configuration and we set it up for you and mark your migration as complete. For more information, see: How to migrate MFA and SSPR policy settings to the Authentication methods policy for Microsoft Entra ID.
General availability- SMS as an MFA method in Microsoft Entra External ID
Type: New feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
Announcing general availability of SMS as an MFA method in Microsoft Entra External ID with built-in telecom fraud protection through integrations with the Phone Reputation Platform.
What's new?
- SMS sign-in experience that maintains the look and feel of the application users are accessing.
- SMS is an add-on feature. We'll apply an additional charge per SMS sent to the user which will include the built-in fraud protection services.
- Built-in fraud protection against telephony fraud through our integration with the Phone Reputation platform. This platform processes telephony activity in real-time and returns an "Allow", "Block" or "Challenge" based on risk and a series of heuristics.
For more information, see: Multifactor authentication in external tenants.
September 2024
Public preview - New Conditional Access Template Requiring Device Compliance
Type: New feature
Service category: Conditional Access
Product capability: Identity Security & Protection
A new Conditional Access template requiring device compliance is now available in Public Preview. This template restricts access to company resources exclusively to devices enrolled in mobile device management (MDM) and compliant with company policy. Requiring device compliance improves data security, reducing risk of data breaches, malware infections, and unauthorized access. This is a recommended best practice for users and devices targeted by compliance policy through MDM. For more information, see: Common policy: Create a Conditional Access policy requiring device compliance.
Public preview - Tenant admin can fail certificate based auth when the end user certificate issuer isn't configured with a certificate revocation list
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication
With Certificate based authentication, a CA can be uploaded without a CRL endpoint, and certificate-based authentication won't fail if an issuing CA doesn't have a CRL specified.
To strengthen security and avoid misconfigurations, an Authentication Policy Administrator can require CBA authentication to fail if no CRL is configured for a CA that issues an end user certificate. For more information, see: Understanding CRL validation (Preview).
General Availability: Microsoft Authenticator on Android is FIPS 140 compliant for Microsoft Entra authentication
Type: New feature
Service category: Microsoft Authenticator App
Product capability: User Authentication
Beginning with version 6.2408.5807, Microsoft Authenticator for Android is compliant with Federal Information Processing Standard (FIPS 140-3) for all Microsoft Entra authentications, including phishing-resistant device-bound passkeys, push multifactor authentication (MFA), passwordless phone sign-in (PSI), and time-based one-time passcodes (TOTP). No changes in configuration are required in Microsoft Authenticator or Microsoft Entra ID Admin Portal to enable this capability. Microsoft Authenticator on iOS is already FIPS 140 compliant, as announced last year. For more information, see: Authentication methods in Microsoft Entra ID - Microsoft Authenticator app.
General Availability - Microsoft Entra External ID extension for Visual Studio Code
Type: Changed feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
Microsoft Entra External ID Extension for VS Code provides a streamlined, guided experience to help you kickstart identity integration for customer-facing apps. With this extension, you can create external tenants, set up a customized and branded sign-in experience for external users, and quickly bootstrap your projects with preconfigured External ID samples—all within Visual Studio Code. Additionally, you can view and manage your external tenants, applications, user flows, and branding settings directly within the extension.
For more information, see: Quickstart: Get started with the Microsoft Entra External ID extension for Visual Studio Code.
Public Preview - Custom Claims API for Claims Configuration of Enterprise Apps
Type: New feature
Service category: Enterprise Apps
Product capability: SSO
Custom Claims API allows admins to manage and update additional claims for their Enterprise Applications seamlessly through MS Graph. The Custom Claims API offers a simplified and user friendly API experience for claims management for our customers. With the introduction of Custom Claims API, we achieved UX and API interoperability. Admins can now use Microsoft Entra admin center and MS Graph API interchangeably to manage claims configurations for their Enterprise Applications. It facilitates admins to execute their automations using the API while allowing the flexibility to update claims on the Microsoft Entra admin center as required on the same policy object. For more information, see: Customize claims using Microsoft Graph Custom Claims Policy (preview).
General Availability - Cross-tenant manager synchronization
Type: New feature
Service category: Provisioning
Product capability: Identity Governance
Support for synchronizing the manager attribute using cross-tenant synchronization is now generally available. For more information, see: Attributes.
Public Preview - Request on behalf of
Type: New feature
Service category: Entitlement Management
Product capability: Entitlement Management
Entitlement Management enables admins to create access packages to manage their organization’s resources. Admins can either directly assign users to an access package, or configure an access package policy that allows users and group members to request access. This option to create self-service processes is useful, especially as organizations scale and hire more employees. However, new employees joining an organization might not always know what they need access to, or how they can request access. In this case, a new employee would likely rely on their manager to guide them through the access request process.
Instead of having new employees navigate the request process, managers can request access packages for their employees, making onboarding faster and more seamless. To enable this functionality for managers, admins can select an option when setting up an access package policy that allows managers to request access on their employees' behalf.
Expanding self-service request flows to allow requests on behalf of employees ensures that users have timely access to necessary resources, and increases productivity. For more information, see: Request access package on-behalf-of other users (Preview).
August 2024
Change announcement - Upcoming MFA Enforcement on Microsoft Entra admin center
Type: Plan for change
Service category: MFA
Product capability: Identity Security & Protection
As part of our commitment to providing our customers with the highest level of security, we previously announced that Microsoft requires multifactor authentication (MFA) for users signing into Azure.
We'd like to share an update that the scope of MFA enforcement includes Microsoft Entra admin center in addition to the Azure portal and Intune admin center. This change is rolled out in phases, allowing organizations time to plan their implementation:
Phase 1: Beginning in the second half of the calendar year 2024, MFA is required to sign in to the Microsoft Entra admin center, Azure portal, and Intune admin center. This enforcement is gradually rolled out to all tenants worldwide. This phase didn't affect other Azure clients such as the Azure Command Line Interface, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools.
Phase 2: Beginning in early 2025, gradual enforcement of MFA at sign-in for the Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools commences.
Microsoft sends a 60-day advance notice to all Microsoft Entra Global Administrators by email, and through Azure Service Health Notifications, to notify them of the start date of enforcement and required actions. Extra notifications are sent through the Azure portal, Microsoft Entra admin center, and the Microsoft 365 message center.
We understand that some customers might need extra time to prepare for this MFA requirement. Therefore, Microsoft allows extended time for customers with complex environments or technical barriers. The notification from us also includes details about how customers can postpone specific changes. These changes include the start date of enforcement for their tenants, the duration of the postponement, and a link to apply changes. Visit here to learn more.
General Availability - restricted permissions on Directory Synchronization Accounts (DSA) role in Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync
Type: Changed feature
Service category: Provisioning
Product capability: Microsoft Entra Connects
As part of ongoing security hardening, Microsoft removes unused permissions from the privileged Directory Synchronization Accounts role. This role is exclusively used by Microsoft Entra Connect Sync, and Microsoft Entra Cloud Sync, to synchronize Active Directory objects with Microsoft Entra ID. There's no action required by customers to benefit from this hardening, and the revised role permissions are documented here: Directory Synchronization Accounts.
Plan for change - My Security-Info Add sign-in method picker UX update
Type: Plan for change
Service category: MFA
Product capability: End User Experiences
Starting Mid-October 2024, the Add sign-in method dialog on the My Security-Info page will be updated with a modern look and feel. With this change, new descriptors will be added under each method which provides detail to users on how the sign-in method is used (ex. Microsoft Authenticator – Approve sign-in requests or use one-time codes).
Early next year the Add sign-in method, dialog will be enhanced to show an initially recommended sign-in method instead of initially showing the full list of sign-in methods available to register. The recommended sign-in method will default to the strongest method available to the user based on the organization’s authentication method policy. Users can select Show more options and choose from all available sign-in methods allowed by their policy.
This change will occur automatically, so admins take no action.
Public Preview - Provisioning UX Updates
Type: Plan for change
Service category: Provisioning
Product capability: Outbound to SaaS Applications
We'll start releasing user experience updates for application provisioning, HR provisioning, and cross-tenant synchronization next month. These updates include a new overview page, user experience to configure connectivity to your application, and new create provisioning experience. The new experiences include all functionality available to customers today, and no customer action is required.
Change Announcement - Deferred Changes to My Groups Admin Controls
Type: Plan for change
Service category: Group Management
Product capability: AuthZ/Access Delegation
In October 2023, we shared that, starting June 2024, the existing Self Service Group Management setting in the Microsoft Entra Admin Center that states restrict user ability to access groups features in My Groups retires. These changes are under review, and might take place as originally planned. A new deprecation date will be announced in the future.
Public Preview - Microsoft Entra ID FIDO2 provisioning APIs
Type: New feature
Service category: MFA
Product capability: Identity Security & Protection
Microsoft Entra ID now supports FIDO2 provisioning via API, allowing organizations to pre-provision security keys (passkeys) for users. These new APIs can simplify user onboarding, and provide seamless phishing-resistant authentication on day one for employees. For more information on how to use this feature, see: Provision FIDO2 security keys using Microsoft Graph API.
General Availability - Enable, Disable, and Delete synchronized users accounts with Lifecycle Workflows
Type: New feature
Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management
Lifecycle Workflows is now able to enable, disable, and delete user accounts that are synchronized from Active Directory Domain Services (AD DS) to Microsoft Entra. This capability allows you to complete the employee offboarding process by deleting the user account after a retention period.
To learn more, see: Manage users synchronized from Active Directory Domain Services with workflows.
General Availability - Configure Lifecycle Workflow Scope Using Custom Security Attributes
Type: New feature
Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management
Customers can now use their confidential HR data stored in custom security attributes. They can do this addition to other attributes to define the scope of their workflows in Lifecycle Workflows for automating joiner, mover, and leaver scenarios.
To learn more, see: Use custom security attributes to scope a workflow.
General Availability - Workflow History Insights in Lifecycle Workflows
Type: New feature
Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management
With this feature, customers can now monitor workflow health, and get insights for all their workflows in Lifecycle Workflows including viewing workflow processing data across workflows, tasks, and workflow categories.
To learn more, see: Lifecycle workflow Insights.
General Availability - Configure custom workflows to run mover tasks when a user's job profile changes
Type: New feature
Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management
Lifecycle Workflows now supports the ability to trigger workflows based on job change events like changes to an employee's department, job role, or location, and see them executed on the workflow schedule. With this feature, customers can use new workflow triggers to create custom workflows for their executing tasks associated with employees moving within the organization including triggering:
- Workflows when a specified attribute changes
- Workflows when a user is added or removed from a group's membership
- Tasks to notify a user's manager about a move
- Tasks to assign licenses or remove selected licenses from a user
To learn more, see Automated employee mover tasks when they change jobs using the Microsoft Entra admin center tutorial.
General Availability - Device based conditional access to M365/Azure resources on Red Hat Enterprise Linux
Type: New feature
Service category: Conditional Access
Product capability: SSO
Since October 2022, users on Ubuntu Desktop 20.04 LTS & Ubuntu 22.04 LTS with Microsoft Edge browser could register their devices with Microsoft Entra ID, enroll into Microsoft Intune management, and securely access corporate resources using device-based Conditional Access policies.
This release extends support to Red Hat Enterprise Linux 8.x and 9.x (LTS) which makes these capabilities possible:
- Microsoft Entra ID registration & enrollment of RedHat LTS (8/9) desktops.
- Conditional Access policies protecting web applications via Microsoft Edge. -Provides SSO for native & web applications (ex: Azure CLI, Microsoft Edge browser, Teams progressive web app (PWA), etc.) to access M365/Azure protected resources.
- Standard Intune compliance policies.
- Support for Bash scripts with custom compliance policies.
- Package Manager now supports RHEL RPM packages in addition to Debian DEB packages.
To learn more, see: Microsoft Entra registered devices.
July 2024
General Availability - Insider Risk condition in Conditional Access is GA
Type: New feature
Service category: Conditional Access
Product capability: Identity Security & Protection
Insider Risk condition in Conditional Access is now GA
Insider Risk condition, in Conditional Access, is a new feature that uses signals from Microsoft Purview's Adaptive Protection capability to enhance the detection and automatic mitigation of Insider threats. This integration allows organizations to more effectively manage, and respond, to potential insider risks by using advanced analytics and real-time data.
For example, if Purview detects unusual activity from a user, Conditional Access can enforce extra security measures such as requiring multifactor authentication (MFA) or blocking access. This feature is a premium and requires a P2 license. For more information, see: Common Conditional Access policy: Block access for users with insider risk.
General Availability - New SAML applications can't receive tokens through OAuth2/OIDC protocols
Type: Plan for change
Service category: Enterprise Apps
Product capability: Developer Experience
Starting late September 2024, applications indicated as SAML applications (via the preferredSingleSignOnMode property of the service principal) can't be issued JWT tokens. This change means they can't be the resource application in OIDC, OAuth2.0, or other protocols using JWTs. This change only affects SAML applications attempting to take a new dependency on JWT-based protocols; existing SAML applications already using these flows aren't affected. This update improves the security of apps.
For more information, see: SAML authentication with Microsoft Entra ID.
General Availability - New Federated Apps available in Microsoft Entra Application gallery - July 2024
Type: New feature
Service category: Enterprise Apps
Product capability: Third Party Integration
In February 2024, we added the following 10 new applications in our App gallery with Federation support:
Full story SAML, LSEG Workspace
You can also find the documentation of all the applications from here https://aka.ms/AppsTutorial.
For listing your application in the Microsoft Entra ID app gallery, read the details here https://aka.ms/AzureADAppRequest.
General Availability - Active Directory Federation Services (AD FS) Application Migration Wizard
Type: New feature
Service category: AD FS Application Migration
Product capability: Platform
The Active Directory Federation Services (AD FS) application migration wizard allows the user to quickly identify which AD FS relying party applications are compatible with being migrated to Microsoft Entra ID. This tool shows the migration readiness of each application and highlights issues with suggested actions to remediate. This tool also guides users through preparing an individual application for migration and configuring their new Microsoft Entra application. For more information on how to use this feature, see: Use AD FS application migration to move AD FS apps to Microsoft Entra ID.
General Availability - Attacker in the Middle detection alert in Identity Protection
Type: New feature
Service category: Identity Protection
Product capability: Identity Security & Protection
The Attacker in the Middle detection is now Generally Available for users in Identity Protection.
This high precision detection is triggered on a user account compromised by an adversary that intercepted a user's credentials, including tokens issued. The risk is identified through Microsoft 365 Defender and raises the user with High risk to trigger the configured Conditional Access policy.
For more information on this feature, see: What are risk detections?
General Availability - Easy authentication with Azure App Service and Microsoft Entra External ID
Type: Changed feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
An improved experience when using Microsoft Entra External ID as an identity provider for Azure App Service’s built-in authentication, simplifying the process of configuring authentication and authorization for external-facing apps. You can complete initial configuration directly from the App Service authentication setup without switching into the external tenant. For more information, see: Quickstart: Add app authentication to your web app running on Azure App Service.
June 2024
Plan for change - Passkey in Microsoft Authenticator (preview) registration experience is changing
Type: Plan for change
Service category: MFA
Product capability: End User Experiences
Starting late July 2024, through end of August 2024, we're rolling out changes to the registration experience for passkey in Microsoft Authenticator (preview) on the My Security-Info page. This registration experience change will go from a WebAuthn approach, to guide users to register by signing into the Microsoft Authenticator app. This change will occur automatically, and admins won’t need to take any action. Here's more details:
- By default, we'll guide users to sign into the Authenticator app to set up passkeys.
- If users are unable to sign in, they'll be able to fallback to an improved WebAuthn experience through a "Having trouble?" link on the page.
General Availability - Security Improvements to Microsoft Entra Connect Sync and Connect Health
Type: Changed feature
Service category: Provisioning
Product capability: Microsoft Entra Connect
Action Recommended: Security Improvements to Microsoft Entra Connect Sync and Connect Health
Since September 2023, we have been autoupgrading Microsoft Entra Connect Sync and Microsoft Entra Connect Health customers to an updated build as part of a precautionary security-related service change. For customers who previously opted out of autoupgrade, or for whom autoupgrade failed, we strongly recommend that you upgrade to the latest versions by September 23, 2024.
When you upgrade to the latest versions, you ensure that when the service change takes effect, you avoid service disruptions for:
- Microsoft Entra Connect Sync
- Microsoft Entra Connect Health agent for Sync
- Microsoft Entra Connect Health agent for ADDS
- Microsoft Entra Connect Health agent for ADFS
See documentation here: Security improvements to the autoupgrade process for upgrade-related guidance, versioning information, and further details on the expected impacts of the service change.
Public Preview - MS Graph API support for per-user multifactor authentication
Type: New feature
Service category: MFA
Product capability: Identity Security & Protection
MS Graph API support for per-user multifactor authentication
Starting June 2024, we're releasing the capability to manage user status (Enforced, Enabled, Disabled) for per-user multifactor authentication through MS Graph API. This update replaces the legacy MSOnline PowerShell module that is being retired. The recommended approach to protect users with Microsoft Entra multifactor authentication is Conditional Access (for licensed organizations) and security defaults (for unlicensed organizations). For more information, see: Enable per-user Microsoft Entra multifactor authentication to secure sign-in events.
Public Preview - Easy authentication with Azure App Service and Microsoft Entra External ID
Type: Changed feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
We improved the experience when using Microsoft Entra External ID as an identity provider for Azure App Service’s built-in authentication, simplifying the process of configuring authentication and authorization for external-facing apps. You can complete initial configuration directly from the App Service authentication setup without switching into the external tenant. For more information, see: Quickstart: Add app authentication to your web app running on Azure App Service
General Availability - Refactored account details screen in Microsoft Authenticator
Type: Plan for change
Service category: Microsoft Authenticator App
Product capability: User Authentication
In July, enhancements for the Microsoft Authenticator app UX roll-out. The account details page of a user account is reorganized to help users better understand, and interact with, the information and buttons on the screen. Key actions that a user can do today are available in the refactored page, but they're organized in three sections or categories that help better communicate to users:
- Credentials configured in the app
- More sign in methods they can configure
- Account management options in the app
General Availability - SLA Attainment Report at the Tenant Level
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
In addition to providing global SLA performance, Microsoft Entra ID reports tenant-level SLA performance for organizations with at least 5,000 monthly active users. This feature entered general availability in May 2024. The Service Level Agreement (SLA) sets a minimum bar of 99.99% for the availability of Microsoft Entra ID user authentication, reported on a monthly basis in the Microsoft Entra admin center. For more information, see: What is Microsoft Entra Health?
Preview – QR code sign-in, a new authentication method for Frontline Workers
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication
We're introducing a new simple way for Frontline Workers to authenticate in Microsoft Entra ID with a QR code and PIN. This capability eliminates the need for users to enter and reenter long UPNs and alphanumeric passwords.
Beginning in August 2024, all users in your tenant now see a new link Sign in with QR code when navigating to https://login.microsoftonline.com > Sign-in options > Sign in to an organization. This new link, Sign in with QR code, is visible only on mobile devices (Android/iOS/iPadOS). If you aren't participating in the preview, users from your tenant can't sign in through this method while we're still in review. They receive an error message if they try to sign-in.
The feature has a preview tag until it's generally available. Your organization needs to be enabled to test this feature. Broad testing is available in public preview, to be announced later.
While the feature is in preview, no technical support is provided. Learn more about support during previews here: Microsoft Entra ID preview program information.