After a refreshing summer break, I returned to a whirlwind of innovation and excitement! July didn’t just mark the start of FY26, it launched us into it with serious momentum. Microsoft has clearly been busy, rolling out 20 new features to General Availability (GA) for Microsoft Entra in just one month. From long-awaited capabilities to surprise releases, the pace of updates has been nothing short of thrilling. These GA features aren’t just incremental, they’re game-changers, ready to be used in production and already making waves across organizations.
In this post, I’ll walk you through the highlights that dropped while I was out soaking up the sun, because while many of us were recharging, the tech world certainly didn’t take a vacation. Let’s dive into what’s new, what’s exciting, and what you should be paying attention to as we head into a high-energy start to the new fiscal year.
General Availablility Release Overview – July ’25
- Application Based Authentication on Microsoft Entra Connect Sync • Microsoft Learn
- Audit administrator events in Microsoft Entra Connect Sync • Microsoft Learn
- Conditional Access What If API • Microsoft Learn
- A fresh look for the Microsoft authentication background • Ankur Patel
- Announcing GA of Bicep templates support for Microsoft Entra ID resources • Dan Kershaw
- Restricted Management Administrative Units • Microsoft Learn
- New Lifecycle Workflows task to revoke refresh tokens • Microsoft Learn
- Conditional Access Agent Supports Disabling Agent Creation of Report-Only Policies • Microsoft Learn
- Strengthen identity threat detection and response with linkable token identifiers • Eric Sachs
- Smarter identity security starts with AI • Alex Simons
- Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra • Dorothy Li
- Microsoft expands Zero Trust workshop to cover network, SecOps, and more • Rob Lefferts
- Restricted management administrative units in Microsoft Entra ID • Microsoft Learn
- Two-Way Forest Trusts for Microsoft Entra Domain Services • Microsoft Learn
- API-driven provisioning in US Gov cloud • Microsoft Learn
- Manage Lifecycle Workflows with Microsoft Security Copilot in Microsoft Entra • Microsoft Learn
- Provision custom security attributes from HR sources • Microsoft Learn
- Conditional Access audience reporting • Microsoft Learn
- Certificate Authority (CA) Trust Store • Microsoft Learn
- Certificate Revocation List (CRL) Fail Safe • Microsoft Learn
To help you get up to speed, I’ve compiled a list of some of the 20 new GA features released in July witch I find really exiting. Each with a quick note on what it is, why it matters, and how it can make a difference in your day-to-day work. Whether you’re looking for smarter automation, or enhanced governance, there’s something here for everyone. Let’s break it down!
⭐ Improving IT Efficiency with Microsoft Security Copilot in Intune & Entra
- Summary: Integration of Microsoft Security Copilot into Intune and Entra surfaces actionable AI‑driven recommendations and workflow automation across device and identity security. Though specifics weren’t found in Learn articles, it’s described in official blogs by Dorothy Li. Spoiler alert, I’m quoted in this official blog post 🙋♂️😎
⭐ Manage Lifecycle Workflows with Security Copilot in Entra
- Summary: Security Copilot support now extends to Lifecycle Workflows, allowing admins to manage tasks like access reviews, provisioning, and token revocation through AI-guided workflows in Entra.
⭐ CA Optimization Agent Supports Disabling Agent Creation of Report‑Only Policies
- Summary: The Conditional Access Optimization Agent (a Security Copilot agent) now includes a setting to prevent it from automatically creating report‑only policies without admin approval.
- Details: By default it generates suggestions in report‑only mode; you can require manual approval to proceed, maintaining tighter change control.
⭐ Conditional Access Audience Reporting
- Summary: New reporting features that show how many users, devices, or service principals are in the audience (assigned) of each Conditional Access policy, helping audit scope and effectiveness.
⭐ New Lifecycle Workflows Task to Revoke Refresh Tokens
- Summary: A built‑in task in Entra ID Lifecycle Workflows that invalidates all refresh and browser session tokens for a user (excluding external tenant users) .
- Use cases: Ideal for quickly revoking access after account compromise or termination. You can rename or customize the task in the Entra admin center.
⭐ Conditional Access “What If” API
- Summary: A simulation tool available via the Microsoft Graph or Entra admin center that allows you to test how conditional access policies would apply under specific user, device, location, or app scenarios.
- Highlights: Helps admins troubleshoot and model policies without requiring real sign‑in attempts, improving design and policy validation
⭐ A Fresh Look for the Microsoft Authentication Background
- Summary: September 29, 2025, we will get a update for Microsoft Entra work. This update is visual-only and does not affect sign-in functionality or require any action from users or administrators. It will be applied automatically across Microsoft Entra tenants.
This change will also be visible on certain Microsoft apps or portal sign-in screens, such as entra.microsoft.com or portal.azure.com.
⭐ GA of Bicep Templates Support for Microsoft Entra ID Resources
- Summary: Released July 29, 2025, Bicep IaC support now includes declarative templates for core Microsoft Entra ID resources using Microsoft Graph via Bicep language.
- Value: Enables unified infrastructure as code across Azure resources and Entra ID, ensuring repeatable, modular deployments
⭐ Restricted Management Administrative Units
- Summary: These allow you to define “protected” objects like users, groups, or devices, which can only be modified by those explicitly assigned to a dedicated administrative unit, even if a global admin.
- Important detail: Admins outside the unit are blocked from editing these objects. Note: objects in these units can’t be managed through PIM or entitlement management.
Closing Thoughts
July has truly delivered a wave of powerful updates in Microsoft Entra ID, and I couldn’t be more excited. From improved automation and lifecycle management to stronger security controls and AI-driven insights, these features mark a significant leap forward in identity and access management.
It’s clear that Microsoft is doubling down on innovation, usability, and Zero Trust alignment, and the fact that so many of these enhancements are already generally available means we can start benefiting from them right away.
I’m genuinely impressed with the direction Microsoft Entra is heading, and if July is any indication of what’s to come, the rest of 2025 is going to be packed with even more capabilities. Stay tuned, there’s much more to explore!
