How to get the most from Microsoft Entra documentation

Within the Microsoft Entra documentation, you might notice some changes in how we explain things. These changes are intended to help you be more secure and make navigation easier.

Least privilege

As your organization begins to manage Microsoft Entra, our documentation guides administrators to use a concept called "least privilege" where administrators use only the role required to do the job at hand. This concept is one of the three guiding principles of a Zero Trust strategy of:

• Verify explicitly
• Use least privilege access
• Assume breach

You see this concept surfaced in the first step of content called out like the following example with a link to the least privileged role definition:

• Sign in to the Microsoft Entra admin center as at least a Security Administrator.

There's still a need for the highly privileged Global Administrator role in certain edge cases and we call them out as such.

Microsoft doesn't recommend that administrators work day to day with an active privileged role assignment. To combat these bad habits, organizations can use features like:

• Privileged Identity Management to elevate their accounts on a time limited basis to these highly privileged administrator roles.
• Microsoft Entra Permissions Management to identify and remediate over-privileged users across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

Find the right role

Use the following resources to find the right role for your administrators.

• Common tasks mapped to applicable roles
• Microsoft Entra built-in role listing

Portal navigation

There are many ways to find features and several portals you can use, including the following examples:

• Microsoft Entra admin center
• Azure portal
• Microsoft Intune admin center
• Microsoft 365 admin center

In our documentation, we primarily focus on the Microsoft Entra admin center and the shortest route to features. We guide users to features using a left to right navigation method like the following example:

• Browse to Identity > Applications > Enterprise applications > New application.

This approach helps administrators new to a feature understand how to find what they're looking for in a standardized approach. More advanced administrators might find other ways to accomplish the same tasks including using the Microsoft Graph APIs, but in content we primarily focus on these steps.

Next steps

• Improve your security posture
• What is Zero Trust?
• Security resources