The course is part of these learning paths
Entitlement packages in Microsoft 365 are a way to streamline and grant access to users more easily. An entitlement package encapsulates user groups, Teams, applications, and SharePoint sites into a catalog. The resources in the catalog are each assigned an access role that dictates the permissions a user will have when using the resource. An approval process and a hyperlink added to the resources and roles are the basic ingredients of an entitlement package. This course will explore entitlement packages and their use cases more thoroughly, including implementation through the Azure portal.
- Overview of Entitlement access packages
- How to use Entitlement access packages
- How to create an Entitlement access package in the Azure portal
This course is intended for students who want to learn about Entitlement access packages, their use cases, and how to implement them. Students who intend to take the MS-100 exam: Microsoft 365 Identity and Services.
Have used the Azure portal, know what Azure Active Directory is, and optionally, have an Azure Active Directory Premium P2 or Enterprise Mobility plus Security E5.
Catalogues enable you to group resources to use in access packages. In your active directory in the Azure portal click Identity Governance and then Catalogues. If it’s your first time in catalogues, you’ll see the default general catalogue. To create a new catalogue, hit the new catalogue button and give the catalogue a name and description. I’ll call it For Contractors. You change the active state of the catalogue with the enabled switch and can choose to make it available to external users.
Click create to, well, create the catalogue. Once created we add resources to the catalogue through the edit function. The process for adding resources is the same as when adding them to an access package, except we aren’t assigning roles to each resource here. I’ll add an application, a SharePoint site and a group. This involves selecting each resource in the right-hand blade and then adding all selected resources to the catalogue.
Let’s create an access package using the For Contractors catalogue. Within Identity Governance select Access packages and then click new access package. On the basics tab select the new catalogue from the drop-down list. Now, this is the interesting part. I thought the catalogue would have prepopulated the resources, but what it does is give you a subset of resources to choose from when selecting groups and teams, applications, and SharePoint sites. To the left are all possible groups. Of course, I as administrator could check the see all groups and teams, but the ability to do that isn’t available to all package creators.
Using the catalogue in this way is more flexible as it can be used with multiple access packages, i.e., you can pick resources from a catalogue rather than assign all catalogue resources by default to the package. You will still need to assign roles to the resources, but from this point on access, package creation is the same as using the default general catalogue.
Going back to the catalogues view, once a catalogue has been used in an access package, clicking on Access Packages in the left-hand menu will display the associated packages. Under roles and administrators, we can assign various roles to the catalogue.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.