Group mining: do not start your ABAC model from zero
Your tenant is full of groups someone once made by hand. Group mining reads those patterns and proposes which group belongs to which attribute, so you do not have to spend months figuring out where to start.
Read more →Joiner-Mover-Leaver with your HR system: standard or custom?
Automating JML from your HR system sounds like one button, but it sits at two levels. What ServiceChanger does as standard at the group and role level, and what creating and deleting accounts from HR is as custom work.
Read more →Dynamic groups, an IGA platform, or ServiceChanger: when to choose what
You can manage access in Microsoft with native Entra dynamic groups, a full IGA platform, or a rules layer like ServiceChanger. Here are the three approaches, their limits, and when each fits.
Read more →ITIL request fulfilment without the ticket: a Microsoft approach
In ITIL, request fulfilment handles standard service requests. Many of those are about access. Here is how to map request fulfilment to attribute-driven assignment in Entra ID.
Read more →Reclaim unused Microsoft 365 licenses with Entra sign-in activity
Assigned licenses tell you nothing about usage. The real sign-in activity in Entra ID shows you licenses nobody uses. Here is how to build a 90-day policy and a business case around it.
Read more →Find inactive users in Entra by last sign-in (and what it saves)
The signInActivity field in Entra ID lets you find accounts that have not signed in for months. Here is how the query works, what to watch for (P1, 24-hour delay), and what it saves in licenses.
Read more →Entra ID vs Active Directory in 2026
Active Directory still runs in many places while Entra ID is becoming the standard. The state of play in 2026: what to do with your AD, when to move, what to keep hybrid.
Read more →RBAC vs ABAC: when to pick which
RBAC is simple and works up to a certain size. ABAC scales better but needs more setup. This is the practical decision point: when do you move from RBAC to ABAC?
Read more →Automate the service desk: stop handling access requests by hand
Access requests are a large share of service desk work and almost all of it is manual. Here is how to automate group membership in the Microsoft environment with rules, instead of per ticket.
Read more →Self-service access portals: the business case
A self-service access portal cuts tickets, lead time, and manager frustration. Real numbers and what you need to have in place for it to work.
Read more →IT offboarding checklist: what you can automate
The 15 steps of a complete IT offboarding in Microsoft Entra ID. Which you should automate, which you keep manual, and why the order matters.
Read more →Automating Entra ID group membership with attributes
How to let Entra ID group membership follow HR attributes like job title, department, and location automatically. From concept to working dynamic groups.
Read more →What is ABAC in Microsoft Entra ID?
ABAC (Attribute-Based Access Control) determines access based on attributes like job title, department, or location. How it works in Entra ID, how it differs from RBAC, and when to use it.
Read more →Dynamic groups vs static groups in Entra ID: when rules win
Static groups you fill by hand, dynamic groups fill themselves with a rule. This is the decision guide: when to pick which, plus the limits Microsoft does not advertise loudly.
Read more →Automate hybrid Active Directory with a PowerShell runbook
Drive on-prem AD groups from attributes in a hybrid environment. Here is how it works with Entra ID dynamic groups, a PowerShell runbook on a hybrid worker, and Entra Connect under one rule model.
Read more →Implementing ABAC in Entra ID: a step-by-step with dynamic groups
A practical step-by-step for rolling out ABAC in Entra ID with dynamic groups: from your first membership rules to a working model, with limits and pitfalls.
Read more →