📋 Microsoft Entra Documentation Changes

Daily summary for changes since May 3rd 2026, 10:22 PM PDT

Report generated on May 4th 2026, 10:22 PM PDT

📊 Summary

13
Total Commits
0
New Files
4
Modified Files
0
Deleted Files
10
Contributors

📝 Modified Documentation Files

MODIFIED docs/id-governance/lifecycle-workflow-tasks.md
Modified by Ortagus Winfrey on May 4, 2026 9:37 PM
📖 View on learn.microsoft.com
+4 / -1 lines changed
Commit: Update lifecycle-workflow-tasks.md
Changes:
Before
After
 
### Update user attributes (Preview)
 
Lifecycle Workflows allow you to automate the updating of user attributes for users in your organization. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
 
:::image type="content" source="media/lifecycle-workflow-task/update-user-attribute-task.png" alt-text="Screenshot of the update user attribute task.":::
 
 
 
 
 
### Update user attributes (Preview)
 
Lifecycle Workflows allow you to automate the updating of user attributes for users in your organization. You're able to customize the task name and description for this task in the Microsoft Entra admin center.
 
> [!NOTE]
> This task does not currently support updating user attribute for synced users. For more information, see: [Update user attributes with Lifecycle Workflows (Preview)](how-to-lifecycle-workflow-update-user-attributes.md).
 
:::image type="content" source="media/lifecycle-workflow-task/update-user-attribute-task.png" alt-text="Screenshot of the update user attribute task.":::
 
MODIFIED docs/architecture/recoverability-overview.md
Modified by bathawes on May 4, 2026 6:02 PM
📖 View on learn.microsoft.com
+1 / -2 lines changed
Commit: Incorporate Tenant Configuration Management APIs
Changes:
Before
After
 
- [Microsoft Graph APIs](/graph/overview) can be used to export the current state of many Microsoft Entra configurations.
- [Microsoft Entra Exporter](https://github.com/microsoft/entraexporter) is a tool you can use to export your configuration settings.
- [Microsoft 365 Desired State Configuration](https://github.com/microsoft/Microsoft365DSC/wiki/What-is-Microsoft365DSC) is a module of the PowerShell Desired State Configuration framework. You can use it to export configurations for reference and application of the prior state of many settings.
- [Conditional Access APIs](/graph/api/resources/conditionalaccesspolicy) can be used to manage your Conditional Access policies as code.
 
In the rare case that an API is not available for a certain configuration setting, screenshot(s) can be taken to enable manual recovery.
 
> [!NOTE]
> Settings in the legacy multifactor authentication portal for Application Proxy and federation settings might not be exported with the Microsoft Entra Exporter, or with the Microsoft Graph API.
The [Microsoft 365 Desired State Configuration](https://github.com/microsoft/Microsoft365DSC/wiki/What-is-Microsoft365DSC) module uses Microsoft Graph and PowerShell to retrieve the state of many of the configurations in Microsoft Entra ID. This information can be used as reference information or, by using PowerShell Desired State Configuration scripting, to reapply a known good state.
 
Use [Conditional Access Graph APIs](/graph/api/resources/conditionalaccesspolicy) to manage policies like code.
 
- [Microsoft Graph APIs](/graph/overview) can be used to export the current state of many Microsoft Entra configurations.
- [Microsoft Entra Exporter](https://github.com/microsoft/entraexporter) is a tool you can use to export your configuration settings.
- [Tenant Configuration Management APIs in Microsoft Graph](/graph/unified-tenant-configuration-management-concept-overview) let you define configuration baselines, monitor tenants for drift, and generate snapshots of current settings. You can download snapshots as JSON files for reference or to restore many settings to a previous state.
- [Conditional Access APIs](/graph/api/resources/conditionalaccesspolicy) can be used to manage your Conditional Access policies as code.
 
In the rare case that an API is not available for a certain configuration setting, screenshot(s) can be taken to enable manual recovery.
 
> [!NOTE]
> Settings in the legacy multifactor authentication portal for Application Proxy and federation settings might not be exported with the Microsoft Entra Exporter, or with the Microsoft Graph API.
 
Use [Conditional Access Graph APIs](/graph/api/resources/conditionalaccesspolicy) to manage policies like code.
 
MODIFIED docs/identity/managed-identities-azure-resources/managed-identities-status.md
Modified by Ken Downie on May 4, 2026 3:27 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Remove preview status from Azure Files MI
Changes:
Before
After
| Azure Event Grid | [Event delivery with a managed identity](/azure/event-grid/managed-service-identity)|
| Azure Event Hubs | [Authenticate a managed identity with Microsoft Entra ID to access Event Hubs Resources](/azure/event-hubs/authenticate-managed-identity)|
| Azure File Sync | [How to use managed identities with Azure File Sync](/azure/storage/file-sync/file-sync-managed-identities)|
| Azure Files | [Access SMB Azure file shares using managed identities with Microsoft Entra ID (preview)](/azure/storage/files/files-managed-identities)|
| Azure Health Data Services workspace services | [Authentication and authorization for Azure Health Data Services](/azure/healthcare-apis/authentication-authorization)|
| Azure Health Data Services de-identification service | [Use managed identities with the de-identification service](/azure/healthcare-apis/deidentification/managed-identities)|
| Azure Image Builder | [Azure Image Builder overview](/azure/virtual-machines/image-builder-overview#permissions) |
| Azure Event Grid | [Event delivery with a managed identity](/azure/event-grid/managed-service-identity)|
| Azure Event Hubs | [Authenticate a managed identity with Microsoft Entra ID to access Event Hubs Resources](/azure/event-hubs/authenticate-managed-identity)|
| Azure File Sync | [How to use managed identities with Azure File Sync](/azure/storage/file-sync/file-sync-managed-identities)|
| Azure Files | [Access SMB Azure file shares using managed identities with Microsoft Entra ID](/azure/storage/files/files-managed-identities)|
| Azure Health Data Services workspace services | [Authentication and authorization for Azure Health Data Services](/azure/healthcare-apis/authentication-authorization)|
| Azure Health Data Services de-identification service | [Use managed identities with the de-identification service](/azure/healthcare-apis/deidentification/managed-identities)|
| Azure Image Builder | [Azure Image Builder overview](/azure/virtual-machines/image-builder-overview#permissions) |
MODIFIED docs/fundamentals/users-default-permissions.md
Modified by Erin Greenlee on May 4, 2026 6:59 PM
📖 View on learn.microsoft.com
+1 / -0 lines changed
Commit: Add permissions for agents in user permissions document
Changes:
Before
After
| Users and contacts | <ul><li>Enumerate the list of all users and contacts<li>Read all public properties of users and contacts</li><li>Invite guests<li>Change their own password<li>Manage their own mobile phone number<li>Manage their own photo<li>Invalidate their own refresh tokens</li></ul> | <ul><li>Read their own properties<li>Read display name, email, sign-in name, photo, user principal name, and user type properties of other users and contacts<li>Change their own password<li>Search for another user by object ID (if allowed)<li>Read manager and direct report information of other users</li></ul> | <ul><li>Read their own properties<li>Change their own password</li><li>Manage their own mobile phone number</li></ul> |
| Groups | <ul><li>Create security groups<li>Create Microsoft 365 groups<li>Enumerate the list of all groups<li>Read all properties of groups<li>Read nonhidden group membership<li>Read hidden Microsoft 365 group membership for joined groups<li>Manage properties, ownership, and membership of groups that the user owns<li>Add guests to owned groups<li>Manage group membership settings<li>Delete owned groups<li>Restore owned Microsoft 365 groups</li></ul> | <ul><li>Read properties of nonhidden groups, including membership and ownership (even nonjoined groups)<li>Read hidden Microsoft 365 group membership for joined groups<li>Search for groups by display name or object ID (if allowed)</li></ul> | <ul><li>Read object ID for joined groups<li>Read membership and ownership of joined groups in some Microsoft 365 apps (if allowed)</li></ul> |
| Applications | <ul><li>Register (create) new applications<li>Enumerate the list of all applications<li>Read properties of registered and enterprise applications<li>Manage application properties, assignments, and credentials for owned applications<li>Create or delete application passwords for users<li>Delete owned applications<li>Restore owned applications<li>List permissions granted to applications</ul> | <ul><li>Read properties of registered and enterprise applications<li>List permissions granted to applications</ul> | <ul><li>Read properties of registered and enterprise applications</li><li>List permissions granted to applications</li></ul> |
| Devices</li></ul> | <ul><li>Enumerate the list of all devices<li>Read all properties of devices<li>Manage all properties of owned devices</li></ul> | No permissions | No permissions |
| Organization | <ul><li>Read all company information<li>Read all domains<li>Read configuration of certificate-based authentication<li>Read all partner contracts</li><li>Read multitenant organization basic details and active tenants</li></ul> | <ul><li>Read company display name<li>Read all domains<li>Read configuration of certificate-based authentication</li></ul> | <ul><li>Read company display name<li>Read all domains</li></ul> |
| Roles and scopes | <ul><li>Read all administrative roles and memberships<li>Read all properties and membership of administrative units</li></ul> | No permissions | No permissions |
 
| Users and contacts | <ul><li>Enumerate the list of all users and contacts<li>Read all public properties of users and contacts</li><li>Invite guests<li>Change their own password<li>Manage their own mobile phone number<li>Manage their own photo<li>Invalidate their own refresh tokens</li></ul> | <ul><li>Read their own properties<li>Read display name, email, sign-in name, photo, user principal name, and user type properties of other users and contacts<li>Change their own password<li>Search for another user by object ID (if allowed)<li>Read manager and direct report information of other users</li></ul> | <ul><li>Read their own properties<li>Change their own password</li><li>Manage their own mobile phone number</li></ul> |
| Groups | <ul><li>Create security groups<li>Create Microsoft 365 groups<li>Enumerate the list of all groups<li>Read all properties of groups<li>Read nonhidden group membership<li>Read hidden Microsoft 365 group membership for joined groups<li>Manage properties, ownership, and membership of groups that the user owns<li>Add guests to owned groups<li>Manage group membership settings<li>Delete owned groups<li>Restore owned Microsoft 365 groups</li></ul> | <ul><li>Read properties of nonhidden groups, including membership and ownership (even nonjoined groups)<li>Read hidden Microsoft 365 group membership for joined groups<li>Search for groups by display name or object ID (if allowed)</li></ul> | <ul><li>Read object ID for joined groups<li>Read membership and ownership of joined groups in some Microsoft 365 apps (if allowed)</li></ul> |
| Applications | <ul><li>Register (create) new applications<li>Enumerate the list of all applications<li>Read properties of registered and enterprise applications<li>Manage application properties, assignments, and credentials for owned applications<li>Create or delete application passwords for users<li>Delete owned applications<li>Restore owned applications<li>List permissions granted to applications</ul> | <ul><li>Read properties of registered and enterprise applications<li>List permissions granted to applications</ul> | <ul><li>Read properties of registered and enterprise applications</li><li>List permissions granted to applications</li></ul> |
| Agents | <ul><li>Enumerate the list of all blueprints, blueprint principals, and agent identities<li>Read properties of blueprints, blueprint principals, and agent identities<li>Manage properties, assignments, and credentials for owned blueprints, blueprint principals, and agent identities<li>Delete owned blueprints, blueprint principals, and agent identities <li>Delete and update sponsors of blueprints, blueprint principals, and agent identities when listed as a sponsor <li>List permissions granted to blueprint principals and agent identities <li>Create blueprint principals and agent identities when owner of the blueprint <li>Create agent identities when owner of the blueprint principal </ul> | None | None |
| Devices</li></ul> | <ul><li>Enumerate the list of all devices<li>Read all properties of devices<li>Manage all properties of owned devices</li></ul> | No permissions | No permissions |
| Organization | <ul><li>Read all company information<li>Read all domains<li>Read configuration of certificate-based authentication<li>Read all partner contracts</li><li>Read multitenant organization basic details and active tenants</li></ul> | <ul><li>Read company display name<li>Read all domains<li>Read configuration of certificate-based authentication</li></ul> | <ul><li>Read company display name<li>Read all domains</li></ul> |
| Roles and scopes | <ul><li>Read all administrative roles and memberships<li>Read all properties and membership of administrative units</li></ul> | No permissions | No permissions |

🤖 This report was automatically generated by the Entra Docs Monitor

📧 Delivered to merill@merill.net

🔗 Visit Repository