Microsoft Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for November 2024:

What's Deprecated

MFA Fraud Alert will be retired on March 1st 2025

Service category: MFA
Product capability: Identity Security & Protection

Microsoft Entra multi-factor authentication (MFA) fraud alert allows people to report MFA voice calls, and Microsoft Authenticator push requests, they didn't initiate as fraudulent. Beginning March 1, 2025, MFA Fraud Alert will be retired in favor of the replacement Report Suspicious Activity feature which allows people to report fraudulent requests, and is also integrated with Identity Protection for more comprehensive coverage and remediation.

MIM hybrid reporting agent

Service category: Microsoft Identity Manager (MIM)
Product capability: Monitoring & Reporting

The hybrid reporting agent, used to send a Microsoft Identity Manager service event log to Microsoft Entra to surface in password reset and self-service group management reports, is deprecated. The recommended replacement is to use Azure ARC to send the event logs to Azure Monitor.

What’s New

Microsoft Entra Health Monitoring, Health Metrics Feature Generally Available

Service category: Reporting
Product capability: Monitoring & Reporting

Microsoft Entra health monitoring, available from the Health pane, includes a set of low-latency pre-computed health metrics that can be used to monitor the health of critical user scenarios in an Entra tenant. The first set of health scenarios includes MFA, CA-compliant devices, CA-managed devices, and SAML authentications. This set of monitor scenarios will grow over time. These health metrics are now released as general availability data streams, in conjunction with the public preview of an intelligent alerting capability.

Log analytics sign-in logs schema is in parity with MSGraph schema Generally Available

Service category: Authentications (Logins)
Product capability: Monitoring & Reporting

To maintain consistency in its core logging principles, Microsoft has addressed a legacy parity issue where the Azure Log Analytics sign-in logs schema did not align with the MS Graph sign-in logs schema. The updates include fields such as ClientCredentialType, CreatedDateTime, ManagedServiceIdentity, NetworkLocationDetails, tokenProtectionStatus, SessionID, among others. These changes will take effect in the first week of December 2024.

Updating profile photo in MyAccount Pubic Preview

Service category: My Profile/Account
Product capability: End User Experiences

On November 13, 2024, people received the ability to update their profile photo directly from their MyAccount portal. This change exposes a new edit button on the profile photo section of the persons account.

Microsoft Entra new store for certificate-based authentication Public Preview

Service category: Authentications (Logins)
Product capability: User Authentication

Microsoft Entra ID has a new scalable PKI (Public Key Infrastructure) based CA (Certification Authority) store with higher limits for the number of CAs and the size of each CA file. The new PKI-based CA store allows CAs within each different PKI to be in its own container object allowing admins to move away from one flat list of CAs to more efficient PKI container-based CAs. The new PKI-based CA store now supports up to 250 CAs, 8KB size for each CA and also supports issuers hints attribute for each CA. Admins can also upload the entire PKI and all the CAs using the Upload CBA PKI feature or create a PKI container and upload CAs individually.

Universal Continuous Access Evaluation Pubic Preview

Service category: Provisioning
Product capability: Network Access

Continuous Access Evaluation (CAE) revokes, and revalidates, network access in near real-time whenever Microsoft Entra ID detects changes to the identity.

What's Changed

Microsoft Entra Health Monitoring, Alerts Feature

Service category: Other
Product capability: Monitoring & Reporting

Intelligent alerts in Microsoft Entra health monitoring notify tenant admins, and security engineers, whenever a monitored scenario breaks from its typical pattern. Microsoft Entra's alerting capability watches the low-latency health signals of each scenario, and fires a notification in the event of an anomaly. The set of alert-ready health signals and scenarios will grow over time. This alerts feature is now available in Microsoft Entra Health as an API-only public preview release (UX release is scheduled for February 2025).

Expansion of WhatsApp as an MFA one-time passcode delivery channel

Service category: MFA
Product capability: User Authentication

In late 2023, Entra ID started leveraging WhatsApp as an alternate channel to deliver multi-factor authentication (MFA) one-time passcodes to people in India and Indonesia. Microsoft saw improved deliverability, completion rates, and satisfaction when leveraging the channel in both countries. The channel was temporarily disabled in India in early 2024. Starting early December 2024, Microsoft will be re-enabling the channel in India, and expanding its use to additional countries.

Starting December 2024, people in India, and other countries can start receiving MFA text messages via WhatsApp. Only people that are enabled to receive MFA text messages as an authentication method, and already have WhatsApp on their phone, will get this experience. If a person with WhatsApp on their device is unreachable or doesn’t have internet connectivity, Microsoft will quickly fall back to the regular SMS channel. In addition, people receiving one-time passcodes (OTPs) via WhatsApp for the first time will be notified of the change in behavior via SMS text message.

If organizations don’t want their people to receive MFA text messages through WhatsApp, admins can disable text messages as an authentication method or scope it down to only be enabled for a subset of people. Please note that Microsoft highly encourages organizations move to using more modern, secure methods like Microsoft Authenticator and passkeys in favor of telecom and messaging app methods.