PIM Access Review (Managment Groups and Subscriptions)

Dragan 21 Reputation points
2022-06-02T06:56:55.373+00:00

Is PIM Access review available on Management Group level or only on subscription level?

What if role assignment is done on MG and access review is done on subscription level for example on role "Contributor"? And "Contributor" is assigned on MG level.
If used with this option on link
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-azure-ad-roles-and-resource-roles-review?toc=%2Fazure%2Factive-directory%2Fgovernance%2Ftoc.json#upon-completion-settings
would it remove access completely from MG?

This is not clear for me.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,767 questions
Azure Active Directory Priviledged Identity Management
No comments
{count} votes

Accepted answer
  1. Florian Frommherz 76 Reputation points
    2022-06-13T18:38:09.863+00:00

    Hi!

    Currently, Access Reviews only support role assignments that are made on the Subscription level.

    Thanks,
    Florian


0 additional answers

Sort by: Most helpful