Skip to content

Create Access Reviews for Groups in Azure Active Directory

Create Access Reviews for Groups in Azure Active Directory

In this post, we will group through the process of how-to setup Access Reviews in Azure Active Directory.

What is Access Review?

Access Reviews can be used to review users or administrators access to groups or applications over time. These access reviews will also assist with reducing the risk of stale access assignments to sensitive groups or applications.

How to create access review

  1. Sign in to the Azure Portal: https://portal.azure.com
  2. Navigate to Identity Governance

Graphical user interface, application, Teams
Description automatically generated

  3. In the left menu, click Access reviews.

  4. Click on New access review to create a new access review.

Graphical user interface, application
Description automatically generated

5. Select what you want to review “Application or Teams/Groups”, In this example I will select Groups.

Graphical user interface, text, application
Description automatically generated

6. After selecting Teams + Groups, you will notice that you get an additional 2 options to select from.

Graphical user interface, text, application
Description automatically generated

  • All Microsoft 365 groups with guest users. Select this option if you would like to create recurring reviews on all your guest users across all your Microsoft Teams and Microsoft 365 groups in your organization. You can choose to exclude certain groups by clicking on ‘Select group(s) to exclude’.
  • Select teams + groups. Select this option if you would like to specify a finite set of teams and/or groups to review. After clicking on this option, you will see a list of groups to the right to pick from.
  1. We will select teams + groups for this example, after selecting it you will notice that you can now select the groups which you want to create an access review for. Click on “Select Group” and choose your group.

Graphical user interface, text, application, chat or text message
Description automatically generated

Graphical user interface, text, application, email
Description automatically generated

8. After selecting your group, you will then have to specify your Review scope. The review scope has the following 2 options.

Graphical user interface, text, application
Description automatically generated

Guest users only. Selecting this option limits the access review to just the Azure AD B2B guest users in your directory.

All Users. Selecting this option scopes the access review to all user objects associated with the resource.

9. I will go ahead and select “All Users”, once done click on “Next: Reviews

Graphical user interface, application
Description automatically generated

10. Next, we need to select the Reviewers and fallback reviewers if needed. In this example I will let the group owners be the reviewers.

11. Next, we need to specify the recurrence of the review. you can specify a frequency such as Weekly, Monthly, Quarterly, Semi-annually, annually. You then specify a Duration, which defines how long a review will be open for input from reviewers. For example, the maximum duration that you can set for a monthly review is 27 days, to avoid overlapping reviews. You might want to shorten the duration to ensure that your reviewers’ input is applied earlier. Next, you can select a Start date, and End date.

Graphical user interface, text, application
Description automatically generated

12. Click on Next: Settings to continue.

A picture containing graphical user interface
Description automatically generated

13. To finish of our access review, we need to configure some completing settings. However for the purpose of this post. I will keep the default settings since they work for my requirement.

Graphical user interface, text, application
Description automatically generated

14. Once done click on “Next: Review + Create

Graphical user interface, application
Description automatically generated

15. On the last page, provide a name for your access review and description and then click create at the bottom of the page.

Graphical user interface, text, application
Description automatically generated

16. Once the review has been created you will see it listed in the Access Review portal.

Graphical user interface, application
Description automatically generated

17. User will receive the following message when they need to review the members ship of a group.

additional content for reviewer

Sharing is caring!

Published inUncategorized

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *