How to complete an access review in Azure AD Privileged Identity Management
Privileged role administrators can review privileged access once a security review has been started. Azure AD Privileged Identity Management (PIM) will automatically send an email prompting users to review their access. If a user did not get an email, you can send them the instructions in how to perform a security review.
After the security review period is over, or all the users have finished their self-review, follow the steps in this article to manage the review and see the results.
Manage security reviews
- Go to the Azure portal and select the Azure AD Privileged Identity Management application on your dashboard.
- Select the Access reviews section of the dashboard.
- Select the access review that you want to manage.
On the access review's detail blade there are a number options for managing that review.
If an access review is set up so that the users review themselves, the Remind button sends out a notification.
All access reviews have an end date, but you can use the Stop button to finish it early. If any users haven't been reviewed by this time, they won't be able to after you stop the review. You cannot restart a review after it's been stopped.
After an access review is completed, either because you reached the end date or stopped it manually, the Apply button implements the outcome of the review. If a user's access was denied in the review, this is the step that will remove their role assignment.
If you want to apply the results of the security review manually, you can export the review. The Export button will start downloading a CSV file. You can manage the results in Excel or other programs that open CSV files.
If you are not interested in the review any further, delete it. The Delete button removes the review from the PIM application.
You will not get a warning before deletion occurs, so be sure that you want to delete that review.
- Get started with Azure Privileged Identity Management
- Roles in Azure AD PIM
- The security wizard
- How to give other admins access to Privileged Identity Management
- How to add or remove a user role
- How to activate or deactivate a role
- How to change or view the default activation settings for a role
- How to configure security alerts
- How to start an access review
- How to perform an access review
- How to complete an access review
- How to require MFA
- How to use the audit log