The Minnesota Microsoft 365 User Group held their 14th biannual workshop day, and once again I was grateful for the opportunity to present, sharing my insights and experiences on modernizing identity governance using Microsoft Entra.
I started the session by discussing the importance of identity governance and the role of Microsoft Entra in automating and securing identity lifecycle management. We explored the core components of identity governance, including lifecycle workflows, entitlement management, access reviews, and privileged identity management.
Contents
Identity Provisioning
We delved into the provisioning process using Microsoft Entra, highlighting the integration with HR systems like Workday. This integration allows for seamless user onboarding and offboarding, ensuring that user attributes are accurately mapped and managed. One of the questions asked:
Q: How do you handle the integration of Workday with Microsoft Entra for user provisioning?
A: We create two applications within Entra: one for provisioning user attributes and another for writing back information like email addresses to Workday. This ensures that user data is consistent across systems.
Lifecycle Workflows
I explained how lifecycle workflows automate tasks related to user onboarding, role changes, and offboarding. These workflows can be triggered by attribute changes, group membership changes, or time-based events. One of the questions asked:
Q: What are the key considerations for managing user accounts during onboarding and offboarding?
A: It’s crucial to understand the onboarding and offboarding processes, including the roles of HR and security teams. We use lifecycle workflows to automate tasks such as enabling/disabling accounts and sending notifications.
Access Packages and Reviews
We discussed the use of access packages to manage user access to resources. These packages can be configured to require approval and can include periodic access reviews to ensure compliance and security. There were 2 great questions asked on the topic:
Q: What are the benefits of using access packages for managing user access?
A: Access packages streamline the process of requesting and approving access to resources. They provide a self-service portal for users and ensure that access is granted based on predefined policies and approvals.
Q: How do you manage access reviews for guest users?
A: Access reviews for guest users can be automated using dynamic groups and access packages. These reviews ensure that guest accounts are regularly evaluated and deactivated if no longer needed.
Privileged Identity Management (PIM)
I covered the importance of PIM in managing and securing privileged accounts. We explored how PIM can be integrated into lifecycle workflows to automate the assignment and management of privileged roles
Making the Shift
As we transitioned from discussing modern technology back to the current state driver behind why modernizing is the driver to making the move, we talked about some lessons learned in the current journey transitioning from Microsoft Identity Manager (MIM).
Improving Identities Efficiencies
In the final portion of the workshop I talked about how to successfully use the Microsoft framework to implement a success PoC as well as included some considerations / “gotchas” plus resources to use for deployment.
Bringing it Home
I always come into these sessions providing valuable insights from my own war stories in the field, and modernizing identity governance with Microsoft Entra is definitely a journey few have started but many will certainly venture down over the years to come.
By leveraging lifecycle workflows, access packages, and privileged identity management as the core components of the Microsoft Entra suite of products, organizations can enhance their security posture and streamline identity management processes.
I appreciated the active participation and insightful questions from everyone, which made the session engaging and informative. As a takeaway, please find a full PDF version with presenter notes at the link below!
