Lab 25 - Creating Access Reviews for Internal and External Users
Lab scenario
Privileged user access should be regularly reviewed in a similar manner. Since these are elevated access assignments, the review of these should be done on a consistent basis as identified by the company. Unused and unnecessary privileged assignments should be removed. Automated removal should also be configured for users that are no longer with the company or have changed departments within the company.
Estimated time: 5 minutes
Exercise 1 - Create an internal Access review
Task - Create a new Access review
-
Sign in to the https://entra.microsoft.com as a Global administrator.
-
Access reviews can manage the access lifecycle. Within Microsoft Entra ID, find Identity Governance, then select Access reviews.
-
Select + New access review.
-
In the Select what to review box choose Teams + Groups from the dropdown.
-
Select Select Teams + groups and pick the Sales and Marketing group from the list, and hit Select.
-
Set the Scope to All users.
-
Select the Next: Reviews to move forward in the wizard.
-
The next step is to determine the reviewers. These reviewers can be the member themselves to do a self-review or can be assigned to supervisors if reviewing access for an entire department. You can also set the action when a reviewer does not respond to automatically remove that privileged access from the member.
-
Pick a reviewer and review recurrence option. Then select Settings.
-
The advanced settings allow you to put a message as part of the review.
-
Switch to the Review + Create tab to finalize the access review.
-
Name the access review SC300 Access Review Test.
-
Select Create at the bottom of the page.
Note - When the access review is created, the access review list will populate with the roles and owners of the reviews.
-
Members that are being reviewed will receive an email when the review is initiated.
-
Selecting an access review of one of the roles will provide status on these access reviews.