The second quarter of the Microsoft year saw several security feature updates for Microsoft Entra, as well as the announcement of general availability in a wide number of capability areas throughout the security space to help you improve your organization’s security posture.
In case you missed the announcements as they happened or want to quickly peruse an all-up listing of what Microsoft has added, check out the comprehensive list below. We’ve organized these updates by capability area, making your area of interest easy to find and review:
Identity security / protecting Identities
- Conditional Access Authentication Context
- Test CBA using staged roll-out
- View MFA events from NPS extension and ADFS MFA adapter in the sign-in logs
- User compromise detection based on anomalous directory changes
- Azure multifactor authentication (MFA) server migration utility
- Ability to force reauthentication on Intune enrollment, risky sign-ins/ users
- Post-authn anomalous activity detection for users
- Detect anomalous credential changes for Service Principals
Identity modernization
- Attribute based access control (ABAC) for Azure Blob Services
- Configure single SAML/WS-Fed based IdP with multiple domains
- Blocking Bitlocker self-service recovery for all users
- Create groups in administrative units
- Soft Delete for Administrative Units and Devices in AUs
- Filter and transform group names in token claims using regular expressions
- Claims transforms on multi-value attributes for application integration and migration
- Administrative unit support for devices
Identity Governance
Passwordless
- Windows Hello for Business (WHFB) Cloud Trust
- Restrict Windows Web Sign In on AADJ devices to use TAP only
- Multiple Password-less Phone Sign-in for iOS Devices
External Identities (B2B & B2C)
Previously announced updates
Additionally, Microsoft previously announced several updates to enhance our security offerings. These updates include certificate-based authentication, FIPS 140 compliance, and advanced features for the Microsoft Authenticator app, among others. To learn more about these updates and their capabilities, we encourage you to check out the links below:
- Azure AD Certificate-based Authentication (CBA) on Mobile
- Microsoft brings FIPS 140 Compliance to Authenticator supporting Federal Agencies
- Advanced Microsoft Authenticator security features are now generally available!
- Public Preview: Conditional Access filters for apps
- Microsoft Entra Workload Identities now generally available
- Public Preview: Conditional Access filters for apps
Learn more about Microsoft identity:
- Get to know Microsoft Entra – a comprehensive identity and access product family
- Return to the Microsoft Entra (Azure AD) blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Entra (Azure AD) forum
Updated Mar 24, 2023
Version 1.0
ShobhitSahay
Microsoft
Microsoft
