Microsoft Entra: Guide to New User Admin Role Management
Microsoft Entra
Sep 29, 2023 4:14 PM

Microsoft Entra: Guide to New User Admin Role Management

by HubSite 365 about Microsoft

Software Development Redmond, Washington

External YouTube Channel
Pro User

Microsoft EntraSecurityM365 Release

Master the new User Admin Role in Microsoft Entra Entitlement Management for efficient access control and governance.

New User Admin Role in Microsoft Entra Entitlement Management

Microsoft Entitlement Management is an innovative identity governance feature and part of the Microsoft technology ecosystem. Its purpose is to manage internal and external access to specific applications, SharePoint Online sites, and groups within large organizations. This feature streamlines access request workflows, access assignments, reviews, and expiration, contingent upon the needs of the user.

Employees require access to various resources to perform their tasks. However, managing this access becomes challenging as new applications are added, or users need more access rights. This scenario gets even more intricate when organizations collaborate with external bodies. The video highlights how entitlement management assuages many of these issues, allowing for more efficient management of access for all users.

Enterprise organizations often encounter difficulties when managing employee access, such as users not knowing the specific access they require, difficulties in finding approval for their access, or retaining access, longer than required for business purposes. Microsoft Entitlement Management is designed to help corporations overcome these challenges.

Capabilities and Functionality of Entitlement Management

One of the main capabilities of entitlement management includes controlling user access to resources via multi-stage approval and ensuring users don't maintain access indefinitely through time-limited assignments and recurring access reviews.

This feature can automatically give users access to resources, based on the user's properties like their department or cost center. Its design allows for non-administrators to create 'access packages', inclusive of a set of resources that users can request. Additionally, an option is available for selecting connected organizations whose users can request access.

Entitlement management introduces an 'access package', which is a bundle of all the resources with the specific access a user needs to work on a task or project. You can control access to various resources like group membership of Microsoft 365 groups, enterprise applications, SharePoint Online sites, and Microsoft Entitlement Management security groups.

Access Control Mechanisms

An access package consists of a resource list and the roles users require. These packages also include one or more policies to ensure that only the appropriate users are able to have access assignments. Policies regulate access assignment rules and can be used for access requests, ensuring that only the necessary individuals have access, and that the access is time-limited and set to expire if not renewed.

Access packages are most effective in situations like migrating access policy definitions from a third party enterprise role management to Microsoft Entitlement Management, managing job role-associated time-limited access, and obtaining approvals for extended access.

Access packages are defined in containers called catalogs, and resources are gathered in these catalogs. Non-administrators can create and own their own catalogs and add resources they own.

In Conclusion

Entitlement Management, a part of Microsoft technology ecosystem, offers a solution for efficiently managing access for internal and external users. Its aim is to handle identity and access lifecycle at scale, tackling various challenges associated with managing employee access to applications, SharePoint Online sites, and groups. Microsoft Entitlement Management is beneficial for any organization dealing with complex access requirements.

Read the full article New User Admin Role in Microsoft Entra Entitlement Management

Microsoft Entra - Microsoft Entra: Guide to New User Admin Role Management

Learn about New User Admin Role in Microsoft Entra Entitlement Management

Understanding the new 'User Admin Role' within Microsoft Entra Entitlement Management can be a complex task. However, this fundamental feature of identity governance empowers organizations to efficiently govern identity and access scalability, by automating access request workflows, managing access assignments, reviews, and expirations.

As demands evolve, managing access in organizations becomes challenging due to increasing applications and expanded user access rights. This challenge is exacerbated when collaborating with external organizations. Unknowing who requires access to what resource, and managing those assignments can be arduous tasks.

Entitlement management facilitates this by managing access to groups, applications, and SharePoint Online sites for internal users, as well as those outside your organization. For enterprises, difficulties that are often faced when providing employee access, such as locating the right individuals to approve their access, can be mitigated with this feature.

Moreover, entitlement management can address the challenge of managing access to external users, such as those from supply chain organizations or other business partners, with no one person knowing all the specific individuals to invite. The efficient and consistent management of all users' access can be ensured with this feature.

There are several capabilities of entitlement management, ranging from control over access to applications, groups, Teams, SharePoint sites, multi-stage approval, to ensuring that user access is time-limited through routine access reviews, etc. This feature allows delegation to non-administrators for the creation of access packages. These access packages contain resources that users can request access to, and the delegated access package managers can define policies with rules for user access requests, approval, and access expiry times.

Furthermore, the concept of an access package is introduced by entitlement management. This concept comprises a bundle of resources required by a user to perform a task or work on a project. This includes managing user's access to resources such as Microsoft Entra security groups, Microsoft 365 Groups and Teams, assignment to Microsoft Entra enterprise applications, including SaaS applications, SharePoint online sites, etc.

With an access package, resources (groups, apps, and sites) are listed, and the roles users need for these resources are specified by an administrator or delegated access package manager. An access package also includes one or more policies, defining the rules or 'guardrails' for assignment to access packages. Access requests and assignments are specified in these policies, ensuring appropriate access assignment to users.

Delegation of access is done using catalogs, containers in which access packages are defined. Catalog creators can be authorized to create new catalogs and add resources they own to a catalog. Lastly, entitlement management uses specific terminology, such as access package, access request, assignment, catalog, catalog creator, connected organization, policy, resource, resource directory, and resource role, to streamline the feature.

So, if you're interested in efficiently managing access to resources using the new admin center of the innovative platform, or even if you're interested in leveraging Graph to administrate resource access, Microsoft Entra will facilitate your needs with user-friendly tutorials and plenty of additional resources. This article will guide you through the process of familiarizing yourself with and maximizing the potential of this new feature in entitlement management.

  • Microsoft Entra ID Governance requires a subscription for your organization's users,
  • For detailed specifics on your requirements, see Microsoft Entra ID Governance licensing fundamentals.

In conclusion, Microsoft Entra Entitlement Management brings a powerful feature to organizations, helping them streamline the management of access rights for users both inside and outside their organization. With delegated catalog creation, customizable access packages, and more, the new User Admin Role is set to revolutionize the way businesses manage their user identity governance. So why not capitalize on this remarkable feature today?

More links on about New User Admin Role in Microsoft Entra Entitlement Management

What is entitlement management? - Microsoft Entra
Sep 21, 2023 — Entitlement management is an identity governance feature that enables organizations to manage identity and access lifecycle at scale, ...
Tutorial - Manage access to resources in entitlement ...
Sep 6, 2023 — Step-by-step tutorial for how to create your first access package using the Microsoft Entra admin center in entitlement management.
Create an access package in entitlement management
Aug 29, 2023 — Sign in to the Microsoft Entra admin center as at least an Identity Governance Administrator. Browse to Identity governance > Entitlement ...


Microsoft Entra Entitlement Management, Admin Role, User Admin, New User Role, Entra Entitlement, Microsoft Admin, Admin Entitlement, Microsoft Role Management, User Role Management, Microsoft Entra Role.