PIM – Access Review : The Concepts

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

after long time of working with microsoft 365 : you will notice that you have a lot of Privileged roles assigned to users 

some of these Roles still needed and some is NOT required any more 

this will lead to find anew technique to control the situation which called ( PIM Access review

as extending to our approach here in Networks pioneers : the first article(s) focus on theoretical side of solution and then we see how to apply that solution with best practice

let us exploring the concepts of ( PIM Access review

PIM Access review

as the name suggest PIM Access review is simply review who access which role and ask that user to justify his need to that role 

  • if user still need that role : >> then we can extend using that role for users 
  • if role is NOT required any more :>> we can remove it from user 
  • is role scope is more than what he is need :>> we can user role to another limited role 

What does Access review do ?

  • Ensure new employees have the right access to be productive?
  • Ensure access is removed when people—especially guests—leave or change teams?
  • Ensure access rights aren’t excessive, which can indicate a lack of control over access and lead to audit findings?
  • Engage with resource owners to ensure they regularly review who has access to their resources?

how it works ?

access review is working as the following : 

  • PIM admin notice that we have so many  of Privileged roles assigned to users 
  • fore example in our tenant pioneers101.onmicrosoft.com :  we have exchange admin role assigned to 4 user currently >> but it could 40 
  • PIM admin create access review task for( exchange admin role members  ) to check if role is still needed 
  • this questionnaire will be  send email to users asking them  to justify their using of this role with limited time for example ( users should respond within 2 months ) 
  • after two month : we check result 
  • the users who justify their need to role , and approve access review : will be extended  to use that role 
  • the users who deny access review and say they don’t need role any more : will be removed from role 
  • the users who don’t respond to access review questionnaire : also we will be removed from role  

When we need access reviews?

we can use access review in the following situation : 

  • Too many users in privileged roles
  • When automation is not feasible
  • When a group is repurposed.
  • For business critical data access
  • To maintain a policy’s exception list.
  • To confirm group owners still need guests in their groups.

Access review scope

Access review working on he following scope : 

  • Members of Office groups.
  • Members of security groups
  • Users who have been directly assigned to an application.
  • Guest users

license requirements for access review

to apply access review : we need one of the following:

  • Azure Active directory  Premium 2 ( AAD P2)  
  • EMS E5 

conclusion

this was briefly an overview for PIM access review 

please join us to next article to see how to  apply access review with best practice to control  excessive using privileged role 

thank you 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us