Manage user access with Azure AD access reviews
With Azure Active Directory (Azure AD), you can easily ensure that users have appropriate access. You can ask the users themselves or a decision maker to participate in an access review and recertify (or attest) to users' access. The reviewers can give their input on each user's need for continued access based on suggestions from Azure AD. When an access review is finished, you can then make changes and remove access from users who no longer need it.
If you want to review only guest users' access and not review all types of users' access, see Manage guest user access with access reviews. If you want to review users' membership in administrative roles such as global administrator, see Start an access review in Azure AD Privileged Identity Management.
- Azure AD Premium P2
For more information, see Which users must have licenses?.
Create and perform an access review
You can have one or more users as reviewers in an access review.
Select a group in Azure AD that has one or more members. Or select an application connected to Azure AD that has one or more users assigned to it.
Decide whether to have each user review their own access or to have one or more users review everyone's access.
As a global administrator or user administrator, go to the Identity Governance page.
Create the access review. For more information, see Create an access review of groups or applications.
When the access review starts, ask the reviewers to give input. By default, they each receive an email from Azure AD with a link to the access panel, where they review access to groups or applications.
If the reviewers haven't given input, you can ask Azure AD to send them a reminder. By default, Azure AD automatically sends a reminder halfway to the end date to reviewers who haven't yet responded.
After the reviewers give input, stop the access review and apply the changes. For more information, see Complete an access review of groups or applications.