Entra, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra for February 2026:
What's Planned
Microsoft Entra Connect security update to block hard match for users with Microsoft Entra roles
Service category: Entra Connect
Product capability: Entra Connect
Beginning June 1, 2026, Microsoft Entra ID will block any attempt by Entra Connect Sync or Cloud Sync from hard-matching a new user object from Active Directory to an existing cloud-managed Entra ID user object that holds Microsoft Entra roles.
Jailbreak Detection in Authenticator App
Service category: Microsoft Authenticator App
Product capability: Identity Security & Protection
Starting February 2026, Microsoft Authenticator will introduce jailbreak/root detection for Microsoft Entra credentials in the Android app. The rollout progresses from warning mode to blocking mode to wipe mode. People must move to compliant devices to continue using Microsoft Entra accounts in Authenticator.
What's New
External MFA General Availability
Service category: MFA
Product capability: User Authentication
External authentication methods in Microsoft Entra ID are now generally available under a new name: External Multifactor Authentication (External MFA). This capability enables organizations to meet multifactor authentication requirements while continuing to use their preferred MFA provider. Microsoft Entra ID remains the identity control plane, performing full policy evaluation and access decisions on every sign in, including real time Conditional Access enforcement and sign in risk assessment.
Microsoft Entra Connect Sync now supports Windows Server 2025 General Availability
Service category: Entra Connect
Product capability: Entra Connect
Microsoft Entra Connect Sync now officially supports Windows Server 2025. This means admins can confidently install and run Microsoft Entra Connect Sync on servers running Windows Server 2025, enabling your hybrid identity environment to take full advantage of the latest Windows Server enhancements.
Device authorization grant flow in Microsoft Entra External ID General Availability
Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C
Similar to Microsoft Entra ID (workforce tenants), Microsoft Entra External ID (external tenants) now supports device authorization grant flow, which allows people to sign in to input-constrained devices such as a smart TVs, IoT devices and printers.
Sign-in with username/alias General Availability
Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C
In Microsoft Entra External ID, people who authenticate with a local email and password now can also sign in using a username (alias) as an alternate sign-in identifier. This alias can represent a customer or member ID, insurance number, frequent flyer number, or a self-chosen username. The alias can be collected from the person, assigned during self-service sign-up, assigned during user creation or user update via the Microsoft Graph API or in the Microsoft Entra admin center.
Custom banned password lists supported in Microsoft Entra External ID General Availability
Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C
In addition to the global banned password lists already supported, Entra External ID admins can now add specific strings to block during password creation and reset.
Expanded attribute support in Lifecycle Workflows attribute changes trigger General Availability
Service category: Lifecycle Workflows
Product capability: Identity Governance
The Attribute Changes trigger in Lifecycle Workflows now supports additional attribute types, enabling broader detection of organizational changes. Previously, this trigger was limited to a set of core attributes. With this update, you can configure workflows to respond when any of the following attributes change:
- Custom security attributes
- Directory extension attributes
- EmployeeOrgData attributes
- On-premises attributes 1–15
This enhancement gives admins greater flexibility to automate lifecycle processes for mover events based on custom or extended attributes, improving governance for complex organizational structures and hybrid environments.
Delegated Workflow Management in Lifecycle Workflows General Availability
Service category: Lifecycle Workflows
Product capability: Identity Governance
Lifecycle workflows can now be managed with Administrative Units (AUs), enabling organizations to segment workflows and delegate administration to specific admins. This enhancement ensures that only authorized admins can view, configure, and execute workflows relevant to their scope. Organizations are able to associate workflows with AUs, assign scoped permissions to delegated admins, and ensure that workflows only impact people within their defined scope.
Revoke previously approved access package assignments in My Access General Availability
Service category: Entitlement Management
Product capability: Identity Governance
By end of March Microsoft Entra ID Governance approvers can revoke access to an access package after an approval has already been granted. This gives approvers greater control to respond to changes, mistakes, or updated business needs. With this update, an approver can undo a prior approval decision, immediately removing the requestor’s access to the access package. Only the approver who originally approved the request can revoke it, even if multiple approvers belong to the same approver group.
Microsoft Entra Provisioning Service available in Microsoft Azure operated by 21Vianet General Availability
Service category: Provisioning
Product capability: Outbound to SaaS Applications
The Microsoft Entra provisioning service can now be used in the 21Vianet / China cloud for the following scenarios:
- API-driven provisioning
- Cloud Sync
- Cross-tenant sync between China tenants
- SCIM provisioning for the non-gallery / custom application
- On-premises app provisioning (ECMA).
Specific gallery connectors such as Workday, SuccessFactors, and AWS aren't onboarded to the environment.
Custom Block pages General Availability
Service category: Internet Access
Product capability: Network Access
When you configure policies blocking people from accessing risky, NSFW, or unsanctioned sites or apps in Global Secure Access (GSA), they receive a clear HTML error message with Microsoft Entra Internet Access branding. Admins who would like to start customizing that experience with text aligned to a company style guide, callouts to company Terms of Use documentation, hyperlinks to IT workflows, and more, can now do so.
New end user homepage in My Account Public Preview
Service category: My Profile/Account
Product capability: End User Experiences
The My Account homepage has been updated to provide a more task-focused experience. People will see pending actions like renewing expiring groups, approving access package requests, and setting up multi-factor authentication directly on the homepage. Quick links to apps, groups, access packages, and sign-in details will be easier to find and use. This change is designed to streamline account management and help people stay on top of access and security tasks.
BYOD support for Windows client using Microsoft Entra registration Public Preview
Service category: BYOD support
Product capability: Network Access
Bring Your Own Device (BYOD) support for Windows using Microsoft Entra‑registered devices is now available in public preview. People and partners can access corporate resources from their own devices. Admins can assign the Private Application traffic profile to internal accounts, including internal guest users.
Login