Microsoft Graph Identity Governance

Microsoft Graph Identity Governance is the API surface that lets you automate and integrate the identity governance capabilities of Microsoft Entra ID (formerly Azure Active Directory). It helps you enforce least-privilege and zero-trust by controlling and auditing who gets access to what, for how long, and whyacross employees, contractors, guests, and connected applications. Through Graph, you can orchestrate joinermoverleaver lifecycle workflows; deliver governed access via entitlement management (catalogs, access packages, and approval policies); run one-time and recurring access reviews and app consent reviews; publish and track terms-of-use acceptance; and manage privileged access with just-in-time elevation through Privileged Identity Management for roles and groups. These APIs support external users, policy and separation-of-duties constraints, and provide rich auditing and reporting so you can embed governance into custom apps and automated processes at scale.