Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and through the Microsoft 365 Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for April 2024:
What's Planned
Decommissioning of Group Writeback V2 in Entra Connect Sync
Service category: Provisioning
Product capability: Microsoft Entra Connect Sync
The public preview of Group Writeback V2 in Entra Connect Sync will no longer be available after June 30, 2024. After this date, Connect Sync will no longer support provisioning cloud security groups to Active Directory.
What's New
On-premises password reset remediates user risk Generally Available
Service category: Identity Protection
Product capability: Identity Security & Protection
Organizations who enabled password hash synchronization (PHS) can now allow password changes on-premises to remediate user risk. Organizations can also use this to save hybrid users time and maintain their productivity with automatic self-service remediation in risk-based Conditional Access policies.
Microsoft Graph activity logs Generally Available
Service category: Microsoft Graph
Product capability: Monitoring & Reporting
Microsoft Graph activity logs give admins visibility into HTTP requests made to the Microsoft Graph service. With rapidly growing security threats, and an increasing number of attacks, this log data source allows organizations to perform security analysis, threat hunting, and monitor application activity.
Security group provisioning to Active Directory using Cloud Sync Generally Available
Service category: Provisioning
Product capability: Entra Cloud Sync
Security groups provisioning to Active Directory (known as Group Writeback in Entra Connect Sync) is now generally available through Microsoft Entra Cloud Sync in Azure Global and Azure Government clouds. With this new capability, organizations can easily govern Active Directory based on-premises applications (Kerberos-based apps) using Microsoft Entra Governance.
Custom Claims Providers enable token claim augmentation from external data sources Generally Available
Service category: Authentications (Logins)
Product capability: Extensibility
Custom authentication extensions allow organizations to customize the Microsoft Entra authentication experience by integrating with external systems. A custom claims provider is a type of custom authentication extension that calls a REST API to fetch claims from external systems. A custom claims provider maps claims from external systems into tokens and can be assigned to one or many applications in the organization's directory.
Lifecycle Workflows: Export workflow history data to CSV files Generally Available
Service category: Lifecycle Workflows
Product capability: Identity Governance
In Lifecycle Workflows, admins can now export workflow history data across users, runs, and tasks to *.csv files for meeting their organization's reporting and auditing needs.
PIM approvals and activations on the Azure mobile app (iOS and Android) are available now Generally Available
Service category: Privileged Identity Management (PIM)
Product capability: Privileged Identity Management (PIM)
Privileged Identity Management (PIM) is now available on the Azure mobile app on both iOS and Android. Admins can now approve or deny incoming PIM activation requests, in addition to activating Microsoft Entra ID and Azure resource role assignments, directly from the app on their phone.
New provisioning connectors in the Microsoft Entra Application Gallery Generally Available
Service category: App Provisioning
Product capability: 3rd Party Integration
Microsoft added the following new applications in the Microsoft Entra Application Gallery with Provisioning support. Organizations can now automate creating, updating, and deleting of user accounts for these newly integrated apps:
Quick Microsoft Entra Verified ID setup Generally Available
Service category: Verified ID
Product capability: Decentralized Identities
Quick Microsoft Entra Verified ID setup removes several configuration steps admins need to complete with a single click on the Get started button. The quick setup takes care of signing keys, registering your decentralized ID, and verifying your domain ownership. It also creates a Verified Workplace Credential.
Passkeys in Microsoft Authenticator Public Preview
Service category: Microsoft Authenticator App
Product capability: User Authentication
People in your organization can now create device-bound passkeys in the Microsoft Authenticator app to access Entra ID resources. Passkeys in the Authenticator app provide cost-effective, phishing-resistant and seamless authentications to users from their mobile devices.
Assign Microsoft Entra roles using Entitlement Management Public Preview
Service category: Entitlement Management
Product capability: Entitlement Management
By assigning Microsoft Entra roles to employees, and guests, using Entitlement Management, admins can look at a user's entitlements to quickly determine which roles are assigned to that user. When you include a Microsoft Entra role as a resource in an access package, admins can also specify whether that role assignment is eligible or active.
Assigning Microsoft Entra roles through access packages helps to efficiently manage role assignments at scale and improves the role.
Configure custom workflows to run mover tasks when a user's job profile changes Public Preview
Service category: Lifecycle Workflows
Product capability: Identity Governance
Lifecycle Workflows now supports the ability to trigger workflows based on job change events like changes to an employee's department, job role, or location and see them executed on the workflow schedule. With this feature, organizations can leverage new workflow triggers to create custom workflows for executing tasks associated with people moving within the organization including:
- Trigger workflows when a specified attribute changes
- Triggering workflows when a user is added or removed from a group's membership
- Tasks to notify a user's manager about a move
- Task to assign licenses or remove selected licenses from a user
Native Authentication for Microsoft Entra External ID Public Preview
Service category: Authentications (Logins)
Product capability: User Authentication
Native authentication empowers developers to take complete control over the design of the sign-in experience of their mobile applications. It allows them to craft stunning, pixel-perfect authentication screens that are seamlessly integrated into their apps, rather than relying on browser-based solutions.
FIDO2 authentication in Android web browsers Public Preview
Service category: Authentications (Logins)
Product capability: User Authentication
People in your organization can now sign in with a FIDO2 security key in both Google Chrome, and Microsoft Edge, on Android. This change is applicable to all users who are in scope for the FIDO2 authentication method.
Note:
FIDO2 registration in Android web browsers isn't available yet.
What's Changed
Self-service password reset Admin policy expansion to include additional roles Generally Available
Service category: Self Service Password Reset
Product capability: Identity Security & Protection
The Self-service Password Reset (SSPR) policy for Admins has expanded to include 3 additional built-in admin roles:
- Teams Administrator
- Teams Communications Administrator
- Teams Devices Administrator
Dynamic Groups quota increased to 15,000 Generally Available
Service category: Group Management
Product capability: Directory
Microsoft Entra organizations could previously have a maximum of 5,000 dynamic groups and dynamic administrative units combined.
We have increased this quota to 15000. For example, you can now have 5,000 dynamic groups and 10,000 dynamic AUs (or any other combination that adds up to 15k). You don't need to do anything to take advantage of this change – it's available right now.
Maximum workflows limit in Lifecycle workflows is now 100 Generally Available
Service category: Lifecycle Workflows
Product capability: Identity Governance
The maximum number of workflows that can be configured in Lifecycle workflows has increased. Now admins can create up to 100 workflows in Lifecycle workflows.
Login