The first screen in the wizard is to select the role you want to review: pick a role which one or more users have, such as Global Administrator.
Next, select who will perform the review. If you just want to test the concept of security reviews without notifying the administrators currently in the role, chose "Me" for who will review, otherwise, choose "Self review by role members". We'll be adding more options for delegation in the future.
Finally, pick the start and end dates for the review. For example, you might wish to give users a week to respond.
Once you click to complete the wizard, then the users currently in the selected role will be ready to be reviewed. Unless you selected "Me" as reviewer option, those administrative users will get an email notification that their review has started. Reviewing the access rights The administrators perform their review in a new part of the Azure AD Privileged Identity Management UI, by clicking on "Review administrative access".
For each role, they can select to either approve or deny whether they need continue to need it. Selecting each user and clicking the Approve access or Deny access buttons at the bottom of the screen completes their part of the review. Completing the security review The security administrator can review the results of their security review in progress in the Azure AD Privileged Identity Management UI, by clicking on "Manage identities", on the "Security reviews" section of the dashboard.
The security administrator can then drill into these results and decide what actions to take, including removing user's role assignments or converting permanent role assignments to temporary assignments. In later previews we'll expand the capabilities of this feature, including optional automatic updates of the role assignments in Azure Active Directory, and also bring the security reviews concepts to other parts of Azure AD, in particular security reviews for group memberships. We welcome your feedback on this or any other feature in Azure AD and Azure AD Premium, so please don't hesitate to leave comments or questions on our forum as well. Thanks, Mark Wahl Principal Program Manager
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.