You are the administrator of the ACME banking group. You are responsible for all identities on your tenant and there are too many identities to manually review access to enterprise applications and role assignments. You decide to use create Azure AD Access Reviews. When is it applicable to use access reviews? Select the relevant purposes below.
All of the above is correct. Too many users in privileged roles: It’s a good idea to check how many users have administrative access, how many of them are Global Administrators. When automation is infeasible: You can create rules for dynamic membership on security groups. When a group is used for a new purpose: If you have a group that is going to be synced to Azure AD. Business critical data access: for certain resources, it might be required to ask people outside of IT to regularly sign off and give a justification on why they need access for auditing purposes. To maintain a policy’s exception list to avoid oversight of policy. Ask group owners to confirm they still need guests in their groups: Employee access might be automated with some on-prem IAM, but not invited guests. Have reviews recur periodically: You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of each review.