For sensitive business resources, a simple “request access” button is not enough. Microsoft Mechanics’ short demo shows a practical identity pattern: users can receive baseline access for a new role, then request higher-value resources through Microsoft Entra governance workflows that require stronger proof before access is granted.
What the demo shows
In the scenario, a user signs in with a passkey and receives the standard applications and permissions included in a baseline access package. When she needs an additional competitive-analysis resource, she submits a request through My Access. Because the target system contains highly confidential on-premises pricing data, the workflow requires a Verified ID step-up with face check in Microsoft Authenticator before access is approved.
Why this matters for IT and security teams
High-value resources often sit at the intersection of productivity and risk: pricing dashboards, customer data, engineering systems, financial tools, or privileged operational consoles. Treating every access request the same creates unnecessary exposure. A step-up model lets organizations keep routine onboarding fast while applying stronger verification only when the requested resource justifies it.
This is especially relevant for Zero Trust programs. Instead of assuming that a signed-in user should receive sensitive access automatically, the workflow evaluates the resource value and asks for additional assurance at the point of need.
Operational takeaways
- Use baseline access packages to streamline role-based onboarding without manual ticket queues.
- Route exceptional or sensitive access through governed request workflows rather than informal approvals.
- Apply stronger verification, such as Verified ID face check, for resources containing confidential, regulated, or commercially sensitive data.
- Make the user path clear by directing requests through My Access and keeping the approval experience consistent.
- Review which applications deserve step-up controls before rolling the pattern out broadly.
Bottom line
The demo highlights a useful Entra pattern: combine fast, passwordless sign-in and baseline entitlement automation with targeted step-up verification for the resources that matter most. For cloud and identity teams, this is a practical way to reduce friction for normal work while tightening controls around high-value data.