Introducing New Features of Microsoft Entra Permissions Management

Microsoft Entra Permissions Management is a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage the permissions of any identity across organizations' multicloud infrastructure. With Permissions Management, organizations can assess, manage, and monitor identities and their permissions continuously and right-size them based on past activity.

Today, we're thrilled to unveil the details of our Ignite announcement and introduce new features and APIs for Permissions Management, enhancing your overall permissions management experience. 


Permissions Management app in the ServiceNow app store (Generally Available)

Users can now request time-bound, on-demand permissions for multicloud environments (Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)) via the ServiceNow portal. This integration will strengthen organizations' Zero Trust posture by adding permission requests to existing approval workflows in ServiceNow, making it possible to enforce the principle of least privilege in multicloud environments. To learn more about this, please visit here. 


Integration with Microsoft Defender for Cloud (Public Preview) 

We are enhancing our cloud-native application protection program (CNAPP) by delivering basic permissions management insights through Microsoft for Cloud. This integration strengthens the prevention of security breaches that can occur due to excessive permissions or misconfigurations in cloud environments. This enables organizations to implement the principle of least privilege for cloud resources and receive actionable recommendations for resolving permissions risks across Azure, AWS, and GCP. To learn more, please visit here.   


Okta and AWS IAM Identity Center support (Public Preview)

Permissions Management customers can now detect identities originating from Okta and AWS IAM Identity Center.  This will help customers gain a centralized view of all identities and their permissions, regardless of the identity provider solutions they are using. Organizations can easily configure Okta, and AWS IAM Identity Center with just a few clicks. 


Permissions Analytic Report (Public Preview)


This report lists findings across identities and resources in Permissions Management. This report can be directly viewed on the Permissions Management page, downloaded in Excel format, and exported as a PDF. It's available for all supported cloud environments, which include Microsoft Azure, AWS, and GCP. To learn more, please visit here


New APIs 

Permissions Management has introduced multiple MS-Graph APIs in public preview, addressing key use cases based on customer feedback. With these new APIs, organizations can retrieve the inventory of onboarded AWS accounts, Azure subscriptions, and GCP projects, incorporate permissions analytics insights into dashboards in SIEM tools, and enable access reviews in existing ticketing systems. In addition, the Permission on Demand API provides flexibility to elevate the permissions of users or workload identities as necessary, either through or by integrating with an IT Service Management (ITSM) solution. To learn more, please visit here.


As always, we'd love to hear your feedback, thoughts, and suggestions! Feel free to share with us on the Microsoft Entra (Azure AD) forum or leave comments below. We look forward to hearing from you.

Joseph Dadzie, Partner Director of Product Management 

Linkedin: @joedadzie 

Twitter: @joe_dadzie 

Learn more about Microsoft Entra: 


This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.