Access Reviews in Azure AD Identity Governance  

 

Azure AD Access Review is an integral part of access governance in the organization. It enables admins to effectively control group memberships, access to enterpriser apps or role assignments. Access reviews helps to manage the membership on a regular basis. 

End users can collaborate with external users using Azure AD, so it’s pretty much required to review the access so to audit any unnecessary access granted to any user. 

Usage examples 

Following is a simple list where you would require an access review: 

  • Business critical data access 

  • A group is re-purposed 

  • Automation is impossible 

  • Privilege role have more than 5 users 

  • Recurring automatically 

  • Governance policy 

  • Verify guest access in groups 

License requirements 

Access review requires an Azure AD Plan 2 license for every user who will be the reviewer 

How many licenses must you have? 

A license is required for the following users and guests: 

  • Who are assigned as reviewers 

  • Who performs a self-review 

  • Group owners who perform an access review 

  • Application owners who perform an access review 

Where to create the access review 

Access reviews comes under the identity governance in Azure AD. You can simply create access reviews for groups teams or enterpriser applications.