Learn about What are Azure AD access reviews and usage?
This tutorial will help you to Learn about What are Azure AD access reviews? Azure Active Directory (Azure AD) access reviews helps organizations to enable to efficiently manage group memberships, access to enterprise applications, and role assignments. The access of users may be checked on a regular basis to ensure that only the appropriate persons have access.
Why are access reviews important?
Azure Active Directory enables you to collaborate both internally and with individuals from outside companies, such as partners. With the aid of access reviews, you may improve your chances of getting a job. Users may operate remotely from their business or personal devices by joining groups, inviting visitors, and connecting to cloud apps. The ease of self-service has necessitated the development of improved access management tools.
- How do you guarantee that new staff has the access they require to be productive?
- How do you ensure that people’s old access is deleted when they change teams or leave the company?
- Access privileges that are too broad might lead to compromises.
- Excessive access rights can lead to audit results since they imply a lack of access control.
- You must actively connect with resource owners to ensure that they examine who has access to their resources on a frequent basis.
When to use access reviews?
Access Reviews can be used in the following situation –
- Firstly, Too many users in privileged roles
- Subsequently, When automation is infeasible
- Also, When a group is used for a new purpose
- Furthermore, Business critical data access
- Also, To maintain a policy’s exception list
- Subsequently, Ask group owners to confirm they still need guests in their groups
- Finally, Have reviews recur periodically
Where to create reviews?
Depending on what do you want to review, you will have to create and learn about your access review depending on your demands as in Azure AD access reviews, Azure AD enterprise apps (in preview), or Azure AD PIM.
Access rights of users | Reviewers can be | Review created in | Reviewer experience |
---|---|---|---|
Security group members Office group members | Specified reviewers Group owners Self-review | Azure AD access reviews Azure AD groups | Access panel |
Assigned to a connected app | Specified reviewers Self-review | Azure AD access reviews Azure AD enterprise apps (in preview) | Also, Access panel |
Azure AD role | Specified reviewers Self-review | Azure AD PIM | Furthermore, Azure portal |
Azure resource role | Specified reviewers Self-review | Also, Azure AD PIM | Finally, Azure portal |
Create access reviews
To create an access review, follow the following steps:
- Visit Azure portal to manage access reviews and sign in as a Global administrator or User administrator.
- Choose Azure Active Directory.
- Choose Identity Governance.
- On the Getting started page, choose the Create an access review button.
How many licenses you must have?
Before getting started, ensure that your directory has at least as many Azure AD Premium P2 licenses as you have employees that will be performing and learn the below-mentioned tasks:
- Firstly, Member and guest users who are assigned as reviewers
- Also, Member and guest users who perform a self-review
- Subsequently, Group owners who perform an access review
- Finally, Application owners who perform an access review
The licence requirements for guest users will be determined by the licencing model you’re employing. However, the actions of the following guest users are considered Azure AD Premium P2 usage:
- Guest users who are assigned as reviewers
- Then, guest users who perform a self-review
- Next, guest users as group owners who perform an access review
- Guest users as application owners who perform an access review
Azure AD Premium P2 licenses are not essential for the following tasks:
- No licenses are needed for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews.
Reference documentation – What are Azure AD access reviews?