📋 Microsoft Entra Documentation Changes

Daily summary for changes since February 22nd 2026, 8:25 PM PST

Report generated on February 23rd 2026, 8:25 PM PST

📊 Summary

15
Total Commits
0
New Files
6
Modified Files
0
Deleted Files
7
Contributors

📝 Modified Documentation Files

+3 / -3 lines changed
Commit: Fix formatting and grammar in Traffic Manager integration doc
Changes:
Before
After
 
To use Traffic Manager, you must configure application proxy. The configuration steps that follow refer to these URL definitions:
 
- **Regional URL**. The application proxy endpoints for each app. For example, `nam.contoso.com` and `india.contoso.com`.
- **Alternate URL**: The URL configured for the Traffic Manager solution. For example, `contoso.com`.
 
To configure application proxy for Traffic Manager:
1. Assign each app to its respective connector group.
1. If you prefer the alternate URL to be maintained throughout the user session, register each app and add the URL as a reply URL. This step is optional.
 
1. In the Traffic Manager solution, add the regional URLs for application proxy that you created for each app as an endpoint.
 
1. Configure the Traffic Manager solution's load-balancing rules with a standard license.
 
| **Internal URL** | `contoso.com` | `contoso.com` | If the apps are hosted in different regions, you can use the same internal URL for each app. |
| **External URL** | `nam.contoso.com` | `india.contoso.com` | Configure a custom domain for each app. |
| **Custom domain certificate** | Domain Name System (DNS): `nam.contoso.com`<br> SAN: `www.contoso.com` | DNS: `india.contoso.com`<br> SAN: `www.contoso.com` | In the certificate that you upload for each app, set the SAN value to the alternate URL. The alternate URL is the URL that all users use to reach the app. |
| **Connector group** | North America Geo Group | India Geo Group | Ensure you that assign each app to the correct connector group by using the geo-routing functionality. |
| **Redirects** | (Optional) To maintain redirects for the alternate URL, add the application registration for the app. | (Optional) To maintain redirects for the alternate URL, add the application registration for the app. | This step is required if the alternate URL `www.contoso.com` will be maintained for all redirections. |
| **Reply URL** | `www.contoso.com` | `www.contoso.com` | |
 
To use Traffic Manager, you must configure application proxy. The configuration steps that follow refer to these URL definitions:
 
- **Regional URL**: The application proxy endpoints for each app. For example, `nam.contoso.com` and `india.contoso.com`.
- **Alternate URL**: The URL configured for the Traffic Manager solution. For example, `contoso.com`.
 
To configure application proxy for Traffic Manager:
1. Assign each app to its respective connector group.
1. If you prefer the alternate URL to be maintained throughout the user session, register each app and add the URL as a reply URL. This step is optional.
 
1. In the Traffic Manager solution, add the regional URLs for application proxy that you created for each app as endpoints.
 
1. Configure the Traffic Manager solution's load-balancing rules with a standard license.
 
| **Internal URL** | `contoso.com` | `contoso.com` | If the apps are hosted in different regions, you can use the same internal URL for each app. |
| **External URL** | `nam.contoso.com` | `india.contoso.com` | Configure a custom domain for each app. |
| **Custom domain certificate** | Domain Name System (DNS): `nam.contoso.com`<br> SAN: `www.contoso.com` | DNS: `india.contoso.com`<br> SAN: `www.contoso.com` | In the certificate that you upload for each app, set the SAN value to the alternate URL. The alternate URL is the URL that all users use to reach the app. |
| **Connector group** | North America Geo Group | India Geo Group | Ensure that you assign each app to the correct connector group by using the geo-routing functionality. |
| **Redirects** | (Optional) To maintain redirects for the alternate URL, add the application registration for the app. | (Optional) To maintain redirects for the alternate URL, add the application registration for the app. | This step is required if the alternate URL `www.contoso.com` will be maintained for all redirections. |
| **Reply URL** | `www.contoso.com` | `www.contoso.com` | |
+2 / -2 lines changed
Commit: Remove /en-us/ locale from learn.microsoft.com URLs in identity-platform docs
Changes:
Before
After
* Scopes you add here will be prompted for user consent during sign-in.
* By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request.
* For more information about OIDC scopes, visit:
* https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview#openid-connect-scopes
*/
const loginRequest = {
scopes: ["User.Read"],
* Scopes you add here will be prompted for user consent during sign-in.
* By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request.
* For more information about OIDC scopes, visit:
* https://learn.microsoft.com/en-us/entra/identity-platform/permissions-consent-overview#openid-connect-scopes
*/
const loginRequest = {
scopes: ["User.Read"],
* Scopes you add here will be prompted for user consent during sign-in.
* By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request.
* For more information about OIDC scopes, visit:
* https://learn.microsoft.com/entra/identity-platform/permissions-consent-overview#openid-connect-scopes
*/
const loginRequest = {
scopes: ["User.Read"],
* Scopes you add here will be prompted for user consent during sign-in.
* By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request.
* For more information about OIDC scopes, visit:
* https://learn.microsoft.com/entra/identity-platform/permissions-consent-overview#openid-connect-scopes
*/
const loginRequest = {
scopes: ["User.Read"],
+1 / -1 lines changed
Commit: Use contoso.com in wildcard example
Changes:
Before
After
1. Enter a name, select a [web category](reference-web-content-filtering-categories.md), a valid URL (Preview), or a valid FQDN, and then select **Add**.
- Valid URLs and FQDNs in this feature can also include wildcards using the asterisk symbol, *, and can be comma-separated lists.
- When entering FQDNs, use the domain name only. Don't include protocols (such as `https://`), port numbers, or URL paths. For example, enter `contoso.com` instead of `https://contoso.com:443/path`.
- To match all subdomains of a domain, use the wildcard format `*.domain.com`. Note that the wildcard `*.domain.com` matches subdomains like `www.domain.com` but doesn't match the root domain `domain.com` itself. To cover both the domain and all its subdomains, include both entries as a comma-separated list (for example, `*.google.com,google.com`).
- When entering multiple FQDNs in a comma-separated list, don't include spaces between entries (for example, `contoso.com,fabrikam.com,*.example.com`).
- Note, the URL filtering Preview supports a maximum of 1,000 URLs per tenant.
1. Select **Next** to review the policy and then select **Create policy**.
1. Enter a name, select a [web category](reference-web-content-filtering-categories.md), a valid URL (Preview), or a valid FQDN, and then select **Add**.
- Valid URLs and FQDNs in this feature can also include wildcards using the asterisk symbol, *, and can be comma-separated lists.
- When entering FQDNs, use the domain name only. Don't include protocols (such as `https://`), port numbers, or URL paths. For example, enter `contoso.com` instead of `https://contoso.com:443/path`.
- To match all subdomains of a domain, use the wildcard format `*.domain.com`. Note that the wildcard `*.domain.com` matches subdomains like `www.domain.com` but doesn't match the root domain `domain.com` itself. To cover both the domain and all its subdomains, include both entries as a comma-separated list (for example, `*.contoso.com,contoso.com`).
- When entering multiple FQDNs in a comma-separated list, don't include spaces between entries (for example, `contoso.com,fabrikam.com,*.example.com`).
- Note, the URL filtering Preview supports a maximum of 1,000 URLs per tenant.
1. Select **Next** to review the policy and then select **Create policy**.
+1 / -1 lines changed
Commit: update custom connector guidance for save and create new
Changes:
Before
After
 
 
> [!NOTE]
> After enabling GSA for Agents in a given environment or environment group, you need to create or update any existing custom connectors for them to route traffic through Global Secure Access.
 
## Create security policies for Copilot Studio agents
 
 
 
> [!NOTE]
> After enabling Global Secure Access for Agents in the environment or environment group, any existing Copilot Studio custom connector must be edited and saved to ensure its traffic is routed through Global Secure Access. Custom connectors created afterward automatically use this configuration.
 
## Create security policies for Copilot Studio agents
 
Modified by Jodi Martis on Feb 23, 2026 7:08 PM
📖 View on learn.microsoft.com
+1 / -1 lines changed
Commit: Fix grammar in application proxy overview
Changes:
Before
After
 
Another major benefit of implementing application proxy is extending Microsoft Entra ID to your on-premises environment. Implementing application proxy can be a key step in moving your organization and apps to the cloud. By moving to the cloud and away from on-premises authentication, you reduce your on-premises footprint and use Microsoft Entra identity management capabilities as your control plane.
 
With minimal or no updates to existing applications, you have access to cloud capabilities such as SSO, multifactor authentication, and central management. Installing the necessary components to application proxy is a simple process for establishing a remote access framework. And by moving to the cloud, you have access to the latest Microsoft Entra features, updates, and functionality, such as high availability and the disaster recovery.
 
To learn more about migrating your apps to Microsoft Entra ID, see [Resources for migrating applications to Microsoft Entra ID](~/identity/enterprise-apps/migration-resources.md).
 
 
Another major benefit of implementing application proxy is extending Microsoft Entra ID to your on-premises environment. Implementing application proxy can be a key step in moving your organization and apps to the cloud. By moving to the cloud and away from on-premises authentication, you reduce your on-premises footprint and use Microsoft Entra identity management capabilities as your control plane.
 
With minimal or no updates to existing applications, you have access to cloud capabilities such as SSO, multifactor authentication, and central management. Installing the necessary components to application proxy is a simple process for establishing a remote access framework. And by moving to the cloud, you have access to the latest Microsoft Entra features, updates, and functionality, such as high availability and disaster recovery.
 
To learn more about migrating your apps to Microsoft Entra ID, see [Resources for migrating applications to Microsoft Entra ID](~/identity/enterprise-apps/migration-resources.md).
 
+1 / -1 lines changed
Commit: Remove /en-us/ locale from learn.microsoft.com URLs in identity-platform docs
Changes:
Before
After
const GRAPH_API_ENDPOINT = process.env.GRAPH_API_ENDPOINT || "graph_end_point";
// Refers to the user that is single user singed in.
// https://learn.microsoft.com/en-us/graph/api/user-update?tabs=http
const GRAPH_ME_ENDPOINT = GRAPH_API_ENDPOINT + "v1.0/me";
module.exports = {
const GRAPH_API_ENDPOINT = process.env.GRAPH_API_ENDPOINT || "graph_end_point";
// Refers to the user that is single user singed in.
// https://learn.microsoft.com/graph/api/user-update?tabs=http
const GRAPH_ME_ENDPOINT = GRAPH_API_ENDPOINT + "v1.0/me";
module.exports = {