check before: 2026-04-01
Product:
Entra
Platform:
Online, US Instances, World tenant
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Summary:
Microsoft Entra ID audit logs for Authentication Methods Policy updates will now show only changed properties with old and new values, improving readability. Rollout begins April 2026 worldwide. No changes to event names or policy enforcement. Organizations using automated log processing should review related logic.
Details:
Updated April 1, 2026: We have updated the content. Thank you for your patience.
[Introduction]
We're improving the formatting of the Authentication Methods Policy Update and Authentication Methods Policy Reset audit log entries in Microsoft Entra ID. Previously, these audit logs included the full authentication methods policy payload under Modified properties, even when only a small number of settings were updated.
With this update, the audit log will now display only the specific properties that changed, along with their corresponding old and new values. The audit log activity name and when it is triggered will not change. This update only changes how modified properties are displayed.
[When this will happen]
General Availability (Worldwide): Rollout begins early April 2026 and is expected to complete by late April 2026.
General Availability (GCC, GCCH, DoD): Rollout begins late April 2026 and is expected to complete by late May 2026.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-03-25
updated:
2026-04-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Audit Log Readability
The change in audit log formatting may lead to confusion for administrators who are accustomed to the previous format, potentially causing delays in incident response or policy updates.
- roles: Administrators, Security Teams
- references: https://learn.microsoft.com/entra/identity/monitoring-health/reference-audit-activities#core-directory
Automated Log Processing
Organizations relying on automated log processing may experience failures or inaccuracies in their systems if they do not update their logic to accommodate the new log format, leading to missed alerts or incorrect data handling.
- roles: IT Operations, Developers
- references: https://learn.microsoft.com/entra/identity/monitoring-health/reference-audit-activities#core-directory
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-04-02 | MC prepare | No action is required for most organizations.
If you use audit logs for automated processing, alerting, or custom parsing, review any logic that expects the full authentication methods policy payload in Authentication Methods Policy Update events' modified properties. After this change, audit log entries for authentication method setting changes will surface only the specific properties that were modified, rather than the entire policy object. Policy-wide updates, such as Registration Campaigns and System-preferred MFA, may continue to include the full policy payload. Learn more: Microsoft Entra audit log activity reference - Microsoft Entra ID | Microsoft Learn [Compliance considerations] No compliance considerations identified, review as appropriate for your organization. https://learn.microsoft.com/entra/identity/monitoring-health/reference-audit-activities#core-directory | No action is required for most organizations.
If you use audit logs for automated processing, alerting, or custom parsing, review any logic that expects the full authentication methods policy payload in Authentication Methods Policy Update or Authentication Methods Policy Reset events' modified properties. After this change, audit log entries for authentication method setting changes will surface only the specific properties that were modified, rather than the entire policy object. Policy-wide updates, such as Registration Campaigns and System-preferred MFA, may continue to include the full policy payload. Learn more: Microsoft Entra audit log activity reference - Microsoft Entra ID | Microsoft Learn [Compliance considerations] No compliance considerations identified, review as appropriate for your organization. https://learn.microsoft.com/entra/identity/monitoring-health/reference-audit-activities#core-directory |
| 2026-04-02 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
| 2026-04-02 | MC Summary | Microsoft Entra ID audit logs for Authentication Methods Policy Updates will now show only changed properties with old and new values, improving readability. Rollout starts April 2026. Existing event names and enforcement remain unchanged. Organizations using automated processing should review related logic. No compliance impact identified. | Microsoft Entra ID audit logs for Authentication Methods Policy updates will now show only changed properties with old and new values, improving readability. Rollout begins April 2026 worldwide. No changes to event names or policy enforcement. Organizations using automated log processing should review related logic. |
| 2026-04-02 | MC Last Updated | 03/24/2026 23:47:56 | 2026-04-02T00:50:54Z |
| 2026-04-02 | MC Messages | [Introduction]
We're improving the formatting of the Authentication Methods Policy Update audit log entry in Microsoft Entra ID. Previously, this audit log included the full authentication methods policy payload under Modified properties, even when only a small number of settings were updated. With this update, the audit log will now display only the specific properties that changed, along with their corresponding old and new values. The audit log activity name and when it is triggered will not change. This update only changes how modified properties are displayed. [When this will happen] General Availability (Worldwide): Rollout begins early April 2026 and is expected to complete by late April 2026. General Availability (GCC, GCCH, DoD): Rollout begins late April 2026 and is expected to complete by late May 2026. | Updated April 1, 2026: We have updated the content. Thank you for your patience.
[Introduction] We're improving the formatting of the Authentication Methods Policy Update and Authentication Methods Policy Reset audit log entries in Microsoft Entra ID. Previously, these audit logs included the full authentication methods policy payload under Modified properties, even when only a small number of settings were updated. With this update, the audit log will now display only the specific properties that changed, along with their corresponding old and new values. The audit log activity name and when it is triggered will not change. This update only changes how modified properties are displayed. [When this will happen] General Availability (Worldwide): Rollout begins early April 2026 and is expected to complete by late April 2026. General Availability (GCC, GCCH, DoD): Rollout begins late April 2026 and is expected to complete by late May 2026. |
| 2026-04-02 | MC Title | Microsoft Entra ID: Improved readability for Authentication Methods Policy Update audit logs | (Updated) Microsoft Entra ID: Improved readability for Authentication Methods Policy Update audit logs |
| 2026-04-02 | MC How Affect | Who is affected:
Organizations that use Microsoft Entra ID audit logs, particularly administrators and security teams who review or process Authentication Methods Policy Update events. This may also affect organizations that rely on audit log modified properties for automated processing, alerting, or custom parsing. What will happen: This update makes audit logs easier to read and interpret by reducing noise and highlighting exactly what was modified during an authentication methods policy update. The audit log activity name, event timing, and policy behavior remain unchanged. No new audit events are introduced, and existing policy enforcement is not affected. | Who is affected:
Organizations that use Microsoft Entra ID audit logs, particularly administrators and security teams who review or process Authentication Methods Policy Update or Authentication Methods Policy Reset events. This may also affect organizations that rely on audit log modified properties for automated processing, alerting, or custom parsing. What will happen: This update makes audit logs easier to read and interpret by reducing noise and highlighting exactly what was modified during an authentication methods policy update. The audit log activity name, event timing, and policy behavior remain unchanged. No new audit events are introduced, and existing policy enforcement is not affected. |
Last updated 3 weeks ago ago
