Highly privileged role assignments shall be periodically reviewed
Last updated
Last updated
Access reviews should be periodically performed for users with permanent or eligible privileged roles. Users should evaluate whether they still need these permissions and update assignments accordingly. Access reviews can be performed manually or with a tool like which is part of an Azure AD P2 subscription.
Access reviews shall be performed for users with permanent or eligible privileged roles.
To leverage the Access Reviews in Microsoft, an Azure AD P2 license is required. This can be purchased standalone or as part of the following bundles:
EMS + E5
Microsoft 365 E5
Follow to create Access Reviews leveraging the native tooling in Microsoft.
Impact is limited to the users with privileged roles. When an access review is conducted, the user will be notified via email to review their existing roles. They will be able to provide feedback on if they need to continue to have that role with a justification reason.
365 Admin Report:
Access Reviews PowerShell samples: