staging

MicrosoftDocs · Jun 25, 2024 · 5122259 · 5122259
1 parent 58baa08
commit 5122259
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 116 deletions.
diff --git a/docs/id-governance/TOC.yml b/docs/id-governance/TOC.yml
@@ -7,12 +7,6 @@
     href: identity-governance-overview.md
 
 
-  - name: What is identity lifecycle management?
-    href: what-is-identity-lifecycle-management.md
-
-
-
-
 - name: Scenarios
   expanded: true
   items:
@@ -26,18 +20,6 @@
       href: scenarios/govern-the-employee-lifecycle.md
     - name: Identity lifecycle management provisioning
       href: what-is-provisioning.md
-
-        items: 
-        - name: Govern provisioning to LDAP based apps
-          href: scenarios/provision-ldap.md
-        - name: Govern provisioning to LDAP for Linux auth
-          href: scenarios/provision-ldap-linux.md
-        - name: Govern provisioning to SQL based apps
-          href: scenarios/provision-sql.md     
-        - name: Govern provisioning to SAP ECC
-          href: scenarios/provision-sap.md    
-        - name: Govern provisioning to PowerShell based apps
-          href: scenarios/provision-powershell.md   
     - name: Automate identity lifecycle management
       href: scenarios/automate-identity-lifecycle.md
   - name: Govern access to applications

diff --git a/docs/id-governance/identity-governance-overview.md b/docs/id-governance/identity-governance-overview.md
@@ -1,13 +1,13 @@
 ---
 title: Microsoft Entra ID Governance
 description: Microsoft Entra ID Governance enables you to balance your organization's need for security and end user productivity with the right processes and visibility.
-author: owinfreyATL
+author: billmath
 manager: amycolannino
 editor: markwahl-msft
 ms.service: entra-id-governance
 ms.topic: overview
 ms.date: 12/15/2023
-ms.author: owinfrey
+ms.author: billmath
 ms.reviewer: markwahl-msft
 ---
 
@@ -51,7 +51,7 @@ In Microsoft Entra ID Governance, you can enable business groups to determine wh
 - [entitlement management](entitlement-management-overview.md) in which you can specify the other organizations whose users are allowed to request access to your organization's resources. When one of those users's request is approved, they're automatically added by entitlement management as a [B2B](../external-id/what-is-b2b.md) guest to your organization's directory, and assigned appropriate access. And entitlement management automatically removes the B2B guest user from your organization's directory when their access rights expire or are revoked.
 - [access reviews](access-reviews-overview.md) that automates recurring reviews of existing guests already in your organization's directory, and removes those users from your organization's directory when they no longer need access.
 
-For more information, see [What is identity lifecycle management](what-is-identity-lifecycle-management.md).
+For more information, see [Govern the employee and guest lifecycle](scenarios/govern-the-employee-lifecycle.md).
 
 ## Access lifecycle
 
@@ -115,24 +115,11 @@ Once you've started using these identity governance features, you can easily aut
 | Provisioning users into on-premises and cloud applications that have their own directories or databases | [Configure automatic user provisioning](../identity/app-provisioning/user-provisioning.md) with user assignments or [scoping filters](../identity/app-provisioning/define-conditional-rules-for-provisioning-user-accounts.md) |
 | Other scheduled tasks | [Automate identity governance tasks with Azure Automation](identity-governance-automation.md) and Microsoft Graph via the [Microsoft.Graph.Identity.Governance](https://www.powershellgallery.com/packages/Microsoft.Graph.Identity.Governance/) PowerShell module|
 
-## Appendix - least privileged roles for managing in Identity Governance features
-
-It's a best practice to use the least privileged role to perform administrative tasks in Identity Governance. We recommend that you use Microsoft Entra PIM to activate a role as needed to perform these tasks. The following are the least privileged [directory roles](../identity/role-based-access-control/permissions-reference.md) to configure Identity Governance features:
-
-| Feature | Least privileged role |
-| ------- | --------------------- |
-| Entitlement management | Identity Governance Administrator |
-| Access reviews | User Administrator (except for access reviews of Azure or Microsoft Entra roles, which require Privileged Role Administrator) |
-| Privileged Identity Management | Privileged Role Administrator |
-| Terms of use | Security Administrator or Conditional Access Administrator |
-
->[!NOTE]
->The least privileged role for Entitlement management has changed from the User Administrator role to the Identity Governance Administrator role.
 
 ## Next steps
 
-- [What are Lifecycle Workflows?](what-are-lifecycle-workflows.md)
-- [What is Microsoft Entra entitlement management?](entitlement-management-overview.md)
-- [What are Microsoft Entra access reviews?](access-reviews-overview.md)
-- [What is Microsoft Entra Privileged Identity Management?](../id-governance/privileged-identity-management/pim-configure.md)
-- [What can I do with Terms of use?](../identity/conditional-access/terms-of-use.md)
+
+- [What are identity governance use cases?](scenarios/identity-governance-use-cases.md)
+- [Understanding least privileged](scenarios/least-privileged.md)
+- [Govern the employee and guest lifecycle](scenarios/govern-the-employee-lifecycle.md)
+- [Govern access for applications in your environment](identity-governance-applications-prepare.md)
diff --git a/docs/id-governance/scenarios/identity-governance-use-cases.md b/docs/id-governance/scenarios/identity-governance-use-cases.md
@@ -0,0 +1,38 @@
+---
+title: 'Microsoft Entra ID Governance use cases'
+description: This article describes use cases Microsoft Entra ID Governance.
+services: active-directory
+documentationcenter: ''
+author: billmath
+manager: amycolannino
+editor: ''
+ms.service: active-directory
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: identity
+ms.date: 02/28/2024
+ms.subservice: hybrid
+ms.author: billmath
+---
+
+# Microsoft Entra ID Governance use cases
+
+Microsoft Entra ID Governance allows you to balance your organization's need for security and employee productivity with the right processes and visibility.  In order to achieve this balance, the following identity governance use cases need to be considered.   
+
+
+## Use cases in Microsoft Entra ID Governance:
+Here are typical identity governance use cases:
+
+
+- **[Govern the employee, guest and partner lifecycle](govern-the-employee-lifecycle.md)** - Governing the employee lifecycle or **Identity lifecycle management** is the foundation for Identity Governance, and effective governance at scale requires modernizing the identity lifecycle management infrastructure for applications.  Similar processes are also needed for additional identities, for partners, suppliers and other guests, to enable them to collaborate or have access to resources.    
+
+- **[Govern access to applications](../identity-governance-applications-prepare.md)** -  - Organizations need a process to manage access beyond what was initially provisioned for a user when that user's identity was created. Furthermore, enterprise organizations need to be able to scale efficiently to be able to develop and enforce access policy and controls on an ongoing basis.  An organization's controls for managing access specific to applications.
+
+These use cases demonstrate the breadth and importance of identity governance in maintaining security, compliance, and efficient user management within organizations.
+
+## Next steps
+
+- [What is identity governance?](../identity-governance-overview.md)
+- [Understanding least privileged](least-privileged.md)
+- [Govern the employee and guest lifecycle](govern-the-employee-lifecycle.md)
+- [Govern access for applications in your environment](../identity-governance-applications-prepare.md)
diff --git a/docs/id-governance/what-is-identity-lifecycle-management.md b/docs/id-governance/what-is-identity-lifecycle-management.md