Microsoft Entra Identity Developer Newsletter – May 2023

Microsoft Identity Platform Developer Newsletter

May is here!

It’s time for this month’s highlights:

NOTE: Visit What’s deprecated in Azure Active Directory? for information about all deprecations.


What’s new in libraries

Library Update Summary
Microsoft Authentication Library for JS
Microsoft authentication library for dotnet
Azure Active Directory identitymodel extensions for dotnet
  • Added a .NET 462 target for better dependency control and enabling IL trimming of the SDK
  • The documentation was enhanced, and the logs were made more actionable
Microsoft identity web
  • Now, you can specify the authority int the configuration (instead of Instance and TenantId). This allows for supporting other identity providers
  • Fixed issues in 2.x related to App services authentication
  • Work-around an ASP.NET Core regression between .NET 5 and 6/7 with Razor Pages
  • Updated the daemon/service scenario documentation to recommend Id.Web 2.x
Microsoft Authentication Library for Go
  • The library hit version 1.0.0 and is now generally available.
  • Documentation is available on Microsoft Learn.
Microsoft authentication library for Python
Microsoft Authentication Library for Android
  • MSAL Android tutorial updated.
  • Improvements to Open Id Provider Configuration Client
  • Upgraded YubiKit version support to 2.2.0
Microsoft Authentication Library for OBJC (iOS and macOS)


Developer-focused guidance

Generally Available (GA) since last month

  • signInActivity resource type in Microsoft Graph API – Provides the last interactive and non-interactive sign-in time for a specific user. For GA, this feature was redesigned improving resilience and mitigating throttling issues. Make sure to check out how to manage inactive user accounts in Azure AD.

  • System preferred multi-factor method – Enables IT admins to make the decision to prompt their users for the most secure multi-factor authentication method users have registered. As a part of this effort, we evaluate the different methods a given user has at run time, and present them with the most secure method. If users cannot access the method they are prompted for they can select another option. With going GA, this feature is set to Microsoft managed by default: disabled. In around 6 months, we plan to disable the toggle switch and enable this feature by default for all organizations.

  • Microsoft Enterprise SSO plug-in for Apple devices – Provides single sign-on (SSO) for applications on macOS, iOS, and iPadOS through the use of broker applications. The Microsoft Authenticator app is used on iOS and iPadOS to provide SSO to Microsoft apps as well as other apps on the system that use Apple’s native frameworks, such as Safari. The Microsoft Intune Company Portal application is used on macOS to provide SSO, both to Microsoft apps and other apps like Safari, VPN clients, and others. This feature is deployed via MDM.

  • Conditional Access for My Apps – Allows you to specifically target the My Apps application in Conditional Access policies. With GA, we also improved the app launch performance when launching apps through My Apps. If you do not use the My Apps portal to launch apps and instead use user access URLs (deep links) to Azure AD (, make sure to update your deep links. The new user access URL can be found in the Azure and Entra portal.

  • Alert on Azure subscription role assignments made outside of Privileged Identity Management (PIM) – Provides an alert in PIM for Azure subscription assignments made outside of PIM. An owner or User Access Administrator can take a quick remediation action to remove those assignments.

  • Application authentication methods policy for workload identities via Microsoft Graph API – Allows you to configure policies for application authentication methods such as certificates and client secrets. For example, an admin might configure a policy to block the use of or limit the lifetime of client secrets and use the creation date of the object to enforce the policy. This feature allows organizations to enforce the use of stronger authentication mechanisms in applications and promotes application credential hygiene.

  • Azure AD workload identity with Azure Kubernetes Service (AKS) – Integrates with the capabilities native to Kubernetes to federate with external identity providers by using Service Account Token Volume Projection enabling pods to use a Kubernetes identity, that is, a service account.

Identity YouTube Channel

Latest videos on the Identity YouTube channel:


Microsoft identity platform community calls

The Microsoft identity platform developer community call is on the 3rd Thursday of each month with an interesting topic and speaker every month.

To join the call, click here:

Check out our previous call: Mastering Azure AD App Security: Safeguarding Service Principals for Smooth and Secure Automation (Recording will be available soon).

NOTE: There has been an update to the calendar series. To download the new series, go to

Check out our YouTube playlist of all the previously recorded calls Microsoft identity platform community calls.


Workshops and Events

Date Start time End time Event and Registration
5/2 – 5/4 6:00 am (PDT) 9:00 pm (PDT) Identity Workshop for Developers
5/2 – 5/4 3:00 pm (PDT) 6:00 pm (PDT) Identity Workshop for Developers
5/9 – 5/10 1:00 pm (WEST) 3:00 pm (WEST) Como migrar com sucesso do AD FS para o Azure AD (Português)
5/16 – 5/17 10:00 am (EDT) 12:00 pm (EDT) Cómo migrar exitosamente de AD FS a Azure AD (Español)

5/23 – 5/24

9:30 am (IST)

11:30 am (IST)

How to successfully migrate away from AD FS to Azure AD APAC (English) 

5/23 – 5/24

3:00 pm (CEST)

5:00 pm (CEST)

How to successfully migrate away from AD FS to Azure AD EMEA (English) 

5/23 – 5/24

9:00 am (PDT)

11:00 am (PDT)

How to successfully migrate away from AD FS to Azure AD Americas (English) 


Check the events page to find about all opportunities to connect with us! Events page


Features for public preview

  • Windows Local Administrator Password Solution (LAPS) with Microsoft Entra (Azure AD) and Microsoft Intune – With Windows LAPS you can automatically manage and back up the password of a local administrator account on your Azure AD joined or Hybrid Azure AD joined devices.

  • Protected actions in Conditional Access – Protected actions in Azure AD are permissions that have been assigned Conditional Access policies. When a user attempts to perform a protected action, they must first satisfy the Conditional Access policies assigned to the required permissions. For example, to allow administrators to update Conditional Access policies, you can require that they first satisfy the Phishing resistant MFA policy. The security bar for these policies can be set very high, because they are only enforced at the time of use, so they are not enforced at user sign-in, which would impact day-to-day productivity.

  • New search experience in My Access – Enables search of access packages based on keywords in access package names, descriptions, or resource names.

  • Azure AD Application Proxy backend SSL verification – Enables SSL certificate validation for the backend application by having the connector check if there is a certificate, and if there is one checks are performed on the expiry date, self-signed certificate and if the certificate is signed by a trusted Certificate Authority.

  • Azure AD Application Proxy Open ID Connect (OIDC) and OAuth2 support – Leverage Azure AD Application Proxy to publish private web apps and APIs using OIDC or OAuth2.

  • Azure Databricks support for managed identities – You can use either system-assigned managed identities or user-assigned managed identities to access customer storage containers and further improve the security posture of the product. With managed identities you don’t need to maintain credentials or rotate secrets and furthermore you can use managed identities in storage firewalls to prevent data exfiltration.

  • Microsoft Entra Permissions Management Azure AD Insights – Provides visibility into the human and workload identities that are assigned to privileged Azure AD roles allowing you to review permanent global admin assignments and highly privileged role assignments for users and service principals. These insights will be provided through a new Azure AD Insights tab in the Microsoft Entra Permissions Management portal.

  • Azure AD B2C GoLocal Japan – Starting in April 2023, Japan has been added to the available locations list to select local data residency. Now, Microsoft customers in Japan can opt-in to GoLocal, which is the local data residency option, to ensure storing Azure AD B2C tenant data only in Japan.


Tell us what you think

This is YOUR newsletter!

We would love your input, please let us know your thoughts leaving a comment below.


Discussion is closed.

Feedback usabilla icon