📋 Microsoft Entra Documentation Changes

Daily summary for changes since March 31st 2026, 9:36 PM PDT

Report generated on April 1st 2026, 9:36 PM PDT

📊 Summary

21
Total Commits
0
New Files
10
Modified Files
2
Deleted Files
8
Contributors

📝 Modified Documentation Files

MODIFIED docs/security-copilot/entra-agents.md
Modified by Ortagus Winfrey on Apr 1, 2026 3:32 PM
📖 View on learn.microsoft.com
+0 / -14 lines changed
Commit: Remove access review agent section from entra-agents.md
Changes:
Before
After
 
The following agents are currently available for Microsoft Entra. Due to the fast pace at which these agents are released and updated, each agent might have features at various stages of availability. Preview features are added frequently.
 
### Access Review Agent
 
Empower your reviewers to make fast and accurate access decisions. The [Access Review Agent](../id-governance/access-review-agent.md) with [Microsoft Entra ID Governance](../id-governance/identity-governance-overview.md) delivers insights and recommendations so reviewers can complete their work through a simple conversation, right inside Microsoft Teams.
 
| Attribute | Description |
|---------------------|------------ |
| Identity | A unique [agent identity](../agent-id/identity-professional/authorization-agent-id.md) for authorization is created when the agent is turned on.<br><br>The agent uses this identity to scan your tenant for active access reviews, gather additional insights, and save its recommendations and justifications for the reviewer. For more information, see: [How it works](access-review-agent.md#how-it-works).<br><br>Final decisions, submitted through the Microsoft Teams conversation, use the reviewer's identity. |
| Licenses | [Microsoft Entra ID Governance or Microsoft Entra Suite](../id-governance/licensing-fundamentals.md) |
| Permissions | AccessReview.Read.All</br>EntitlementManagement.Read.All</br>LifecycleWorkflows-Reports.Read.All</br>LifecycleWorkflows-Workflow.ReadBasic.All</br>User.Read.All</br>User-LifeCycleInfo.Read.All |
| Plugins | [Microsoft Entra](/entra/fundamentals/copilot-security-entra) |
| Products | [ID Governance Access Reviews](../id-governance/access-reviews-overview.md) |
| Role-based access | Both [Identity Governance Administrator](../identity/role-based-access-control/permissions-reference.md#security-administrator) and [Lifecycle Workflows Administrator](../identity/role-based-access-control/permissions-reference.md#security-administrator) are required to configure and use the agent |
| Trigger | Runs every 24 hours or triggered manually |
 
### Conditional Access Optimization Agent
 
The [Conditional Access Optimization Agent](./conditional-access-agent-optimization.md) ensures comprehensive user protection by analyzing your Conditional Access policies and recommending improvements. The agent evaluates your current policy configuration against Microsoft best practices and Zero Trust principles.
 
The following agents are currently available for Microsoft Entra. Due to the fast pace at which these agents are released and updated, each agent might have features at various stages of availability. Preview features are added frequently.
 
### Conditional Access Optimization Agent
 
The [Conditional Access Optimization Agent](./conditional-access-agent-optimization.md) ensures comprehensive user protection by analyzing your Conditional Access policies and recommending improvements. The agent evaluates your current policy configuration against Microsoft best practices and Zero Trust principles.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
MODIFIED docs/id-governance/deploy-access-reviews.md
Modified by Ortagus Winfrey on Apr 1, 2026 3:32 PM
📖 View on learn.microsoft.com
+0 / -6 lines changed
Commit: Remove access review agent references from ID governance docs
Changes:
Before
After
| [Self-review your access](../id-governance/privileged-identity-management/pim-perform-roles-and-resource-roles-review.md?toc=/azure/active-directory/governance/toc.json)| If you're assigned to an administrative role, approve or deny access to your role. |
| [Complete an access review](../id-governance/privileged-identity-management/pim-complete-roles-and-resource-roles-review.md?toc=/azure/active-directory/governance/toc.json)| View an access review and apply the results. |
 
## Access Review Agent (Preview)
 
The Access Review Agent works for your reviewers by automatically gathering insights and generating recommendations. It proactively scans for active access reviews in your tenant that are flagged for processing by the agent. The agent then analyzes identified reviews by gathering extra insights, and generates a recommendation (approve / deny) and a justification summary for each decision. Once the agent analyzes the recommendations and corresponding justification summaries, it's able to guide reviewers, in natural language, through the review process in Microsoft Teams. As the agent guides them through the review, they're able to review the agent's reasoning behind the recommendations, ask questions in the context of the review itself, and finally make their own informed decision.
 
After the Access Review Agent is started, you must flag access reviews to be processed by the Access Review Agent. For more information, see [Access Review Agent](../security-copilot/access-review-agent.md).
 
## Use the Access Reviews API
 
To interact with and manage reviewable resources, see [Microsoft Graph API methods](/graph/api/resources/accessreviewsv2-overview) and [role and application permission authorization checks](/graph/api/resources/accessreviewsv2-overview). The access reviews methods in the Microsoft Graph API are available for both application and user contexts. When you run scripts in the application context, the account used to run the API (the service principle) must be granted the AccessReview.Read.All permission to query access reviews information.
| [Self-review your access](../id-governance/privileged-identity-management/pim-perform-roles-and-resource-roles-review.md?toc=/azure/active-directory/governance/toc.json)| If you're assigned to an administrative role, approve or deny access to your role. |
| [Complete an access review](../id-governance/privileged-identity-management/pim-complete-roles-and-resource-roles-review.md?toc=/azure/active-directory/governance/toc.json)| View an access review and apply the results. |
 
## Use the Access Reviews API
 
To interact with and manage reviewable resources, see [Microsoft Graph API methods](/graph/api/resources/accessreviewsv2-overview) and [role and application permission authorization checks](/graph/api/resources/accessreviewsv2-overview). The access reviews methods in the Microsoft Graph API are available for both application and user contexts. When you run scripts in the application context, the account used to run the API (the service principle) must be granted the AccessReview.Read.All permission to query access reviews information.
 
 
 
 
 
 
MODIFIED docs/id-governance/access-reviews-overview.md
Modified by Ortagus Winfrey on Apr 1, 2026 3:32 PM
📖 View on learn.microsoft.com
+0 / -4 lines changed
Commit: Remove access review agent references from ID governance docs
Changes:
Before
After
>[!NOTE]
>Creating a review on inactive users and with [user-to-group affiliation](review-recommendations-access-reviews.md#user-to-group-affiliation) recommendations, or an [access review of multiple resources together (preview)](catalog-access-reviews.md), requires a Microsoft Entra ID Governance license.
 
## Access Review Agent (Preview)
 
The Access Review Agent works for your reviewers by automatically gathering insights and generating recommendations. It then guides reviewers through the review process in Microsoft Teams with natural language, with simple summaries and proposed decisions, so they can make the final call with confidence and clarity. For more information, see [Access Review Agent](../security-copilot/access-review-agent.md).
 
## Next steps
 
- [Prepare for an access review of users' access to an application](access-reviews-application-preparation.md)
>[!NOTE]
>Creating a review on inactive users and with [user-to-group affiliation](review-recommendations-access-reviews.md#user-to-group-affiliation) recommendations, or an [access review of multiple resources together (preview)](catalog-access-reviews.md), requires a Microsoft Entra ID Governance license.
 
## Next steps
 
- [Prepare for an access review of users' access to an application](access-reviews-application-preparation.md)
 
 
 
 
MODIFIED docs/id-governance/create-access-review.md
Modified by Ortagus Winfrey on Apr 1, 2026 3:32 PM
📖 View on learn.microsoft.com
+0 / -4 lines changed
Commit: Remove access review agent references from ID governance docs
Changes:
Before
After
- **Reminders**: Select this checkbox to have Microsoft Entra ID send reminders of access reviews in progress to all reviewers. Reviewers receive the reminders halfway through the review, no matter if they've finished their review or not.
- **Additional content for reviewer email**: The content of the email sent to reviewers is autogenerated based on the review details, such as review name, resource name, and due date. If you need to communicate more information, you can specify details such as instructions or contact information in the box. The information that you enter is included in the invitation, and reminder emails are sent to assigned reviewers. The section highlighted in the following image shows where this information appears.
![Screenshot that shows additional content for reviewers.](./media/create-access-review/additional-content-reviewer.png)
- **Access Review Agent (Preview)**: Select this checkbox to allow reviewers to complete the access review in Microsoft Teams with natural language, insights, and recommendations.
> [!NOTE]
> This setting is only available for review configurations currently supported by the Access Review Agent and additional setup steps are required. For more information, see: [Access Review Agent with Microsoft Security Copilot](access-review-agent.md).
 
## Next steps
 
- [Complete an access review of groups or applications](complete-access-review.md)
- [Access Review Agent (preview)](../security-copilot/access-review-agent.md)
- [Create an access review of PIM for Groups (preview)](create-access-review-pim-for-groups.md)
- [Review access to groups or applications](perform-access-review.md)
- [Review access for yourself to groups or applications](review-your-access.md)
- **Reminders**: Select this checkbox to have Microsoft Entra ID send reminders of access reviews in progress to all reviewers. Reviewers receive the reminders halfway through the review, no matter if they've finished their review or not.
- **Additional content for reviewer email**: The content of the email sent to reviewers is autogenerated based on the review details, such as review name, resource name, and due date. If you need to communicate more information, you can specify details such as instructions or contact information in the box. The information that you enter is included in the invitation, and reminder emails are sent to assigned reviewers. The section highlighted in the following image shows where this information appears.
![Screenshot that shows additional content for reviewers.](./media/create-access-review/additional-content-reviewer.png)
 
## Next steps
 
- [Complete an access review of groups or applications](complete-access-review.md)
- [Create an access review of PIM for Groups (preview)](create-access-review-pim-for-groups.md)
- [Review access to groups or applications](perform-access-review.md)
- [Review access for yourself to groups or applications](review-your-access.md)
 
 
 
 
MODIFIED docs/id-governance/entitlement-management-access-reviews-create.md
Modified by Ortagus Winfrey on Apr 1, 2026 3:32 PM
📖 View on learn.microsoft.com
+0 / -3 lines changed
Commit: Remove access review agent references from ID governance docs
Changes:
Before
After
- **approve** the review if the user has signed-in at least once during the last 30 days.
- **deny** the review if the user hasn't signed-in during the last 30 days.
1. If you want the reviewer to share their reasons for their approval decision, select **Require reviewer justification**. Their justification is visible to other reviewers and the requestor.
1. **Access Review Agent (Preview)**: Select this checkbox to allow reviewers to complete the access review in Microsoft Teams with natural language, insights, and recommendations.
> [!NOTE]
> This setting is only available for review configurations currently supported by the Access Review Agent and additional setup steps are required. For more information, see: [Access Review Agent with Microsoft Security Copilot](access-review-agent.md).
1. Select **Review + Create** or select **next** if you're creating a new access package. Select **Update** if you're editing an access package, at the bottom of the page.
 
- **approve** the review if the user has signed-in at least once during the last 30 days.
- **deny** the review if the user hasn't signed-in during the last 30 days.
1. If you want the reviewer to share their reasons for their approval decision, select **Require reviewer justification**. Their justification is visible to other reviewers and the requestor.
1. Select **Review + Create** or select **next** if you're creating a new access package. Select **Update** if you're editing an access package, at the bottom of the page.
 
 
 
 
MODIFIED docs/global-secure-access/how-to-network-content-filtering.md
Modified by Ken Withee on Apr 1, 2026 4:59 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Apply suggestion from @kenwith
Changes:
Before
After
:::image type="content" source="media/how-to-network-content-filtering/file-rule-content-types.png" alt-text="Screenshot of the Add Content Rule page showing the Matching conditions section with Activities set to Upload, and the Content types dropdown expanded with PDF selected." lightbox="media/how-to-network-content-filtering/file-rule-content-types.png":::
1. Select **+ Add destination** and configure the destinations.
- For application-specific control, you can add the exact upload URLs and related FQDNs that the app uses. Use browser developer tools or network traffic analysis to identify the endpoints used during file upload.
- You can also select web categories as a destination. If you select web categories, you must also configure a [web content filtering policy](how-to-configure-web-content-filtering.md) for those categories.
1. Select **Next**.
1. On the **Review** tab, review your settings.
:::image type="content" source="media/how-to-network-content-filtering/file-policy-review-tab.png" alt-text="Screenshot of the Review tab showing a summary of the content policy settings including policy name, description, and number of rules before creation." lightbox="media/how-to-network-content-filtering/file-policy-review-tab.png":::
:::image type="content" source="media/how-to-network-content-filtering/file-rule-content-types.png" alt-text="Screenshot of the Add Content Rule page showing the Matching conditions section with Activities set to Upload, and the Content types dropdown expanded with PDF selected." lightbox="media/how-to-network-content-filtering/file-rule-content-types.png":::
1. Select **+ Add destination** and configure the destinations.
- For application-specific control, you can add the exact upload URLs and related FQDNs that the app uses. Use browser developer tools or network traffic analysis to identify the endpoints used during file upload.
- You can also select web categories as a destination. If you select web categories, you must also configure a [web content filtering policy](how-to-configure-web-content-filtering.md).
1. Select **Next**.
1. On the **Review** tab, review your settings.
:::image type="content" source="media/how-to-network-content-filtering/file-policy-review-tab.png" alt-text="Screenshot of the Review tab showing a summary of the content policy settings including policy name, description, and number of rules before creation." lightbox="media/how-to-network-content-filtering/file-policy-review-tab.png":::
MODIFIED docs/identity/authentication/concept-mfa-howitworks.md
Modified by shlipsey3 on Apr 1, 2026 4:30 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: addition
Changes:
Before
After
* Passkey in Microsoft Authenticator
* QR code
* Certificate-based authentication (when configured for multifactor authentication)
* External authentication methods (preview)
* Temporary Access Pass (TAP)
* OATH hardware token (preview)
* OATH software token
* Passkey in Microsoft Authenticator
* QR code
* Certificate-based authentication (when configured for multifactor authentication)
* External MFA
* Temporary Access Pass (TAP)
* OATH hardware token (preview)
* OATH software token
MODIFIED docs/identity/authentication/overview-authentication.md
Modified by shlipsey3 on Apr 1, 2026 4:21 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: auth-external-mfa
Changes:
Before
After
| [Authenticator Lite](/entra/identity/authentication/how-to-mfa-authenticator-lite) | No | MFA |
| [Hardware OATH tokens (preview)](concept-authentication-oath-tokens.md#hardware-oath-tokens-preview) | No | MFA and SSPR |
| [Software OATH tokens](concept-authentication-oath-tokens.md#software-oath-tokens) | No | MFA and SSPR |
| [External authentication methods (preview)](/entra/identity/authentication/how-to-authentication-external-method-manage)| No | MFA |
| [Temporary Access Pass (TAP)](howto-authentication-temporary-access-pass.md) | Yes | MFA |
| [Short Message Service (SMS) sign-in](howto-authentication-sms-signin.md) | Yes | MFA and SSPR |
| [Voice call](concept-authentication-phone-options.md) | No | MFA and SSPR |
| [Authenticator Lite](/entra/identity/authentication/how-to-mfa-authenticator-lite) | No | MFA |
| [Hardware OATH tokens (preview)](concept-authentication-oath-tokens.md#hardware-oath-tokens-preview) | No | MFA and SSPR |
| [Software OATH tokens](concept-authentication-oath-tokens.md#software-oath-tokens) | No | MFA and SSPR |
| [External MFA](/entra/identity/authentication/how-to-authentication-external-method-manage)| No | MFA |
| [Temporary Access Pass (TAP)](howto-authentication-temporary-access-pass.md) | Yes | MFA |
| [Short Message Service (SMS) sign-in](howto-authentication-sms-signin.md) | Yes | MFA and SSPR |
| [Voice call](concept-authentication-phone-options.md) | No | MFA and SSPR |
MODIFIED docs/id-governance/identity-governance-overview.md
Modified by Ortagus Winfrey on Apr 1, 2026 3:32 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Remove access review agent references from ID governance docs
Changes:
Before
After
 
Organizations that previously had been using an on-premises identity governance product can [migrate their organizational role model](identity-governance-organizational-roles.md) to Microsoft Entra ID Governance.
 
Furthermore, IT can delegate access management decisions to business decision makers. For example, employees that wish to access confidential customer data in a company's marketing application in Europe could need approval from their manager, a department lead or resource owner, and a security risk officer. [Entitlement management](entitlement-management-overview.md) enables you to define how identities request access across packages of group and team memberships, app roles, and SharePoint Online roles, and enforce separation of duties checks on access requests. Access packages can require regular access reviews, and other access rights, such as group memberships, can also be regularly reviewed using recurring [Microsoft Entra access reviews](access-reviews-overview.md) for access recertification, including AI-identified peer outliers which may require higher scrutiny. The [Access Review Agent](../security-copilot/access-review-agent.md) helps reviewers by automatically gathering insights and generating recommendations, and guides reviewers through the review process in Microsoft Teams with natural language, with simple summaries and proposed decisions, so they can make the final call with confidence and clarity.
 
Organizations can also control which guest identities have access, including to [on-premises applications](../external-id/hybrid-cloud-to-on-premises.md).
 
 
Organizations that previously had been using an on-premises identity governance product can [migrate their organizational role model](identity-governance-organizational-roles.md) to Microsoft Entra ID Governance.
 
Furthermore, IT can delegate access management decisions to business decision makers. For example, employees that wish to access confidential customer data in a company's marketing application in Europe could need approval from their manager, a department lead or resource owner, and a security risk officer. [Entitlement management](entitlement-management-overview.md) enables you to define how identities request access across packages of group and team memberships, app roles, and SharePoint Online roles, and enforce separation of duties checks on access requests. Access packages can require regular access reviews, and other access rights, such as group memberships, can also be regularly reviewed using recurring [Microsoft Entra access reviews](access-reviews-overview.md) for access recertification, including AI-identified peer outliers which may require higher scrutiny.
 
Organizations can also control which guest identities have access, including to [on-premises applications](../external-id/hybrid-cloud-to-on-premises.md).
 
MODIFIED docs/fundamentals/whats-new.md
Modified by Ortagus Winfrey on Apr 1, 2026 12:44 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Update ms.date to 04/01/2026 in whats-new.md
Changes:
Before
After
- clicktale
ms.assetid: 06a149f7-4aa1-4fb9-a8ec-ac2633b031fb
ms.topic: reference
ms.date: 03/12/2026
ms.author: owinfrey
ms.reviewer: dhanyahk
ms.custom: it-pro, has-azure-ad-ps-ref, sfi-ga-nochange
- clicktale
ms.assetid: 06a149f7-4aa1-4fb9-a8ec-ac2633b031fb
ms.topic: reference
ms.date: 04/01/2026
ms.author: owinfrey
ms.reviewer: dhanyahk
ms.custom: it-pro, has-azure-ad-ps-ref, sfi-ga-nochange

🗑️ Deleted Documentation Files

DELETED docs/security-copilot/access-review-agent.md
Deleted by Ortagus Winfrey on Apr 1, 2026 3:31 PM
📖 Was available at: https://learn.microsoft.com/en-us/entra/security-copilot/access-review-agent
-251 lines removed
Commit: Remove access review agent markdown files
DELETED docs/security-copilot/access-review-agent-logs-metrics.md
Deleted by Ortagus Winfrey on Apr 1, 2026 3:31 PM
📖 Was available at: https://learn.microsoft.com/en-us/entra/security-copilot/access-review-agent-logs-metrics
-70 lines removed
Commit: Remove access review agent markdown files

🤖 This report was automatically generated by the Entra Docs Monitor

📧 Delivered to merill@merill.net

🔗 Visit Repository