Microsoft Entra releases and announcements
This article provides information about the latest releases and change announcements across the Microsoft Entra family of products over the last six months (updated monthly). If you're looking for information that's older than six months, see Archive for What's new in Microsoft Entra.
Get notified about when to revisit this page for updates by copying and pasting this URL:
https://learn.microsoft.com/api/search/rss?search=%22Release+notes+-+Azure+Active+Directory%22&locale=en-usinto yourfeed reader.
Note
If you're currently using Azure Active Directory today or have previously deployed Azure Active Directory in your organizations, you can continue to use the service without interruption. All existing deployments, configurations, and integrations continue to function as they do today without any action from you.
February 2025
Public Preview - Enhanced user management in Admin Center UX
Type: New feature
Service category: User Management
Product capability: User Management
Admins are now able to multi-select and edit users at once through the Microsoft Entra Admin Center. With this new capability, admins can bulk edit user properties, add users to groups, edit account status, and more. This UX enhancement will significantly improve efficiency for user management tasks in the Microsoft Entra admin center. For more information, see: Add or update a user's profile information and settings in the Microsoft Entra admin center.
January 2025
General Availability - Microsoft Entra PowerShell
Type: New feature
Service category: MS Graph
Product capability: Developer Experience
Manage and automate Microsoft Entra resources programmatically with the scenario-focused Microsoft Entra PowerShell module. For more information, see: Microsoft Entra PowerShell module now generally available.
General Availability - Improving visibility into downstream tenant sign-ins
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
Microsoft Security wants to ensure that all customers are aware of how to notice when a partner is accessing a downstream tenant's resources. Interactive sign-in logs currently provide a list of sign in events, but there's no clear indication of which logins are from partners accessing downstream tenant resources. For example, when reviewing the logs, you might see a series of events, but without any additional context, it’s difficult to tell whether these logins are from a partner accessing another tenant’s data.
Here's a list of steps that one can take to clarify which logins are associated with partner tenants:
- Take note of the "ServiceProvider" value in the CrossTenantAccessType column:
- This filter can be applied to refine the log data. When activated, it immediately isolates events related to partner logins.
- Utilize the "Home Tenant ID" and "Resource Tenant ID" Columns:
- These two columns identify logins coming from the partner’s tenant to a downstream tenant.
After seeing a partner logging into a downstream tenant’s resources, an important follow-up activity to perform is to validate the activities that might have occurred in the downstream environment. Some examples of logs to look at are Microsoft Entra Audit logs for Microsoft Entra ID events, Microsoft 365 Unified Audit Log (UAL) for Microsoft 365 and Microsoft Entra ID events, and/or the Azure Monitor activity log for Azure events. By following these steps, you're able to clearly identify when a partner is logging into a downstream tenant’s resources and subsequent activity in the environment, enhancing your ability to manage and monitor cross-tenant access efficiently.
To increase visibility into the aforementioned columns, Microsoft Entra will begin enabling these columns to display by default when loading the sign-in logs UX starting on March 7, 2025.
Public Preview - Auditing administrator events in Microsoft Entra Connect
Type: New feature
Service category: Microsoft Entra Connect
Product capability: Microsoft Entra Connect
We have released a new version of Microsoft Entra Connect, version 2.4.129.0, that supports the logging of the changes an administrator makes on the Connect Sync Wizard and PowerShell. For more information, see: Auditing administrator events in Microsoft Entra Connect Sync (Public Preview).
Where supported, we'll also autoupgrade customers to this version of Microsoft Entra Connect in February 2025. For customers who wish to be autoupgraded, ensure that you have auto-upgrade configured.
For upgrade-related guidance, see Microsoft Entra Connect: Upgrade from a previous version to the latest.
Public Preview - Flexible Federated Identity Credentials
Type: New feature
Service category: Authentications (Logins)
Product capability: Developer Experience
Flexible Federated Identity Credentials extend the existing Federated Identity Credential model by providing the ability to use wildcard matching against certain claims. Currently available for GitHub, GitLab, and Terraform Cloud scenarios, this functionality can be used to lower the total number of FICs required to managed similar scenarios. For more information, see: Flexible federated identity credentials (preview).
General Availability - Protected actions for hard deletions
Type: New feature
Service category: Other
Product capability: Identity Security & Protection
Customers can now configure Conditional Access policies to protect against early hard deletions. Protected action for hard deletion protects hard deletion of users, Microsoft 365 groups, and applications. For more information, see: What are protected actions in Microsoft Entra ID?
Deprecated - Action Required by February 1, 2025: Azure AD Graph retirement
Type: Deprecated
Service category: Azure AD Graph
Product capability: Developer Experience
The Azure AD Graph API service was [deprecated] in 2020. Retirement of the Azure AD Graph API service began in September 2024, and the next phase of this retirement starts February 1, 2025. This phase will impact new and existing applications unless action is taken. The latest updates on Azure AD Graph retirement can be found here: Take action by February 1: Azure AD Graph is retiring.
Starting from February 1, both new and existing applications will be prevented from calling Azure AD Graph APIs, unless they're configured for an extension. You might not see impact right away, as we’re rolling out this change in stages across tenants. We anticipate full deployment of this change around the end of February, and by the end of March for national cloud deployments.
If you haven't already, it's now urgent to review the applications on your tenant to see which ones depend on Azure AD Graph API access, and mitigate or migrate these before the February 1 cutoff date. For applications that haven't migrated to Microsoft Graph APIs, an extension can be set to allow the application access to Azure AD Graph through June 30, 2025.
Microsoft Entra Recommendations are the best tool to identify applications that are using Azure AD Graph APIs in your tenant and require action. Reference this blog post: Action required: Azure AD Graph API retirement for step by step guidance.
General Availability - Microsoft Entra Connect Version 2.4.129.0
Type: Changed feature
Service category: Microsoft Entra Connect
Product capability: Microsoft Entra Connect
On January 15, 2025, we released Microsoft Entra Connect Sync Version 2.4.129.0 which supports auditing administrator events. More details are available in the release notes. We'll automatically upgrade eligible customers to this latest version of Microsoft Entra Connect in February 2025. For customers who wish to be autoupgraded, ensure that you have auto-upgrade configured.
Public Preview - Elevate Access events are now exportable via Microsoft Entra Audit Logs
Type: New feature
Service category: RBAC
Product capability: Monitoring & Reporting
This feature enables administrators to export and stream Elevate Access events to both first-party and third-party SIEM solutions via Microsoft Entra Audit logs. It enhances detection and improves logging capabilities, allowing visibility into who in their tenant has utilized Elevate Access. For more information on how to use the feature, see: View elevate access log entries.
Deprecated - Take action to avoid impact when legacy MSOnline and AzureAD PowerShell modules retire
Type: Deprecated
Service category: Legacy MSOnline and AzureAD PowerShell modules
Product capability: Developer Experience
As announced in Microsoft Entra change announcements and in the Microsoft Entra Blog, the MSOnline, and Azure AD PowerShell modules (for Microsoft Entra ID) retired on March 30, 2024.
The retirement for MSOnline PowerShell module starts in early April 2025, and ends in late May 2025. If you're using MSOnline PowerShell, you must take action by March 30, 2025 to avoid impact after the retirement by migrating any use of MSOnline to Microsoft Graph PowerShell SDK or Microsoft Entra PowerShell.
Key points
- MSOnline PowerShell will retire, and stop working, between early April 2025 and late May 2025
- AzureAD PowerShell will no longer be supported after March 30, 2025, but its retirement will happen in early July 2025. This postponement is to allow you time to finish the MSOnline PowerShell migration
- To ensure customer readiness for MSOnline PowerShell retirement, a series of temporary outage tests will occur for all tenants between January 2025 and March 2025.
For more information, see: Action required: MSOnline and AzureAD PowerShell retirement - 2025 info and resources.
December 2024
General Availability - What's new in Microsoft Entra
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
What's new in Microsoft Entra offers a comprehensive view of Microsoft Entra product updates including product roadmap (like Public Previews and recent GAs), and change announcements (like deprecations, breaking changes, feature changes and Microsoft-managed policies). It's a one stop shop for Microsoft Entra admins to discover the product updates.
Public Preview - Microsoft Entra ID Governance: Approvers can revoke access in MyAccess
Type: New feature
Service category: Entitlement Management
Product capability: Entitlement Management
For Microsoft Entra ID Governance users, approvers of access package requests can now revoke their decision in MyAccess. Only the person who took the approve action is able to revoke access. To opt into this feature, admins can go to the Identity Governance settings page, and enable the feature. For more information, see: What is the My Access portal?.
General Availability - Expansion of SSPR Policy Audit Logging
Type: New feature
Service category: Self Service Password Reset
Product capability: Monitoring & Reporting
Starting Mid-January, we are improving the audit logs for changes made to the SSPR Policy.
With this improvement, any change to the SSPR policy configuration, including enablement or disablement, will result in an audit log entry that includes details about the change made. Additionally, both the previous values and current values from the change will be recorded within the audit log. This additional information can be found by selecting an audit log entry and selecting the Modified Properties tab within the entry.
These changes are rolled out in phases:
Phase 1 includes logging for the Authentication Methods, Registration, Notifications, and Customization configuration settings.
Phase 2 includes logging for the On-premises integration configuration settings.
This change occurs automatically, so admins take no action. For more information and details regarding this change, see: Microsoft Entra audit log categories and activities
General Availability - Update Profile Photo in MyAccount
Type: New feature
Service category: My Profile/Account
Product capability: End User Experiences
Users can now update their profile photo directly from their MyAccount portal. This change exposes a new edit button on the profile photo section of the user’s account.
In some environments, it’s necessary to prevent users from making this change. Global Administrators can manage this using a tenant-wide policy with Microsoft Graph API, following the guidance in the Manage user profile photo settings in Microsoft 365 document.
Public Preview - Microsoft Entra ID Governance: access package request suggestions
Type: New feature
Service category: Entitlement Management
Product capability: Entitlement Management
Opt-In As communicated earlier, we're excited to introduce a new feature in My Access: a curated list of suggested access packages. This capability allows users to quickly view the most relevant access packages (based off their peers' access packages and previous requests) without scrolling through a long list. In December you can enable the preview in the Opt-in Preview Features for Identity Governance. From January, this setting is enabled by default.
Public Preview - Security Copilot embedded in Microsoft Entra
Type: New feature
Service category: Other
Product capability: Identity Security & Protection
We’ve announced the public preview of Microsoft Security Copilot embedded in the Microsoft Entra admin Center. This integration brings all identity skills previously made generally available for the Security Copilot standalone experience in April 2024, along with new identity capabilities for admins and security analysts to use directly within the Microsoft Entra admin center. We've also added brand new skills to help improve identity-related risk investigation. In December, we broaden the scope even further to include a set of skills specifically for App Risk Management in both standalone and embedded experiences of Security Copilot and Microsoft Entra. These capabilities allow identity admins and security analysts to better identify, understand, and remediate the risks impacting applications and workload identities registered in Microsoft Entra.
With Security Copilot now embedded in Microsoft Entra, identity admins get AI-driven, natural-language summaries of identity context and insights tailored for handling security incidents, equipping them to better protect against identity compromise. The embedded experience also accelerates troubleshooting tasks like resolving identity-related risks and sign-in issues, without ever leaving the admin center.
Public Preview - Provision custom security attributes from HR sources
Type: New feature
Service category: Provisioning
Product capability: Inbound to Entra ID
With this feature, customers can automatically provision "custom security attributes" in Microsoft Entra ID from authoritative HR sources. Supported authoritative sources include: Workday, SAP SuccessFactors, and any HR system integrated using API-driven provisioning.
General Availability - Microsoft Entra External ID Custom URL Domains
Type: New feature
Service category: Authentications (Logins)
Product capability: Identity Lifecycle Management
This feature allows users to customize their Microsoft default sign in authentication endpoint with their own brand names. Custom URL Domains help users to change Ext ID endpoint < tenant-name >.ciamlogin.com to login.contoso.com.
General Availability - Privileged Identity Management integration in Azure Role Based Access Control
Type: New feature
Service category: RBAC
Product capability: Access Control
Privileged Identity Management (PIM) capabilities are now integrated into the Azure Role Based Access Control (Azure RBAC) UI. Before this integration, RBAC admins could only manage standing access (active permanent role assignments) from the Azure RBAC UI. With this integration, just-in-time access and timebound access, which are functionalities supported by PIM, are now brought into the Azure RBAC UI for customers with either a P2, or Identity Governance, license.
RBAC admins can create assignments of type eligible and timebound duration from the Azure RBAC add role assignment flow, see the list of different states of role assignment in a single view, as well as convert the type and duration of their role assignments from the Azure RBAC UI. In addition, end users now see all their role assignments of different state straight from the Azure RBAC UI landing page, from where they can also activate their eligible role assignments. For more information, see: List role assignments at a scope.
November 2024
General Availability - Microsoft Entra Connect Sync Version 2.4.27.0
Type: Changed feature
Service category: Provisioning
Product capability: Identity Governance
On November 14, 2025, we released Microsoft Entra Connect Sync Version 2.4.27.0 that uses the OLE DB version 18.7.4 that further hardens our service. Upgrade to this latest version of connect sync to improve your security. More details are available in the release notes.
Public Preview - Updating profile photo in MyAccount
Type: New feature
Service category: My Profile/Account
Product capability: End User Experiences
On November 13, 2024, users received the ability to update their profile photo directly from their MyAccount portal. This change exposes a new edit button on the profile photo section of the user’s account.
In some environments, it’s necessary to prevent users from making this change. Global Administrators can manage this using a tenant-wide policy with Microsoft Graph API, following the guidance in the Manage user profile photo settings in Microsoft 365 document.
General Availability - Microsoft Entra Health Monitoring, Health Metrics Feature
Type: New feature
Service category: Reporting
Product capability: Monitoring & Reporting
Microsoft Entra health monitoring, available from the Health pane, includes a set of low-latency pre-computed health metrics that can be used to monitor the health of critical user scenarios in your tenant. The first set of health scenarios includes MFA, CA-compliant devices, CA-managed devices, and SAML authentications. This set of monitor scenarios will grow over time. These health metrics are now released as general availability data streams, in conjunction with the public preview of an intelligent alerting capability.
General Availability - Log analytics sign-in logs schema is in parity with MSGraph schema
Type: Plan for change
Service category: Authentications (Logins)
Product capability: Monitoring & Reporting
To maintain consistency in our core logging principles, we've addressed a legacy parity issue where the Azure Log Analytics sign-in logs schema did not align with the MSGraph sign-in logs schema. The updates include fields such as ClientCredentialType, CreatedDateTime, ManagedServiceIdentity, NetworkLocationDetails, tokenProtectionStatus, SessionID, among others. These changes will take effect in the first week of December 2024.
We believe this enhancement will provide a more consistent logging experience. As always, you can perform pre-ingestion transformations to remove any unwanted data from your Azure Log Analytics storage workspaces. For guidance on how to perform these transformations, see: Data collection transformations in Azure Monitor.
Deprecated - MIM hybrid reporting agent
Type: Deprecated
Service category: Microsoft Identity Manager
Product capability: Monitoring & Reporting
The hybrid reporting agent, used to send a MIM Service event log to Microsoft Entra to surface in password reset and self-service group management reports, is deprecated. The recommended replacement is to use Azure Arc to send the event logs to Azure Monitor. For more information, see: Microsoft Identity Manager 2016 reporting with Azure Monitor.
September 2024
Public preview - New Conditional Access Template Requiring Device Compliance
Type: New feature
Service category: Conditional Access
Product capability: Identity Security & Protection
A new Conditional Access template requiring device compliance is now available in Public Preview. This template restricts access to company resources exclusively to devices enrolled in mobile device management (MDM) and compliant with company policy. Requiring device compliance improves data security, reducing risk of data breaches, malware infections, and unauthorized access. This is a recommended best practice for users and devices targeted by compliance policy through MDM. For more information, see: Common policy: Create a Conditional Access policy requiring device compliance.
Public Preview - Request on behalf of
Type: New feature
Service category: Entitlement Management
Product capability: Entitlement Management
Entitlement Management enables admins to create access packages to manage their organization’s resources. Admins can either directly assign users to an access package, or configure an access package policy that allows users and group members to request access. This option to create self-service processes is useful, especially as organizations scale and hire more employees. However, new employees joining an organization might not always know what they need access to, or how they can request access. In this case, a new employee would likely rely on their manager to guide them through the access request process.
Instead of having new employees navigate the request process, managers can request access packages for their employees, making onboarding faster and more seamless. To enable this functionality for managers, admins can select an option when setting up an access package policy that allows managers to request access on their employees' behalf.
Expanding self-service request flows to allow requests on behalf of employees ensures that users have timely access to necessary resources, and increases productivity. For more information, see: Request access package on-behalf-of other users (Preview).