Microsoft 365 - Entitlement Management Made Simple

In my opinion it’s one of the most underused and greatest collaboration tools in Microsoft 365 / Azure AD. Entitlement management, AKA Access Packages provide an awesome way to share and collaborate on access packages containing resources from multiple sources including Microsoft Teams, groups, shared applications and even SharePoint websites.

More about this topic

What is Azure AD entitlement management?

Azure Active Directory (Azure AD) entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, by automating access request workflows, access assignments, reviews, and expiration.

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview

Tutorial: Manage access to resources in Azure AD entitlement management

Managing access to all the resources employees need, such as groups, applications, and sites, is an important function for organizations. You want to grant employees the right level of access they need to be productive and remove their access when it's no longer needed.

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-first

Delegation and roles in Azure AD entitlement management

By default, Global administrators and Identity governance administrators can create and manage all aspects of Azure AD entitlement management. However, the users in these roles may not know all the situations where access packages are required. Typically it's users within the respective departments, teams, or projects who know who they're collaborating with, using what resources, and for how long.

https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-delegate