How to perform an access review in Azure AD Privileged Identity Management
Azure Active Directory (AD) Privileged Identity Management simplifies how enterprises manage privileged access to resources in Azure AD and other Microsoft online services like Office 365 or Microsoft Intune.
If you are assigned to an administrative role, your organization's privileged role administrator may ask you to regularly confirm that you still need that role for your job. You might get an email that includes a link, or you can go straight to the Azure portal. Follow the steps in this article to perform a self-review of your assigned roles.
If you're a privileged role administrator or global administrator interested in access reviews, get more details at How to start an access review.
Add the Privileged Identity Management application
You can use the Azure AD Privileged Identity Management (PIM) application in the Azure portal to perform your review. If you don't have the Azure AD Privileged Identity Management application on your portal, follow these steps to get started.
- Sign in to the Azure portal.
- Select your username in the upper right-hand corner of the Azure portal, and select the directory where you will you be operating.
- Select All services and use the Filter textbox to search for Azure AD Privileged Identity Management.
- Check Pin to dashboard and then click Create. The Privileged Identity Management application will open.
Approve or deny access
When you approve or deny access, you're just telling the reviewer whether you still use this role or not. Choose Approve if you want to stay in the role, or Deny if you don't need the access anymore. Your status won't change right away, until the reviewer applies the results. Follow these steps to find and complete the access review:
- In the PIM application, select Review privileged access. If you have any pending access reviews, they appear in the Azure AD Access reviews blade.
- Select the review you want to complete.
- Unless you created the review, you appear as the only user in the review. Select the check mark next to your name.
- Choose either Approve or Deny. You may need to include a reason for your decision in the Provide a reason text box.
- Close the Review Azure AD roles blade.
- Get started with Azure Privileged Identity Management
- Roles in Azure AD PIM
- The security wizard
- How to give other admins access to Privileged Identity Management
- How to add or remove a user role
- How to activate or deactivate a role
- How to change or view the default activation settings for a role
- How to configure security alerts
- How to start an access review
- How to perform an access review
- How to complete an access review
- How to require MFA
- How to use the audit log