Microsoft is enforcing stricter Content Security Policy (CSP) for Entra ID authentication, blocking unauthorized scripts from executing during sign-in. Organizations using browser extensions or third-party tools that inject scripts into login.microsoftonline.com must identify and replace these tools before enforcement, as they will stop functioning while users can still sign in successfully.

Source

Recent Microsoft Entra and Windows updates introduce multiple changes across authentication, identity management, and access control. The updates include an option to replace the legacy EdgeHTML WebView with the Chromium-based WebView2 for Entra ID authentication flows, improved identity constructs for AI agents, public preview support for synced passkeys, and expanded self-service account recovery. Additional changes cover jailbreak detection in Microsoft Authenticator, enforcement of a stricter Content Security Policy for browser-based sign-ins, updates to session revocation behavior, and new capabilities in Entra ID Governance, External ID, and Global Secure Access.

Source

Microsoft Entra External ID now supports SMS-based verification for self-service password reset (SSPR), providing external users an additional recovery method beyond email one-time passcodes. The feature entered public preview in September 2025 and includes built-in fraud protection through integration with Microsoft's Phone Reputation platform.

Source

Microsoft Entra PowerShell is a module that lets administrators manage and automate Microsoft Entra ID resources—such as users, groups, applications, and policies—via PowerShell, built on and interoperable with the Microsoft Graph PowerShell SDK. ​Microsoft released version 1.1.0 of the Entra PowerShell module, introducing compatibility improvements and new filtering parameters for device and service principal management. The update removes version restrictions for Microsoft Graph PowerShell and adds functionality for administrators managing identity resources.

Source