Microsoft Entra ID · Access Reviews
Access Reviews Administrator
Can create and manage access reviews for group memberships, application assignments, and role assignments. Requires Microsoft Entra ID P2 license.
Scope: Full access review lifecycle management for groups, apps, and roles
Permissions
- Access Reviews - Full access review management
- Review Creation - Create and configure access reviews
- Review Settings - Manage access review settings and schedules
- Review Results - View access review results and history
- Scope Configuration - Configure review scope and reviewers
- Auto-Apply - Set auto-apply and notification settings
- Multi-Stage - Configure multi-stage reviews
- Recurring Reviews - Set up recurring review schedules
- Export - Export review results for compliance
Common use cases
- Periodic group membership certification
- Application access recertification
- Privileged role access reviews
- Guest user access attestation
- Regulatory compliance attestation
- Joiner-mover-leaver process support
- Quarterly access certification programs
- Sensitive resource access governance
Best practices
- Schedule quarterly reviews for sensitive access
- Use auto-apply for reviewer non-response
- Configure manager reviews for direct reports
- Review guest access more frequently (monthly)
- Document review policies and procedures
- Set appropriate review durations
- Configure reminder notifications
- Archive review results for compliance
- Use multi-stage reviews for high-risk access
Security considerations
- Review scope affects what access is certified
- Auto-apply settings can remove access automatically
- Reviewer selection affects review quality
- Non-response handling can affect access
- Monitor for review completion rates
- Audit review decisions for patterns
- Alert on reviews with high denial rates