The addition of users in privileged groups changes more or less regularly. It is therefore important to regularly check the privileged rights given to certain users. Azure PIM can be used to review these accesses. This operation can be done manually or automatically.
From the Azure AD Portal, click on All Services then on Azure AD Privileged Identity Management
Click on Azure AD roles
Click on Access reviews then on New.
Enter the desired name and start date. Configure the desired Frequency (I choose to select Monthly) and other options (Duration and End).
Click on Select privileged role and select the desired groups.
It is possible to select a reviewer or Member (Self). With the Member (Self) mode a request is made to users to review their own role assignments.
Select Selected users and then Select reviewers.
It’s possible to automatically delete access to a user that were denied.
Configure Advanced settings and click on Start.
Access review appear, click on it for view result.