How to get the most from Microsoft Entra documentation
Bài viết
Within the Microsoft Entra documentation, you might notice some changes in how we explain things. These changes are intended to help you be more secure and make navigation easier.
Least privilege
As your organization begins to manage Microsoft Entra, our documentation guides administrators to use a concept called "least privilege" where administrators use only the role required to do the job at hand. This concept is one of the three guiding principles of a Zero Trust strategy of:
Verify explicitly
Use least privilege access
Assume breach
You see this concept surfaced in the first step of content called out like the following example with a link to the least privileged role definition:
There's still a need for the highly privileged Global Administrator role in certain edge cases and we call them out as such.
Microsoft doesn't recommend that administrators work day to day with an active privileged role assignment. To combat these bad habits, organizations can use features like:
Privileged Identity Management to elevate their accounts on a time limited basis to these highly privileged administrator roles.
Microsoft Entra Permissions Management to identify and remediate over-privileged users across multicloud infrastructures in Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
Find the right role
Use the following resources to find the right role for your administrators.
In our documentation, we primarily focus on the Microsoft Entra admin center and the shortest route to features. We guide users to features using a left to right navigation method like the following example:
Browse to Identity > Applications > Enterprise applications > New application.
This approach helps administrators new to a feature understand how to find what they're looking for in a standardized approach. More advanced administrators might find other ways to accomplish the same tasks including using the Microsoft Graph APIs, but in content we primarily focus on these steps.
Sử dụng Microsoft Entra để quản lý quyền truy cập bằng cách sử dụng các quyền, truy cập vào đánh giá, công cụ truy cập đặc quyền và giám sát sự kiện truy cập. (SC-5008)
Minh họa các tính năng của Microsoft Entra ID để hiện đại hóa các giải pháp nhận dạng, triển khai các giải pháp kết hợp và triển khai quản trị định danh.