{"id":16259,"date":"2026-05-05T01:01:17","date_gmt":"2026-05-04T16:01:17","guid":{"rendered":"https:\/\/m365jp.net\/?p=16259"},"modified":"2026-05-05T01:05:12","modified_gmt":"2026-05-04T16:05:12","slug":"mc1300584-microsoft-entra-app-instance-lock-enabled-by-default-for-new-applications","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-05-05-mc1300584-microsoft-entra-app-instance-lock-enabled-by-default-for-new-applications","title":{"rendered":"MC1300584 | Microsoft Entra: App Instance Lock enabled by default for new applications"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1300584 | Microsoft Entra: App Instance Lock enabled by default for new applications<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>05\/04\/2026 15:35:57<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>05\/04\/2026 15:35:37<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>07\/23\/2026 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2026-05-28T07:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p><b>[Introduction]<\/b><\/p>\n<p>To improve application security, Microsoft Entra ID will enable App Instance Lock by default for newly created applications. This change prevents sensitive application properties from being modified outside the application\u2019s home tenant, reducing the risk   of unauthorized changes that can lead to application compromise. Based on our data analysis, we do not expect this change to cause customer impact. App owners or administrators in the application home tenant can still disable App Instance Lock for specific   applications if their scenario requires updates to protected properties in other tenants.<\/p>\n<p><b><\/b><\/p>\n<p><b>[When this will happen]<\/b><\/p>\n<p><b>General Availability (Worldwide): <\/b>We will begin rolling out in <b>early June 2026  <\/b>and expect to complete by<b> late June 2026.<\/b><\/p>\n<p><b><\/b><\/p>\n<p><b>[How this affects your organization]<\/b><\/p>\n<p><i>Who is affected<\/i><\/p>\n<ul>\n<li>Microsoft Entra administrators<\/li>\n<li>Developers who manage Microsoft Entra applications<\/li>\n<li>Organizations using automation or scripts to update application credentials or security settings after app creation<\/li>\n<\/ul>\n<p><b>What will happen?<\/b><\/p>\n<ul>\n<li>App Instance Lock will be <b>enabled by default for all newly created applications<\/b>.<\/li>\n<li>Sensitive service principal properties will be protected by default.<\/li>\n<li>Attempts to modify these <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity-platform\/howto-configure-app-instance-property-locks\" target=\"_blank\">  protected properties<\/a> will be <b>blocked unless App Instance Lock is explicitly disabled<\/b>.<\/li>\n<li>Blocked update <b>attempts will return a 400 Bad Request error,<\/b> and the update will not be applied.<\/li>\n<li><b>Existing applications are not affected <\/b>by this change.<\/li>\n<\/ul>\n<p><i>Example Microsoft Graph error returned when attempting to update passwordCredentials on a locked application:<\/i><\/p>\n<p><img decoding=\"async\" style=\"width: 400px\" alt=\"user settings\" src=\"https:\/\/cxcs.microsoft.net\/static\/public\/messagecenter\/neutral\/9cf75157-6d59-4921-a212-8ec6ee19e17e\/88ab297e762809524363da1c76b8a03905949838.png\"><\/p>\n<\/p>\n<p><b>[What you can do to prepare]<\/b><\/p>\n<ul>\n<li>Review automation, scripts, or provisioning workflows that modify service principal credentials or related settings.<\/li>\n<li>Validate that existing workflows do not depend on App Instance Lock being disabled and update them to avoid modifying protected properties unless the lock is intentionally disabled.<\/li>\n<li>Disable App Instance Lock for specific applications if post\u2011creation updates are required.<\/li>\n<li>Test application provisioning and credential management flows prior to rollout in mid-May.<\/li>\n<\/ul>\n<p><b>Learn more: <\/b><a href=\"https:\/\/learn.microsoft.com\/entra\/identity-platform\/howto-configure-app-instance-property-locks\" target=\"_blank\">How to configure app instance property lock in your applications | Microsoft identity platform | Microsoft Entra   | Microsoft Learn<\/a><\/p>\n<p><b>[Compliance considerations]<\/b><\/p>\n<table class=\"table table-bordered\">\n<tbody>\n<tr>\n<td><b>Question<\/b><\/td>\n<td><b>Answer<\/b><\/td>\n<\/tr>\n<tr>\n<td>Does the change include an admin control?<\/td>\n<td>Yes. Admins can disable App Instance Lock per application when required.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b><\/b><\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p><b>[\u306f\u3058\u3081\u306b]<\/b><\/p>\n<p>\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5411\u4e0a\u306e\u305f\u3081\u3001Microsoft Entra ID\u306f\u65b0\u898f\u4f5c\u6210\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u5bfe\u3057\u3066\u30c7\u30d5\u30a9\u30eb\u30c8\u3067App Instance Lock\u3092\u6709\u52b9\u306b\u3057\u307e\u3059\u3002\u3053\u306e\u5909\u66f4\u306b\u3088\u308a\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30db\u30fc\u30e0\u30c6\u30ca\u30f3\u30c8\u5916\u3067\u6a5f\u5bc6\u6027\u306e\u9ad8\u3044\u30d7\u30ed\u30d1\u30c6\u30a3\u304c\u5909\u66f4\u3055\u308c\u308b\u306e\u3092\u9632\u304e\u3001\u4e0d\u6b63\u306a\u5909\u66f4\u306b\u3088\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u4fb5\u5bb3\u30ea\u30b9\u30af\u3092\u6e1b\u3089\u3057\u307e\u3059\u3002\u30c7\u30fc\u30bf\u5206\u6790\u306b\u57fa\u3065\u304d\u3001\u3053\u306e\u5909\u66f4\u304c\u9867\u5ba2\u3078\u306e\u5f71\u97ff\u3092\u53ca\u307c\u3059\u3068\u306f\u4e88\u60f3\u3057\u3066\u3044\u307e\u305b\u3093\u3002\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30db\u30fc\u30e0\u30c6\u30ca\u30f3\u30c8\u5185\u306e\u30a2\u30d7\u30ea\u6240\u6709\u8005\u3084\u7ba1\u7406\u8005\u306f\u3001\u4ed6\u306e\u30c6\u30ca\u30f3\u30c8\u306e\u4fdd\u8b77\u3055\u308c\u305f\u30d7\u30ed\u30d1\u30c6\u30a3\u306e\u66f4\u65b0\u304c\u5fc5\u8981\u306a\u5834\u5408\u3001\u7279\u5b9a\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306eApp   Instance Lock\u3092\u7121\u52b9\u306b\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p><b><\/b><\/p>\n<p><b>[\u3044\u3064\u8d77\u3053\u308b\u304b]<\/b><\/p>\n<p><b>\u4e00\u822c\u516c\u958b(\u4e16\u754c): <\/b><b>2026\u5e746\u6708\u521d<\/b>\u65ec\u304b\u3089\u5c55\u958b\u3092\u958b\u59cb\u3057\u3001<b>2026\u5e746\u6708\u4e0b\u65ec<\/b>\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p><b><\/b><\/p>\n<p><b>[\u3053\u308c\u304c\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u4e0e\u3048\u308b\u5f71\u97ff]<\/b><\/p>\n<p><i>\u5f71\u97ff\u3092\u53d7\u3051\u308b\u4eba\u7269<\/i><\/p>\n<ul>\n<li>Microsoft Entra \u7ba1\u7406\u8005<\/li>\n<li>Microsoft Entra\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u7ba1\u7406\u3059\u308b\u958b\u767a\u8005<\/li>\n<li>\u30a2\u30d7\u30ea\u4f5c\u6210\u5f8c\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u8a8d\u8a3c\u60c5\u5831\u3084\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u3092\u66f4\u65b0\u3059\u308b\u305f\u3081\u306e\u81ea\u52d5\u5316\u3084\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u7d44\u7e54<\/li>\n<\/ul>\n<p><b>\u4f55\u304c\u8d77\u3053\u308b\u306e\u3067\u3057\u3087\u3046\u304b?<\/b><\/p>\n<ul>\n<li>\u65b0\u898f <b>\u4f5c\u6210\u306e\u3059\u3079\u3066\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u3001App Instance Lock\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u6709\u52b9\u5316<\/b>\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>\u6a5f\u5bc6\u6027\u306e\u9ad8\u3044\u30b5\u30fc\u30d3\u30b9\u4e3b\u4f53\u30d7\u30ed\u30d1\u30c6\u30a3\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u4fdd\u8b77\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>\u3053\u308c\u3089\u306e <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity-platform\/howto-configure-app-instance-property-locks\" target=\"_blank\">  \u4fdd\u8b77\u3055\u308c\u305f\u30d7\u30ed\u30d1\u30c6\u30a3<\/a> \u3092\u6539\u5909\u3057\u3088\u3046\u3068\u3059\u308b\u8a66\u307f\u306f <b>\u3001App Instance Lock\u304c\u660e\u793a\u7684\u306b\u7121\u52b9\u5316\u3055\u308c\u3066\u3044\u306a\u3044\u9650\u308a\u30d6\u30ed\u30c3\u30af<\/b>\u3055\u308c\u307e\u3059\u3002<\/li>\n<li>\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f\u66f4\u65b0 <b>\u8a66\u884c\u306f400 Bad Request\u30a8\u30e9\u30fc\u3092\u8fd4\u3057\u3001<\/b> \u305d\u306e\u66f4\u65b0\u306f\u9069\u7528\u3055\u308c\u307e\u305b\u3093\u3002<\/li>\n<li><b>\u65e2\u5b58\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f <\/b>\u3053\u306e\u5909\u66f4\u306e\u5f71\u97ff\u3092\u53d7\u3051\u307e\u305b\u3093\u3002<\/li>\n<\/ul>\n<p><i>\u30ed\u30c3\u30af\u3055\u308c\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067passwordCredentials\u3092\u66f4\u65b0\u3057\u3088\u3046\u3068\u3057\u305f\u969b\u306b\u8fd4\u3055\u308c\u305fMicrosoft Graph\u30a8\u30e9\u30fc\u306e\u4f8b:<\/i><\/p>\n<p><img decoding=\"async\" style=\"width: 400px\" alt=\"user settings\" src=\"https:\/\/cxcs.microsoft.net\/static\/public\/messagecenter\/neutral\/9cf75157-6d59-4921-a212-8ec6ee19e17e\/88ab297e762809524363da1c76b8a03905949838.png\"><\/p>\n<\/p>\n<p><b>\u3010\u6e96\u5099\u306e\u305f\u3081\u306b\u3067\u304d\u308b\u3053\u3068\u3011<\/b><\/p>\n<ul>\n<li>\u30b5\u30fc\u30d3\u30b9\u30d7\u30ea\u30f3\u30b7\u30d1\u30eb\u306e\u8cc7\u683c\u60c5\u5831\u3084\u95a2\u9023\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\u81ea\u52d5\u5316\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3001\u307e\u305f\u306f\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u3092\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046\u3002<\/li>\n<li>\u65e2\u5b58\u306e\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u304cApp Instance Lock\u306e\u7121\u52b9\u306b\u4f9d\u5b58\u3057\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u691c\u8a3c\u3057\u3001\u610f\u56f3\u7684\u306b\u30ed\u30c3\u30af\u304c\u7121\u52b9\u5316\u3055\u308c\u3066\u3044\u306a\u3044\u9650\u308a\u3001\u4fdd\u8b77\u3055\u308c\u305f\u30d7\u30ed\u30d1\u30c6\u30a3\u306e\u5909\u66f4\u3092\u907f\u3051\u308b\u3088\u3046\u306b\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u3092\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li>\u7279\u5b9a\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u5bfe\u3057\u3066\u3001\u4f5c\u6210\u5f8c\u306e\u66f4\u65b0\u304c\u5fc5\u8981\u306a\u5834\u5408\u306fApp Instance Lock\u3092\u7121\u52b9\u306b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li>5\u6708\u4e2d\u65ec\u306e\u5c55\u958b\u524d\u306b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30d7\u30ed\u30d3\u30b8\u30e7\u30cb\u30f3\u30b0\u3068\u8a8d\u8a3c\u60c5\u5831\u7ba1\u7406\u306e\u6d41\u308c\u3092\u30c6\u30b9\u30c8\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<p><b>\u8a73\u3057\u304f\u306f\u3053\u3061\u3089: <\/b><a href=\"https:\/\/learn.microsoft.com\/entra\/identity-platform\/howto-configure-app-instance-property-locks\" target=\"_blank\">\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5185\u3067\u306e\u30a2\u30d7\u30ea\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u30d7\u30ed\u30d1\u30c6\u30a3\u30ed\u30c3\u30af\u306e\u8a2d\u5b9a\u65b9\u6cd5 |Microsoft \u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0 |Microsoft Entra |Microsoft Learn<\/a><\/p>\n<p><b>[\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306e\u8003\u616e\u4e8b\u9805]<\/b><\/p>\n<table class=\"table table-bordered\">\n<tbody>\n<tr>\n<td><b>\u8cea\u554f<\/b><\/td>\n<td><b>\u56de\u7b54<\/b><\/td>\n<\/tr>\n<tr>\n<td>\u5909\u66f4\u306b\u306f\u7ba1\u7406\u8005\u7ba1\u7406\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u304b?<\/td>\n<td>\u306f\u3044\u3002\u7ba1\u7406\u8005\u306f\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3054\u3068\u306bApp Instance Lock\u3092\u7121\u52b9\u306b\u3067\u304d\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b><\/b><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1300584 | Microsoft Entra: App Instance Lock enabled by default for new applications Classification planForC [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16259","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/16259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=16259"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/16259\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=16259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=16259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=16259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}