Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for September 2023:
What's New
Recovery of deleted application and service principals General Availability
Service category: Enterprise Apps
Product capability: Identity Lifecycle Management
With this release, admins can now recover applications along with their original service principals, eliminating the need for extensive reconfiguration and code changes. It significantly improves the application recovery story and addresses a long-standing customer need. This change is beneficial in the following ways:
- Faster Recovery: Admins can now recover their systems in a fraction of the time it used to take, reducing downtime and minimizing disruptions.
- Cost Savings: With quicker recovery, admins can save on operational costs associated with extended outages and labor-intensive recovery efforts.
- Preserved Data: Previously lost data, such as SMAL configurations, is now retained, ensuring a smoother transition back to normal operations.
- Improved User Experience: Faster recovery times translate to improved user experience and customer satisfaction, as applications are back up and running swiftly.
Support for Microsoft admin portals in Conditional Access General Availability
Service category: Conditional Access
Product capability: Identity Security & Protection
When a Conditional Access policy targets the Microsoft Admin Portals cloud app, the policy is enforced for tokens issued to application IDs of the following Microsoft administrative portals:
- Azure portal
- Exchange admin center
- Microsoft 365 admin center
- Microsoft 365 Defender portal
- Microsoft Entra admin center
- Microsoft Intune admin center
- Microsoft Purview compliance portal
New provisioning connectors in the Azure AD Application Gallery Public Preview
Service category: App Provisioning
Product capability: 3rd Party Integration
Microsoft has added the following new applications in the Azure AD App gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
What's Changed
Web Sign-In for Windows General Availability
Service category: Authentications (Logins)
Product capability: User Authentication
Microsoft is thrilled to announce that as part of the Windows 11 moment 4 update (KB5030310), a new Web Sign-In experience is released that expands the number of supported scenarios and greatly improve security, reliability, performance, and overall end-to-end experience for users.
Web Sign-In (WSI) is a credential provider on the Windows lock/sign-in screen for Entra-joined devices that provide a web experience used for authentication and returns an authentication token back to the operating system to allow the user to unlock/sign-in to the device.
Web Sign-In was initially intended to be used for a wide range of authentication credential scenarios; however, it was only previously released for limited scenarios such as: Simplified EDU Web Sign-In and recovery flows via Temporary Access Password (TAP).
The underlying provider for Web Sign-In has been re-written from the ground up with security and improved performance in mind. This release moves the Web Sign-in infrastructure from the Cloud Host Experience (CHX) WebApp to a newly written Login Web Host (LWH) for the moment 4 update (KB5030310). This release provides better security and reliability to support previous EDU and TAP experiences and new workflows enabling using various authentication methods to unlock/login to the device.
Device-bound passkeys as an authentication method Public Preview
Service category: Authentications (sign-ins)
Product capability: User Authentication
Beginning January 2024, Microsoft Entra ID will support device-bound passkeys stored on computers and mobile devices as an authentication method in preview, in addition to the existing support for FIDO2 security keys. This enables people in the organization to perform phishing-resistant authentication using the devices that they already have.
Microsoft will expand the existing FIDO2 authentication methods policy and end user registration experience to support this preview release. If your organization requires or prefers FIDO2 authentication using physical security keys only, then please enforce key restrictions to only allow security key models that admins accept in their FIDO2 policy. Otherwise, the new preview capabilities enable users to register for device-bound passkeys stored on Windows, macOS, iOS, and Android.
Login