Manage user access with Azure AD access reviews
With Azure Active Directory (Azure AD), you can easily ensure that users have appropriate access. You can ask the users themselves or a decision maker to participate in an access review and recertify (or attest) to users' access. The reviewers can give their input on each user's need for continued access based on suggestions from Azure AD. When an access review is finished, you can then make changes and remove access from users who no longer need it.
If you want to review only guest users' access and not review all types of users' access, see Manage guest user access with access reviews. If you want to review users' membership in administrative roles such as global administrator, see Start an access review in Azure AD Privileged Identity Management.
- Azure AD Premium P2
For more information, see License requirements.
If you are reviewing access to an application, then before creating the review, see the article on how to prepare for an access review of users' access to an application to ensure the application is integrated with Azure AD.
Create and perform an access review
You can have one or more users as reviewers in an access review.
Select a group in Azure AD that has one or more members. Or select an application connected to Azure AD that has one or more users assigned to it.
Decide whether to have each user review their own access or to have one or more users review everyone's access.
In one of the following roles: a global administrator, user administrator, or (Preview) an owner of a Microsoft 365 group or Azure AD security group to be reviewed, go to the Identity Governance page.
Create the access review. For more information, see Create an access review of groups or applications.
When the access review starts, ask the reviewers to give input. By default, they each receive an email from Azure AD with a link to the access panel, where they review access to groups or applications.
If the reviewers haven't given input, you can ask Azure AD to send them a reminder. By default, Azure AD automatically sends a reminder halfway to the end date to reviewers who haven't yet responded.
After the reviewers give input, stop the access review and apply the changes. For more information, see Complete an access review of groups or applications.