Projects · Entra ID

JML Monitor for Microsoft Entra ID

By Andreas Krisby 2026-02-10 2 min read

Background

I wanted to better understand Joiner, Mover and Leaver (JML) processes in practice, how access changes over time, and how access drift can be detected within Microsoft Entra ID.

At the same time, I wanted to gain hands-on experience with Microsoft Graph API and explore how identity data can be analyzed programmatically.

What I Built

I developed a simple monitoring solution that collects users and group memberships from Microsoft Entra ID and compares the current state against historical snapshots.

The goal was to identify changes in access that may otherwise go unnoticed.

The solution consisted of:

  • Microsoft Entra ID
  • Microsoft Graph API
  • Python
  • JSON-based state tracking

What I Tested

The monitor was designed to detect scenarios such as:

  • New access assignments
  • Removed access
  • Administrative privileges
  • Segregation of Duties (SoD) conflicts
  • Disabled accounts with active access
  • Access remaining after role changes or offboarding

To simulate realistic scenarios, I created users, groups and role assignments representing different departments and responsibilities.

Results

The monitor was able to:

  • Track changes in group memberships over time
  • Detect access drift
  • Highlight potential governance issues
  • Identify JML-related events
  • Provide historical visibility into access changes

The project also demonstrated how Microsoft Graph API can be used to automate identity monitoring and access reviews.

Reflection

The most interesting lesson from this project was realizing that access drift is often difficult to detect without historical context.

Looking at current permissions alone does not always reveal whether access was recently granted, removed or left behind after a role change.

The project reinforced the importance of governance, lifecycle management and continuous monitoring in identity security.

It also gave me practical experience working with Microsoft Graph API, RBAC concepts and identity-related security logic.

Technical Note

AI was used to assist with parts of the Python implementation. My main focus was on the IAM concepts behind the solution, including access drift detection, group-based RBAC, JML processes, and the use of Microsoft Graph API to analyze identity-related changes over time.