Enable Permissions Management in your organization

This article describes how to enable Permissions Management in your organization. Once you've enabled Permissions Management, you can connect it to your Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) platforms.

Note

To complete this task, you must have global administrator permissions as a user in that tenant. You can't enable Permissions Management as a user from other tenant who has signed in via B2B or via Azure Lighthouse.

A preview of what the permissions management dashboard looks like.

Prerequisites

To enable Permissions Management in your organization:

  • You must have an Azure AD tenant. If you don't already have one, create a free account.
  • You must be eligible for or have an active assignment to the global administrator role as a user in that tenant.

Note

During public preview, Permissions Management doesn't perform a license check. The public preview environment will only be available until October 7th, 2022. You will be no longer be able view or access your configuration and data in the public preview environment after that date. Once you complete all the steps and confirm to use Microsoft Entra Permissions Management, access to the public preview environment will be lost. You can take a note of your configuration before you start. To start using generally available Microsoft Entra Permissions Management, you must purchase a license or begin a trial. From the public preview console, initiate the workflow by selecting Start.

How to enable Permissions Management on your Azure AD tenant

  1. In your browser:
    1. Go to Entra services and use your credentials to sign in to Azure Active Directory.
    2. If you aren't already authenticated, sign in as a global administrator user.
    3. If needed, activate the global administrator role in your Azure AD tenant.
    4. In the Azure AD portal, select Permissions Management, and then select the link to purchase a license or begin a trial.

Note

There are two ways to enable a trial or a full product license, self-service and volume licensing. For self-service, navigate to the M365 portal at https://aka.ms/TryPermissionsManagement and purchase licenses or sign up for a free trial. The second way is through Volume Licensing or Enterprise agreements. If your organization falls under a volume license or enterprise agreement scenario, please contact your Microsoft representative.

Permissions Management launches with the Data Collectors dashboard.

Configure data collection settings

Use the Data Collectors dashboard in Permissions Management to configure data collection settings for your authorization system.

  1. If the Data Collectors dashboard isn't displayed when Permissions Management launches:

    • In the Permissions Management home page, select Settings (the gear icon), and then select the Data Collectors subtab.
  2. Select the authorization system you want: AWS, Azure, or GCP.

  3. For information on how to onboard an AWS account, Azure subscription, or GCP project into Permissions Management, select one of the following articles and follow the instructions:

Next steps