Microsoft Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for December 2024:

What's New

What's new in Microsoft Entra Generally Available

Service category: Reporting
Product capability: Monitoring & Reporting

What's new in Microsoft Entra offers a comprehensive view of Microsoft Entra product updates including product roadmap (like Public Previews and recent GAs), and change announcements (like deprecations, breaking changes, feature changes and Microsoft-managed policies). It's a one stop shop for Microsoft Entra admins to discover the product updates.

Update Profile Photo in MyAccount Generally Available

Service category: My Profile/Account
Product capability: End User Experiences

People can now update their profile photo directly from their MyAccount portal. This change exposes a new edit button on the profile photo section of the persons account.

Temporary Access Pass (TAP) support for internal guest users Generally Available

Service category: MFA
Product capability: Identity Security & Protection

Microsoft Entra ID now supports issuing Temporary Access Passes (TAP) to internal guest users. TAPs can be issued to internal guests just like normal members, through the Microsoft Entra ID Admin Center, or natively through Microsoft Graph. With this enhancement, internal guests can now seamlessly onboard, and recover, their accounts with time-bound temporary credentials.

Expansion of SSPR Policy Audit Logging Generally Available

Service category: Self Service Password Reset
Product capability: Monitoring & Reporting

Starting Mid-January, Microsoft ise improving the audit logs for changes made to the SSPR Policy.

With this improvement, any change to the SSPR policy configuration, including enablement or disablement, will result in an audit log entry that includes details about the change made. Additionally, both the previous values and current values from the change will be recorded within the audit log. This additional information can be found by selecting an audit log entry and selecting the Modified Properties tab within the entry.

These changes are rolled out in phases:

• Phase 1 includes logging for the Authentication Methods, Registration, Notifications, and Customization configuration settings.
• Phase 2 includes logging for the On-premises integration configuration settings.

This change occurs automatically, so admins take no action.

Privileged Identity Management integration in Azure Role Based Access Control Generally Available

Service category: RBAC
Product capability: Access Control

Privileged Identity Management (PIM) capabilities are now integrated into the Azure Role Based Access Control (Azure RBAC) UI. Before this integration, RBAC admins could only manage standing access (active permanent role assignments) from the Azure RBAC UI. With this integration, just-in-time access and timebound access, which are functionalities supported by PIM, are now brought into the Azure RBAC UI for customers with either a P2, or Identity Governance, license.

RBAC admins can create assignments of type eligible and timebound duration from the Azure RBAC add role assignment flow, see the list of different states of role assignment in a single view, as well as convert the type and duration of their role assignments from the Azure RBAC UI. In addition, end users now see all their role assignments of different state straight from the Azure RBAC UI landing page, from where they can also activate their eligible role assignments.

Microsoft Entra External ID Custom URL Domains Generally Available

Service category: Authentications (Logins)
Product capability: Identity Lifecycle Management

This feature allows organizations to customize their Microsoft default sign in authentication endpoint with their own brand names. Custom URL Domains help organizations to change Ext ID endpoint < tenant-name >.ciamlogin.com to login.contoso.com.

Sign in with Apple Public Preview

Service category: B2C – Consumer Identity Management
Product capability: Extensibility

This new feature adds Apple to Microsoft's list of preconfigured social identity providers. As the first social identity provider implemented on the eSTS platform, it introduces a Sign in with Apple button to the sign-in options, allowing people to access applications with their Apple accounts.

Provision custom security attributes from HR sources Public Preview

Service category: Provisioning
Product capability: Inbound to Entra ID

With this feature, organizations can automatically provision custom security attributes in Microsoft Entra ID from authoritative Human Resources (HR) sources. Supported authoritative sources include: Workday, SAP SuccessFactors, and any HR system integrated using API-driven provisioning.

Microsoft Entra ID Governance: access package request suggestions Public Preview Opt-In

Service category: Entitlement Management
Product capability: Entitlement Management

Microsoft is excited to introduce a new feature in My Access: a curated list of suggested access packages. This capability allows people to quickly view the most relevant access packages (based off their peers' access packages and previous requests) without scrolling through a long list. In December 2024, admins can enable the preview in the Opt-in Preview Features for Identity Governance. From January 2025, this setting is enabled by default.

Microsoft Entra ID Governance: Approvers can revoke access in MyAccess Public Preview

Service category: Entitlement Management
Product capability: Entitlement Management

For Microsoft Entra ID Governance users, approvers of access package requests can now revoke their decision in MyAccess. Only the person who took the approve action is able to revoke access. To opt into this feature, admins can go to the Identity Governance settings page, and enable the feature.

Security Copilot embedded in Microsoft Entra Public Preview

Service category: Other
Product capability: Identity Security & Protection

Microsoft has announced the public preview of Microsoft Security Copilot embedded in the Microsoft Entra admin Center. This integration brings all identity skills previously made generally available for the Security Copilot standalone experience in April 2024, along with new identity capabilities for admins and security analysts to use directly within the Microsoft Entra admin center. Microsoft has also added brand new skills to help improve identity-related risk investigation. In December 2024, Microsoft broadens the scope even further to include a set of skills specifically for App Risk Management in both standalone and embedded experiences of Security Copilot and Microsoft Entra. These capabilities allow identity admins and security analysts to better identify, understand, and remediate the risks impacting applications and workload identities registered in Microsoft Entra.

With Security Copilot now embedded in Microsoft Entra, identity admins get AI-driven, natural-language summaries of identity context and insights tailored for handling security incidents, equipping them to better protect against identity compromise. The embedded experience also accelerates troubleshooting tasks like resolving identity-related risks and sign-in issues, without ever leaving the admin center.