M365 Archive
Back to latest version
Comparing Mar 24, 2026 latest (Apr 1, 2026) Swap

MC1260708 - Microsoft Entra ID: Improved readability for Authentication Methods Policy Update audit logs

Message Center

Metadata at latest

Message ID

MC1260708

View in Message Center

Last Updated

Apr 1, 2026

Published Mar 24, 2026

Service

Microsoft Entra

Tag

Updated message
Feature update
Admin impact

Metadata changes

Tags
Admin impact, Feature updateAdmin impact, Feature update, Updated message

Body changes

removed textadded text

Updated April 1, 2026: We have updated the content. Thank you for your patience. 

Introduction

We’re improving the formatting of the Authentication Methods Policy Update and Authentication Methods Policy Reset audit log entryentries in Microsoft Entra ID. Previously, thisthese audit loglogs included the full authentication methods policy payload under Modified properties, even when only a small number of settings were updated.

With this update, the audit log will now display only the specific properties that changed, along with their corresponding old and new values. The audit log activity name and when it is triggered will not change. This update only changes how modified properties are displayed.

When this will happen

  • General Availability (Worldwide): Rollout begins early April 2026 and is expected to complete by late April 2026.
  • General Availability (GCC, GCCH, DoD): Rollout begins late April 2026 and is expected to complete by late May 2026.

How this affects your organization

Who is affected:

  • Organizations that use Microsoft Entra ID audit logs, particularly administrators and security teams who review or process Authentication Methods Policy Update or Authentication Methods Policy Reset events.
  • This may also affect organizations that rely on audit log modified properties for automated processing, alerting, or custom parsing.

What will happen:

  • This update makes audit logs easier to read and interpret by reducing noise and highlighting exactly what was modified during an authentication methods policy update.
  • The audit log activity name, event timing, and policy behavior remain unchanged.
  • No new audit events are introduced, and existing policy enforcement is not affected.

What you can do to prepare

  • No action is required for most organizations.
  • If you use audit logs for automated processing, alerting, or custom parsing, review any logic that expects the full authentication methods policy payload in Authentication Methods Policy Update or Authentication Methods Policy Reset events’ modified properties.
  • After this change, audit log entries for authentication method setting changes will surface only the specific properties that were modified, rather than the entire policy object.
  • Policy-wide updates, such as Registration Campaigns and System-preferred MFA, may continue to include the full policy payload. 

Learn more: Microsoft Entra audit log activity reference - Microsoft Entra ID | Microsoft Learn

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.