Microsoft has announced the public preview of multi-stage reviews with Azure AD access reviews. With the latest update, users can now construct access reviews in sequential stages, each with its own set of reviewers and configurations.
The new resource will also allow you and your organization to enable complex workflows to meet recertification and audit requirements calling for multiple reviewers to attest to access for users in a certain sequence. It will also enable you to design more efficient reviews for your resource owners and auditors by mitigating the number of decisions each reviewer is accountable for.
Commenting on the topic, Microsoft stated:
Previously you may have artificially created multiple disjointed reviews to achieve the same purpose, but now with multi-stage reviews this all takes place in the context of just one review.
Multi-stage reviews aid users in achieving key access certification scenarios including:
-
Reach consensus across multiple sets of reviewers: Require agreement from independent reviewers at every stage before access is recertified.
-
Assign alternate reviewers to weigh in on unreviewed decisions: Ensure accounts left unreviewed by unresponsive or out-of-office reviewers are sent to the next appropriate reviewer, such as the user’s manager or the resource owner.
-
Reduce burden on later-stage reviewers: Filter down the number of decisions for your later-stage reviewers by excluding accounts denied in previous stages. For example, have users attest to their own needs for access before asking the resource owners to attest.
To learn how to set up multi-stage reviews, head over to the dedicated webpage here.