Here is how you can set up recurring access reviews for different Azure AD roles using.
Azure AD Privileged Identity Management (PIM):
- Create an Access Review:
In the Microsoft Entra admin center, go to Identity governance > Privileged Identity Management.
Select Azure AD roles under “Manage”.
Click Access reviews and then New to create a new access review.
Provide a name and description for the access review. - Configure the Review Settings:
Set the Start date and Frequency (e.g., monthly, quarterly, annually) for the recurring review.
Use the Duration slider to define how many days each review in the recurring series will be open for input from reviewers.
Set the End date or number of occurrences for the recurring review series.
Select the Azure AD role(s) you want to review.
Choose whether to review all active and eligible assignments, or just eligible or active assignments.
Specify the reviewers (e.g., self-review, manager review, selected users).
Configure options like automatically removing access for denied users, showing recommendations, and sending reminders. - Manage the Recurring Reviews:
After the first review is started, you can manage upcoming occurrences by editing the end date or adding/removing reviewers.
The status of the review will change from “Completed” through intermediate states like “Applying” to “Applied” as the results are processed.
You can track the progress and review the results on the “Overview” page of the access review. - Automate the Process:
You can use Azure Logic Apps or other automation tools to trigger the creation of new access reviews based on a schedule or other events.
This can help ensure that recurring reviews are consistently created and managed for all critical Azure AD roles.
By setting up recurring access reviews for different Azure AD roles, you can regularly review and certify access to critical resources, enforce the principle of least privilege, and meet regulatory compliance requirements.
