Access Reviews for Privileged access groups (Preview)

H Raja 221 Reputation points
2021-03-16T14:36:07.107+00:00

I've created a Privileged access groups (Preview) with JIT enabled, I wanted to setup an Access Review as part of the group. I've gone through the steps and created it, but it showing blade? On the Audit logs, it shows completed. Any ideas? Is there any replication time?78311-revie.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,484 questions
{count} votes

6 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,246 Reputation points Microsoft Employee
    2021-03-23T18:23:14.5+00:00

    If the access review was successful, you should get an alert in "Notifications" indicating the success. Then you can click into the alert itself to review the access review.

    80844-image.png

    80785-image.png

    My review took a few minutes to show up in the blade after getting the notification that the review was created successfully.

    80845-image.png

    If you try the steps I gave in the comments and still have this issue, we can reach out to the product team and report this.

    0 comments No comments

  2. H Raja 221 Reputation points
    2021-03-23T22:22:01.263+00:00

    @MarileeTurscak Thanks for the responce, I did check the notification area and it was created but it didn't populated under Access Reviews under Groups > Activity Section > Access Reviews. I did use Privileged Role Administrator role, then I tried again with GA accout and it worked and Access Review was created. I'm just wondering if privileged access group settings (preview) - needs GA account, since only in Preview...

    0 comments No comments

  3. Marilee Turscak-MSFT 36,246 Reputation points Microsoft Employee
    2021-03-24T16:40:51.427+00:00

    That seems like that would be the reason. Based on the documentation's prerequisites you need to either be a Global Admin or a User Admin to create an Access Review.

    That said, it's odd that you received an alert that the access review was successfully created if you didn't have the proper permissions to create it. If you can reproduce that and get a screenshot we can report this as a bug.

    0 comments No comments

  4. H Raja 221 Reputation points
    2021-03-25T10:32:27.337+00:00

    @MarileeTurscak OK, I know it worked with GA, but as you can see, I have both User Admin and Priv Role Admin and created the Group.
    81489-active.png

    Group Created
    81514-newgrp.png

    But when I go to Identity Goverence > Access Review, i've not able to select the Group?
    81523-accessreviewgreyed.png

    Hope the abvove makes sense?

    0 comments No comments

  5. H Raja 221 Reputation points
    2021-03-25T10:44:19.763+00:00

    @MarileeTurscak
    This get even stranger, if i go another route, it does allow me to create the review, but doesnt show (like I did before)

    81467-adgroup.png

    I now can create it goiing via Groups and Access Reviews, but doest show>
    81532-reviewsetup.png

    81533-status.png

    0 comments No comments