Access Review
Periodic evaluation of user access rights to ensure appropriate access and remove unnecessary permissions.
What is Access Review?
Access reviews combat privilege creep—the gradual accumulation of access rights that users no longer need. By requiring managers or resource owners to periodically attest to the appropriateness of access, organizations maintain the principle of least privilege. Unattested access can be automatically removed, ensuring that inactive access does not persist indefinitely.
In Microsoft 365
Azure AD Access Reviews enables recurring reviews for group memberships, application access, and role assignments. Reviewers can be managers, group owners, or self-attestation (for lower-risk scenarios). Auto-apply removes unattested access after the review period.
Examples
- 1Quarterly review of privileged role assignments
- 2Monthly review of guest user access
- 3Annual review of application permissions
Related TrueConfig Controls
These controls help implement and verify access review in your Microsoft 365 environment.