Using the Access Review Feature
Start course

Microsoft 365 offers Enterprise Mobility & Security (EMS), Windows 10, and Office 365 to enhance business productivity and security. Because Microsoft 365 offers a variety of services and features, not everything is in the same place. Therefore, we need to navigate within different portals, and familiarity with “what is where” gets really important over time.

In this course, we will have a look at some of the most common tasks to be performed by Microsoft 365 administrators related to Azure AD identities, how to secure your environment by assigning the correct permissions to your users, and how to reduce administrative overhead. We’ll do various tasks in different ways by using the Microsoft 365 Admin Center, the Azure portal, and even use Windows PowerShell for automating bulk actions.

Choosing the right type of identity for your current infrastructure is the first step for any successful Microsoft 365 deployment.

Learning Objectives

  • Plan Azure AD Identities
  • Manage Users and Groups
  • Manage User Access with Access Reviews
  • Manage Passwords and Password Policies
  • Implement Self-Service Password Reset (SSPR)
  • Manage Product Licenses

Intended Audience

  • People preparing for Microsoft’s MS-100 exam
  • Microsoft 365 Administrators


  • Experience with Microsoft 365
  • Experience with the Azure portal
  • Experience with PowerShell

Once access reviews have been enabled and configured in your tenant, and depending on their configuration, each owner should receive an email, and in this email, you have a little bit of information as to which group membership you need to review, as well as your deadline to perform the review. 

Once you're ready, click on "Start review", and you will be redirected to the access panel. From there, we see who requested this access review, the "Due by" date, as well as the members, and if, during the configuration of the access review, the setting was "Take Recommendations", then you will get the Microsoft recommendation on each user, and under the "Access Info", this will give you a reason. 

If we click on the "Recommended Action", this is where you can change the recommendation. So this user is set to "Deny", but you can change to "Approve", or even select "Don't know". Let's change that to "Approve" for this user and provide a reason why we want this user to still be a member of this group. Click on "Save", and this is now changed to "Approved". 

Let's assume that we are happy, and we want to accept all the recommendations. Click on "Accept recommendations", and you'll get a little summary for this group, and click on "OK". See the change in the progress at the top that says "3/3", meaning that you reviewed every member of this group, and now that you've done this, this will appear in the Azure AD Portal for the IT to see the report.

About the Author

Veronique is a SharePoint and Office 365 consultant for an IT company based in Glasgow, UK. She loves photography, the outdoors, and long walks with her two dogs! You can follow Veronique on Twitter @veronicageek or read her blog at