Update

April 2024 Updates and New Features

April 2024

Public Preview - FIDO2 authentication in Android web browsers:
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication

Users can now sign in with a FIDO2 security key in both Chrome, and Microsoft Edge, on Android. This change is applicable to all users who are in scope for the FIDO2 authentication method. FIDO2 registration in Android web browsers isn't available yet.

General Availability - Security group provisioning to Active Directory using cloud sync:
Type: New feature
Service category: Provisioning
Product capability: Entra Cloud Sync

Security groups provisioning to Active Directory (also known as Group Writeback) is now generally available through Microsoft Entra Cloud Sync in Azure Global and Azure Government clouds. With this new capability, you can easily govern Active Directory based on-premises applications (Kerberos based apps) using Microsoft Entra Governance.

Decommissioning of Group Writeback V2 (Public Preview) in Entra Connect Sync:
Type: Plan for change
Service category: Provisioning
Product capability: Microsoft Entra Connect Sync

The public preview of Group Writeback V2 (GWB) in Entra Connect Sync will no longer be available after June 30, 2024. After this date, Connect Sync will no longer support provisioning cloud security groups to Active Directory.

Another similar functionality is offered in Entra Cloud Sync, called “Group Provision to AD”, that maybe used instead of GWB V2 for provisioning cloud security groups to AD. Enhanced functionality in Cloud Sync, along with other new features, are being developed.

Customers who use this preview feature in Connect Sync should switch their configuration from Connect Sync to Cloud Sync. Customers can choose to move all their hybrid sync to Cloud Sync (if it supports their needs) or Cloud Sync can be run side-by-side and move only cloud security group provisioning to AD onto Cloud Sync.

Customers who provision Microsoft 365 groups to AD can continue using GWB V1 for this capability.

Customers can evaluate moving exclusively to Cloud Sync by using this wizard: https://aka.ms/EvaluateSyncOptions

General availability - PIM approvals and activations on the Azure mobile app (iOS and Android) are available now:
Type: New feature
Service category: Privileged Identity Management
Product capability: Privileged Identity Management

PIM is now available on the Azure mobile app in both iOS and Android. Customers can now approve or deny incoming PIM activation requests, in addition to activating Microsoft Entra ID and Azure resource role assignments, directly from the app on their phone.

General Availability - On-premises password reset remediates user risk:
Type: New feature
Service category: Identity Protection
Product capability: Identity Security & Protection

Organizations who enabled password hash synchronization can now allow password changes on-premises to remediate user risk. You can also use this to save hybrid users time and maintain their productivity with automatic self-service remediation in risk-based Conditional Access policies.

General Availability - Custom Claims Providers enable token claim augmentation from external data sources:
Type: New feature
Service category: Authentications (Logins)
Product capability: Extensibility

Custom authentication extensions allow you to customize the Microsoft Entra authentication experience by integrating with external systems. A custom claims provider is a type of custom authentication extension that calls a REST API to fetch claims from external systems. A custom claims provider maps claims from external systems into tokens and can be assigned to one or many applications in your directory.

General Availability - Dynamic Groups quota increased to 15,000.
Type: Changed feature
Service category: Group Management
Product capability: Directory

Microsoft Entra organizations could previously have a maximum of 5,000 dynamic groups and dynamic administrative units combined.

We have increased this quota to 15000. For example, you can now have 5,000 dynamic groups and 10,000 dynamic AUs (or any other combination that adds up to 15k). You don't need to do anything to take advantage of this change - it's available right now.

General Availability - Lifecycle Workflows: Export workflow history data to CSV files
Type: New feature
Service category: Lifecycle Workflows
Product capability: Identity Governance

In Lifecycle Workflows, IT admins can now export their workflow history data across users, runs, and tasks to CSV files for meeting their organization's reporting and auditing needs.

See Download workflow history reports to learn more.

Public preview - Native Authentication for Microsoft Entra External ID
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication

Native authentication empowers developers to take complete control over the design of the sign-in experience of their mobile applications. It allows them to craft stunning, pixel-perfect authentication screens that are seamlessly integrated into their apps, rather than relying on browser-based solutions.

Public Preview - Passkeys in Microsoft Authenticator
Type: New feature
Service category: Microsoft Authenticator App
Product capability: User Authentication

Users can now create device-bound passkeys in the Microsoft Authenticator to access Microsoft Entra ID resources. Passkeys in the Authenticator app provide cost-effective, phishing-resistant, and seamless authentications to users from their mobile devices.

General Availability - Maximum workflows limit in Lifecycle workflows is now 100
Type: Changed feature
Service category: Lifecycle Workflows
Product capability: Identity Governance

The maximum number of workflows that can be configured in Lifecycle workflows has increased. Now IT admins can create up to 100 workflows in Lifecycle workflows.

Public Preview - Configure custom workflows to run mover tasks when a user's job profile changes
Type: New feature
Service category: Lifecycle Workflows
Product capability: Identity Governance

Lifecycle Workflows now supports the ability to trigger workflows based on job change events like changes to an employee's department, job role, or location and see them executed on the workflow schedule. With this feature, customers can use new workflow triggers to create custom workflows for executing tasks associated with employees moving within the organization including:

Trigger workflows when a specified attribute changes
Triggering workflows when a user is added or removed from a group's membership
Tasks to notify a user's manager about a move
Task to assign licenses or remove selected licenses from a user
To learn more, see the Automate employee mover tasks when they change jobs using the Microsoft Entra admin center tutorial.

General Availability - Microsoft Graph activity logs
Type: New feature
Service category: Microsoft Graph
Product capability: Monitoring & Reporting

The Microsoft Graph activity logs is now generally available! Microsoft Graph activity logs give you visibility into HTTP requests made to the Microsoft Graph service in your tenant. With rapidly growing security threats, and an increasing number of attacks, this log data source allows you to perform security analysis, threat hunting, and monitor application activity in your tenant.

General Availability - New provisioning connectors in the Microsoft Entra Application Gallery - April 2024
Type: New feature
Service category: App Provisioning
Product capability: 3rd Party Integration

We've added the following new applications in our App gallery with Provisioning support. You can now automate creating, updating, and deleting of user accounts for these newly integrated apps:

CultureHQ elia GoSkills Island Jellyfish

General Availability - Quick Microsoft Entra Verified ID setup
Type: New feature
Service category: Verified ID
Product capability: Decentralized Identities

Quick Microsoft Entra Verified ID setup, now generally available, removes several configuration steps an admin needs to complete with a single select on a Get started button. The quick setup takes care of signing keys, registering your decentralized ID, and verifying your domain ownership. It also creates a Verified Workplace Credential for you.

Public Preview - Assign Microsoft Entra roles using Entitlement Management
Type: New feature
Service category: Entitlement Management
Product capability: Entitlement Management

By assigning Microsoft Entra roles to employees, and guests, using Entitlement Management, you can look at a user's entitlements to quickly determine which roles are assigned to that user. When you include a Microsoft Entra role as a resource in an access package, you can also specify whether that role assignment is “eligible” or “active”.

Assigning Microsoft Entra roles through access packages helps to efficiently manage role assignments at scale and improves the role.

General Availability - Self-service password reset Admin policy expansion to include additional roles
Type: Changed feature
Service category: Self Service Password Reset
Product capability: Identity Security & Protection

Self-service password reset (SSPR) policy for Admins expands to include three extra built-in admin roles. These extra roles include:

  • Teams Administrator
  • Teams Communications Administrator
  • Teams Devices Administrator
Receive Important Update Messages Stay tuned for upcoming Microsoft Microsoft Entra ID updates

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad