Last Updated on May 10, 2024 by Michael Morten Sonne

Introduction

Let´s explore some of the new in Microsoft Entra’s new Public Preview: What’s New! 🤘

In the fast-paced landscape of digital tools and platforms, staying updated with the latest features and changes is crucial for organizations aiming to streamline their operations and enhance productivity. Microsoft Entra, a comprehensive suite of tools designed to empower businesses, has introduced a new feature – and is now in Public Preview: What’s New – to keep its customers updated and aline of the latest developments.

Let’s delve into what this means for organizations leveraging Microsoft Entra 😎

What is Microsoft Entra ID?

Microsoft Entra ID refers to the identity and access management system provided by Microsoft under the Microsoft Entra suite of tools. It encompasses features and functionalities related to user authentication, authorization, and management within organizations. With Microsoft Entra ID, organizations can control access to resources, manage user identities, and ensure security across their digital infrastructure. It is designed to streamline the process of managing identities and access rights, providing administrators with tools to effectively control and monitor user access to various applications and services within the organization’s ecosystem – in the cloud or on-prem! 🗝️

In the dynamic realm of identity and network access management, transparency regarding product updates is paramount, especially for the 800,000+ organizations relying on Microsoft Entra today! 🫣

Microsoft Entra ID offers a range of security features to safeguard user identities and access within organizations. Some common security features include:

• Multi-Factor Authentication (MFA): Enabling MFA adds an extra layer of security by requiring users to verify their identity using multiple methods, such as a password and a mobile phone code, before accessing resources.
• Conditional Access Policies: These policies allow administrators to enforce access controls based on specific conditions, such as user location, device compliance, or risk level, ensuring that only authorized users with secure devices can access sensitive data.
• Identity Protection: Entra ID includes features for detecting and remediating identity-based risks, such as suspicious sign-in activities or leaked credentials, helping organizations proactively protect against account compromise.
• Privileged Identity Management (PIM): PIM allows organizations to manage, control, and monitor access to privileged roles within Azure AD and other Microsoft services, reducing the risk of unauthorized access to critical resources.
• Identity Governance: Identity governance features enable organizations to govern access to resources effectively, including managing access requests, access reviews, and entitlement management, ensuring compliance with regulatory requirements and security policies.
• Single Sign-On (SSO): Enabling SSO allows users to access multiple applications and services with a single set of credentials, reducing the risk of password fatigue and simplifying access management for administrators.
• Identity Federation: Federation enables seamless and secure access to resources across on-premises and cloud environments, allowing users to use their existing corporate credentials to access cloud-based applications and services.
• Threat Intelligence Integration: Entra ID integrates with Microsoft’s threat intelligence capabilities to provide real-time insights into emerging threats and suspicious activities, allowing organizations to take proactive measures to protect against security breaches.
• Secure Password Management: Entra ID includes features for enforcing strong password policies, implementing password expiration and reset requirements, and detecting compromised passwords, enhancing overall password security.
• Audit and Reporting: Comprehensive audit logs and reporting capabilities enable organizations to monitor user activities, track access events, and investigate security incidents, helping to maintain compliance and identify potential security risks.

These security features (there is more) collectively help organizations strengthen their security posture, protect against identity-related threats, and ensure secure access to resources across their digital environments.

More details about the technical backend of Microsoft Entra

Microsoft Entra ID and data residency

Microsoft Entra, a robust Identity as a Service (IDaaS) solution designed to streamline identity and access management while prioritizing security. Let’s delve into the technical intricacies of Microsoft Entra and understand how it empowers organizations to manage access effectively while safeguarding sensitive data.

Understanding Microsoft Entra

At its core, Microsoft Entra is divided into two main components: Microsoft Entra ID and Microsoft Entra External ID.

• Microsoft Entra ID: This serves as the foundational IDaaS solution, storing and managing identity and access data in the cloud. It enables organizations to facilitate access to cloud services, support mobility scenarios, and fortify organizational security. Each instance of Microsoft Entra ID, known as a tenant, provides an isolated set of directory object data that customers can provision and own.
• Microsoft Entra External ID: Designed specifically for customer identity and access management (CIAM), External ID operates within a separate tenant dedicated to customer-facing applications and customer directory data. This external tenant, distinct from the primary Entra ID tenant, offers flexibility in data storage location, ensuring compliance and catering to specific customer requirements.

The Core Store: Ensuring Scalability and Resilience

Central to Microsoft Entra’s architecture is the Core Store, a foundational component comprised of multiple tenants stored in scale units. These scale units, each housing numerous tenants, ensure efficient data management and scalability. Data operations within the Core Store are tailored to individual tenants, maintaining robust tenant isolation and security.

Furthermore, Microsoft Entra strategically distributes data across geographically diverse datacenters, leveraging Azure regions for resilience and optimal performance. This replication ensures data availability and mitigates the impact of unforeseen events, bolstering the platform’s reliability.

Navigating Cloud Solution Models

Microsoft Entra offers various cloud solution models tailored to infrastructure, data location, and operational sovereignty. From public geo-located deployments to sovereign or national cloud instances, organizations can select the model that aligns with their specific needs and compliance requirements. Each model comes with distinct operational procedures and data residency considerations, empowering organizations to make informed decisions based on their unique circumstances.

A closer look at components and Data Storage

Delving deeper, let’s explore some key components of Microsoft Entra and their respective data storage locations:

• Authentication Service: Stateless and integral to user authentication, this service operates within the Microsoft Entra Core Store, leveraging Azure infrastructure for data storage and management.
• Identity and Access Management (IAM) Services: From user experiences to identity management logic, these services utilize Azure storage solutions for log and usage data, ensuring seamless operation and robust reporting capabilities.
• Multifactor Authentication: Ensuring enhanced security, multifactor authentication logs and stores data within designated North American datacenters, prioritizing data residency and compliance.
• Device Registration Service: Essential for device lifecycle management, this service operates within designated geographical regions, facilitating secure device-state conditional access and mobile device management.

Overall services there is holding the features in the backend include etc.:

• Azure table storage
• Azure SQL
• Microsoft’s Elastic Search reporting services
• Redis Cache
• Azure Service Bus
• Azure Cosmos DB

What it all is about

Streamlined updates

Gone are the days of scouring through multiple sources for product updates and changelogs! With the What’s New feature, Microsoft Entra administrators, whether if on the free or premium tiers, gain access to a centralized hub within the Microsoft Entra admin center. This hub serves as a one-stop destination for all product updates, including public previews, general availability releases, upcoming deprecations, and breaking changes.

Now you’re prepared to see what’s changing here, and you can keep better track of it all! Even as an IT Pro and Microsoft MVP, there’s information overload, and it’s impossible to keep track of all changes and new features – not only for Microsoft Entra ID – the hole suite! 🫣

Enhanced visibility

The What’s New feature offers enhanced visibility into the Entra product roadmap and change announcements. Organizations can now gain insights into upcoming features, changes, and deprecations, allowing them to plan their strategies accordingly in a easy overview with options to filter too.

Detailed views and documentation links provided within the Microsoft Entra admin center enable users to explore new features seamlessly! 😎

Improved navigation

Navigating through the Entra ecosystem is now more intuitive than ever. With interconnected experiences integrated into the What’s New feature, users can easily transition from viewing announcements to deploying corresponding features. This streamlined navigation enhances user experience and reduces the time required to implement new functionalities.

The What’s new is available from the top of the navigation in the Microsoft Entra admin center.

Comprehensive overview

The What’s New feature encompasses various tabs to provide a comprehensive overview of recent developments:

• Highlights: Offers a summary of top-tier announcements, significant changes, and features released in the last 30 days. This tab provides quick insights into recent developments without overwhelming users with excessive information.

• Roadmap: Lists public previews, recent general availability releases, and detailed views, along with documentation links.

• Change Announcements: Highlights upcoming deprecations, breaking changes, and Microsoft-managed features, complete with target dates and detailed information.

Details are available within the panes

Details, including filters and more, are accessible within the panes on the dashboard too – see more here! 😎

Filters

There is many filters – like retirements, end of support and breaking changes – you get it all! 🤘

There are even filters available to select the services you want to take a look at – and there is many!:

Details and documentation

To learn more, simply click on a title to access the details of that release. Alternatively, click on ‘Learn more‘ to open the related documentation:

Share view

You have the option to copy a unique link to share the view with colleagues or others, just as there is an option to create a custom link for the view:

Microsoft Graph API

It appears that it’s possible to access the same information through the Graph API! This is great news as it provides the flexibility to retrieve data and perform various actions with it.

However, it seems that currently, it’s not possible to utilize it in the Graph Explorer | Try Microsoft Graph APIs – Microsoft Graph to try Microsoft Graph APIs – as it returns an error message:

Samples of Graph API requests

Samples of Graph API requests provide practical demonstrations of how to interact with the Graph API to retrieve specific data or perform actions. These examples serve as invaluable resources for developers seeking to integrate Microsoft Graph functionalities into their applications seamlessly.

Hightlights

As for “Highlights,” this section typically showcases key features, updates, or noteworthy aspects of the Graph API, providing users with a overview.

GET https://graph.microsoft.com/beta/identity/changeEntities/?$top=5&$filter=systemTags/any(c:c%20eq%20%27entra_roadmap_new_features_30days%27)

GET https://graph.microsoft.com/beta/identity/changeEntities/?$top=1&$filter=systemTags/any(c:c%20eq%20%27entra_roadmap_highlight_new_feature%27)

GET https://graph.microsoft.com/beta/identity/changeEntities/?$top=1&$filter=systemTags/any(c:c%20eq%20%27entra_roadmap_highlight_product_news%27)

GET https://graph.microsoft.com/beta/identity/changeEntities/?$top=5&$filter=systemTags/any(c:c%20eq%20%27entra_change_announcements_90days%27)

GET https://graph.microsoft.com/beta/identity/changeEntities/?$top=1&$filter=systemTags/any(c:c%20eq%20%27entra_roadmap_highlight_change_announcement%27)

Roadmap

The “Roadmap view” provides a strategic overview of planned developments, enhancements, and milestones within a project or initiative. It serves as a valuable tool for project planning, communication, and alignment, enabling teams to track progress, identify potential roadblocks, and make informed decisions to ensure successful execution.

GET https://graph.microsoft.com/beta/identity/changeEntities/?$select=id,changeEntityType,changeEntityState,changeEntityService,marketingThemes,systemTags,documentationUrls,twoLineDescription,title,description,newFeatureConfiguration,changeRequestConfiguration&$filter=(newFeatureConfiguration/publishStartDateTime%20ge%202019-05-09T19%3A37%3A26.032Z)%20AND%20(newFeatureConfiguration/publishStartDateTime%20le%202029-05-09T19%3A37%3A26.032Z)%20AND%20(changeEntityType%20eq%20%27epic%27)&$orderby=newFeatureConfiguration/publishStartDateTime%20desc&$count=true

Change Announcements

The “Change Announcements view” offers a comprehensive overview of recent updates, modifications, or alterations within a system or platform. This view serves as a centralized hub for communicating changes to stakeholders, users, or team members, ensuring transparency and clarity regarding any adjustments made. It provides essential information such as the nature of the change, its impact, and any necessary actions or next steps required.

GET https://graph.microsoft.com/beta/identity/changeEntities/?$select=id,changeEntityType,changeEntityState,changeEntityService,marketingThemes,systemTags,documentationUrls,twoLineDescription,title,description,newFeatureConfiguration,changeRequestConfiguration&$filter=(changeRequestConfiguration/announcementDateTime%20ge%202019-05-09T19%3A43%3A15.404Z)%20AND%20(changeRequestConfiguration/announcementDateTime%20le%202029-05-09T19%3A43%3A15.404Z)%20AND%20(changeEntityType%20eq%20%27changeRequest%27)&$orderby=changeRequestConfiguration/announcementDateTime%20desc&$count=true

Benefits for organizations

For organizations leveraging Microsoft Entra, the introduction of the What’s New feature brings several benefits:

• Stay Informed: Keep abreast of the latest features, changes, and deprecations within the Entra ecosystem in one view!
• Enhanced Planning: Plan your strategies effectively by anticipating upcoming features and changes.
• Efficient Deployment: Seamlessly navigate from announcements to feature deployment, reducing deployment time and effort.
• Improved User Experience: Enjoy a more intuitive and user-friendly experience within the Entra admin center, enhancing overall productivity.

By providing a centralized hub for product updates and streamlining navigation, we ensures that businesses can make informed decisions and leverage the full potential of its suite of tool!.

Help to keep aline

Common mistakes when changes occur, such as the deprecation of old PowerShell modules used to manage Entra ID (before Azure AD) and can include:

• Ignoring Notifications: Failing to stay updated with change announcements and missing important notifications about deprecated features or modules.
• Delayed Planning: Waiting until the last minute to plan for the adoption of new features or adjustments required due to deprecation.
• Lack of Testing: Neglecting to thoroughly test existing scripts or applications with new PowerShell modules or features, leading to compatibility issues…
• Assuming Compatibility: Assuming that existing scripts or applications will seamlessly transition to new modules without verifying compatibility 🫣
• Overlooking Dependencies: Forgetting to assess dependencies on deprecated modules within larger systems or workflows, potentially causing disruptions.
• Not updating documentation: Failing to update internal documentation or training materials to reflect changes, leading to confusion among team members.
• Relying solely on automation: Over-relying on automation without understanding the implications of changes, which can lead to unexpected outcomes.
• Underestimating training needs: Underestimating the training needs of staff members to adapt to new features or workflows, resulting in decreased productivity.
• Disregarding security risks: Overlooking security risks associated with outdated modules or features, potentially exposing systems to vulnerabilities.

Conclusion

Microsoft Entra’s “What’s New” feature represents a significant step towards empowering organizations with timely updates and actionable insights. By providing a centralized hub for product updates and streamlining navigation, Entra ensures that businesses can adapt to the ever-changing landscape of identity and network access management with confidence.

Watching the evolution of this feature and actively collaborating with the product team at Microsoft has been a rewarding journey since its inception last year! 🫣
From providing feedback to witnessing its implementation, the entire process has been enriching and engaging.

But one thing I feel I missing is the option to export the data to etc. a .csv file or so 🫣

Due to the constraints of non-disclosure agreements (NDAs), I couldn’t share details earlier, but now, I’m excited to express my enthusiasm. I look forward to continuing this collaborative effort as we strive to further enhance the user experience!

Thank you for taking the time to visit my blog. Kindly share it with others if you find it helpful for them! 😉🔐👍

Stay tuned for the new post about something cool! 🥳

References

Microsoft Entra ID Core Store: Data centers (youtube.com)

Microsoft Entra ID and data residency – Microsoft Entra | Microsoft Learn

https://aka.ms/aaddatawhitepaper

https://entra.microsoft.com/#blade/Microsoft_AAD_IAM/ChangeManagementHubList.ReactView