Blog Post

Microsoft Entra Blog
3 MIN READ

Introducing new features of Microsoft Entra Permissions Management

Joseph Dadzie's avatar
Joseph Dadzie
Icon for Microsoft rankMicrosoft
Dec 14, 2023

Microsoft Entra Permissions Management is a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage the permissions of any identity across organizations’ multicloud infrastructure. With Permissions Management, organizations can assess, manage, and monitor identities and their permissions continuously and right-size them based on past activity.

 

Today, we’re thrilled to unveil the details of our Ignite announcement and introduce new features and APIs for Permissions Management, enhancing your overall permissions management experience. 

 

Permissions Management app in the ServiceNow app store (Generally Available)

 

Users can now request time-bound, on-demand permissions for multicloud environments (Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)) via the ServiceNow portal. This integration will strengthen organizations’ Zero Trust posture by adding permission requests to existing approval workflows in ServiceNow, making it possible to enforce the principle of least privilege in multicloud environments. To learn more about this, please visit here. 

 

 

Integration with Microsoft Defender for Cloud (Public Preview) 

 

We are enhancing our cloud-native application protection program (CNAPP) by delivering basic permissions management insights through Microsoft Defender for Cloud. This integration strengthens the prevention of security breaches that can occur due to excessive permissions or misconfigurations in cloud environments. This enables organizations to implement the principle of least privilege for cloud resources and receive actionable recommendations for resolving permissions risks across Azure, AWS, and GCP. To learn more, please visit here.   

 

Okta and AWS IAM Identity Center support (Public Preview)

 

Permissions Management customers can now detect identities originating from Okta and AWS IAM Identity Center.  This will help customers gain a centralized view of all identities and their permissions, regardless of the identity provider solutions they are using. Organizations can easily configure Okta, and AWS IAM Identity Center with just a few clicks. 

 

 

Permissions Analytic Report (Public Preview)

 

This report lists findings across identities and resources in Permissions Management. This report can be directly viewed on the Permissions Management page, downloaded in Excel format, and exported as a PDF. It’s available for all supported cloud environments, which include Microsoft Azure, AWS, and GCP. To learn more, please visit here

 

 

New APIs 

 

Permissions Management has introduced multiple MS-Graph APIs in public preview, addressing key use cases based on customer feedback. With these new APIs, organizations can retrieve the inventory of onboarded AWS accounts, Azure subscriptions, and GCP projects, incorporate permissions analytics insights into dashboards in SIEM tools, and enable access reviews in existing ticketing systems. In addition, the Permission on Demand API provides flexibility to elevate the permissions of users or workload identities as necessary, either through automation or by integrating with an IT Service Management (ITSM) solution. To learn more, please visit here.

 

As always, we'd love to hear your feedback, thoughts, and suggestions! Feel free to share with us on the Microsoft Entra (Azure AD) forum or leave comments below. We look forward to hearing from you.

 

Joseph Dadzie, Partner Director of Product Management 

Linkedin: @joedadzie 

Twitter: @joe_dadzie 

 

 

Learn more about Microsoft Entra: 

Updated Apr 03, 2024
Version 2.0
No CommentsBe the first to comment