| title | description | ms.service | ms.subservice | ms.topic | ms.date | ms.author | author | manager | ms.reviewer |
|---|---|---|---|---|---|---|---|---|---|
How to get the most from Microsoft Entra documentation | What is least privilege and how to navigate using Microsoft Entra documentation? | entra | fundamentals | how-to | 04/15/2024 | joflore | MicrosoftGuyJFlo | femila |
Within the Microsoft Entra documentation, you might notice some changes in how we explain things. These changes are intended to help you be more secure and make navigation easier.
As your organization begins to manage Microsoft Entra, our documentation guides administrators to use a concept called "least privilege" where administrators use only the role required to do the job at hand. This concept is one of the three guiding principles of a Zero Trust strategy of:
- Verify explicitly
- Use least privilege access
- Assume breach
You see this concept surfaced in the first step of content called out like the following example with a link to the least privileged role definition:
- Sign in to the Microsoft Entra admin centeras at least a Security Administrator.
:::image type="content" source="media/how-to-navigate/least-privilge-steps.png" alt-text="Screenshot of a document showing how to complete a step using the principle of least privilege.":::
There's still a need for the highly privileged Global Administrator role in certain edge cases and we call them out as such.
Microsoft doesn't recommend that administrators work day to day with an active privileged role assignment. To combat these bad habits, organizations can use features like:
- Privileged Identity Management to elevate their accounts on a time limited basis to these highly privileged administrator roles.
- Microsoft Entra Permissions Management to identify and remediate over-privileged users across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Use the following resources to find the right role for your administrators.
There are many ways to find features and several portals you can use, including the following examples:
In our documentation, we primarily focus on the Microsoft Entra admin center and the shortest route to features. We guide users to features using a left to right navigation method like the following example:
- Browse to Entra ID > Enterprise apps > New application.
:::image type="content" source="media/how-to-navigate/navigation-example.png" alt-text="Screenshot showing an example of how to navigate using the steps found in an article.":::
This approach helps administrators new to a feature understand how to find what they're looking for in a standardized approach. More advanced administrators might find other ways to accomplish the same tasks including using the Microsoft Graph APIs, but in content we primarily focus on these steps.
