Entra π News #60 β This week in Microsoft Entra
Learn about Microsoft switching from SailPoint to Entra ID Governance π, upcoming breaking changes π ββοΈ, Kerberos SSO to on-prem AD in macOS ππ», changes to the Sync account role and more!
πΒ Hi, Merill and Joshua here with this weekβs roundup of the latest news on Microsoft Entra from around the globe π .
A quick shoutout to everyone in Australia π¦π¦πΊ who is celebrating Fatherβs day today.
Hereβs a neat little tidbit: While the most popular date for Father's Day internationally is the third Sunday in June, Australia decided to move the date so that it wouldn't be celebrated during the cold of Australian winter. The first Sunday in spring was therefore chosen, giving Aussie families the opportunity to celebrate outdoors with a barbecue.
Enjoy!
β‘οΈ Microsoft
Microsoft Security implements Microsoft Entra ID Governance and saves over $1.5 million per year
The Digital Security and Resilience team at Microsoft switches from SailPoint IIQ to Microsoft Entra ID.
π General Availability
Restricted permissions on Directory Synchronization Accounts (DSA) role in Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync - As part of ongoing security hardening, we've removed unused permissions from the privileged "Directory Synchronization Accounts" role. This role is exclusively used by Microsoft Entra Connect Sync, and Microsoft Entra Cloud Sync, to synchronize Active Directory objects with Microsoft Entra ID. There's no action required by customers to benefit from this hardening, and the revised role permissions are documented here β Directory Synchronization Accounts.
π₯ Public Preview
Provisioning UX Updates - We'll start releasing user experience updates for application provisioning, HR provisioning, and cross-tenant synchronization next month. This includes a new overview page, user experience to configure connectivity to your application, and new create provisioning experience. The new experiences include all functionality available to customers today, and no customer action is required.
SMS as MFA in Entra External ID β’ Microsoft Learn
πΒ Plan for change
New Certificate Authorities for login.microsoftonline.com: Action required from customers who only trust DigiCert certificates - Microsoft Entra ID is introducing new Certificate Authorities (CAs) for server certificates for the domain login.microsoftonline.com. At present, connections to login.microsoftonline.com are exclusively presented with DigiCert certificates. Starting on October 1, 2024, you may also encounter certificates issued by Microsoft Azure CAs.
This could impact customers who do not trust Microsoft Azure CAs or have pinned client-side to DigiCert certificates, as they may experience authentication failures.
To prevent potential issues, we recommend trusting all Root and Subordinate CAs listed in the Azure Certificate public documentation.
(Merillβs note: The link above opens the Whatβs New blade in the Entra Admin Center, unfortunately the blade doesnβt support direct links to this post so you will need to look it up in the βChange announcementsβ tab).My Security-Info Add sign-in method picker UX update - Starting late August 2024, the "add sign-in method" dialog on the My Security-Info page will be updated with improved sign-in method descriptions, and a modern look and feel. With this change when users select "add sign-in method", they'll initially be recommended to register the strongest method available to them which is allowed by organizational authentication method policy. Users have the ability to select "show more options", and choose from all available sign-in methods allowed by their policy.
This change occurs automatically, and admins won't need to take any action.
πΒ Read
Aug 2024: A look at the latest Microsoft Entra key feature releases, announcements, and updates β’ Adam Matthews
How to build customized Power BI dashboards with user insights data in External ID β’ Sharon Rutto
How Microsoft Entra ID supports US government agencies in meeting identity security requirements β’ Joy Chik
Enable Kerberos SSO to on-premises Active Directory and Microsoft Entra ID Kerberos resources in Platform SSO β’ Microsoft Learn
πΊΒ Watch
Automate user enrollment with Dynamic Groups. (1 min) β’ Microsoft Mechanics
Microsoft Entra Verified ID: Seamless Remote Onboarding & Secure Access (55 min) β’ Jai Maharaj, Yusuke Kodama
π Upcoming Events
The Cloud Identity Summit is a hybrid cloud identity conference organized by the Azure Meetup Bonn team in Germany. Itβs a full-day event with an awesome lineup of speakers and sessions, including folks from the Entra PM team.
The in-person tickets are sold out, but you can still register to join online if the timezone works for you (sessions will not be recorded).
Register at www.identitysummit.cloud
From the communityβ¦
π Most popular posts from last week
Best practice for emergency access accounts in Microsoft Entra β’ Daniel Bradley
How to Use Passkey in Authenticator: A Tutorial β’ Simon Skotheimsvik
Mandatory MFA Enforcements! Including Service Accounts and Break Glass Accounts. Now What? β’ Shehan Perera
βοΈ Learn
π¦ Apps
Securing the Gates: Mastering Admin and User Consent in Microsoft Entra ID β’ Sreejith Reghunathan Pillai
Deploy a container to Azure App Services using Azure CLI and user-assigned managed identity β’ Tore Nestenius
π Authentication
Difference between MFA and phishing-resistant MFA β’ Lukas Beran
Detect Impact MFA Enforcement β’ Morten Knudsen
Restricting FIDO2 Passkey Use to Specific Hardware Models in Microsoft Entra β’ James Agombar
π₯Β Group Management & Administrative Units
Why Entra ID can Restore Some Types of Deleted Groups and Not Others β’ Tony Redmond
The Problem with Scoped Audit Log Searches β’ Tony Redmond
π€ DevOps & PowerShell
Automating Access Package Creation for Entra ID roles with PowerShell β’ Maarten Robert Rosier
Start Lifecycle Workflow in Entra ID Governance with PowerShell β’ Christian Frohn
Understanding and Implementing Privileged Identity Management (PIM) Using BICEP β’ Gregor Suttie
PnP PowerShell Changes Its Entra ID App β’ Tony Redmond
Microsoft.IdentityModel.Tokens Has Finally Fixed IsNullOrEmpty Foobar β’ Adam Storr
Remove Direct Licenses for Group-Licensed Users in Microsoft 365 β’ Praba
π¦ Conditional Access
Using Chrome with Intune & Conditional Access Device Signals β’ Gannon Novak
π₯οΈ Devices
How to setup MAM (Mobile Application Management) In Intune β The Series β Part 1: iOS β’ Joery Van den Bosch
AWS announces support for Microsoft Entra ID and Microsoft Intune on Amazon WorkSpaces Personal β’ What's New with AWS
π₯· Security
Microsoft Defender for Identity β Expands support to servers with Microsoft β’ Michael Morten Sonne
ποΈ External ID - Customers
Using the TOTP MFA method in Azure AD B2C with an authenticator application β’ Rory Braybrook
βοΈ Toolkit
BARK β’ https://github.com/BloodHoundAD/BARK
πΊ Watch
What's the difference between Intune and Entra devices? (12 min) β’ Steve Weiner
Migrating from domain to cloud: step-by-step (26 min) β’ Steve Weiner
π₯ Maester
Validate The Security Of Your Microsoft Cloud Environment With Maester β’ Sean McAvinue
π¨π½βπ» Merillβs corner
πͺ Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.