Create Access Reviews for Groups in Azure Active Directory
In this post, we will group through the process of how-to setup Access Reviews in Azure Active Directory.
What is Access Review?
Access Reviews can be used to review users or administrators access to groups or applications over time. These access reviews will also assist with reducing the risk of stale access assignments to sensitive groups or applications.
How to create access review
- Sign in to the Azure Portal: https://portal.azure.com
- Navigate to Identity Governance
3. In the left menu, click Access reviews.
4. Click on New access review to create a new access review.
5. Select what you want to review “Application or Teams/Groups”, In this example I will select Groups.
6. After selecting Teams + Groups, you will notice that you get an additional 2 options to select from.
- All Microsoft 365 groups with guest users. Select this option if you would like to create recurring reviews on all your guest users across all your Microsoft Teams and Microsoft 365 groups in your organization. You can choose to exclude certain groups by clicking on ‘Select group(s) to exclude’.
- Select teams + groups. Select this option if you would like to specify a finite set of teams and/or groups to review. After clicking on this option, you will see a list of groups to the right to pick from.
- We will select teams + groups for this example, after selecting it you will notice that you can now select the groups which you want to create an access review for. Click on “Select Group” and choose your group.
8. After selecting your group, you will then have to specify your Review scope. The review scope has the following 2 options.
Guest users only. Selecting this option limits the access review to just the Azure AD B2B guest users in your directory.
All Users. Selecting this option scopes the access review to all user objects associated with the resource.
9. I will go ahead and select “All Users”, once done click on “Next: Reviews”
10. Next, we need to select the Reviewers and fallback reviewers if needed. In this example I will let the group owners be the reviewers.
11. Next, we need to specify the recurrence of the review. you can specify a frequency such as Weekly, Monthly, Quarterly, Semi-annually, annually. You then specify a Duration, which defines how long a review will be open for input from reviewers. For example, the maximum duration that you can set for a monthly review is 27 days, to avoid overlapping reviews. You might want to shorten the duration to ensure that your reviewers’ input is applied earlier. Next, you can select a Start date, and End date.
12. Click on Next: Settings to continue.
13. To finish of our access review, we need to configure some completing settings. However for the purpose of this post. I will keep the default settings since they work for my requirement.
14. Once done click on “Next: Review + Create”
15. On the last page, provide a name for your access review and description and then click create at the bottom of the page.
16. Once the review has been created you will see it listed in the Access Review portal.
17. User will receive the following message when they need to review the members ship of a group.