Our change management announcements cover all changes across Microsoft Entra where we communicate product retirement news biannually and breaking/feature change announcements quarterly. In between these announcements, you will see specific blog posts for new product and feature launches. For example, since our Sept Change Announcements Blog, we launched the general availability of a new region in Japan.
Today, we're sharing our November train for feature and breaking changes. We also communicate these changes on release notes and via email. We also continue to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center.
November 2022 change announcements:
Microsoft Authenticator Number Matching
Microsoft Authenticator Number Matching and Additional Context are now generally available (as of 24-Oct-2022). With number matching, admins can prevent accidental approvals by requiring users to enter the number displayed on the sign-in screen when approving an MFA request in the Authenticator app. Another way to reduce accidental approvals is to show users additional context in Authenticator notifications. Admins can now selectively choose to enable the following:
Application context: Show users which application they’re signing into.
Geographic location context: Show users their sign-in location based on the IP address of the device they're signing into.
With MFA fatigue attacks increasing, these features are critical to help protect your organizations. Please leverage the rollout features (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy these critical security features in your organization.
With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.
Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra. This will allow customers to reach the Azure AD services over both IPv4 and IPv6 network protocols (dual stack).
For most customers, IPv4 won't completely disappear from their digital landscape, so we aren't planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services.
We’ll begin introducing IPv6 support into Azure AD services in a phased approach, beginning March 31st, 2023.
We have guidance below specifically for Azure AD customers, who use IPv6 addresses and use Named Locations in their Conditional Access policies.
Customers who use named locations to identify specific network boundaries in their organization, need to:
Conduct an audit of existing named locations to anticipate potential impact;
Work with your network partner to identify egress IPv6 addresses in use in your environment;
Review and update existing named locations to include the identified IPv6 ranges.
We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.
Azure AD Domain Services classic VNET support
As previously announced, in 2017 Azure AD Domain Services became available to host in an Azure Resource Manager network. Since then, we’ve built a more secure service using the Azure Resource Manager ‘s modern capabilities. Because Azure Resource Manager deployments fully replace classic deployments, Azure AD DS classic virtual network deployments will be retired on March 1, 2023. Learn more about Migrate Azure AD Domain Services from a Classic virtual network | Microsoft Docs.
As always, we’d love to hear your feedback or suggestions. Let us know what you think in the comments below or on the Azure AD feedback forum. You may also send your questions, open issues, and feature requests through Microsoft Q&A by using the tag #AzureADChangeManagementNov2022Train.