Part I and Part II of this blog posts cover how to start with Azure AD Privileged Identity Management, assign privileged administrator role to administrators, just in time access, different methods to assign just in time access and Azure AD directory role customization. This post covers Access reviews, directory roles audit history and my audit history.
Azure AD PIM Access reviews provide control to administrators to review their access roles or other administrator’s roles based on configuration. To implement access reviews, login to Azure AD portal and go to the Azure AD Privileged Identity management.
Go to the Access reviews under Azure AD directory roles. Select Add to create a new access reviews.
Fill the details based on your requirements.
In review role membership, select a role that you wish to review. In one access review, you can have only role for review. Therefore, you need to create a unique access review for each role used by your organization.
In reviewers section, select who is going to review this role either administrator himself (Members (self)) or someone else (selected users). In my case, I am selecting Members (self). Once configured everything based on requirements, select start.
Once created successfully, privilege administrators can see it on access reviews under manage while the users in case of Members (self) can see it in their review access panel under tasks.
As a privileged administrator you can stop or delete this access review and change the configuration.
As per my configuration of access reviews, password administrator has to review his access and provide the approval. User needs to login with his identity and go to the review access section under tasks.
Once you open the Access review, you can see that your identity exist in not reviewed section.
Select the user, provide the reason for approval and finally click on approve.
Once reviewed, remaining items will become 0.
Now, let see how privileged administrator can review the activity of directory roles by looking at “Directory roles audit history” under Activity in Azure AD directory roles.
Privileged administrator can scroll the page and review all the actions performed for Azure AD directory roles.
Privileged role administrators and other directory role administrators can review their tasks by going through “My audit history” under Activity in Azure AD Privileged identity Management.
Privileged role administrator can also look at the alerts section under Manage for risks and associated severity for proactive safeguards.
I have covered most of the topics related to PIM. However, you can explore more topics such as Azure resources (preview) under Manage.
I hope this series on Azure AD Privileged Identity Management helped you