Microsoft Entra Identity Developer Newsletter – April 2023

Marcus Carvalho

April is here!

It’s time for this month’s highlights:

NOTE: Visit What’s deprecated in Azure Active Directory? for information about all deprecations.


What’s new in libraries

Library Update Summary
Microsoft Authentication Library for JS
  • Remove deprecated telemetry event flushMeasurement() function 
  • Reduce telemetry RAM footprint and improve usability/readability 
Microsoft authentication library for dotnet
  • Simplified managed identity API. Use ManagedIdentityApplicationBuilder to create a IManagedIdentityApplication and call AcquireTokenForManagedIdentity.
  • Added StopLongRunningProcessInWebApiAsync which allows to remove cached tokens based on a long-running OBO key.
Microsoft identity web
  • GetClientAssertion is now public, which enables inheritance of ClientAssertionProviderBase. See PR for details.
  • Id Web now uses TryAdd instead of Add in the InMemory and Distributed caches, this is to not overwrite previously added caches. See issue for details.
  • Id Web now supports MsAuth10ATPop.
Microsoft authentication library common for android
  • [PATCH] Version 4.3.0 was built with RC versions, just need to bump version to 4.3.1
Microsoft Authentication Library for Android
  • [PATCH] Version 4.3.0 was built with RC versions, just need to bump version to 4.3.1
Microsoft Authentication Library for OBJC
  • Performed testing for CIAM behaviors in MSAL
Microsoft Authentication Library Common for OBJC
  • Add more detailed error codes for JIT (#1187)
  • Add support for nested auth protocol (#1175)
  • Return enrollmentId only if homeAccountId and legacyId are both empty (#1191)
  • Prevent crash when missing completionBlock on local interactive aquireToken (#1193)
  • Add support for memorizing certificate preference for CBA on MacOS (#1194)


Developer-focused guidance


Generally Available (GA) since March 2023

  • Authentication methods policy convergence – Enables you to manage all authentication methods used for Multi-Factor Authentication (MFA) and self-service password reset (SSPR) in one policy, migrate off the legacy MFA and SSPR policies, and target authentication methods to groups of users instead of enabling them for all users in the tenant.

  • Provisioning insights workbook – This workbook makes it easier to investigate and gain insights into your provisioning workflows. This includes HR-driven provisioning, Azure AD Connect cloud sync, app provisioning, on-premises hybrid sync, and cross-tenant sync. It automatically surfaces both source and target that provisioning connects to.


Product updates


Identity YouTube Channel

Latest videos on the Identity YouTube channel:


Microsoft identity platform community calls

The Microsoft identity platform developer community call is on the 3rd Thursday of each month with an interesting topic and speaker every month.

To join the call, click here:

Check out our previous call: Staying Up to Date with Authentication for JavaScript Applications

NOTE: There has been an update to the calendar series. To download the new series, go to

Check out our YouTube playlist of all the previously recorded calls Microsoft identity platform community calls.


Workshops and Events

Date Start time End time Event and Registration
4/18 – 4/19 9:00 am (PDT) 12:00 pm (PDT) Explore the Power of Microsoft Graph

4/25 – 4/26

9:30 am (IST)

11:30 am (IST)

How to successfully migrate away from AD FS to Azure AD APAC (English) 

4/25 – 4/26

3:00 pm (CEST)

5:00 pm (CEST)

How to successfully migrate away from AD FS to Azure AD EMEA (English) 

4/25 – 4/26

9:00 am (PDT)

11:00 am (PDT)

How to successfully migrate away from AD FS to Azure AD Americas (English) 
5/2 – 5/4 6:00 am (PDT) 9:00 pm (PDT) Identity Workshop for Developers
5/2 – 5/4 3:00 pm (PDT) 6:00 pm (PDT) Identity Workshop for Developers
5/9 – 5/10 1:00 pm (WEST) 3:00 pm (WEST) Como migrar as suas aplicações com sucesso do AD FS para o AAD (Português)
5/16 – 5/17 10:00 am (EDT) 12:00 pm (EDT) Cómo migrar exitosamente de AD FS a Azure AD (Español)


Check the events page to find about all opportunities to connect with us! Events page


Features for public preview

  • Microsoft Authenticator Lite for Outlook mobile (also known as Companion App) – Enables a subset of Microsoft Authenticator features in Outlook mobile. This enhanced capability in Outlook provides the security benefits of push-based multifactor authentication with the convenience of using an application users already have downloaded to their device.

  • Custom claims provider – Formerly known as token augmentation, this capability allows you to customize the Azure AD authentication experience by integrating with external systems. During the authentication flow an API is called using a custom extension to fetch and map custom claims into the token. The API call is made after the user has completed all their authentication, and a token is about to be issued to the app.

  • Conditional Access (CA): token protection – Token protection attempts to reduce attacks using token theft by ensuring a token is usable only from the intended device. By creating a cryptographically secure tie between the token and the device (client secret) it’s issued to, the bound token is useless without the client secret.

  • App-health related recommendations – Provide you with personalized insights and actionable guidance to improve the hygiene of apps in your tenant. The recommendations are based on best practices, and can help create a clean, manageable, and healthy app portfolio of active applications. The app-health related recommendations include: remove unused applications, remove unused credentials from apps, renew expiring application credentials and renew expiring service principal credentials.

  • Azure AD Application Proxy complex application scenario – Using complex application publishing on Azure AD Application Proxy allows you to create only one application that is made up of multiple URLs across various domains as opposed to having to have several different apps in the past.

  • Azure AD Application Proxy maintenance mode – Provides the ability to enable and disable a maintenance mode for applications integrated with Azure AD Application Proxy, giving application administrators a choice to retain application configurations while blocking access temporarily.

  • Pending devices in Azure AD – In the All devices blade under the Registered column, you can now click on any pending devices you have, and it will open a context pane to help troubleshoot why a device may be pending.

  • Application instance lock for workload identities – Allows app developers to protect their multi-tenant apps from having critical properties tampered by attackers.

  • Azure AD Domain Services (DS): Support for custom attributes – Adds support to synchronize the on-premises Active Directory attributes onPremisesExtensionAttributes and Directory Extensions to Azure AD DS.

  • Role-based access control (RBAC) scoping using administrative units in Microsoft Purview – Allows you to scope Microsoft Purview Data Loss Prevention administrative roles to a user for an administrative unit so this administrator can perform administrative tasks such as creating and managing policies and investigating alerts for the users in their administrative units.

  • Refresh: Lifecycle Workflows (LCW) – With the public preview refresh, we have added new capabilities including the ability to customize email notifications (company branding/logo, domain, subject, body, language and add cc recipients), a new workflow settings UI, extended the trigger offset range, more audit logs, and the ability to view the users in scope for the next workflow run.

  • Conditional Access for My Access – Allows guests to enter the My Access portal to be onboarded into your directory even when you have blocked them from accessing all other resources through a CA policy. In addition, you can now request end users to perform MFA when they enter My Access as well as apply other capabilities that CA offers.

  • Refresh: Microsoft Entra Identity Governance Entitlement Management custom extensions to Logic Apps – With the public preview refresh, we have added new capabilities including a launch and wait feature, a fully redesigned custom extension UI, new custom extension types, a proof of possession authentication model, an enhanced payload, and more audit logs.

  • Verified IDs in Microsoft Entra Identity Governance Entitlement Management – you can now include Microsoft Entra Verified ID requirements during Microsoft Entra Identity Governance Entitlement Management access requests, providing verified attestations for users from a wide set of issuers during the request process. This capability further automates scenarios like onboarding, helps create stronger compliance, and makes it easier for employees and guests to start collaborating right away.


Tell us what you think

This is YOUR newsletter!

We would love your input, please let us know your thoughts leaving a comment below.


Discussion is closed.

Feedback usabilla icon