Reading Time: 4 minutes
Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for September 2024:
What's Planned
Upcoming MFA Enforcement on Microsoft Entra admin center
Service category: MFA
Product capability: Identity Security & Protection
As part of Microsoft’s commitment to providing organizations with the highest level of security, Microsoft previously announced that Microsoft will require multi-factor authentication (MFA) for users signing into the Azure portal, the Entra admin center and Intune admin center.
This change will be rolled out in phases, allowing organizations time to plan their implementation. Starting October 15, 2024, MFA will be required to sign in, but won’t be required yet for the Azure Command Line Interface, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools.
Retirement of legacy user authentication methods management experience in Entra Portal
Service category: MFA
Product capability: User Authentication
Starting October 31 st , 2024 , Microsoft will retire the ability to manage user authentication methods in the Entra Portal via the legacy user interface (UI) . Instead, Microsoft will only surface the modern user interface which has full parity with the legacy experience in addition to the ability to manage modern methods ( e.g. Temporary Access Pass, Passkeys, QR+Pin , etc.) and settings.
Provisioning user experience modernization
Service category: Provisioning
Product capability: Identity Governance
Microsoft is modernizing the current application/HR provisioning and cross-tenant sync user experience. This includes a new overview page, user experience to configure connectivity to applications, scoping, and attribute mappings. The new experience includes all functionality available to organizations today, and no action is required. The new experience will start rolling out at the end of October 2024, but organizations can still use the existing experience through January 2025.
What's New
Security Service Edge Generally Available
Microsoft’s Security Service Edge (SSE) solution, Microsoft Entra Private Access and Microsoft Entra Internet Access are now generally available. These two products coupled with Microsoft's SaaS security-focused CASB—Microsoft Defender for Cloud apps—comprise Microsoft's Security Service Edge solution, a cloud-delivered, identity-centric networking model that transforms the way organizations secure access.
Cross-tenant manager synchronization Generally Available
Service category: Provisioning
Product capability: Identity Governance
Support for synchronizing the manager attribute using cross-tenant synchronization is now generally available.
Service category: Authentications (Logins)
Product capability: User Authentication
With certificate-based authentication, a Certification Authority (CA) can be configured without a Certificate Revocation List Distribution Point (CDP), and certificate-based authentication won't fail if the issuing CA doesn't have a CDP specified. To strengthen security and avoid misconfigurations, an Authentication Policy Administrator can require certificate-based authentication to fail if no CRL is configured for a CA that issues an end user certificate.
Custom Claims API for Claims Configuration of Enterprise Apps Public Preview
Service category: Enterprise Apps
Product capability: SSO
The Custom Claims API allows admins to manage and update additional claims for Enterprise Applications seamlessly through Microsoft Graph. The Custom Claims API offers a simplified and user friendly API experience for claims management for organizations. With the introduction of Custom Claims API, Microsoft achieved user experience (UX) and API interoperability. Admins can now use Microsoft Entra admin center and Microsoft Graph API interchangeably to manage claims configurations for Enterprise Applications.
Conditional Access Template Requiring Device Compliance Public Preview
Service category: Conditional Access
Product capability: Identity Security & Protection
A new Conditional Access template requiring device compliance is now available in Public Preview. This template restricts access to company resources exclusively to devices enrolled in mobile device management (MDM) and compliant with company policy. Requiring device compliance improves data security, reducing risk of data breaches, malware infections, and unauthorized access.
Request Access Package on behalf of Public Preview
Service category: Entitlement Management
Product capability: Entitlement Management
Entitlement Management enables admins to create access packages to manage their organization’s resources. Admins can either directly assign users to an access package, or configure an access package policy that allows people to request access. This option to create self-service processes is useful, especially as organizations scale and hire more people. However, new people joining an organization might not always know what they need access to, or how they can request access. In this case, a new person would likely rely on their manager to guide them through the access request process.
Instead of having new people navigate the request process, managers can request access packages for their people, making onboarding faster and more seamless. To enable this functionality for managers, admins can select an option when setting up an access package policy that allows managers to request access on behalf.
What's Changed
Microsoft Entra External ID extension for Visual Studio Code Generally Available
Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C
Microsoft Entra External ID Extension for VS Code provides a streamlined, guided experience to help admins and developers kickstart identity integration for customer-facing apps. With this extension, developers can create external tenants, set up a customized and branded sign-in experience for external users, and quickly bootstrap projects with pre-configured External ID samples—all within Visual Studio Code. Additionally, they can view and manage external tenants, applications, user flows, and branding settings directly from within the extension.
Login