Azure AD access reviews

%3CLINGO-SUB%20id%3D%22lingo-sub-203589%22%20slang%3D%22en-US%22%3EAzure%20AD%20access%20reviews%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203589%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3EOur%20organization%20using%20O365%20and%20we%20are%20planing%20to%20allow%20all%20staff%20to%20create%20groups%20on%20our%20tenant%20as%20we%20would%20like%20to%20roll%20out%20Team%2C%20Planner%20and%20Power%20BI.%20Now%20I%20m%20in%20the%20middle%20of%20setting%20up%20some%20group%20policies%20such%20as%20naming%20convention%2C%20group%20expiry%20etc.%20Also%2C%20I%20would%20like%20to%20enable%20Azure%20AD%20access%20reviews%20and%20notified%20group%20owners%20to%20review%20it%20periodically.%3C%2FP%3E%3CP%3EBut%20my%20question%20is%20how%20can%20I%20keep%20create%20an%20access%20review%20for%20individual%20groups%20that%20are%20created%20by%20our%20staff%2C%20how%20do%20I%20know%20how%20many%20groups%20has%20been%20created%20daily%20basis%2C%20etc.%20Can%20some%20on%20please%20tell%20me%20what%20is%20the%20best%20way%20to%20handle%20this.%3C%2FP%3E%3CP%3EThe%20other%20question%20is%2C%20are%20there%20any%20best%20practice%20of%20creating%20O365%20Groups.%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-203589%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-203665%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20access%20reviews%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-203665%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Nipuna%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Edont%20think%20there%20is%20off%20the%20shelf%20solution%20to%20generate%20the%20report%20about%20number%20of%20groups%20getting%20created%2C%26nbsp%3B%20there%20are%20third%20party%20reporting%20tools%20which%20you%20can%20explore%20for%20sure.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eregarding%20your%20question%20about%20triggering%20an%20access%20review%20automatically%20again%20the%20answer%20is%20unfortunately%20is%20no.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Enow%20about%20best%20practices%20for%20creating%20o365%20groups%2C%20there%20are%20basically%20two%20approaches%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eyou%20throw%20it%20open%20to%20the%20users%20where%20in%20they%20can%20just%20create%20groups%20from%20outlook%20or%20SharePoint%2C%20which%20most%20of%20the%20orgs%20use%20these%20days%20as%20it%20gives%20a%20breather%20to%20administrators.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebut%20if%20you%20want%20to%20give%20the%20group%20creation%20control%20to%20users%20then%20I%20would%20suggest%20that%20you%20create%20a%20simple%20form%20in%20SPO%20tied%20to%20a%20flow%20(%20which%20can%20include%20necessary%20approvals%20)%20which%20in%20turn%20triggers%20a%20logic%20app%20or%20azure%20function%20to%20provision%20a%20group%20for%20the%20request.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi All,

Our organization using O365 and we are planing to allow all staff to create groups on our tenant as we would like to roll out Team, Planner and Power BI. Now I m in the middle of setting up some group policies such as naming convention, group expiry etc. Also, I would like to enable Azure AD access reviews and notified group owners to review it periodically.

But my question is how can I keep create an access review for individual groups that are created by our staff, how do I know how many groups has been created daily basis, etc. Can some on please tell me what is the best way to handle this.

The other question is, are there any best practice of creating O365 Groups. 

Thanks.

1 Reply

Hi Nipuna,

 

dont think there is off the shelf solution to generate the report about number of groups getting created,  there are third party reporting tools which you can explore for sure. 

 

regarding your question about triggering an access review automatically again the answer is unfortunately is no.

 

now about best practices for creating o365 groups, there are basically two approaches

 

you throw it open to the users where in they can just create groups from outlook or SharePoint, which most of the orgs use these days as it gives a breather to administrators.

 

but if you want to give the group creation control to users then I would suggest that you create a simple form in SPO tied to a flow ( which can include necessary approvals ) which in turn triggers a logic app or azure function to provision a group for the request.

 

Thanks