Review access of an access package in entitlement management
Entitlement management simplifies how enterprises manage access to groups, applications, and SharePoint sites. This article describes how to perform access reviews for other users that are assigned to an access package as a designated reviewer.
To review users' active access package assignments, the creator of a review must satisfy these prerequisites:
- Azure AD Premium P2
- Global administrator, Identity Governance administrator, or User administrator
For more information, see License requirements.
The reviewer can be anyone the creator of a review selects (group owner, manager of user, the user themselves, or any selected user or group).
Open the access review
Use the following steps to find and open the access review:
You may receive an email from Microsoft that asks you to review access. Locate the email to open the access review. Here is an example email to review access:
Click the Review user access link to open the access review.
If you don’t have the email, you can find your pending access reviews by navigating directly to https://myaccess.microsoft.com. (For US Government, use
Click Access reviews on the left navigation bar to see a list of pending access reviews assigned to you.
Click the review that you’d like to begin.
Perform the access review
Once you open the access review, you will see the names of users for which you need to review. There are two ways that you can approve or deny access:
- You can manually approve or deny access for one or more users
- You can accept the system recommendations
Manually approve or deny access for one or more users
Review the list of users and determine which users need to continue to have access.
To approve or deny access, select the radio button to the left of the user’s name.
Select Approve or Deny in the bar above the user names.
If you aren't sure, you can click the Don’t know button.
If you make this selection, the user maintains access, and this selection goes in the audit logs. The log shows any other reviewers that you still completed the review.
You may be required to provide a reason for your decision. Type in a reason and click Submit.
You can change your decision at any time before the end of the review. To do so, select the user from the list and change the decision. For example, you can approve access for a user you previously denied.
If there are multiple reviewers, the last submitted response is recorded. Consider an example where an administrator designates two reviewers – Alice and Bob. Alice opens the review first and approves access. Before the review ends, Bob opens the review and denies access. In this case, the last deny access decision gets recorded.
If a user is denied access in the review, they aren't removed from the access package immediately. The user will be removed from the access package once the review results are applied after the review is closed. The review will close automatically at the end of the review duration or earlier if an administrator manually stops the review.
Approve or deny access using the system-generated recommendations
To review access for multiple users more quickly, you can use the system-generated recommendations, accepting the recommendations with a single click. The recommendations are generated based on the user's sign-in activity.
In the bar at the top of the page, click Accept recommendations.
You'll see a summary of the recommended actions.
Click Submit to accept the recommendations.