MODIFIED docs/identity/users/groups-dynamic-membership.md

Modified by Ken Withee on Jun 5, 2026 7:12 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Fix string-collection rule examples to use -any operator

Changes:

Before

After

 
| Property | Allowed values | Examples |
| --- | --- | --- |
| `otherMails` |Any string value | ```user.otherMails -startsWith "alias@domain"```<br><br>```user.otherMails -endsWith"@contoso.com"``` |
| `proxyAddresses` |`SMTP: alias@domain`, `smtp: alias@domain` | ```user.proxyAddresses -startsWith "SMTP: alias@domain"```<br><br>```user.proxyAddresses -notEndsWith "@outlook.com"``` |
 
For the properties used for device rules, see [Rules for devices](#rules-for-devices).
 

 
| Property | Allowed values | Examples |
| --- | --- | --- |
| `otherMails` |Any string value | ```(user.otherMails -any (_ -startsWith "alias@domain"))```<br><br>```(user.otherMails -any (_ -endsWith "@contoso.com"))``` |
| `proxyAddresses` |`SMTP: alias@domain`, `smtp: alias@domain` | ```(user.proxyAddresses -any (_ -startsWith "SMTP: alias@domain"))```<br><br>```(user.proxyAddresses -any (_ -notEndsWith "@outlook.com"))``` |
 
For the properties used for device rules, see [Rules for devices](#rules-for-devices).
 

MODIFIED docs/identity/saas-apps/salesforce-sandbox-tutorial.md

Modified by Jeevan Desarda on Jun 5, 2026 4:40 PM
📖 View on learn.microsoft.com

+3 / -0 lines changed

Commit: Add Salesforce Phishing-Resistant MFA note to tutorials

Changes:

Before

After

>
>  For customers using AD FS as the federation provider with Entra ID, please follow the guidance published [here](~/identity/authentication/how-to-mfa-expected-inbound-assertions.md#using-saml-20-federated-idp) so that Entra ID will have this claim in the SAML token.
 
## Prerequisites
The scenario outlined in this article assumes that you already have the following prerequisites:

>
>  For customers using AD FS as the federation provider with Entra ID, please follow the guidance published [here](~/identity/authentication/how-to-mfa-expected-inbound-assertions.md#using-saml-20-federated-idp) so that Entra ID will have this claim in the SAML token.
 
> [!Note]
> We are aware that Salesforce has announced a [Phishing-Resistant MFA requirement](https://help.salesforce.com/s/articleView?id=005321563&type=1) for admins across Sandbox and Production environments. We are actively working with the Salesforce team to ensure Entra ID can send the required granular information via token claims. Once timelines are aligned, updates will be published here. Stay tuned.
 
## Prerequisites
The scenario outlined in this article assumes that you already have the following prerequisites:
 

MODIFIED docs/identity/saas-apps/salesforce-tutorial.md

Modified by Jeevan Desarda on Jun 5, 2026 4:40 PM
📖 View on learn.microsoft.com

+3 / -0 lines changed

Commit: Add Salesforce Phishing-Resistant MFA note to tutorials

Changes:

Before

After

>
>  For customers using AD FS as the federation provider with Entra ID, please follow the guidance published [here](~/identity/authentication/how-to-mfa-expected-inbound-assertions.md#using-saml-20-federated-idp) so that Entra ID will have this claim in the SAML token.
 
## Prerequisites
 
The scenario outlined in this article assumes that you already have the following prerequisites:

>
>  For customers using AD FS as the federation provider with Entra ID, please follow the guidance published [here](~/identity/authentication/how-to-mfa-expected-inbound-assertions.md#using-saml-20-federated-idp) so that Entra ID will have this claim in the SAML token.
 
> [!Note]
> We are aware that Salesforce has announced a [Phishing-Resistant MFA requirement](https://help.salesforce.com/s/articleView?id=005321563&type=1) for admins across Sandbox and Production environments. We are actively working with the Salesforce team to ensure Entra ID can send the required granular information via token claims. Once timelines are aligned, updates will be published here. Stay tuned.
 
## Prerequisites
 
The scenario outlined in this article assumes that you already have the following prerequisites:

📋 Microsoft Entra Documentation Changes

📊 Summary

📝 Modified Documentation Files