Microsoft Entra Identity Platform

A developer platform that helps protect your users and data.

SPA developers: Migrate to auth code flow with PKCE

December 1, 2023 Dec 1, 2023 12/1/23

Emily Lauber

SPA developers should leverage the auth code flow with PKCE for improved resiliency, security, and UX when third-party cookies are blocked by a browser.

Adding flexibility to authentication with Microsoft Entra External ID custom extensions

November 16, 2023 Nov 16, 2023 11/16/23

Adam Matthews

As the Microsoft Ignite conference gets underway, we announce the public preview of a new set of custom extension points for Microsoft Entra External ID.

Introducing Native Authentication for consumer mobile applications

November 14, 2023 Nov 14, 2023 11/14/23

Kaushik Kislay

This blog post outlines the importance of smooth and brand-aligned login processes for customer satisfaction and loyalty. We invite you to take an early look at work we're doing to help you make your mobile app login journeys more user-friendly and in line with your brand's identity.

Introducing Trusted Certificate Authorities (public preview) in App management policy

November 9, 2023 Nov 9, 2023 11/9/23

Saurabh Madan

In March 2023, we announced a framework called App management policy which allows admins to implement security best practices for applications in their tenant. Now, we've added a new capability that allows admins to define trusted certificate issuers for their tenant. Attempts to add an app certificate that does not meet the criteria defined in the policy will be rejected.

Feature recap ahead of our annual conference, Microsoft Ignite!

November 8, 2023 Nov 8, 2023 11/8/23

Adam Matthews

In the run-up to Microsoft Ignite, we look at a new feature, released to public preview, that informs strategy and bolsters decision-making for a more intuitive and informed development process.

Public vs. confidential clients and how to avoid common security pitfalls in identity

October 18, 2023 Oct 18, 2023 10/18/23

Brian Melton-Grace

This blog post delves into the critical differences between public clients, which are inherently more exposed and vulnerable, and confidential clients, which operate under stringent security measures to safeguard sensitive data. You’ll discover why knowing the difference matters and learn a few best practices to help you avoid common pitfalls.

Join us in shaping the future of multicloud workload identity

September 28, 2023 Sep 28, 2023 09/28/23

Hosam Shahin, Pieter Kasselman

As businesses adopt multicloud strategies, the challenge of deploying, maintaining, and managing least privilege access between workloads within and across clouds is growing. We’re building a streamlined, unified solution and we want your input. Join us on this journey!

Identity is not just for humans

September 19, 2023 Sep 19, 2023 09/19/23

Pieter Kasselman

Part of a three-part series on why we need machine identities, what the key building blocks are, what standards are available, and what gaps we need to fill.

Introducing MSAL.Browser v3: What developers need to know

September 7, 2023 Sep 7, 2023 09/7/23

Emily Lauber

MSAL.Browser releases a v3 with performance improvements, updated framework support, and minimal breaking changes.

Get Microsoft Entra developer news in your inbox

July 31, 2023 Jul 31, 2023 07/31/23

James Casey

We're excited to announce that you can now subscribe to the Microsoft Entra Developer blog via email! By subscribing, you’ll get the latest updates on Microsoft Entra delivered straight to your inbox. And let’s be honest, who doesn’t love getting fun and exciting emails?