Learn about What are Azure AD access reviews and usage?

  1. Home
  2. Learn about What are Azure AD access reviews and usage?

This tutorial will help you to Learn about What are Azure AD access reviews? Azure Active Directory (Azure AD) access reviews helps organizations to enable to efficiently manage group memberships, access to enterprise applications, and role assignments. The access of users may be checked on a regular basis to ensure that only the appropriate persons have access.

Why are access reviews important?

Azure Active Directory enables you to collaborate both internally and with individuals from outside companies, such as partners. With the aid of access reviews, you may improve your chances of getting a job. Users may operate remotely from their business or personal devices by joining groups, inviting visitors, and connecting to cloud apps. The ease of self-service has necessitated the development of improved access management tools.

  • How do you guarantee that new staff has the access they require to be productive?
  • How do you ensure that people’s old access is deleted when they change teams or leave the company?
  • Access privileges that are too broad might lead to compromises.
  • Excessive access rights can lead to audit results since they imply a lack of access control.
  • You must actively connect with resource owners to ensure that they examine who has access to their resources on a frequent basis.

When to use access reviews?

Access Reviews can be used in the following situation –

  • Firstly, Too many users in privileged roles
  • Subsequently, When automation is infeasible
  • Also, When a group is used for a new purpose
  • Furthermore, Business critical data access
  • Also, To maintain a policy’s exception list
  • Subsequently, Ask group owners to confirm they still need guests in their groups
  • Finally, Have reviews recur periodically

Where to create reviews?

Depending on what do you want to review, you will have to create and learn about your access review depending on your demands as in Azure AD access reviews, Azure AD enterprise apps (in preview), or Azure AD PIM.

Access rights of usersReviewers can beReview created inReviewer experience
Security group members
Office group members
Specified reviewers
Group owners
Self-review
Azure AD access reviews
Azure AD groups
Access panel
Assigned to a connected appSpecified reviewers
Self-review
Azure AD access reviews
Azure AD enterprise apps (in preview)
Also, Access panel
Azure AD roleSpecified reviewers
Self-review
Azure AD PIMFurthermore, Azure portal
Azure resource roleSpecified reviewers
Self-review
Also, Azure AD PIMFinally, Azure portal

Create access reviews

To create an access review, follow the following steps:

  • Visit Azure portal to manage access reviews and sign in as a Global administrator or User administrator.
  • Choose Azure Active Directory.
Learn Azure portal search for Azure Active Directory
Image source – microsoft
  • Choose Identity Governance.
  • On the Getting started page, choose the Create an access review button.

How many licenses you must have?

Before getting started, ensure that your directory has at least as many Azure AD Premium P2 licenses as you have employees that will be performing and learn the below-mentioned tasks:

  • Firstly, Member and guest users who are assigned as reviewers
  • Also, Member and guest users who perform a self-review
  • Subsequently, Group owners who perform an access review
  • Finally, Application owners who perform an access review

The licence requirements for guest users will be determined by the licencing model you’re employing. However, the actions of the following guest users are considered Azure AD Premium P2 usage:

  • Guest users who are assigned as reviewers
  • Then, guest users who perform a self-review
  • Next, guest users as group owners who perform an access review
  • Guest users as application owners who perform an access review

Azure AD Premium P2 licenses are not essential for the following tasks:

  • No licenses are needed for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews.
free practice test for AZ- 303

Go back to home page

Reference documentation – What are Azure AD access reviews?

Menu