Share via

Azure Resource Access Review

Brandon Hough 0 Reputation points
2024-08-20T13:22:21.93+00:00

Good afternoon,

I am trying to implement access reviews for a resource group within our Azure tenant for SOC II Type II privileged access reviews. This would encompass user accounts that have administrator roles on the resources in this resource group (i.e., owner, contributor, etc.). When I create the access review right now, I get an unknown error, and it could not be created.

Steps: I am doing steps in this guide under Create access reviews, however I am doing it for Azure resource under Manage instead of Microsoft Entra roles (https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review)

Permissions that I have (rG): Contributor, Access Review Operator Service Role, and User Access Administrator

Permissions that I have (Entra ID): Identity Governance Administrator and Privileged Role Administrator

Documentation: https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review

Licenses: We have E5 for all users.

**Error message: "**There was a problem adding review_name review successfully"

Thanks!

Brandon Hough

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,065 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh Vallamkonda 10,150 Reputation points Microsoft Vendor
    2024-08-26T14:18:52.58+00:00

    Hi @Brandon Hough

    Thank you for reaching Microsoft Q&A forum.

    I understand that you are trying to create an access review for an Azure resource group using Azure AD Privileged Identity Management (PIM). However, you are encountering an error message that says, "There was a problem adding <review_name> review successfully".

    I have followed the document, and I was able to create the Access Review without any issues.

    could you please check if you are using the correct syntax and parameters when creating the access review. You can refer to the documentation you provided to ensure that you are using the correct syntax and parameters.

    Even though you mentioned that you have necessary roles please verify that you have been assigned with Privileged Role Administrator role and Owner or the User Access Administrator role for the Azure resources.
    The other side try creating an access review for a different Azure resource group or Azure AD role to see if the issue is specific to the resource group you are trying to review.

    If the issue persists, look at the audit logs in Microsoft Entra ID to see if there are any error messages or logs that provide more details about the issue.

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.