Microsoft Entra releases and announcements
This article provides information about the latest releases and change announcements across the Microsoft Entra family of products over the last six months (updated monthly). If you're looking for information that's older than six months, see Archive for What's new in Microsoft Entra.
Get notified about when to revisit this page for updates by copying and pasting this URL:
https://learn.microsoft.com/api/search/rss?search=%22Release+notes+-+Azure+Active+Directory%22&locale=en-usinto yourfeed reader.
Note
If you're currently using Azure Active Directory today or are have previously deployed Azure Active Directory in your organizations, you can continue to use the service without interruption. All existing deployments, configurations, and integrations continue to function as they do today without any action from you.
November 2024
General Availability - Microsoft Entra Connect Sync Version 2.4.27.0
Type: Changed feature
Service category: Provisioning
Product capability: Identity Governance
On November 14, 2025, we released Microsoft Entra Connect Sync Version 2.4.27.0 that uses the OLE DB version 18.7.4 that further hardens our service. Upgrade to this latest version of connect sync to improve your security. More details are available in the release notes.
Public Preview - Updating profile photo in MyAccount
Type: New feature
Service category: My Profile/Account
Product capability: End User Experiences
On November 13, 2024, users received the ability to update their profile photo directly from their MyAccount portal. This change exposes a new edit button on the profile photo section of the user’s account.
In some environments, it’s necessary to prevent users from making this change. Global Administrators can manage this using a tenant-wide policy with Microsoft Graph API, following the guidance in the Manage user profile photo settings in Microsoft 365 document.
General Availability - Microsoft Entra Health Monitoring, Health Metrics Feature
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
Microsoft Entra health monitoring, available from the Health pane, includes a set of low-latency pre-computed health metrics that can be used to monitor the health of critical user scenarios in your tenant. The first set of health scenarios includes MFA, CA-compliant devices, CA-managed devices, and SAML authentications. This set of monitor scenarios will grow over time. These health metrics are now released as general availability data streams, in conjunction with the public preview of an intelligent alerting capability. For more information, see: What is Microsoft Entra Health?.
General Availability - Log analytics sign-in logs schema is in parity with MSGraph schema
Type: Plan for change
Service category: Authentications (Logins)
Product capability: Monitoring & Reporting
To maintain consistency in our core logging principles, we've addressed a legacy parity issue where the Azure Log Analytics sign-in logs schema did not align with the MSGraph sign-in logs schema. The updates include fields such as ClientCredentialType, CreatedDateTime, ManagedServiceIdentity, NetworkLocationDetails, tokenProtectionStatus, SessionID, among others. These changes will take effect in the first week of December 2024.
We believe this enhancement will provide a more consistent logging experience. As always, you can perform pre-ingestion transformations to remove any unwanted data from your Azure Log Analytics storage workspaces. For guidance on how to perform these transformations, see: Data collection transformations in Azure Monitor.
Deprecated - MIM hybrid reporting agent
Type: Deprecated
Service category: Microsoft Identity Manager
Product capability: Monitoring & Reporting
The hybrid reporting agent, used to send a MIM Service event log to Microsoft Entra to surface in password reset and self-service group management reports, is deprecated. The recommended replacement is to use Azure Arc to send the event logs to Azure Monitor. For more information, see: Microsoft Identity Manager 2016 reporting with Azure Monitor.
September 2024
Public preview - New Conditional Access Template Requiring Device Compliance
Type: New feature
Service category: Conditional Access
Product capability: Identity Security & Protection
A new Conditional Access template requiring device compliance is now available in Public Preview. This template restricts access to company resources exclusively to devices enrolled in mobile device management (MDM) and compliant with company policy. Requiring device compliance improves data security, reducing risk of data breaches, malware infections, and unauthorized access. This is a recommended best practice for users and devices targeted by compliance policy through MDM. For more information, see: Common policy: Create a Conditional Access policy requiring device compliance.
Public Preview - Request on behalf of
Type: New feature
Service category: Entitlement Management
Product capability: Entitlement Management
Entitlement Management enables admins to create access packages to manage their organization’s resources. Admins can either directly assign users to an access package, or configure an access package policy that allows users and group members to request access. This option to create self-service processes is useful, especially as organizations scale and hire more employees. However, new employees joining an organization might not always know what they need access to, or how they can request access. In this case, a new employee would likely rely on their manager to guide them through the access request process.
Instead of having new employees navigate the request process, managers can request access packages for their employees, making onboarding faster and more seamless. To enable this functionality for managers, admins can select an option when setting up an access package policy that allows managers to request access on their employees' behalf.
Expanding self-service request flows to allow requests on behalf of employees ensures that users have timely access to necessary resources, and increases productivity. For more information, see: Request access package on-behalf-of other users (Preview).
August 2024
General Availability - restricted permissions on Directory Synchronization Accounts (DSA) role in Microsoft Entra Connect Sync
Type: Changed feature
Service category: Provisioning
Product capability: Microsoft Entra Connects
As part of ongoing security hardening, Microsoft removes unused permissions from the privileged Directory Synchronization Accounts role. This role is exclusively used by Microsoft Entra Connect Sync to synchronize Active Directory objects with Microsoft Entra ID. There's no action required by customers to benefit from this hardening, and the revised role permissions are documented here: Directory Synchronization Accounts.
Plan for change - My Security-Info Add sign-in method picker UX update
Type: Plan for change
Service category: MFA
Product capability: End User Experiences
Starting Mid-October 2024, the Add sign-in method dialog on the My Security-Info page will be updated with a modern look and feel. With this change, new descriptors will be added under each method which provides detail to users on how the sign-in method is used (ex. Microsoft Authenticator - Approve sign-in requests or use one-time codes).
Early next year the Add sign-in method, dialog will be enhanced to show an initially recommended sign-in method instead of initially showing the full list of sign-in methods available to register. The recommended sign-in method will default to the strongest method available to the user based on the organization’s authentication method policy. Users can select Show more options and choose from all available sign-in methods allowed by their policy.
This change will occur automatically, so admins take no action.
Change Announcement - Deferred Changes to My Groups Admin Controls
Type: Plan for change
Service category: Group Management
Product capability: AuthZ/Access Delegation
In October 2023, we shared that, starting June 2024, the existing Self Service Group Management setting in the Microsoft Entra Admin Center that states restrict user ability to access groups features in My Groups retires. These changes are under review, and might take place as originally planned. A new deprecation date will be announced in the future.
General Availability - Device based conditional access to M365/Azure resources on Red Hat Enterprise Linux
Type: New feature
Service category: Conditional Access
Product capability: SSO
Since October 2022, users on Ubuntu Desktop 20.04 LTS & Ubuntu 22.04 LTS with Microsoft Edge browser could register their devices with Microsoft Entra ID, enroll into Microsoft Intune management, and securely access corporate resources using device-based Conditional Access policies.
This release extends support to Red Hat Enterprise Linux 8.x and 9.x (LTS) which makes these capabilities possible:
- Microsoft Entra ID registration & enrollment of RedHat LTS (8/9) desktops.
- Conditional Access policies protecting web applications via Microsoft Edge. -Provides SSO for native & web applications (ex: Azure CLI, Microsoft Edge browser, Teams progressive web app (PWA), etc.) to access M365/Azure protected resources.
- Standard Intune compliance policies.
- Support for Bash scripts with custom compliance policies.
- Package Manager now supports RHEL RPM packages in addition to Debian DEB packages.
To learn more, see: Microsoft Entra registered devices.
July 2024
General Availability - Easy authentication with Azure App Service and Microsoft Entra External ID
Type: Changed feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
An improved experience when using Microsoft Entra External ID as an identity provider for Azure App Service’s built-in authentication, simplifying the process of configuring authentication and authorization for external-facing apps. You can complete initial configuration directly from the App Service authentication setup without switching into the external tenant. For more information, see: Quickstart: Add app authentication to your web app running on Azure App Service.
June 2024
Public Preview - MS Graph API support for per-user multifactor authentication
Type: New feature
Service category: MFA
Product capability: Identity Security & Protection
MS Graph API support for per-user multifactor authentication
Starting June 2024, we're releasing the capability to manage user status (Enforced, Enabled, Disabled) for per-user multifactor authentication through MS Graph API. This update replaces the legacy MSOnline PowerShell module that is being retired. The recommended approach to protect users with Microsoft Entra multifactor authentication is Conditional Access (for licensed organizations) and security defaults (for unlicensed organizations). For more information, see: Enable per-user Microsoft Entra multifactor authentication to secure sign-in events.
Public Preview - Easy authentication with Azure App Service and Microsoft Entra External ID
Type: Changed feature
Service category: B2C - Consumer Identity Management
Product capability: B2B/B2C
We improved the experience when using Microsoft Entra External ID as an identity provider for Azure App Service’s built-in authentication, simplifying the process of configuring authentication and authorization for external-facing apps. You can complete initial configuration directly from the App Service authentication setup without switching into the external tenant. For more information, see: Quickstart: Add app authentication to your web app running on Azure App Service
General Availability - Refactored account details screen in Microsoft Authenticator
Type: Plan for change
Service category: Microsoft Authenticator App
Product capability: User Authentication
In July, enhancements for the Microsoft Authenticator app UX roll-out. The account details page of a user account is reorganized to help users better understand, and interact with, the information and buttons on the screen. Key actions that a user can do today are available in the refactored page, but they're organized in three sections or categories that help better communicate to users:
- Credentials configured in the app
- More sign in methods they can configure
- Account management options in the app
General Availability - SLA Attainment Report at the Tenant Level
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
In addition to providing global SLA performance, Microsoft Entra ID reports tenant-level SLA performance for organizations with at least 5,000 monthly active users. This feature entered general availability in May 2024. The Service Level Agreement (SLA) sets a minimum bar of 99.99% for the availability of Microsoft Entra ID user authentication, reported on a monthly basis in the Microsoft Entra admin center.
Preview - QR code sign-in, a new authentication method for Frontline Workers
Type: New feature
Service category: Authentications (Logins)
Product capability: User Authentication
We're introducing a new simple way for Frontline Workers to authenticate in Microsoft Entra ID with a QR code and PIN. This capability eliminates the need for users to enter and reenter long UPNs and alphanumeric passwords.
Beginning in August 2024, all users in your tenant now see a new link Sign in with QR code when navigating to https://login.partner.microsoftonline.cn > Sign-in options > Sign in to an organization. This new link, Sign in with QR code, is visible only on mobile devices (Android/iOS/iPadOS). If you aren't participating in the preview, users from your tenant can't sign in through this method while we're still in review. They receive an error message if they try to sign-in.
The feature has a preview tag until it's generally available. Your organization needs to be enabled to test this feature. Broad testing is available in public preview, to be announced later.
While the feature is in preview, no technical support is provided. Learn more about support during previews here: Microsoft Entra ID preview program information.