What’s New in Entra ID in January 2025 : Sander Berkouwer

What’s New in Entra ID in January 2025
by: Sander Berkouwer
blow post content copied from  DirTeam.com
click here to view original post

Reading Time: 4 minutes

Microsoft Entra ID, previously known as Azure AD is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for January 2025:

 

What's Deprecated

Azure AD Graph February 1, 2025

Service category: Azure AD Graph
Product capability: Developer Experience

The Azure AD Graph API service was deprecated in 2020. Retirement of the Azure AD Graph API service began in September 2024, and the next phase of this retirement starts February 1, 2025. This phase will impact new and existing applications unless action is taken.

Starting from February 1, 2025, both new and existing applications will be prevented from calling Azure AD Graph APIs, unless they're configured for an extension. You might not see impact right away, as Microsoft is rolling out this change in stages across tenants. We anticipate full deployment of this change around the end of February, and by the end of March for national cloud deployments.

If you haven't already, it's now urgent to review the applications on your tenant to see which ones depend on Azure AD Graph API access, and mitigate or migrate these before the February 1, 2025, cutoff date. For applications that haven't migrated to Microsoft Graph APIs, an extension can be set to allow the application access to Azure AD Graph through June 30, 2025.

 

MSOnline PowerShell module April 2025

Service category: Legacy MSOnline and AzureAD PowerShell modules
Product capability: Developer Experience

As announced in Microsoft Entra change announcements and in the Microsoft Entra Blog, the MSOnline and AzureAD PowerShell modules retired on March 30, 2024.

The retirement for MSOnline PowerShell module starts in early April 2025, and ends in late May 2025. If you're using MSOnline PowerShell, you must take action by March 30, 2025 to avoid impact after the retirement by migrating any use of MSOnline to Microsoft Graph PowerShell SDK or Microsoft Entra PowerShell.

• The MSOnline PowerShell will retire, and stop working, between early April 2025 and late May 2025
• The AzureAD PowerShell will no longer be supported after March 30, 2025, but its retirement will happen in early July 2025. This postponement is to allow you time to finish the MSOnline PowerShell migration
• To ensure customer readiness for MSOnline PowerShell retirement, a series of temporary outage tests will occur for all tenants between January 2025 and March 2025.

 

What's New

Microsoft Entra PowerShell Generally Available

Service category: MS Graph
Product capability: Developer Experience

Manage and automate Microsoft Entra resources programmatically with the scenario-focused Microsoft Entra PowerShell module.

 

Improving visibility into downstream tenant sign-ins Generally Available

Service category: Reporting
Product capability: Monitoring & Reporting

Microsoft Security wants to ensure that all organizations are aware of how to notice when a partner is accessing a downstream tenant's resources. Interactive sign-in logs currently provide a list of sign in events, but there's no clear indication of which logins are from partners accessing downstream tenant resources. For example, when reviewing the logs, admins might see a series of events, but without any additional context, it’s difficult to tell whether these logins are from a partner accessing another tenant’s data.

Here's a list of steps that one can take to clarify which logins are associated with partner tenants:

1. Take note of the ServiceProvider value in the CrossTenantAccessType column. This filter can be applied to refine the log data. When activated, it immediately isolates events related to partner logins.
2. Utilize the Home Tenant ID and Resource Tenant ID columns. These two columns identify logins coming from the partner’s tenant to a downstream tenant.

After seeing a partner logging into a downstream tenant’s resources, an important follow-up activity to perform is to validate the activities that might have occurred in the downstream environment. Some examples of logs to look at are Microsoft Entra Audit logs for Microsoft Entra ID events, Microsoft 365 Unified Audit Log (UAL) for Microsoft 365 and Microsoft Entra ID events, and/or the Azure Monitor activity log for Azure events. By following these steps, admins are able to clearly identify when a partner is logging into a downstream tenant’s resources and subsequent activity in the environment, enhancing their ability to manage and monitor cross-tenant access efficiently.

To increase visibility into the aforementioned columns, Microsoft Entra will begin enabling these columns to display by default when loading the sign-in logs UX starting on March 7, 2025.

 

Real-time Password Spray Detection in Microsoft Entra ID Protection Generally Available

Service category: Identity Protection
Product capability: Identity Security & Protection

Traditionally, password spray attacks are detected post breach or as part of hunting activity. Now, Microsoft has enhanced Microsoft Entra ID Protection to detect password spray attacks in real-time before the threat actor ever obtains a token. This reduces remediation from hours to seconds by interrupting attacks during the sign-in flow.

Risk-based Conditional Access can automatically respond to this new signal by raising session risk, immediately challenging the sign-in attempt, and stopping password spray attempts in their tracks. This cutting-edge detection works alongside existing detections for advanced attacks such as Adversary-in-the-Middle (AitM) phishing and token theft, to ensure comprehensive coverage against modern attacks.

 

Protected actions for hard deletions Generally Available

Service category: Other
Product capability: Identity Security & Protection

Organizations can now configure Conditional Access policies to protect against early hard deletions. Protected action for hard deletion protects hard deletion of users, Microsoft 365 groups, and applications.

 

Flexible Federated Identity Credentials Public Preview

Service category: Authentications (Logins)
Product capability: Developer Experience

Flexible Federated Identity Credentials extend the existing Federated Identity Credential model by providing the ability to use wildcard matching against certain claims. Currently available for GitHub, GitLab, and Terraform Cloud scenarios, this functionality can be used to lower the total number of FICs required to managed similar scenarios.

 

Elevate Access events are now exportable via Microsoft Entra Audit Logs Public Preview

Service category: RBAC
Product capability: Monitoring & Reporting

This feature enables admins to export and stream Elevate Access events to both first-party and third-party SIEM solutions via Microsoft Entra Audit logs. It enhances detection and improves logging capabilities, allowing visibility into who in their tenant has utilized Elevate Access.

 

Manage Lifecycle Workflows with Microsoft Security CoPilot in Microsoft Entra Public Preview

Service category: Lifecycle Workflows
Product capability: Identity Governance

Organizations can now manage, and customize, Lifecycle Workflows using natural language with Microsoft Security CoPilot. The Lifecycle Workflows (LCW) Copilot solution provides step-by-step guidance to perform key workflow configuration and execution tasks using natural language. It allows organizations to quickly get rich insights to help monitor, and troubleshoot, workflows for compliance.

 

The post What’s New in Entra ID in January 2025 appeared first on DirTeam.com.

February 07, 2025 at 07:50PM
Click here for more details...

=============================
The original post is available in DirTeam.com by Sander Berkouwer
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================