Settings– Planning and Implementing Secure Access

03/05/202403/05/2024| Christine AlbertSettings– Planning and Implementing Secure Access| 0 Comment| 4:44 am
Categories :

The Settings page allows you to configure how certain tenant-wide Identity Governance features work, including how to manage the life cycle of external users and delegate entitlement management capabilities. This can be seen in Figure 8.8:

Figure 8.8 – Identity Governance – the Settings page

Periodically, as new Identity Governance preview features are released, they may show up on this page so that you can adopt them in preview mode before they are broadly distributed.

Next, we’ll look at planning an access package.

Planning access packages

Your organization can have multiple catalogs, and each catalog can have multiple access packages. You may wish to create catalogs per organization, per business unit, per project, or any other criteria that you select. Generally, catalogs create resources that are related in some way.

If you have delegated the access package manager role to another individual, that individual can only add resources to an access package that already exists in the corresponding catalog. Administrators, however, can add resources that don’t exist in the current catalog.

Note

When an administrator adds an unlisted resource to an access package, the resource is automatically added to the catalog where the access package is being created.

When planning for an access package, be sure to identify the following components. These should be included as they help you decide on configuration options:

  • Resource roles:
    • Groups and Teams
    • Applications
    • SharePoint sites
  • Requests:
    • Who can request access?
      • Users in the directory
      • External users in connected organizations
      • None (only assigned by administrators)
    • Whether new requests are allowed (enabled) or not (disabled)
    • Whether Entra Verified IDs will be used
  • Requestor information:
    • Ability to request custom information from the access package requestor, such as justifications or additional business purposes
  • Life cycle:
    • Whether access package assignments will expire
    • Whether the access package will require access reviews
  • Custom extensions:
    • Whether any customized Logic Apps workflows are triggered through various stages of the access package life cycle

Once you have identified the resources that are required for the access package, you can begin creating one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Alerting– Planning and Managing Roles in Microsoft 365

23/11/202223/11/2022 Christine AlbertAlerting– Planning and Managing Roles in Microsoft 365
PIM also has built-in alerting functions. The alerts are designed to provide notifications if certain [...]
Read MoreRead More

Overview of Identity Governance– Planning and Implementing Secure Access

25/02/202425/02/2024 Christine AlbertOverview of Identity Governance– Planning and Implementing Secure Access
Security and identity are some of the most important parts of managing a Microsoft 365 [...]
Read MoreRead More

Per-user multi-factor authentication– Planning and Implementing Authentication

14/02/202314/02/2023 Christine AlbertPer-user multi-factor authentication– Planning and Implementing Authentication
If MFA was configured in your tenant before October 2019, it may have been configured [...]
Read MoreRead More