In access reviews, it would be helpful to see the current status of the account. For example, we have accounts that are recommended for "Deny" but in AAD the account is already blocked from signing-in.
Also accounts surface in the access review that have been removed from AAD.
Thanks for submitting the feedback!
You’re right that currently we don’t reflect the status of the account in real time, because when the review is created we take a snapshot of the users in the review right before the review starts, so the reviewers get a view of the user’s activity X days before the review. This has been an audit requirement for some customers. I’d like to hear more about your use case in dynamically updating the user’s status, and how that contributes to your audits (if any).
We’ll keep this feedback in mind when planning, thanks again!
Thanks for the reply.
That's an interesting use case. If I can restate to make sure I understand. You mean that an access review is a point in time account of a users(group of users) access?
We are attempting to use the Azure Access Review tool to support several audit requirements. One of the basic scenarios is a quarterly access reviews of all users (meaning can they log or are they blocked). The idea being that a group owner is reviewing the access of a group and if that person is no longer on the project, then the reviewer would flag it and the inactive user would be removed from the group/blocked from logging in.
In the later case, if they are already blocked from logging in, then we don't need to go through the review process.
I admit that I may be using the tool incorrectly, or there may be a better way for us to get more functionality out of the tool.
Any feedback is appreciated.