Step 6: Configure identity governance

Phase 2-Identity

Identity governance is all about protecting, monitoring, and auditing access to critical assets while ensuring employee productivity. For example, with identity governance, you can ensure that the right users have the right access to the right resources and determine if that access changes over time.

See this article for more information about identity governance for Azure Active Directory (Azure AD).

This is optional and applies only to the E5 version of Microsoft 365 Enterprise

Set up Azure AD access reviews

This is optional and only applies to the E5 version of Microsoft 365 Enterprise

In this step, you'll set up Azure AD access reviews, which allow you to review a user's access to ensure only the right people have continued access. For example:

  • As a new employee joins your organization, you need to ensure they have the right access to be productive.
  • As that employee moves to other teams, locations, or departments, you need to ensure that their access to previous teams, locations, or departments are removed as needed.
  • When that employee or a guest leaves your organization, you need to ensure their access is removed.

This is especially important if your organization is subject to security audits to determine if user accounts have too much access, which could result in fines if in violation of industry or regional regulations.

See this article for more information about Azure AD access reviews.

Azure AD Privileged Identity Management (PIM) provides additional controls tailored to securing access rights for resources, across Azure AD, Azure, and other Microsoft cloud service. Azure AD PIM provides a comprehensive set of governance controls to help secure your company's resources such as directory, Office 365, and Azure resource roles. As with other forms of access, organizations can use access reviews to configure recurring access recertification for all users in administrator roles. Azure AD PIM is only available with the E5 version of Microsoft 365 Enterprise.

See these articles to configure different types of access reviews:

As an interim checkpoint, you can see the exit criteria for this section.

Next step

Identity infrastructure exit criteria