Microsoft Entra Entitlement Management to Update User Admin Role

Cloud Computing

Microsoft has announced some important changes coming to its Microsoft Entra Entitlement Management service. Starting on May 3, employees in the user admin role won’t be able to perform identity governance tasks such as managing Entitlement Management catalogs and access packages.

Microsoft Entra Entitlement management is an identity management feature that lets customers manage and control access to applications and resources. It helps to automate access requests, access assignments, reviews, and expiration workflows. Entitlement management makes it easier for IT admins to ensure that only authorized internal and external users have access to groups, applications, and SharePoint Online sites.

Essentially, an access package is a bundle that comprises all the necessary resources that a user requires to carry out their tasks. These access packages are defined within containers called catalogs.

User Admin role updates in Microsoft Entra Entitlement Management

Going forwards, Microsoft says that organizations will need to use the Identity Governance Administrator role for daily management tasks. It’s highly recommended that IT admins should ensure that only those users have permission to manage Entitlement Management catalogs and access packages.

“We want to ensure minimal customer impact when we remove Entitlement Management permissions from the User Administrator role. By assigning admins the Identity Governance Administrator role, they will have the necessary permissions to continue managing catalogs and access packages,” Microsoft explained in a message on the Microsoft 365 admin center.

Microsoft explained that IT admins will be able to manage role assignments through the Azure Active Directory admin center or Graph API. You can find more details on how to update or remove existing role assignments on this support page.