Higgs, Keith

My feedback

  1. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Active Directory » Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Ben,

    Thanks for the feedback! Good news is that we are working to improve the emails to provide the reviewers the necessary information succinctly. Some of the information you see, the Microsoft logo and address, some are there because of legal reasons. We are actively working on this right now and will provide updates here.

    Follow up question for you, what else do you think is unnecessary, and what would you like to see?

    Thanks
    Fionna

    Higgs, Keith supported this idea  · 
  2. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Keith,

    Thanks for taking the time to give feedback! We have the work to add managers as reviewers in our backlog, will update here once we have a preview to share!

    Currently, we do support group owners as the reviewers, would that help with your scenario?

    Would this functionality be your only blocker to use access reviews? I would love to know how you review access right now, any timelines you have. Thanks!

    - Fionna

    Higgs, Keith commented  · 

    Hi,

    The access needs to be approved by line managers, and we wouldn't want group owners approving other peoples access. Whilst we could use the group owner functionality, there would be a lot of admin work reviewing the responses to ensure the right managers approved their own direct reports access.

    We currently review 3rd party/internal AD accounts & group access on a monthly basis via a scheduled powershell AD extract, Excel/power query is used to format the data and VBA to generate the emails. The responses are then actioned manually.

    If group access could be approved by the line manager we could migrate to Access Reviews as the feature looks very promising with a little further development & functionality.

    Thanks

    Keith

    Higgs, Keith shared this idea  · 
  3. 3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Active Directory » Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →
    Higgs, Keith commented  · 

    Hi,

    Sorry to elaborate further:

    when you create an Access Review and select the criteria to review, eg members of a group or members that are assigned to an application, you can also set the on completion settings for should a reviewer not respond: remove access.

    If admin or service accounts are members of the group, we would like the ability to add them as exceptions and access is not reviewed.

    This is due to a risk that the service accounts can be removed in error or the account may not require reviewing on a different frequency, eg yearly instead of monthly.

    Thanks

    Keith

    Higgs, Keith supported this idea  · 
    Higgs, Keith shared this idea  · 
  4. 14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Active Directory » Access Reviews  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Justin, thanks for the feedback! It will definitely be helpful to have managers as the reviewers, there is a “manager” attribute in AAD’s user profile, but it’s currently a string only. We are working to improve the architecture first, then we can leverage the data to automatically assign managers to be reviewers. If you have any more feedback or questions on this, feel free to comment on this thread or email accessreviews@microsoft.com.

    Higgs, Keith supported this idea  · 

Feedback and Knowledge Base