Retirement notice - Microsoft Entra Permissions Management

March 2025
Retirement notice - Microsoft Entra Permissions Management
Type: Plan for change
Service category: Other
Product capability: Permissions Management

Effective April 1, 2025, Microsoft Entra Permissions Management (MEPM) will no longer be available for sale to new Enterprise Agreement or direct customers. Additionally, starting May 1 2025, it will not be available for sale to new CSP customers. Effective October 1, 2025, we'll retire Permissions Management and discontinue support of this product.

Current Permissions Management customers will retain access to this product until September 30, 2025, with continued support for existing functionalities. We have partnered with Delinea to provide an alternative solution that offers similar capabilities as those provided by Permissions Management.

This decision was made to align strategically with our core areas of strengths, including our differentiation in core identity and Microsoft Entra suite, and accelerate our investments on securing AI and harnessing the power of AI for security.

Public Preview - Track and investigate identity activities with linkable identifiers in Microsoft Entra
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication

Microsoft will standardize the linkable token identifiers, and expose them in both Microsoft Entra and workflow audit logs. This allows customers to join the logs to track, and investigate, any malicious activity. Currently linkable identifiers are available in Microsoft Entra sign in logs, Exchange Online audit logs, and MSGraph Activity logs.

For more information, see: Track and investigate identity activities with linkable identifiers in Microsoft Entra (preview).

General Availability- Conditional Access reauthentication policy
Type: New feature
Service category: Conditional Access
Product capability: Identity Security & Protection

Require reauthentication every time can be used for scenarios where you want to require a fresh authentication, every time a user performs specific actions like accessing sensitive applications, securing resources behind VPN, or Securing privileged role elevation in PIM. For more information, see: Require reauthentication every time.

General Availability- Custom Attributes support for Microsoft Entra Domain Services
Type: New feature
Service category: Microsoft Entra Domain Services
Product capability: Microsoft Entra Domain Services

Custom Attributes for Microsoft Entra Domain Services is now Generally Available. This capability allows customers to use Custom Attributes in their managed domains. Legacy applications often rely on custom attributes created in the past to store information, categorize objects, or enforce fine-grained access control over resources. For example, these applications might use custom attributes to store an employee ID in their directory and rely on these attributes in their application LDAP calls. Modifying legacy applications can be costly and risky, and customers might lack the necessary skills or knowledge to make these changes. Microsoft Entra Domain Services now supports custom attributes, enabling customers to migrate their legacy applications to the Azure cloud without modification. It also provides support to synchronize custom attributes from Microsoft Entra ID, allowing customers to benefit from Microsoft Entra ID services in the cloud. For more information, see: Custom attributes for Microsoft Entra Domain Services.

Public Preview - Conditional Access Per-Policy Reporting
Type: New feature
Service category: Conditional Access
Product capability: Identity Security & Protection

Conditional Access Per-Policy Reporting enables admins to easily evaluate the impact of enabled and report-only Conditional Access policies on their organization, without using Log Analytics. This feature surfaces a graph for each policy in the Microsoft Entra Admin Center, visualizing the policy’s impact on the tenant’s past sign-ins. For more information, see: Policy impact (Preview).

Public Preview - Limit creation or promotion of multitenant apps
Type: New feature
Service category: Directory Management
Product capability: Developer Experience

A new feature has been added to the App Management Policy Framework that allows restriction on creation or promotion of multitenant applications, providing administrators with greater control over their app environments.

Administrators can now configure tenant default or custom app policy using the new 'audiences' restriction to block new app creation if the signInAudience value provided in the app isn't permitted by the policy. In addition, existing apps can be restricted from changing their signInAudience if the target value isn't permitted by the policy. These policy changes are applied during app creation or update operations, offering control over application deployment and usage. For more information, see: audiencesConfiguration resource type.

General Availability - Download Microsoft Entra Connect Sync on the Microsoft Entra admin center
Type: Plan for change
Service category: Microsoft Entra Connect
Product capability: Identity Governance

The Microsoft Entra Connect Sync .msi installation files are also available on Microsoft Entra admin center within the Microsoft Entra Connect pane. As part of this change, we'll stop uploading new installation files on the Microsoft Download Center.

General Availability - New Microsoft-managed Conditional Access policies designed to limit device code flow and legacy authentication flows
Type: Changed feature
Service category: Conditional Access
Product capability: Access Control

As part of our ongoing commitment to enhance security and protect our customers from evolving cyber threats, we're rolling out two new Microsoft-managed Conditional Access policies designed to limit device code flow and legacy authentication flows. These policies are aligned to the secure by default principle of our broader Secure Future Initiative, which aims to provide robust security measures to safeguard your organization by default.

Deprecated - Upgrade your Microsoft Entra Connect Sync version to avoid impact on the Sync Wizard
Type: Deprecated
Service category: Microsoft Entra Connect
Product capability: Microsoft Entra Connect

As announced in the Microsoft Entra What's New Blog and in Microsoft 365 Center communications, customers should upgrade their connect sync versions to at least 2.4.18.0 for commercial clouds and 2.4.21.0 for non-commercial clouds before April 7, 2025. A breaking change on the Connect Sync Wizard will affect all requests that require authentication such as schema refresh, configuration of staging mode, and user sign in changes. For more information, see: Minimum versions.