Microsoft Entra ID, previously known as Azure AD is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message Center, Microsoft communicated the following planned, new and changed functionality for Entra ID for February 2025:
Authentication methods migration wizard Generally Available
Service category: MFA
Product capability: User Authentication
The authentication methods migration guide in the Microsoft Entra Admin Center lets admins automatically migrate method management from the legacy MFA and SSPR policies to the converged authentication methods policy. In 2023, Microsoft announced that the ability to manage authentication methods in the legacy MFA and SSPR policies would be retired in September 2025. Until now, organizations had to manually migrate methods themselves by using the migration toggle in the converged policy.
Now, admins can migrate in just a few selections by using the migration guide. The guide evaluates what the organization currently has enabled in both legacy policies, and generates a recommended converged policy configuration for you to review and edit as needed. From there, admins confirm the configuration, and the platform sets it up and marks the migration as complete.
Granular Microsoft Graph permissions for Lifecycle workflows Generally Available
Service category: Lifecycle Workflows
Product capability: Identity Governance
Now new, lesser privileged permissions can be used for managing specific read and write actions in Lifecycle workflows scenarios. The following granular permissions were introduced in Microsoft Graph:
- LifecycleWorkflows-Workflow.ReadBasic.All
- LifecycleWorkflows-Workflow.Read.All
- LifecycleWorkflows-Workflow.ReadWrite.All
- LifecycleWorkflows-Workflow.Activate
- LifecycleWorkflows-Reports.Read.All
- LifecycleWorkflows-CustomExt.Read.All
- LifecycleWorkflows-CustomExt.ReadWrite.All
Enhanced user management in Admin Center Public Preview
Service category: User Management
Product capability: User Management
Admins are now able to multi-select and edit user accounts at once through the Microsoft Entra admin center. With this new capability, admins can bulk edit user account properties, add user accounts to groups, edit account status, and more. This user experience enhancement significantly improves efficiency for user account management tasks in the Microsoft Entra admin center.
QR code authentication, a simple and fast authentication method for Frontline Workers Public Preview
Service category: Authentications (Logins)
Product capability: User Authentication
Microsoft is thrilled to announce public preview of QR code authentication in Microsoft Entra ID, providing an efficient and simple authentication method for frontline workers.
You’ll see a new authentication method QR code in Microsoft Entra ID Authentication method Policies. Admins can enable and add QR code for frontline workers via Microsoft Entra ID, My Staff, or Microsoft Graph APIs. All user accounts in the tenant see a new link Sign in with QR code on navigating to https://login.microsoftonline.com > Sign-in options > Sign in to an organization page. This new link is visible only on mobile devices running Androi, iOS or iPadOS. Users can use this authentication method only if admins add and provide a QR code to them. QR code authentication is also available in BlueFletch and Jamf. MHS QR code auth support will be generally available by early March.
External Authentication Methods support for system preferred MFA Public Preview
Support for external authentication methods as a supported method begins rolling out at the beginning of March 2025. When this is live in a tenant where system preferred is enabled and user accounts are in scope of an external authentication methods policy, these people will be prompted for their external authentication method if their most secure registered method is Microsoft Authenticator notification. External Authentication Method will appear as third in the list of most secure methods. If the person has a Temporary Access Pass (TAP) or Passkey (FIDO2) device registered, they’ll be prompted for those. In addition, people in the scope of an external authentication methods policy will have the ability to delete all registered second factor methods from their account, even if the method being deleted is specified as the default sign in method or is system preferred.
Custom SAML/WS-Fed External Identity Provider Support in Microsoft Entra External ID Public Preview
Service category: B2C – Consumer Identity Management
Product capability: B2B/B2C
By setting up federation with a custom-configured identity provider that supports the SAML 2.0 or WS-Fed protocol, admins enable people to sign up and sign in to applications, systems and services using existing accounts from the federated external provider.
This feature also includes domain-based federation, so a person who enters an email address on the sign-in page that matches a predefined domain in any of the external identity providers will be redirected to authenticate with that identity provider.
