What's New in Entra ID - July 2025 edition!

Key insights

• Certificate-based app authentication: Entra Connect Sync now supports certificate-based app registration, replacing stored credentials. This feature enforces multi-factor authentication (MFA) for synchronization, increasing security. It is currently in public preview and available for download from the Entra portal.

• Per-policy reporting for conditional access: Built-in insights allow users to view both report-only and enabled Conditional Access policies across their tenant. This removes the need for manual log queries or custom analytics, making policy management easier.

• QR code authentication: Organizations can enable passwordless sign-in for frontline and mobile users by generating standard or temporary QR codes with PINs. This feature simplifies secure access and improves user experience.

• Local admin controls on joined devices: Administrators can decide if global admins or registering users become local administrators on Entra-joined devices. They also have the option to turn off these assignments completely, providing more control over device management.

• Microsoft Entra Agent ID & Passkey Profiles: The new Agent ID manages identities for AI agents, applying existing security controls to non-human entities. Upcoming passkey profiles, launching November 2025, will let organizations set different authentication rules for specific user groups.

• Simplified policy migration & external identity support: Starting July 31, 2025, User Risk Policy and Sign-in Risk Policy pages will be read-only in Entra ID Protection; organizations must migrate these to Conditional Access. Support for custom SAML/WS-Fed identity providers now enables users to sign up or sign in using accounts from external sources, improving consumer identity

   

   

  Introduction: Exploring Microsoft Entra ID’s July 2025 Updates

  Microsoft Entra ID, a core component of the company’s identity and access management portfolio, continues to gain momentum as it delivers new capabilities tailored for security and operational efficiency. In a recent YouTube video, Dean Ellerby [MVP] outlines the July 2025 enhancements that promise to streamline authentication, reporting, and device management for organizations of all sizes. This article summarizes the key points from Ellerby’s walkthrough, highlighting both the benefits and considerations involved in adopting these features.

  As digital workspaces become more complex, balancing robust security with user convenience remains a top priority. The latest Entra ID updates reflect Microsoft’s ongoing commitment to helping IT teams adapt quickly, while also raising important questions about tradeoffs between control, flexibility, and simplicity.

  Certificate-Based App Authentication for Entra Connect Sync

  One notable update is the introduction of certificate-based app authentication for Entra Connect Sync. Instead of relying on stored credentials, organizations can now register an app using a certificate, which enforces full multi-factor authentication (MFA) for synchronization processes. This feature, available in public preview, must be downloaded exclusively from the Entra portal, emphasizing Microsoft’s focus on secure distribution.

  The shift to certificate-based authentication offers clear advantages, such as reducing the risks associated with credential theft and automating secure sync operations. However, it may require IT administrators to adjust existing workflows and become familiar with certificate lifecycle management. While the security gains are significant, the need for careful planning and expertise in certificate handling could increase operational complexity for some teams.

  Per-Policy Reporting for Conditional Access

  Another major enhancement is the rollout of per-policy reporting for conditional access. Previously, administrators had to rely on manual log queries or custom analytics to monitor which policies were enabled or in report-only mode across their tenant. Now, built-in insights provide a unified view, streamlining compliance and troubleshooting efforts.

  This new approach not only saves time but also minimizes the risk of oversights that could lead to security gaps. On the other hand, organizations must still ensure that policy configurations align with their evolving security requirements. The balance between comprehensive oversight and ease of use continues to be a challenge, especially for enterprises managing large and diverse user bases.

  QR Code Authentication: Enabling Passwordless Sign-In

  The introduction of QR code authentication marks a significant step toward passwordless access for frontline and mobile users. Administrators can generate both standard and temporary QR codes, along with PINs, to facilitate quick and secure sign-ins. This feature is particularly valuable in environments where traditional credential entry is impractical or time-consuming.

  While QR code authentication enhances user convenience and reduces the risks associated with weak or reused passwords, it also raises questions about device security and the management of temporary access credentials. Organizations must weigh the benefits of faster sign-in experiences against the need for robust endpoint controls and user education to prevent misuse.

  Local Admin Controls on Joined Devices

  Microsoft now allows organizations to determine whether global administrators or registering users become local administrators on Entra-joined devices—or to disable these assignments altogether. This added flexibility gives IT departments greater control over endpoint privileges, which is essential for minimizing the attack surface and adhering to the principle of least privilege.

  However, making the right choice involves tradeoffs between operational agility and security. Granting local admin rights can expedite troubleshooting but may expose devices to higher risk if not carefully managed. Conversely, restricting admin roles may improve security posture but could slow down legitimate support tasks, especially in distributed or hybrid work scenarios.

  Conclusion: Evolving Security and Management in Entra ID

  Dean Ellerby’s YouTube video provides a concise yet informative overview of the July 2025 updates to Microsoft Entra ID, emphasizing the platform’s evolution toward smarter, more adaptive security and device management. As organizations weigh the adoption of these new features, they must carefully consider the balance between enhanced protection, administrative complexity, and user experience.

  Ultimately, Microsoft’s latest enhancements reaffirm its commitment to empowering IT teams with tools that adapt to changing digital landscapes. By staying informed and proactive, organizations can leverage Entra ID’s innovations to secure their assets while maintaining operational efficiency in an increasingly dynamic world.

   

  

  Keywords

  Entra ID updates July 2025 Entra ID new features 2025 Entra ID security enhancements Entra ID Microsoft identity management Entra ID cloud integration Entra ID admin tools July 2025 Entra ID user experience improvements