Entra ID News #65 → This week in Microsoft Entra
🎉 Learn about the GA of Native Auth in External ID, 🚀 GA of FIPS for Authenticator on Android, 🛡️ new Conditional Access templates, plus heaps of change announcements 📢!
👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.
Entra admins, you'll want to check out the upcoming changes section for new information on the AAD Graph and Azure AD PowerShell retirements, legacy authentication methods retirement, and a heads-up on upcoming AAD Connect changes.
Enjoy!
⚡️ Microsoft
🏆 General Availability
Announcing the General Availability (GA) of Native Authentication for Microsoft Entra External ID • Kaushik Kislay
FIPS 140-3 enterprise compliance for Microsoft Authenticator app on Android • Microsoft Learn
🔥 Public Preview
Introducing seamless authentication with Power Pages and Microsoft Entra External ID • Arbaaz Abdulwahid
Device compliance Conditional Access template • Microsoft Learn
📖 Read
Global Secure Access Community Resources Hub • Microsoft Identity Customer Acceleration Team
Phishing-resistant passwordless authentication deployment in Microsoft Entra ID • Microsoft Learn
Cybersecurity Awareness Month: Securing our world—together • Vasu Jakkal
What is Microsoft Entra (and why use it) • Chris Noring
📺 Watch
Prevent attackers from using stolen tokens from devices to which tokens were not issued. (1 min) • Microsoft Mechanics
🗣️ Message Center / Upcoming Changes
Upgrade to the latest version of Microsoft Entra Connect by April 2, 2025 (links to Entra Admin Centre) - In early October 2024, Microsoft will release a new version of Microsoft Entra Connect Sync that contains a back-end service change that further hardens Microsoft’s services. To avoid service disruptions, customers are required to upgrade to that version (2.4.XX.0) by early April 2025 (exact deadline to be announced upon version release).
Retirement of legacy user authentication methods management experience in Entra Portal - Starting October 31 st, 2024 , Microsoft will retire the ability to manage user authentication methods in the Entra Portal via the legacy user interface (UI) . Instead, Microsoft will only surface the modern UI which has full parity with the legacy experience in addition to the ability to manage modern methods ( e.g. Temporary Access Pass, Passkeys, QR+Pin , etc.) and settings . This will not impact how end users can manage their own authentication methods or their ability to sign-in to Entra.
Provisioning UX modernization - Microsoft is modernizing the current application/HR provisioning and cross-tenant sync UX. This includes a new overview page, user experience to configure connectivity to your application, scoping, and attribute mappings experience. The new experience includes all functionality available to customers today, and no customer action required. The new experience will start rolling out at the end of October 2024, but customers can still use the existing experience through January 2024.
Important Update: Azure AD Graph Retirement - The retirement of the Azure AD Graph API service began on 1 September 2024 and will eventually impact both new and existing applications. As Microsoft deploys the phase starting over the coming weeks, new applications will not be able to use Azure AD Graph APIs unless they are configured for extended access. Microsoft Graph is the replacement for Azure AD Graph APIs, and Microsoft strongly recommends immediately migrating use of Azure AD Graph APIs to Microsoft Graph and limiting any further development using Azure AD Graph APIs.
Required action - To avoid service disruptions, please follow instructions to migrate applications to Microsoft Graph APIs.
If you need to extend Azure AD Graph access for an app to July 2025If you have not fully completed app migrations to Microsoft Graph, you can extend this retirement. If you set the blockAzureADGraphAccess attribute to false in the application’s authenticationBehaviors configuration, the application will be able to use Azure AD Graph APIs through June 30, 2025.
Important Update: AzureAD PowerShell and MSOnline PowerShell retirement - As of March 30, 2024, the legacy Azure AD PowerShell, Azure AD PowerShell Preview, and MS Online modules are deprecated. These modules will continue to function through March 30, 2025, after which they will be retired and stop functioning. Microsoft Graph PowerShell SDK is the replacement for these modules and you should migrate your scripts to Microsoft Graph PowerShell SDK as soon as possible.
To help you identify usage of Azure AD PowerShell in your tenant, you can use the Entra Recommendation titled Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph. This recommendation will show vendor applications that are using Azure AD Graph APIs in your tenant, including AzureAD PowerShell.
Dynamic type versioning in Bicep templates for Microsoft Graph • Microsoft Learn
13 Sep - MC889517 - Take action: Enable multifactor authentication for your tenant before October 15, 2024
From the community…
🚀 Most popular posts from last week
Conditional Access Blueprint • Jasper Baes
Break the glass strategy • Julian Rasmussen
Authentication Methods – What Happens If I Click That Button • Brian Reid
☀️ Learn
🔑 Authentication
CyberArk: Comply with mandatory multi-factor authentication (MFA) on Azure • CyberArk
Windows Hello for Business: Enhanced Security with Multi-Factor Unlock • Oliver Müller
Using FIDO2 keys in VMWare Workstation • Martin Rublik
How to test NPS MFA using radclient • Martin Rublik
🤖 DevOps & PowerShell
Graph Batch Endpoint • Jannik Reinhard
My PowerShell module to enable Entra ID PIM roles as a user • Rakhesh Sasidharan
🖥️ Devices
MAM for Windows app on iOS/iPadOS (Part 2) – Fun with filters • Roman Kleyn
Windows 11 24H2 released with Windows LAPS improvements – Our Cloud Network • Daniel Bradley
📒 Tenant Configuration
SharePoint Oversharing, Governance, and Lifecycle • Tony Redmond
🛍️ External ID - Customers
Using Azure AD B2C custom policies with Entra External ID • Rory Braybrook
⚒️ Toolkit
EntraFIDOFinder - PowerShell Module to find compatible FIDO2 keys for Entra • Clayton Tyger
🎙️ Podcasts
Ctrl+Alt+Azure • Approaching security assessments for your Microsoft tenant • Tobias Zimmergren, Jussi Roine
📺 Watch
Automating Microsoft Entra External ID (15 min) • Daniel Krzyczkowski
Why Your Entra ID Protection Strategy Is Weak [5 Critical Mistakes] (7 min) • Ru Campbell
Microsoft Entra ID The Ultimate Getting Started Guide (Oct 2024) (45 min) • Andy Malone
Why you shouldn't allow personal enrollment for Windows with Intune (12 min) • Steve Weiner
Manager Package Requests on Behalf of Their Reports (5 min) • John Savill
Microsoft Entra Private Access & Risk Based Policies (11 min) • Rio Hindle
👨🏽💻 Merill’s corner
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.