What's New in Entra ID (Azure Active Directory) for November 2023

Reading Time: 3 minutes

Microsoft Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for November 2023:


What's New

Microsoft-managed Conditional Access policies General Availability

Service category: Conditional Access
Product capability: Access Control

Starting November 2023, Microsoft begins automatically protecting organizations with Microsoft-managed Conditional Access policies. These are policies that Microsoft creates and enables in organization tenants. The following policies are rolled out to all eligible tenants, who will be notified prior to policy creation:

  1. Multi-factor Authentication for admin portals
    This policy covers privileged admin roles and requires multi-factor authentication when an admin signs into a Microsoft admin portal.
  2. Multi-factor Authentication for per-user multi-factor authentication users
    This policy covers users with per-user multi-factor authentication in the deprecated PhoneFactor portal and requires multi-factor authentication for all cloud apps.
  3. Multi-factor authentication for high-risk sign-ins
    This policy covers all users and requires multi-factor authentication and re-authentication for high-risk sign-ins.


Custom security attributes General Availability

Service category: Directory Management
Product capability: Directory

Custom security attributes in Microsoft Entra ID are business-specific attributes (key-value pairs) that admins can define and assign to Microsoft Entra objects. These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources. Custom security attributes can be used with Azure attribute-based access control (Azure ABAC).

Changes were made to custom security attribute audit logs for general availability that might impact daily operations. If admins have been using custom security attribute audit logs during the preview, there are actions they must take before February 2024 to ensure audit log operations aren't disrupted.


Entra Cloud Sync now supports ability to enable Exchange Hybrid configuration General Availability

Service category: Provisioning
Product capability: Entra Connect Cloud Sync

Exchange hybrid capability allows for the coexistence of Exchange mailboxes both on-premises and in Microsoft 365. Microsoft Entra Cloud Sync synchronizes a specific set of Exchange-related attributes from Microsoft Entra ID back into the on-premises directory and to any disconnected forests. With this capability, organizations who have this feature enabled in Microsoft Entra Connect Sync can now migrate, and apply, this feature with Microsoft Entra Cloud Sync.


Guest Governance: Inactive Guest Insights General Availability

Service category: Reporting
Product capability: Identity Governance

Admins can monitor guest accounts at scale with intelligent insights into inactive guest users in the organization. Admins can customize the inactivity threshold depending on the organization’s needs, narrow down the scope of guest users they want to monitor, and identify the guest users that might be inactive.


Microsoft Authenticator on Android is FIPS 140-3 compliant General Availability

Service category: Microsoft Authenticator App
Product capability: User Authentication

Beginning with version 6.2310.7174, Microsoft Authenticator for Android is compliant with Federal Information Processing Standard (FIPS ) 140-3 for all Entra authentications, including phishing-resistant device-bound passkeys, push multi-factor authentication (MFA), password-less phone sign-in (PSI) and time-based one-time passcodes (TOTP). For organizations using the Intune Company Portal, it is required to have minimum CP version 5.0.6043.0 in addition to Microsoft Authenticator version 6.2310.7174. Microsoft Authenticator on iOS is already FIPS 140 compliant, as announced last year.


Service category: Enterprise Apps
Product capability: 3rd Party Integration

In November 2023 Microsoft has added the following new applications in the Entra ID App Gallery with federation support:

  1. Citrix Cloud
  2. Freight Audit
  3. Movement by project44
  4. Alohi
  5. AMCS Fleet Maintenance
  6. Real Links Campaign App
  7. Propely
  8. Contentstack
  9. Jasper AI
  10. IANS Client Portal
  11. Avionic Interface Technologies LSMA
  12. CultureHQ
  13. Hone
  14. Collector Systems
  15. NetSfere
  16. Spendwise
  17. Stage and Screen


lastSuccessfulSignIn property in signInActivity API Public Preview

Service category: Microsoft Graph
Product capability: End User Experiences

An extra property has been added to the signInActivity API to display the last successful sign in time for a specific user, regardless if the sign in was interactive or non-interactive. The data won't be backfilled for this property, so admins should expect to be returned only successful signIn data starting on December 8th, 2023.


Service category: App Provisioning
Product capability: 3rd Party Integration

Microsoft has added the following new applications in the Entra ID Application Gallery with Provisioning support. admins can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.