Microsoft introduced a feature to allow Multi-stage Access reviews. In this post I will cover what the feature is about.
Table of Contents
So why and what is needed?
First You need a valid Azure AD Premium (P2) license for each person, other than Global administrators or User administrators, who will create or do access reviews.
This feature helps you and your company to create complicated workflows to meet recertification and audit needs that require numerous reviewers to attest to access for users in a certain order. It also aids in the creation of more efficient reviews for your resource owners and auditors by minimizing the amount of decisions that each reviewer is responsible for.
How to configure?
Access to settings https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/Controls
And choose New access review
Maybe You want to choose Guest users as Your target.
And to reviews page. From here You can add a Multi-stage review up to 3 stages.
You can make the decisions easier with allowing the later approvers to see what other stages answered.
You will also decide who goes to the next stage.
And what happens if reviewers don’t answer.
So at the end You will have these settings.
You can even the those Access reviews from logs. All reports that are created are available for download for 30 days in CSV format.
But there is also a second preview feature available
Allow group owners to create and manage access reviews of their groups (preview)
You can now allow full control to Group owner that the Access reviews is concerning.