Microsoft Entra Permission Management – Onboard

What is Microsoft Entra Permission Management?

Microsoft Entra is a new solution that can be integrated with the three biggest cloud providers—Microsoft Azure, Google Cloud and Amazon AWS.

As the name itself suggests, Microsoft Entra allows a more detailed and focused view on permission rights. It enables administrators to create reports, change permissions, add just-in-time access to different resources, etc.

In this article, we will focus on how to onboard it into Microsoft Azure. There are different options, but in this case, we will focus only on one option-automatically integrating with a single management group which contains subscriptions.

Note: The solution is not free and requires a license.

How to get free trial?

Navigate to:

Microsoft Entra Permissions Management | Microsoft Security

Choose a free trial and register with a work account that is associated with your production or test tenant.

Prerequisites before onboarding

A user account that will connect Microsoft Entra to Azure requires a special permission called Microsoft Authorization Right. So we need to create a custom role and assign it to the user.

If another role, such as owner, already includes permission, this step can be skipped.

Create a custom role.


Assign a custom role to the user account.



Navigate to the Microsoft Entra Management Permission portal.

Choose Azure and create a configuration.


Below, there are different options. In this case, we will choose:

  • Automatically Manage
  • Managements Group(s)



Register application

Register application that will integrate with Azure Active Directory and subscriptions inside the tenant.

Install the AZ module (if it is not already)

Connect to Azure with an account that we gave write permission to.

Register application—change the name of management group

Result after registering the application.


Now we need to assign the application to the management group and add the required permissions.

After completing the steps above, navigate to the Azure Entra Management Permission portal:

Click “verify” and “safe”. After some time, onboarding will start. After it is finished, it will look like the picture below.


Leave a Reply