Skip to content

Knowledge Junction

Junction where Knowledge is the sovereign, where problem meet solution, technology get explored.. Office 365, Azure, SharePoint, SharePoint Online, PowerShell, Microsoft Graph, M365

  • Home
  • About Knowledge-Junction
  • Technologies
    • Office 365
    • Microsoft Graph
    • Python
    • Azure
    • C#
    • SQL Server
    • SharePoint
    • SharePoint 2019
    • .Net
    • PowerShell cmdlets
    • IIS
    • Tools
      • Eclipse
      • JavaScript Regions
    • Visual Studio Extensions
    • Java Script
    • Type Script
    • Azure
      • Azure Governance
      • Azure Blueprints
      • Management Group
      • Azure Identity And Access Management
      • Azure Networking
      • Azure Active Directory
      • SharePoint Online
      • Microsoft Azure
  • Certification
    • Office 365 : 70-347 : Enabling Office 365 Services
    • 70-532: Developing Microsoft Azure Solutions
    • AZ-103: Microsoft Azure Administrator
    • AZ-900 MICROSOFT AZURE FUNDAMENTALS
    • M365 Certifications
      • Office 365 : 70-347 : Enabling Office 365 Services
      • M365 : MS-900 : Microsoft 365 Fundamentals
    • PL-900: Microsoft Certified Power Platform Fundamentals

Azure Identity And Access Management Part 25– Azure Active Directory – Identity Governance

June 20, 2020November 1, 2020 ~ Manas Ranjan Moharana


Hello Friends,

Hope you all are doing good!!!

In our last post, we have learned, how to configure Access Reviews of Group And Application. Today In this article, we will see a very crucial Azure AD feature Identity Governance.

If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.

Part 1 – Azure Active Directory – Overview

Part 2 – Azure Active Directory – Enterprise Users

  • *
  • *
  • *

Part 24 – Azure Active Directory – Access Reviews 2 – Group And Apps

Next Article : Part 26 – Azure Active Directory – Domain Service ( Azure AD DS) 1 – Overview

Azure AD Identity Governance :

As specified in Microsoft document, Azure Active Directory (Azure AD) Identity Governance helps us to protect, monitor, and audit access to critical assets while ensuring employee productivity. Azure AD Identity Governance. This Azure service allows us to balance our organization’s need for security and employee productivity with the right processes and visibility. It provides us with capabilities to ensure that the right people have the right access to the right resources with proper identity and proper access management tool designed for modern environment.

Benefits Of Identity Governance :

  • Improve productivity - Empower employee and business partner access to resources at enterprise scale.
  • Strengthen security - Reduce risk arising from access abuse and make smart access decisions based on machine learning.
  • Streamline compliance process - Consistently control access across all applications based on organization and regulatory policies.

What’s In Azure AD Identity Governance For Organizations :

Azure AD Identity Governance give organizations the ability to do the following tasks across employees, guest users and across services and applications both on-premises and in clouds:

  • Identity lifecycle - Automate user lifecycle events across all applications to meet both security and productivity needs.
  • Access lifecycle - Quickly manage changes to access rights by using self-service requests and monitoring lifecycle events.
  • Privileged identity management - Govern access to privileged resources to mitigate the risk of excessive, unnecessary, or misused rights.

Azure Active Directory Identity Governance Features :

Till this point what we learn is, all features of Identity Governance‘s collectively, efficiently and securely manage our digital identities and grant each person the right level of access to the resources they need . Let’s see in Azure portal, what comes under Identity Governance. Log-In to Azure Portal > Azure Active Directory > Identity Governance as shown in the following figure.

Figure 1– Azure Identity and Access Management -IAM-Azure Active Directory – Entitlement Management

As we can see in the above figure, under Identity Governance page, there are 4 following major section at the left navigation. In our previous articles, we have already discussed in detail about all of the following 4 sections.

1) Privileged Identity Management (PIM) - Enable just-in-time and scheduled access, alerts, and approval workflows for Azure AD and Azure Resource roles. For more information on Privileged Identity Management (PIM), see our following article.

  • Azure Active Directory Privileged Identity Management (PIM)

2) Entitlement Management - Manage access lifecycle at scale by automating request workflows, assignments, reviews, and expiration. For more information on Entitlement Management, see our following articles.

  • Azure Active Directory Entitlement Management Overview
  • Entitlement Management Administrator And Catalog Creator Roles
  • Entitlement Management Access Package Manager Roles
  • Entitlement Management Requestor And Approver Roles

3) Access Review - Enable certification campaigns for SaaS apps, remove excessive access, block guest access, and delete accounts. For more information on Access Review, see our following articles

  • Azure Active Directory Access Review Of Privileged Identity Management (PIM)
  • Azure Active Directory Access Reviews Of Group And Application

4) Terms Of Use - To present security information to end users, Azure AD terms of use provides a simple method that organizations can use. This presentation ensures users see relevant disclaimers for legal or compliance requirements. For more information on Terms Of Use, see our following article .

  • Azure Active Directory Terms Of Use

Along with the above major features of Identity Governance, there are some more following Azure AD services/features, which help Identity Governance service to govern and control the Identity and resource management proficiently.

  • Self-Service Password Reset (SSPR)
  • Azure Active Directory Identity Protection
  • Govern and control Business-to-Business (B2B) And Guest User In Azure Active Directory
  • Azure Active Directory Conditional Access Policy And Multi-Factor Authentication (MFA)

This is one short but useful article, which may helps you to get basic information and knowledge about Azure AD Identity Governance.

Next Article : Part 26 – Azure Active Directory – Domain Service ( Azure AD DS) 1 – Overview

As I am exploring the Azure Identity and Access Management (IAM) in a deep level. Please let me know if I missed anything important or if my understanding is not up to mark.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

Thanks for reading 🙂

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • WhatsApp
  • Email
  • Print

Like this:

Like Loading...

Related Articles

Posted in AZ-103: Microsoft Azure Administrator, AZ-104: Microsoft Azure Administrator, Azure Active Directory, Azure Identity And Access Management, Dynamic 365, Exchange Online, M365, O365 Certifications, Office 365, SharePoint, SharePoint 2016, SharePoint 2019, SharePoint Online, Technologies Application ManagementAZ-103: Microsoft Azure AdministratorAZ-300: Microsoft Azure Architect TechnologiesAZ-301: Microsoft Azure Architect DesignAZ-303: Azure Solutions ArchitectAZ-500: Microsoft Azure Security TechnologiesAzur Custom RoleAzureAzure Active DirectoryAzure Active Directory Custom RoleAzure Active Directory featuresAzure Active Directory pricingAzure AD AccountAzure AD AuthenticationAzure AD Community SupportAzure AD DeviceAzure AD Device IdentityAzure AD Device Identity Management. Azure AD JoinedAzure AD DirectoryAzure AD Google Federation for B2B userAzure AD Identity GovernanceAzure AD Identity ProtectionAzure AD PIMAzure AD Privileged Identity Management (PIM)Azure AD registeredAzure AD Schema extensionAzure Identity And Access ManagementAzure MFAAzure RBACAzure Role AssignmentAzure Role-Based Access Control (RBAC)Bulk Update Azure AD user profilesBusiness-to-Business (B2B)Custom DomainCustom Role AssignmentDevice ManagementDirectory schema extensionsDomain servicesEmail one-time passcodeExam AZ-104: Microsoft Azure AdministratorExtension AttributeGuest UserHybrid Azure AD joinedHybrid identityIdentityMicrosoft account (MSA)Multi-Factor Authentication (MFA) For Guest UserPrivileged identity management (PIM)Register Azure AD UserRisk Detection ReportRisk Sign-in ReportRisk User ReportSelf-Service Password Reset (SSPR)Sign-in risk PolicySSPRUser risk policy

Published by Manas Ranjan Moharana

Around 11+ years of total IT experience and since last 10 years working on almost on all version of SharePoint .Interested in learning and sharing something new to be helthy. View all posts by Manas Ranjan Moharana

Post navigation

‹ PreviousAzure – Azure AD – resolving error – Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’
Next ›Power Platform – Creating Canvas App from Scratch with Excel Data

5 thoughts on “Azure Identity And Access Management Part 25– Azure Active Directory – Identity Governance”

  1. Pingback: Azure Identity And Access Management Part 24 – Azure Active Directory – Access Reviews 2 – Group And Apps | Knowledge Junction
  2. kanjuspua says:
    June 22, 2020 at 1:14 pm

    nice

    Loading...
    Log in to Reply
  3. Pingback: Azure Identity And Access Management Part 26 – Azure Active Directory – Domain Service ( Azure AD-DS) 1 – Overview | Knowledge Junction
  4. Pingback: Azure Identity And Access Management Part 37 – Azure Active Directory – Plan Authentication With Azure AD | Knowledge Junction
  5. Pingback: Learn Basic Of Azure Active Directory And Azure Identity And Access Management In 100 Hours | Knowledge Junction

You must log in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 322 other subscribers

Top Posts & Pages

  • GIT : Visual Studio 2019 – resolved the issue – Git failed with a fatal error. could not read Username for ‘https://.visualstudio.com’: terminal prompts disabled? OR Error encountered while cloning the remote repository: Installation
    GIT : Visual Studio 2019 – resolved the issue – Git failed with a fatal error. could not read Username for ‘https://.visualstudio.com’: terminal prompts disabled? OR Error encountered while cloning the remote repository: Installation
  • Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
    Office 365 : Connecting to SharePoint online site using CSOM when Multi-Factor Authentication (MFA) is enabled for the user
  • Power Platform: Power Automate - Issue - InvalidTemplate. Unable to process template language expressions in action 'Create_item'. 'The template language expression ' ' cannot be evaluated because property 'shared_sharepointonline_1' doesn't exist, available properties are 'shared_sharepointonline'
    Power Platform: Power Automate - Issue - InvalidTemplate. Unable to process template language expressions in action 'Create_item'. 'The template language expression ' ' cannot be evaluated because property 'shared_sharepointonline_1' doesn't exist, available properties are 'shared_sharepointonline'
  • Automatically download Outlook attachments
    Automatically download Outlook attachments
  • M365: Microsoft Graph - Part 10 - Send Email using Graph API from Console Application (Background Job)
    M365: Microsoft Graph - Part 10 - Send Email using Graph API from Console Application (Background Job)

Recent Posts

  • E-commerce Series – Part 8 January 17, 2021
  • E-commerce Series – Part 7 January 16, 2021
  • Microsoft Teams : Integrating with Service Now – Part 3 – Posting back ServiceNow incident number to user (to whom ticket is assigned) January 12, 2021
  • Microsoft Power Platform: Converting HTML to PDF in Power Automate using PDFShift API January 11, 2021
  • Microsoft Teams : Integrating with Service Now – Part 2 – Creating Service Now incident from Power Automate January 11, 2021

Follow us on Twitter

My Tweets

Hits

  • 325,453 total visitors

Our events

Articles by Author

  • 1 Yogesh Meher
  • 1 Mayur Gaikawad
  • 1 GAURAV KAWADIWALE
  • 1 Prasham Sabadra
  • 1 Kirtiranjan Moharana
  • 1 Kunal Lunkad
  • 1 Manas Ranjan Moharana
  • 1 Sanket Modi
  • 1 yogesh narayan ojha
  • 1 Prasad Pathak
  • 1 Robin (Ajay) Robert
  • 1 RohitSp
  • 1 Snehal Sabadra
loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: