• https://learn.microsoft.com/en-us/entra/identity/conditional-access/

• As a rule of thumb consider all Entra roles that are more than read-only as privileged roles.

“Entra Workplace Join” (often shortened to Workplace Join) is Microsoft’s BYOD / light‑trust device registration model. In today’s terminology it is called a Microsoft Entra registered device (formerly Azure AD registered).

• https://idpowerapp.com/, Condition Access policy visualizer

• https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-eligible