Microsoft Entra: Top 50 features of 2024

Do you feel like you’re still catching up with all the Microsoft Entra product innovation and security improvements from 2024? Not to worry – the team from “What’s New in Microsoft Entra” has created a retrospective highlighting 50 newsworthy solutions and new capabilities.

Below, you’ll find fifty notable features shaped by rising cyber threats, customer feedback, and market needs. For a comprehensive list, please refer to the What’s New experience in the Entra admin center. By adopting these latest identity innovations, you can better protect your digital estate and maximize the value of your security investments.

Happy New Year!

Shobhit

______________________________________________________________________________________________________

Microsoft Entra: Top 50 features of 2024

Top five new solutions

1. AI-driven Identity Security is now a part of our solutions. At Microsoft Ignite 2024, where we announced the preview of Microsoft Security Copilot in the Microsoft Entra admin center. Identity admins now get AI-driven summaries of identity context and insights for handling security incidents, enhancing protection against compromise. The embedded experience also speeds up tasks like resolving identity risks and sign-in issues, all within the admin center.
   Figure 1: Identity admins can leverage starter prompts upon opening Microsoft Copilot to get started with” click-to-run" options to summarize, analyze, troubleshoot, and learn.
2. General availability of Microsoft Entra Suite, which provides a complete cloud-based solution for workforce access. It brings together identity and network access that secures employee access to any cloud or on-premises application and resources from any location, consistently enforces the least privileged access, and improves the employee experience.​

   Figure 2: Microsoft Entra Suite delivers a complete cloud-based solution for workforce access.

3. Microsoft's Security Service Edge (SSE) solution, which combines Microsoft Entra Private Access, Microsoft Entra Internet Access, and the SaaS security-focused cloud access security broker (CASB) Microsoft Defender for Cloud Apps. This cloud-delivered, identity-centric networking model transforms how you secure access. Microsoft's SSE solution bridges security gaps by extending Conditional Access and continuous access evaluation (CAE) across all your applications and resources, whether on-premises or in any cloud environment.

   Figure 3: Secure access to all internet, SaaS, and Microsoft 365 apps and resources with an identity-centric Secure Web Gateway (SWG).

4. The ability to secure and customize external identities access to applications using Microsoft Entra External ID, our next-generation, developer-friendly customer identity access management (CIAM) solution. Whether you're building applications for partners, business customers, or consumers, External ID makes secure and customizable CIAM simple.

   Figure 4: Design secure, intuitive, and frictionless sign-up and sign-in user journeys that immerse external identities in your brand.

5. Face Check, a privacy-preserving, facial-matching feature for high-assurance identity verification, is now generally available as the first premium capability of Microsoft Entra Verified ID.

   Figure 5: Face Check adds a critical layer of trust by matching a user’s real-time selfie and the photo on their Verified ID.

   Establish Zero Trust access controls and secure identities
   
   

6. The ability to detect and defend against password spray attacks in real-time with Microsoft Entra ID Protection and reduce remediation from hours to seconds.
7. Addition of new detections to Entra ID Protection to protect against anomalous graph usage, token theft, and attacker in the middle (AitM) attacks.
8. On-premises password changes can now reset user risk, enabling hybrid customers to apply risk-based Conditional Access policies requiring password remediation.
9. The ability to enhance the detection and automatic mitigation of Insider threats using insider risk condition in Conditional Access.
10. The Entra ID Protection dashboard, which provides key metrics, visuals, and recommendations to enhance your tenant’s security posture.
11. Requiring multifactor authentication (MFA) for users accessing admin portals like Entra admin center can prevent over 99.2% of account compromise attempts.
12. Microsoft-managed Conditional Access policies now better secure your resources and data by adapting to usage patterns, risks, and existing policies, reducing your effort.
13. To enhance baseline security, the 14-day grace period for skipping MFA registration with security defaults is ending, as MFA blocks over 99.2% of identity-based attacks.
14. External authentication methods in Microsoft Entra ID now let you use your preferred MFA solution while leveraging features like Conditional Access and Identity Protection.
15. Integration of Microsoft Entra Permissions Management with Microsoft Defender for Cloud (MDC) streamlines access and permission insights for other cloud resources through a unified interface.
16. Addition of new Entra recommendations, like 'Remove unused applications' and 'Renew expiring application credentials,' to improve application health and security.
17. Requiring interactive reauthentication before accessing critical applications and taking sensitive actions using Conditional Access.
18. Quick Microsoft Entra Verified ID setup, which removes several configuration steps an admin needs to complete with a single select on a Get started button.
    

    Go passwordless with phishing-resistant authentication
    
    

19. Neutralize phishing attempts with passkeys through Device-bound passkey support in Microsoft Authenticator for iOS and Android.
20. The ability to delete passwords and use a passkey for Microsoft Consumer Accounts (MSA).
21. Support for passkey (FIDO2) authentication in brokered Microsoft apps on Android that now allows users to sign into apps like Teams and Outlook using a FIDO2 security key or passkey.
22. Admin provisioning of FIDO2 security keys (passkeys) on behalf of users, which provides secure and seamless authentication from day one.
    

    Modernize your identity estate
    
    

23. The ability to securely interact with users across your organization of multiple tenants and automatically provision and manage those users across your tenants using Multitenant organizations in Microsoft Entra ID.
24. Move to cloud authentication with the AD FS migration tool, which helps identify which applications are capable of being migrated and assess their compatibility.
25. The ability to build visually appealing, pixel-perfect authentication screens that seamlessly blend into your app’s interface using the native authentication for External ID.
26. Bicep templates now provide declarative infrastructure-as-code (IaC) capabilities for Microsoft Graph resources, allowing you to define and deploy tenant infrastructure like Microsoft Entra ID groups or applications.
27. Expanded self-service request flows, which now enable requests on behalf of employees, ensuring timely access to resources and boosting productivity.
28. Using confidential HR data stored in custom security attributes, along with other attributes, now helps define workflow scopes in Lifecycle Workflows and automate joiner, mover, and leaver scenarios.
29. Simplification of enabling, disabling, and deleting accounts in Microsoft Entra with Lifecycle Workflows, ensuring seamless offboarding after a retention period.
30. Monitor workflow health and gain insights in Lifecycle Workflows, including viewing processing data across workflows, tasks, and categories.
31. Significant updates to the Sign-ins workbook make it a crucial tool for organizations transitioning from Azure AD Authentication Libraries (ADAL) to Microsoft Authentication Libraries (MSAL).
32. Updates to the Microsoft Entra PowerShell module, a high-quality and scenario-focused tool designed to streamline management and automation for Microsoft Entra products.
33. The ability to perform security analysis, threat hunting, and monitor application activity in your tenant using Microsoft Graph activity logs.
34. Improvements to make usage and management of Mac devices more seamless and secure with the platform SSO.
35. Provision security groups to Active Directory and easily govern on-premises applications (Kerberos apps) using Microsoft Entra ID Governance.
36. Effectively manage administrative users and groups using dynamic rules.
37. Enhanced support for PIM-enabled Groups in Microsoft Entra Permissions Management.
38. Custom authentication extensions now allow you to customize the authentication experiences by integrating with external systems.
39. Improved resiliency for workload identity authentication with 99.99% service-level promise.
    

    Get increased visibility to product updates, tenant health, and more
    
    

40. What’s new feature offers a centralized view of Microsoft Entra product updates with details on public previews, recent general availability releases, and change announcements like deprecations, breaking changes, and Microsoft-managed policies.

    Figure 6: What's new in the Microsoft Entra admin center offers a centralized view of Microsoft Entra product updates.

41. Health monitoring, which provides helpful visuals of trends and totals for various sign-in types to make it easier to investigate the ongoing health of key scenarios.

    Figure 7: Microsoft Entra ID provides tenant-level SLA performance for organizations with at least 5,000 monthly active users.

42. License utilization insights, which helps you optimize your Microsoft Entra licenses, as well as stay compliant by getting insights into the current usage.
    

    Comply with federal and regulated industry requirements

    Microsoft Entra certificate-based authentication (CBA) enhancements:
    
    

43. Certificate Revocation List (CRL) validation fail safe, which enables admins can strengthen the security by failing CBA if the issuing certificate authority (CA) has no Certificate Revocation List (CRL).
44. Enhanced PKI-based certificate authority (CA) store, which removes any current size limitation and supports issuer hints at each CA level. 
45. Support for username, affinity bindings, policy rules, and advanced CBA options in Conditional Access.
46. Allowing access to specific resources based on the certificate Issuer or Policy Object Identifiers (OIDs) properties.
47. Updates to FIPS 140 compliance for Microsoft Authenticator helps federal agencies meet the requirements of Executive Order (EO) 14028 and healthcare organizations with Electronic Prescriptions for Controlled Substances (EPCS). 
48. Identity Governance for government updates, in which Microsoft Entra ID Governance is available for federal agencies, state and local governments, and government contractors in the US Government Community Cloud (GCC), GCC-High, and Department of Defense cloud environments.
    

    Unified Secure Access Service Edge (SASE) and Identity Management (IDM)
    
    

49. Microsoft partners with leading SD-WAN and connectivity providers to reshape secure branch connectivity by uniting its Security Service Edge (SSE) solution with best-in-class connectivity, streamlining the journey toward a unified SASE architecture.
50. SAP partners with Microsoft, encouraging SAP Identity Management (IDM) customers to migrate to Microsoft Entra as support for SAP IDM ends, enabling enhanced integration for a comprehensive identity and access governance framework.

Thank you for another year of feedback and collaboration. By fostering this culture of continuous learning and improvement, we are building a future where security is not just a feature, but a foundation. Stay tuned for more updates!

Learn more about Microsoft Entra

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• ⁠Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community