After assigning users a Privileged Identity Management (PIM) role, we can perform access reviews to ensure that users that need permissions will be allowed access to elevated systems. If not, they will be removed.
In Entra ID, navigate to the Identity Governance section:
Select âAccess reviewsâ and click on âNew access reviewâ:
Select âTeams + Groupsâ and choose the group you want to review. Here we will choose the management group:
In the Reviews tab, select the reviewers and the recurence:
In the Settings tab, we can also set actions based on no responce and various other options. I selected to send a notification to myself:
After creating the review we can now see it under âAccess reviewsâ:
Azure will send out an email to the reviewer:
Upon starting the review, the reviewer can now decide if they will approve or deny access:
If they decide to make a decision, they will need to justify their actions:
