June 2024: A look at the latest Microsoft Entra key feature releases, announcements, and updates

Adam Matthews

Welcome to the June edition of our monthly developer update, summarizing the latest news and developments in the ever-evolving world of Microsoft Entra. 

We’ve rolled out several significant enhancements, from new Generally Available (GA) features to exciting updates in public preview. These updates can significantly streamline your development workflow.

In this edition, we’re excited to announce the General Availability of Microsoft Entra External ID, a developer-friendly CIAM solution, enabling you to quickly integrate identity into your customer-facing applications. Additionally, Bicep templates for Microsoft Graph resources and Custom URL Domains are available in public preview.  

You’ll find key information about these developments in this blog post as well as links to further guidance, helping you integrate these updates into your applications. 

We’ve also just launched our new Microsoft Identity Platform Developer Center. The Developer Center is a one stop shop where you can learn about the Identity Platform, the developer-oriented Microsoft Entra products, and how we integrate Identity across all Microsoft products. Quickly navigate to relevant documentation, watch overview and deep dive videos about products and features, access samples and tutorials, and see the latest developer blog posts.

What went Generally Available (GA) since May 2024? 

  • Microsoft Entra External ID: Our next generation, developer-friendly customer identity access management (CIAM) solution, enabling you to quickly integrate identity into your customer-facing applications. Whether you’re building applications for partners, business customers, or consumers, External ID makes secure and customizable identity management simple.

  • Multiple passwordless phone sign-in for Android devices: End users can now enable passwordless phone sign-in for multiple accounts in the Microsoft Authenticator app on any supported Android device. This feature is particularly useful for consultants, students, and others who have multiple accounts in Microsoft Entra ID. Each account can be added to Microsoft Authenticator, allowing for passwordless phone sign-in from the same Android device. The Microsoft Entra ID accounts can be in the same tenant or different tenants. Guest accounts are not supported for multiple account sign-in from one device.

New public previews

  • Bicep templates for Microsoft Graph resources: Bicep templates bring declarative infrastructure-as-code (IaC) capabilities to Microsoft Graph resources. They allow you to define the tenant infrastructure you want to deploy, such as groups or applications, in a file, then use the file throughout the development lifecycle to repeatedly deploy your infrastructure.

  • Custom URL Domains for Microsoft Entra External ID: Custom URL domains provide flexibility and customization for the authentication journey in your application, enabling you to replace the default Microsoft authentication domain name with your own branded domain name.

  • External authentication method (EAM): Enables customers to use an external authentication provider for their users to satisfy the second factor of Microsoft Entra ID MFA requirements.

  • Platform Single-Sign-On (SSO) for macOS with Microsoft Entra ID: Platform SSO is a new capability on macOS that is enabled using the Enterprise SSO plug-in. This feature allows users to log on to a Mac using their Microsoft Entra ID password, smartcard, or benefit from SSO through a hardware-bound key.

News, updates, and resources

  • You can now utilize $select in the signIn API to reduce the number of attributes that are returned for each log. This adaption should greatly help customers who deal with throttling issues, and allow every customer to run faster, more efficient queries.

  • Name change: The Windows Account extension is now the Microsoft Single Sign-On extension in the Microsoft documentation and the Chrome store. The Windows Account extension has been updated to represent the new macOS compatibility. It offers single sign-on and device identity features in conjunction with the Enterprise SSO plug-in for Apple devices. This is just a name change for the extension, there are no software changes to the extension itself.

  • After June 30, 2024 the MSOnline PowerShell module will no longer support legacy authentication. The MSOnline PowerShell module is now deprecated, and though the MSOnline module will continue to function through March 30, 2025, use of legacy authentication with MSOnline PowerShell will stop working after June 30, 2024. Legacy authentication was only available in older versions of MSOnline PowerShell and in light of best practices, we’ll no longer support the MSOnline PowerShell module with legacy authentication. Legacy authentication may be used if the Microsoft Online Sign-In Assistant package is installed on the client, or in versions below 1.1. Recommended actions are to migrate to the Microsoft Graph PowerShell SDK, or to upgrade MSOnline to version before June 30 to avoid disruption.

  • We’re making a security update to Microsoft Entra ID such that the use of older unpatched versions of Windows which still use the less secure Key Derivation Function v1 (KDFv1) will no longer be supported. Once the update is rolled out, unsupported and unpatched Windows clients will no longer be able to sign in to Microsoft Entra ID. If your Windows devices have security patches after July 2021, no action is required. If your Windows devices do not have security updates after July 2021, update Windows to the latest version/ build to maintain access to Microsoft Entra ID. All currently supported versions of Windows have the required patch. See the 2021 security update notification CVE-2021-33779 for details.

  • Starting August 2024, new Microsoft Entra applications will receive v2 access tokens by default, instead of v1. This applies to applications created with any interface, such as the Microsoft Entra portal, Azure portal, PowerShell/CLI, or the Microsoft Graph application API. For more information on differences between token versions, refer to our documentation on Access tokens in the Microsoft identity platform and Access token claims.

  • 2024 State of Multicloud Security Risk Report: Gain insights into mitigating the primary identity and permission risks across multi-cloud environments, along with other security and data security concerns.

  • Learn what’s new in Microsoft Entra, such as the latest release notes, known issues, bug fixes, deprecation functionality, and upcoming changes. You can find releases specific for Sovereign Clouds on a dedicated release notes page. 

Identity blog

  • ICYMI: An overview of the latest updates in Microsoft Entra for May 2024. Discover how these new capabilities can be integrated into your projects for optimal performance and security.

  • Announcing the General Availability (GA) of Microsoft Entra External ID, a next-generation customer identity and access management (CIAM) solution. Introduced in May 2023, External ID provides improved security, scalability, and user experience for adding authentication to your external facing apps.

  • Announcing the public preview of Bicep templates for Microsoft Graph resources. These templates introduce declarative infrastructure-as-code (IaC) capabilities for Microsoft Graph resources, initially targeting core Microsoft Entra ID resources. Define and deploy your tenant infrastructure, such as Entra ID groups or applications, using a Bicep file throughout the development lifecycle.

  • Announcing the public preview of Custom URL Domains for Microsoft Entra External ID, which allow you to replace default Microsoft authentication domain endpoints with your own branded domains. This feature offers flexibility and customization for the authentication journey. The blog post explores custom URL domains, detailing how to configure them to create a personalized sign-in experience that reflects your brand identity.

Stay connected and informed 

This blog post aims to keep you informed and engaged with the latest Microsoft Entra developments, helping you harness these new features and capabilities in your identity development journey. 

To learn more or test out features in the Microsoft Entra suite of products, visit our new developer center. Make sure you subscribe to the Identity blog for more insights and to keep up with the latest on all things Identity. And, follow us on YouTube for video overviews, tutorials, and deep dives. 

1 comment

Leave a comment

  • James 0

    new Microsoft Entra applications will receive v2 access tokens by
    default, instead of v1

    It’d be great either/both of the two documents you linked to were updated to reflect this. 🙂

Feedback usabilla icon