Microsoft has launched a new multi-stage access reviews feature for Azure AD customers. The new capability is currently available in public preview, and it enables organizations to configure access reviews in sequential stages for resource owners and auditors.
Microsoft’s Azure Active Directory access reviews feature allows organizations to set up policies to review users’ access to group memberships, privileged role assignments, as well as enterprise applications. It is important to conduct access reviews periodically to ensure that only authorized users (such as employees and guests) have permissions access to any resources.
The single-stage review model requires all reviewers to decide within the same period, and the decision of the last reviewer is considered final. However, the new multi-stage access now lets IT admins define two or three sets of reviewers responsible for attesting users’ access to resources in a particular sequence. This capability has been designed for organizations that need a complex review process to meet specific audit or certification requirements.
“It also helps you design more efficient reviews for your resource owners and auditors by reducing the number of decisions each reviewer is accountable for. Previously you may have artificially created multiple disjointed reviews to achieve the same purpose, but now with multi-stage reviews this all takes place in the context of just one review,” explained Alex Simons Corporate VP of Program Management.
To get started with multi-stage reviews, head over to the Azure AD portal and navigate to the Azure Active Directory > Identity Governance > Access reviews tab. Then, select the (Preview) Multi-stage review option. You can find detailed step-by-step instructions on this support page.
Microsoft claims that single-stage reviews can help to reduce the workload for later-stage reviewers. This new feature can also be used in scenarios where organizations require agreement from multiple independent reviewers or want to assign alternative reviewers to manage unreviewed decisions.