Table of Contents
Licensing
Advanced Identity governance has now a new license set and you can acquire it as a addon called Step Up. Some older functionalities still live inside P1 and P2 licensing models.
Here the list of feature available only from ID Governance license
| Feature | Free | Microsoft Entra ID P1 | Microsoft Entra ID P2 | Microsoft Entra ID Governance |
|---|---|---|---|---|
| Entitlement management with Verified ID | x | |||
| Entitlement management + Custom Extensions (Logic Apps) | x | |||
| Entitlement management + Auto Assignment Policies | x | |||
| Entitlement management – Invite+Assign Any | x | |||
| Entitlement management – Guest Conversion API | x | |||
| Entitlement management – Sponsors Policy – Public Preview | x | |||
| Access reviews – PIM For Groups – Public Preview | x | |||
| Access reviews – Inactive Users reviews | x | |||
| Access reviews – Machine learning assisted access certifications and reviews | x | |||
| Lifecycle Workflows (LCW) | x | |||
| LCW + Custom Extensions (Logic Apps) | x | |||
| Insights and reporting – Inactive guest accounts (Preview) | x |
Why to use?
The features will help you to enhance efficiency by guaranteeing timely access for individuals without the need for manual approvals, enhance security by minimizing the risk associated with access misuse and implementing intelligent access decisions driven by machine learning and streamline the authorization procedure for standard resource access, allowing you to concentrate on insights and exceptional cases provided by AI.
You can see the use cases from Learn. They have examples on all the different features under the license.
How to access?
Just open Entra admin center (https://entra.microsoft.com) and navigate to Identity governance. Note that ID Governance preview feature will be moved under new licensing model at 30th of September.
You need to be at least Identity Governance Admin to access these features.
And the portal overview.
Under Identity governance portal you will find the following
ID Governance features
Entitlement management
And what you could do with it. Well, you can request additional identity documents, like training certifications or work authorizations, during the request process. As the access package manager, you can require requestors to provide verified IDs with these credentials from trusted issuers. Approvers can then easily confirm if the user’s verifiable credentials were validated when they submitted the request.
See more from Learn
But you can also use
Access reviews
Access reviews is a component of Microsoft Entra ID, it will empower organizations to effectively oversee group memberships, access to enterprise applications, and role assignments. Regularly reviewing user access ensures that only authorized individuals maintain ongoing access privileges.
With the new license features you could in example review Inactive guest users
And not to forget PIM and the advanced features the new licenses unleashes
Privileged Identity Management
Privileged Identity Management (PIM) involves the supervision and safeguarding of high-privileged accounts within an organization’s IT ecosystems.
This oversight is essential to prevent the potential misuse or abuse of the extensive access capabilities associated with super control accounts. Unmonitored super user accounts pose risks such as.
- The loss or theft of sensitive corporate data
- Introduction of malware that could compromise the network.
With the new licensing model you can enable PIM for Groups, to enable automation on groups
And you can read more from my previous blogs. Author note! Azure AD is now Entra ID
Lifecycle workflows
And finally for Lifecycle workflows, which can be used for the following entities:
- Joiner: An individual who enters the realm of requiring access, such as a new employee joining a company or organization.
- Mover: An individual who transitions within an organization, often necessitating changes or expansions in their access and authorization. For instance, someone who moves from a marketing role to a sales position
- Leaver: An individual who departs from the realm of needing access, often prompting the removal of their access privileges. Examples include retirees or terminated employees.
See more from Learn.
Closure
You can get the trial for Entra Identity Governance here https://aka.ms/EntraIDGovTrial or use Step up for the full license.
Some of features I already covered in my previous posts and good to see them going forward. Sometimes paywall comes between you and a feature and most of the times it’s there for a reason.
You can argue that it shouldn’t but it will give you more advanced features that you can secure your Identity estate.
And there is still ones that you can use without a new license.
| Feature | Free | Microsoft Entra ID P1 | Microsoft Entra ID P2 | Microsoft Entra ID Governance |
|---|---|---|---|---|
| HR-driven Provisioning | x | x | x | |
| Automated user provisioning to SaaS apps | x | x | x | x |
| Automated group provisioning to SaaS apps | x | x | x | |
| Automated provisioning to on-premises apps | x | x | x | |
| Conditional Access – Terms of use attestation | x | x | x | |
| Entitlement management – Basic entitlement management | x | x | ||
| Entitlement management – Conditional Access Scoping | x | x | ||
| Entitlement management MyAccess Search | x | x | ||
| Entitlement management – Grace Period – Public Preview | x | x | ||
| Privileged Identity Management (PIM) | x | x | ||
| PIM For Groups | x | x | ||
| PIM CA Controls | x | x | ||
| Access Reviews – Basic access certifications and reviews | x | x | ||
| Access Reviews – Inactive Users recommendations | x | x | ||
| Identity governance dashboard – Public Preview | x | x | x |
You find the full Entra Identity Governance documentation from Learn
RSS - Posts