We are now at the last part of the blog post series about admin lifecycle management. In this last part, the focus will be on offboarding – specifically the scenario where the user who owns the admin account(s) is leaving the company and their regular user account is offboarded. In the real world, however, admin … Read more
Automating access to Shared mailboxes in Exchange Online using Entra ID Governance is something that has been on my to-do list for some time. I was recently asked by a colleague if I could find a way to automate that process when a user onboards or moves (department, location change, etc.). When handling access to … Read more
If you have been working with Access Packages in Entra ID Governance, you probably know that getting a proper overview of your setup is not easy. There is no built-in way to see all your catalogs, packages, policies, and resources in one place. I have written about some of the challenges before, like finding and … Read more
Continuing from where I left off in part 1 of this blog post series, in this one I want to turn the focus on the security I wrote a little bit about at the end of part 1, but also how to request access to different resources on behalf of the admin accounts. One of … Read more
For some time, I have been thinking about the possibility of creating something that allows me or my colleagues to run Custom extensions in Entra ID Governance manually without the need to navigate to the automation account where the code that gets executed with the Custom extension is hosted or create a Lifecycle workflow to … Read more
The lifecycles of admin accounts can be tricky to manage, because admin accounts are not regular user accounts – they have to be handled differently. You need to make sure, just like with regular users, that they are not over-privileged. Another thing to consider with admin accounts is their lifecycle. What happens when the regular … Read more
Did you know that if you delete an Entra ID security group, it will still remain under resources in an Access Package in Entra ID Governance? Well, now you know it does. This can lead to delivery of access packages being partially delivered when a user gets an access package assigned. This is something that … Read more
When working with Microsoft Global Secure Access (GSA), you will find yourself in the beginning creating Enterprise Applications manually for apps that will use Private access. That could be for RDP access or application access to an on-premise system. I was recently tasked with adding a lot of websites that needed to be processed through … Read more
When you offboard users and ultimately delete their user accounts, something that can easily be forgotten is that the user may be an approver in an access package in Entra ID Governance. What happens is when you delete the user in Entra ID (via AD Connect sync or otherwise), the user will still be present … Read more
Reporting is a key component in my opinion when working with Microsoft licenses. You should be able to know fairly easily at all times how many licenses you have, how many you have left, and who is using what. This is especially valuable when you are doing a Microsoft True-up, or when you need to … Read more
