What IAM covers
IAM is the umbrella category for everything that touches identity: provisioning (creating accounts when staff start), authentication (proving who is signing in), authorisation (what they can access), session management (how long their access is valid), access reviews (periodic confirmation that access is still needed), and deprovisioning (removing access when staff leave). Microsoft Entra is the IAM platform for Microsoft 365 tenants and increasingly the IAM platform for an AU organisation's entire SaaS estate via SSO.
IAM, IGA and PAM — how they fit together
IAM is the foundation: authentication, SSO, basic lifecycle. IGA (Identity Governance and Administration) layers on top: access reviews, entitlement management, joiner-mover-leaver automation. PAM (Privileged Access Management) is the specialised slice that handles admin accounts: vaulting credentials, just-in-time elevation, session recording. Microsoft delivers all three in the Entra family — Entra ID for IAM, Entra ID Governance for IGA, Entra PIM for the cloud-PAM slice (third-party PAMs like CyberArk still lead for on-premises and infrastructure PAM).