How-to: Simplify Access with Microsoft Entra ID Packages

Opening

Two weeks ago, I described the basics of the Microsoft Entra ID Access Package. As I already mentioned, I want to create a how-to guide on how to set it up and also discuss some details. At the end of this blog post, I will cover a few useful use cases. Enjoy reading!

Prerequisites

  • Microsoft Entra ID
    An active Microsoft Entra ID tenant.
  • Licenses Ensure you have the necessary licenses, such as an Entra ID Premium P2 license. These include the features for Access Packages.
  • Administrator Rights You need administrator rights in your Microsoft Entra ID tenant to create and configure Access Packages.
  • User Accounts Users who will request or use the Access Packages must be present in the Microsoft Entra ID.
  • Groups and Resources Make sure that the groups, applications, and resources you want to include in your Access Packages are already configured in your Microsoft Entra ID.
  • Knowledge Basic knowledge of Microsoft Entra ID and Identity and Access Management (IAM) is very helpful to effectively configure the Access Packages.

How-to guide

Here is a simple step-by-step guide to creating and configuring a Microsoft Entra ID Access Package:

  1. Go to the Azure Portal
  2. Sign in with your Microsoft Entra ID administrative account.
  3. In the left-hand navigation pane, select Microsoft Entra ID
  4. Under the Manage section, select Identity Governance
  5. Click on Access packages
  6. Click + New access package
  7. Provide a name and description for the Access Package
  8. Under the Resource roles section, click + Add resource role such as Groups and Teams, Applications, SharePoint sites or Microsoft Entra role (Preview)
    • Choose the resources you want to include
    • Specify the roles for each resource (e.g., member, owner)
  9. Under the Requests section, click + Add a policy to define who can request access and how it should be approved
    • Configure the request policy:
      • Who can request access: Define criteria, such as specific user groups or all users
      • Approval process: Set the approval flow (e.g., no approval, single-stage approval, or multi-stage approval)
  10. Under the Lifecycle section, set up the policy for access reviews and expiration:
    • Automatic review: Select the review frequency (e.g., monthly, quarterly)
    • Access expiration: Define the duration for access (e.g., 30 days, 90 days)
  11. Review + create this access package

Request Access Package as User?

As a user, I now have the option of requesting the Access Package that has been created. To do this, the following steps must be followed:

  1. Open Microsoft My Access
  2. Switch to Access packages
  3. Choose and request the Access package
  4. Define specific period if necessary and fill out the Business justification text box
  5. The defined reviewer receives an e-mail and can accept or reject the Access Package request

Real-world use cases

Microsoft Entra ID Access Packages can be very useful in various real-world scenarios. Here are some use cases:

  • Onboarding New Employees Simplify the onboarding process by providing new employees with access to the necessary applications, groups, and resources based on their role. This can include email accounts, cloud storage, and team collaboration tools.
  • Project Team Access Quickly set up and manage access for a project team. Team members can be granted the right permissions and tools they need to collaborate effectively without manual intervention from IT for each individual.
  • Contractors and Consultants Provide external contractors and consultants with temporary access to necessary resources. You can set expiration dates and review cycles to ensure they don’t retain access longer than needed.
  • Compliance and Security Audits Ensure compliance with regulatory requirements by using Access Packages to manage and track who has access to sensitive information. This helps in generating audit trails and maintaining security standards.
  • Temporary Projects and Events Offer temporary access to resources for employees involved in short-term projects or events. This ensures that users have the required access only for the duration of the project or event.

By leveraging Microsoft Entra ID Access Packages, you can streamline access management, improve security, ensure compliance, and enhance productivity in your organisation. Source: Microsoft Learn – Tutorial: Manage access to resources in entitlement management

You might also like