Access Reviews are the first of four components of Azure AD Identity Governance. Access reviews help organizations manage and automate resource access lifecycle. You can create and use access reviews to reduce the risk of stale access on a periodic cycle.
How to Create an Access Review
To begin creating an access review, sign into the Azure AD portal and select Identity Governance. Select Create an access review or choose Access reviews in the left menu options. Click + New access reviews to begin the creation. The following chart lists out all if the options currently available.
Access Review Status
Once you are finished choosing your options, click Start to begin the Access review. If you enabled Mail notifications, all reviewers would receive notice of the Access review. If not, you will need to let them know yourself.
Once a review has begun, you can see the status of the review on the main Access Review page. There are several different states that an access review can be in once started.
Review an Access Review
During a review, a reviewer can click on Start review from the received email. Or they can use either My Apps Portal or My Access Portal. My Access portal provides the new experience provided by Microsoft.
Once you are logged into the My Access portal, select Access reviews to see all the reviews you are a reviewer of. Click on the access review name and see the list of members under review. Here you can make decisions on whether to approve or deny the access. Microsoft will also provide a recommendation for the users. Choosing Don’t know will not remove access but will audit your decision. You can also supply a comment or reason for the decision and may be forced to if the option was chosen to do so.
Completing an Access Review
Once all users respond or the access review had run its course, reviewers will receive an email informing them that the review is complete, and decisions can be applied. If Auto apply results were chosen, no manual approval is required. A reviewer will either click Review results from the received email or go to the Azure AD Identity Governance portal and select the Access Review.
Click on Apply to enforce the decision changes. You can review the decisions and actions in the Results page.
Access reviews have many use cases to help control collaboration, manage risk, address governance, and reduce operational costs. There can be significant planning involved around creating organization wide, ongoing access reviews. However, once configured, you will fully benefit from its capabilities to ensure a secure and productive cloud environment.
Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment. You can check out more in the Security section of our website.