{"id":500,"date":"2023-04-13T11:20:39","date_gmt":"2023-04-13T18:20:39","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/identity\/?p=500"},"modified":"2024-02-20T08:52:01","modified_gmt":"2024-02-20T16:52:01","slug":"microsoft-entra-identity-developer-newsletter-april-2023","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/identity\/microsoft-entra-identity-developer-newsletter-april-2023\/","title":{"rendered":"Microsoft Entra Identity Developer Newsletter &#8211; April 2023"},"content":{"rendered":"<h3>April is here!<\/h3>\n<p>It&#8217;s time for this month&#8217;s highlights:<\/p>\n<ul>\n<li>\n<p><strong>Check out this post from Levent Besik:<\/strong> on <a href=\"https:\/\/devblogs.microsoft.com\/identity\/how-the-microsoft-identity-platform-helps-developers-manage-identity-risk\">How the Microsoft identity platform helps developers manage identity risk<\/a>!<\/p>\n<\/li>\n<li>\n<p><strong>ADAL Deprecation:<\/strong> ADAL end of life is now June 30, 2023, no support or security fixes will be provided past end-of-life, so prioritize migration to Microsoft Authentication Library (MSAL). Check <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/develop\/msal-migration\">Migrate to the Microsoft Authentication Library (MSAL)<\/a> for guidance and this <a href=\"https:\/\/devblogs.microsoft.com\/identity\/update-your-applications-from-adal-to-msal\/\">blog post<\/a> from Den Delimarsky for details.<\/p>\n<\/li>\n<li>\n<p><strong>Join our public community call series on April 20<sup>th<\/sup>:<\/strong> Check out our <a href=\"#microsoft-identity-platform-community-calls\">platform community calls<\/a> section for more information. If you missed it, here\u2019s our previous platform community call from February 2023 <a href=\"https:\/\/youtu.be\/hwoEhMdSo7U\">Get your Apps ready for Zero Trust<\/a>.<\/p>\n<\/li>\n<li>\n<p><strong>Let\u2019s connect:<\/strong> Check out our <a href=\"https:\/\/devblogs.microsoft.com\/identity\/app-authentication-events\/\">events page<\/a> to community calls, events, workshops and follow our <a href=\"https:\/\/devblogs.microsoft.com\/identity\/category\/news\/\">newsletter<\/a> for regular product updates and more.<\/p>\n<\/li>\n<\/ul>\n<blockquote>\n<p><strong><em>NOTE:<\/em><\/strong> Visit <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/fundamentals\/whats-deprecated-azure-ad\">What&#8217;s deprecated in Azure Active Directory?<\/a> for information about all deprecations.<\/p>\n<\/blockquote>\n<p>\u00a0 \u00a0<\/p>\n<h3>What\u2019s new in libraries<\/h3>\n<table>\n<tr>\n<th>\n      Library\n    <\/th>\n<th>\n      Update Summary\n    <\/th>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-for-js\/releases\">Microsoft Authentication Library for JS<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          Remove deprecated telemetry event flushMeasurement() function\u00a0\n        <\/li>\n<li>\n          Reduce telemetry RAM footprint and improve usability\/readability\u00a0\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-for-dotnet\">Microsoft authentication library for dotnet<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          Simplified managed identity API. Use\u00a0ManagedIdentityApplicationBuilder\u00a0to create a\u00a0IManagedIdentityApplication\u00a0and call\u00a0AcquireTokenForManagedIdentity.\n        <\/li>\n<li>\n          Added\u00a0StopLongRunningProcessInWebApiAsync\u00a0which allows to remove cached tokens based on a long-running OBO key.\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-identity-web\/releases\">Microsoft identity web<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          GetClientAssertion\u00a0is now public, which enables inheritance of\u00a0ClientAssertionProviderBase. See\u00a0<a href=\"https:\/\/github.com\/AzureAD\/microsoft-identity-web\/pull\/2112\">PR<\/a>\u00a0for details.\n        <\/li>\n<li>\n          Id Web now uses\u00a0TryAdd\u00a0instead of\u00a0Add\u00a0in the InMemory and Distributed caches,\u00a0this is to not overwrite previously added caches. See\u00a0<a href=\"https:\/\/github.com\/AzureAD\/microsoft-identity-web\/issues\/2090\">issue<\/a>\u00a0for details.\n        <\/li>\n<li>\n          Id Web now supports MsAuth10ATPop.\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-android\">Microsoft authentication library common for android<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          [PATCH] Version 4.3.0 was built with RC versions, just need to bump version to 4.3.1\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-for-android\/releases\/tag\/v4.1.3\">Microsoft Authentication Library for Android<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          [PATCH] Version 4.3.0 was built with RC versions, just need to bump version to 4.3.1\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-for-objc\/releases\/tag\/1.2.8\">Microsoft Authentication Library for OBJC<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          Performed testing for CIAM behaviors in MSAL\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td>\n      <a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-objc\/releases\/tag\/1.7.15\">Microsoft Authentication Library Common for OBJC<\/a>\n    <\/td>\n<td>\n<ul>\n<li>\n          Add more detailed error codes for JIT (<a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-objc\/pull\/1187\">#1187<\/a>)\n        <\/li>\n<li>\n          Add support for nested auth protocol (<a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-objc\/pull\/1175\">#1175<\/a>)\n        <\/li>\n<li>\n          Return enrollmentId only if homeAccountId and legacyId are both empty (<a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-objc\/pull\/1191\">#1191<\/a>)\n        <\/li>\n<li>\n          Prevent crash when missing completionBlock on local interactive aquireToken (<a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-objc\/pull\/1193\">#1193<\/a>)\n        <\/li>\n<li>\n          Add support for memorizing certificate preference for CBA on MacOS (<a href=\"https:\/\/github.com\/AzureAD\/microsoft-authentication-library-common-for-objc\/pull\/1194\">#1194<\/a>)\n        <\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/table>\n<p>\u00a0 \u00a0<\/p>\n<h3>Developer-focused guidance<\/h3>\n<ul>\n<li>\n<p>New applications added to Azure AD app gallery in March 2023 supporting <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/fundamentals\/whats-new#public-preview---new-provisioning-connectors-in-the-azure-ad-application-gallery---march-2023\">user provisioning<\/a>.<\/p>\n<\/li>\n<li>\n<p>Stay up to date with the recently added <strong>RSS feeds<\/strong> for the version release history of <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/cloud-sync\/reference-version-history#download-link\">Azure AD Connect cloud provisioning agent<\/a> and <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/hybrid\/reference-connect-version-history#looking-for-the-latest-versions\">Azure AD Connect<\/a>.<\/p>\n<\/li>\n<li>\n<p>Start your journey to deprecate your voice and SMS based MFA methods in favor of more secure options leveraging the new end user communication template <a href=\"https:\/\/view.officeapps.live.com\/op\/view.aspx?src=https%3A%2F%2Fdownload.microsoft.com%2Fdownload%2F1%2F4%2FE%2F14E6151E-C40A-42FB-9F66-D8D374D13B40%2FDeprecate%2520SMS%2520and%2520vMFA.docx&amp;wdOrigin=BROWSELINK\">Deprecate SMS and vMFA.docx<\/a> available within <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=57600\">Microsoft Entra end-user rollout templates and materials<\/a> in the Download Center.<\/p>\n<\/li>\n<li>\n<p>Understand how to <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/identity-protection\/how-to-deploy-identity-protection\">deploy Azure AD Identity Protection<\/a>.<\/p>\n<\/li>\n<li>\n<p>Get answers to your <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/workload-identities\/workload-identities-faqs\">Workload Identities licensing and capability related questions<\/a>.<\/p>\n<\/li>\n<li>\n<p>Check out the latest additions to the Zero Trust Developer Guidance center introducing the <a href=\"https:\/\/learn.microsoft.com\/security\/zero-trust\/develop\/app-registration\">application registration process<\/a> and its requirements, and don&#8217;t forget <a href=\"https:\/\/learn.microsoft.com\/security\/zero-trust\/develop\/user-authentication\">how to authenticate users for Zero Trust<\/a> and <a href=\"https:\/\/learn.microsoft.com\/security\/zero-trust\/develop\/token-management\">Managing tokens for Zero Trust<\/a>.<\/p>\n<\/li>\n<li>\n<p>Learn how to <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory-b2c\/partner-trusona?pivots=b2c-custom-policy\">configure Trusona Authentication Cloud with Azure AD B2C<\/a>.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0 \u00a0<\/p>\n<h3>Generally Available (GA) since March 2023<\/h3>\n<ul>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/authentication\/concept-authentication-methods-manage\">Authentication methods policy convergence<\/a> &#8211; Enables you to manage all authentication methods used for Multi-Factor Authentication (MFA) and self-service password reset\u00a0(SSPR) in one policy, migrate off the legacy MFA and SSPR policies, and target authentication methods to groups of users instead of enabling them for all users in the tenant.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/app-provisioning\/provisioning-workbook\">Provisioning insights workbook<\/a> \u2013 This workbook makes it easier to investigate and gain insights into your provisioning workflows. This includes HR-driven provisioning, Azure AD Connect cloud sync, app provisioning, on-premises hybrid sync, and cross-tenant sync. It automatically surfaces both source and target that provisioning connects to.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0 \u00a0<\/p>\n<h3>Product updates<\/h3>\n<ul>\n<li>We have postponed the removal of <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/authentication\/how-to-mfa-number-match\">admin controls and the enforcement of the tenant-wide number match experience for all users of the Microsoft Authenticator push notifications<\/a> from February 27<sup>th<\/sup> to May 8<sup>th<\/sup>. We highly recommend enabling number matching in the near term for improved sign-in security. <\/li>\n<\/ul>\n<p>\u00a0 \u00a0<\/p>\n<h3>Identity YouTube Channel<\/h3>\n<p>Latest videos on the <a href=\"https:\/\/aka.ms\/IdentityYouTube\">Identity YouTube channel<\/a>:<\/p>\n<ul>\n<li>\n<p><a href=\"https:\/\/youtu.be\/7B-PQwNfGBc\">Cross-tenant synchronization<\/a><\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/youtu.be\/fZhcXwOi0Lc\">Remediating Super Identities with Microsoft Entra Permissions Management<\/a><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0 \u00a0<\/p>\n<h3>Microsoft identity platform community calls<\/h3>\n<p>The Microsoft identity platform developer community call is on the 3<sup>rd<\/sup> Thursday of each month with an interesting topic and speaker every month.<\/p>\n<p>To join the call, click here: <a href=\"https:\/\/aka.ms\/IDDEVCommunityCall-join\">https:\/\/aka.ms\/IDDEVCommunityCall-join<\/a><\/p>\n<p>Check out our previous call: <a href=\"https:\/\/www.youtube.com\/watch?v=Kex1zqARIQ0&amp;list=PLR9nK3mnD-OXY2BNFDg6BWghjP4ufYakH&amp;index=1\">Staying Up to Date with Authentication for JavaScript Applications<\/a><\/p>\n<blockquote>\n<p><strong><em>NOTE:<\/em><\/strong> There has been an update to the calendar series. To download the new series, go to <a href=\"https:\/\/aka.ms\/IDDEVCommunityCall\">https:\/\/aka.ms\/IDDEVCommunityCall<\/a><\/p>\n<\/blockquote>\n<p>Check out our <a href=\"https:\/\/www.youtube.com\/playlist?list=PLR9nK3mnD-OXY2BNFDg6BWghjP4ufYakH\">YouTube playlist<\/a> of all the previously recorded calls Microsoft identity platform community calls.<\/p>\n<p>\u00a0 \u00a0<\/p>\n<h3>Workshops and Events<\/h3>\n<table>\n<tr>\n<th>\n      Date\n    <\/th>\n<th>\n      Start time\n    <\/th>\n<th>\n      End time\n    <\/th>\n<th>\n      Event and Registration\n    <\/th>\n<\/tr>\n<tr>\n<td>\n      4\/18 \u2013 4\/19\n    <\/td>\n<td>\n      9:00 am (PDT)\n    <\/td>\n<td>\n      12:00 pm (PDT)\n    <\/td>\n<td>\n      <a href=\"https:\/\/aka.ms\/RegisterMicrosoftGraph\">Explore the Power of Microsoft Graph<\/a>\n    <\/td>\n<\/tr>\n<tr>\n<td>\n<p>\n        4\/25 \u2013 4\/26\n      <\/p>\n<\/td>\n<td>\n<p>\n        9:30 am (IST)\n      <\/p>\n<\/td>\n<td>\n<p>\n        11:30 am (IST)\n      <\/p>\n<\/td>\n<td>\n<p>\n        <a href=\"https:\/\/aka.ms\/Registration_Migrate_AzureAD\">How to successfully migrate away from AD FS to Azure AD APAC (English)\u00a0<\/a>\n      <\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>\n        4\/25 \u2013 4\/26\n      <\/p>\n<\/td>\n<td>\n<p>\n        3:00 pm (CEST)\n      <\/p>\n<\/td>\n<td>\n<p>\n        5:00 pm (CEST)\n      <\/p>\n<\/td>\n<td>\n<p>\n        <a href=\"https:\/\/aka.ms\/Registration_Migrate_AzureAD\">How to successfully migrate away from AD FS to Azure AD EMEA (English)\u00a0<\/a>\n      <\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p>\n        4\/25 \u2013 4\/26\n      <\/p>\n<\/td>\n<td>\n<p>\n        9:00 am (PDT)\n      <\/p>\n<\/td>\n<td>\n<p>\n        11:00 am (PDT)\n      <\/p>\n<\/td>\n<td>\n      <a href=\"https:\/\/aka.ms\/Registration_Migrate_AzureAD\">How to successfully migrate away from AD FS to Azure AD Americas (English)\u00a0<\/a>\n    <\/td>\n<\/tr>\n<tr>\n<td>\n      5\/2 \u2013 5\/4\n    <\/td>\n<td>\n      6:00 am (PDT)\n    <\/td>\n<td>\n      9:00 pm (PDT)\n    <\/td>\n<td>\n      <a href=\"https:\/\/forms.office.com\/Pages\/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR4PixS4iciBFodL47iv_Wr9UOElBNkk0NkVVNzA0SVowNDFHUFVNNldVSy4u&#038;wdLOR=c0C157325-D408-7B45-9774-C458494A66C9\">Identity Workshop for Developers<\/a>\n    <\/td>\n<\/tr>\n<tr>\n<td>\n      5\/2 \u2013 5\/4\n    <\/td>\n<td>\n      3:00 pm (PDT)\n    <\/td>\n<td>\n      6:00 pm (PDT)\n    <\/td>\n<td>\n      <a href=\"https:\/\/forms.office.com\/Pages\/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR4PixS4iciBFodL47iv_Wr9UOElBNkk0NkVVNzA0SVowNDFHUFVNNldVSy4u&#038;wdLOR=c0C157325-D408-7B45-9774-C458494A66C9\">Identity Workshop for Developers<\/a>\n    <\/td>\n<\/tr>\n<tr>\n<td>\n      5\/9 \u2013 5\/10\n    <\/td>\n<td>\n      1:00 pm (WEST)\n    <\/td>\n<td>\n      3:00 pm (WEST)\n    <\/td>\n<td>\n      <a href=\"https:\/\/aka.ms\/Registration_Migrate_AzureAD\">Como migrar as suas aplica\u00e7\u00f5es com sucesso do AD FS para o AAD (Portugu\u00eas)<\/a>\n    <\/td>\n<\/tr>\n<tr>\n<td>\n      5\/16 \u2013 5\/17\n    <\/td>\n<td>\n      10:00 am (EDT)\n    <\/td>\n<td>\n      12:00 pm (EDT)\n    <\/td>\n<td>\n      <a href=\"https:\/\/aka.ms\/Registration_Migrate_AzureAD\">C\u00f3mo migrar exitosamente de AD FS a Azure AD (Espa\u00f1ol)<\/a>\n    <\/td>\n<\/tr>\n<\/table>\n<p>\u00a0 \u00a0<\/p>\n<p style=\"text-align: center;\">\n  Check the events page to find about all opportunities to connect with us! <a href=\"https:\/\/devblogs.microsoft.com\/identity\/app-authentication-events\/\"> <img decoding=\"async\" class=\"aligncenter wp-image-174 size-thumbnail\" role=\"img\" src=\"https:\/\/devblogs.microsoft.com\/identity\/wp-content\/uploads\/sites\/74\/2023\/03\/icon-joincall.svg\" alt=\"\" width=\"120\" height=\"120\" \/> Events page <\/a>\n<\/p>\n<p>\u00a0 \u00a0<\/p>\n<h3>Features for public preview<\/h3>\n<ul>\n<li>\n<p><strong><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/authentication\/how-to-mfa-authenticator-lite\">Microsoft Authenticator Lite for Outlook mobile<\/a> (also known as Companion App)<\/strong> \u2013 Enables a subset of Microsoft Authenticator features in Outlook mobile. This enhanced capability in Outlook provides the security benefits of push-based multifactor authentication with the convenience of using an application users already have downloaded to their device.<\/p>\n<\/li>\n<li>\n<p><strong><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/develop\/custom-extension-overview\">Custom claims provider<\/a><\/strong> \u2013 Formerly known as token augmentation, this capability allows you to customize the Azure AD authentication experience by integrating with external systems. During the authentication flow an API is called using a custom extension to fetch and map custom claims into the token. The API call is made after the user has completed all their authentication, and a token is about to be issued to the app.<\/p>\n<\/li>\n<li>\n<p><strong><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/conditional-access\/concept-token-protection\">Conditional Access (CA): token protection<\/a><\/strong> \u2013 Token protection attempts to reduce attacks using token theft by ensuring a token is usable only from the intended device. By creating a cryptographically secure tie between the token and the device (client secret) it&#8217;s issued to, the bound token is useless without the client secret.<\/p>\n<\/li>\n<li>\n<p><strong>App-health related recommendations<\/strong> \u2013 Provide you with personalized insights and actionable guidance to improve the hygiene of apps in your tenant. The recommendations are based on best practices, and can help create a clean, manageable, and healthy app portfolio of active applications. The app-health related recommendations include: <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/reports-monitoring\/recommendation-remove-unused-apps\">remove unused applications<\/a>, <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/reports-monitoring\/recommendation-remove-unused-credential-from-apps\">remove unused credentials from apps<\/a>, <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/reports-monitoring\/recommendation-renew-expiring-application-credential\">renew expiring application credentials<\/a> and <a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/reports-monitoring\/recommendation-renew-expiring-service-principal-credential\">renew expiring service principal credentials<\/a>.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/app-proxy\/application-proxy-configure-complex-application\"><strong>Azure AD Application Proxy complex application scenario<\/strong><\/a> \u2013 Using complex application publishing on Azure AD Application Proxy allows you to create only one application that is made up of multiple URLs across various domains as opposed to having to have several different apps in the past.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/app-proxy\/application-proxy-add-on-premises-application\"><strong>Azure AD Application Proxy maintenance mode<\/strong><\/a> \u2013 Provides the ability to enable and disable a <strong>maintenance mode<\/strong> for applications integrated with Azure AD Application Proxy, giving application administrators a choice to retain application configurations while blocking access temporarily.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/troubleshoot\/azure\/active-directory\/pending-devices\"><strong>Pending devices in Azure AD<\/strong><\/a> \u2013 In the <strong>All devices<\/strong> blade under the <strong>Registered<\/strong> column, you can now click on any pending devices you have, and it will open a context pane to help troubleshoot why a device may be pending.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/graph\/api\/resources\/serviceprincipallockconfiguration?view=graph-rest-beta\"><strong>Application instance lock for workload identities<\/strong><\/a>\u00a0\u2013 Allows app developers to protect their multi-tenant apps from having critical properties tampered by attackers.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory-domain-services\/concepts-custom-attributes\"><strong>Azure AD Domain Services (DS): Support for custom attributes<\/strong><\/a> \u2013 Adds support to synchronize the on-premises Active Directory attributes <strong>onPremisesExtensionAttributes<\/strong> and <strong>Directory Extensions<\/strong> to Azure AD DS.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/security-compliance-and-identity\/effectively-protect-sensitive-data-in-cloud-and-devices-using\/ba-p\/3733599\"><strong>Role-based access control (RBAC) scoping using administrative units in Microsoft Purview<\/strong><\/a> \u2013 Allows you to scope Microsoft Purview Data Loss Prevention administrative roles to a user for an administrative unit so this administrator can perform administrative tasks such as creating and managing policies and investigating alerts for the users in their administrative units.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/governance\/what-are-lifecycle-workflows\"><strong>Refresh: Lifecycle Workflows (LCW)<\/strong><\/a> \u2013 With the public preview refresh, we have added new capabilities including the ability to customize email notifications (company branding\/logo, domain, subject, body, language and add cc recipients), a new workflow settings UI, extended the trigger offset range, more audit logs, and the ability to view the users in scope for the next workflow run.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/governance\/entitlement-management-external-users#review-your-conditional-access-policies-preview\"><strong>Conditional Access for My Access<\/strong><\/a> \u2013 Allows guests to enter the My Access portal to\u00a0be onboarded into your directory even when you have\u00a0blocked them from accessing all other resources through a CA policy. In addition, you can now request end users to perform MFA when they enter My Access as well as apply other capabilities that CA offers.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/governance\/entitlement-management-logic-apps-integration\"><strong>Refresh: Microsoft Entra Identity Governance Entitlement Management custom extensions to Logic Apps<\/strong><\/a> \u2013 With the public preview refresh, we have added new capabilities including a launch and wait feature, a fully redesigned custom extension UI, new custom extension types, a proof of possession authentication model, an enhanced payload, and more audit logs.<\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/learn.microsoft.com\/azure\/active-directory\/governance\/entitlement-management-verified-id-settings\"><strong>Verified IDs in Microsoft Entra Identity Governance Entitlement Management<\/strong><\/a> \u2013 you can now include Microsoft Entra Verified ID requirements during Microsoft Entra Identity Governance Entitlement Management access requests, providing verified attestations for users from a wide set of issuers during the request process. This capability further automates scenarios like onboarding, helps create stronger compliance, and makes it easier for employees and guests to start collaborating right away.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0 \u00a0<\/p>\n<h3>Tell us what you think<\/h3>\n<p>This is YOUR newsletter!<\/p>\n<p>We would love your input, please let us know your thoughts leaving a comment below.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>April is here! It&#8217;s time for this month&#8217;s highlights: Check out this post from Levent Besik: on How the Microsoft identity platform helps developers manage identity risk! ADAL Deprecation: ADAL end of life is now June 30, 2023, no support or security fixes will be provided past end-of-life, so prioritize migration to Microsoft Authentication Library [&hellip;]<\/p>\n","protected":false},"author":84190,"featured_media":553,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[32],"tags":[16],"class_list":["post-500","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-entra"],"acf":[],"blog_post_summary":"<p>April is here! It&#8217;s time for this month&#8217;s highlights: Check out this post from Levent Besik: on How the Microsoft identity platform helps developers manage identity risk! ADAL Deprecation: ADAL end of life is now June 30, 2023, no support or security fixes will be provided past end-of-life, so prioritize migration to Microsoft Authentication Library [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/500","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/users\/84190"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/comments?post=500"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/500\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media\/553"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media?parent=500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/categories?post=500"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/tags?post=500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}