Home > Cloud > NEW Entitlement Management: Automating employee and partner access requests, approvals and auditing

NEW Entitlement Management: Automating employee and partner access requests, approvals and auditing

Microsoft announced today the public preview of the Entitlement Management, which is part of the Azure AD Identity Governance.

I have been working with it since Private Preview, having deployed it ona Proof of Concept for a customer in Australia, for a scenario where user onboarding with workflow approval to access applications is a critical requirement.

Azure AD entitlement management works with Azure AD B2B to enable collaboration across business partners. Employees from a business partner can request access to resources using the same access packages and our policy engine, including provisioning their accounts upon approval by a business sponsor. This makes it simple to grant access to a specified set of resources for your business partners while knowing your processes are compliant and secure.

Here are some of capabilities of entitlement management:

  • Create packages of related resources that users can request
  • Define rules for how to request resources and when access expires
  • Govern the lifecycle of access for both internal and external users
  • Delegate management of resources
  • Designate approvers to approve requests
  • Create reports to track history


To try these features in your own directory, sign in to the Azure portal as an administrator, and go to the Azure Active Directory > Identity governance section.

In summary, with the ELM preview, Azure AD now provide:

  • Access request workflows, where you can configure different approval workflows for different groups of employees or guests who might request access.
  • Time-limited access for groups, apps, and sites, so users who are approved don’t retain access indefinitely—their access can be set to automatically expire.

Request Workflow with approval…

Creating a Policy …

Note: Entitlement management reaquires Azure AD Premium P2 or Enterprise Mobility + Security (EMS) E5.

For an overview of Identity Governance and entitlement management, watch the following video from the Ignite 2018 conference: https://youtu.be/aY7A0Br8u5M

For more information see https://docs.microsoft.com/en-au/azure/active-directory/governance/entitlement-management-overview

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: