Entra ID, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for December 2025:

What's New

Modernizing Microsoft Entra ID auth flows with WebView2 in Windows 11 Generally Available

Service category: Authentications (Logins)
Product capability: SSO

Windows has many user experiences that uses WebView to gather web information to present web information to users that looks like native content. One of the common scenarios for this is for authentication flows, where a user is prompted for credentials.

Microsoft Entra ID app sign-in through Web Account Manager (WAM) now has the option to be powered by WebView2, the Chromium-based web control, starting with the December 9, 2025, updates for Windows 11 (KB5072033 (OS Builds 26200.7462 and 26100.7462)). This release marks a significant step forward in delivering a secure, modern, and consistent sign-in experience across apps and services.

WebView2 will become the default framework for WAM authentication in an expected future Windows release, with the EdgeHTML WebView being deprecated. Moving to WebView2 is more than a technical upgrade, it’s a strategic investment in secure, user-friendly identity experiences. Microsoft is committed to evolving Microsoft Entra ID to meet the needs of modern organizations and developers.

Just-in-time password migration to Microsoft Entra External ID Public Preview

Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C

The Just-in-Time (JIT) Password Migration feature is designed to provide a seamless and secure experience for customers transitioning to Microsoft Entra External ID. This capability enables external identity providers to migrate user credentials during sign-in, eliminating the need for bulk password resets and minimizing disruption for end users. When a user meets the migration conditions at sign-in, their credentials are securely transferred as part of the process, ensuring continuity and reducing friction.

By integrating migration into the authentication flow, organizations can simplify administrative tasks while maintaining security standards. This approach not only enhances user experience but also accelerates adoption of Microsoft Entra External ID without compromising operational efficiency.

Protect enterprise generative AI applications with Prompt Shield Public Preview

Service category: Internet Access
Product capability: Network Access

Admins can now block prompt injection attacks to enterprise Generative AI apps in real-time with universal policy controls, extending Azure AI Prompt Shield to all network traffic.

B2B guest access support in Global Secure Access Public Preview

Service category: B2B
Product capability: Network Access

Admins can now enable the B2B guest access feature for guest users with the Global Secure Access client, signed in to their home organization's Microsoft Entra ID account. The Global Secure Access client automatically discovers partner tenants where the user is a guest and offers the option to switch into the customer's tenant context. The client routes only private traffic through the customer's Global Secure Access service.

Data exploration using Microsoft Security Copilot in Entra Public Preview

Service category: N/A
Product capability: Identity Security & Protection

Microsoft Security Copilot in Microsoft Entra now supports data exploration when prompts return datasets with more than 10 items. This feature is available for select Microsoft Entra scenarios. From the Copilot chat response, select Open list to access a comprehensive data grid. This allows admins to explore large datasets with complete and accurate results, enabling more efficient decision-making. Each data grid displays the underlying Microsoft Graph URL, helping admins verify query accuracy and build confidence in the results.

What's Fixed

Microsoft Entra Connect security hardening to prevent user account takeover Generally Available

Service category: Entra Connect
Product capability: Access Control

As part of ongoing security hardening, Microsoft has implemented new safeguards to block account takeover attempts via hard match abuse in Microsoft Entra Connect. These tactics are known as SyncJacking. Enforcement of this change begins in March 2026.

What’s Changing:

• Enforcement logic now checks OnPremisesObjectIdentifier to detect and block remapping attempts.
• Audit logs have been enhanced to capture changes to OnPremisesObjectIdentifier and DirSyncEnabled.
• Admin capability added to clear OnPremisesObjectIdentifier for legitimate recovery scenarios.

To prevent SyncJacking before March 2026, upgrade to the latest Microsoft Entra Connect version, and disable hard match takeover.