Entra π News #103 β This week in Microsoft Entra
Read about changes in retention to audit history of access reviews, new Microsoft managed app consent policies, info on retirement of Azure AD Graph and Azure AD PowerShell.
π Hi there! Merill and Joshua here, bringing you this weekβs global roundup of Microsoft Entra news.
First up, have you checked your Message Center notifications recently? There are some significant Entra-related updates you need to know about, with three major changes on the horizon. A crucial one is about access review historical information: what used to be virtually unlimited will soon be capped at 12 months. If you haven't archived or backed up older reviews, you'll need to act fast β the deadline is August 15.
Here are some other key dates to mark on your calendar:
Mid-July 2025: Microsoft managed App Consent Policies will be enabled. This means, by default, users will no longer be able to consent to third-party applications accessing their files and sites. For more details, check out this weekβs Entra Chat podcast with Erin Grenlee and also check out our sponsor ENowβs AppGov Score.
September 2025: Apps using Azure AD Graph API will stop working for those who opted for extended access. Be aware that temporary outage tests (8-24 hours) are scheduled between July and September.
October 2025: The AzureAD and AzureAD-Preview PowerShell modules will be retired and will stop functioning. Expect temporary outage tests (8-24 hours) in September 2025.
A Special Request: We have a small favor to ask! Joshua, who co-edits this newsletter, is currently in his first year at RMIT University and is actively looking for a part-time role in IT/Cybersecurity. If you know of any entry-level openings or opportunities that might be a good fit, we'd be thrilled to hear from you. Please email joshua@fdo.net.au or reach out on Joshua's LinkedIn Profile.
Thanks and enjoy this weekβs Entra News and podcast!
The Ultimate Guide to App Consent in Microsoft Entra
In this episode, I sit down with Erin Greenlee, the Product Manager for App Consent on Microsoftβs App Platform Team. We dive into the critical world of app consent and the upcoming Microsoft 365 secure-by-default changes. We explore the nuances of user and admin consent, the impact of the mid-July 2025, policy shift, and how admins can prepare for a moβ¦
Sponsored by:
Discover Entra ID App Risks & Accelerate App Governance
Identify risks in your Entra ID application environment to remediate and reduce security gaps before a threat actor can exploit these vulnerabilities.
ENowβs AppGov Score utility analyzes your tenant and uncovers areas for improvement to strengthen your identity governance posture.
Uncover insights like:
β οΈ Number of high-risk apps
π How many apps use public client flows
π‘οΈ Accounts with app admin privileges
π« Percent of apps lacking admin consent
β Apps without assigned owners
π£ BEC-risky enterprise apps
β³ Expired or expiring client secrets
β‘οΈ Microsoft
π Read
OAuth consent phishing explained and prevented β’ Nitika Gupta
Important Update: Azure AD Graph retirement β’ Kristopher Bash
Important Update: AzureAD PowerShell retirement β’ Kristopher Bash
Streamline user management across Microsoft clouds β’ Joseph Dadzie
πΊ Watch
Build Microsoft Entra custom authentication extensions β’ Yoel Horvitz
π£οΈ Message Center
26 June - MC1103608 - Microsoft Entra ID: Change in guest authentication experience for B2B collaboration [ π© Major Change]
26 June - MC1089315 - Resharing to external users required after enabling Microsoft SharePoint integration with Microsoft Entra B2B [ π© Major Change]
23 June - MC1101895 - Microsoft Entra ID access reviews: Updated historical data retention policy for access reviews [ π© Major Change]
18 June - MC1097272 - Microsoft 365 Upcoming Secure by Default Settings Changes
From the communityβ¦
π Most popular posts from last week
π₯What No One Tells You About Non-Interactive Logs β’ Sapir Federovsky
π₯Automate Compromised Account Remediation in Microsoft 365 β’ Blesslin Rinu
π₯Entra Resiliency - Plans A - E β’ John Savill
βοΈ Learn
π©ββοΈ AI & Copilot
Integrating Entra ID and AI Agent workflows in Azure Logic Apps β’ Brian Veldman
π¦ Apps
Practical Graph: Finding Owners for Ownerless Apps from Audit Data β’ Tony Redmond
π Authentication
Monitoring Entra Auth Methods β’ Martin Rothe
Who Is Still Using Text Messaging For Multi-Factor Authentication β’ Brian Reid
π₯ User & Group Management
How to Offboard Employee in Microsoft 365 β’ Ali Tajran
π€ DevOps & PowerShell
Microsoft 365 PowerShell Modules Need Better Testing β’ Tony Redmond
π¦ Conditional Access
Protecting your Conditional Access Policies: Lean Backup Strategies for Entra ID β’ Klaus Bierschenk
Token Protection Extends to Microsoft Graph PowerShell SDK Sessions β’ Tony Redmond
Entra ID β Known issue (but undocumented) with conditional access β’ Benoit Hamet
π Reporting and Insights
Advanced Monitoring of Microsoft Entra ID Break Glass Accounts with Sentinel, Logic Apps, and MDCA (Part 2/2) β’ Sreejith Reghunathan Pillai
π₯· Security
Beware the Hidden Risk in Your Entra Environment β’ Simon Maxwell-Stewart
nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications β’ Eric Woodruff
Finding Entra ID CA bypasses - the structured way (Slides) β’ Fabian Bader, Dirk-jan Mollema
The Ultimate Guide for Protecting Hybrid Identities in Entra ID (Slides) β’ Nestori Syynimaa
Bringing your own Identity Provider to Entra ID for Persistence and MFA Bypasses (Slides) β’ Dirk-jan Mollema
New Secure by Default Changes in Microsoft 365 β’ Rudy Mens
β»οΈ Sync
Why you should disable Seamless SSO in Microsoft Entra Connect β’ Daniel Bradley
π Tenant Configuration
From warnings that donβt help to ones that do β’ Jonas BΓΈgvad
βοΈ Toolkit
Entra Scopes - Entra ID First Party Apps & Scope Browser - Browse and explore first-party applications including their pre-consented permissions in Microsoft Entra ID β’ Fabian Bader, Dirk-jan
EntraPassTheCert - a post-exploitation tool that allows attackers to request Entra ID's user P2P certificate and authenticate to a remote Entra joinned machine with it. β’ Yuya Chudo
Access Package Builder β’ Nico Wyss
πΊ Watch
How To Make AVD SSO Super Easy For Everyone! β’ Dean Cefola
How to disable Self-Service Password Reset for administrators in Entra ID | Cybersecurity World β’ Cybersecurity World
π₯ Maester
Automatically Generate Maester Tests for Conditional Access β’ Jasper Baes
Read blog post for details on all the new features β Maester June 2025 Release
π Lokka
Lokka MCP Authentication Enhancements β’ Darren Robinson
π¨π½βπ» Merillβs corner
Want to get featured on Entra.News? β Submit your content π
Want us to say nice things about your company? Sponsor entra.news π€©
Love the newsletter? Tell us πβ€οΈπ
πͺ Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.