What's New in Entra ID (Azure Active Directory) for October 2023

Reading Time: 5 minutes

Microsoft Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for September 2023:

 

What's Planned

Microsoft Security email update and Resources for Azure AD rename to Microsoft Entra ID General Availability

Service category: Other
Product capability: End User Experiences

Microsoft Entra ID is the new name for Azure Active Directory (Azure AD). The rename and new product icon are now being deployed across experiences from Microsoft. Most updates will be complete by mid-November 2023. As previously announced, this is just a new name, with no impact on deployments or daily work. There are no changes to capabilities, licensing, terms of service, or support.

From October 15 to November 15, 2023, Azure AD emails previously sent from azure-noreply@microsoft.com will start being sent from MSSecurity-noreply@microsoft.com. Admins may need to update your Outlook rules to match this.

Additionally, Microsoft will update email content to remove all references of Azure AD where relevant, and include an informational banner that announces this change.

 

Users can't modify GPS location when using location based access control General Availability

Service category: Conditional Access
Product capability: User Authentication

In an ever-evolving security landscape, the Microsoft Authenticator is updating its security baseline for Location Based Access Control (LBAC) conditional access policies to disallow authentications where the user may be using a different location than the actual GPS location of the mobile device. Today, it's possible for users to modify the location reported by the device on iOS and Android devices. The Authenticator app will start to deny LBAC authentications where Microsoft detects that the user isn't using the actual location of the mobile device where the Authenticator is installed.

In the November 2023 release of the Authenticator app, users who are modifying the location of their device will see a denial message in the app when doing an LBAC authentication. To ensure that users aren’t using older app versions to continue authenticating with a modified location, beginning January 2024, any users that are on Android Authenticator 6.2309.6329 version or prior and iOS Authenticator version 6.7.16 or prior will be blocked from using LBAC.

 

What's Deprecated

End users will no longer be able to add password SSO apps in My Apps General Availability

Service category: My Apps
Product capability: End User Experiences

Effective November 15, 2023, end users will no longer be able to add password SSO Apps to their gallery in My Apps. However, admins can still add password SSO apps. Password SSO apps previously added by end users remain available in My Apps.

 

What's New

Windows MAM General Availability

Service category: Conditional Access
Product capability: Access Control

Windows Mobile Application Management (MAM) is the first step toward Microsoft management capabilities for unmanaged Windows devices. This functionality comes at a critical time when admins need to ensure the Windows platform is on par with the simplicity and privacy promise Microsoft offers end users today on the mobile platforms. End users can access company resources without needing the whole device to be Mobile Device Management (MDM)-managed.

 

Microsoft Graph Activity Logs Public Preview

Service category: Microsoft Graph
Product capability: Monitoring & Reporting

The MicrosoftGraphActivityLogs provides admins full visibility into all HTTP requests accessing the Entra ID tenant’s resources through the Microsoft Graph API. These logs can be used to find activity from compromised accounts, identify anomalous behavior, or investigate application activity.

 

Microsoft Entra Verified ID quick setup Public Preview

Service category: Other
Product capability: Identity Governance

Quick Microsoft Entra Verified ID setup, available in preview, removes several configuration steps an admin needs to complete with a single click on a Get started button. The quick setup takes care of signing keys, registering your decentralized ID, and verifying the domain ownership. It also creates a Verified Workplace Credential.

 

Overview page in My Access portal Public Preview

Service category: Entitlement Management
Product capability: Identity Governance

Today, when users navigate to the My Access portal, they land on a list of available access packages in their organization. The new Overview page provides a more relevant place for users to land. The Overview page points them to the tasks they need to complete and helps familiarize users with how to complete tasks in My Access.

Admins can enable/disable the Overview page preview by signing into the Entra portal and navigating to Entitlement management > Settings > Opt-in Preview Features and locating My Access overview page in the table.

 

Managing and Changing Passwords in My Security Info Public Preview

Service category: My Profile/Account
Product capability: End User Experiences

The My Sign-Ins portal now supports end users managing and changing their passwords. Admins are able to use Conditional Access registration policies with authentication strengths targeting My Security Info to control the end user experience for changing passwords. Based on the Conditional Access policy, users are able to change their password by entering their existing password, or if they authenticate with MFA and satisfy the Conditional Access policy, can change the password without entering the existing password.

 

Govern AD on-premises applications (Kerberos based) using Microsoft Entra Governance Public Preview

Service category: Provisioning
Product capability: AAD Connect Cloud Sync

Security groups provisioning to Active Directory (also known as Group Writeback) is now publicly available through Microsoft Entra Cloud Sync. With this new capability, admins can easily govern Active Directory-based on-premises applications (Kerberos-based apps) using Microsoft Entra Governance.

 

New provisioning connectors in the Entra ID Application Gallery Public Preview

Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Entra ID Application Gallery with Provisioning support. admins can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

 

What's Changed

Enhanced Devices List Management Experience General Availability

Service category: Device Access Management
Product capability: End User Experiences

Several changes have been made to the All Devices list since announcing public preview, including:

  • Prioritized consistency and accessibility across the different components
  • Modernized the list and addressed top customer feedback
    • Added infinite scrolling, column reordering, and the ability to select all devices
    • Added filters for OS Version and Autopilot devices
  • Created more connections between Microsoft Entra and Intune
    • Added links to Intune in Compliant and MDM columns
    • Added Security Settings Management column

 

Restrict Microsoft Entra ID Tenant Creation To Only Paid Subscription General Availability

Service category: Managed identities for Azure resources
Product capability: End User Experiences

The ability to create new tenants from the Microsoft Entra admin center allows end users in your organization to create test and demo tenants from your Microsoft Entra ID tenant. When used incorrectly this feature can allow the creation of tenants that aren't managed or viewable by the organization. Microsoft recommends that admins restrict this capability so that only trusted admins can use this feature. Microsoft also recommends admins use the Microsoft Entra audit log to monitor for the Directory Management: Create Company event that signals a new tenant has been created by a user in the organization.

To further protect your organization, Microsoft is now limiting this functionality to only paid organizations. Organizations on trial subscriptions won't be able to create additional tenants from the Microsoft Entra admin center. Organizations in this situation who need a new trial tenant can sign up for a dree Azure Account.

 

Microsoft Entra Permissions Management: Permissions Analytics Report PDF for multiple authorization systems Public Preview

Service category: Other
Product capability: Permissions Management

The Permissions Analytics Report (PAR) lists findings relating to permissions risks across identities and resources in Permissions Management. The PAR is an integral part of the risk assessment process where organizations discover areas of highest risk in their cloud infrastructure. This report can be directly viewed in the Permissions Management UI, downloaded in Excel (.xlsx) format, and exported as a PDF. The report is available for all supported cloud environments: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

The PAR PDF has been redesigned to enhance usability, align with the product UX redesign effort, and address various customer feature requests.

 

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.