In this video, Sharon demonstrates how to create an access review that can be used to recertify users for a group.
- [Narrator] Azure Active Directory Access Reviews are a relatively new feature to Azure Active Directory. By using reviews you can review group memberships, review application access, and ensure or recertify that users have correct access either to the group or to the app itself. We can also use access reviews to easily track compliance. And this could include for GDPR or SOX. Let's go ahead and configure access review in Azure.
And the first thing you have to do is actually enable access reviews. I've already done so. I'm gonna go ahead and search for access reviews. And if I pop into overview, I can quickly see that I have one reviewed group. Let's go ahead and take a look at that group before we go ahead and create a new access review. We can see the information about the access review itself. Now let's go ahead and drill into it a little bit further.
And I've already completed this access review so we can see some results. And we can see that there are three users involved in this review. Two are approved and one was denied. Let's drill into the results and we can see a little bit more detail. Here, we can see that I reviewed these three users and for two of the users I went ahead and approved their access to this group. Whereas I denied it for one. If I pop into reviewers, I can see who the reviewers is assigned to this group.
Settings will show us the basic information about the review itself. Now, let's go ahead and create a brand new review. You can do so by selecting, review of group members or review of application access. We're gonna do this for group members and we're gonna perform this review on the group finance. You would add in a description, your start date, I'm gonna use today, and then how often you want this review to be done, I'm gonna leave it for one time.
If you were to select one of the other options you would then have the option to go ahead and configure duration, when do you want it to end, etcetera. Next, we need to select the users. And if you did pick, you wanted group membership to be evaluated but you really meant application, you could go ahead and select assign application. We're looking at the group members. Now we need to provide the scope. Is this gonna be for guest users only, or for everyone? I'm gonna do it for everyone.
And then select the group. Like I said, I'm gonna do this for finance. Now we need to pick the reviewers. Do we want the group owner to manage this? Do we wanna select specific users to do this? Or do we want the members of the group themselves to actually review their access. If you have a lot of people in a group you'll probably have the members do it or selected users. For our demonstration, I'm gonna have the group owner verify that these users should have access.
To make like a little bit easier you can link this to a program. As you can see, I've already created a program called GDPR. But there is a default program as well. This just makes it easier for auditing. Finally, we have upon completion settings. When the review has been done we can auto apply the results to the resource immediately. I'm gonna disable that just so we can see what it looks like from a manual point of view. And if a reviewer does not respond now we can choose what happens.
We can select no change, we can remove access from that group or application, we can approve access and let it be as is, or we can take the recommendations. And I'll show you the recommendations in a moment. We're gonna go with no change. And finally we have our advanced settings. We can show the recommendations and I'll show you that when we actually get to review our group. We can require reason for approval. We can enable mail notifications and reminders as well.
I'm gonna go ahead and start and this will take a moment. I pop into reviewed groups we'll see it pop up. We can now see our new review called finance. It's been assigned to the group finance. Right now it is initializing and is gonna be under the program GDPR. It will take a few moments for the review to initialize. In the next lesson, we'll go ahead and perform an access review on the review that we just created.
- Managing Azure subscriptions and resources
- Implementing and managing storage
- Configuring and managing virtual networks
- Managing identities
- Evaluating and performing server migration to Azure
- Implementing and managing application services
- Implementing advanced virtual networking
- Securing identities