What IGA solves
Most organisations can answer who has access today — IAM gives them that. Few can answer who should have access, who approved it, when it was last reviewed, and what is the evidence trail. IGA is the answer layer. It runs the access reviews (quarterly or annual confirmation of every user's entitlements), it operates entitlement management (packages of access that can be requested, approved, time-bound), and it automates the joiner-mover-leaver flow so role changes flow into access changes without human triage.
Microsoft Entra ID Governance in the AU regulatory context
Microsoft Entra ID Governance is the Microsoft IGA SKU (separate licence on top of Entra ID P2). For Australian organisations the regulatory tailwind is strong: APRA CPS 234 expects access reviews on privileged information assets, Privacy Act reasonable-steps now reads as expecting evidence of access governance, and the upcoming Voluntary AI Safety Standard adds entitlement-around-AI to the scope. For mid-market AU tenants, Entra ID Governance is typically deployed inside the first 12 months on E5 once Conditional Access and PIM are mature.