What's New in Entra ID (Azure Active Directory) for July 2023

Reading Time: 7 minutes

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for July 2023:


What's Planned

Conditional Access templates General Availability

Service category: Conditional Access
Product capability: Identity Security & Protection

Conditional Access templates are predefined set of conditions and controls that provide a convenient method to deploy new policies aligned with Microsoft recommendations. Organizations are assured that their policies reflect modern best practices for securing corporate assets, promoting secure, optimal access for their hybrid workforce.


What's New

Azure Active Directory (Azure AD) is being renamed General Availability

Service category: N/A
Product capability: End User Experiences

No action is required from you, but you may need to update some of your own documentation.

Azure AD is being renamed to Microsoft Entra ID. The name change rolls out across all Microsoft products and experiences throughout the second half of 2023.

Capabilities, licensing, and usage of the product isn't changing. To make the transition seamless for organizations, the pricing, terms, service level agreements, URLs, APIs, PowerShell cmdlets, Microsoft Authentication Library (MSAL) and developer tooling remain the same.


Conditional Access for Protected Actions General Availability

Service category: Conditional Access
Product capability: Identity Security & Protection

Protected actions are high-risk operations, such as altering access policies or changing trust settings, that can significantly impact an organization's security. To add an extra layer of protection, Conditional Access for Protected Actions lets organizations define specific conditions for users to perform these sensitive tasks.


Lifecycle Workflows General Availability

Service category: Lifecycle Workflows
Product capability: Identity Governance

User identity lifecycle is a critical part of an organization’s security posture, and when managed correctly, can have a positive impact on their users’ productivity for Joiners, Movers, and Leavers. The ongoing digital transformation is accelerating the need for good identity lifecycle management.

However, IT and security teams face enormous challenges managing the complex, time-consuming, and error-prone manual processes necessary to execute the required onboarding and offboarding tasks for hundreds of employees at once. This is an ever present and complex issue IT admins continue to face with digital transformation across security, governance, and compliance.

Lifecycle Workflows, part of Entra ID Governance, helps organizations further optimize their user identity lifecycle.


Enabling extended customization capabilities for sign-in and sign-up pages in Company Branding capabilities General Availability

Service category: User Experience and Management
Product capability: User Authentication

Update the Microsoft Entra ID and Microsoft 365 sign in experience with new Company Branding capabilities. You can apply your company’s brand guidance to authentication experiences with predefined templates.


Access Reviews for Inactive Users General Availability

Service category: Access Reviews
Product capability: Identity Governance

Access Reviews for Inactive Users, part of Entra ID Governance, allows admins to review and address stale accounts that haven’t been active for a specified period. Admins can set a specific duration to determine inactive accounts that weren't used for either interactive or non-interactive sign-in activities. As part of the review process, stale accounts can automatically be removed.


User-to-Group Affiliation recommendation for group Access Reviews  General Availability

Service category: Access Reviews
Product capability: Identity Governance

This feature provides Machine Learning based recommendations to the reviewers of Access Reviews to make the review experience easier and more accurate. The recommendation leverages machine learning based scoring mechanism and compares users’ relative affiliation with other users in the group, based on the organization’s reporting structure.


Custom Extensions in Entitlement Management General Availability

Service category: Entitlement Management
Product capability: Entitlement Management

Custom extensions in Entitlement Management are now generally available, and allow admins to extend the access lifecycle with organization-specific processes and business logic when access is requested or about to expire. With custom extensions admins can create tickets for manual access provisioning in disconnected systems, send custom notifications to additional stakeholders, or automate additional access-related configuration in business applications such as assigning the correct sales region in Salesforce. Admins can also leverage custom extensions to embed external governance, risk, and compliance (GRC) checks in the access request.


Microsoft Authentication Library for .NET 4.55.0 General Availability

Service category: Other
Product capability: User Authentication

Earlier this month, the Microsoft Authentication Library team announced the release of MSAL.NET 4.55.0, the latest version of the Microsoft Authentication Library for the .NET platform. The new version introduces support for:

  • User-assigned managed identity being specified through object IDs,
  • CIAM authorities in the WithTenantID API,
  • Better error messages when dealing with cache serialization, and;
  • Improved logging when using the Windows authentication broker.


Microsoft Authentication Library for Python 1.23.0 General Availability

Service category: Other
Product capability: User Authentication

Earlier this month, the Microsoft Authentication Library team announced the release of MSAL for Python version 1.23.0. The new version of the library adds support for better caching when using client credentials, eliminating the need to request new tokens repeatedly when cached tokens exist.


Reset Password on Azure Mobile App General Availability

Service category: Other
Product capability: End User Experiences

The Azure mobile app has been enhanced to empower admins with specific permissions to conveniently reset their users' passwords. Self Service Password Reset will not be supported at this time. However, users can still more efficiently control and streamline their own sign-in and auth methods. The mobile app can be downloaded for each platform here:


New Federated Apps available in Entra ID Application gallery General Availability

Service category: Enterprise Apps
Product capability: 3rd Party Integration

In July 2023, Microsoft added the following new applications in the Entra ID Application gallery with Federation support:

  1. Gainsight SAML
  2. Dataddo
  3. Puzzel
  4. Worthix App
  5. iOps360 IdConnect
  6. Airbase
  7. Couchbase Capella – SSO
  8. SSO for Jama Connect®
  9. mediment (メディメント)
  10. Netskope Cloud Exchange Administration Console
  11. Uber
  12. Plenda
  13. Deem Mobile
  14. 40SEAS
  15. Vivantio
  16. AppTweak
  17. ioTORQ EMIS
  18. Vbrick Rev Cloud
  19. OptiTurn
  20. Application Experience with Mist
  21. クラウド勤怠管理システムKING OF TIME
  22. Connect1
  23. DB Education Portal for Schools
  24. SURFconext
  25. Chengliye Smart SMS Platform
  26. CivicEye SSO
  27. Colloquial
  28. BigPanda
  29. Foreman


New provisioning connectors in the Entra ID Application Gallery Public Preview

ervice category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Entra ID Application gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

  1. Albert
  2. Rhombus Systems
  3. Axiad Cloud
  4. Dagster Cloud
  5. WATS
  6. Funnel Leasing


Windows MAM Public Preview

Service category: Conditional Access
Product capability: Identity Security & Protection

Microsoft is excited to offer MAM Conditional Access capability in Public Preview for Microsoft Edge for Business on Windows.

Using MAM Conditional Access, Microsoft Edge for Business provides users with secure access to organizational data on personal Windows devices with a customizable user experience. Microsoft has combined the familiar security features of app protection policies (APP), Windows Defender client threat defense, and Conditional Access, all anchored to the Entra ID identity to ensure unmanaged devices are healthy and protected before granting data access. This can help organizations to improve their security posture and protect sensitive data from unauthorized access, without requiring full mobile device enrollment.

The new capability extends the benefits of app layer management to the Windows platform via Microsoft Edge for Business. Admins are empowered to configure the user experience and protect organizational data within Microsoft Edge for Business on unmanaged Windows devices.


Dynamic Groups based on EmployeeHireDate User attribute Public Preview

Service category: Group Management
Product capability: Directory

This feature enables admins to create dynamic group rules based on the user objects' employeeHireDate attribute.


Inactive guest insights Public Preview

Service category: Reporting
Product capability: Identity Governance

With Inactive guest insights, admins can monitor guest accounts at scale with intelligent insights into inactive guest users in the organization. Admins can customize the inactivity threshold depending on the organization’s needs, narrow down the scope of guest users they want to monitor and identify the guest users that may be inactive.


Just-in-time application access with PIM for Groups Public Preview

Service category: Privileged Identity Management
Product capability: Privileged Identity Management

Organizations can minimize the number of persistent administrators in applications such as AWS and GCP and get just-in-time access to groups in AWS and GCP. While PIM for Groups is publicly available, Microsoft has released a public preview that integrates PIM with provisioning and reduces the activation delay from 40+ minutes to 1 – 2 minutes.


Graph beta API for PIM security alerts on Azure AD roles Public Preview

Service category: Privileged Identity Management
Product capability: Privileged Identity Management

Microsoft announces API support (beta) for managing Privileged Identity Management (PIM) security alerts for Entra ID roles. PIM generates alerts when there's suspicious or unsafe activity in the organization in Entra ID (Azure AD). Admins can now manage these alerts using REST APIs.


API-driven inbound user provisioning Public Preview

Service category: Provisioning
Product capability: Inbound to Azure AD

With API-driven inbound provisioning,  the Entra ID provisioning service now supports integration with any system of record. Organizations and partners can use any automation tool of their choice to retrieve workforce data from any system of record for provisioning into Entra ID and connected on-premises Active Directory domains. Admins have full control on how data is processed and transformed with attribute mappings. Once the workforce data is available in Entra ID, admins can configure appropriate joiner-mover-leaver business processes using Entra ID Governance Lifecycle Workflows.


What's Changed

All Users and User Profile General Availability

Service category: User Management
Product capability: User Management

The All Users list now features an infinite scroll, and admins can now modify more properties on the User Profile blade.


Enhanced Create User and Invite User Experiences General Availability

Service category: User Management
Product capability: User Management

Microsoft has increased the number of properties admins are able to define when creating and inviting a user in the Entra admin portal, bringing the UX to parity with the Create User APIs. Additionally, admins can now add users to a group or Administrative Unit (AU), and assign roles.


Enabling customization capabilities for the Self-Service Password Reset (SSPR) hyperlinks, footer hyperlinks and browser icons in Company Branding General Availability

Service category: User Experience and Management
Product capability: End User Experiences

Update the Company Branding functionality on the Microsoft Entra ID/Microsoft 365 sign in experience to allow customizing Self Service Password Reset (SSPR) hyperlinks, footer hyperlinks, and a browser icon.


Automatic assignments to access packages in Entra ID Governance General Availability

Service category: Entitlement Management
Product capability: Entitlement Management

Entra ID Governance includes the ability for an organization to configure an assignment policy in an entitlement management access package that includes an attribute-based rule, similar to dynamic groups, of the users who should be assigned access.


What's Fixed

Include/exclude My Apps in Conditional Access policies General Availability

Service category: Conditional Access
Product capability: End User Experiences

My Apps can now be targeted in Conditional Access policies. This solves a top blocker. The functionality is available in all clouds. General Availability also brings a new app launcher, that improves app launch performance for both SAML and other app types.


leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.