Forum Discussion

Deleted's avatar
Deleted
May 04, 2018

+1 on the proposed 'Access Reviews' solution. 

 

Using the info from the responses, I've looked into Access Reviews, and found it to be a really good way to meet these needs. 

 

I created a review, set the schedule/interview, specified Guest Users only, and saw all of the other options that are available to be set, including who to notify for re-attestation (.the guest users themselves, owners of a designated group who are responsible for managing a given set of guest users <which can be a dynamic security group based on an attribute populated for different sets of guest users>, a designated 'guest user manager(s)', and others).

 

Probably the best option was the fact that it had a 'what action to take if user doesn't respond to the access review.'  Haven't validated this yet but one option was to revoke access, which our Infosec dept will love.  

 

We're an E5 org, but don't have AAD P2.  We have P1 with one of those custom-bundle license packages.  I've added a P2 trial, but don't know what it will necessarily give us with our needs in this dept.  Our MS Acct Mgrs are willing to work with us given the FY Close in June, so if someone in the know could provide me some info about the enhancements/value-add of P2 in the Access Review, Cloud App Discovery, and anything else that I can use to enhance security in Azure/O365 I'd appreciate it.  

 

 

Levente Rog's avatar
Levente Rog
Copper Contributor
Nov 14, 2018

I'm looking at the Access Reviews feature but each review is scoped to a particular Azure AD group.

I want to create a review with the scope of all Guest users.

Is that possible?

Resources