What's New in Entra ID for August 2024

Reading Time: 5 minutes

Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for August 2024:

 

What's Planned

Upcoming MFA Enforcement on Microsoft Entra admin center

Service category: MFA
Product capability: 
Identity Security & Protection

As part of Microsoft’s commitment to providing organizations with the highest level of security, Microsoft previously announced that Microsoft will require multi-factor authentication (MFA) for users signing into the Azure portal, the Entra admin center and Intune admin center.

This change will be rolled out in phases, allowing organizations time to plan their implementation. Starting October 15, 2024, MFA will be required to sign in, but won’t be required yet for the Azure Command Line Interface, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools.

 

Add sign-in method picker user experience update on the My Security Info page

Service category: MFA
Product capability: End User Experiences

Starting late August 2024, the Add sign-in method dialog on the My Security Info page of the My Sign-ins portal will be updated with improved sign-in method descriptions, and a modern look and feel. With this change, when people select Add sign-in method, they'll initially be recommended to register the strongest method available to them which is allowed by organizational authentication method policy. People can select Show more options and choose from all available sign-in methods allowed by their organization’s policy.

 

Migrate to the Authentication methods policy

Service category: MFA
Product capability: 
User Authentication

On September 30th, 2025, Microsoft is retiring the ability to manage authentication methods in the legacy Multifactor Authentication (MFA) and Self-Service Password Reset (SSPR) policies in Entra ID.

Organizations should migrate their methods to the converged authentication methods policy where methods can be managed centrally for all authentication scenarios including passwordless, multi-factor authentication and self-service password reset.

 

User admin and license admin roles are enabled to manage self-service license requests in the Microsoft 365 admin center

Service category: License assignment
Product capability: User administration

User admin and License admin roles in the Microsoft 365 admin center will be enabled to manage self-service license requests, with rollout starting early September 2024 and expected completion by mid-September 2024. Admins should familiarize themselves with the licensing process.

 

Enforce policy approval settings for admins

Service category: Entitlement Management
Product capability:
Entitlement Management

Starting August 26, 2024, changes to Entitlement Management enforce approval settings for Global Administrators and Identity Governance Administrators, preventing them from bypassing access package policy approvals.

No action is needed from your organization as this is an automatic update.

 

Provisioning UX Updates

Service category: Provisioning
Product capability: Outbound to SaaS Applications

Microsoft starts releasing user experience updates for application provisioning, HR provisioning, and cross-tenant synchronization in October 2024. This includes:

  • A new overview page
  • User experience to configure connectivity to your application
  • A new create provisioning experience.

The new experiences include all functionality available to admins today, and no action is required.

 

What’s Deferred

Changes to My Groups Admin Controls

Service category: Group Management
Product capability: AuthZ/Access Delegation

In October 2023 Microsoft shared that, starting June 2024, the existing Self Service Group Management (SSGM) the Restrict user ability to access groups features in My Groups setting in the Microsoft Entra Admin Center will be retired. These changes are under review and will not take place as originally planned. A new deprecation date will be announced in the future.

 

What's New

Face Check with Entra Verified ID Generally Available

Service category: Identity verification
Product capability: Verified ID

Face Check is a privacy-respecting facial matching feature for high-assurance identity verifications and the first premium capability of Microsoft Entra Verified ID.

Powered by Azure AI services, Face Check adds a critical layer of trust by matching a person’s real-time selfie and the photo on their passport or driver’s license. By sharing only match results and not any sensitive identity data, Face Check strengthens an organization’s identity verification while protecting privacy.

 

Device based conditional access to M365/Azure resources on Red Hat Enterprise Linux Generally Available

Service category: Conditional Access
Product capability: SSO

Since October 2022, people using Ubuntu Desktop 20.04 LTS & Ubuntu 22.04 LTS with Microsoft Edge browsers could register their devices with Entra ID, enroll into Intune management, and securely access corporate resources using device-based Conditional Access policies.

Now, Entra ID extends support to Red Hat Enterprise Linux 8.x and 9.x (LTS) which makes these capabilities possible:

  • Entra ID registration and Entra ID enrollment of devices with RedHat Enterprise Linux
  • Conditional Access policies protecting web applications via Microsoft Edge
  • Standard Intune compliance policies
  • Support for Bash scripts with custom compliance policies
  • Package Manager now supports RHEL RPM packages in addition to Debian DEB packages

 

Enable, Disable, and Delete synchronized users accounts with Lifecycle Workflows Generally Available

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

Lifecycle Workflows is now able to enable, disable, and delete user accounts which are synchronized from Active Directory to Microsoft Entra. This allows organizations to complete the employee offboarding process by deleting the user account after a retention period.

 

Configure Lifecycle Workflow Scope Using Custom Security Attributes Generally Available

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

Organizations can now leverage their confidential HR data stored in custom security attributes, in addition to other attributes to define the scope of their workflows in Lifecycle Workflows for automating joiner, mover, and leaver (JML) scenarios.

 

Workflow History Insights in Lifecycle Workflows Generally Available

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

With this feature, organizations can now monitor workflow health, and get insights across all their workflows in Lifecycle Workflows including viewing workflow processing data across workflows, tasks, and workflow categories.

 

Configure custom workflows to run mover tasks when a user's job profile changes Generally Available

Service category: Lifecycle Workflows
Product capability: Identity Lifecycle Management

Lifecycle Workflows now supports the ability to trigger workflows based on job change events like changes to an employee's department, job role, or location, and see them executed on the workflow schedule. With this feature, organizations can leverage new workflow triggers to create custom workflows for their executing tasks associated with people moving within the organization, including:

  • Trigger workflows when a specified attribute changes
  • Trigger workflows when a user account is added or removed from a group's membership
  • Tasks to notify a person’s manager about a move
  • Task to assign licenses or remove selected licenses from a user account

 

Microsoft Entra ID FIDO2 provisioning APIs Public Preview

Service category: MFA
Product capability: Identity Security & Protection

Microsoft Entra ID now supports FIDO2 provisioning via Graph API, allowing organizations to pre-provision security keys (passkeys) for people in the organization. These new APIs can simplify user onboarding and provide seamless phishing-resistant authentication on day one.

 

What's Changed

Restricted permissions on Directory Synchronization Accounts (DSA) role in Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync

Service category: Provisioning
Product capability: Entra Connect

As part of ongoing security hardening, Microsoft has removed unused permissions from the privileged Directory Synchronization Accounts role. This role is exclusively used by Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync, to synchronize Active Directory objects with Microsoft Entra ID. There's no action required by organizations to benefit from this hardening,

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.