{"id":2004,"date":"2024-09-25T04:29:07","date_gmt":"2024-09-25T11:29:07","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/identity\/?p=2004"},"modified":"2024-09-25T04:29:07","modified_gmt":"2024-09-25T11:29:07","slug":"eng-connect-sep-24","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/identity\/eng-connect-sep-24\/","title":{"rendered":"Sep 2024: A look at the latest Microsoft Entra key feature releases, announcements, and updates"},"content":{"rendered":"<p>As we near the end of September, we bring you the latest edition of our monthly developer update, summarizing the latest news and developments in the ever-evolving world of Microsoft Entra.<\/p>\n<p>This month we cover significant roll outs designed to enhance both security and user experience. From the general availability of Face Check with Microsoft Entra Verified ID, which offers advanced protection against identity fraud, to new public previews like passkey authentication for Android apps.<\/p>\n<p>You\u2019ll find key information about these developments in this blog post as well as links to further guidance, helping you integrate these updates into your applications.<\/p>\n<p>Let\u2019s dive in!<\/p>\n<h2>What went Generally Available since August 2024?<\/h2>\n<ul>\n<li><strong><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/microsoft-entra-blog\/face-check-is-now-generally-available\/ba-p\/4175880\">Face Check with Microsoft Entra Verified ID:<\/a><\/strong>\u202fThis new feature adds a critical layer of trust by matching a user\u2019s real-time selfie and the photo on their Verified ID, which is usually from a trusted source, such as a passport or driver\u2019s license. Sensitive identity data remains protected\u2014only match results are shared. Face Check effectively detects and rejects various spoofing techniques, including deepfakes, further safeguarding your user\u2019 identities. <\/li>\n<\/ul>\n<h2>New public previews<\/h2>\n<ul>\n<li><strong><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/concept-fido2-compatibility#native-application-support-with-authentication-broker-preview\">Passkey authentication in brokered Microsoft apps on Android:<\/a><\/strong>\u202fMicrosoft Entra ID users can now sign into Microsoft apps on Android devices using passkeys, provided they have an authentication broker like Microsoft Authenticator or Microsoft Intune Company Portal installed. <\/li>\n<li><strong><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/how-to-enable-passkey-fido2#provision-fido2-security-keys-using-microsoft-graph-api-preview\">Microsoft Entra ID FIDO2 provisioning APIs:<\/a><\/strong> Microsoft Entra ID now supports FIDO2 provisioning via API, allowing organizations to pre-provision security keys (passkeys) for users. These new APIs can simplify user onboarding and provide seamless phishing-resistant authentication on day one for employees. <\/li>\n<li><strong><a href=\"https:\/\/learn.microsoft.com\/entra\/external-id\/customers\/how-to-multifactor-authentication-customers\">Microsoft Entra External ID &#8211; SMS as an MFA method:<\/a><\/strong> SMS is now supported as a multi-factor authentication (MFA) method in Microsoft Entra External ID. Built-in telecom fraud protection is included through integrations with the Phone Reputation Platform. <\/li>\n<\/ul>\n<h2>News, updates, and resources<\/h2>\n<ul>\n<li>As part of our commitment to providing our customers with the highest level of security, we previously\u202f<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/core-infrastructure-and-security\/update-on-mfa-requirements-for-azure-sign-in\/ba-p\/4177584\">announced<\/a>\u202fthat Microsoft will require multi-factor authentication (MFA) for users signing into Azure. \n<ul>\n<li>The <strong><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/concept-mandatory-multifactor-authentication\">scope of the MFA enforcement<\/a><\/strong> includes\u202f<strong><a href=\"https:\/\/entra.microsoft.com\/\">Microsoft Entra admin center<\/a><\/strong>\u202fin addition to the <strong>Azure portal<\/strong> and <strong>Intune admin center<\/strong>, and <a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/concept-mandatory-multifactor-authentication\">will be rolled out starting in the <strong>second half of the calendar year 2024<\/strong><\/a>. <\/li>\n<li>Beginning in <strong>early 2025<\/strong>, gradual enforcement of <strong>MFA at sign-in for the Azure CLI<\/strong>, <strong>Azure PowerShell<\/strong>, <strong>Azure mobile app<\/strong>, and <strong>Infrastructure as Code (IaC) tools<\/strong> will commence. <\/li>\n<li>Microsoft will send a <strong>60-day advance notice<\/strong> to all Microsoft Entra global admins by <strong>email<\/strong> and through <strong>Azure Service Health Notifications<\/strong> to notify them of the start date of enforcement and required actions. \n<ul>\n<li>Additional notifications will be sent through the <strong>Azure portal<\/strong>, <strong>Microsoft Entra admin center<\/strong>, and the <strong>Microsoft 365 message center<\/strong>. <\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>In line with <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2023\/11\/02\/announcing-microsoft-secure-future-initiative-to-advance-security-engineering\/\">Microsoft\u2019s Secure Future Initiative<\/a>, legacy MFA settings, including <strong><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/howto-mfa-mfasettings#fraud-alert\">MFA Fraud Alert<\/a><\/strong> and <strong><a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/howto-mfa-mfasettings#block-and-unblock-users\">block\/unblock users<\/a><\/strong>, will be retired in the Azure Public cloud by <strong>March 1st, 2025<\/strong>. \n<ul>\n<li>If you are using these settings, you need to migrate to using <a href=\"https:\/\/learn.microsoft.com\/entra\/identity\/authentication\/howto-mfa-mfasettings#report-suspicious-activity\">Report suspicious activity<\/a> to allow users to report fraudulent verification requests.<\/li>\n<\/ul>\n<\/li>\n<li>We will start releasing <strong>UX updates<\/strong> for <strong>application provisioning<\/strong>, <strong>HR provisioning<\/strong>, and <strong>cross-tenant synchronization<\/strong> starting in <strong>September 2024<\/strong>. \n<ul>\n<li>This will include a new overview page, user experience to configure connectivity to your application, and new create provisioning experience. The new experiences will include all functionality available to customers today. <\/li>\n<\/ul>\n<\/li>\n<li>We&#8217;ve refined the messaging in the <a href=\"https:\/\/aka.ms\/device\/sso\">SSO enrollment dialog (consent)<\/a> to make it easier for end users to understand the choice(s) they can make and the impact of their choice(s). \n<ul>\n<li>The changes also include a &#8216;Learn more&#8217; link on the screen to provide users with more information. <\/li>\n<\/ul>\n<\/li>\n<li>Starting late September 2024, applications indicated as <a href=\"https:\/\/aka.ms\/entra-saml-update\">SAML applications (via the preferredSingleSignOnMode property of the service principal)<\/a> <strong>cannot be issued JWT tokens<\/strong>. This will improve the security of apps. \n<ul>\n<li>This means they cannot be the resource application in OIDC, OAuth2.0, or other protocols using JWTs. \u202f<\/li>\n<li>This change will only affect SAML applications attempting to take a new dependency on JWT-based protocols. <\/li>\n<li>Existing SAML applications already using these flows will not be affected.\u202f\u202f <\/li>\n<\/ul>\n<\/li>\n<li>As part of ongoing security hardening, we have\u202f<strong>removed unused permissions<\/strong> from the <strong>privileged Directory Synchronization Accounts role<\/strong>. \n<ul>\n<li>This role is exclusively used by Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync to synchronize Active Directory objects with Microsoft Entra ID. <\/li>\n<li>There is <strong>no action required by customers<\/strong> to benefit from this hardening and the\u202f<a href=\"https:\/\/aka.ms\/DSAAPIDefinition\">revised role permissions are documented on Microsoft Learn<\/a>. <\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/entra\/fundamentals\/whats-new\">Learn what is new with Microsoft Entra<\/a>, such as the latest release notes, known issues, bug fixes, deprecation functionality, and upcoming changes. You can find <a href=\"https:\/\/learn.microsoft.com\/entra\/fundamentals\/whats-new-sovereign-clouds\">releases specific for Sovereign Clouds<\/a> on a dedicated release notes page. <\/li>\n<li>Check out our latest blog article regarding the\u202f<a href=\"https:\/\/azure.microsoft.com\/blog\/announcing-mandatory-multi-factor-authentication-for-azure-sign-in\/\">mandatory multi-factor authentication for Azure sign-ins<\/a>. <\/li>\n<li>Understand how <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2024\/08\/06\/how-microsoft-and-nist-are-collaborating-to-advance-the-zero-trust-implementation\/\">Microsoft and NIST are collaborating to advance the Zero Trust implementation<\/a>. <\/li>\n<\/ul>\n<h2>Identity developer blog<\/h2>\n<ul>\n<li>ICYMI: An overview of the <a href=\"https:\/\/devblogs.microsoft.com\/identity\/eng-connect-aug-24\/\">latest updates in Microsoft Entra for Aug 2024<\/a>. Discover how these new capabilities can be integrated into your projects for optimal performance and security. <\/li>\n<li>The user insights feature in Microsoft Entra External ID, now generally available, provides valuable metrics on user behavior through Microsoft Graph APIs and dashboards in the Microsoft Entra admin center. This blog post will guide you through <a href=\"https:\/\/devblogs.microsoft.com\/identity\/external-id-user-insights-and-power-bi\/\">building a customized Power BI dashboard using user insights<\/a> to analyze metrics like total user count, active users, and MFA usage. <\/li>\n<li>Discover how the <a href=\"https:\/\/devblogs.microsoft.com\/identity\/custom-claims-on-native-auth\/\">custom claims feature, now available in public preview for Native Authentication on Microsoft Entra External ID<\/a>, enhances your app&#8217;s authentication process. This new capability allows you to tailor app behavior, based on specific user data, by allowing apps to dynamically add custom claims to authentication tokens via a custom claims provider during user sign-up or sign-in. <\/li>\n<li>Explore the new <a href=\"https:\/\/devblogs.microsoft.com\/identity\/external-id-vs-code-extension-ga\/\">Microsoft Entra External ID extension for Visual Studio Code<\/a>, now Generally Available (GA), created to simplify CIAM integration in your development process. See how this extension provides a smooth experience for setting up External ID applications from within VS Code. <\/li>\n<\/ul>\n<h2>Stay connected and informed<\/h2>\n<p>This blog post aims to keep you informed and engaged with the latest Microsoft Entra developments, helping you harness these new features and capabilities in your identity development journey.<\/p>\n<p>To learn more or test out features in the Microsoft Entra portfolio, visit our\u202f<a href=\"https:\/\/aka.ms\/dev\/ms-entra\">developer center<\/a>. Make sure you subscribe to the\u202f<a href=\"https:\/\/aka.ms\/devblog\/ms-entra\">Identity developer blog<\/a>\u202ffor more insights and to keep up with the latest on all things Identity. And, follow us on\u202f<a href=\"https:\/\/www.youtube.com\/@MicrosoftSecurity\/playlists\">YouTube<\/a>\u202ffor video overviews, tutorials, and deep dives.\u202f<\/p>\n<p>Stay tuned for more updates and developments in the world of Microsoft Entra!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An overview of the latest updates in Microsoft Entra for Sep 2024. Discover how these new capabilities can be integrated into your projects for optimal performance and security.<\/p>\n","protected":false},"author":123707,"featured_media":1429,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[32,33],"tags":[16,50,4],"class_list":["post-2004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-product-updates","tag-entra","tag-identity","tag-security"],"acf":[],"blog_post_summary":"<p>An overview of the latest updates in Microsoft Entra for Sep 2024. Discover how these new capabilities can be integrated into your projects for optimal performance and security.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/2004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/users\/123707"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/comments?post=2004"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/2004\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media\/1429"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media?parent=2004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/categories?post=2004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/tags?post=2004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}