{"id":406,"date":"2021-06-23T12:43:35","date_gmt":"2021-06-23T12:43:35","guid":{"rendered":"https:\/\/thecloudmarathoner.com\/?p=406"},"modified":"2021-06-23T12:46:09","modified_gmt":"2021-06-23T12:46:09","slug":"what-is-entitlement-management-and-how-it-can-help","status":"publish","type":"post","link":"https:\/\/thecloudmarathoner.com\/index.php\/2021\/06\/23\/what-is-entitlement-management-and-how-it-can-help\/","title":{"rendered":"What is entitlement management and how it can help?"},"content":{"rendered":"\n<p>Hello Cloud Marathoner&#8217;s,<\/p>\n\n\n\n<p>We are continuing our cloud learning journey with Azure services today. Last year Azure Active Directory has introduced many useful features and we will talk about one of them that simplifies the identity governance.<\/p>\n\n\n\n<p>&#8220;An Azure&nbsp;Active Directory (Azure&nbsp;AD)&nbsp;<strong>entitlement management<\/strong>&nbsp;is an identity governance feature that enables organizations to&nbsp;<strong>manage<\/strong>&nbsp;identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration. &#8221; &#8211; Microsoft Azure AD Identity Governance<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"670\" height=\"410\" src=\"\/wp-content\/uploads\/2021\/06\/external-users-lifecycle.png\" alt=\"\" class=\"wp-image-407\" srcset=\"\/wp-content\/uploads\/2021\/06\/external-users-lifecycle.png 670w, \/wp-content\/uploads\/2021\/06\/external-users-lifecycle-300x184.png 300w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/figure>\n\n\n\n<p>Entitlement management example with one catalog and two access packages<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How can entitlement management help?<\/h3>\n\n\n\n<p>There are several ways how you could leverage these features for your Azure resource management activities. The easiest one to get started with is the delegation options:<\/p>\n\n\n\n<p>\u2714\ufe0f Delegate management of resources from high privileged account to managers <br>\u2714\ufe0f Govern access for users in your organization <br>\u2714\ufe0f Govern access for users outside your organization<br>\u2714\ufe0f Automate and simplify day-2-day management<br>\u2714\ufe0f View and report on resource assignments and access packages<\/p>\n\n\n\n<p>Let&#8217;s consider following two common scenarios:<br><br><strong>First Scenario:  <\/strong>As administrator you want to delegate access governance from IT administrators to users who aren&#8217;t administrators.<br>Check out the <a rel=\"noreferrer noopener\" href=\"https:\/\/www.microsoft.com\/videoplayer\/embed\/RE3Lq00\" target=\"_blank\">Video clip<\/a> for step-by-step guidance.<\/p>\n\n\n\n<p><strong>Second Scenario:<\/strong> You would like to create an automated request process for your users to enable them request for an access package (set of Azure resources and accesses rights) to do their job.<\/p>\n\n\n\n<p>The request process of access packages can be simply understood by a help of a following sample infographic.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"499\" height=\"435\" src=\"\/wp-content\/uploads\/2021\/06\/request-process.png\" alt=\"\" class=\"wp-image-411\" srcset=\"\/wp-content\/uploads\/2021\/06\/request-process.png 499w, \/wp-content\/uploads\/2021\/06\/request-process-300x262.png 300w\" sizes=\"auto, (max-width: 499px) 85vw, 499px\" \/><figcaption>A user request for access package (set of resources) to start doing work assignments<\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">When I should use access packages?<\/h3>\n\n\n\n<p>It is not a silver bullet, so access packages do not replace other mechanisms for access assignment. However, following use-cases are most appropriate in situations where you would consider them:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Employees need time-limited access for a particular task. For example, you might use group-based licensing and a dynamic group to ensure all employees have an Exchange Online mailbox, and then use access packages for situations in which employees need additional access, such as to read departmental resources from another department.<\/li><li>Access that requires the approval of an employee&#8217;s manager or other designated individuals.<\/li><li>Departments wish to manage their own access policies for their resources without IT involvement.<\/li><li>Two or more organizations are collaborating on a project, and as a result, multiple users from one organization will need to be brought in via Azure AD B2B to access another organization&#8217;s resources.<\/li><\/ul>\n\n\n\n<p>Thank you for reading till this point. Stay tuned for more Cloud Security and Administration related posts.<\/p>\n\n\n\n<p>F\u1d0f\u029f\u029f\u1d0f\u1d21 \u1d0d\u1d07 \ud83c\udfaf \u1d00\u0274\u1d05 become \u1d00&nbsp;<a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=cloudmarathoner&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">#cloudmarathoner<\/a>&nbsp;\u26c5\ud83c\udfc3\u200d\u2642\ufe0f\ud83c\udfc3\u200d\u2640\ufe0f &#8211; \ud835\udc0b\ud835\udc04\ud835\udc13&#8217;\ud835\udc12 \ud835\udc02\ud835\udc0e\ud835\udc0d\ud835\udc0d\ud835\udc04\ud835\udc02\ud835\udc13 \ud83d\udc4d<\/p>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=microsoftazure&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">#microsoftazure<\/a><br>#AzureAD<br>#identitygovernance<br><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=mcas&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">#access<\/a><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=securitymanagement&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">management<\/a><br><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=secureaccess&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">#secureaccess<\/a><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=appsec&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\"> <\/a><br><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=bestpractices&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">#bestpractices<\/a><br><a href=\"https:\/\/www.linkedin.com\/feed\/hashtag\/?keywords=continuouslearning&amp;highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6796043041137336320\">#continuouslearning<\/a><\/p>\n<div class=\"pvc_clear\"><\/div><p id=\"pvc_stats_406\" class=\"pvc_stats all  \" data-element-id=\"406\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p><div class=\"pvc_clear\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Hello Cloud Marathoner&#8217;s, We are continuing our cloud learning journey with Azure services today. Last year Azure Active Directory has introduced many useful features and we will talk about one of them that simplifies the identity governance. &#8220;An Azure&nbsp;Active Directory (Azure&nbsp;AD)&nbsp;entitlement management&nbsp;is an identity governance feature that enables organizations to&nbsp;manage&nbsp;identity and access lifecycle at scale, &hellip; <a href=\"https:\/\/thecloudmarathoner.com\/index.php\/2021\/06\/23\/what-is-entitlement-management-and-how-it-can-help\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;What is entitlement management and how it can help?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,15],"tags":[],"class_list":["post-406","post","type-post","status-publish","format-standard","hentry","category-cloud-101","category-security-governance"],"_links":{"self":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/comments?post=406"}],"version-history":[{"count":7,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/406\/revisions"}],"predecessor-version":[{"id":415,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/406\/revisions\/415"}],"wp:attachment":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/media?parent=406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/categories?post=406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/tags?post=406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}