====== Microsoft Entra ID======
  * [[https://learn.microsoft.com/en-us/entra/identity/conditional-access/]]

  * As a rule of thumb consider all Entra roles that are more than read-only as //privileged roles//.

====== Devices ======
>“Entra Workplace Join” (often shortened to Workplace Join) is Microsoft’s BYOD / light‑trust device registration model. In today’s terminology it is called a Microsoft Entra registered device (formerly Azure AD registered).


====== Condition Access ======
  * [[https://idpowerapp.com/]], Condition Access policy visualizer


====== Entitlement Management ======
===== To Explore =====
  * [[https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-eligible]]