Access Review with PIM

Access Review with Azure PIM

The addition of users in privileged groups changes more or less regularly. It is therefore important to regularly check the privileged rights given to certain users. Azure PIM can be used to review these accesses. This operation can be done manually or automatically.

From the Azure AD Portal, click on All Services then on Azure AD Privileged Identity Management

Access Review with Azure PIM - Access to Azure PIM portal

Click on Azure AD roles

Access Review with Azure PIM - Access to Azure AD roles

Click on Access reviews then on New.

Access Review with Azure PIM - Access to Azure PIM portal

Enter the desired name and start date. Configure the desired Frequency (I choose to select Monthly) and other options (Duration and End).

Configure Access review options

Click on Select privileged role and select the desired groups.

Select privileged roles that you want review.
Select privileged roles that you want review.

It is possible to select a reviewer or Member (Self). With the Member (Self) mode a request is made to users to review their own role assignments.

Select Reviewers

Select Selected users and then Select reviewers.

Select the reviewers

It’s possible to automatically delete access to a user that were denied.

Auto apply to ressource on Azure PIM and Access review.

Configure Advanced settings and click on Start.

Configure Advanced settings and click on Start.

Access review appear, click on it for view result.

View result on AAD portal

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.