Entra.News #43: This week in Microsoft Entra
Learn about passkeys public preview, GA of External ID, Group sync to AD and more!
👋 Hi folks. We had some HUGE Entra announcements this week! Read about the passkeys public preview in Entra ID as well as passkey support for your personal Microsoft account.
Learn about all the other previews and if you are at RSA this week don’t forget to attend all the Entra sessions and say hi to the Entra team at the conference.
PSA. If you haven’t added a passkey for your personal Microsoft account, set it up today by browsing to aka.ms/AddProof.
Enjoy!
⚡️ Microsoft
🏆 General Availability
🌟 Announcing General Availability of Microsoft Entra External ID • Levent Besik
🌟 Microsoft introduces passkeys for consumer accounts • Vasu Jakkal
🌟 Provision groups to Active Directory using Microsoft Entra Cloud Sync • Microsoft Learn
PIM approvals and activations on the Azure mobile app (iOS and Android) are available now
Customers can now approve or deny incoming PIM activation requests, in addition to activating Microsoft Entra ID and Azure resource role assignments, directly from the app on their phone.On-premises password reset remediates user risk
Organizations who enabled password hash synchronization can now allow password changes on-premises to remediate user risk.Custom Claims Providers enable token claim augmentation from external data sources
A custom claims provider is a type of custom authentication extension that calls a REST API to fetch claims from external systems. A custom claims provider maps claims from external systems into tokens and can be assigned to one or many applications in your directory.Dynamic Groups quota increased to 15,000
Microsoft Entra organizations could previously have a maximum of 5,000 dynamic groups and dynamic administrative units combined. This quota has now been increased to 15,000.Lifecycle Workflows: Export workflow history data to CSV files
In Lifecycle Workflows, IT admins can now export their workflow history data across users, runs, and tasks to CSV files for meeting their organization's reporting and auditing needs.Microsoft Graph activity logs
Microsoft Graph activity logs give you visibility into HTTP requests made to the Microsoft Graph service in your tenant. With rapidly growing security threats, and an increasing number of attacks, this log data source allows you to perform security analysis, threat hunting, and monitor application activity in your tenant.Quick Microsoft Entra Verified ID setup
The quick setup takes care of signing keys, registering your decentralized ID, and verifying your domain ownership. It also creates a Verified Workplace Credential for you.Self-service password reset Admin policy expansion to include additional roles
Self-service password reset (SSPR) policy for Admins has expanded to include 3 additional built-in admin roles.Decommissioning of Group Writeback V2 (Public Preview) in Entra Connect Sync
The public preview of Group Writeback V2 (GWB) in Entra Connect Sync will no longer be available after June 30, 2024. After this date, Connect Sync will no longer support provisioning cloud security groups to Active Directory.
🔥 Public Preview
🌟 Expanding passkey support in Microsoft Entra ID • Alex Weinert
🌟 External authentication methods in Microsoft Entra ID • Nitika Gupta
FIDO2 authentication in Android web browsers
Users can now sign in with a FIDO2 security key in both Chrome, and Microsoft Edge, on Android. This change is applicable to all users who are in scope for the FIDO2 authentication method. FIDO2 registration in Android web browsers isn't available yet.Native Authentication for Microsoft Entra External ID
Native authentication empowers developers to take complete control over the design of the sign-in experience of their mobile applications. It allows them to craft stunning, pixel-perfect authentication screens that are seamlessly integrated into their apps, rather than relying on browser-based solutions.Conditional Access What If API
The Conditional access What If API can be used to programmatically test the impact of conditional access policies on user and workload identity signins.Configure custom workflows to run mover tasks when a user's job profile changes
Lifecycle Workflows now supports the ability to trigger workflows based on job change events like changes to an employee's department, job role, or location and see them executed on the workflow schedule.Assign Microsoft Entra roles using Entitlement Management
When you include a Microsoft Entra role as a resource in an access package, you can also specify whether that role assignment is “eligible” or “active”.
📖 Read
Microsoft Entra announcements and demos at RSAC 2024 • Irina Nechaeva
Microsoft named an overall leader in KuppingerCole Leadership Compass for ITDR • Alex Weinert
📺 Watch
What are passkeys? Explained in under 4 minutes (4 min) • Microsoft Security
How to Set Up Microsoft Entra ID Protection (6 min) • Etan Basseri, Megan Walsh
What is Microsoft Entra ID Protection? (5 min) • Etan Basseri, Megan Walsh
📆 Upcoming Events
Introducing Microsoft Entra ID External Authentication Methods • May 15, 2024, 9am PT (Registration required)
From the community…
☀️ Learn
💳 Verified ID
How to set up Microsoft Entra Verified ID • Rudy Mens
👮♂️ ID Governance
The way of the Cookie • Niels Hofmans
PIM Access Review • Irwin Strachan
🔑 Authentication
All Roads to Entra ID SSO • Julian Sperling
Demystifying Passkeys and Extending Microsoft Entra with Passwordless Authentication • Jon Towles
Hardening your Identities: Microsoft Authenticator device-bound passkey • Oliver Müller
How to use Passkeys in Microsoft Authenticator for Microsoft Entra ID • Rudy Mens
Setup External Authentication Methods in Microsoft Entra ID – Our Cloud Network • Daniel Bradley
Passkeys in Microsoft Authenticator and Entra ID • Samuel Eng
👥 Group Management
🤖 DevOps & PowerShell
Find all license-enabled groups in Microsoft Entra with PowerShell • Daniel Bradley
How to find the underlying MS Graph URL from a Microsoft Graph PowerShell commandlet • Bac Hoang
Securely storing and retrieving credentials with Azure Key Vault in PowerShell scripts • Christian Frohn
Default Azure Credentials Under the Hood • Tore Nestenius
🚦 Conditional Access
Conditional Access Gap Analyzer Workbook in Entra ID • Admin Droid
🖥️ Devices
How to enable Entra ID Single Sign-on on macOS • Lukas Beran
🥷 Security
How to enforce usage of Privileged Access Workstations for Admins • Sascha Windrath
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja • nyx geek
Investigating Microsoft Graph Activity Logs • Bert-Jan Pals
♻️ Sync
⚒️ Toolkit
🏅 EntraIDPasskeyHelper • Fabian Bader
Teams Guest User Overview - A lightweight admin tool in Microsoft Teams to get an overview of guest users in your tenant • Dan Toft, Jeppe Spanggaard Christensen
Custom External Authentication Method code sample • Damien Bowden
🎙️ Podcasts
Google Next, Copilot for Security and Passkeys - Cloudfirst Podcast • Marius Sandbu, Marius Solbakken Mellum
📺 Watch
Support Approved Elevations for Microsoft Endpoint Privilege Management (EPM) (17 min) • CloudManagement.Community
External Authentication Methods (Public Preview) (6 min) • Rio Hindle
👨🏽💻 Merill’s corner
Security Group Sync
Provisioning security groups from Entra ID to on-prem AD just went GA! 🤩 With this, you can move to a cloud-first approach to managing groups in Entra ID while allowing on-prem apps to continue working.
Even better, you can use ID Governance to govern access to on-prem apps and make use of access reviews, lifecycle workflows and more!
This feature is available in Entra Cloud Sync which can run side by side with Entra Connect Sync!
Entra Single Sign On
This is a neat visualization by Julian Sperling of all the single-sign on options available in Microsoft Entra ID.
✅ Windows → Entra joined / Entra hybrid joined with PRT
✅ Windows → Domain joined with Seamless SSO
✅ macOS → Enterprise SSO (soon Platform SSO)
✅ iOS → Authenticator or Enterprise SSO
✅ Android → Authenticator
✅ 3rd Party Identity Provider → Federation
✅ Modern apps → SAML or OIDC
✅ Legacy apps → Entra Private Access or App Proxy
🪃 Acknowledgement of Country
Entra.News is created on Wurundjeri land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.