What's New in Entra ID for September 2024

Reading Time: 4 minutes

Entra ID

Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for September 2024:

 

What's Planned

Upcoming MFA Enforcement on Microsoft Entra admin center

Service category: MFA
Product capability: 
Identity Security & Protection

As part of Microsoft’s commitment to providing organizations with the highest level of security, Microsoft previously announced that Microsoft will require multi-factor authentication (MFA) for users signing into the Azure portal, the Entra admin center and Intune admin center.

This change will be rolled out in phases, allowing organizations time to plan their implementation. Starting October 15, 2024, MFA will be required to sign in, but won’t be required yet for the Azure Command Line Interface, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools.

 

Retirement of legacy user authentication methods management experience in Entra Portal

Service category: MFA
Product capability: 
User Authentication

Starting October 31 st , 2024 , Microsoft will retire the ability to manage user authentication methods in the Entra Portal via the legacy user interface (UI) . Instead, Microsoft will only surface the modern user interface which has full parity with the legacy experience in addition to the ability to manage modern methods ( e.g. Temporary Access Pass, Passkeys, QR+Pin , etc.) and settings.

 

Provisioning user experience modernization

Service category: Provisioning
Product capability: Identity Governance

Microsoft is modernizing the current application/HR provisioning and cross-tenant sync user experience. This includes a new overview page, user experience to configure connectivity to applications, scoping, and attribute mappings. The new experience includes all functionality available to organizations today, and no action is required. The new experience will start rolling out at the end of October 2024, but organizations can still use the existing experience through January 2025.

 

What's New

Security Service Edge Generally Available

Microsoft’s Security Service Edge (SSE) solution, Microsoft Entra Private Access and Microsoft Entra Internet Access are now generally available. These two products coupled with Microsoft's SaaS security-focused CASB—Microsoft Defender for Cloud apps—comprise Microsoft's Security Service Edge solution, a cloud-delivered, identity-centric networking model that transforms the way organizations secure access.

 

Cross-tenant manager synchronization Generally Available

Service category: Provisioning
Product capability: Identity Governance

Support for synchronizing the manager attribute using cross-tenant synchronization is now generally available.

 

Tenant admin can fail certificate based authentication Public Preview

Service category: Authentications (Logins)
Product capability: User Authentication

With certificate-based authentication, a Certification Authority (CA) can be configured without a Certificate Revocation List Distribution Point (CDP), and certificate-based authentication won't fail if the issuing CA doesn't have a CDP specified. To strengthen security and avoid misconfigurations, an Authentication Policy Administrator can require certificate-based authentication to fail if no CRL is configured for a CA that issues an end user certificate.

 

Custom Claims API for Claims Configuration of Enterprise Apps Public Preview

Service category: Enterprise Apps
Product capability: SSO

The Custom Claims API allows admins to manage and update additional claims for Enterprise Applications seamlessly through Microsoft Graph. The Custom Claims API offers a simplified and user friendly API experience for claims management for organizations. With the introduction of Custom Claims API, Microsoft achieved user experience (UX) and API interoperability. Admins can now use Microsoft Entra admin center and Microsoft Graph API interchangeably to manage claims configurations for Enterprise Applications.

 

Conditional Access Template Requiring Device Compliance Public Preview

Service category: Conditional Access
Product capability: Identity Security & Protection

A new Conditional Access template requiring device compliance is now available in Public Preview. This template restricts access to company resources exclusively to devices enrolled in mobile device management (MDM) and compliant with company policy. Requiring device compliance improves data security, reducing risk of data breaches, malware infections, and unauthorized access.

 

Request Access Package on behalf of Public Preview

Service category: Entitlement Management
Product capability: Entitlement Management

Entitlement Management enables admins to create access packages to manage their organization’s resources. Admins can either directly assign users to an access package, or configure an access package policy that allows people to request access. This option to create self-service processes is useful, especially as organizations scale and hire more people. However, new people joining an organization might not always know what they need access to, or how they can request access. In this case, a new person would likely rely on their manager to guide them through the access request process.

Instead of having new people navigate the request process, managers can request access packages for their people, making onboarding faster and more seamless. To enable this functionality for managers, admins can select an option when setting up an access package policy that allows managers to request access on behalf.

 

What's Changed

Microsoft Entra External ID extension for Visual Studio Code Generally Available

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

Microsoft Entra External ID Extension for VS Code provides a streamlined, guided experience to help admins and developers kickstart identity integration for customer-facing apps. With this extension, developers can create external tenants, set up a customized and branded sign-in experience for external users, and quickly bootstrap projects with pre-configured External ID samples—all within Visual Studio Code. Additionally, they can view and manage external tenants, applications, user flows, and branding settings directly from within the extension.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.