Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for July 2023:
What's Planned
Conditional Access templates General Availability
Service category: Conditional Access
Product capability: Identity Security & Protection
Conditional Access templates are predefined set of conditions and controls that provide a convenient method to deploy new policies aligned with Microsoft recommendations. Organizations are assured that their policies reflect modern best practices for securing corporate assets, promoting secure, optimal access for their hybrid workforce.
What's New
Azure Active Directory (Azure AD) is being renamed General Availability
Service category: N/A
Product capability: End User Experiences
No action is required from you, but you may need to update some of your own documentation.
Azure AD is being renamed to Microsoft Entra ID. The name change rolls out across all Microsoft products and experiences throughout the second half of 2023.
Capabilities, licensing, and usage of the product isn't changing. To make the transition seamless for organizations, the pricing, terms, service level agreements, URLs, APIs, PowerShell cmdlets, Microsoft Authentication Library (MSAL) and developer tooling remain the same.
Conditional Access for Protected Actions General Availability
Service category: Conditional Access
Product capability: Identity Security & Protection
Protected actions are high-risk operations, such as altering access policies or changing trust settings, that can significantly impact an organization's security. To add an extra layer of protection, Conditional Access for Protected Actions lets organizations define specific conditions for users to perform these sensitive tasks.
Lifecycle Workflows General Availability
Service category: Lifecycle Workflows
Product capability: Identity Governance
User identity lifecycle is a critical part of an organization’s security posture, and when managed correctly, can have a positive impact on their users’ productivity for Joiners, Movers, and Leavers. The ongoing digital transformation is accelerating the need for good identity lifecycle management.
However, IT and security teams face enormous challenges managing the complex, time-consuming, and error-prone manual processes necessary to execute the required onboarding and offboarding tasks for hundreds of employees at once. This is an ever present and complex issue IT admins continue to face with digital transformation across security, governance, and compliance.
Lifecycle Workflows, part of Entra ID Governance, helps organizations further optimize their user identity lifecycle.
Enabling extended customization capabilities for sign-in and sign-up pages in Company Branding capabilities General Availability
Service category: User Experience and Management
Product capability: User Authentication
Update the Microsoft Entra ID and Microsoft 365 sign in experience with new Company Branding capabilities. You can apply your company’s brand guidance to authentication experiences with predefined templates.
Access Reviews for Inactive Users General Availability
Service category: Access Reviews
Product capability: Identity Governance
Access Reviews for Inactive Users, part of Entra ID Governance, allows admins to review and address stale accounts that haven’t been active for a specified period. Admins can set a specific duration to determine inactive accounts that weren't used for either interactive or non-interactive sign-in activities. As part of the review process, stale accounts can automatically be removed.
User-to-Group Affiliation recommendation for group Access Reviews General Availability
Service category: Access Reviews
Product capability: Identity Governance
This feature provides Machine Learning based recommendations to the reviewers of Access Reviews to make the review experience easier and more accurate. The recommendation leverages machine learning based scoring mechanism and compares users’ relative affiliation with other users in the group, based on the organization’s reporting structure.
Custom Extensions in Entitlement Management General Availability
Service category: Entitlement Management
Product capability: Entitlement Management
Custom extensions in Entitlement Management are now generally available, and allow admins to extend the access lifecycle with organization-specific processes and business logic when access is requested or about to expire. With custom extensions admins can create tickets for manual access provisioning in disconnected systems, send custom notifications to additional stakeholders, or automate additional access-related configuration in business applications such as assigning the correct sales region in Salesforce. Admins can also leverage custom extensions to embed external governance, risk, and compliance (GRC) checks in the access request.
Microsoft Authentication Library for .NET 4.55.0 General Availability
Service category: Other
Product capability: User Authentication
Earlier this month, the Microsoft Authentication Library team announced the release of MSAL.NET 4.55.0, the latest version of the Microsoft Authentication Library for the .NET platform. The new version introduces support for:
- User-assigned managed identity being specified through object IDs,
- CIAM authorities in the WithTenantID API,
- Better error messages when dealing with cache serialization, and;
- Improved logging when using the Windows authentication broker.
Microsoft Authentication Library for Python 1.23.0 General Availability
Service category: Other
Product capability: User Authentication
Earlier this month, the Microsoft Authentication Library team announced the release of MSAL for Python version 1.23.0. The new version of the library adds support for better caching when using client credentials, eliminating the need to request new tokens repeatedly when cached tokens exist.
Reset Password on Azure Mobile App General Availability
Service category: Other
Product capability: End User Experiences
The Azure mobile app has been enhanced to empower admins with specific permissions to conveniently reset their users' passwords. Self Service Password Reset will not be supported at this time. However, users can still more efficiently control and streamline their own sign-in and auth methods. The mobile app can be downloaded for each platform here:
New Federated Apps available in Entra ID Application gallery General Availability
Service category: Enterprise Apps
Product capability: 3rd Party Integration
In July 2023, Microsoft added the following new applications in the Entra ID Application gallery with Federation support:
- Gainsight SAML
- Dataddo
- Puzzel
- Worthix App
- iOps360 IdConnect
- Airbase
- Couchbase Capella – SSO
- SSO for Jama Connect®
- mediment (メディメント)
- Netskope Cloud Exchange Administration Console
- Uber
- Plenda
- Deem Mobile
- 40SEAS
- Vivantio
- AppTweak
- ioTORQ EMIS
- Vbrick Rev Cloud
- OptiTurn
- Application Experience with Mist
- クラウド勤怠管理システムKING OF TIME
- Connect1
- DB Education Portal for Schools
- SURFconext
- Chengliye Smart SMS Platform
- CivicEye SSO
- Colloquial
- BigPanda
- Foreman
New provisioning connectors in the Entra ID Application Gallery Public Preview
ervice category: App Provisioning
Product capability: 3rd Party Integration
Microsoft has added the following new applications in the Entra ID Application gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
Windows MAM Public Preview
Service category: Conditional Access
Product capability: Identity Security & Protection
Microsoft is excited to offer MAM Conditional Access capability in Public Preview for Microsoft Edge for Business on Windows.
Using MAM Conditional Access, Microsoft Edge for Business provides users with secure access to organizational data on personal Windows devices with a customizable user experience. Microsoft has combined the familiar security features of app protection policies (APP), Windows Defender client threat defense, and Conditional Access, all anchored to the Entra ID identity to ensure unmanaged devices are healthy and protected before granting data access. This can help organizations to improve their security posture and protect sensitive data from unauthorized access, without requiring full mobile device enrollment.
The new capability extends the benefits of app layer management to the Windows platform via Microsoft Edge for Business. Admins are empowered to configure the user experience and protect organizational data within Microsoft Edge for Business on unmanaged Windows devices.
Dynamic Groups based on EmployeeHireDate User attribute Public Preview
Service category: Group Management
Product capability: Directory
This feature enables admins to create dynamic group rules based on the user objects' employeeHireDate attribute.
Inactive guest insights Public Preview
Service category: Reporting
Product capability: Identity Governance
With Inactive guest insights, admins can monitor guest accounts at scale with intelligent insights into inactive guest users in the organization. Admins can customize the inactivity threshold depending on the organization’s needs, narrow down the scope of guest users they want to monitor and identify the guest users that may be inactive.
Just-in-time application access with PIM for Groups Public Preview
Service category: Privileged Identity Management
Product capability: Privileged Identity Management
Organizations can minimize the number of persistent administrators in applications such as AWS and GCP and get just-in-time access to groups in AWS and GCP. While PIM for Groups is publicly available, Microsoft has released a public preview that integrates PIM with provisioning and reduces the activation delay from 40+ minutes to 1 – 2 minutes.
Graph beta API for PIM security alerts on Azure AD roles Public Preview
Service category: Privileged Identity Management
Product capability: Privileged Identity Management
Microsoft announces API support (beta) for managing Privileged Identity Management (PIM) security alerts for Entra ID roles. PIM generates alerts when there's suspicious or unsafe activity in the organization in Entra ID (Azure AD). Admins can now manage these alerts using REST APIs.
API-driven inbound user provisioning Public Preview
Service category: Provisioning
Product capability: Inbound to Azure AD
With API-driven inbound provisioning, the Entra ID provisioning service now supports integration with any system of record. Organizations and partners can use any automation tool of their choice to retrieve workforce data from any system of record for provisioning into Entra ID and connected on-premises Active Directory domains. Admins have full control on how data is processed and transformed with attribute mappings. Once the workforce data is available in Entra ID, admins can configure appropriate joiner-mover-leaver business processes using Entra ID Governance Lifecycle Workflows.
What's Changed
All Users and User Profile General Availability
Service category: User Management
Product capability: User Management
The All Users list now features an infinite scroll, and admins can now modify more properties on the User Profile blade.
Enhanced Create User and Invite User Experiences General Availability
Service category: User Management
Product capability: User Management
Microsoft has increased the number of properties admins are able to define when creating and inviting a user in the Entra admin portal, bringing the UX to parity with the Create User APIs. Additionally, admins can now add users to a group or Administrative Unit (AU), and assign roles.
Enabling customization capabilities for the Self-Service Password Reset (SSPR) hyperlinks, footer hyperlinks and browser icons in Company Branding General Availability
Service category: User Experience and Management
Product capability: End User Experiences
Update the Company Branding functionality on the Microsoft Entra ID/Microsoft 365 sign in experience to allow customizing Self Service Password Reset (SSPR) hyperlinks, footer hyperlinks, and a browser icon.
Automatic assignments to access packages in Entra ID Governance General Availability
Service category: Entitlement Management
Product capability: Entitlement Management
Entra ID Governance includes the ability for an organization to configure an assignment policy in an entitlement management access package that includes an attribute-based rule, similar to dynamic groups, of the users who should be assigned access.
What's Fixed
Include/exclude My Apps in Conditional Access policies General Availability
Service category: Conditional Access
Product capability: End User Experiences
My Apps can now be targeted in Conditional Access policies. This solves a top blocker. The functionality is available in all clouds. General Availability also brings a new app launcher, that improves app launch performance for both SAML and other app types.
Login