πŸ“‹ Microsoft Entra Documentation Changes

Daily summary for changes since February 8th 2026, 8:36 PM PST

Report generated on February 9th 2026, 8:36 PM PST

πŸ“Š Summary

18
Total Commits
0
New Files
96
Modified Files
0
Deleted Files
10
Contributors

πŸ“ Modified Documentation Files

MODIFIED docs/identity/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial.md
Modified by Mark Wahl on Feb 9, 2026 5:31 PM
πŸ“– View on learn.microsoft.com
+6 / -6 lines changed
Commit: clarify SAP CIS SSO integration is SAML
Changes:
Before
After
 
# Configure SAP Cloud Identity Services for Single sign-on with Microsoft Entra ID
 
In this article, you learn how to integrate SAP Cloud Identity Services with Microsoft Entra ID. When you integrate SAP Cloud Identity Services with Microsoft Entra ID, you can:
 
* Control in Microsoft Entra ID who has access to SAP Cloud Identity Services.
* Enable your users to be automatically signed-in to SAP Cloud Identity Services and downstream SAP applications with their Microsoft Entra accounts.
* Manage your accounts in one central location.
 
 
## Scenario description
 
In this article, you configure and test Microsoft Entra single sign-on in a test environment.
 
* SAP Cloud Identity Services supports service provider (**SP**) and identity provider (**IDP**) initiated SSO.
* SAP Cloud Identity Services supports [Automated user provisioning](sap-cloud-platform-identity-authentication-provisioning-tutorial.md).
 
Before you dive into the technical details, it's vital to understand the concepts you're going to look at. SAP Cloud Identity Services enable you to implement SSO across SAP applications and services, with the same SSO experience as non-SAP applications integrated directly with Microsoft Entra ID as an Identity Provider.
 
 
 
# Configure SAP Cloud Identity Services for Single sign-on with Microsoft Entra ID
 
In this article, you can learn how to integrate SAP Cloud Identity Services with Microsoft Entra ID for single-sign on. When you integrate SAP Cloud Identity Services with Microsoft Entra ID, you can:
 
* Control in Microsoft Entra ID how users can authenticate to SAP Cloud Identity Services.
* Enable your users to be automatically signed-in to SAP Cloud Identity Services and downstream SAP applications with their Microsoft Entra accounts.
* Manage your accounts in one central location.
 
 
## Scenario description
 
In this article, you configure and test Microsoft Entra single sign-on to SAP Cloud Identity Services.
 
* SAP Cloud Identity Services supports service provider (**SP**) and identity provider (**IDP**) initiated SSO using SAML. SAP Cloud Identity Services also supports OpenID Connect, but that is not covered in this article.
* SAP Cloud Identity Services also supports user and group provisioning from Microsoft Entra ID. For more information, see [automated user provisioning](sap-cloud-platform-identity-authentication-provisioning-tutorial.md).
 
Before you dive into the technical details, it's vital to understand the concepts you're going to look at. SAP Cloud Identity Services enable you to implement SSO across SAP applications and services, with the same SSO experience as non-SAP applications integrated directly with Microsoft Entra ID as an Identity Provider.
 
 
MODIFIED docs/global-secure-access/reference-current-known-limitations.md
Modified by Shilpa Sharma on Feb 9, 2026 8:52 PM
πŸ“– View on learn.microsoft.com
+4 / -4 lines changed
Commit: Fix formatting and wording in known limitations section
Changes:
Before
After
- If you have IP location-based Conditional Access policies targeting non-Microsoft resources, don't enable strict location enforcement.
- Ensure that Source IP Restoration supports the traffic. If not, don't send the relevant traffic through Global Secure Access.
- Currently, connecting through the Global Secure Access client is required to acquire Private Access traffic.
- If you enable Universal Tenant Restrictions and access the Microsoft Entra admin center for a tenant on the allowlist, you might see an "Access denied" error. To correct this error, add the following feature flag to the Microsoft Entra admin center:
- `?feature.msaljs=true&exp.msaljsexp=true`
- For example, you work for Contoso. Fabrikam, a partner tenant, is on the allowlist. You might see the error message for the Fabrikam tenant's Microsoft Entra admin center.
- If you received the "access denied" error message for the URL `https://entra.microsoft.com/`, then add the feature flag as follows: `https://entra.microsoft.com/?feature.msaljs%253Dtrue%2526exp.msaljsexp%253Dtrue#home`
- Only the Global Secure Access client for Windows (version 1.8.239.0 or later) supports Universal CAE. On other platforms, the Global Secure Access client uses regular access tokens.
- Microsoft Entra ID issues short-lived tokens for Global Secure Access. A Universal CAE access token lasts 60 to 90 minutes and supports near real-time revocation.
 
## Internet Access limitations
Known limitations for Internet Access include:
- An admin can create up to up to 256 security profiles per tenant, up to 1,000 policies per tenant, and up to 1,000 rules per tenant.
- An admin can configure 8,000 total destinations (which can be any combination of IP, FQDN, URL, or web category) in each tenant. For example, within a single tenant can create up to two policies targeting 4,000 domains each *or* up to 1,000 policies with eight domains each.
- Admins can currently configure rules based on up to 1,000 total URLs.
- TLS inspection supports up to 100 TLS inspection policies, 1,000 rules, and 8,000 destinations.
 
For usage in US Government community (GCC) cloud, known limitations/disclaimers include:
 
- Non Federal Information Processing Standard (FIPS) 140-2 certified: Note that while the GSA service is FedRAMP High accredited, it is not yet FIPS 140-2 certified. Microsoft is actively working toward achieving FIPS accreditation/certification, and this process is currently underway. Customers should consider this status when evaluating compliance requirements. FIPS 140-2 is a US government standard that defines FedRAMP minimum security requirements for cryptographic modules in products and systems. For more information, see [Federal Information Processisng Standard (FIPS) 140](/azure/compliance/offerings/offering-fips-140-2).
- If you have IP location-based Conditional Access policies targeting non-Microsoft resources, don't enable strict location enforcement.
- Ensure that Source IP Restoration supports the traffic. If not, don't send the relevant traffic through Global Secure Access.
- Currently, connecting through the Global Secure Access client is required to acquire Private Access traffic.
- If you enable Universal Tenant Restrictions and access the Microsoft Entra admin center for a tenant on the allow list, you might see an "Access denied" error. To correct this error, add the following feature flag to the Microsoft Entra admin center:
- `?feature.msaljs=true&exp.msaljsexp=true`
- For example, you work for Contoso. Fabrikam, a partner tenant, is on the allow list. You might see the error message for the Fabrikam tenant's Microsoft Entra admin center.
- If you received the "access denied" error message for the URL `https://entra.microsoft.com/`, then add the feature flag as follows: `https://entra.microsoft.com/?feature.msaljs%253Dtrue%2526exp.msaljsexp%253Dtrue#home`
- Only the Global Secure Access client for Windows (version 1.8.239.0 or later) supports Universal CAE. On other platforms, the Global Secure Access client uses regular access tokens.
- Microsoft Entra ID issues short-lived tokens for Global Secure Access. A Universal CAE access token lasts 60 to 90 minutes and supports near real-time revocation.
 
## Internet Access limitations
Known limitations for Internet Access include:
- An admin can create up to 256 security profiles per tenant, up to 1,000 policies per tenant, and up to 1,000 rules per tenant.
- An admin can configure 8,000 total destinations (which can be any combination of IP, FQDN, URL, or web category) in each tenant. For example, within a single tenant can create up to two policies targeting 4,000 domains each *or* up to 1,000 policies with eight domains each.
- Admins can currently configure rules based on up to 1,000 total URLs.
- TLS inspection supports up to 100 TLS inspection policies, 1,000 rules, and 8,000 destinations.
 
For usage in US Government community (GCC) cloud, known limitations/disclaimers include:
 
- Non Federal Information Processing Standard (FIPS) 140-2 certified: Note that while the GSA service is FedRAMP High accredited, it is not yet FIPS 140-2 certified. Microsoft is actively working toward achieving FIPS accreditation/certification, and this process is currently underway. Customers should consider this status when evaluating compliance requirements. FIPS 140-2 is a US government standard that defines FedRAMP minimum security requirements for cryptographic modules in products and systems. For more information, see [Federal Information Processing Standard (FIPS) 140](/azure/compliance/offerings/offering-fips-140-2).
MODIFIED docs/identity/saas-apps/sap-cloud-platform-identity-authentication-provisioning-tutorial.md
Modified by Mark Wahl on Feb 9, 2026 5:31 PM
πŸ“– View on learn.microsoft.com
+4 / -1 lines changed
Commit: clarify SAP CIS SSO integration is SAML
Changes:
Before
After
 
Before configuring Microsoft Entra ID to have automatic user provisioning into SAP Cloud Identity Services, you need to add SAP Cloud Identity Services from the Microsoft Entra application gallery to your tenant's list of enterprise applications. You can do this step in the Microsoft Entra admin center, or via the Graph API.
 
If SAP Cloud Identity Services is already configured for single-sign on from Microsoft Entra, and an application is already present in your Microsoft Entra list of enterprise applications, then continue at [the next section](#configure-automatic-user-provisioning-to-sap-cloud-identity-services).
 
### Adding SAP Cloud Identity Services using the Microsoft Entra admin center
 
 
 
 
 
Before configuring Microsoft Entra ID to have automatic user provisioning into SAP Cloud Identity Services, you need to add SAP Cloud Identity Services from the Microsoft Entra application gallery to your tenant's list of enterprise applications. You can do this step in the Microsoft Entra admin center, or via the Graph API.
 
If SAP Cloud Identity Services is already configured for single-sign on from Microsoft Entra using SAML, and an application is already present in your Microsoft Entra list of enterprise applications, then continue at [the next section](#configure-automatic-user-provisioning-to-sap-cloud-identity-services).
 
> [!NOTE]
> If you have previously configured an application registration for OpenID Connect integration, then you will not be able to configure provisioning for that application registration. Instead, create a separate enterprise application for provisioning.
 
### Adding SAP Cloud Identity Services using the Microsoft Entra admin center
 
MODIFIED docs/global-secure-access/reference-macos-client-release-history.md
Modified by Jay on Feb 9, 2026 7:59 PM
πŸ“– View on learn.microsoft.com
+2 / -2 lines changed
Commit: added release date
Changes:
Before
After
description: Track the latest updates and bug fixes for the Global Secure Access client for macOS. Stay informed about version changes and download instructions.
ms.service: global-secure-access
ms.topic: reference
ms.date: 01/30/2026
ms.author: jayrusso
author: HULKsmashGithub
manager: dougeby
:::image type="content" source="media/reference-macos-client-release-history/macos-client-download-screen.png" alt-text="Screenshot of the Client download screen with the Download Client button highlighted.":::
 
## Version 1.1.25111702
Released for download on February __, 2026.
### Functional changes
- Supports Intelligent Local Access (preview).
- Supports contacting Private DNS only when the Private Access channel is active.
description: Track the latest updates and bug fixes for the Global Secure Access client for macOS. Stay informed about version changes and download instructions.
ms.service: global-secure-access
ms.topic: reference
ms.date: 02/09/2026
ms.author: jayrusso
author: HULKsmashGithub
manager: dougeby
:::image type="content" source="media/reference-macos-client-release-history/macos-client-download-screen.png" alt-text="Screenshot of the Client download screen with the Download Client button highlighted.":::
 
## Version 1.1.25111702
Released for download on February 5, 2026.
### Functional changes
- Supports Intelligent Local Access (preview).
- Supports contacting Private DNS only when the Private Access channel is active.
MODIFIED docs/global-secure-access/how-to-configure-global-access-with-pim.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Secure private application access with Privileged Identity Management (PIM) and Global Secure Access
description: Learn how to secure highly valued private application access with Privileged Identity Management (PIM) and Global Secure Access
author: kenwith
ms.service: entra-id
ms.subservice: app-proxy
ms.topic: how-to
ms.date: 02/21/2025
ms.author: kenwith
ms.reviewer: katabish
ai-usage: ai-assisted
ms.custom: sfi-image-nochange
---
title: Secure private application access with Privileged Identity Management (PIM) and Global Secure Access
description: Learn how to secure highly valued private application access with Privileged Identity Management (PIM) and Global Secure Access
ms.subservice: app-proxy
ms.topic: how-to
ms.date: 02/21/2025
ms.reviewer: katabish
ai-usage: ai-assisted
ms.custom: sfi-image-nochange
 
 
 
MODIFIED docs/global-secure-access/concept-continuous-access-evaluation.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Learn about Continuous Access Evaluation (CAE) for Application Proxy (preview)
description: Learn about Continuous Access Evaluation (CAE) for Application Proxy (preview)
author: kenwith
ms.author: kenwith
ms.topic: concept-article
ms.date: 10/07/2025
ms.service: global-secure-access
ms.subservice: entra-internet-access
ms.reviewer: dhruvinshah
ai-usage: ai-assisted
---
title: Learn about Continuous Access Evaluation (CAE) for Application Proxy (preview)
description: Learn about Continuous Access Evaluation (CAE) for Application Proxy (preview)
ms.topic: concept-article
ms.date: 10/07/2025
ms.subservice: entra-internet-access
ms.reviewer: dhruvinshah
ai-usage: ai-assisted
 
 
 
MODIFIED docs/global-secure-access/concept-internet-access.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Learn about Microsoft Entra Internet Access
description: Learn about how Microsoft Entra Internet Access secures access to the Internet.
author: kenwith
ms.author: kenwith
ms.topic: concept-article
ms.date: 02/21/2025
ms.service: global-secure-access
ms.subservice: entra-internet-access
ms.reviewer: frankgomulka
ai-usage: ai-assisted
---
title: Learn about Microsoft Entra Internet Access
description: Learn about how Microsoft Entra Internet Access secures access to the Internet.
ms.topic: concept-article
ms.date: 02/21/2025
ms.subservice: entra-internet-access
ms.reviewer: frankgomulka
ai-usage: ai-assisted
 
 
 
MODIFIED docs/global-secure-access/concept-private-access.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Learn about Microsoft Entra Private Access
description: Learn about how Microsoft Entra Private Access secures access to your private corporate resources through the creation of Quick Access and Global Secure Access apps.
author: kenwith
ms.author: kenwith
ms.topic: concept-article
ms.date: 02/21/2025
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: katabish
ai-usage: ai-assisted
---
title: Learn about Microsoft Entra Private Access
description: Learn about how Microsoft Entra Private Access secures access to your private corporate resources through the creation of Quick Access and Global Secure Access apps.
ms.topic: concept-article
ms.date: 02/21/2025
ms.subservice: entra-private-access
ms.reviewer: katabish
ai-usage: ai-assisted
 
 
 
MODIFIED docs/global-secure-access/concept-universal-conditional-access.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Learn about Universal Conditional Access Through Global Secure Access
description: Learn about how Microsoft Entra Internet Access and Microsoft Entra Private Access secures access to your resources through Conditional Access.
ms.service: global-secure-access
ms.topic: concept-article
ms.date: 02/21/2025
ms.author: kenwith
author: kenwith
ms.reviewer: smistry
ai-usage: ai-assisted
ms.custom: sfi-image-nochange
---
title: Learn about Universal Conditional Access Through Global Secure Access
description: Learn about how Microsoft Entra Internet Access and Microsoft Entra Private Access secures access to your resources through Conditional Access.
ms.topic: concept-article
ms.date: 02/21/2025
ms.reviewer: smistry
ai-usage: ai-assisted
ms.custom: sfi-image-nochange
 
 
 
MODIFIED docs/global-secure-access/how-to-access-audit-logs.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: How to access Global Secure Access audit logs (preview)
description: Learn how to access, archive, and analyze the audit logs for Microsoft's Security Service Edge solution.
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 02/21/2025
ms.service: global-secure-access
ai-usage: ai-assisted
 
#Customer intent: As an IT admin, I need to view the logs specific to network access so I can better manage the solution.
---
title: How to access Global Secure Access audit logs (preview)
description: Learn how to access, archive, and analyze the audit logs for Microsoft's Security Service Edge solution.
ms.topic: how-to
ms.date: 02/21/2025
ai-usage: ai-assisted
 
#Customer intent: As an IT admin, I need to view the logs specific to network access so I can better manage the solution.
 
 
 
MODIFIED docs/global-secure-access/how-to-cisco-coexistence.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Security Service Edge (SSE) Coexistence With Microsoft and Cisco Umbrella
description: Microsoft and Cisco’s Security Service Edge (SSE) coexistence solution guide.
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 10/06/2025
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: shkhalid
ai-usage: ai-assisted
---
title: Security Service Edge (SSE) Coexistence With Microsoft and Cisco Umbrella
description: Microsoft and Cisco’s Security Service Edge (SSE) coexistence solution guide.
ms.topic: how-to
ms.date: 10/06/2025
ms.subservice: entra-private-access
ms.reviewer: shkhalid
ai-usage: ai-assisted
 
 
 
MODIFIED docs/global-secure-access/how-to-cisco-secure-access-coexistence.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Security Service Edge (SSE) Coexistence With Microsoft and Cisco Secure Access
description: Microsoft and Cisco’s Secure Access coexistence solution guide.
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 10/06/2025
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: shkhalid
ai-usage: ai-assisted
---
title: Security Service Edge (SSE) Coexistence With Microsoft and Cisco Secure Access
description: Microsoft and Cisco’s Secure Access coexistence solution guide.
ms.topic: how-to
ms.date: 10/06/2025
ms.subservice: entra-private-access
ms.reviewer: shkhalid
ai-usage: ai-assisted
 
 
 
MODIFIED docs/global-secure-access/how-to-cisco-vpn-coexistence.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Security Service Edge (SSE) Coexistence With Microsoft and Cisco VPNs
description: Microsoft and Cisco VPNs coexistence solution guide.
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 10/06/2025
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: shkhalid
ai-usage: ai-assisted
---
title: Security Service Edge (SSE) Coexistence With Microsoft and Cisco VPNs
description: Microsoft and Cisco VPNs coexistence solution guide.
ms.topic: how-to
ms.date: 10/06/2025
ms.subservice: entra-private-access
ms.reviewer: shkhalid
ai-usage: ai-assisted
 
 
 
MODIFIED docs/global-secure-access/how-to-compliant-network.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: Enable Compliant Network Check with Conditional Access
description: Learn how to require known compliant network locations in order to connect to your secured resources with Conditional Access.
ms.service: global-secure-access
ms.topic: how-to
ms.date: 02/21/2025
ms.author: kenwith
author: kenwith
ms.reviewer: smistry
ai-usage: ai-assisted
ms.custom: sfi-image-nochange
---
title: Enable Compliant Network Check with Conditional Access
description: Learn how to require known compliant network locations in order to connect to your secured resources with Conditional Access.
ms.topic: how-to
ms.date: 02/21/2025
ms.reviewer: smistry
ai-usage: ai-assisted
ms.custom: sfi-image-nochange
 
 
 
MODIFIED docs/global-secure-access/how-to-configure-connectors.md
Modified by Ken Withee on Feb 9, 2026 5:16 PM
πŸ“– View on learn.microsoft.com
+0 / -3 lines changed
Commit: [BULK UPDATE] Moves metadata to folder level in docfx.json.
Changes:
Before
After
---
title: How to configure connectors for Microsoft Entra Private Access
description: Learn how to configure Microsoft Entra private network connectors for Microsoft Entra Private Access.
author: kenwith
ms.author: kenwith
ms.topic: how-to
ms.date: 02/04/2026
ms.service: global-secure-access
ms.subservice: entra-private-access
ms.reviewer: katabish
ai-usage: ai-assisted
---
title: How to configure connectors for Microsoft Entra Private Access
description: Learn how to configure Microsoft Entra private network connectors for Microsoft Entra Private Access.
ms.topic: how-to
ms.date: 02/04/2026
ms.subservice: entra-private-access
ms.reviewer: katabish
ai-usage: ai-assisted
 
 
 

πŸ€– This report was automatically generated by the Entra Docs Monitor

πŸ“§ Delivered to [email protected]

πŸ”— Visit Repository