With Azure AD Access Reviews, you can re-evaluate whether users should have continued access to resources. The tool will recommend a decision based on actual sign-in activity for the user.
Some good examples of use cases from the Azure documentation linked below:
- Identify membership of privileged roles
- When dynamic security roles are not feasible
- When a group has taken a different purpose
- Review access to critical data
- Proof to auditors that exceptions and special permissions are needed
- Re-evaluate guest access, for users of another Azure tenant
- Setup recurring reviews to notify the reviewers
Requires Premium P2 licenses
- To start using it, go to the Azure portal>>Azure Active Directory>>Identity Governance>>Access reviews
- Click the Onboard now button
- Create an Access review
- Select the Users and Scope
- Select the Reviewers (who will decide if the access is appropriate)
- Select Programs which describes the compliance program effort
- Click Start to create the Access review
- Results will display the output and actionable choices
- If the user has not signed-in the last 30 days, the recommendation will be to deny
More information can be found in the Azure documentation title What are Azure AD access reviews?