If you're not already using PIM, take a look at the instructions to enable Privileged Identity Management for your directory to get started. Read more about this exciting new preview at PIM for Azure resources (Preview) . Note: Azure PIM is an Azure AD Premium 2 feature. Access reviews for attestation The second new feature in preview is access reviews of users in groups and assigned access to applications. We've already included access reviews for admins in directory roles in Azure AD PIM, and now we're expanding how access reviews can be used for groups and application access. There are quite a few ways to control application access in Azure AD. A lot of organizations use groups in AD or Azure AD to control access. Users can also request application access . And now, the new Office 365 groups feature allows more users across your organization to create their own groups and pick who they want in those groups. (We've added a preview of automatic expiration of Office 365 groups to ensure the number of groups doesn't get overwhelming). Of course, over time, group memberships and application access assignments can get stale – people change jobs or no longer need access to a particular application. Maybe a guest who was given access isn't affiliated with their original organization any longer. This staleness can cause a problem for protecting business-sensitive assets or applications subject to compliance. To avoid access getting out of hand, organizations can now schedule access reviews to make sure only the users they want to have access to their assets and applications are able to access those things. An access review asks users to recertify (or "attest") to access rights to an app or membership in a group. You can ask users to review their own rights or select reviewers to review everyone in a group or everyone assigned access to an app. You can also ask the group owners to review. And finally, for those organizations that have other processes in place to manage employee access, you can scope the review to include only guest members or guests who have access.
Reviewers will receive an email so they can see the reviews in the access panel. Azure AD includes access highlights and recommendations that help reduce how long it takes for a review to be completed.
The results are aggregated and then, based on those results, the admin can choose when to make changes and remove the denied users' access.
This particular preview includes access reviews for:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.