Microsoft Entra Change Announcements – March 2023 Train

This article is contributed. See the original author and article here.

Hello everyone, 


Today, we’re sharing our March train for feature and breaking changes. We also communicate these changes on release notes and via email. We are continuing to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center as well. In addition, we will be including new feature launch announcements as part of this blog post going forward so you can see both changes to existing features and new features in a single list.  


March 2023 change announcements:


Security Improvements 

Number Matching Message Center post refresh 

Microsoft Authenticator app’s number matching feature has been Generally Available since November 2022. If you haven’t already leveraged the rollout controls (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy number matching for users of Microsoft Authenticator push notifications, we highly encourage you to do so. We had previously announced that we will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting February 27, 2023. After listening to customers, we will extend the availability of the rollout controls for a few more weeks. Organizations can continue to use the existing rollout controls until May 8, 2023, to deploy number matching in their organizations. Microsoft services will start enforcing the number matching experience for all users of Microsoft Authenticator push notifications after May 8th, 2023. We’ll also remove the rollout controls for number matching after that date.  


If customers don’t enable number match for all Microsoft Authenticator push notifications prior to May 8, 2023, users may experience inconsistent sign ins while the services are rolling out this change. To ensure consistent behavior for all users, we highly recommend you enable number match for Microsoft Authenticator push notifications in advance. Learn more at Number match documentation | Defend your users from MFA fatigue attacks – Microsoft Community Hub | Advanced Microsoft Authenticator security features are now generally available! – Microsoft Community Hub 


Azure Multifactor Authentication Server  
Beginning September 30, 2024, Azure Multifactor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure MFA service using the latest Migration Utility included in the most recent Azure MFA Server update. Learn more at Azure MFA Server Migration. 


Enabling System-preferred authentication methods 

Today, various authentication methods can be chosen by users as their default. However, not all authentication methods provide the same level of security. This situation creates potential risk for organizations when less secure authentication methods are chosen, especially in place of phishing-resistant methods. 


To address this, we’re introducing system-preferred authentication for MFA. When enabled, at runtime the most secure authentication method of the user’s registered methods will be requested as the second factor of authentication. This replaces the previous feature, where the user selects a ‘default’ method and is therefore always prompted for that method first, even when more secure methods are registered and available. This functionality is available today using MSGraph API. Once enabled, users will be prompted to sign in using the most preferred authentication method available. Learn more at System-preferred multifactor authentication (MFA) – Azure Active Directory – Microsoft Entra | Microsoft Learn. 


Deprecation of ‘Require approved client app’ Conditional Access Grant 

On March 31, 2026, the Require approved client app control in Azure Active Directory (Azure AD) Conditional Access will be retired and no longer enforced. Before that date, you’ll need to transition and start using the Require app protection policy control. We encourage you to make the switch sooner to gain the richer benefits of the Require app protection policy control, which has all the same capabilities, plus: 


  • It verifies the corresponding Intune policy. 

  • It’s applied before a user is granted access. 

  • It has a strengthened security posture. 


To avoid any disruptions in service, transition to using the ‘Require app protection policy’ control in Azure AD Conditional Access by March 31, 2026. If you have questions, get answers from community experts in Microsoft Q&A. 


Retirement of managing authentication methods in legacy Multifactor Authentication (MFA) & Self-Service Password Reset (SSPR) policy 

Beginning September 30, 2024, we will no longer allow authentication methods to be managed in the legacy MFA and SSPR policies. Organizations should migrate their methods to the converged authentication methods policy where methods can be managed centrally for all authentication scenarios including passwordless, multi-factor authentication and self-service password reset. Learn more at Manage authentication methods for Azure AD. 


IPv6 coming to Azure AD 

Earlier we announced our plan to bring IPv6 support to Microsoft Azure AD enabling our customers to reach the Azure AD services over IPv4, IPv6, or dual stack endpoints. This is just a reminder that we’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023. 


If your networks don’t support IPv6, you don’t need to take any action to change your configurations or policies. For most customers, IPv4 won’t completely disappear from their digital landscape, so we aren’t planning to require IPv6 or to deprioritize IPv4 in any Azure AD features or services. We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link 


User Experience Improvements 

Modernizing Terms of Use Experiences 

Starting July 2023, we’re modernizing the following Terms of Use end user experiences with an updated PDF viewer and moving the experiences from to 


  • View previously accepted terms of use 

  • Accept or decline terms of use as part of the sign-in flow 


No functionalities will be removed. The new PDF viewer adds functionality and the limited visual changes in the end-user experiences will be communicated in a future update. If your organization has allow-listed only certain domains, you must ensure your allow-list includes the domains ‘’ and ‘*’ for Terms of Use to continue working as expected. For additional information visit 


Improved My Groups Experience 

A new and improved My Groups experience is now available at and in May 2023, the old experience will be deprecated. The previous URL ( will redirect users to the new experience at 


My Groups enables end users to easily manage groups, such as finding groups to join, managing groups they own, and managing existing group memberships. Based on customer feedback, we’ve also added:  


  • Sorting and filtering on lists of groups and group members 

  • A full list of group members in large groups, and 

  • An actionable overview page for membership requests 


Today, end users can get the richer benefits of the new My Groups by proactively switching to Navigation between the old and new experiences is available via notification banners on each site. 


Note: the ‘Self Service Group Management’ admin controls will no longer be available for the new My Groups and will be deprecated in May 2023. Admins can no longer restrict owners or users from accessing or using My Groups. Admins can still manage end users’ ability to create M365 and Security groups using the settings described here. 


This change will automatically occur for all customers and there are no actions that need to be taken.  Learn more at Update your Groups info in the My Apps portal – Microsoft Support. 


My Apps Portal Improvements  

If your organization uses to discover and launch apps, and has set up an allow-list for only specific certificates and/or domains, you’ll need to update your allow-list in order for app launching to continue working as expected. We’ve introduced a new endpoint to launch apps for better performance and resilience. App launch requests will go to a new domain: 


If you use or deep links and have allow-listed only certain certificates, you will need to update your allow-list to include certificates from If you have allow-listed only specific domains or IPs, you will need to update the allow-list to include Please ensure to update your allow-list latest by June 30, 2023 for My Apps portal to continue working as expected. 


To easily check if you need to update your certificate allow-list, go to If it loads as expected, no update is needed. If you encounter an issue, you’ll need to make an update.  


Whichever method you used to allow-list the My Apps certificate in the past, you should use the same method to allow-list the new one coming from My Apps. Retrieving the My Apps certificate that you need to allow-list will vary depending on the browser you’re using. On Edge, select the lock icon in the URL bar, to the left of the URL. Then select the option that says “Connection is secure” from the dropdown. In the “Connection is secure” details, select the certificate icon which will open the Certificate viewer containing the details of the certificate. For additional information visit: Office 365 URLs and IP address ranges – Microsoft 365 Enterprise | Microsoft Learn 


My Apps Secure Sign In Extension 

Beginning May 2023, the My Apps Secure Sign In Extension will receive an update to align with Chromium’s new Manifest Version 3 format. Some features that use this extension will experience updates, but no action is needed at this time. These updates are: 


  • The optional experience One-click app configuration of SAML single sign-on, which was available for select SAML apps from the Azure Marketplace or Azure AD application gallery, will be retired in May 2023. All applications that were previously configured using this feature will continue to work as expected, and no action is needed at this time. 

  • My Apps app search behavior will now search across all apps in MyApps and has new launching behavior. When you enter a search term, the My Apps portal will now open in a new tab with your query applied to your list of apps. You can then launch apps from the search results. There will no longer be a “Recently Used” section in the extension user experience.  

  • App Proxy link translation feature will now use dynamic and session-scoped rules. This introduces a new limit of 2250 unique link translations per tenant. 


Please ensure you are using the most recent version of the Edge Add-on or Chrome extension. Please note, support for the Firefox version of this extension ended in September 2021.  


Azure AD Admin Center will redirect to Microsoft Entra Admin Center 

Beginning April 1, 2023, Azure AD Admin Center ( will redirect to Microsoft Entra Admin Center ( You will still be able to complete all your Azure AD management tasks from within the new admin center. To ensure uninterrupted access to the management experience, organizations should update their firewall rules. 


Will I still be able to access my Azure AD admin portal after April 1st, 2023? 



Learn more at New Admin Center Unifies Azure AD with Other Identity and Access Products – Microsoft Community Hub | Microsoft Entra documentation | Microsoft Learn 


Developer Experience Improvements 

Azure AD Graph API 

We want to reiterate our commitment to ensuring a smooth transition for our customers from Azure AD Graph to Microsoft Graph. As previously announced, Azure AD Graph will remain available until June 30, 2023. While we reserve the right to retire it at any time after June 2023, we will continue to monitor usage and provide ample time for customers to migrate off the APIs before retiring it. In the meantime, we will continue to offer support for Azure AD Graph with security-related fixes, and we discourage taking production dependencies on Azure AD Graph. All new features and functionalities will only be made in Microsoft Graph. We encourage all customers to prioritize migration to Microsoft Graph. Learn more at Migrate Azure AD Graph apps to Microsoft Graph – Microsoft Graph | Microsoft Docs. 


PowerShell Deprecation 

As we approach the end of the support period for the three PowerShell Modules – Azure AD, Azure AD Preview, and MSOnline – we want to remind you that the planned deprecation date is June 30th, 2023. Depending on the status of Azure AD API, some cmdlets might stop working after June 30th, 2023. We will continue to check usage and provide time for customers to migrate off the three PowerShell modules before retiring them. We will not retire an API/cmdlet unless we have feature parity for that API in Microsoft Graph. 


Until we retire, we will continue to support security-related updates. We encourage you to continue migrating to the Microsoft Graph PowerShell SDK, which still is the focus of all our current and future PowerShell investments.  

Learn more at  Migrate from Azure AD PowerShell to the Microsoft Graph PowerShell SDK documentation. 


Licensing Assignment API/PowerShell Retirement   

We want to remind you that the planned retirement date for the Azure AD Graph and MSOnline PowerShell licensing assignment APIs and PowerShell cmdlets for existing tenants is March 31, 2023. APIs and cmdlets will not work for new tenants created after November 1, 2022. 


We recommend prioritizing migration to MS Graph following the guidance in Migrate your apps to access the license managements APIs from Microsoft Graph – Microsoft Community Hub and in Find Azure AD and MSOnline cmdlets in Microsoft Graph PowerShell | Microsoft Docs. 


Communication Schedule 

Below is a quick snapshot of our communication schedule. 




Communication schedule 

Retirement announcement 

Signals the retirement of a feature, capability, or product in a specified period.  


Typically, at this point, new customers are not permitted to adopt the service/feature, and engineering investments are reduced for the specified feature.  


Later, the feature will no longer be available to any customer as it reaches the “end-of-life” state.  

Twice per year  

(March and September) 

Breaking change announcement, feature change announcement 

Breaking change: Expected to break the customer/partner experience if the customer doesn’t act or make a change in their workload for continued operation.  

Feature change: Change to an existing Identity feature​ that doesn’t require customer action but is noticeable to the customer. These are typically UI/UX changes. 

These changes generally happen more often and require a more frequent communication schedule. 

Four times per year (March, June, September, and November) 


Follow ongoing monthly updates on our release notes page: What’s new? Release notes – Azure Active Directory – Microsoft Entra | Microsoft Docs. 


As always, we’d love to hear your feedback or suggestions. Let us know what you think in the comments below or on the Azure AD feedback forum. You may also send your questions, open issues, and feature requests through Microsoft Q&A by using the tag #AzureADChangeManagementMar2023Train. 



Learn more about Microsoft Entra: 

Supercharge sales conversion in 3 easy steps to drive revenue and customer wins! 

Supercharge sales conversion in 3 easy steps to drive revenue and customer wins! 

This article is contributed. See the original author and article here.

Converting leads and opportunities directly contributes to the company’s revenue. To increase conversion rate companies often need a number of factors to align. First, it’s about matching the right seller to take the deal forward.  As a business owner or sales manager, finding the best seller to work on the new lead can really make or break a customer relationship. We need to look carefully not just at the seller with the highest close rate, but also balance that with their availability and expertise to attend to the customer’s needs and requirements.  

Applying the right business tactic to close a deal at the right moment is the second key to success. We must recognize where the buyer is in their sales journey and employ the right action to engage. If we can use technology to help provide some guidance on the next actions, it could help all sellers do their best to secure the deal.  

With the new Dynamics 365 Sales segments and rules, we can help you achieve those goals! 

3 easy steps to supercharge sales conversion:

Organizations that run outreach programs to generate interest want to see a positive return on that investment and get it into sellers’ hands fast. To auto-assign sellers to the right leads and guide them with the right tactics, follow this simple 3-step automation process:  

  1. Segment leads based on business strategy. A segment is a collection of records that are grouped together based on certain conditions. For example, location, deal value, language, or product.  
  1. Auto-assign sellers using assignment rules. Assignment rules enable new leads and opportunities to be automatically assigned to sellers or sales teams. 
  1. Auto-connect the relevant sequence to guide the seller.Sequences help provide best practice engagement steps, by introducing a set of suggested actions for sellers to follow while managing their deals. Sequences can adapt to the way the engagement flows, to ensure they remain relevant and insightful. 

Automation flow for leads

Increase assignment productivity by removing repetitive tasks 

We see that distribution of leads is often in one of two ways:

  • Via a sales manager or representative who assigns the leads. This could be manual or using some basic pre-set criteria.
  • First come first serve basis, where sellers pick up leads for action, from a general ‘pool’.

These options open the door for a potential misbalance of assignment and lack of optimization to customer needs, which without tracking could lead to sellers missing leads. 

Let’s explore how using segments can reduce missed opportunities to follow up, remove the repetitiveness, and help boost productivity. 

Create Segments

To start with, create segments to classify incoming records based on your business needs. For example, you want to segment all leads coming through your website originating from the USA. In this case, you could create a segment for ‘Leads from US website’. 

graphical user interface
Create segments – define segment conditions.

Auto-assign sellers to the right lead/opportunity 

To increase conversion chances, you want the right seller to work on the right lead/opportunity. This assignment is based on their skill, capacity, availability, location, etc. For example, you may want to assign an opportunity to a specialized seller who works in the same location as the lead. To do that, you can define a rule to find a seller based on their location and specialization.

graphical user interface
Define conditions to auto-assign seller

Connect a sequence to guide the seller with the next best action 

A sequence will guide the seller with best practices to qualify a lead or take the opportunity forward. Auto-connect a sequence to any record that belongs to a segment via rules and you’re good to go!

graphical user interface, website

Quick adjustments to suit a market shift

Changes in the market or the business drivers can often prompt a shift in business tactics. A company may adjust their strategy by giving more importance to certain groups of customers and making sure the right salesperson deals with the most important leads. This is achieved by simply changing the priority order of segments or creating new segments with appropriate priority.

Segment priority

Leverage the benefits of a faster response and guided activities 

  • Auto-assign sellers to act quickly and help increase the chances of success. It is important for a seller to contact a lead early. Theearlier they reach out, the greater their chance of making a connection with that lead and converting them into a customer.* The more time that passes after a lead expresses interest, the likelier they are to lose interest. Segments and assignment rules help assign the sellers as soon as leads are created, enabling them to respond faster. 
  • Enable seller productivity with sequences and segments. Sellers may work on multiple leads and/or opportunities. Switching from one opportunity to another can impact seller productivity. With sequences that are auto-connected to segments, sellers get a clear next best action for each lead or opportunity. This clarity helps them stay focused and be successful. 
  • Enable agility and adaptability to change tactics with changing data. As sellers nurture leads, new information that becomes available may require a change in tactic. For example, an engaged seller started with no knowledge of the lead’s budget. Later, they found out that the lead has $2M to spend. The seller is also met with specialist questions on a product not within their expertise. With this new information, it becomes a priority lead. As such, it must move into a higher priority segment and be assigned to an experienced seller who can maximize the chances of conversion. Allowing leads/opportunities to change segments following changes in data enables your sales team to act accordingly and win deals. 

Next Steps

Learn more about segments and start using them to implement your sales strategy: Manage segments in the sales accelerator | Microsoft Learn 

Understand the power of assignment rules and apply to your sales organization: Manage assignment rules for lead and opportunity routing | Microsoft Learn 

Learn about connecting sequences to records using segments: View details of sequence and its connected records | Microsoft Learn 

* Oldroyd, James B., McElheran, Kristina, Elkington, David. The Short Life of Online Sales Leads. Harvard Business Review, 2011.

The post Supercharge sales conversion in 3 easy steps to drive revenue and customer wins!  appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Capture Changed Data From your Cosmos DB analytical store (Preview)

Capture Changed Data From your Cosmos DB analytical store (Preview)

This article is contributed. See the original author and article here.

By @Mark Kromer  and @revinchalil 


Making it super-easy to create efficient and fast ETL processing the cloud, Azure Data Factory has invested heavily in change data capture features. Today, we are super-excited to announce that Azure Cosmos DB analytics store now supports Change Data Capture (CDC), for Azure Cosmos DB API for NoSQL, and Azure Cosmos DB API for Mongo DB in public preview!


This capability, available in public preview, allows you to efficiently consume a continuous and (inserted, updated, and deleted) data from the analytical store. CDC is seamlessly integrated with Azure Synapse Analytics and Azure Data Factory, a scalable no-code experience for high data volume. As CDC is based on the analytical store, it does not consume provisioned RUs, does not affect the performance of your transactional workloads, provides lower latency, and has lower TCO.




Change Data Capture (CDC) with Analytical store. Click here for supported sink types on Mapping Data Flow.


Consuming incremental data from Cosmos DB

You can consider using analytical store CDC, if you are currently using or planning to use below:  

  • Incremental data capture using Azure Data Factory Data Flow or Copy activity

  • One-time batch processing using Azure Data Factory 

  • Streaming Cosmos DB data

  • Capturing deletes, intermediate changes, applying filters or projections or transformations on Cosmos DB Data

Note that analytical store has up to 2 min latency to sync transactional store data

Throughput isolation, lower latency and lower TCO

Operations on Cosmos DB analytical store do not consume the provisioned RUs and so do not impact your transactional workloads. CDC with analytical store also has lower latency and lower TCO, compared to using ChangeFeed on transactional store. The lower latency is attributed to analytical store enabling better parallelism for data processing and reduces the overall TCO enabling you to drive cost efficiencies.


No-code, low-touch, non-intrusive end-to-end integration

The seamless and native integration of analytical store CDC with Azure Synapse and Azure Data Factory provides the no-code, low-touch experience. 


Incremental feed to the analytical platform of your choice

Change data capture capability enables an end-to-end analytical story providing the flexibility to write Cosmos DB data to any of the supported sink types. It also enables you to bring Cosmos DB data into a centralized data lake where you can federate your data from diverse data sources. You can flatten the data, partition it, and apply more transformations either in Azure Synapse Analytics or Azure Data Factory.

Setting up CDC in analytical store

You can consume incremental analytical store data from a Cosmos DB container using either Azure Synapse Analytics or Azure Data Factory, once the Cosmos DB account has been enabled for Synapse Link and analytical store has been enabled on a new container or an existing container.


On the Azure Synapse Data flow or on the Azure Data Factory Mapping Data flow, choose the Inline dataset type as “Azure Cosmos DB for NoSQL” and Store type as “Analytical”, as seen below.







In addition to providing incremental data feed from analytical store to diverse targets, CDC supports the following capabilities.


Support for applying filters, projections, and transformations on the change feed via source query

You can optionally use a source query to specify filter(s), projection(s), and transformation(s) which would all be pushed down to the analytical store. Below is a sample source-query that would only capture incremental records with Category = ‘Urban’, project only a subset of fields and apply a simple transformation.



Select ProductId, Product, Segment, concat(Manufacturer, ‘-‘, Category) as ManufacturerCategory

from c

where Category = ‘Urban’



Support for capturing deletes and intermediate updates

Analytical store CDC captures deleted records and intermediate updates. The captured deletes and updates can be applied on sinks that support delete and update operations. The {_rid} value uniquely identifies the records and so by specifying {_rid} as key column on the sink side, the updates and deletes would be reflected on the sink.


Filter change feed for a specific type of operation (Insert | Update | Delete | TTL)

You can filter the CDC feed for a specific type of operation. For example, you have the option to selectively capture the Insert and update operations only, thereby ignoring the user-delete and TTL-delete operations. 


Support for schema alterations, flattening, row modifier transformations and partitioning

In addition to specifying filters, projections, and transformations via source query, you can also perform advanced schema operations such as flattening, applying advanced row modifier operations and dynamically partitioning the data based on the given key. 


Efficient incremental data capture with internally managed checkpoints

Each change in Cosmos DB container appears exactly once in the CDC feed, and the checkpoints are managed internally for you. This helps to address the below disadvantages of the common pattern of using custom checkpoints based on the “_ts” value: 


  • The “_ts” filter is applied against the data files which does not always guarantee minimal data scan. The internally managed GLSN based checkpoints in the new CDC capability ensure that the incremental data identification is done, just based on the metadata and so guarantees minimal data scanning in each stream. 

  • The analytical store sync process does not guarantee “_ts” based ordering which means that there could be cases where an incremental record’s “_ts” is lesser than the last checkpointed “_ts” and could be missed out in the incremental stream. The new CDC does not consider “_ts” to identify the incremental records and thus guarantees that none of the incremental records are missed.

With CDC, there’s no limitation around the fixed data retention period for which changes are available. Multiple change feeds on the same container can be consumed simultaneously. Changes can be synchronized from “the Beginning” or “from a given timestamp” or “from now”.


Please note that the linked service interface for Azure Cosmos DB for MongoDB API is not available on Dataflow yet. However, you would be able to use your account’s document endpoint with the “Azure Cosmos DB for NoSQL” linked service interface as a workaround until the Mongo linked service is supported. 


Eg: ON a NoSQL linked service, choose “Enter Manually” to provide the Cosmos DB account info and use the account’s document endpoint (eg: instead of the Mongo endpoint (eg: mongodb://


Next steps

To learn more, please see our documentation on Change Data Capture in Azure Cosmos DB analytical store.


Customer Service voice support channel launches in India and Switzerland 

Customer Service voice support channel launches in India and Switzerland 

This article is contributed. See the original author and article here.

Since the November 2021 launch in select geographic regions of the native voice channel in Microsoft Dynamics 365 Customer Service, we have been expanding worldwide to satisfy growing customer demand. We are proud to announce that we now support local country regions as well. As of April 1, 2023, the voice support channel is live in India and Switzerland. 

Native voice support channel capabilities 

The integrated voice channel allows customer service representatives to communicate with customers on the phone to resolve issues. The India and Switzerland launches include all the features that the voice channel in Customer Service omnichannel environments supports today. 

graphical user interface, Customer Service workspace application

Self-serve voice support channel with Power Virtual Agents 

The general availability launch in India and Switzerland also integrates Power Virtual Agents. Subject matter experts can build conversational interactive voice response (IVR) bots in just a few clicks to help customers quickly self-serve, reducing contact center operation costs. Learn how to configure Power Virtual Agents bots for voice.

Azure Communication Services direct routing 

The launch of the voice channel in the India and Switzerland is made possible through direct routing from Azure Communication Services, in preview. Direct routing enables you to connect your existing telephony infrastructure to Azure. Learn how you can use the telephony carrier of your choice

As the native voice channel in Dynamics 365 Customer Service continues to expand in regions, languages, and capabilities, subscribe to this blog for the latest updates. Set up your Dynamics 365 Customer Service environment and install the voice channel today.

Learn more

Read the documentation to learn about the features the voice channel now supports in India and Switzerland: Introduction to the voice channel | Microsoft Learn

Learn about other supported locations and languages here: Supported cloud locations, languages, and locale codes for voice channel | Microsoft Learn

The post Customer Service voice support channel launches in India and Switzerland  appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.