Monitor access review findings

  • 4 minutes

Microsoft Entra ID simplifies how enterprises manage access to groups and applications with Microsoft Entra access reviews. Other Microsoft Online Services such as Microsoft 365 can also be managed with Microsoft Entra access reviews.

Perform access review using My Apps

You can start the Access Review process from the notification email or by going directly to the site.

  1. Email:

    Screenshot that shows an example email from Microsoft to review access to a group.

  2. Select the Start review link to open the access review.

  3. If you don't have the email, you can find your pending access reviews by following these steps:

    1. Sign in to the My Apps portal at https://myapps.microsoft.com.

    2. In the upper-right corner of the page, select the user next to your name and default organization. If more than one organization is listed, select the organization that requested an access review.

    3. Select the Access reviews tile to see a list of pending access reviews.

      Important

      If the Access reviews tile isn't visible, there are no access reviews to perform for that organization and no action is needed at this time.

    4. Select the Begin review link for the access review you want to perform.

Once you have opened the access review, you see the names of users who need to have their access reviewed.

There are two ways that you can approve or deny access:

  • You can approve or deny access for one or more users 'manually' by choosing the appropriate action for each user request.
  • You can accept the system recommendations.

Approve or deny access for one or more users

  1. Review the list of users and decide whether to approve or deny their continued access.

    • To approve or deny access for a single user, select the row to open a window to specify the action to take.
    • To approve or deny access for multiple users, add check marks next to the users and then select the Review X user(s) button to open a window to specify the action to take.

  2. Select Approve or Deny.

    Note

    If you are unsure, you can select "Don't know" and the user gets to keep their access and your choice is recorded in the audit logs.

  3. The administrator of the access review can require that you supply a reason in the Reason box for your decision.

    • Even when a reason is not required. You can still provide a reason for your decision and the information that you include will be available to other reviewers.

  4. Once you have specified the action to take, select Save.

    • If a user is denied access, they aren't removed immediately. They are removed when the review period has ended. Or when an administrator stops the review if Auto apply is enabled.
    • If there are multiple reviewers, the last submitted response is recorded. Consider an example where an administrator designates two reviewers – Alice and Bob. Alice opens the access review first and approves a user's access request. Before the review period ends, Bob opens the access review and denies access on the same request previously approved by Alice. The last decision denying the access is the response that gets recorded.

Approve or deny access based on recommendations

To make access reviews easier and faster for you, we also provide recommendations that you can accept with a single acceptance. The recommendations are generated based on the user's sign-in activity.

  1. In the blue bar at the bottom of the page, select Accept recommendations. You see a summary of the recommended actions.
  2. Select Ok to accept the recommendations.