Skip to content

Managing Azure Entitlements

To display your Azure entitlement data in Identity Security Cloud, you must mark supported entitlements as cloud enabled.

Supported Entitlement Types

Identity Security Cloud supports the following Azure entitlements:

  • Group
  • azureRoleAssignment

Marking Microsoft Entra ID Cloud-Enabled Entitlement Types

When entitlements are pulled from your Azure cloud environment, you must mark the supported entitlement types as Cloud Enabled in your Microsoft Entra source configuration. This will allow certification campaign reviewers to view the access users have to your Azure cloud infrastructure.

  1. Go to Admin > Connections > Sources.
  2. Select the Microsoft Entra SaaS or Microsoft Entra VA-based connector you enabled to manage cloud resources.
  3. Select the Import Data tab and choose Entitlement Types.
  4. Edit and select the Cloud Enabled checkbox for the following entitlements:
    • Group
    • azureRoleAssignment
  5. Select Update.

You can now view an identity's cloud access granted through entitlements. You can include cloud-based entitlement types to certification campaigns to allow certifiers to view the effective access to your Azure resources.

Viewing Effective Access to Azure Resources

After marking your entitlement types, you can include cloud-enabled entitlements in certification campaigns to allow your certifiers to view cloud access details like the last level of access and type of action taken on the resource.

Documentation Feedback