📋 Microsoft Entra Documentation Changes

Daily summary for changes since January 14th 2026, 7:45 PM PST

Report generated on January 15th 2026, 7:45 PM PST

📊 Summary

25
Total Commits
0
New Files
6
Modified Files
0
Deleted Files
10
Contributors

📝 Modified Documentation Files

MODIFIED docs/identity/app-provisioning/functions-for-customizing-application-data.md
Modified by jenniferf-skc on Jan 15, 2026 10:04 PM
📖 View on learn.microsoft.com
+42 / -2 lines changed
Commit: Adding Len function.
Changes:
Before
After
ms.service: entra-id
ms.subservice: app-provisioning
ms.topic: reference
ms.date: 03/04/2025
ms.author: jfields
ms.reviewer: arvinh
---
 
## List of Functions
 
[Append](#append)      [AppRoleAssignmentsComplex](#approleassignmentscomplex)      [BitAnd](#bitand)      [CBool](#cbool)      [CDate](#cdate)      [Coalesce](#coalesce)      [ConvertToBase64](#converttobase64)      [ConvertToUTF8Hex](#converttoutf8hex)      [Count](#count)      [CStr](#cstr)      [DateAdd](#dateadd)      [DateDiff](#datediff)      [DateFromNum](#datefromnum)  [FormatDateTime](#formatdatetime)      [Guid](#guid)      [IgnoreFlowIfNullOrEmpty](#ignoreflowifnullorempty)     [IIF](#iif)     [InStr](#instr)      [IsNull](#isnull)      [IsNullOrEmpty](#isnullorempty)      [IsPresent](#ispresent)      [IsString](#isstring)      [Item](#item)      [Join](#join)      [Left](#left)      [Mid](#mid)      [NormalizeDiacritics](#normalizediacritics)       [Not](#not)      [Now](#now)      [NumFromDate](#numfromdate)      [PCase](#pcase)      [RandomString](#randomstring)      [Redact](#redact)      [RemoveDuplicates](#removeduplicates)      [Replace](#replace)      [SelectUniqueValue](#selectuniquevalue)     [SingleAppRoleAssignment](#singleapproleassignment)     [Split](#split)    [StripSpaces](#stripspaces)      [Switch](#switch)     [ToLower](#tolower)     [ToUpper](#toupper)     [Word](#word)
 
---
### Append
| **length** |Required |Integer |Length of the substring. If length ends outside the **source** string, function returns substring from **start** index until end of **source** string. |
 
---
### NormalizeDiacritics
**Function:**
NormalizeDiacritics(source)
ms.service: entra-id
ms.subservice: app-provisioning
ms.topic: reference
ms.date: 01/15/2025
ms.author: jfields
ms.reviewer: arvinh
---
 
## List of Functions
 
[Append](#append)      [AppRoleAssignmentsComplex](#approleassignmentscomplex)      [BitAnd](#bitand)      [CBool](#cbool)      [CDate](#cdate)      [Coalesce](#coalesce)      [ConvertToBase64](#converttobase64)      [ConvertToUTF8Hex](#converttoutf8hex)      [Count](#count)      [CStr](#cstr)      [DateAdd](#dateadd)      [DateDiff](#datediff)      [DateFromNum](#datefromnum)  [FormatDateTime](#formatdatetime)      [Guid](#guid)      [IgnoreFlowIfNullOrEmpty](#ignoreflowifnullorempty)     [IIF](#iif)     [InStr](#instr)      [IsNull](#isnull)      [IsNullOrEmpty](#isnullorempty)      [IsPresent](#ispresent)      [IsString](#isstring)      [Item](#item)      [Join](#join)      [Left](#left)      [Len](#len)      [Mid](#mid)      [NormalizeDiacritics](#normalizediacritics)       [Not](#not)      [Now](#now)      [NumFromDate](#numfromdate)      [PCase](#pcase)      [RandomString](#randomstring)      [Redact](#redact)      [RemoveDuplicates](#removeduplicates)      [Replace](#replace)      [SelectUniqueValue](#selectuniquevalue)     [SingleAppRoleAssignment](#singleapproleassignment)     [Split](#split)    [StripSpaces](#stripspaces)      [Switch](#switch)     [ToLower](#tolower)     [ToUpper](#toupper)     [Word](#word)
 
---
### Append
| **length** |Required |Integer |Length of the substring. If length ends outside the **source** string, function returns substring from **start** index until end of **source** string. |
 
---
### Len
**Function:** 
Len(String)
MODIFIED docs/identity/authentication/feature-availability.md
Modified by Justinha on Jan 15, 2026 3:40 PM
📖 View on learn.microsoft.com
+8 / -7 lines changed
Commit: Update Entra feature availability for US Government
Changes:
Before
After
---
title: Microsoft Entra feature availability in Azure Government
description: Learn which Microsoft Entra features are available in Azure Government.
 
 
ms.service: entra-id
ms.subservice: authentication
ms.topic: article
ms.date: 10/31/2025
 
 
ms.author: justinha
|| Conditional Access | ✅ |
|| SharePoint limited access | ✅ |
|| Session lifetime management | ✅ |
|| ID Protection (vulnerabilities and risky accounts) | See [Microsoft Entra ID Protection](#microsoft-entra-id-protection) below. |
|| ID Protection (risk events investigation, SIEM connectivity) | See [Microsoft Entra ID Protection](#microsoft-entra-id-protection) below. |
|**Administration and hybrid identity**|User and group management | ✅ |
|| Group Source of Authority (SOA) | ✅ |
|| Advanced group management (Dynamic groups, naming policies, expiration, default classification) | ✅ |
---
title: Microsoft Entra feature availability in Azure for US Government
description: Learn which Microsoft Entra features are available in Azure for US Government.
 
 
ms.service: entra-id
ms.subservice: authentication
ms.topic: article
ms.date: 01/15/2026
 
 
ms.author: justinha
|| Conditional Access | ✅ |
|| SharePoint limited access | ✅ |
|| Session lifetime management | ✅ |
|| ID Protection (vulnerabilities and risky accounts) | See [Microsoft Entra Identity Protection](#microsoft-entra-identity-protection). |
|| ID Protection (risk events investigation, SIEM connectivity) | See [Microsoft Entra Identity Protection](#microsoft-entra-identity-protection). |
|**Conditional Access and Identity Protection**|Microsoft Managed Remediation | ✅ |
|**Administration and hybrid identity**|User and group management | ✅ |
|| Group Source of Authority (SOA) | ✅ |
MODIFIED docs/identity/authentication/how-to-authentication-methods-manage.md
Modified by Justinha on Jan 15, 2026 4:04 PM
📖 View on learn.microsoft.com
+7 / -7 lines changed
Commit: Update authentication methods policy migration docs
Changes:
Before
After
ms.service: entra-id
ms.subservice: authentication
ms.topic: upgrade-and-migration-article
ms.date: 08/13/2025
ms.author: justinha
author: justinha
ms.reviewer: jpettere, tilarso
| Mobile app notification | Microsoft Authenticator |
| Mobile app code | Microsoft Authenticator<br>Software OATH tokens |
| Email | Email OTP |
| Mobile phone | Voice calls<br>SMS |
| Office phone | Voice calls |
| Security questions | Not yet available; copy questions for later use |
 
### Authentication methods policy
 
Note that in the Authentication methods policy you have the option to enable methods for groups of users in addition to all users, and you can also exclude groups of users from being able to use a given method. This means you have a lot of flexibility to control what users can use which methods. For example, you can enable **Microsoft Authenticator** for all users and limit **SMS** and **Voice call** to 1 group of 20 users that need those methods.
 
As you update each method in the Authentication methods policy, some methods have configurable parameters that allow you to control how that method can be used. For example, if you enable **Voice calls** as authentication method, you can choose to allow both office phone and mobile phones, or mobile only. Step through the process to configure each authentication method from your audit.
 
ms.service: entra-id
ms.subservice: authentication
ms.topic: upgrade-and-migration-article
ms.date: 01/15/2026
ms.author: justinha
author: justinha
ms.reviewer: jpettere, tilarso
| Mobile app notification | Microsoft Authenticator |
| Mobile app code | Microsoft Authenticator<br>Software OATH tokens |
| Email | Email OTP |
| Mobile phone | Voice calls<br>SMS |
| Office phone | Voice calls > Configure tab |
| Security questions | Not yet available; copy questions for later use |
 
### Authentication methods policy
 
Note that in the Authentication methods policy you have the option to enable methods for groups of users in addition to all users, and you can also exclude groups of users from being able to use a given method. This means you have a lot of flexibility to control what users can use which methods. For example, you can enable **Microsoft Authenticator** for all users and limit **SMS** and **Voice call** to 1 group of 20 users that need those methods.
 
As you update each method in the Authentication methods policy, some methods have configurable parameters that allow you to control how that method can be used. For example, if you enable **Voice calls** as authentication method, on the **Configure** tab, you can choose to allow both office phone and mobile phones, or mobile only. Step through the process to configure each authentication method from your audit.
 
MODIFIED docs/id-protection/concept-identity-protection-policies.md
Modified by Sarah Lipsey on Jan 15, 2026 2:45 PM
📖 View on learn.microsoft.com
+2 / -1 lines changed
Commit: updates
Changes:
Before
After
 
## Require risk remediation with Microsoft-managed remediation (preview)
 
The Microsoft-managed remediation risk-based Conditional Access policy lets you author a risk policy that accommodates all authentication methods, including password-based and passwordless. This means that when you select "Require risk remediation" in your policy's grant controls, Microsoft Entra ID Protection manages the appropriate remediation flow based on the threat observed and the user's authentication method. For detailed steps on how to enable Microsoft-managed remediation, see [Configure risk policies](howto-identity-protection-configure-risk-policies.md#microsoft-recommendations).
 
- **Password authentication**: Risky user has an active risk detection, such as a leaked credential, password spray, or session history involving a compromised password. The user is prompted to perform a secure password change and when completed, their previous sessions are revoked.
- **Passwordless authentication**: Risky user has an active risk detection, but it doesn't involve a compromised password. Possible risk detections include anomalous token, impossible travel, or unfamiliar sign-in properties. The user's sessions are revoked and they're prompted to sign in again.
- Requiring auth strength ensures that password-based and passwordless users are covered by the policy.
- Risky Workload ID isn't supported.
- External and guest users must continue to self-remediate through secure password reset, as Microsoft Entra ID doesn't support session revocation for external and guest users.
 
## Sign-in risk-based Conditional Access policy
 
 
 
## Require risk remediation with Microsoft-managed remediation (preview)
 
The Microsoft-managed remediation risk-based Conditional Access policy lets you author a risk policy that accommodates all authentication methods, including password-based and passwordless. This means that when you select "Require risk remediation" in your policy's grant controls, Microsoft Entra ID Protection manages the appropriate remediation flow based on the threat observed and the user's authentication method. For detailed steps on how to enable Microsoft-managed remediation, see [Configure risk policies](howto-identity-protection-configure-risk-policies.md#microsoft-recommendations).
 
- **Password authentication**: Risky user has an active risk detection, such as a leaked credential, password spray, or session history involving a compromised password. The user is prompted to perform a secure password change and when completed, their previous sessions are revoked.
- **Passwordless authentication**: Risky user has an active risk detection, but it doesn't involve a compromised password. Possible risk detections include anomalous token, impossible travel, or unfamiliar sign-in properties. The user's sessions are revoked and they're prompted to sign in again.
- Requiring auth strength ensures that password-based and passwordless users are covered by the policy.
- Risky Workload ID isn't supported.
- External and guest users must continue to self-remediate through secure password reset, as Microsoft Entra ID doesn't support session revocation for external and guest users.
- The "Require risk remediation" grant control is now available in USGOV clouds.
 
## Sign-in risk-based Conditional Access policy
 
MODIFIED docs/identity/conditional-access/concept-assignment-network.md
Modified by John Flores on Jan 15, 2026 7:29 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Update note on GPS location sharing for Conditional Access
Changes:
Before
After
- The country code returned depends on the device platform API: For example one platform might report US for Puerto Rico, while another reports PR.
 
> [!NOTE]
> A Conditional Access policy with GPS-based named locations in report-only mode prompts users to share their GPS location, even though they aren't blocked from signing in.
 
GPS location can be used with [passwordless phone sign-in](~/identity/authentication/concept-authentication-authenticator-app.md) only if MFA push notifications are also enabled. Users can use Microsoft Authenticator to sign in, but they also need to approve subsequent MFA push notifications to share their GPS location.
 
- The country code returned depends on the device platform API: For example one platform might report US for Puerto Rico, while another reports PR.
 
> [!NOTE]
> A Conditional Access policy with GPS-based named locations in report-only mode prompts users to share their GPS location, not sharing this information may result in a block.
 
GPS location can be used with [passwordless phone sign-in](~/identity/authentication/concept-authentication-authenticator-app.md) only if MFA push notifications are also enabled. Users can use Microsoft Authenticator to sign in, but they also need to approve subsequent MFA push notifications to share their GPS location.
 
MODIFIED docs/identity/devices/device-join-out-of-box.md
Modified by Anna Huff on Jan 15, 2026 6:23 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: PR review: Fix typo in Microsoft Entra registration instructions
Changes:
Before
After
> [!TIP]
> Windows Home Editions do not support Microsoft Entra join. These editions can still access many of the benefits by using [Microsoft Entra registration](concept-device-registration.md).
>
> For information about how complete Microsoft Entra registration on a Windows device see the support article [Register your personal device on your work or school network](https://support.microsoft.com/account-billing/register-your-personal-device-on-your-work-or-school-network-8803dd61-a613-45e3-ae6c-bd1ab25bf8a8).
 
<a name='join-a-new-windows-11-device-to-azure-ad'></a>
 
> [!TIP]
> Windows Home Editions do not support Microsoft Entra join. These editions can still access many of the benefits by using [Microsoft Entra registration](concept-device-registration.md).
>
> For information about how to complete Microsoft Entra registration on a Windows device, see the support article [Register your personal device on your work or school network](https://support.microsoft.com/account-billing/register-your-personal-device-on-your-work-or-school-network-8803dd61-a613-45e3-ae6c-bd1ab25bf8a8).
 
<a name='join-a-new-windows-11-device-to-azure-ad'></a>
 

🤖 This report was automatically generated by the Entra Docs Monitor

📧 Delivered to merill@merill.net

🔗 Visit Repository