top of page
Search

🧩 Part 8: Holistic Access Management in Practice

  • Writer: Bjørnar Aassveen
    Bjørnar Aassveen
  • Jul 3
  • 2 min read

Throughout this series, we’ve looked at a variety of identity and access management tools. Each one provides value on its own – but it’s when you combine them that you truly get a robust, scalable and secure platform.


In this final installment, we’ll look at how you can stitch together everything we’ve learned into a comprehensive strategy.


It’s also important to note that we’ve only looked at the standard functionality that Microsoft offers out of the box (with a bit of a licensing twist).



🧱 The building blocks – a quick summary

Tema

Tools

Purpose

Basic structure

Microsoft 365 Groups

Collaboration and access management

Automation

Dynamic groups

Automatic membership based on attributes

Lifecycle

Expiration policies, naming policies, access reviews

Cleanliness and controll over time

Delegated administration

Administrative Units

Distribution of responsibilites in large organizations

External sharing

B2B, Cross-Tenant Sync

Secure collaboration with externals

Access packages

Entitlement management

Fast and controlled onboarding

Sensitive rights

PIM and PIM for groups

JIT access and overview

🧭 How to combine everything in practice?


Here is an example of a holistic access model:

1. Use dynamic groups as a foundation


  • All employees are automatically placed in the right groups based on department, role or location

  • Groups provide access to Teams, SharePoint and apps


2. Use access packages for onboarding


  • New employees or external employees get access to everything they need via a single request

  • Access has an expiration date and can be renewed as needed


3. Use PIM for sensitive roles and groups


  • No one has permanent admin rights

  • Access is activated as needed, with approval and logging


4. Use Administrative Units for local control


  • Local IT managers only get access to their users and groups

  • Central IT keeps the overview


5. Use lifecycle policies and access reviews


  • Old groups and access are automatically purged

  • Group owners must regularly confirm membership


6. Use Cross-Tenant Sync for collaboration


  • External partners get access automatically and are updated continuously

  • Combined with Conditional Access and PIM



🧠 Implementation Tips


  • Start small: Choose one area (e.g., dynamic groups) and build from there

  • Involve your organization: IT, HR, security, and management need to work together

  • Automate where you can: Use Power Automate, Graph API, and policies

  • Evaluate regularly: Use reports and audits to improve


🎯The result?


With a holistic access strategy, you get:


✅ Faster onboarding and fewer errors


✅ Less manual work for IT


✅ Increased security and compliance


✅ Better user experience


✅ Full visibility and control


🚀 What next?


This was the last part of the series – but fortunately, the development doesn’t stop there. Identity management is an ongoing process, and Microsoft’s platform is constantly evolving. Stay tuned for new features, and continue to improve and automate. Just roll up your sleeves and get to work, it won’t happen by itself!


Bjørnar&AI

Comments

bottom of page