What Identity and Access Management Is

0.1 What this module covers

Identity governance is what happens between "accounts exist in your tenant" and "we can prove every identity has justified access, an accountable owner, and a lifecycle that ends when the business need ends." Most organizations have the first part. Almost none have the second. This module makes that gap concrete — with Graph API output from your own tenant, not theoretical descriptions — and establishes the governance thinking that every subsequent module builds on.

You will run queries that show you where governance exists and where it's absent in your own environment. The numbers are specific to your tenant. The gap is usually larger than anyone expected.

0.2 What you will learn

Section 0.1 — What Identity Governance Actually Is. The line between administration and governance, made concrete with Graph API queries that show attribute coverage, stale identities, and ownerless groups in your own tenant.

Section 0.2 — The Identity Lifecycle in Your Tenant. Five lifecycle stages — creation, assignment, governance, monitoring, removal — traced through your tenant data. You'll see which stages are automated, which are manual, and which don't exist.

Section 0.3 — Access Governance Principles. Four principles that determine whether access is governed or merely granted. Permission creep measured. Access review quality evaluated. Separation of duties audited.

Section 0.4 — Non-Human Identity. The census most organizations have never run. App registrations, service principals, credential health, high-risk Graph API permissions. Your non-human to human identity ratio.

Section 0.5 — The Northgate Engineering Scenario. The fictional environment that runs as a worked example alongside your own tenant for the entire course. Infrastructure, personas, identity composition, and eight governance gaps mapped to the modules that fix them.

Section 0.6 — Lab Setup. Developer tenant configuration, NE persona accounts, groups, app registrations, guest accounts, Entra ID Governance trial activation, and cost modeling.

Section 0.7 — The IAM Program Package. The five-component deliverable structure — ADRs, governance cadences, risk register, compliance evidence, executive summary — that accumulates across all fifteen modules into the capstone.

0.3 What makes Entra ID the right platform for IAM governance

Entra ID is not just a directory — it's the control plane for every access decision in the Microsoft ecosystem. Authentication, authorization, lifecycle, and governance all flow through the same identity fabric. That means an IAM program built on Entra ID doesn't need to integrate five different tools — the directory, the lifecycle engine, the access review system, the entitlement catalog, and the compliance evidence all come from the same platform and the same Graph API.

The practical consequence: when you build a lifecycle workflow that provisions access on day one, the same system that created the access can review it quarterly, detect when the user goes stale, and revoke it on departure day. One identity, one platform, one audit trail. No other enterprise identity platform offers this level of integration between directory operations and governance operations.

0.4 How to get the best from this module

Sections 0.1 through 0.4 are conceptual and diagnostic — you run queries, see your own data, and understand the governance gaps. Sections 0.5 through 0.7 are setup and structure — building the lab environment and the program package framework. Work through them sequentially. The diagnostic queries in 0.1–0.4 produce the baseline numbers that every subsequent module improves.

Estimated time: 6 hours across all seven sections. The diagnostic queries run in minutes. The lab setup in 0.6 takes about 30 minutes. The conceptual sections are where the thinking happens — take the time to run every query and understand what your numbers mean.

0.5 Module structure

• Section 0.1 — What Identity Governance Actually Is
• Section 0.2 — The Identity Lifecycle in Your Tenant
• Section 0.3 — Access Governance Principles
• Section 0.4 — Non-Human Identity
• Section 0.5 — The Northgate Engineering Scenario
• Section 0.6 — Lab Setup
• Section 0.7 — The IAM Program Package
• Summary — Module Summary

Go to Section 0.1 — What Identity Governance Actually Is to begin.