Blog Post

Microsoft Entra Blog
6 MIN READ

Microsoft Entra’s top 50 features of 2023

ShobhitSahay's avatar
ShobhitSahay
Icon for Microsoft rankMicrosoft
Jan 19, 2024

To kick off 2024, we’re revisiting the top features delivered in Microsoft Entra over the last calendar year. We served thousands of customers to verify all types of identities and secure, manage, and govern their access to any resource with multicloud identity and network access products. We introduced the latest wave of advancements from Microsoft Entra, expanding into Security Service Edge (SSE), Artificial Intelligence (AI), and accelerating innovations in other key areas like Decentralized Identities, multicloud, and non-human identities, delivering more than a hundred features. Below, you’ll find the top fifty features influenced by customer feedback and market needs. For a comprehensive list, please refer to the release notes. By adopting these latest identity innovations, you can better protect your digital estate and get more out of your security investments.
 

  1. Secure Access in the Era of AI - at Microsoft Ignite 2023, we announced that Microsoft Security Copilot is coming to Microsoft Entra (in Private Preview) to help you automate common tasks, troubleshoot faster, interpret complex policies, and design workflows. This monumental inclusion is only one component of maintaining strong and consistent identity security. Microsoft Entra’s breadth of solutions protect employees, frontline workers, customers, and partners—as well as apps, devices, and workloads across multicloud and hybrid environments.
    In the Microsoft Entra admin center, Microsoft Security Copilot explains in simple, conversational language what a Conditional Access policy does or why multi-factor authentication (MFA) was triggered.

     

  2. Upcoming support for passkeys offering phishing-resistant alternative to physical FIDO2 security keys supporting our enterprises and government customers.
  3. Secure by default, through the auto-rollout of Microsoft Entra Conditional Access policies protecting tenants based on risk signals, licensing, and usage.
  4. Conditional Access enforcement of token protection for sign-in sessions (Public Preview) to combat token theft and replay attacks.
  5. Conditional Access for protected actions enabling organizations to safeguard critical administrative operations, such as altering Conditional Access policies, adding credentials to an application, or changing federation trust settings etc.
  6. Conditional Access overview dashboard offering a comprehensive view of Conditional Access posture and templates providing a convenient method to deploy new policies aligned with Microsoft recommendations. 
  7. Conditional Access authentication strength to enable organizations to tailor authentication method requirements based on the user's sign-in risk level or the sensitivity of the accessed resource, empowering those in highly regulated industries or with strict compliance requirements.

  8. Implement Zero Trust access control by invalidating tokens that violate your IP-based location policies and prevent token replay attacks in near real-time through the strict enforcement of location policies (Public Preview).
  9. The new Entra ID Protection dashboard (Public Preview) is a central hub aiding identity admins and IT practitioners in understanding security posture and implementing effective protections against identity compromises.
  10. New Entra ID Protection signals: verified threat actor ID and attacker in the middle, to help protect organizations from malicious actors and activities.
  11. Entra ID Protection now offers real-time threat intelligence detections to apply risk-based Conditional Access policies to protect identities.
  12. Manage the permissions of identities across a multicloud infrastructure - Improve the security posture of your identities for multicloud infrastructure by managing their permissions and ensuring the principle of least privilege. Manage identity permissions across your multicloud infrastructure. 
  13. Leverage Entra ID Protection - Allow on-premises password change to reset user risk (Public Preview) to effectively manage user risk in hybrid environments.
  14. Integration of Entra ID Protection with Microsoft 365 Defender to investigate incidents efficiently and effectively, gaining a comprehensive understanding of end-to-end attacks and facilitating a quicker response to identity compromises.
  15. System-preferred authentication for MFA to sign in users with the most secure method they’ve registered and the method that’s enabled by admin policy.
  16. Configure phishing-resistant MFA on mobile without having to provision certificates on the user’s mobile device using certificate-based authentication (CBA) on mobile.
  17. New features and enhancements in certificate-based authentication (CBA) enabling government organizations to comply with Executive Order 14028 requirements and helping customers migrate from Active Directory Federation Services.
  18. Verify your workplace on LinkedIn with Microsoft Entra Verified ID - Start your decentralized identity journey through managed verifiable credentials service based on open standards. 
  19. Converged Authentication Methods - Manage multi-factor authentication (MFA) and self-service password reset (SSPR) in one policy alongside passwordless methods like FIDO2 security keys and certificate-based authentication (CBA).
  20. Secure non-human identities using Microsoft Entra Workload Identities App Health Recommendations. 
  21. AD FS Application Migration - Modernize identity estate through cloud-based identity services, enhanced security, and improved user experience.

  22. Use FIDO2 security keys to sign in to Microsoft Entra ID federated applications on iOS and macOS web browsers.
  23. Configure single sign-on (SSO) for Microsoft Entra ID accounts on macOS, iOS, and iPadOS across all applications using Microsoft Enterprise SSO for Apple Devices.
  24. Configure either the phishing-resistant credential or a traditional password as the authentication method using platform SSO for macOS (Public Preview).
  25. Protect and secure local administrator accounts using Windows Local Administrator Password Solution with Microsoft Entra ID.
  26. Customize your authentication flows with custom claims provider to source claims from external systems.
  27. Microsoft Entra External ID (Public Preview) - Establish more secure digital relationships for external identities, create people-centric experiences, and accelerate development of secure applications. 

    Personalize and help secure access to any application for customers and partners.

     

  28. With Microsoft Graph Activity Logs, you can now investigate the complete picture of activity in your tenant – from token request in Sign-In logs, to API request activity (reads, writes, and deletes) in Microsoft Graph Activity Logs, to ultimate resource changes in Audit logs.
  29. Restricted management administrative units: Designate specific users, security groups, or devices in your Microsoft Entra ID tenant that you want to protect from modification by tenant-level administrators.
  30. IPv6 support to Microsoft Entra ID allowing customers to reach the Entra services over IPv4, IPv6 or dual stack endpoints. 
  31. Microsoft Entra Permissions Management - Microsoft Defender for Cloud (MDC) integration (Public preview): Consolidate identity and access permission insights with other cloud security information in a single interface.

  32. Microsoft Entra Permissions Management - ServiceNow integration: Allow ServiceNow customers to request time-bound, on-demand permissions for multicloud environments (Azure, AWS, Google Cloud) via the ServiceNow portal.
  33. Gain a centralized view of all identities and their permissions (Public Preview), regardless of the identity provider solutions theyre using.
  34. Safeguard Network Access with Microsoft Entra - in July 2023 we announced two new products: Microsoft Entra Internet Access (Public Preview) and Microsoft Entra Private Access (Public Preview). With Identity and Network Access solutions working together, organizations don’t need to spend time deciding which tool would work better for each app, or how to bridge the policies your identity team created with the policies your networking team created. You can enforce unified adaptive access controls, simplify network access security, and deliver a great user experience anywhere with identity-centric Security Service Edge (SSE) solutions. Secure access to all internet, SaaS, and Microsoft 365 apps and resources with an identity-centric Secure Web Gateway (SWG).

     

  35. Identity Platform Developer Center: One-stop shop for everything developers need to understand about identity concepts, learn the features of Microsoft Entra External ID, and how best to use the new platform to build awesome consumer-facing applications.
  36. Enhanced company branding - Create a custom look and feel for the default sign-in pages, as well as pages targeting specific browser languages.
  37. Cross-tenant access settings improvements - secure your cross-tenant collaboration scenarios and improve end-user experiences for partners.
  38. Prevent data exfiltration using Tenant Restrictions v2 to secure cross-tenant access.
  39. Lifecycle workflows land within LID Governance - On June 7, 2023, Microsoft Entra ID Governancebecame generally available, and included one of our newest capabilities: Lifecycle Workflows (LCW). With the new Lifecycle Workflows, updates and improvements can be made with more granular workflow execution auditing, and at any time, allowing for navigation to Lifecycle Workflows Audit Logs or Entra Identity Governance Audit Logs. All this access provides extensive workflow execution info and other workflow management activities.Design workflows to ensure new employees are productive immediately—and that access is removed when employees leave.

     

  40. Machine Learning-based recommendations for reviewers.

  41. A new Microsoft Entra ID Governance dashboard that pulls information, giving you an at-a-glance view of your current state of Identity Governance, a launch-pad for IGA features, and quick access to compliance reports.
  42. Implement require independently verified credentials before approving access to confidential resources.
  43. Zero Trust access control - Just-in-time access to privileged roles with PIM for groups.
  44. Enforce security requirements for activation using PIM integration with Conditional Access.
  45. API-driven provisioning (Public Preview) - Enhance employees, partners productivity and help to meet compliance and regulatory requirements through robust identity governance.
  46. Automate provisioning and governance of your on-premises applications.
  47. Extending the access lifecycle with your organization-specific processes and business logic.
  48. Assigning access automatically to access packages instead of requiring users to request access.
  49. Configuring Verified ID checks in entitlement management.

  50. Entitlement Management support in Conditional Access.

 

Identity security is a continuous journey

 

The identity security market is constantly developing, but so are the threats and risks from malicious actors and hackers and the advancements of AI. To keep up with these changes, organizations need to take an active and comprehensive approach to identity security, working with reliable vendors to offer them the best solutions. Even though 2023 is over, the demand for solutions remains high, and we are eager to reveal what we have planned for 2024.  

 

Best regards,  

Shobhit Sahay 

 

 

Learn more about Microsoft identity: 

Updated Apr 03, 2024
Version 2.0