Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
title description services documentationcenter author manager editor ms.service ms.workload ms.tgt_pltfrm ms.topic ms.subservice ms.date ms.author ms.reviewer ms.collection
Manage user access with access reviews
Learn how to manage users' access as membership of a group or assignment to an application with Azure Active Directory access reviews
active-directory
amsliu
amycolannino
markwahl-msft
active-directory
identity
na
conceptual
compliance
06/21/2018
amsliu
mwahl
M365-identity-device-management

Manage user access with Microsoft Entra access reviews

With Microsoft Entra, you can easily ensure that users have appropriate access. You can ask the users themselves or a decision maker to participate in an access review and recertify (or attest) to users' access. The reviewers can give their input on each user's need for continued access based on suggestions from Microsoft Entra. When an access review is finished, you can then make changes and remove access from users who no longer need it.

[!NOTE] If you want to review only guest users' access and not review all types of users' access, see Manage guest user access with access reviews. If you want to review users' membership in administrative roles such as global administrator, see Start an access review in Azure AD Privileged Identity Management.

Prerequisites

  • Azure AD Premium P2

For more information, see License requirements.

If you are reviewing access to an application, then before creating the review, see the article on how to prepare for an access review of users' access to an application to ensure the application is integrated with Azure AD.

Create and perform an access review

You can have one or more users as reviewers in an access review.

  1. Select a group in Azure AD that has one or more members. Or select an application connected to Azure AD that has one or more users assigned to it.

  2. Decide whether to have each user review their own access or to have one or more users review everyone's access.

  3. In one of the following roles: a global administrator, user administrator, or (Preview) an owner of a Microsoft 365 group or Azure AD security group to be reviewed, go to the Identity Governance page.

  4. Create the access review. For more information, see Create an access review of groups or applications.

  5. When the access review starts, ask the reviewers to give input. By default, they each receive an email from Azure AD with a link to the access panel, where they review access to groups or applications.

  6. If the reviewers haven't given input, you can ask Azure AD to send them a reminder. By default, Azure AD automatically sends a reminder halfway to the end date to reviewers who haven't yet responded.

  7. After the reviewers give input, stop the access review and apply the changes. For more information, see Complete an access review of groups or applications.

Next steps

Create an access review of groups or applications