Home NewsX Manage Microsoft Entra ID role assignments with Microsoft Entra ID Governance

Manage Microsoft Entra ID role assignments with Microsoft Entra ID Governance

by info.odysseyx@gmail.com
0 comment 5 views


We are excited to announce that the entitlement management feature of Microsoft Entra Identity Governance now supports Microsoft Entra role assignments!

To ensure minimal authority, many people Privileged Identity Management Provides IT administrators with just-in-time (JIT) access. Least privileged role assigned. This approach minimizes your organization’s attack surface by reducing the number of privileges IT administrators have. However, some administrators in your organization may need long-term permissions combined with other resources, such as specific applications.

Now you can use: Microsoft Entra ID Governance to assign Microsoft Entra roles Available to users and groups through the Entitlement Management access package. This helps you:

  1. Minimize the impact of security breaches by establishing eligibility. a privileged role Reduce unnecessary access in Privileged Identity Management.
  2. Regular access reviews ensure the right people have access to the right resources and roles.
  3. Scale role assignments as your organization grows using a self-service access request process.
  4. Enable business capabilities by combining them with Microsoft Entra roles required to use tools or application assignments for increased visibility and ease of management.

We’ve seen our customers use this feature in the following scenarios:

  • IT Help Desk: Reduce administrator fatigue by delegating IT support tasks to helpdesk staff.
  • Application Management: Manage access to sensitive applications to ensure compliance.
  • operate: Empower your security operations center analysts with monitoring tools and log reading capabilities.

Managing Microsoft Entra identity role assignments through access package policies gives you control over the entire role assignment lifecycle, from request to approval to provisioning of those roles.

Let’s take a look at how to leverage Microsoft Entra Identity Governance to manage the role assignment lifecycle.

Scenario: Automate Microsoft Entra role assignments through a self-service process

Imagine your organization’s support department is expanding by hiring 50 new IT helpdesk employees. Manually assigning Microsoft Entra roles to each user is neither efficient nor repeatable for Identity Access Management (IAM) teams to meet compliance and audit requirements.

Tenant administrators can simplify this by creating access packages with the required roles, allowing IT staff to request access through the My Access portal and delegating approval to helpdesk department administrators. This allows IAM teams to focus on security by leveraging Microsoft Entra identity governance policies and user self-service capabilities.

To restrict fixed access to the Helpdesk Administrator role, you can set entitlements in the access package to require users to activate the role in a timely manner through Privileged Identity Management (PIM) when needed.

Here’s how you can do it in three simple steps:

1. Create an access package and add the Help Desk Administrator Microsoft Entra role as an “Eligible Member” and the Service Support Administrator as an “Active Member”.

Figure 1: How to add a Microsoft Entra role as a resource in an access package.Figure 1: How to add a Microsoft Entra role as a resource in an access package.

2. Allow IT Helpdesk group members to request access and configure approval settings.

Figure 2: Policy configuration targeting the IT Helpdesk group as users who can request access.Figure 2: Policy configuration targeting the IT Helpdesk group as users who can request access.

Figure 3: Approval settings.Figure 3: Approval settings.

You can set up regular access reviews to remove role assignments when access is no longer needed.

3. In the Lifecycle tab, configure expiration and require access review. You can choose the review frequency and specify who will conduct the review.

Figure 4: Configuring access review for an access package.Figure 4: Configuring access review for an access package.

Applying these governance processes ensures least privileged access for all IT administrators, reducing the risk of unnecessary access and potential misuse. When you combine this new feature with other governance features, such as lifecycle workflows, role assignments are automatically removed when IT administrators leave the organization or change roles. This allows your organization to run more smoothly and safely.

give it a try

We’re very excited about this new feature and hope you give it a try too! If you already have Microsoft Entra Identity Governance, you can start using it right away! Otherwise, if you already have Microsoft Entra ID Premium, there are two ways to enable this feature:

you can prepare for trial If you purchase Microsoft Entra ID Governance, purchase licenses online through a licensing partner, or work with a Microsoft account team, upgrade to Microsoft Entra ID Governance by purchasing licenses directly from Microsoft.

you can also Set up a Microsoft Entra Suite trialThis includes Microsoft Entra Identity Governance.

Joseph Dodge

Learn more about this topic

Learn more about Microsoft Entra

Prevent identity attacks, ensure least-privileged access, unify access control, and improve user experience with comprehensive identity and network access solutions across on-premises and cloud.





Source link

You may also like

Leave a Comment

Our Company

Welcome to OdysseyX, your one-stop destination for the latest news and opportunities across various domains.

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Laest News

@2024 – All Right Reserved. Designed and Developed by OdysseyX