General Availability - Modernizing Microsoft Entra ID auth flows with WebView2 in Windows 11
Microsoft Entra IDMicrosoft
December 2025
General Availability - Modernizing Microsoft Entra ID auth flows with WebView2 in Windows 11
Type: New feature
Service category: Authentications (Logins)
Product capability: SSO
Windows has many user experiences that uses webview’s to gather web information to present web information to users that looks like native content. One of the common scenarios for this is for authentication flows, where a user is prompted for their username and provides credentials.
Microsoft Entra ID app sign-in through Web Account Manager (WAM) now has the option to be powered by WebView2, the Chromium-based web control, starting with KB5072033 (OS Builds 26200.7462 and 26100.7462) or later. This release marks a significant step forward in delivering a secure, modern, and consistent sign-in experience across apps and services.
WebView2 will become the default framework for WAM authentication in an expected future Windows release, with the EdgeHTML WebView being deprecated. Therefore, we encourage users to deploy now and participate in the opt-in process, enable this experience in their environments, and make any necessary adjustments — such as updating proxy rules or modifying code in services involved in the sign in process. Contact Customer Support Services if you'd like to provide feedback.
Moving to WebView2 is more than a technical upgrade, it’s a strategic investment in secure, user-friendly identity experiences. We’re committed to evolving Microsoft Entra ID to meet the needs of modern organizations and developers.
For more information, see:
Now generally available: Modernizing Microsoft Entra ID auth flows with WebView2 in Windows 11 - Windows IT Pro Blog
General Availability - Microsoft Entra Connect security hardening to prevent user account takeover
Type: Fixed
Service category: Entra Connect
Product capability: Access Control
As part of ongoing security hardening, Microsoft has implemented new safeguards to block account takeover attempts via hard match abuse in Microsoft Entra Connect (known as SyncJacking). Enforcement of this change begins in March 2026.
What’s Changing:
Enforcement logic now checks OnPremisesObjectIdentifier to detect and block remapping attempts.
Audit logs have been enhanced to capture changes to OnPremisesObjectIdentifier and DirSyncEnabled.
Admin capability added to clear OnPremisesObjectIdentifier for legitimate recovery scenarios.
Customer Action Required:
Upgrade to the latest Microsoft Entra Connect version.
Review updated hardening guidance and enable recommended flags:
Disable hard match takeover
Additional Guidance:
If enforcement blocks an operation, you'll see the following error message: “Hard match operation blocked due to security hardening. Review OnPremisesObjectIdentifier mapping.”
Use audit logs to identify which objects are currently impacted. Specifically, look for audit events where OnPremisesObjectIdentifier or DirSyncEnabledwas modified.
For legitimate recovery, you can clear and reset OnPremisesObjectIdentifier using the following Microsoft Graph API:
POST https://graph.microsoft.com/beta/users/<userid>?$select=onPremisesObjectIdentifier
{
onPremisesObjectIdentifier: null
}
The Microsoft Entra Connect Sync .msi installation file for this change is exclusively available on Microsoft Entra admin center under Microsoft Entra Connect.
Check our version history page for more details on available versions.
Public Preview of Just-in-time password migration to Microsoft Entra External ID
Type: New feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
The Just-in-Time (JIT) Password Migration feature is designed to provide a seamless and secure experience for customers transitioning to Microsoft Entra External ID. This capability enables external identity providers to migrate user credentials during sign-in, eliminating the need for bulk password resets and minimizing disruption for end users. When a user meets the migration conditions at sign-in, their credentials are securely transferred as part of the process, ensuring continuity and reducing friction.
By integrating migration into the authentication flow, organizations can simplify administrative tasks while maintaining security standards. This approach not only enhances user experience but also accelerates adoption of Microsoft Entra External ID without compromising operational efficiency.
Public preview - Protect enterprise generative AI applications with Prompt Shield
Type: New feature
Service category: Internet Access
Product capability: Network Access
Block prompt injection attacks to enterprise GenAI apps in real-time with universal policy controls, extending Azure AI Prompt Shield to all network traffic. For more information, see: Protect Enterprise Generative AI apps with Prompt Shield (preview).
Public Preview - B2B guest access support in Global Secure Access
Type: New feature
Service category: B2B
Product capability: Network Access
You can now enable the B2B guest access feature for your guest users with the Global Secure Access client, signed in to their home organization's Microsoft Entra ID account. The Global Secure Access client automatically discovers partner tenants where the user is a guest and offers the option to switch into the customer's tenant context. The client routes only private traffic through the customer's Global Secure Access service. For more information, see: Learn about Global Secure Access B2B Guest Access (Preview).
Public Preview - Data exploration using Microsoft Security Copilot in Entra
Type: New feature
Service category: N/A
Product capability: Identity Security & Protection
Microsoft Security Copilot in Microsoft Entra now supports data exploration when prompts return datasets with more than 10 items. This feature is in preview and available for select Microsoft Entra scenarios. From the Copilot chat response, select Open list to access a comprehensive data grid. This allows you to explore large datasets with complete and accurate results, enabling more efficient decision-making. Each data grid displays the underlying Microsoft Graph URL, helping you verify query accuracy and build confidence in the results. For more information, see: Microsoft Security Copilot scenarios in Microsoft Entra overview.</userid>
