Unit 5: Monitor access review findings

Purpose of this unit

After access reviews are created and started, they must be monitored and acted upon. This unit focuses on how reviewers perform access reviews, how decisions are recorded, and how administrators can interpret outcomes. Monitoring ensures that access reviews actually lead to risk reduction, not just configuration effort.

Access reviews across Microsoft services

Microsoft Entra ID access reviews can be used to manage access for:

• Microsoft Entra groups.
• Enterprise applications.
• Other Microsoft Online Services such as Microsoft 365.

This allows organizations to apply a consistent governance model across identities and resources, regardless of where access is granted.

Performing access reviews using My Apps

Reviewers can perform access reviews either directly from an email notification or through the My Apps portal.

Start an access review from email

• Reviewers receive an email when an access review starts (if notifications are enabled).
• The email contains a Start review link.
• Selecting the link opens the access review directly.

This method is ideal for reviewers who don’t regularly visit the portal.

Start an access review from My Apps

If the reviewer doesn’t have the email or prefers the portal:

• Sign in to https://myapps.microsoft.com.
• In the upper-right corner, select the user profile next to your name.
• If multiple organizations are listed, select the organization that requested the access review.
• Select the Access reviews tile.

Important behaviors:

• If the Access reviews tile is not visible, there are no pending reviews.
• No action is required if no reviews are listed.
• Select Begin review for the access review you want to perform.

Reviewing user access

Once inside the access review, reviewers see a list of users whose access must be evaluated.

Ways to make decisions

There are two supported approaches:

• Manual decisions, where the reviewer approves or denies access per user.
• System recommendations, which can be accepted in bulk.

Approve or deny access manually

Reviewers can take action in two ways:

• Single user:
• Select the user row.
• Choose Approve or Deny.
• Multiple users:
• Select checkboxes next to multiple users.
• Select Review X user(s).
• Choose Approve or Deny.

Additional options and behaviors:

• Reviewers can select Don’t know.
• The user keeps access.
• The decision is recorded in audit logs.
• Administrators may require a justification.
• Even when not required, providing a reason is recommended.

All decisions are saved once Save is selected.

Important decision behaviors

• Denied users are not removed immediately.
• Access is removed:
• When the review period ends, or
• When an administrator manually stops the review (if Auto apply is enabled).
• If multiple reviewers exist:
• The last submitted decision wins.

Example:

• Alice approves access.
• Bob later denies access.
• The final recorded decision is Deny.

Approve or deny access using recommendations

Microsoft Entra provides recommendations based on user activity, such as sign-in behavior.

How to use recommendations:

• Review the blue recommendation bar at the bottom of the page.
• Select Accept recommendations.
• Review the summary of actions.
• Select OK to apply them.

This helps reviewers make faster, data-driven decisions, especially for large reviews.

Why monitoring access reviews matters (exam focus)

Monitoring access review findings ensures that:

• Stale access is actually removed.
• Reviewers are participating and completing reviews.
• Governance decisions are auditable.
• Access reviews result in real enforcement, not just documentation.

Misconfigurations or ignored reviews can leave excessive access in place, which defeats the purpose of identity governance.