👋 Hi, Merill and Joshua here with this week’s roundup of the latest news on Microsoft Entra from around the globe 🌍.

The big news of the week is the launch of the new Zero Trust workshop from Microsoft. Check out the website at aka.ms/ztWorkshop and the How to implement a Microsoft Zero Trust Workshop video (below).

The other big news is the Microsoft tech community is growing on 🦋 Bluesky as more folks migrate away from Twitter. So I launched bluesky.ms to help us find each other, if you are in the Microsoft community check it out and sign up. Here’s my Bluesky profile.

Enjoy!

⚡️ Microsoft

🏆 General Availability

• ​​Zero Trust Workshop: Advance your knowledge with an online resource • Mike Adams

• Microsoft Entra ID Governance for government • Kaitlin Murphy

📖 Read

• Add Authentication to Apps in Minutes • Joylynn Kirui

• Sync identities from Rippling to Microsoft Entra ID • Manmeet Bawa

📺 Watch

• How to implement a Microsoft Zero Trust Workshop

• 425 Show | Phishing-Resistant Passwordless Deployment Guide (58 min) • Michael Epping, Tim Larson

✨ Entra What’s New

To view the details for these, browse to Entra Admin Centre → What’s new

• Access Token changes

  If your client application currently parses access tokens, please review and update your code in line with best practices outlined in the blog post.

  • Change in format for aud claim in access tokens for Microsoft Graph (Breaking Change)

    • Considering our ongoing commitment to security, we are making a minor change to tokens issued for Microsoft Graph after 15 January 2025. In rare cases, this may cause impact to applications if the client application is parsing the access token and expecting a specific format of the aud claim .

  • Encrypted Access Tokens for Microsoft APIs (Breaking Change)

    • As of October 2024, Microsoft is gradually enabling encrypted access tokens across more of its APIs. This change alters the format of access tokens for Microsoft-owned APIs.

    • Why This Matters: If applications rely on specific token formats (e.g., expecting a URI in the ‘aud’ claim rather than a GUID), these assumptions may cause functionality issues as token formats change.

• Retirement of legacy user authentication methods management experience in Entra Portal

  • Starting October 31 st , 2024 , we will retire the ability to manage user authentication methods in the Entra Portal via the legacy user interface (UI) . Instead, we will only surface the modern UI which has full parity with the legacy experience in addition to the ability to manage modern methods ( e.g. Temporary Access Pass, Passkeys, QR+Pin , etc.) and settings. This will not impact how end users can manage their own authentication methods or their ability to sign-in to Entra.

• Enhancements to Attribute Collection in Entra External ID

  • Starting February 2025, we’re excited to announce an important update to the attribute collection page in Entra External ID. When users sign up, they will now see a persistent label next to each input field for both built-in and custom attributes.

🗣️ Message Center

• 06 Nov - MC926195 - Entra ID: Expansion of WhatsApp as an MFA one-time passcode delivery channel

From the community…

🚀 Most popular posts from last week

• Top Recommended Security Settings for Microsoft Entra ID: A Guide for M365 Admins • Sreejith Reghunathan Pillai

• Hardening Entra ID • Truls Dahlsveen

• Four Practical Tools and Strategies for Success with Conditional Access Policies • Jasper Baes

☀️ Learn

👮‍♂️ ID Governance

• Step-by-Step Guide : Process Entra ID Entitlement Management Access Package on-behalf of another user (preview) • Dishan M. Francis

🌐 Private Access & Internet Access (GSA)

• Entra ID Private Access with private integrated storage accounts • Robbe Van den Daele

• Embrace Zero Trust Model using Entra Private Access and PIM • Moe Kinani

📦 Apps

• Testing Entra ID SaaS OIDC Apps With JWT.ms • Brian Reid

🔑 Authentication

• CyberArk Extends Partnership with Microsoft to Simplify Entra ID Authentication • Yuval Glasner

👥 Group Management

• How to Use the Graph SDK to Manage Group-Based Licensing • Tony Redmond

🤖 DevOps & PowerShell

• PowerShell – Getting M365 Tenant ID From Domain List • Adam Fowler

• Microsoft recommends use of the unifiedRoleDefinition APIs • Daniel Bradley

🚦 Conditional Access

• The Final Countdown: Wrapping Up Conditional Access with Application Specific protection • Sebastian Flæng Markdanner

• Microsoft Entra ID: Revoke user access in an emergency • Oliver Müller

🔐 Credential Management

• Security made easy! Pre-provision FIDO2 keys for your users with PowerShell! • Per-Torben Sørensen

🖥️ Devices

• Autopilot Device Preparation – Add Service Principal • Andrew Taylor

📈 Reporting and Insights

• Entra External ID in Edu - The best solution for parent identity I've seen so far • Chris Beattie

🥷 Security

• Mandiant: (In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments • Thibault Van Geluwe de Berlaere, Karl Madden and Corné de Jong

📒 Tenant Configuration

• Restrict non-admin access to the Microsoft Entra portal with PowerShell • Daniel Bradley

🎙️ Podcasts

• Cloud Inspires Podcast - Security Research in Microsoft Entra • Gregor Reimling, Thomas Naunheim

📺 Watch

• How Hackers Persist & Privesc in Microsoft 365 (27 min) • John Hammond

• New M365 Copilot Admin Role - AI Administrator (1 min) • John Savill

• How to Document Your Conditional Access Policies (9 min) • Steve Weiner

🔥 Maester

• Maester — Bicep Templates for your Microsoft Security Test Automation Framework • Brian Veldman

👨🏽‍💻 Merill’s corner

Are you a Microsoft customer and don't know where to start on your Zero Trust journey? Or maybe you have some Microsoft Security products deployed and want to improve your standing and close any gaps.

Microsoft just released the Microsoft Zero Trust Deployment workshop. The roadmap and workshop is based on Microsoft's extensive experience in successfully deploying Microsoft Security products for some of our largest enterprise customers.

You can ask Microsoft to run these workshops for you (reach out to your Microsoft contact), work with our Microsoft Partners that have been trained on running the workshop or if you have expertise in-house you can run this as a self-assessment.

The workshops are typically 2hrs for each pillar and the initial release includes the three core pillars Identity, Device and Data.

The Zero Trust workshop has been one of the major projects I've worked on at Microsoft and I loved collaborating with my colleagues from the rest of the Microsoft Security org including Intune, Purview and more.

I'm super proud of the final form of the workshop.

For those who follow me, you'll notice my handiwork in the website, the spreadsheet (including the design and layout) and the PowerShell module.

🪃 Acknowledgement of Country

Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. We pay our respect to them and their cultures and to elders both past and present.