MODIFIED docs/identity/hybrid/cloud-sync/tutorial-directory-extension-group-provisioning.md

Modified by Justinha on Jun 26, 2026 8:56 PM
📖 View on learn.microsoft.com

+24 / -22 lines changed

Commit: Fix style and accuracy issues in cloud sync group provisioning docs

Changes:

Before

After

title: Scenario - Using directory extensions with group provisioning to Active Directory
description: This topic describes how to extend the schema of a group with a new attribute. Then use the new attribute to filter groups for provisioning to Active Directory.
ms.topic: tutorial
ms.date: 04/09/2025
ms.subservice: hybrid-cloud-sync
ms.custom: sfi-image-nochange
---
> For a better experience executing Microsoft Graph PowerShell SDK cmdlets, use Visual Studio Code with `ms-vscode.powershell` extension in [ISE Mode](/powershell/scripting/dev-cross-plat/vscode/how-to-replicate-the-ise-experience-in-vscode).
 
## Create two groups in Microsoft Entra ID
To begin, create two groups in Microsoft Entra ID. One group is Sales and the Other is Marketing.
 
To create two groups, follow these steps.
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Hybrid Identity Administrator](~/identity/role-based-access-control/permissions-reference.md#hybrid-identity-administrator).
2. Browse to **Entra ID** > **Groups** > **All groups**.
3. At the top, click **New group**.
4. Make sure the **Group type** is set to **security**.
5. For the **Group Name** enter **Sales**
6. For **Membership type** keep it at assigned.

title: Scenario - Using directory extensions with group provisioning to Active Directory
description: This topic describes how to extend the schema of a group with a new attribute. Then use the new attribute to filter groups for provisioning to Active Directory.
ms.topic: tutorial
ms.date: 06/26/2026
ms.subservice: hybrid-cloud-sync
ms.custom: sfi-image-nochange
---
> For a better experience executing Microsoft Graph PowerShell SDK cmdlets, use Visual Studio Code with `ms-vscode.powershell` extension in [ISE Mode](/powershell/scripting/dev-cross-plat/vscode/how-to-replicate-the-ise-experience-in-vscode).
 
## Create two groups in Microsoft Entra ID
 
To begin, create two groups in Microsoft Entra ID. One group is Sales and the Other is Marketing.
 
To create two groups, follow these steps.
 
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Hybrid Identity Administrator](~/identity/role-based-access-control/permissions-reference.md#hybrid-identity-administrator).
2. Browse to **Entra ID** > **Groups** > **All groups**.
3. At the top, select **New group**.
4. Make sure the **Group type** is set to **security**.
5. For the **Group Name** enter **Sales**

MODIFIED docs/identity/hybrid/connect/reference-connect-version-history.md

Modified by Eunice Waweru on Jun 26, 2026 2:04 PM
📖 View on learn.microsoft.com

+3 / -43 lines changed

Commit: Revert "Update version history for Microsoft Entra Connect"

Changes:

Before

After

description: This article lists all releases of Microsoft Entra Connect and Azure AD Sync.
ms.assetid: ef2797d7-d440-4a9a-a648-db32ad137494
ms.topic: reference
ms.date: 06/26/2026
ms.subservice: hybrid-connect
ms.custom: no-azure-ad-ps-ref, sfi-ga-nochange
 
|[2.5.79.0](#25790)|23 Oct 2026 (12 months after release of 2.5.190.0)|
|[2.5.190.0](#251900)|02 Feb 2027 (12 months after release of 2.6.1.0)|
|[2.6.1.0](#2610)|10 Mar 2027 (12 months after release of 2.6.3.0)|
|[2.6.3.0](#2630)|26 Jun 2027 (12 months after release of 2.6.80.0)|
|[2.6.80.0](#26800)||
 
 
**All other versions are not supported**
 
 
To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md).
 
## 2.6.80.0

description: This article lists all releases of Microsoft Entra Connect and Azure AD Sync.
ms.assetid: ef2797d7-d440-4a9a-a648-db32ad137494
ms.topic: reference
ms.date: 06/23/2026
ms.subservice: hybrid-connect
ms.custom: no-azure-ad-ps-ref, sfi-ga-nochange
 
|[2.5.79.0](#25790)|23 Oct 2026 (12 months after release of 2.5.190.0)|
|[2.5.190.0](#251900)|02 Feb 2027 (12 months after release of 2.6.1.0)|
|[2.6.1.0](#2610)|10 Mar 2027 (12 months after release of 2.6.3.0)|
|[2.6.3.0](#2630)||
 
**All other versions are not supported**
 
 
To read more about autoupgrade, see [Microsoft Entra Connect: Automatic upgrade](how-to-connect-install-automatic-upgrade.md).
 
> [!IMPORTANT]
> Version 2.6.79.0 is no longer available for download. An issue was identified after release and the installer was recalled. Customers who had installed this version should un-install and install [latest available version (2.6.3.0)](#2630) of Microsoft Entra Connect Sync.
 

MODIFIED docs/architecture/recoverability-overview.md

Modified by Lynne O'Connor on Jun 26, 2026 7:43 PM
📖 View on learn.microsoft.com

+15 / -8 lines changed

Commit: new and updated articles per Ben Athawes (ADO 28575) (#13644)

Changes:

Before

After

 
The impact of deletions depends on the object type.
 
Users, Microsoft 365 Groups, cloud security groups, and applications can be soft deleted. Soft-deleted items are sent to the Microsoft Entra ID recycle bin. While in the recycle bin, items aren't available for use. However, they retain all their properties and can be restored via a Microsoft Graph API call or in the Azure portal. Items in the soft-delete state that aren't restored within 30 days are permanently, or hard, deleted.
 
![Diagram that shows that users, Microsoft 365 Groups, cloud security groups, and applications are soft deleted and then hard deleted after 30 days.](media/recoverability/overview-deletes.png)
 
For more information on misconfigurations and how to recover from them, see [Recover from misconfigurations](recover-from-misconfigurations.md).
 
## Shared responsibility
 
Recoverability is a shared responsibility between Microsoft as your cloud service provider and your organization.
 
## Document known good states
 
Document the state of your tenant and its objects regularly. Then if a hard delete or misconfiguration occurs, you have a roadmap to recovery. The following tools can help you document your current state:
 
- [Microsoft Graph APIs](/graph/overview) can be used to export the current state of many Microsoft Entra configurations.
- [Microsoft Entra Exporter](https://github.com/microsoft/entraexporter) is a tool you can use to export your configuration settings.

 
The impact of deletions depends on the object type.
 
You can soft delete object types that include Users, Microsoft 365 Groups, cloud security groups, and applications. Soft-deleted items go to the Microsoft Entra ID recycle bin. While in the recycle bin, items aren't available for use, but they retain all their properties. You can restore them with a Microsoft Graph API call or from the Microsoft Entra admin center. If you don't restore items in the soft-delete state within 30 days, Microsoft Entra ID permanently hard-deletes them. [Recover from deletions in Microsoft Entra ID](recover-from-deletions.md#properties-maintained-with-soft-delete) provides a table of objects that support soft deletion.
 
![Diagram that shows that users, Microsoft 365 Groups, cloud security groups, and applications are soft deleted and then hard deleted after 30 days.](media/recoverability/overview-deletes.png)
 
For more information on misconfigurations and how to recover from them, see [Recover from misconfigurations](recover-from-misconfigurations.md).
 
Unlike deletions, misconfigurations modify objects in place rather than moving them to the recycle bin. For supported affected object types, use [Microsoft Entra Backup and Recovery](../backup/overview.md) difference reports to identify changed attributes and link edits. You can then run a recovery job to roll an object back to a previous state. For configurations that Microsoft Entra Backup and Recovery doesn't support, reapply settings from your documented known-good state.
 
## Shared responsibility
 
Recoverability is a shared responsibility between Microsoft as your cloud service provider and your organization.
 
## Document known good states
 
Regularly document and maintain the state of your tenant and its objects in an external versioned repository. If a hard delete or misconfiguration occurs, your documentation serves as your roadmap to recovery.

MODIFIED docs/identity-platform/tutorial-web-app-node-sign-in-sign-out.md

Modified by learn-build-service-prod[bot] on Jun 26, 2026 9:40 PM
📖 View on learn.microsoft.com

+4 / -4 lines changed

Commit: Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/entra-docs (branch main) (#13679)

Changes:

Before

After

    
                /**
                 * By default, MSAL Node will add OIDC scopes to the auth code url request. For more information, visit:
                 * https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes
                 */
                scopes: [],
            };
    
                /**
                 * By default, MSAL Node will add OIDC scopes to the auth code request. For more information, visit:
                 * https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes
                 */
                scopes: [],
            };
            /**
             * Construct a logout URI and redirect the user to end the
             * session with Microsoft Entra ID. For more information, visit:
             * https://docs.microsoft.com/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request
             */
            //For external tenant

    
                /**
                 * By default, MSAL Node will add OIDC scopes to the auth code url request. For more information, visit:
                 * https://learn.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes
                 */
                scopes: [],
            };
    
                /**
                 * By default, MSAL Node will add OIDC scopes to the auth code request. For more information, visit:
                 * https://learn.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes
                 */
                scopes: [],
            };
            /**
             * Construct a logout URI and redirect the user to end the
             * session with Microsoft Entra ID. For more information, visit:
             * https://learn.microsoft.com/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request
             */
            //For external tenant

MODIFIED docs/identity/users/licensing-service-plan-reference.md

Modified by Ken Withee on Jun 26, 2026 7:15 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Update licensing service plan reviewer

Changes:

Before

After

keywords: Azure Active Directory licensing service plans
ms.topic: reference
ms.date: 03/16/2026
ms.reviewer: Nicholak-MS
ms.custom: it-pro
ms.collection: M365-identity-device-management
#Nick Kramer is minding this reference until it can be automated
---
 
# Product names and service plan identifiers for licensing

keywords: Azure Active Directory licensing service plans
ms.topic: reference
ms.date: 03/16/2026
ms.reviewer: shegu
ms.custom: it-pro
ms.collection: M365-identity-device-management
#Shelley Gu is minding this reference until it can be automated
---
 
# Product names and service plan identifiers for licensing

MODIFIED docs/identity/authentication/concept-authentication-qr-code.md

Modified by Ken Withee on Jun 26, 2026 5:43 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Clarify QR code authentication strength guidance

Changes:

Before

After

title: QR code authentication method in Microsoft Entra ID 
description: Learn about using QR code authentication method in Microsoft Entra ID to help improve and secure sign-in events for frontline workers.
ms.topic: concept-article
ms.date: 07/24/2025
contributors: minatoruan
ms.reviewer: anjusingh
 
 
## Enforce QR code sign-in with a custom authentication strength
 
To require QR code sign-in for a specific resource, create a custom Conditional Access authentication strength that includes **QR code** under **Single factor authentication**. Then use the custom authentication strength in a Conditional Access policy for the resources and users that need QR code sign-in. For steps, see [Create and manage custom Conditional Access authentication strengths](concept-authentication-strength-advanced-options.md#create-a-custom-authentication-strength).
 
## QR code configurations in the Authentication method policy
 

title: QR code authentication method in Microsoft Entra ID 
description: Learn about using QR code authentication method in Microsoft Entra ID to help improve and secure sign-in events for frontline workers.
ms.topic: concept-article
ms.date: 06/26/2026
contributors: minatoruan
ms.reviewer: anjusingh
 
 
## Enforce QR code sign-in with a custom authentication strength
 
To require QR code sign-in for a specific group of users, such as frontline workers, a specific resource, or both, create a custom Conditional Access authentication strength that includes **QR code** under **Single factor authentication**. Then use the custom authentication strength in a Conditional Access policy for the resources and users that need QR code sign-in. For steps, see [Create and manage custom Conditional Access authentication strengths](concept-authentication-strength-advanced-options.md#create-a-custom-authentication-strength).
 
## QR code configurations in the Authentication method policy
 

MODIFIED docs/identity/authentication/concept-authentication-strength-advanced-options.md

Modified by Ken Withee on Jun 26, 2026 5:43 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Clarify QR code authentication strength guidance

Changes:

Before

After

title: Create and Manage Custom Conditional Access Authentication Strengths
description: Learn how admins can create custom authentication strengths with advanced options for passkey (FIDO2) security keys and certificate-based authentication.
ms.topic: how-to
ms.date: 09/15/2025
ms.reviewer: inbarc
ms.custom: sfi-image-nochange
---
 
1. For **Description**, you can provide an optional description.
 
1. Select the available methods that you want to allow. For example, to create a custom authentication strength for QR code sign-in, expand **Single factor authentication**, and then select **QR code**.
 
1. Select **Next** and review the policy configuration.
 

title: Create and Manage Custom Conditional Access Authentication Strengths
description: Learn how admins can create custom authentication strengths with advanced options for passkey (FIDO2) security keys and certificate-based authentication.
ms.topic: how-to
ms.date: 06/26/2026
ms.reviewer: inbarc
ms.custom: sfi-image-nochange
---
 
1. For **Description**, you can provide an optional description.
 
1. Select the available methods that you want to allow. For example, to create a custom authentication strength that requires QR code sign-in for a group of users such as frontline workers, expand **Single factor authentication**, and then select **QR code**.
 
1. Select **Next** and review the policy configuration.
 

MODIFIED docs/id-governance/entitlement-management-azure-role-assignments.md

Modified by Ken Withee on Jun 26, 2026 6:13 PM
📖 View on learn.microsoft.com

+0 / -3 lines changed

Commit: [BULK UPDATE - METADATA ONLY] Remove duplicate ownership metadata (#13675)

Changes:

Before

After

---
title: Assign Azure Role-based access control (RBAC) Roles - Entitlement management (Preview)
description: Assign Azure RBAC roles to access packages and catalogs in Microsoft Entra Entitlement Management. Learn how to manage access with least privilege principles.
author: owinfreyATL
ms.author: owinfrey
ms.service: entra-id-governance
ms.subservice: entitlement-management
ms.topic: how-to #Required; leave this attribute/value as-is
## Related content
 
- [Assign Microsoft Entra roles (Preview)](entitlement-management-roles.md)
 

---
title: Assign Azure Role-based access control (RBAC) Roles - Entitlement management (Preview)
description: Assign Azure RBAC roles to access packages and catalogs in Microsoft Entra Entitlement Management. Learn how to manage access with least privilege principles.
ms.service: entra-id-governance
ms.subservice: entitlement-management
ms.topic: how-to #Required; leave this attribute/value as-is
## Related content
 
- [Assign Microsoft Entra roles (Preview)](entitlement-management-roles.md)
 
 
 

MODIFIED docs/identity/hybrid/cloud-sync/how-to-ad-group-enforcement.md

Modified by Justinha on Jun 26, 2026 8:56 PM
📖 View on learn.microsoft.com

+0 / -2 lines changed

Commit: Fix style and accuracy issues in cloud sync group provisioning docs

Changes:

Before

After

.\Set-CloudSyncSOAPolicy.ps1 -EnforcementMode Audit -Credential (Get-Credential -Message "Enter Domain Admin credentials (format: DOMAIN\Username)")
```
 
<!-- TODO PM: Confirm whether re-running the script is the supported way to switch modes, or whether a different parameter or procedure applies. -->
 
## Add a break-glass account
 
You can add the SID of an additional authorized user to the policy so that the user can make changes to enforced groups on-premises.

.\Set-CloudSyncSOAPolicy.ps1 -EnforcementMode Audit -Credential (Get-Credential -Message "Enter Domain Admin credentials (format: DOMAIN\Username)")
```
 
## Add a break-glass account
 
You can add the SID of an additional authorized user to the policy so that the user can make changes to enforced groups on-premises.

MODIFIED docs/identity/hybrid/cloud-sync/tutorial-group-provisioning.md

Modified by Justinha on Jun 26, 2026 8:56 PM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: Fix style and accuracy issues in cloud sync group provisioning docs

Changes:

Before

After

 
[!INCLUDE [pre-requisites](../includes/gpad-prereqs.md)]
 
## Group and User SOA Scenarios
 
Use case | Parent group type | User member group type | Sync Direction | How sync works 
----------|--------------------|-------------------------|----------------|----------------

 
[!INCLUDE [pre-requisites](../includes/gpad-prereqs.md)]
 
## Group and user SOA scenarios
 
Use case | Parent group type | User member group type | Sync Direction | How sync works 
----------|--------------------|-------------------------|----------------|----------------

MODIFIED docs/id-governance/licensing-fundamentals.md

Modified by Ken Withee on Jun 26, 2026 6:13 PM
📖 View on learn.microsoft.com

+0 / -2 lines changed

Commit: [BULK UPDATE - METADATA ONLY] Remove duplicate ownership metadata (#13675)

Changes:

Before

After

---
title: 'Microsoft Entra ID Governance licensing fundamentals'
description: This article describes shows the licensing requirements for Microsoft Entra ID Governance features.
author: owinfreyATL
manager: dougeby
ms.service: entra-id-governance
ms.topic: concept-article
ms.date: 03/27/2026

---
title: 'Microsoft Entra ID Governance licensing fundamentals'
description: This article describes shows the licensing requirements for Microsoft Entra ID Governance features.
ms.service: entra-id-governance
ms.topic: concept-article
ms.date: 03/27/2026
 
 

MODIFIED docs/id-governance/lifecycle-workflow-execution-limits.md

Modified by Ken Withee on Jun 26, 2026 6:13 PM
📖 View on learn.microsoft.com

+0 / -2 lines changed

Commit: [BULK UPDATE - METADATA ONLY] Remove duplicate ownership metadata (#13675)

Changes:

Before

After

---
title: Configure execution limits for Lifecycle Workflows
description: Learn how to set tenant-wide and workflow-specific execution limits and manage quarantined workflows in Lifecycle Workflows to prevent large-scale impact.
author: owinfreyATL
ms.author: owinfrey
ms.service: entra-id-governance
ms.subservice: lifecycle-workflows
ms.topic: how-to

---
title: Configure execution limits for Lifecycle Workflows
description: Learn how to set tenant-wide and workflow-specific execution limits and manage quarantined workflows in Lifecycle Workflows to prevent large-scale impact.
ms.service: entra-id-governance
ms.subservice: lifecycle-workflows
ms.topic: how-to
 
 

MODIFIED docs/identity/role-based-access-control/includes/ai-administrator.md

Modified by Faith Moraa Ombongi on Jun 26, 2026 6:17 AM
📖 View on learn.microsoft.com

+2 / -0 lines changed

Commit: Update AI Administrator role responsibilities

Changes:

Before

After

 
- Manage all aspects of Microsoft 365 Copilot
- Manage AI-related enterprise services, extensibility, and copilot agents from the Integrated apps page in the Microsoft 365 admin center
- Approve and publish line-of-business copilot agents
- Allow users to install an app or install an app for users in the organization if the app does not require permission
- Read and configure Azure and Microsoft 365 service health dashboards
- View usage reports, adoption insights, and organizational insight
- Create and manage support tickets in Azure and the Microsoft 365 admin center
 
<!-- autogenerated content starts here -->
 
 
 

 
- Manage all aspects of Microsoft 365 Copilot
- Manage AI-related enterprise services, extensibility, and copilot agents from the Integrated apps page in the Microsoft 365 admin center
- Manage admin consent request policies in Microsoft Entra ID
- Approve and publish line-of-business copilot agents
- Allow users to install an app or install an app for users in the organization if the app does not require permission
- Read and configure Azure and Microsoft 365 service health dashboards
- View usage reports, adoption insights, and organizational insight
- Create and manage support tickets in Azure and the Microsoft 365 admin center
- Manage the full lifecycle of agent identities, agent identity blueprints, agent identity blueprint principals, and agent users including restoration of deleted items
 
<!-- autogenerated content starts here -->
 

MODIFIED docs/identity/role-based-access-control/includes/ai-reader.md

Modified by Faith Moraa Ombongi on Jun 26, 2026 6:15 AM
📖 View on learn.microsoft.com

+1 / -1 lines changed

Commit: Revise AI Reader role permissions

Changes:

Before

After

 
- Read all aspects of Microsoft 365 Copilot
- Read AI-related enterprise services, extensibility, and copilot agents
- Read all properties of agent identities, agent identity blueprint principals, and agent identity blueprints
- Read and configure Azure and Microsoft 365 service health dashboards
 
<!-- autogenerated content starts here -->

 
- Read all aspects of Microsoft 365 Copilot
- Read AI-related enterprise services, extensibility, and copilot agents
- Read information for directory objects including applications, users, groups, agent identities, agent identity blueprints, agent identity blueprint principals, and agent users
- Read and configure Azure and Microsoft 365 service health dashboards
 
<!-- autogenerated content starts here -->

MODIFIED docs/external-id/customers/concept-choose-authentication-approach.md

Modified by Ken Withee on Jun 26, 2026 6:13 PM
📖 View on learn.microsoft.com

+0 / -1 lines changed

Commit: [BULK UPDATE - METADATA ONLY] Remove duplicate ownership metadata (#13675)

Changes:

Before

After

description: Compare browser-delegated and native authentication in Microsoft Entra External ID and choose the right approach for your customer-facing app.
ai-usage: ai-assisted
 
manager: dougeby
ms.topic: concept-article
ms.date: 04/16/2026
 

description: Compare browser-delegated and native authentication in Microsoft Entra External ID and choose the right approach for your customer-facing app.
ai-usage: ai-assisted
 
ms.topic: concept-article
ms.date: 04/16/2026

📋 Microsoft Entra Documentation Changes

📊 Summary

🆕 New Documentation Files

📝 Modified Documentation Files