Why Does Microsoft Identity Management Seem So Disorganized?

Yeah, it's a bit crazy how different permissions get assigned in Microsoft tools. For instance, even eDiscovery permissions are tucked away, which makes it tough when someone says they need the same access as another user. It’s usually easier to get them to specify their needs directly instead of trying to replicate existing permissions, since you can miss out on unique access rights.

To be honest, amidst the chaos, I think identity governance is at least somewhat organized. Yes, you need to navigate a bunch of different screens and interfaces, but that’s just how complex these systems are becoming. Most access management in Intune operates on a policy level rather than a resource level, so understanding how Entra identities work together with it can help.

The key to managing this chaos is using Entra groups effectively. Most permissions can actually be managed through these groups, which can help tie together roles from different services like Azure IAM, Intune, and Conditional Access. You’ll want a solid naming convention and documentation, but once you get that sorted, things will flow much smoother. Just keep in mind, IT security can throw a wrench in things if they introduce a new identity management tool without a clear integration plan.

It’s frustrating, for sure. The product teams at Microsoft often operate in their own silos, which leads to inconsistent user experiences. Just take a look at the UI design; it’s not always logical, and you can forget about finding everything you need in one spot. Plus, with so many legacy systems still in play, it seems like there’s no get out of jail free card for this confusion.