MODIFIED docs/verified-id/services-partners.md

Modified by barclayn on Dec 3, 2025 5:04 PM
📖 View on learn.microsoft.com

+20 / -19 lines changed

Commit: making updates from November 21

Changes:

Before

After

author: barclayn
manager: pmwongera
ms.topic: how-to
ms.date: 01/17/2025
ms.author: barclayn
---
 
 
You could select a partner from the list and build seamless end-user experiences for onboarding, secure access to critical services, self-service, and custom business application scenarios. If you're a Services or solution Partner and would like to be considered into Microsoft Entra Verified ID partner documentation, submit your application [request](https://forms.microsoft.com/r/AGVsXmf4EZ).
 
| **Services and solution partner** | **Website** |
|:-------------------------|:--------------|
| :::image type="content" source="media/services-partners/affinitiquest.png" alt-text="Screenshot of Affinitiquest logo."::: | [Secure personal data | AffinitiQuest](https://affinitiquest.io/) |
| :::image type="content" source="media/services-partners/avanade.png" alt-text="Screenshot of Avanade logo."::: | [Avanade Microsoft Entra Verified ID Consulting Services](https://appsource.microsoft.com/marketplace/consulting-services/avanadeinc.ava_entra_verified_id_fy23?exp=ubp8) |
| :::image type="content" source="media/services-partners/binaria.png" alt-text="Screenshot of Binaria logo."::: | [Azure Marketplace offering - Binaria Key](https://azuremarketplace.microsoft.com/marketplace/apps/binariatechnologies1583779526579.binariakey?tab=Overview) |
| :::image type="content" source="media/services-partners/credivera.png" alt-text="Screenshot of Credivera logo."::: | [Credivera: Digital Identity Solutions | Verifiable Credentials](https://www.credivera.com/) |
| :::image type="content" source="media/services-partners/condatis.png" alt-text="Screenshot of Condatis logo."::: | [Decentralized Identity | Condatis](https://condatis.com/technology/decentralized-identity/) |
| :::image type="content" source="media/services-partners/dxc.png" alt-text="Screenshot of DXC logo."::: | [Digital Identity - Connect with DXC](https://dxc.com/us/en/services/security/digital-identity) |
| :::image type="content" source="media/services-partners/ctc.png" alt-text="Screenshot of CTC logo."::: | [CTC's SELMID offering](https://ctc-insight.com/selmid) |
| :::image type="content" source="media/services-partners/ey.png" alt-text="Screenshot of EY logo."::: | [EY Security Solutions Supported by Microsoft Verified ID](https://azuremarketplace.microsoft.com/marketplace/apps/ey_global.ey_ss_supported_by_msft_verified_id?tab=Overview) |

author: barclayn
manager: pmwongera
ms.topic: how-to
ms.date: 12/03/2025
ms.author: barclayn
---
 
 
You could select a partner from the list and build seamless end-user experiences for onboarding, secure access to critical services, self-service, and custom business application scenarios. If you're a Services or solution Partner and would like to be considered into Microsoft Entra Verified ID partner documentation, submit your application [request](https://forms.microsoft.com/r/AGVsXmf4EZ).
 
| Partner name | Partner documentation |
|--------------|----------------------|
| AffinitiQuest | [Secure personal data \| AffinitiQuest](https://affinitiquest.io/) |
| Avanade | [Avanade Microsoft Entra Verified ID Consulting Services](https://appsource.microsoft.com/marketplace/consulting-services/avanadeinc.ava_entra_verified_id_fy23?exp=ubp8) |
| Binaria | [Azure Marketplace offering - Binaria Key](https://azuremarketplace.microsoft.com/marketplace/apps/binariatechnologies1583779526579.binariakey?tab=Overview) |
| Credivera | [Credivera: Digital Identity Solutions \| Verifiable Credentials](https://www.credivera.com/) |
| Condatis | [Decentralized Identity \| Condatis](https://condatis.com/technology/decentralized-identity/) |
| DXC | [Digital Identity - Connect with DXC](https://dxc.com/us/en/services/security/digital-identity) |
| CTC | [CTC's SELMID offering](https://ctc-insight.com/selmid) |
| EY | [EY Security Solutions Supported by Microsoft Verified ID](https://azuremarketplace.microsoft.com/marketplace/apps/ey_global.ey_ss_supported_by_msft_verified_id?tab=Overview) |

MODIFIED docs/external-id/whats-new-docs.md

Modified by csmulligan on Dec 3, 2025 11:22 AM
📖 View on learn.microsoft.com

+14 / -7 lines changed

Commit: What's new in November?

Changes:

Before

After

---
title: What's new in Microsoft Entra External ID
description: New and updated documentation for the Microsoft Entra External ID.
ms.date: 10/01/2025
ms.service: entra-external-id
ms.topic: whats-new
ms.author: cmulligan
 
# [External ID in external tenants](#tab/external-tenants)
 
## October 2025
 
### New article
 
- [Add OpenID Connect as an external identity provider](customers/how-to-custom-oidc-federation-customers.md) - Multiple editorial updates
 
## August 2025
 
### Updated articles
 

---
title: What's new in Microsoft Entra External ID
description: New and updated documentation for the Microsoft Entra External ID.
ms.date: 12/03/2025
ms.service: entra-external-id
ms.topic: whats-new
ms.author: cmulligan
 
# [External ID in external tenants](#tab/external-tenants)
 
## November 2025
 
### New article
 
- [Configure Akamai WAF with Microsoft Entra External ID](customers/how-to-configure-akamai-integration.md)
 
### Updated articles
 
- [Supported features in workforce and external tenants](customers/concept-supported-features-customers.md) - Added Security Store features
- [Configure Cloudflare Web Application Firewall with Microsoft Entra External ID](customers/how-to-configure-waf-integration.md) - Updated Cloudflare integration steps

MODIFIED docs/identity/hybrid/connect/how-to-connect-password-hash-synchronization.md

Modified by Nuno Alexandre on Dec 3, 2025 9:19 AM
📖 View on learn.microsoft.com

+14 / -3 lines changed

Commit: Learn Editor: Update how-to-connect-password-hash-synchronization.md

Changes:

Before

After

```
 
> [!NOTE]
> A new user created in Active Directory with "User must change password at next logon" flag will always be provisioned in Microsoft Entra ID with a password policy to "Force change password on next sign-in", irrespective of the *ForcePasswordChangeOnLogOn* feature being true or false. This is a Microsoft Entra internal logic since the new user is provisioned without a password, whereas *ForcePasswordChangeOnLogOn* feature only affects admin password reset scenarios.
>
> If a user was created in Active Directory with "User must change password at next logon" before the feature was enabled, the user will receive an error while signing in. To remediate this issue, un-check and re-check the field "User must change password at next logon" in Active Directory Users and Computers. After synchronizing the user object changes, the user will receive the expected prompt in Microsoft Entra ID to update their password. 
 
> [!CAUTION]
> You should only use this feature when Self-Service Password Reset and Password Writeback are enabled on the tenant. This is so that if a user changes their password via SSPR, it will be synchronized to Active Directory.

```
 
> [!NOTE]
> When you create a new user in Active Directory with the **User must change password at next logon** option selected, Microsoft Entra ID always configures that user’s cloud account to **force a password change at the first sign-in**. This happens **whether *ForcePasswordChangeOnLogOn* feature is enabled or not**, because initially new synced user objects have no password in Microsoft Entra ID, hence must be forced to set one before sign-in. The *ForcePasswordChangeOnLogOn* feature itself only affects admin-initiated password reset scenarios from on-premises, not the initial user object synchronization.
> If a user account was created in Active Directory with **“User must change password at next logon”** while both, the *ForcePasswordChangeOnLogOn* and PasswordHashSync features were disabled, that user receives an error "*Your account or password is incorrect*" when signing in (instead of a password-change prompt). To fix this issue, clear the **“User must change password at next logon”** checkbox for the user in Active Directory, then **select it again**. After the next synchronization, Microsoft Entra ID will prompt the user to update their password at sign-in as expected.
When **Password Hash Synchronization (PHS)** is enabled, each new account is still provisioned in Microsoft Entra ID without a password (because the initial object synchronization doesn’t include the user's password). However, the PHS process runs *frequently* (every 2 minutes) to sync password hashes from on-premises AD to the cloud. The moment a user’s password is synced to Microsoft Entra ID, the service will apply or skip the “*force password change on next sign-in*” flag based on whether the **UserForcePasswordChangeOnLogonEnabled** feature is turned on or off. In other words, *UserForcePasswordChangeOnLogonEnabled* only takes effect when PHS actually synchronizes the password to the cloud. However, when *UserForcePasswordChangeOnLogonEnabled* feature is not enabled, the sync client won't even attempt to sync any temporary passwords. Also, if PHS is not running, enabling or disabling this feature has no impact on user sign-in behavior. 
 
The following table illustrates the feature combinations and expected behaviors:
 
|**Sync Client PasswordHashSync**|**AD “User must change password at next logon”**|**Entra UserForcePasswordChangeOnLogonEnabled**|**Resulting Sign-In Behavior in Entra ID**|
| -------- | -------- | -------- | -------- |
|False (Disabled)|N/A (no effect in the cloud when PHS is disabled)|N/A (no effect in the cloud when PHS is disabled)|Error: "Your account or password is incorrect" since the account has no password. The cloud admin must set a password for the account.|
|True (Enabled)|Enabled|True (Enabled)|User is prompted to change password at first sign-in (temporary password was synced to Entra ID).|
|True (Enabled)|Disabled|True (Enabled)|User signs in normally with the synced password (no prompt to change password).|
|True (Enabled)|Enabled|False (Disabled)|Temporary password isn’t synced; user can’t sign in to Entra until password is changed on-premises and synced.|
|True (Enabled)|Disabled|False (Disabled)|User signs in normally with the synced password (no prompt to change password).|
 
 
> [!CAUTION]
> You should only use this feature when Self-Service Password Reset and Password Writeback are enabled on the tenant. This is so that if a user changes their password via SSPR, it will be synchronized to Active Directory.

MODIFIED docs/verified-id/idv-partners.md

Modified by barclayn on Dec 3, 2025 5:04 PM
📖 View on learn.microsoft.com

+7 / -7 lines changed

Commit: making updates from November 21

Changes:

Before

After

author: barclayn
manager: pmwongera
ms.topic: how-to
ms.date: 11/07/2025
ms.author: barclayn
---
 
 
### Security store integration partners
 
| Partner | Partner documentation | Description |
|---------|----------------------|-------------|
| Au10tix | [Au10tix documentation](https://www.au10tix.com/solutions/verifiable-credentials/) | AU10TIX improves Verifiability While Protecting Privacy For Businesses, Employees, Contractors, Vendors, And Customers. |
| Idemia | [Idemia documentation](https://na.idemia.com/identity/verifiable-credentials/) | Idemia Integration with Microsoft Entra Verified ID enables "Verify once, use everywhere" functionality. |
| TrueCredential (LexisNexis) | [TrueCredential documentation](https://whoiam.ai/product/truecredential/) | TrueCredential is a secure identity verification solution powered by LexisNexis Risk Solutions, leveraging Microsoft Entra Verified ID to deliver trusted, decentralized credentials. |
 
 
### Verified ID API based integration partners
 
| Partner | Partner documentation | Description |

author: barclayn
manager: pmwongera
ms.topic: how-to
ms.date: 12/03/2025
ms.author: barclayn
---
 
 
### Security store integration partners
 
| Partner | Partner offers | Description |
|---------|----------------------|-------------|
| Au10tix | [Au10tix documentation](https://securitystore.microsoft.com/solutions/au10tix.au10tix-id-one-trust-vc) | AU10TIX improves Verifiability While Protecting Privacy For Businesses, Employees, Contractors, Vendors, And Customers. |
| Idemia | [Idemia documentation](https://securitystore.microsoft.com/solutions/idemia.idemia-id-one-trust-vc) | Idemia Integration with Microsoft Entra Verified ID enables "Verify once, use everywhere" functionality. |
| TrueCredential (LexisNexis) | [TrueCredential documentation](https://securitystore.microsoft.com/solutions/truecredential.truecredential-oneid-verifed-id) | TrueCredential is a secure identity verification solution powered by LexisNexis Risk Solutions, leveraging Microsoft Entra Verified ID to deliver trusted, decentralized credentials. |
 
 
### Verified ID API based integration partners
 
| Partner | Partner offers | Description |

MODIFIED docs/includes/cloud-sync-version-history.md

Modified by Ortagus Winfrey on Dec 3, 2025 5:44 PM
📖 View on learn.microsoft.com

+0 / -9 lines changed

Commit: Remove new versioning provisoning agent

Changes:

Before

After

 
Get notified about when to revisit this page for updates by copying and pasting this URL: `https://aka.ms/cloudsyncrss` into your ![RSS feed reader icon](media/cloud-sync-version-history/feed-icon-16-x-16.png) feed reader.
 
## 1.1.2106.0
 
December 2, 2025: released for download only
 
### Fixed Issues
 
Fixed an issue with OnPremises Self-Service Password Reset integration using provisioning agent in AzureUSGovernment cloud.
 
## 1.1.2102.0
 
Sept 22, 2025: released for download only

 
Get notified about when to revisit this page for updates by copying and pasting this URL: `https://aka.ms/cloudsyncrss` into your ![RSS feed reader icon](media/cloud-sync-version-history/feed-icon-16-x-16.png) feed reader.
 
## 1.1.2102.0
 
Sept 22, 2025: released for download only

MODIFIED docs/id-governance/apps.md

Modified by Ortagus Winfrey on Dec 3, 2025 2:39 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: updates

Changes:

Before

After

<a name='entra-identity-governance-integrations'></a>
 
## Microsoft Entra ID Governance integrations
The list below provides key integrations between Microsoft Entra ID Governance and various applications, including both provisioning and SSO integrations. For a full list of applications that Microsoft Entra ID integrates with specifically for SSO, see: [SaaS App configuration guides for Microsoft Entra ID](../identity/saas-apps/tutorial-list.md). 
 
Microsoft Entra ID Governance can be integrated with many other applications, using standards such as OpenID Connect, SAML, SCIM, SQL and LDAP. If you're using a SaaS application which isn't listed, then [ask the SaaS vendor to onboard](../identity/enterprise-apps/v2-howto-app-gallery-listing.md).  For integration with other applications, see [integrating applications with Microsoft Entra ID](identity-governance-applications-integrate.md).
 
| Application | Automated provisioning | Single Sign On (SSO)|
| :--- | :-:  | :-: |
| [Zylo](../identity/saas-apps/zylo-tutorial.md) |  | ● |
 
## Partner driven integrations
There is also a healthy partner ecosystem, further expanding the breadth and depth of integrations available with Microsoft Entra ID Governance. Explore the [partner integrations](../identity/app-provisioning/partner-driven-integrations.md) available, including connectors for:
* Epic
* Cerner
* IBM RACF

<a name='entra-identity-governance-integrations'></a>
 
## Microsoft Entra ID Governance integrations
The following list provides key integrations between Microsoft Entra ID Governance and various applications, including both provisioning and SSO integrations. For a full list of applications that Microsoft Entra ID integrates with specifically for SSO, see: [SaaS App configuration guides for Microsoft Entra ID](../identity/saas-apps/tutorial-list.md). 
 
Microsoft Entra ID Governance can be integrated with many other applications, using standards such as OpenID Connect, SAML, SCIM, SQL, and LDAP. If you're using an SaaS application that isn't listed, then [ask the SaaS vendor to onboard](../identity/enterprise-apps/v2-howto-app-gallery-listing.md). For integration with other applications, see [integrating applications with Microsoft Entra ID](identity-governance-applications-integrate.md).
 
| Application | Automated provisioning | Single Sign On (SSO)|
| :--- | :-:  | :-: |
| [Zylo](../identity/saas-apps/zylo-tutorial.md) |  | ● |
 
## Partner driven integrations
There's also a healthy partner ecosystem, further expanding the breadth and depth of integrations available with Microsoft Entra ID Governance. Explore the [partner integrations](../identity/app-provisioning/partner-driven-integrations.md) available, including connectors for:
* Epic
* Cerner
* IBM RACF

MODIFIED docs/verified-id/how-to-dnsbind.md

Modified by Sergii Cherkashyn on Dec 3, 2025 2:14 PM
📖 View on learn.microsoft.com

+3 / -3 lines changed

Commit: Update how-to-dnsbind.md

Changes:

Before

After

 
## Verify domain ownership and distribute the did-configuration.json file
 
The domain you verify ownership of to your DID is defined in the [overview section](verifiable-credentials-configure-tenant.md#set-up-verified-id). The domain needs to be a domain under your control and it should be in the format `https://www.example.com/`.
 
1. From the **Microsoft Entra admin center**, choose **Verified ID** page.
 
   :::image type="content" source="media/how-to-dnsbind/verify-download.png" alt-text="Screenshot that shows downloading the well-known configuration.":::
 
1. Host the `did-configuration.json` file at the location specified. For example, if you specified domain `https://www.example.com`, the file needs to be hosted at `https://www.example.com/.well-known/did-configuration.json`. There can be no other path in the URL except the `.well-known path` name.
 
1. When `did-configuration.json` is publicly available at the `.well-known/did-configuration.json` URL, verify it by selecting **Refresh verification status**.
 
The portal verifies that `did-configuration.json` is reachable over the internet and valid when you select **Refresh verification status**. Authenticator doesn't honor HTTP redirects. You should also consider verifying that you can request that URL in a browser to avoid errors like not using HTTPS, a bad TLS/SSL certificate, or the URL not being public. If the `did-configuration.json` file can't be requested anonymously in a browser or via tools such as `curl`, without warnings or errors, the portal can't complete the **Refresh verification status** step either.
 
>[!NOTE]
> If you're experiencing problems refreshing your verification status, you can troubleshoot it by running `curl -Iv https://yourdomain.com/.well-known/did-configuration.json` on a machine with Ubuntu OS. Windows Subsystem for Linux with Ubuntu also works. If curl fails, refreshing the verification status won't work.
 
## Why do I need to verify domain ownership of our DID?

 
## Verify domain ownership and distribute the did-configuration.json file
 
The domain you verify ownership of to your DID is defined in the [overview section](verifiable-credentials-configure-tenant.md#set-up-verified-id). The domain needs to be a domain under your control and it should be in the format `https://www.contoso.com/`.
 
1. From the **Microsoft Entra admin center**, choose **Verified ID** page.
 
   :::image type="content" source="media/how-to-dnsbind/verify-download.png" alt-text="Screenshot that shows downloading the well-known configuration.":::
 
1. Host the `did-configuration.json` file at the location specified. For example, if you specified domain `https://www.contoso.com`, the file needs to be hosted at `https://www.contoso.com/.well-known/did-configuration.json`. There can be no other path in the URL except the `.well-known path` name.
 
1. When `did-configuration.json` is publicly available at the `.well-known/did-configuration.json` URL, verify it by selecting **Refresh verification status**.
 
The portal verifies that `did-configuration.json` is reachable over the internet and valid when you select **Refresh verification status**. Authenticator doesn't honor HTTP redirects. You should also consider verifying that you can request that URL in a browser to avoid errors like not using HTTPS, a bad TLS/SSL certificate, or the URL not being public. If the `did-configuration.json` file can't be requested anonymously in a browser or via tools such as `curl`, without warnings or errors, the portal can't complete the **Refresh verification status** step either.
 
>[!NOTE]
> If you're experiencing problems refreshing your verification status, you can troubleshoot it by running `curl -Iv https://contoso.com/.well-known/did-configuration.json` on a machine with Ubuntu OS. Windows Subsystem for Linux with Ubuntu also works. If curl fails, refreshing the verification status won't work.
 
## Why do I need to verify domain ownership of our DID?

MODIFIED docs/id-governance/best-practices-secure-id-governance.md

Modified by Ortagus Winfrey on Dec 3, 2025 1:37 PM
📖 View on learn.microsoft.com

+2 / -3 lines changed

Commit: Updates

Changes:

Before

After

description: This article provides best practices for securing deploying Microsoft Entra ID Governance.
services: entra-id-governance
documentationcenter: ''
author: billmath
manager: dougeby
editor: ''
ms.service: entra-id-governance
ms.topic: best-practice
ms.date: 04/09/2025
ms.author: billmath
ms.custom: sfi-ga-nochange
---
 

description: This article provides best practices for securing deploying Microsoft Entra ID Governance.
services: entra-id-governance
documentationcenter: ''
author: owinfreyATL
manager: dougeby
ms.service: entra-id-governance
ms.topic: best-practice
ms.date: 04/09/2025
ms.author: owinfrey
ms.custom: sfi-ga-nochange
---
 
 

MODIFIED docs/global-secure-access/how-to-network-content-filtering.md

Modified by Sumeet Mittal on Dec 3, 2025 8:20 PM
📖 View on learn.microsoft.com

+4 / -0 lines changed

Commit: Update content filtering documentation with Purview note

Changes:

Before

After

1. On the **Review** tab, review your settings.
1. Select **Create** to create the policy.
 
### Link the file policy to a security profile
 
1. Browse to **Global Secure Access** > **Secure** > **Security profiles**.
 
## Related content
 
- [How to configure Global Secure Access web content filtering](how-to-configure-web-content-filtering.md)
- [Enable the Internet Access traffic forwarding profile](how-to-manage-internet-access-profile.md) 
- [Configure Transport Layer Security inspection](how-to-transport-layer-security.md)

1. On the **Review** tab, review your settings.
1. Select **Create** to create the policy.
 
> [!Note]
> If you choose "Scan with Purview" action, please ensure you have configured corresponding data policy through Microsoft Purview.
 
### Link the file policy to a security profile
 
1. Browse to **Global Secure Access** > **Secure** > **Security profiles**.
 
## Related content
 
- [Learn about Microsoft Purview Network Data Security](https://learn.microsoft.com/purview/dlp-network-data-security-learn)
- [How to configure Global Secure Access web content filtering](how-to-configure-web-content-filtering.md)
- [Enable the Internet Access traffic forwarding profile](how-to-manage-internet-access-profile.md) 
- [Configure Transport Layer Security inspection](how-to-transport-layer-security.md)

MODIFIED docs/global-secure-access/reference-windows-client-release-history.md

Modified by Jay on Dec 3, 2025 6:42 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Update release date for Windows client v2.24.117

Changes:

Before

After

description: This article tracks the changes in each released version of the Global Secure Access client for Windows.
ms.service: global-secure-access
ms.topic: reference
ms.date: 11/24/2025
ms.author: jayrusso
author: HULKsmashGithub
manager: dougeby
:::image type="content" source="media/reference-windows-client-release-history/client-download-screen.png" alt-text="Screenshot of the client download screen with the Download Client button highlighted.":::
 
## Version 2.24.117
Released for download on November 26, 2025.
### Functional changes
- Support for [Intelligent Local Access](enable-intelligent-local-access.md).
- Support for [B2B guest access](concept-b2b-guest-access.md).

description: This article tracks the changes in each released version of the Global Secure Access client for Windows.
ms.service: global-secure-access
ms.topic: reference
ms.date: 12/03/2025
ms.author: jayrusso
author: HULKsmashGithub
manager: dougeby
:::image type="content" source="media/reference-windows-client-release-history/client-download-screen.png" alt-text="Screenshot of the client download screen with the Download Client button highlighted.":::
 
## Version 2.24.117
Released for download on December 3, 2025.
### Functional changes
- Support for [Intelligent Local Access](enable-intelligent-local-access.md).
- Support for [B2B guest access](concept-b2b-guest-access.md).

MODIFIED docs/id-governance/scenarios/deploy-sap-netweaver.md

Modified by Ortagus Winfrey on Dec 3, 2025 1:53 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: updates

Changes:

Before

After

description: This article describes how to set up a lab environment with SAP ECC for testing.
ms.service: entra-id-governance
ms.subservice: 
author: billmath
manager: femila
ms.topic: install-set-up-deploy
ms.date: 04/09/2025
ms.author: billmath
ms.custom: sfi-ga-nochange, sfi-image-nochange
---
 

description: This article describes how to set up a lab environment with SAP ECC for testing.
ms.service: entra-id-governance
ms.subservice: 
author: owinfreyATL
manager: femila
ms.topic: install-set-up-deploy
ms.date: 04/09/2025
ms.author: owinfrey
ms.custom: sfi-ga-nochange, sfi-image-nochange
---
 

MODIFIED docs/id-governance/scenarios/entitlement-management-private-access.md

Modified by Ortagus Winfrey on Dec 3, 2025 1:52 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: updates

Changes:

Before

After

description: Describes how to use Entitlement Management with Private Access
ms.service: entra-id-governance
ms.subservice:
author: billmath
manager: dougeby
 
ms.workload: identity
ms.topic: overview
ms.date: 04/09/2025
ms.author: billmath
---
 
# Entra Suite Scenario: Using Entra Private Access with Entitlement Management  

description: Describes how to use Entitlement Management with Private Access
ms.service: entra-id-governance
ms.subservice:
author: owinfreyATL
manager: dougeby
 
ms.workload: identity
ms.topic: overview
ms.date: 04/09/2025
ms.author: owinfrey
---
 
# Entra Suite Scenario: Using Entra Private Access with Entitlement Management  

MODIFIED docs/id-governance/scenarios/least-privileged.md

Modified by Ortagus Winfrey on Dec 3, 2025 1:51 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Updates

Changes:

Before

After

ms.service: entra-id-governance
ms.subservice:
 
author: billmath
manager: dougeby
 
 
ms.topic: concept-article
ms.date: 04/09/2025
ms.author: billmath
---
 
# The principle of least privilege with Microsoft Entra ID Governance

ms.service: entra-id-governance
ms.subservice:
 
author: owinfreyATL
manager: dougeby
 
 
ms.topic: concept-article
ms.date: 04/09/2025
ms.author: owinfrey
---
 
# The principle of least privilege with Microsoft Entra ID Governance

MODIFIED docs/id-governance/scenarios/provision-ldap.md

Modified by Ortagus Winfrey on Dec 3, 2025 1:50 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: updates

Changes:

Before

After

title: Govern provisioning to on-premises LDAP based apps
description: This document describes how to configure Microsoft Entra ID to provision users into an on-premises LDAP directory.
 
author: billmath
manager: femila
ms.service: entra-id-governance
ms.subservice:
ms.topic: how-to
ms.date: 04/09/2025
ms.author: billmath
ms.reviewer: arvinh
---
 

title: Govern provisioning to on-premises LDAP based apps
description: This document describes how to configure Microsoft Entra ID to provision users into an on-premises LDAP directory.
 
author: owinfreyATL
manager: femila
ms.service: entra-id-governance
ms.subservice:
ms.topic: how-to
ms.date: 04/09/2025
ms.author: owinfrey
ms.reviewer: arvinh
---
 

MODIFIED docs/id-governance/scenarios/provision-sap.md

Modified by Ortagus Winfrey on Dec 3, 2025 1:46 PM
📖 View on learn.microsoft.com

+2 / -2 lines changed

Commit: Updates

Changes:

Before

After

title: Govern provisioning cloud users into on-premises SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver AS ABAP 7.0 or later.
description: This document describes how to provision users into SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver AS ABAP 7.0 or later.
 
author: billmath
manager: femila
ms.service: entra-id-governance
ms.subservice:
ms.topic: how-to
ms.date: 04/09/2025
ms.author: billmath
ms.reviewer: arvinh
---
 

title: Govern provisioning cloud users into on-premises SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver AS ABAP 7.0 or later.
description: This document describes how to provision users into SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver AS ABAP 7.0 or later.
 
author: owinfreyATL
manager: femila
ms.service: entra-id-governance
ms.subservice:
ms.topic: how-to
ms.date: 04/09/2025
ms.author: owinfrey
ms.reviewer: arvinh
---
 

📋 Microsoft Entra Documentation Changes

📊 Summary

📝 Modified Documentation Files