๐Ÿ“‹ Microsoft Entra Documentation Changes

Daily summary for changes since February 3rd 2026, 8:21 PM PST

Report generated on February 4th 2026, 8:21 PM PST

๐Ÿ“Š Summary

34
Total Commits
1
New Files
11
Modified Files
1
Deleted Files
11
Contributors

๐Ÿ†• New Documentation Files

NEW docs/identity/enterprise-apps/deactivate-app-registration.md
Added by omondiatieno on Feb 4, 2026 6:02 PM
๐Ÿ“– View on learn.microsoft.com
+174 lines added
Commit: rename article and updates on app reg object

๐Ÿ“ Modified Documentation Files

MODIFIED docs/fundamentals/whats-new-archive.md
Modified by Ortagus Winfrey on Feb 4, 2026 7:22 PM
๐Ÿ“– View on learn.microsoft.com
+150 / -0 lines changed
Commit: June 2025 added to archive
Changes:
Before
After
 
---
 
## May 2025
 
### General Availability - Microsoft Entra External ID: User authentication with SAML/WS-Fed Identity Providers
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
---
 
## June 2025
### General Availability โ€“ Update to Microsoft Entra Work or School Default Background Image
**Type:** Changed feature
**Service category:** Authentications (Login)
**Product capability:** User Authentication
Starting September 29, 2025, we'll be making a change to the default background image of our Microsoft Entra work or school authentication screens. This new background was designed to help users focus on signing into their accounts, enhancing productivity, and minimizing distractions. With this, we aim to ensure visual consistency and a clean, simplified user experience throughout Microsoftโ€™s authentication flows โ€“ aligning with Microsoftโ€™s modernized [Fluent](https://microsoft.design/articles/four-principles-for-the-future-of-design/) design language. When our experiences look and feel consistent, it gives our users a familiar experience that they know and trust.
 
**Whatโ€™s changing?**
 
This update is solely a visual user interface refresh with no changes to functionality. This change will only affect screens where [Company Branding](how-to-customize-branding.md) doesn't apply or where users see the [default background image](https://aka.ms/entradefaultbackground). We recommend updating any documentation that contains screenshots and notifying your help desk. If you have configured a custom background image in Company Branding for your tenant, there will be no change for your users.
 
**Additional Details:**
 
1. **Tenants without a custom background configured:**
MODIFIED docs/fundamentals/whats-new.md
Modified by Ortagus Winfrey on Feb 4, 2026 6:16 PM
๐Ÿ“– View on learn.microsoft.com
+0 / -70 lines changed
Commit: Updates
Changes:
Before
After
Restricted management administrative units enable you to easily restrict access to users, groups, or devices to the specific users or applications you specify. Tenant-level administrators (including Global Administrators) can't modify members of restricted management administrative units unless they're explicitly assigned a role scoped to the administrative unit. This makes it easy to lock down a set of sensitive groups or user accounts in your tenant without having to remove tenant-level role assignments. For more information, see: [Restricted management administrative units in Microsoft Entra ID](../identity/role-based-access-control/admin-units-restricted-management.md).
 
---
 
 
## June 2025
### General Availability โ€“ Update to Microsoft Entra Work or School Default Background Image
**Type:** Changed feature
**Service category:** Authentications (Login)
**Product capability:** User Authentication
Starting September 29, 2025, we'll be making a change to the default background image of our Microsoft Entra work or school authentication screens. This new background was designed to help users focus on signing into their accounts, enhancing productivity, and minimizing distractions. With this, we aim to ensure visual consistency and a clean, simplified user experience throughout Microsoftโ€™s authentication flows โ€“ aligning with Microsoftโ€™s modernized [Fluent](https://microsoft.design/articles/four-principles-for-the-future-of-design/) design language. When our experiences look and feel consistent, it gives our users a familiar experience that they know and trust.
 
**Whatโ€™s changing?**
 
This update is solely a visual user interface refresh with no changes to functionality. This change will only affect screens where [Company Branding](how-to-customize-branding.md) doesn't apply or where users see the [default background image](https://aka.ms/entradefaultbackground). We recommend updating any documentation that contains screenshots and notifying your help desk. If you have configured a custom background image in Company Branding for your tenant, there will be no change for your users.
 
**Additional Details:**
Restricted management administrative units enable you to easily restrict access to users, groups, or devices to the specific users or applications you specify. Tenant-level administrators (including Global Administrators) can't modify members of restricted management administrative units unless they're explicitly assigned a role scoped to the administrative unit. This makes it easy to lock down a set of sensitive groups or user accounts in your tenant without having to remove tenant-level role assignments. For more information, see: [Restricted management administrative units in Microsoft Entra ID](../identity/role-based-access-control/admin-units-restricted-management.md).
 
---
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
MODIFIED docs/identity/saas-apps/adobe-identity-management-provisioning-oidc-tutorial.md
Modified by Ken Withee on Feb 4, 2026 9:56 PM
๐Ÿ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: Replace author and ms.author of invalid value with team lead.
Changes:
Before
After
title: Configure Adobe Identity Management (OIDC) for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and de-provision user accounts from Microsoft Entra ID to Adobe Identity Management (OIDC).
 
author: twimmers
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: thwimmer
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Adobe Identity Management (OIDC) so that I can streamline the user management process and ensure that users have the appropriate access to Adobe Identity Management (OIDC).
 
title: Configure Adobe Identity Management (OIDC) for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and de-provision user accounts from Microsoft Entra ID to Adobe Identity Management (OIDC).
 
author: jeevansd
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: jeedes
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Adobe Identity Management (OIDC) so that I can streamline the user management process and ensure that users have the appropriate access to Adobe Identity Management (OIDC).
 
MODIFIED docs/identity/saas-apps/adobe-identity-management-provisioning-saml-tutorial.md
Modified by Ken Withee on Feb 4, 2026 9:56 PM
๐Ÿ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: Replace author and ms.author of invalid value with team lead.
Changes:
Before
After
title: Configure Adobe Identity Management (SAML) for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and de-provision user accounts from Microsoft Entra ID to Adobe Identity Management (SAML).
 
author: twimmers
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: thwimmer
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Adobe Identity Management (SAML) so that I can streamline the user management process and ensure that users have the appropriate access to Adobe Identity Management (SAML).
 
title: Configure Adobe Identity Management (SAML) for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and de-provision user accounts from Microsoft Entra ID to Adobe Identity Management (SAML).
 
author: jeevansd
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: jeedes
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Adobe Identity Management (SAML) so that I can streamline the user management process and ensure that users have the appropriate access to Adobe Identity Management (SAML).
 
MODIFIED docs/identity/saas-apps/cofense-provision-tutorial.md
Modified by Ken Withee on Feb 4, 2026 9:56 PM
๐Ÿ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: Replace author and ms.author of invalid value with team lead.
Changes:
Before
After
title: Configure Cofense Recipient Sync for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and de-provision user accounts from Microsoft Entra ID to Cofense Recipient Sync.
 
author: twimmers
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: thwimmer
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Cofense Recipient Sync so that I can streamline the user management process and ensure that users have the appropriate access to Cofense Recipient Sync.
---
title: Configure Cofense Recipient Sync for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and de-provision user accounts from Microsoft Entra ID to Cofense Recipient Sync.
 
author: jeevansd
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: jeedes
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to Cofense Recipient Sync so that I can streamline the user management process and ensure that users have the appropriate access to Cofense Recipient Sync.
---
MODIFIED docs/identity/saas-apps/myday-provision-tutorial.md
Modified by Ken Withee on Feb 4, 2026 9:56 PM
๐Ÿ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: Replace author and ms.author of invalid value with team lead.
Changes:
Before
After
title: Configure myday for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to myday.
 
author: twimmers
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: thwimmer
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to myday so that I can streamline the user management process and ensure that users have the appropriate access to myday.
---
title: Configure myday for automatic user provisioning with Microsoft Entra ID
description: Learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to myday.
 
author: jeevansd
manager: pmwongera
ms.service: entra-id
ms.subservice: saas-apps
 
ms.topic: how-to
ms.date: 03/25/2025
ms.author: jeedes
 
# Customer intent: As an IT administrator, I want to learn how to automatically provision and deprovision user accounts from Microsoft Entra ID to myday so that I can streamline the user management process and ensure that users have the appropriate access to myday.
---
MODIFIED docs/global-secure-access/how-to-configure-connectors.md
Modified by Ken Withee on Feb 4, 2026 8:16 PM
๐Ÿ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: Update date and fix link in configuration guide
Changes:
Before
After
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 02/21/2025
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: katabish
- Optimize performance between the connector and the application. Physically locate the connector server close to the application servers. For more information, see [Optimize traffic flow with Microsoft Entra application proxy](../identity/app-proxy/application-proxy-network-topology.md).
- Make sure the connector server and the web application servers are in the same Active Directory domain or span trusting domains. Having the servers in the same domain or trusting domains is a requirement for using single sign-on (SSO) with integrated Windows authentication (IWA) and Kerberos Constrained Delegation (KCD). If the connector server and web application servers are in different Active Directory domains, use resource-based delegation for single sign-on.
- Consider [performance and scalability](concept-connectors.md#performance-and-scalability) of your connector deployment, including [extending the TCP and UDP ephemeral ports](concept-connectors.md#expanding-ephemeral-port-range) on your connector server. See [Understand the Microsoft Entra private network connector](concept-connectors.md) for more information.
- Consider creating a [performance baseline](https://learn.microsoft.com/troubleshoot/windows-server/performance/troubleshoot-performance-problems-in-windows) for your private network connectors.
 
### Prepare your on-premises environment
 
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 02/04/2026
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: katabish
- Optimize performance between the connector and the application. Physically locate the connector server close to the application servers. For more information, see [Optimize traffic flow with Microsoft Entra application proxy](../identity/app-proxy/application-proxy-network-topology.md).
- Make sure the connector server and the web application servers are in the same Active Directory domain or span trusting domains. Having the servers in the same domain or trusting domains is a requirement for using single sign-on (SSO) with integrated Windows authentication (IWA) and Kerberos Constrained Delegation (KCD). If the connector server and web application servers are in different Active Directory domains, use resource-based delegation for single sign-on.
- Consider [performance and scalability](concept-connectors.md#performance-and-scalability) of your connector deployment, including [extending the TCP and UDP ephemeral ports](concept-connectors.md#expanding-ephemeral-port-range) on your connector server. See [Understand the Microsoft Entra private network connector](concept-connectors.md) for more information.
- Consider creating a [performance baseline](/troubleshoot/windows-server/performance/troubleshoot-performance-problems-in-windows) for your private network connectors.
 
### Prepare your on-premises environment
 
MODIFIED docs/identity/saas-apps/akamai-enterprise-application-access-provisioning-tutorial.md
Modified by Ken Withee on Feb 4, 2026 9:56 PM
๐Ÿ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: Replace author and ms.author of invalid value with team lead.
Changes:
Before
After
 
# Configure Akamai Enterprise Application Access for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both Akamai Enterprise Application Access and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and de-provisions users and groups to [Akamai Enterprise Application Access](https://www.akamai.com) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
 
## Supported capabilities
 
# Configure Akamai Enterprise Application Access for automatic user provisioning with Microsoft Entra ID
 
This article describes the steps you need to perform in both Akamai Enterprise Application Access and Microsoft Entra ID to configure automatic user provisioning. When configured, Microsoft Entra ID automatically provisions and de-provisions users and groups to [Akamai Enterprise Application Access](https://www.akamai.com) using the Microsoft Entra provisioning service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Microsoft Entra ID](~/identity/app-provisioning/user-provisioning.md).
 
 
## Supported capabilities
MODIFIED docs/identity/enterprise-apps/deactivate-app-registration.md
Modified by omondiatieno on Feb 4, 2026 6:19 PM
๐Ÿ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: fix warnings
Changes:
Before
After
 
- [Delete an enterprise application](delete-application-portal.md) for permanent removal
- [Disable user sign-in](disable-user-sign-in-portal.md) for tenant-specific blocking
- [Monitor application usage](../monitoring-health/concept-audit-logs.md) with audit logs
 
- [Delete an enterprise application](delete-application-portal.md) for permanent removal
- [Disable user sign-in](disable-user-sign-in-portal.md) for tenant-specific blocking
- [Monitor application usage](../monitoring-health/concept-audit-logs.md) with audit logs
MODIFIED docs/identity/enterprise-apps/deactivate-application-portal.md
Modified by Michael Morten Sonne | Microsoft MVP on Feb 4, 2026 9:48 AM
๐Ÿ“– View on learn.microsoft.com
+1 / -1 lines changed
Commit: Clarify reactivation restrictions for deactivated applications
Changes:
Before
After
 
## Prevent reactivation by nonadministrators
 
Before deactivating the application, remove all owners from the application. This ensures only users with tenant-wide `microsoft.directory/applications/enable` scope can reactivate the application. This scope is restricted to administrative roles. This scope is restricted to administrative roles.
 
## Related content
 
 
## Prevent reactivation by nonadministrators
 
Before deactivating the application, remove all owners from the application. This ensures only users with tenant-wide `microsoft.directory/applications/enable` scope can reactivate the application. This scope is restricted to administrative roles.
 
## Related content
 
MODIFIED docs/architecture/multi-tenant-common-considerations.md
Modified by Ken Withee on Feb 4, 2026 9:41 PM
๐Ÿ“– View on learn.microsoft.com
+1 / -0 lines changed
Commit: Adds ms.date in metadata, it is required.
Changes:
Before
After
ms.subservice: architecture
ms.topic: article
ms.author: jricketts
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
---
 
 
ms.subservice: architecture
ms.topic: article
ms.author: jricketts
ms.date: 02/04/2026
ms.custom: has-azure-ad-ps-ref, azure-ad-ref-level-one-done
---
 

๐Ÿ—‘๏ธ Deleted Documentation Files

DELETED docs/identity/enterprise-apps/deactivate-application-portal.md
Deleted by omondiatieno on Feb 4, 2026 6:19 PM
๐Ÿ“– Was available at: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/deactivate-application-portal
-144 lines removed
Commit: fix warnings

๐Ÿค– This report was automatically generated by the Entra Docs Monitor

๐Ÿ“ง Delivered to [email protected]

๐Ÿ”— Visit Repository