Configuring PIM access reviews
It is a security best practice to regularly review privileged access that has been assigned. This is because required access for employees and guests changes over time as people move teams or leave organizations and we want to ensure that old access permissions are cleaned up when this happens. Azure AD PIM has a functionality called access review that allows us to implement this. The core use case of this Azure AD PIM feature is to reduce the risk associated with stale access assignments.
Access review allows us to assign designated reviewers for sensitive Azure AD and Azure resource roles in our organizations. Reviewers will then be reminded to either approve or revoke role assignments at review time. If a reviewer approves the role for a user, the assignment is extended until the next review period. If the reviewer revokes the role for a user, access is removed. We can also configure self-review, which allows users to approve or revoke their own...
