Mark Brezicky / / Categories: Cloud Security, Azure, Security, Azure Active Directory

Azure AD Identity Governance – Access Reviews

 

Access Reviews are the first of four components of Azure AD Identity Governance.  Access reviews help organizations manage and automate resource access lifecycle.  You can create and use access reviews to reduce the risk of stale access on a periodic cycle.   

Planning access reviews

How to Create an Access Review 

To begin creating an access review, sign into the Azure AD portal and select Identity Governance.  Select Create an access review or choose Access reviews in the left menu options.  Click + New access reviews to begin the creation.  The following chart lists out all if the options currently available. 

 

Identity Access ReviewAccess ReviewCreate an access reviewCreating an access review

Access Review Status

Once you are finished choosing your options, click Start to begin the Access review. If you enabled Mail notifications, all reviewers would receive notice of the Access review. If not, you will need to let them know yourself.

 Once a review has begun, you can see the status of the review on the main Access Review page. There are several different states that an access review can be in once started.

 

Access Review StatusAccess Review

Review an Access Review

During a review, a reviewer can click on Start review from the received email. Or they can use either My Apps Portal or My Access Portal. My Access portal provides the new experience provided by Microsoft.

Once you are logged into the My Access portal, select Access reviews to see all the reviews you are a reviewer of. Click on the access review name and see the list of members under review. Here you can make decisions on whether to approve or deny the access. Microsoft will also provide a recommendation for the users. Choosing Don’t know will not remove access but will audit your decision. You can also supply a comment or reason for the decision and may be forced to if the option was chosen to do so.

Completing an Access Review

Once all users respond or the access review had run its course, reviewers will receive an email informing them that the review is complete, and decisions can be applied. If Auto apply results were chosen, no manual approval is required. A reviewer will either click Review results from the received email or go to the Azure AD Identity Governance portal and select the Access Review.

Click on Apply to enforce the decision changes. You can review the decisions and actions in the Results page.

Access reviews have many use cases to help control collaboration, manage risk, address governance, and reduce operational costs. There can be significant planning involved around creating organization wide, ongoing access reviews. However, once configured, you will fully benefit from its capabilities to ensure a secure and productive cloud environment.

This concludes the first part of Azure AD Identity Governance on how to create and manage Access reviews. How-To’s for each of the other components of Identity Governance, Entitlement Management, Privileged Identity Management, and Terms of User will be covered in the next parts of this series.

Enabling Technologies can help you properly prepare for moving to the cloud based on Microsoft Best Practices and utilizing a secure and productive environment. You can check out more in the Security section of our website.

Work with our team of Cloud Computing Consultants who have done this so many times they know all of the “minefields” to prevent missteps.

Subscribe to Email Updates

Refine by

To expand the list, please click on the double arrows.

 

Search by Category or Author:

ref:_00D80KtFf._5000y1WwWQD:ref