As we near the end of September, we bring you the latest edition of our monthly developer update, summarizing the latest news and developments in the ever-evolving world of Microsoft Entra.
This month we cover significant roll outs designed to enhance both security and user experience. From the general availability of Face Check with Microsoft Entra Verified ID, which offers advanced protection against identity fraud, to new public previews like passkey authentication for Android apps.
You’ll find key information about these developments in this blog post as well as links to further guidance, helping you integrate these updates into your applications.
Let’s dive in!
What went Generally Available since August 2024?
- Face Check with Microsoft Entra Verified ID: This new feature adds a critical layer of trust by matching a user’s real-time selfie and the photo on their Verified ID, which is usually from a trusted source, such as a passport or driver’s license. Sensitive identity data remains protected—only match results are shared. Face Check effectively detects and rejects various spoofing techniques, including deepfakes, further safeguarding your user’ identities.
New public previews
- Passkey authentication in brokered Microsoft apps on Android: Microsoft Entra ID users can now sign into Microsoft apps on Android devices using passkeys, provided they have an authentication broker like Microsoft Authenticator or Microsoft Intune Company Portal installed.
- Microsoft Entra ID FIDO2 provisioning APIs: Microsoft Entra ID now supports FIDO2 provisioning via API, allowing organizations to pre-provision security keys (passkeys) for users. These new APIs can simplify user onboarding and provide seamless phishing-resistant authentication on day one for employees.
- Microsoft Entra External ID – SMS as an MFA method: SMS is now supported as a multi-factor authentication (MFA) method in Microsoft Entra External ID. Built-in telecom fraud protection is included through integrations with the Phone Reputation Platform.
News, updates, and resources
- As part of our commitment to providing our customers with the highest level of security, we previously announced that Microsoft will require multi-factor authentication (MFA) for users signing into Azure.
- The scope of the MFA enforcement includes Microsoft Entra admin center in addition to the Azure portal and Intune admin center, and will be rolled out starting in the second half of the calendar year 2024.
- Beginning in early 2025, gradual enforcement of MFA at sign-in for the Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence.
- Microsoft will send a 60-day advance notice to all Microsoft Entra global admins by email and through Azure Service Health Notifications to notify them of the start date of enforcement and required actions.
- Additional notifications will be sent through the Azure portal, Microsoft Entra admin center, and the Microsoft 365 message center.
- In line with Microsoft’s Secure Future Initiative, legacy MFA settings, including MFA Fraud Alert and block/unblock users, will be retired in the Azure Public cloud by March 1st, 2025.
- If you are using these settings, you need to migrate to using Report suspicious activity to allow users to report fraudulent verification requests.
- We will start releasing UX updates for application provisioning, HR provisioning, and cross-tenant synchronization starting in September 2024.
- This will include a new overview page, user experience to configure connectivity to your application, and new create provisioning experience. The new experiences will include all functionality available to customers today.
- We’ve refined the messaging in the SSO enrollment dialog (consent) to make it easier for end users to understand the choice(s) they can make and the impact of their choice(s).
- The changes also include a ‘Learn more’ link on the screen to provide users with more information.
- Starting late September 2024, applications indicated as SAML applications (via the preferredSingleSignOnMode property of the service principal) cannot be issued JWT tokens. This will improve the security of apps.
- This means they cannot be the resource application in OIDC, OAuth2.0, or other protocols using JWTs.  
- This change will only affect SAML applications attempting to take a new dependency on JWT-based protocols.
- Existing SAML applications already using these flows will not be affected.  
- As part of ongoing security hardening, we have removed unused permissions from the privileged Directory Synchronization Accounts role.
- This role is exclusively used by Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync to synchronize Active Directory objects with Microsoft Entra ID.
- There is no action required by customers to benefit from this hardening and the revised role permissions are documented on Microsoft Learn.
- Learn what is new with Microsoft Entra, such as the latest release notes, known issues, bug fixes, deprecation functionality, and upcoming changes. You can find releases specific for Sovereign Clouds on a dedicated release notes page.
- Check out our latest blog article regarding the mandatory multi-factor authentication for Azure sign-ins.
- Understand how Microsoft and NIST are collaborating to advance the Zero Trust implementation.
Identity developer blog
- ICYMI: An overview of the latest updates in Microsoft Entra for Aug 2024. Discover how these new capabilities can be integrated into your projects for optimal performance and security.
- The user insights feature in Microsoft Entra External ID, now generally available, provides valuable metrics on user behavior through Microsoft Graph APIs and dashboards in the Microsoft Entra admin center. This blog post will guide you through building a customized Power BI dashboard using user insights to analyze metrics like total user count, active users, and MFA usage.
- Discover how the custom claims feature, now available in public preview for Native Authentication on Microsoft Entra External ID, enhances your app’s authentication process. This new capability allows you to tailor app behavior, based on specific user data, by allowing apps to dynamically add custom claims to authentication tokens via a custom claims provider during user sign-up or sign-in.
- Explore the new Microsoft Entra External ID extension for Visual Studio Code, now Generally Available (GA), created to simplify CIAM integration in your development process. See how this extension provides a smooth experience for setting up External ID applications from within VS Code.
Stay connected and informed
This blog post aims to keep you informed and engaged with the latest Microsoft Entra developments, helping you harness these new features and capabilities in your identity development journey.
To learn more or test out features in the Microsoft Entra portfolio, visit our developer center. Make sure you subscribe to the Identity developer blog for more insights and to keep up with the latest on all things Identity. And, follow us on YouTube for video overviews, tutorials, and deep dives. 
Stay tuned for more updates and developments in the world of Microsoft Entra!
0 comments
Be the first to start the discussion.