I’m excited to share that we now support Microsoft Entra role assignments in Microsoft Entra ID Governance’s Entitlement Management feature! This allows you to provide IT administrators with just-in-time access to the least privileged roles to minimize the attack surface in your organization. However, some admins may require long-standing permissions for specific resources.
With Microsoft Entra ID Governance, you can assign roles to users and groups through Entitlement Management access packages. This helps minimize security breaches, ensure the right access to resources, scale role assignments as your organization grows, and enable business functions by combining tools and applications with roles.
Customers have used this capability in IT helpdesk, application administration, and operations scenarios. By managing role assignments through access package policies, you control the full lifecycle of role assignment from request to provisioning.
To automate role assignments, tenant administrators can create access packages with necessary roles for IT helpdesk staff. Users can request access through the My Access portal, and approvals can be delegated to department managers, freeing up the IAM team to focus on security. By setting eligibility in the access package, users can activate roles through Privileged Identity Management when needed.
You can ensure least privileged access for all IT administrators by setting up periodic access reviews to remove role assignments when access
