MODIFIED docs/identity/conditional-access/concept-token-protection.md

Modified by Ken Withee on Mar 3, 2026 8:54 PM
📖 View on learn.microsoft.com

+5 / -7 lines changed

Commit: Fix KQL bugs in Token Protection article

Changes:

Before

After

ms.service: entra-id
ms.subservice: conditional-access
ms.topic: concept-article
ms.date: 08/20/2025
ms.reviewer: sgrandhi
ms.custom:
  - sfi-image-nochange
| project Id,ConditionalAccessPolicies, Status,UserPrincipalName, AppDisplayName, ResourceDisplayName 
| where ConditionalAccessPolicies != "[]" 
| where ResourceDisplayName == "Office 365 Exchange Online" or ResourceDisplayName =="Office 365 SharePoint Online" or ResourceDisplayName =="Azure Virtual Desktop" or ResourceDisplayName =="Windows 365" or ResourceDisplayName =="Windows Cloud Login"
| where ResourceDisplayName == "Office 365 Exchange Online" or ResourceDisplayName =="Office 365 SharePoint Online" 
//Add userPrincipalName if you want to filter  
// | where UserPrincipalName =="<user_principal_Name>" 
| mv-expand todynamic(ConditionalAccessPolicies) 
| where ConditionalAccessPolicies ["enforcedSessionControls"] contains '["Binding"]' or ConditionalAccessPolicies ["enforcedSessionControls"] contains '["SignInTokenProtection"]' 
| where ConditionalAccessPolicies.result !="reportOnlyNotApplied" and ConditionalAccessPolicies.result !="notApplied" 
| extend SessionNotSatisfyResult = ConditionalAccessPolicies["sessionControlsNotSatisfied"] 
| extend Result = case (SessionNotSatisfyResult contains 'SignInTokenProtection' or SessionNotSatisfyResult contains 'SignInTokenProtection', 'Block','Allow')
| summarize by Id,UserPrincipalName, AppDisplayName, Result 
| summarize Requests = count(), Users = dcount(UserPrincipalName), Block = countif(Result == "Block"), Allow = countif(Result == "Allow"), BlockedUsers = dcountif(UserPrincipalName, Result == "Block") by AppDisplayName 

ms.service: entra-id
ms.subservice: conditional-access
ms.topic: concept-article
ms.date: 03/03/2026
ms.reviewer: sgrandhi
ms.custom:
  - sfi-image-nochange
| project Id,ConditionalAccessPolicies, Status,UserPrincipalName, AppDisplayName, ResourceDisplayName 
| where ConditionalAccessPolicies != "[]" 
| where ResourceDisplayName == "Office 365 Exchange Online" or ResourceDisplayName =="Office 365 SharePoint Online" or ResourceDisplayName =="Azure Virtual Desktop" or ResourceDisplayName =="Windows 365" or ResourceDisplayName =="Windows Cloud Login"
//Add userPrincipalName if you want to filter  
// | where UserPrincipalName =="<user_principal_Name>" 
| mv-expand todynamic(ConditionalAccessPolicies) 
| where ConditionalAccessPolicies ["enforcedSessionControls"] contains '["Binding"]' or ConditionalAccessPolicies ["enforcedSessionControls"] contains '["SignInTokenProtection"]' 
| where ConditionalAccessPolicies.result !="reportOnlyNotApplied" and ConditionalAccessPolicies.result !="notApplied" 
| extend SessionNotSatisfyResult = ConditionalAccessPolicies["sessionControlsNotSatisfied"] 
| extend Result = case (SessionNotSatisfyResult contains 'SignInTokenProtection' or SessionNotSatisfyResult contains 'Binding', 'Block','Allow')
| summarize by Id,UserPrincipalName, AppDisplayName, Result
| summarize Requests = count(), Users = dcount(UserPrincipalName), Block = countif(Result == "Block"), Allow = countif(Result == "Allow"), BlockedUsers = dcountif(UserPrincipalName, Result == "Block") by AppDisplayName 
| extend PctAllowed = round(100.0 * Allow/(Allow+Block), 2) 

MODIFIED docs/identity/authentication/concept-account-recovery-overview.md

Modified by Justinha on Mar 3, 2026 8:01 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Update concept-account-recovery-overview.md

Changes:

Before

After

title: Overview of Microsoft Entra ID Account Recovery
description: Learn about Microsoft Entra ID Account Recovery, which enables users to regain access to their accounts through identity verification when they've lost all authentication methods.
ms.topic: concept-article
ms.date: 11/07/2025
author: BullittRacer
ms.reviewer: tilarso
ms.custom: sfi-ga-nochange, sfi-image-nochange
 
## Evaluation and production modes
 
Admins can deploy account recovery in Evaluation mode to see how the change will imapct users. But users can't recover their accounts in evaluation mode. 
 
## Try account recovery
 

title: Overview of Microsoft Entra ID Account Recovery
description: Learn about Microsoft Entra ID Account Recovery, which enables users to regain access to their accounts through identity verification when they've lost all authentication methods.
ms.topic: concept-article
ms.date: 03/03/2026
author: BullittRacer
ms.reviewer: tilarso
ms.custom: sfi-ga-nochange, sfi-image-nochange
 
## Evaluation and production modes
 
Admins can deploy account recovery in evaluation mode to see how the change impacts users. But users can't recover their accounts in evaluation mode. 
 
## Try account recovery
 

MODIFIED docs/identity-platform/concept-native-authentication-challenge-types.md

Modified by Derdus Kenga on Mar 3, 2026 12:52 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Improve clarity and style in native authentication challenge types article

Changes:

Before

After

 
[!INCLUDE [native-auth-challenge-type](includes/native-auth-api/native-auth-challenge-type.md)]
 
We add new values in the future when native authentication support new authentication methods.
 
## Challenge types usage
 
The following table summarizes the challenge type values an app should use for the various authentication flows:

 
[!INCLUDE [native-auth-challenge-type](includes/native-auth-api/native-auth-challenge-type.md)]
 
New values are added when native authentication supports new authentication methods.
 
## Challenge type values for authentication flows
 
The following table summarizes the challenge type values an app should use for the various authentication flows:

MODIFIED docs/identity-platform/custom-extension-tokenissuancestart-setup.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

## Prerequisites
 
- A basic understanding of the concepts covered in [Custom authentication extensions overview](custom-extension-overview.md).
- An Azure subscription with the ability to create Azure Functions. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/free/dotnet/) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A Microsoft Entra ID tenant. You can use either a customer or workforce tenant for this how-to guide.
 
::: zone-end
## Prerequisites
 
- A basic understanding of the concepts covered in [Custom authentication extensions overview](custom-extension-overview.md).
- An Azure subscription with the ability to create Azure Functions. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/free/dotnet/) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A Microsoft Entra ID tenant. You can use either a customer or workforce tenant for this how-to guide.
- One of the following IDEs and configurations:
    - Visual Studio with [Azure Development workload for Visual Studio](/dotnet/azure/configure-visual-studio) configured.

## Prerequisites
 
- A basic understanding of the concepts covered in [Custom authentication extensions overview](custom-extension-overview.md).
- An Azure subscription with the ability to create Azure Functions. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A Microsoft Entra ID tenant. You can use either a customer or workforce tenant for this how-to guide.
 
::: zone-end
## Prerequisites
 
- A basic understanding of the concepts covered in [Custom authentication extensions overview](custom-extension-overview.md).
- An Azure subscription with the ability to create Azure Functions. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A Microsoft Entra ID tenant. You can use either a customer or workforce tenant for this how-to guide.
- One of the following IDEs and configurations:
    - Visual Studio with [Azure Development workload for Visual Studio](/dotnet/azure/configure-visual-studio) configured.

MODIFIED docs/id-governance/microsoft-entra-id-governance-licensing-for-guest-users.md

Modified by Ortagus Winfrey on Mar 3, 2026 3:36 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: Update ms.date to 03/02/2026 for guest licensing article

Changes:

Before

After

description: Learn how Microsoft Entra ID is licensed for guest users.
ms.subservice: entitlement-management
ms.topic: reference
ms.date: 02/03/2026
ms.reviewer: jercon
---
 

description: Learn how Microsoft Entra ID is licensed for guest users.
ms.subservice: entitlement-management
ms.topic: reference
ms.date: 03/02/2026
ms.reviewer: jercon
---
 

MODIFIED docs/identity/domain-services/overview.md

Modified by Justin Hall on Mar 3, 2026 3:25 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: Change video link format in overview.md

Changes:

Before

After

 
Take a look at our short video to learn more about Microsoft Entra Domain Services.
 
> [!VIDEO https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-0a092182-e2de-4538-a6b4-adfcacf1cc54/combined_video_1001_1729741341074_1920x1080.mp4]
 
<a name='how-does-azure-ad-ds-work'></a>

 
Take a look at our short video to learn more about Microsoft Entra Domain Services.
 
> [!VIDEO 0a092182-e2de-4538-a6b4-adfcacf1cc54]
 
<a name='how-does-azure-ad-ds-work'></a>

MODIFIED docs/agent-id/identity-platform/agent-lists.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

 
To view agent identities in your Microsoft Entra tenant, you need:
 
- A Microsoft Entra user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
To manage agent identities in your Microsoft Entra tenant, you need:

 
To view agent identities in your Microsoft Entra tenant, you need:
 
- A Microsoft Entra user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 
To manage agent identities in your Microsoft Entra tenant, you need:

MODIFIED docs/architecture/b2c-deployment-plans.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

  - See, [Tutorial: Create an Azure Active Directory B2C tenant](/azure/active-directory-b2c/tutorial-create-tenant)
- Confirm your application types and supported technologies:
  - [Overview of the Microsoft Authentication Library (MSAL)](~/identity-platform/msal-overview.md)
  - [Develop with open-source languages, frameworks, databases, and tools in Azure](https://azure.microsoft.com/free/open-source/search/?OCID=AID2200277_SEM_f63bcafc4d5f1d7378bfaa2085b249f9:G:s&ef_id=f63bcafc4d5f1d7378bfaa2085b249f9:G:s&msclkid=f63bcafc4d5f1d7378bfaa2085b249f9).
  - For back-end services, use the [client credentials](~/identity-platform/msal-authentication-flows.md#client-credentials) flow
- To migrate from an identity provider (IdP):
  - [Seamless migration](/azure/active-directory-b2c/user-migration#seamless-migration)

  - See, [Tutorial: Create an Azure Active Directory B2C tenant](/azure/active-directory-b2c/tutorial-create-tenant)
- Confirm your application types and supported technologies:
  - [Overview of the Microsoft Authentication Library (MSAL)](~/identity-platform/msal-overview.md)
  - [Develop with open-source languages, frameworks, databases, and tools in Azure](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
  - For back-end services, use the [client credentials](~/identity-platform/msal-authentication-flows.md#client-credentials) flow
- To migrate from an identity provider (IdP):
  - [Seamless migration](/azure/active-directory-b2c/user-migration#seamless-migration)

MODIFIED docs/identity-platform/custom-extension-attribute-collection.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

 
## Prerequisites
 
- To use Azure services, including Azure Functions, you need an Azure subscription. If you don't have an existing Azure account, you can sign up for a [free trial](https://azure.microsoft.com/free/dotnet/) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A [sign-up and sign-in user flow](~/external-id/customers/how-to-user-flow-sign-up-sign-in-customers.md).
 
## Step 1: Create a custom authentication extensions REST API (Azure Function app)

 
## Prerequisites
 
- To use Azure services, including Azure Functions, you need an Azure subscription. If you don't have an existing Azure account, you can sign up for a [free trial](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A [sign-up and sign-in user flow](~/external-id/customers/how-to-user-flow-sign-up-sign-in-customers.md).
 
## Step 1: Create a custom authentication extensions REST API (Azure Function app)

MODIFIED docs/identity-platform/custom-extension-email-otp-get-started.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

## Prerequisites
 
- A familiarity and understanding of the concepts covered in [custom authentication extensions](/entra/identity-platform/custom-extension-overview).
- An Azure subscription. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/free/dotnet/) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A Microsoft Entra ID [external tenant](../external-id/customers/quickstart-tenant-setup.md).
- A mail relay service provider:
 

## Prerequisites
 
- A familiarity and understanding of the concepts covered in [custom authentication extensions](/entra/identity-platform/custom-extension-overview).
- An Azure subscription. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- A Microsoft Entra ID [external tenant](../external-id/customers/quickstart-tenant-setup.md).
- A mail relay service provider:
 

MODIFIED docs/identity-platform/custom-extension-tokenissuancestart-configuration.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

 
## Prerequisites
 
- An Azure subscription with the ability to create Azure Functions. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/free/dotnet/) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- An HTTP trigger function configured for a token issuance event deployed to Azure Functions. If you don't have one, follow the steps in [create a REST API for a token issuance start event in Azure Functions](./custom-extension-tokenissuancestart-setup.md).
- A basic understanding of the concepts covered in [Custom authentication extensions overview](custom-extension-overview.md).
- A Microsoft Entra ID tenant. You can use either a customer or workforce tenant for this how-to guide.

 
## Prerequisites
 
- An Azure subscription with the ability to create Azure Functions. If you don't have an existing Azure account, sign up for a [free trial](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn) or use your [Visual Studio Subscription](https://visualstudio.microsoft.com/subscriptions/) benefits when you [create an account](https://account.windowsazure.com/Home/Index).
- An HTTP trigger function configured for a token issuance event deployed to Azure Functions. If you don't have one, follow the steps in [create a REST API for a token issuance start event in Azure Functions](./custom-extension-tokenissuancestart-setup.md).
- A basic understanding of the concepts covered in [Custom authentication extensions overview](custom-extension-overview.md).
- A Microsoft Entra ID tenant. You can use either a customer or workforce tenant for this how-to guide.

MODIFIED docs/identity/enterprise-apps/delete-application-portal.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

 
To delete an enterprise application, you need:
 
- A Microsoft Entra user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
   - One of the following roles: 
   - Cloud Application Administrator
   - Application Administrator

 
To delete an enterprise application, you need:
 
- A Microsoft Entra user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
   - One of the following roles: 
   - Cloud Application Administrator
   - Application Administrator

MODIFIED docs/identity/enterprise-apps/disable-user-sign-in-portal.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

 
To disable user sign-in, you need:
 
- A Microsoft Entra user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
- One of the following roles: 
  - Cloud Application Administrator
  - Application Administrator

 
To disable user sign-in, you need:
 
- A Microsoft Entra user account. If you don't already have one, you can [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
- One of the following roles: 
  - Cloud Application Administrator
  - Application Administrator

MODIFIED docs/identity/users/how-to-get-signed-in-identity.md

Modified by csmulligan on Mar 3, 2026 3:16 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: BULK - update azure free links to new configs

Changes:

Before

After

 
## Prerequisites
 
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
 
::: zone pivot="interface-cli"

 
## Prerequisites
 
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 
::: zone pivot="interface-cli"

📋 Microsoft Entra Documentation Changes

📊 Summary

📝 Modified Documentation Files

🗑️ Deleted Documentation Files