๐Ÿ“‹ Microsoft Entra Documentation Changes

Daily summary for changes since June 23rd 2026, 11:16 PM PDT

Report generated on June 24th 2026, 11:16 PM PDT

๐Ÿ“Š Summary

22
Total Commits
2
New Files
9
Modified Files
0
Deleted Files
11
Contributors

๐Ÿ†• New Documentation Files

+1156 lines added
Commit: Add security operations for network access guide (#13531)
+124 lines added
Commit: Add how-to guide for Lifecycle Workflows execution limits (#13633)

๐Ÿ“ Modified Documentation Files

+74 / -34 lines changed
Commit: Merge username alias sign-up into Android native auth tutorial (#13494)
Changes:
Before
After
---
title: Add sign-up in native iOS/macOS app
description: Learn how to add sign-up using email one-time passcode or email and password, and collect user attributes in an iOS/macOS mobile app using native authentication.
 
manager: pmwongera
 
ms.service: identity-platform
 
ms.subservice: external
ms.topic: tutorial
ms.date: 08/19/2024
ms.custom:
#Customer intent: As a dev, devops, I want to learn how to add sign-up using email one-time passcode or email and password, and collect user attributes in an iOS/macOS mobile app using native authentication.
---
 
# Tutorial: Add sign-up in an iOS/macOS app using native authentication
 
[!INCLUDE [applies-to-external-only](../external-id/includes/applies-to-external-only.md)]
 
This tutorial demonstrates how to sign up a user using email one-time passcode or username (email) and password, and collects user attributes in your iOS/macOS app using native authentication.
---
title: Add sign-up in an iOS/macOS app by using native authentication
description: Learn how to sign up users with email one-time passcode or email and password, and collect user attributes including a username (alias), in an iOS/macOS app by using native authentication.
manager: pmwongera
ms.service: identity-platform
ms.subservice: external
ms.topic: tutorial
ms.date: 06/17/2026
 
#Customer intent: As a developer, I want to add sign-up with email one-time passcode or email and password, and collect user attributes including a username (alias), in my iOS/macOS app by using native authentication so that users can create accounts with flexible identity options.
---
 
# Tutorial: Add sign-up in an iOS/macOS app by using native authentication
 
[!INCLUDE [applies-to-external-only](../external-id/includes/applies-to-external-only.md)]
 
This tutorial demonstrates how to sign up a user by using email one-time passcode or username (email) and password in your iOS/macOS app by using native authentication. You also learn how to collect user attributes during sign-up, including a username (alias), and handle errors.
 
In this tutorial, you:
 
+71 / -27 lines changed
Commit: Merge username alias sign-up into Android native auth tutorial (#13494)
Changes:
Before
After
---
title: Add sign-up in an Android app using native authentication
description: Learn how to add sign-up using email one-time passcode or email and password, and collect user attributes in an Android mobile app using native authentication.
 
manager: pmwongera
 
ms.service: identity-platform
 
ms.subservice: external
ms.topic: tutorial
ms.date: 08/01/2024
ms.custom:
 
#Customer intent: As a dev, devops, I want to add sign-up with email one-time passcode or email and password, and collect user attributes in your Android mobile app using native authentication.
---
 
# Tutorial: Add sign-up in an Android mobile app using native authentication
 
[!INCLUDE [applies-to-external-only](../external-id/includes/applies-to-external-only.md)]
 
---
title: Add sign-up in an Android app by using native authentication
description: Learn how to sign up users with email one-time passcode or email and password, and collect user attributes including a username (alias), in an Android app by using native authentication.
manager: pmwongera
ms.service: identity-platform
ms.subservice: external
ms.topic: tutorial
ms.date: 06/16/2026
 
#Customer intent: As a developer, I want to add sign-up with email one-time passcode or email and password, and collect user attributes including a username (alias), in my Android mobile app by using native authentication so that users can create accounts with flexible identity options.
---
 
# Tutorial: Add sign-up in an Android mobile app using native authentication
 
[!INCLUDE [applies-to-external-only](../external-id/includes/applies-to-external-only.md)]
 
This tutorial demonstrates how to sign up a user by using email one-time passcode or username (email) and password in your Android mobile app using native authentication. You also learn how to collect user attributes during sign-up, including a username (alias), and handle errors.
 
In this tutorial, you:
 
+45 / -35 lines changed
Commit: Move username (alias) sign-up guidance into its own section (React)
Changes:
Before
After
 
1. Create *sign-up/components/InitialForm.tsx* file, then paste the code from [sign-up/components/InitialForm.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/sign-up/components/InitialForm.tsx). This component displays a form that collects user sign-up attributes.
 
If you want to let users sign up with a username (alias), add a text input to this form to collect the username (alias) value. For example:
 
```tsx
<input
type="text"
placeholder="Username (alias)"
value={flatUsername}
onChange={(e) => setFlatUsername(e.target.value)}
style={styles.input}
/>
```
 
1. Create a *sign-up/components/CodeForm.tsx* file, then paste the code from [sign-up/components/CodeForm.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/shared/components/CodeForm.tsx). This component displays a form that collects a one-time passcode sent to the user. You require this form for either email with password or email with one-time passcode authentication method.
 
1. If your choice of authentication method is *email with password*, create a *sign-up/components/PasswordForm.tsx* file, then paste the code from [sign-up/components/PasswordForm.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/shared/components/PasswordForm.tsx). This component displays a password input form.
 
```
 
1. Create *sign-up/components/InitialForm.tsx* file, then paste the code from [sign-up/components/InitialForm.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/sign-up/components/InitialForm.tsx). This component displays a form that collects user sign-up attributes.
 
1. Create a *sign-up/components/CodeForm.tsx* file, then paste the code from [sign-up/components/CodeForm.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/shared/components/CodeForm.tsx). This component displays a form that collects a one-time passcode sent to the user. You require this form for either email with password or email with one-time passcode authentication method.
 
1. If your choice of authentication method is *email with password*, create a *sign-up/components/PasswordForm.tsx* file, then paste the code from [sign-up/components/PasswordForm.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/shared/components/PasswordForm.tsx). This component displays a password input form.
 
```
The SDK's instance method, `signUp()` starts the sign-up flow.
 
- To handle the one-time passcode submission, use the following code snippet. See a full example at [sign-up/page.tsx](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/react-nextjs-sample/src/app/sign-up/page.tsx) to learn where to place the code snippet:
 
```typescript
return <SignUpResultPage/>;
}
```
 
## Collect a username (alias) during sign-up
 
You can let users sign up with a username (alias) in addition to their email. The username (alias) is an alternate sign-in identifier, such as a customer ID, account number, or another value that you choose.
+38 / -27 lines changed
Commit: Move username (alias) sign-up guidance into its own section (Angular)
Changes:
Before
After
```
The SDK's instance method, `signUp()` starts the sign-up flow.
 
If you want to let users sign up with a username (alias), add a `flatUsername` field to the sign-up component, then include the `flatusername` attribute in the `UserAccountAttributes` you pass to `signUp()`:
 
```typescript
flatUsername = "";
 
const attributes: UserAccountAttributes = {
givenName: this.firstName,
surname: this.lastName,
jobTitle: this.jobTitle,
city: this.city,
country: this.country,
flatusername: this.flatUsername,
};
```
 
Add an alias input to *sign-up.component.html* alongside the existing fields:
 
```
The SDK's instance method, `signUp()` starts the sign-up flow.
 
- If you want the user to start sign-in flow immediately after sign-up is completed, use this snippet:
 
```html
5. Open the *src/app/app.component.scss* file, then add the following [styles file](https://github.com/Azure-Samples/ms-identity-ciam-native-javascript-samples/blob/main/typescript/native-auth/angular-sample/src/app/app.component.scss).
 
 
## Collect a username (alias) during sign-up
 
You can let users sign up with a username (alias) in addition to their email. The username (alias) is an alternate sign-in identifier, such as a customer ID, account number, or another value that you choose.
 
During sign-up, the username (email) is always required as the primary identifier, and the username (alias) doesn't replace it. By default, the username (alias) is optional, though an administrator can configure it as required. Your app always collects the username (email) and collects the alias as an attribute alongside the email. At sign-in, the user can then sign in with either their username (email) or their username (alias). To learn how the **Username** attribute is configured as optional or required, see [Configure the user input types and page layout](../external-id/customers/how-to-define-custom-attributes.md#configure-the-user-input-types-and-page-layout).
 
To collect a username (alias) during sign-up:
 
1. Make sure the **Username** built-in user attribute is enabled in your sign-up user flow. For the steps, see [Enable username in the sign-in identifier policy](../external-id/customers/how-to-sign-in-alias.md#enable-username-in-sign-in-identifier-policy).
 
1. Add a `flatUsername` field to the sign-up component, then include the `flatusername` attribute in the `UserAccountAttributes` you pass to `signUp()`:
Modified by learn-build-service-prod[bot] on Jun 24, 2026 9:36 PM
๐Ÿ“– View on learn.microsoft.com
+1 / -2 lines changed
Commit: Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/entra-docs (branch main) (#13642)
Changes:
Before
After
| 300,000โ€“600,000 |1.6 GHz |32 GB |450 GB |
| More than 600,000 |1.6 GHz |32 GB |500 GB |
 
The specifications listed above represent combined hardware requirements for the Microsoft Entra Connect server hosting both the synchronization application and the SQL Server database (either the built-in SQL Express or a full SQL Server instance installed locally).
If the SQL Server database is hosted remotely on a separate server, the Entra Connect application server may require fewer resources, while the SQL Server will need its own compute, memory, and storage capacity according to SQL Server sizing best practices.
 
The minimum requirements for computers running AD FS or Web Application Proxy servers are:
 
| 300,000โ€“600,000 |1.6 GHz |32 GB |450 GB |
| More than 600,000 |1.6 GHz |32 GB |500 GB |
 
 
 
The minimum requirements for computers running AD FS or Web Application Proxy servers are:
 
 
Modified by Ken Withee on Jun 24, 2026 6:49 PM
๐Ÿ“– View on learn.microsoft.com
+2 / -1 lines changed
Commit: Add security operations for network access guide (#13531)
Changes:
Before
After
| Guide | What it covers |
| --- | --- |
| [Common operations](how-to-operations-common.md) | RACI matrix (responsible, accountable, consulted, informed) for roles and responsibilities, change management process, metrics and reporting framework, continuous improvement |
 
### Capability-specific operations
 
If you completed deployment, follow this sequence:
 
1. **Establish your team**โ€”Assign roles using the [RACI matrix](how-to-operations-common.md#raci-matrix). Ensure at least two people cover each role.
2. **Configure alerting**โ€”Set up the critical alerts listed in each capability guide: [Private Access](how-to-operate-private-access.md#alerting-and-monitoring), [Internet Access](how-to-operate-internet-access.md#alerting-and-monitoring), [Remote Networks](how-to-operate-remote-networks.md#alerting-and-monitoring), and [Microsoft Traffic](how-to-operate-microsoft-traffic.md#alerting-and-monitoring). Don't rely on dashboards for issue detection.
3. **Establish baselines**โ€”Collect a 30-day performance baseline for traffic volume, latency, and usage. Calibrate alert thresholds against this baseline. Each capability guide includes Kusto Query Language (KQL) queries for baseline establishment.
4. **Set up automation**โ€”Start with configuration backups and alert notifications. Expand to the full automation playbook list over time.
5. **Schedule recurring checks**โ€”Implement the daily, weekly, and monthly checklists from each capability guide.
 
| Guide | What it covers |
| --- | --- |
| [Common operations](how-to-operations-common.md) | RACI matrix (responsible, accountable, consulted, informed) for roles and responsibilities, change management process, metrics and reporting framework, continuous improvement |
| [Security operations for network access](how-to-security-operations.md) | Security monitoring, detection patterns, Sentinel analytics rules, and cross-signal investigation guidance for Global Secure Access |
 
### Capability-specific operations
 
If you completed deployment, follow this sequence:
 
1. **Establish your team**โ€”Assign roles using the [RACI matrix](how-to-operations-common.md#raci-matrix). Ensure at least two people cover each role.
2. **Configure alerting**โ€”Set up the critical alerts listed in the [Security operations for network access](how-to-security-operations.md) guide and each capability guide: [Private Access](how-to-operate-private-access.md#alerting-and-monitoring), [Internet Access](how-to-operate-internet-access.md#alerting-and-monitoring), [Remote Networks](how-to-operate-remote-networks.md#alerting-and-monitoring), and [Microsoft Traffic](how-to-operate-microsoft-traffic.md#alerting-and-monitoring). Don't rely on dashboards for issue detection.
3. **Establish baselines**โ€”Collect a 30-day performance baseline for traffic volume, latency, and usage. Calibrate alert thresholds against this baseline. Each capability guide includes Kusto Query Language (KQL) queries for baseline establishment.
4. **Set up automation**โ€”Start with configuration backups and alert notifications. Expand to the full automation playbook list over time.
5. **Schedule recurring checks**โ€”Implement the daily, weekly, and monthly checklists from each capability guide.
+2 / -1 lines changed
Commit: Revise SSPR registration campaign dates and requirements
Changes:
Before
After
Some organizations prefer to bootstrap this process through synchronization of authentication data that already exists in Active Directory Domain Services. This synchronized data is made available to Microsoft Entra ID and SSPR without requiring user interaction. When users need to change or reset their password, they can do so even if they haven't previously registered their contact information.
 
> [!IMPORTANT]
> Starting **July 6, 2026**, a registration campaign will prompt affected users to register methods ahead of enforcement. Ensure users have registered at least one method that satisfies your SSPR policy. For more information, see [How to manage authentication methods](how-to-authentication-methods-manage.md).
> Starting **September 7, 2026**, SSPR will only accept explicitly registered authentication methods. Directory-sourced properties โ€” such as `mobilePhone`, `businessPhone`, and `otherMails` โ€” that were never registered will no longer work for SSPR verification.
 
You can prepopulate authentication contact information if you meet the following requirements:
 
Some organizations prefer to bootstrap this process through synchronization of authentication data that already exists in Active Directory Domain Services. This synchronized data is made available to Microsoft Entra ID and SSPR without requiring user interaction. When users need to change or reset their password, they can do so even if they haven't previously registered their contact information.
 
> [!IMPORTANT]
> Starting **Aug 6, 2026**, If your SSPR settings require users to register during sign-in, and enabled users do not have enough methods to complete SSPR, a registration campaign will prompt affected users to register methods ahead of enforcement. Ensure users have registered at least one method that satisfies your SSPR policy. For more information, see [How to manage authentication methods](how-to-authentication-methods-manage.md).
>
> Starting **September 7, 2026**, SSPR will only accept explicitly registered authentication methods. Directory-sourced properties โ€” such as `mobilePhone`, `businessPhone`, and `otherMails` โ€” that were never registered will no longer work for SSPR verification.
 
You can prepopulate authentication contact information if you meet the following requirements:
+2 / -0 lines changed
Commit: Merge username alias sign-up into Android native auth tutorial (#13494)
Changes:
Before
After
 
To sign in a user using username (email) and password, collect the email and password from the user. If the username and password are valid, the app signs in the user.
 
To sign in a user, you need to:
 
1. Create a user interface (UI) to:
 
 
 
To sign in a user using username (email) and password, collect the email and password from the user. If the username and password are valid, the app signs in the user.
 
If the **Username** built-in user attribute is enabled in your tenant's sign-up user flow, the `username` parameter in sign-in accepts either the user's email address or their username (alias). No separate sign-in logic is needed to support alias-based sign-in.
 
To sign in a user, you need to:
 
1. Create a user interface (UI) to:
+2 / -0 lines changed
Commit: Merge username alias sign-up into Android native auth tutorial (#13494)
Changes:
Before
After
 
To sign in a user using the **Email with password** flow, capture the email and password. If the username and password are valid, the app signs in the user.
 
To sign in a user, you need to:
 
1. Create a user interface (UI) to:
 
 
 
To sign in a user using the **Email with password** flow, capture the email and password. If the username and password are valid, the app signs in the user.
 
If the **Username** built-in user attribute is enabled in your tenant's sign-up user flow, the `username` parameter in sign-in accepts either the user's email address or their username (alias). No separate sign-in logic is needed to support alias-based sign-in.
 
To sign in a user, you need to:
 
1. Create a user interface (UI) to: