What's New in Entra ID for April 2024

Reading Time: 5 minutes

Microsoft Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for April 2024:


What's Planned

Decommissioning of Group Writeback V2 in Entra Connect Sync

Service category: Provisioning
Product capability: Microsoft Entra Connect Sync

The public preview of Group Writeback V2 in Entra Connect Sync will no longer be available after June 30, 2024. After this date, Connect Sync will no longer support provisioning cloud security groups to Active Directory.


What's New

On-premises password reset remediates user risk Generally Available

Service category: Identity Protection
Product capability: Identity Security & Protection

Organizations who enabled password hash synchronization (PHS) can now allow password changes on-premises to remediate user risk. Organizations can also use this to save hybrid users time and maintain their productivity with automatic self-service remediation in risk-based Conditional Access policies.


Microsoft Graph activity logs Generally Available

Service category: Microsoft Graph
Product capability: Monitoring & Reporting

Microsoft Graph activity logs give admins visibility into HTTP requests made to the Microsoft Graph service. With rapidly growing security threats, and an increasing number of attacks, this log data source allows organizations to perform security analysis, threat hunting, and monitor application activity.


Security group provisioning to Active Directory using Cloud Sync Generally Available

Service category: Provisioning
Product capability: Entra Cloud Sync

Security groups provisioning to Active Directory (known as Group Writeback in Entra Connect Sync) is now generally available through Microsoft Entra Cloud Sync in Azure Global and Azure Government clouds. With this new capability, organizations can easily govern Active Directory based on-premises applications (Kerberos-based apps) using Microsoft Entra Governance.


Custom Claims Providers enable token claim augmentation from external data sources Generally Available

Service category: Authentications (Logins)
Product capability: Extensibility

Custom authentication extensions allow organizations to customize the Microsoft Entra authentication experience by integrating with external systems. A custom claims provider is a type of custom authentication extension that calls a REST API to fetch claims from external systems. A custom claims provider maps claims from external systems into tokens and can be assigned to one or many applications in the organization's directory.


Lifecycle Workflows: Export workflow history data to CSV files Generally Available

Service category: Lifecycle Workflows
Product capability: Identity Governance

In Lifecycle Workflows, admins can now export workflow history data across users, runs, and tasks to *.csv files for meeting their organization's reporting and auditing needs.


PIM approvals and activations on the Azure mobile app (iOS and Android) are available now Generally Available

Service category: Privileged Identity Management (PIM)
Product capability: Privileged Identity Management (PIM)

Privileged Identity Management (PIM) is now available on the Azure mobile app on both iOS and Android. Admins can now approve or deny incoming PIM activation requests, in addition to activating Microsoft Entra ID and Azure resource role assignments, directly from the app on their phone.


New provisioning connectors in the Microsoft Entra Application Gallery Generally Available

Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft added the following new applications in the Microsoft Entra Application Gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:


Quick Microsoft Entra Verified ID setup Generally Available

Service category: Verified ID
Product capability: Decentralized Identities

Quick Microsoft Entra Verified ID setup removes several configuration steps admins need to complete with a single click on the Get started button. The quick setup takes care of signing keys, registering your decentralized ID, and verifying your domain ownership. It also creates a Verified Workplace Credential.


Passkeys in Microsoft Authenticator Public Preview

Service category: Microsoft Authenticator App
Product capability: User Authentication

People in your organization can now create device-bound passkeys in the Microsoft Authenticator app to access Entra ID resources. Passkeys in the Authenticator app provide cost-effective, phishing-resistant and seamless authentications to users from their mobile devices.


Assign Microsoft Entra roles using Entitlement Management Public Preview

Service category: Entitlement Management
Product capability: Entitlement Management

By assigning Microsoft Entra roles to employees, and guests, using Entitlement Management, admins can look at a user's entitlements to quickly determine which roles are assigned to that user. When you include a Microsoft Entra role as a resource in an access package, admins can also specify whether that role assignment is eligible or active.

Assigning Microsoft Entra roles through access packages helps to efficiently manage role assignments at scale and improves the role.


Configure custom workflows to run mover tasks when a user's job profile changes  Public Preview

Service category: Lifecycle Workflows
Product capability: Identity Governance

Lifecycle Workflows now supports the ability to trigger workflows based on job change events like changes to an employee's department, job role, or location and see them executed on the workflow schedule. With this feature, organizations can leverage new workflow triggers to create custom workflows for executing tasks associated with people moving within the organization including:

  • Trigger workflows when a specified attribute changes
  • Triggering workflows when a user is added or removed from a group's membership
  • Tasks to notify a user's manager about a move
  • Task to assign licenses or remove selected licenses from a user


Native Authentication for Microsoft Entra External ID Public Preview

Service category: Authentications (Logins)
Product capability: User Authentication

Native authentication empowers developers to take complete control over the design of the sign-in experience of their mobile applications. It allows them to craft stunning, pixel-perfect authentication screens that are seamlessly integrated into their apps, rather than relying on browser-based solutions.


FIDO2 authentication in Android web browsers Public Preview

Service category: Authentications (Logins)
Product capability: User Authentication

People in your organization can now sign in with a FIDO2 security key in both Google Chrome, and Microsoft Edge, on Android. This change is applicable to all users who are in scope for the FIDO2 authentication method.

FIDO2 registration in Android web browsers isn't available yet.


What's Changed

Self-service password reset Admin policy expansion to include additional roles Generally Available

Service category: Self Service Password Reset
Product capability: Identity Security & Protection

The Self-service Password Reset (SSPR) policy for Admins has expanded to include 3 additional built-in admin roles:

  • Teams Administrator
  • Teams Communications Administrator
  • Teams Devices Administrator


Dynamic Groups quota increased to 15,000 Generally Available

Service category: Group Management
Product capability: Directory

Microsoft Entra organizations could previously have a maximum of 5,000 dynamic groups and dynamic administrative units combined.

We have increased this quota to 15000. For example, you can now have 5,000 dynamic groups and 10,000 dynamic AUs (or any other combination that adds up to 15k). You don't need to do anything to take advantage of this change – it's available right now.


Maximum workflows limit in Lifecycle workflows is now 100 Generally Available

Service category: Lifecycle Workflows
Product capability: Identity Governance

The maximum number of workflows that can be configured in Lifecycle workflows has increased. Now admins can create up to 100 workflows in Lifecycle workflows.

Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at DirTeam.com and ServerCore.net. He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.