Table of Contents
Access reviews are designed to manage group memberships, access to enterprise applications, and role assignments. They enable organizations to efficiently manage group memberships, access to applications, and role assignments for users.
To configure access reviews, you must have one of the following licenses:
In addition, you must have the necessary permissions, such as Global Administrator or User Administrator, to create and manage access reviews.
To set up access reviews, you’ll go through a series of steps in the Azure portal:
After setting up an access review, it’s important to monitor its progress and manage its outcomes. You should ensure that:
In an organization that collaborates with external partners, it’s essential to periodically review their access. An example configuration might be:
By conducting these reviews regularly, organizations can ensure that access is granted appropriately and that any changes in external user status are reflected in their access rights.
Configuring access reviews is a critical competency for Azure security, which is why it is included in the AZ-500 Microsoft Azure Security Technologies exam. By setting up access reviews properly, you ensure that only authorized users have access to your Azure resources, reducing the risk of unauthorized access and potential security breaches.
In the context of the AZ-500 exam, understanding how to configure, manage, and monitor access reviews is a key skill that will help you ensure that your Azure environment is secure and compliant with your organization’s access policies.
Answer: B) False
Explanation: Access reviews can be configured not only for Azure AD roles but also for access to Azure resources. You can review access to Azure resources that are assigned via Azure role-based access control (RBAC).
Answer: C) Azure Active Directory
Explanation: Access reviews in Azure are configured through Azure Active Directory’s Access Review feature, which allows you to review and audit membership of groups and access to applications and roles.
Answer: A) True
Explanation: Access reviews can be configured to recur on a daily, weekly, monthly, quarterly, semi-annually, or annual basis, ensuring regular compliance checks.
Answer: D) All of the above
Explanation: Reviewers can be the group owners, selected individuals, or members of the group being reviewed. Azure AD provides flexibility in selecting who can perform the reviews.
Answer: D) The access remains unchanged but marked as “Not Reviewed”
Explanation: If a decision is not made during the review period, the access is not automatically changed; instead, it remains as it was and is marked as “Not Reviewed.”
Answer: A) True
Explanation: Upon completion of an access review, review results can be auto-applied to automatically remove or maintain access based on the review decisions.
Answer: B) Azure Event Grid
Explanation: Azure Event Grid can be used to trigger automated actions, like an access review, when specific events or changes occur, such as department changes.
Answer: D) All of the above
Explanation: The access review feature in Azure AD can review user assignments to Azure AD roles, access to Azure resources via RBAC, and external user access to applications.
Answer: A) True
Explanation: Access reviews are a feature of Azure AD Premium P2, and licenses are required for those initiating the access reviews.
Answer: C) Linux VM local accounts
Explanation: Access reviews can be configured for Microsoft 365 groups, Azure AD roles, and application roles, but not for local accounts on infrastructure components like Linux VMs.
Answer: A) True
Explanation: Access reviews can be configured for both internal users and guest users, allowing you to govern access for users from external organizations.
Answer: C) Review with a duration of two years
Explanation: Access reviews can be set up as a one-time occurrence, to recur weekly, or to occur bi-annually, but there is no native configuration that allows for a single review to last a duration of two years. Recurrence patterns have predefined maximum durations.
Access Reviews in Azure Active Directory is a feature that enables organizations to review and manage user access to critical resources.
Access Reviews can be used to review user access to a range of resources, including groups, applications, and SharePoint sites.
The benefits of using Access Reviews in Azure Active Directory include improved security, better resource management, increased visibility, and compliance with industry regulations and standards.
To configure Access Reviews in Azure Active Directory, you need to log in to the Azure portal, select Azure Active Directory from the left-hand menu, and then select “Access reviews” and click “New review” to create a new access review.
The process for starting a security review in Azure Active Directory involves selecting “Security” from the Azure AD portal, selecting “Start review,” and configuring the settings for the review.
The purpose of entitlement management in Azure Active Directory is to enable organizations to manage user access to resources more effectively and securely.
To create an access review for a group in Azure Active Directory, you need to select “Access reviews” from the Azure AD portal, select “New review,” and choose the group you want to review.
When configuring an access review in Azure Active Directory, it is important to consider factors such as the frequency of the review, the reviewers, and the type of access to be reviewed.
The purpose of a review decision in Azure Active Directory is to determine whether a user’s access to a resource should be approved or denied.
Azure AD Privileged Identity Management can be used in conjunction with Access Reviews to enable organizations to review and manage privileged user access to resources, helping to improve security and compliance.
If this material is helpful, please leave a comment and support us to continue.