Pro User
explore our new search
Boost Security with New Entra ID Branding Role
Image Source:
Microsoft Entra
Apr 20, 2024 8:09 AM

Boost Security with New Entra ID Branding Role

by HubSite 365 about Microsoft

Software Development Redmond, Washington

AdministratorMicrosoft EntraM365 AdminM365 Release

Boost Security with Microsoft Entras New Organizational Branding Role - Simplify User Experience Customization!

Key insights

  • General Availability (GA) of the Organizational Branding role for Microsoft Entra ID Company Branding has been announced, focusing on Zero Trust network access by enforcing least privilege.
  • Previously, configuration of Entra ID Company Branding required the Global Admin role, which has extensive privileges beyond the necessary for Entra ID Company Branding.
  • The new Organizational Branding role limits permissions strictly to the configuration of Entra ID Company Branding, enhancing security and reducing potential attack vectors.
  • Assigning the role involves logging onto Microsoft Entra ID, selecting a user, choosing 'Assigned roles', and then adding the Organizational Branding Administrator role.
  • Once assigned, users will be empowered to customize the authentication User Experience (UX) through Entra ID Company Branding.

New Microsoft Entra ID Company Branding Role

The recent advancement in Microsoft Entra ID Company Branding through the introduction of the Organizational Branding role is a significant stride towards reinforcing cybersecurity measures within organizations. The General Availability (GA) of this dedicated role reflects Microsoft's commitment to the principles of Zero Trust network access, prioritizing the security and efficiency of user access controls. Previously, the requirement for the Global Admin role to configure branding aspects posed unnecessary risks due to its extensive permissions. However, the streamlined permissions offered by the Organizational Branding role not only enhance security by reducing the attack surface but also improve governance by ensuring that access rights are precisely aligned with the needs of the users.

Enforce least privilege for Microsoft Entra ID Company Branding with the new Organizational Branding role. Hello friends, I'm pleased to announce General Availability (GA) of the Organizational Branding role for this system. This new role is part of our ongoing efforts to implement Zero Trust network access by enforcing the principle of least privilege for users when customizing their authentication user experience (UX).

Previously, users wanting to configure their system required the Global Admin role. This role, though, has sweeping privileges beyond what's necessary for configuring it. The new Organizational Branding role limits its privileges to the configuration, significantly improving security and reducing the attack surface associated with its configuration.

To assign the role to a user, follow these steps:

  • Log on to the ID and select Users.
  • Select and open the user to assign the Organizational Branding role.
  • Select Assigned roles and then Add assignments.
  • Select the Organizational Branding Administrator role and assign it to the user.

Once the settings are applied, the user will be able to configure the authentication UX. Learn more about how to configure your company branding and create a consistent sign-in experience for your users. James Mantu, Sr. Product Manager, identity.

Read the full article Enforce least privilege for Entra ID Company Branding with the new Organizational Branding role

People also ask

Where is company branding in Microsoft Entra?

To manage the company branding, sign into the Microsoft Entra admin center with an Organizational Branding Administrator account. Then, follow the path Identity > User experiences > Company branding. For those with an already customized sign-in experience, an Edit option should be readily available.

What are the best practices for entra id application?

When it comes to securing Microsoft Entra ID, it's advisable to enable Security Defaults. Additionally, configuration settings should include limitations on guest user permissions by setting it to 'Yes', ensuring that 'Guests can invite' and 'Members can invite' are configured to 'No'.

What is company branding in Intune?

Incorporating branding into your Intune tenant enhances the user interface for those utilizing the Company Portal. This customization process involves specifying your organization's name, and selecting appropriate colors and theme color within Intune's settings.

How do I remove company branding from Azure AD?

To eliminate company branding from Azure Active Directory, navigate to Company Branding > Configure within Azure AD. On the resulting page, you can update or remove any branding details according to the guidance provided in the "Customize your Azure AD sign-in" section. Ensure to save any changes made.



Entra ID, organizational branding, least privilege, company branding, new role, branding role enforcement, Entra ID branding, manage Entra ID branding