Hello Friends,

Hope you all are doing good!!!

In our last post, we have learned, how to configure Access Reviews of Group And Application. Today In this article, we will see a very crucial Azure AD feature Identity Governance.

If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.

Part 1 – Azure Active Directory – Overview

Part 2 – Azure Active Directory – Enterprise Users

• *
• *
• *

Part 24 – Azure Active Directory – Access Reviews 2 – Group And Apps

Next Article : Part 26 – Azure Active Directory – Domain Service ( Azure AD DS) 1 – Overview

Azure AD Identity Governance :

As specified in Microsoft document, Azure Active Directory (Azure AD) Identity Governance helps us to protect, monitor, and audit access to critical assets while ensuring employee productivity. Azure AD Identity Governance. This Azure service allows us to balance our organization’s need for security and employee productivity with the right processes and visibility. It provides us with capabilities to ensure that the right people have the right access to the right resources with proper identity and proper access management tool designed for modern environment.

Benefits Of Identity Governance :

• Improve productivity - Empower employee and business partner access to resources at enterprise scale.
• Strengthen security - Reduce risk arising from access abuse and make smart access decisions based on machine learning.
• Streamline compliance process - Consistently control access across all applications based on organization and regulatory policies.

What’s In Azure AD Identity Governance For Organizations :

Azure AD Identity Governance give organizations the ability to do the following tasks across employees, guest users and across services and applications both on-premises and in clouds:

• Identity lifecycle - Automate user lifecycle events across all applications to meet both security and productivity needs.
• Access lifecycle - Quickly manage changes to access rights by using self-service requests and monitoring lifecycle events.
• Privileged identity management - Govern access to privileged resources to mitigate the risk of excessive, unnecessary, or misused rights.

Azure Active Directory Identity Governance Features :

Till this point what we learn is, all features of Identity Governance‘s collectively, efficiently and securely manage our digital identities and grant each person the right level of access to the resources they need . Let’s see in Azure portal, what comes under Identity Governance. Log-In to Azure Portal > Azure Active Directory > Identity Governance as shown in the following figure.

As we can see in the above figure, under Identity Governance page, there are 4 following major section at the left navigation. In our previous articles, we have already discussed in detail about all of the following 4 sections.

1) Privileged Identity Management (PIM) - Enable just-in-time and scheduled access, alerts, and approval workflows for Azure AD and Azure Resource roles. For more information on Privileged Identity Management (PIM), see our following article.

• Azure Active Directory Privileged Identity Management (PIM)

2) Entitlement Management - Manage access lifecycle at scale by automating request workflows, assignments, reviews, and expiration. For more information on Entitlement Management, see our following articles.

• Azure Active Directory Entitlement Management Overview
• Entitlement Management Administrator And Catalog Creator Roles
• Entitlement Management Access Package Manager Roles
• Entitlement Management Requestor And Approver Roles

3) Access Review - Enable certification campaigns for SaaS apps, remove excessive access, block guest access, and delete accounts. For more information on Access Review, see our following articles

• Azure Active Directory Access Review Of Privileged Identity Management (PIM)
• Azure Active Directory Access Reviews Of Group And Application

4) Terms Of Use - To present security information to end users, Azure AD terms of use provides a simple method that organizations can use. This presentation ensures users see relevant disclaimers for legal or compliance requirements. For more information on Terms Of Use, see our following article .

• Azure Active Directory Terms Of Use

Along with the above major features of Identity Governance, there are some more following Azure AD services/features, which help Identity Governance service to govern and control the Identity and resource management proficiently.

• Self-Service Password Reset (SSPR)
• Azure Active Directory Identity Protection
• Govern and control Business-to-Business (B2B) And Guest User In Azure Active Directory
• Azure Active Directory Conditional Access Policy And Multi-Factor Authentication (MFA)

This is one short but useful article, which may helps you to get basic information and knowledge about Azure AD Identity Governance.

Next Article : Part 26 – Azure Active Directory – Domain Service ( Azure AD DS) 1 – Overview

As I am exploring the Azure Identity and Access Management (IAM) in a deep level. Please let me know if I missed anything important or if my understanding is not up to mark.

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.

Thanks for reading 🙂