Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

Microsoft Entra: Upcoming changes to federatedTokenValidationPolicy default settings

Roadmap ID
566869
View in M365 Roadmap
Product
Microsoft Entra
Published
July 1, 2026
Status
In development
Cloud Instances
Worldwide (Standard Multi-Tenant)GCCGCC HighDoD
Release Phase
General Availability
Platforms
AndroidDesktopiOSMacWeb
Expected Release
August 2026

Description

The federatedTokenValidationPolicy is a resource type in Microsoft Graph (beta) that governs the validation of federated authentication tokens and allows customers to configure a rule to block logins where internalDomainFederation does not match UPN domain. The feature by default requires manual configuration in the tenant to prohibit cross-domain logins. To strengthen security with cross-domain sign-in we will change the default rule for federatedTokenValidationPolicy to block logins where internalDomainFederation does not match UPN domain. This internalDomainFederation object is typically created automatically during federation setup with AD federation server or other IdPs.

Change History

Show
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.