How can we improve Azure Active Directory?

Implement our own logic on trigger Access Review

Only a timer based Access Review is not enough for us.
We have multiple situation we need to trigger review again, including:
1. Based on some user's attributes update, e.g. Manager reporting line changes, Department changes, job role changes
2. Based on usage pattern, e.g. a user haven't use a certain app/resource for last X days.

1 vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Gordon shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hi Gordon!

Thanks for the feedback! We are working on adding more triggers to kick off access reviews like what you listed in 1!

For 2. we do show user’s sign-in data to the reviewers to help them make the decisions. If a user hasn’t signed in to the tenant in the last 30 days, then the system will recommend denying that user’s continued access. Are you referring to automatically triggering a review on users who have not accessed an app/resource in the last X days?

- Fionna

1 comment

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Gordon commented  ·   ·  Flag as inappropriate

    Oh, I haven't read in detail for your 30 days haven't signed-in recommendation as denying feature. My original intention include "auto-deny" and "auto-review" both actually.

Feedback and Knowledge Base