What's New in Entra ID for May 2024

Reading Time: 4 minutes

Microsoft Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID, through the Microsoft 365 Message Center, The What's New hub in the Entra Portal and Build's Book of News, Microsoft communicated the following planned, new and changed functionality for Entra ID for May 2024:

 

What's Planned

Changing default accepted token version for new applications Generally Available

Service category: Other
Product capability: Developer Experience

Starting August 2024, new Microsoft Entra applications created using any interface (including the Microsoft Entra admin center, Azure portal, Powershell/CLI, and the Microsoft Graph application API) will have the default value of the requestedAccessTokenVersion property in the app registration set to 2. This is a change from the previous default of null (meaning 1). This means that new resource applications receive v2 access tokens instead of v1 access tokens, by default. This improves the security of apps.

 

What's New

$select in signIn API Generally Available

Service category: Microsoft Graph
Product capability: Monitoring & Reporting

The long-awaited $select has been implemented into the signIn API. Utilize the $select to reduce the number of attributes that are returned for each log. This should greatly help organizations who deal with throttling issues, and allow every organization to run faster, more efficient queries.

 

Multiple Passwordless Phone Sign-in for Android Devices Generally Available

Service category: Authentications (Logins)
Product capability: User Authentication

People can now enable passwordless phone sign-in for multiple accounts in the Authenticator App on any supported Android device. Consultants, students, and others with multiple accounts in Microsoft Entra can add each account to Microsoft Authenticator and use passwordless phone sign-in for all of them from the same Android device. The Microsoft Entra accounts can be in the same tenant or in different tenants. Guest accounts aren't supported for multiple account sign-ins from one device.

 

Platform Single Sign-on for macOS with Microsoft Entra ID Public Preview

Service category: Authentications (Logins)
Product capability: User Authentication

Platform Single Sign-on (Platform SSO) is an enhancement to the Microsoft Enterprise SSO plug-in for Apple devices that makes usage and management of Mac devices more seamless and secure than ever. At the start of public preview, Platform SSO works with Microsoft Intune. Other Mobile Device Management (MDM) providers are coming soon.

 

External authentication methods for multifactor authentication Public Preview

Service category: Multi-factor authentication (MFA)
Product capability: User Authentication

External authentication methods enable organizations to use their preferred multi-factor authentication (MFA) solution with Microsoft Entra ID.

 

Bicep templates support for Microsoft Graph Public Preview

Service category: Microsoft Graph
Product capability: Developer Experience

The Microsoft Graph Bicep extension brings declarative infrastructure-as-code (IaC) capabilities to Microsoft Graph resources. It allows developers and IT professionals to author, deploy, and manage core Microsoft Entra ID resources using Bicep template files, alongside Azure resources. Organizations can now use familiar tools to deploy Azure resources and the Microsoft Entra resources they depend on, such as applications and service principals, IaC and DevOps practices. It also opens the door for organizations to use Bicep templates and IaC practices to deploy and manage their tenant's Entra resources.

 

Workflow History Insights in Lifecycle Workflows Public Preview

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

Organizations can now monitor workflow health, and get insights throughout all their workflows in Lifecycle Workflows including viewing workflow processing data across workflows, tasks, and workflow categories.

 

Configure Lifecycle Workflow Scope Using Custom Security Attributes Public Preview

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

Organizations can now leverage their confidential HR data stored in custom security attributes in addition to other attributes to define the scope of their workflows in Lifecycle Workflows for automating joiner, mover, and leaver (JML) scenarios.

 

Enable, Disable and Delete synchronized users accounts with Lifecycle Workflows Public Preview

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

Lifecycle Workflows can now enable, disable, and delete user accounts that are synchronized from Active Directory Domain Services (AD DS) to Microsoft Entra. This allows organizations to ensure that the offboarding processes of employees are completed by deleting the user account after a retention period.

 

Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added ClearView Trade in the Entra Application Gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for this newly integrated app.

 

What's Changed

LastSuccessfulSignIn Generally Available

Service category: Microsoft Graph
Product capability: Monitoring & Reporting

Due to popular demand and increased confidence in the stability of the properties, Microsoft has now brought the LastSuccessfulSignIn and LastSuccessfulSigninDateTime properties into Microsoft Graph v1.0.

 

Windows Account extension renamed to Microsoft Single Sign On Generally Available

Service category: Authentications
Product capability: Single Sign-on (SSO)

The Windows Account extension is now the Microsoft Single Sign On extension in docs and Chrome store. The Windows Account extension has been updated to represent the new macOS compatibility. It's now known as the Microsoft Single Sign On extension for Chrome, offering single sign-on and device identity features with the Enterprise SSO plug-in for Apple devices. This is just a name change for the extension, there are no software changes to the extension itself.

Author: Sander Berkouwer

Sander Berkouwer is the author of the Active Directory Administration Cookbook, speaker and blogger at DirTeam.com and ServerCore.net. He is awarded Microsoft MVP, Veeam Vanguard and VMware vExpert. Since 2009, Microsoft has awarded Sander with the Most Valuable Professional (MVP) award. Since 2016, Veeam has awarded Sander with the Veeam Vanguard award.