All essential changes on EntraOps will be documented in this changelog.
Added support for Intune RBAC (Device Management) and new workbook for (Privileged) Workload Identities
- Support for Intune (Device Management) as Role System #16
- Workbook for Insights on Privileged Workload Identities #24
- Sensitive Directory Roles without role actions will be particular classified within classification process in
Export-EntraOpsClassificationDirectoryRoles#12 #25 - Introduction of
TaggedByforControlPlaneRolesWithoutRoleActionsto apply Control Plane classification of Microsoft Entra Connect directory roles
Introduction of capabilities to automate assignment of privileges to Conditional Access Groups and (Restricted Management) Administrative Units but also added WatchLists for Workload IDs.
- Automated update of Microsoft Sentinel WatchList Templates #8
- Automated coverage of privileged assets in CA groups and RMAUs #15
- Advanced WatchLists for Workload Identities #22
- Separated cmdlet for get classification for Control Plane scope #19
- Added support for -AsSecureString in Az PowerShell (upcoming breaking change) #20
- Added support for granting required permissions for automated assignment to CA and Administrative Unit
- Remove Azure from ValidateSet until it's available #18
Initial release of EntraOps Privileged EAM with features to automate setup for GitHub repository, classification and ingestion of privileges in Microsoft Entra ID, Identity Governance and Microsoft Graph App Roles.