The workflows such as joiner, mover, and leaver work in Microsoft Entra ID Governance. Entitlement Management is a bundle of resources where Microsoft Entra ID applications, groups, and SharePoint sites are packaged into a single package so that users can request it. This is one of the great features for Microsoft Entra ID Governance. Another feature is Access Review, which allows an automated schedule to be managed for the manager or resource owner so that they can verify whether people still need access. Privileged Identity Management is another feature for governance that provides just-in-time (JIT) access for administrative roles. For example, instead of being a permanent or global admin, which is a major security risk, an IT professional is eligible for the role and must request four hours of access only when they need to perform a specific task. There is a feature called access package. If any user wants particular application access, they can request this application via Microsoft Entra ID Governance access package. Whenever an end user makes a request, the access goes to one application manager and their current line manager. If they approve it, then they get the application access. This is a very good feature for user-centric purposes. Microsoft Entra ID Governance includes securing AI agent identity. As a company uses more AI generation such as Copilots or custom bots, those bots need their own identity just as employees do. Microsoft Entra now provides a way to assign unique identities to AI agents so you can control what data they can access. Microsoft Entra ID Governance protection now looks for risky behavior in AI agents. If a bot suddenly tries to download an unusual amount of data or unconscious data, it can detect this as a risk detection factor. Security Copilot allows Entra administrators to manage identity with natural language. Microsoft Entra ID Governance has protection and authentication features. Smart risk detection protects and analyzes to detect threats such as impossible travel. If a person is logging in from many different locations, it detects this as a risk factor. A user cannot use an unauthenticated password or log in from an incompatible device. These AI features are used in conditional access management in Microsoft Entra ID Governance. Automation is used for user onboarding, user offboarding, and user update processes through user lifecycle management. If an organization uses Workday as an HR application where new users join and fill in their details, all these details get reflected into Workday and then reflected into Active Directory as well as Microsoft Entra ID Governance. This automation helps to manage the day-to-day user onboarding process, user offboarding process, and user update process. Microsoft Entra ID Governance automation also helps with password-related tasks, access recertification, and reporting.
