On February 28, Microsoft officially launched the public preview of multi-stage reviews with Azure AD access reviews. Users will now have the ability to “construct access reviews in sequential stages, each with its own set of reviewers and configurations.”
This capability allows you and your organization to enable complex workflows to meet recertification and audit requirements calling for multiple reviewers to attest to access for users in a particular sequence.
Moreover, the feature allows users to come up with efficient reviews for their resource owners and auditors. Reviewers will be responsible for decisions, as compared to when they were required to account for a lot. Before, users were required to create multiple disjointed reviews artificially.
Now, with this new feature users will be able to achieve this with a single review. Here are some of the key access certification scenarios Multi-stage reviews will help you achieve:
- Reach consensus across multiple sets of reviewers. Require agreement from independent reviewers at every stage before access is recertified.
- Assign alternate reviewers to weigh in on unreviewed decisions. Ensure accounts left unreviewed by unresponsive or out-of-office reviewers are sent to the next appropriate reviewer, such as the user’s manager or the resource owner.
- Reduce the burden on later-stage reviewers. Filter down the number of decisions for your later-stage reviewers by excluding accounts denied in previous stages. For example, have users attest to their own needs for access before asking the resource owners to attest.
Microsoft provides a detailed account showing how users can configure a multi-stage review, furthermore, they also have a comprehensive FAQ section that will help answer some of the questions that might have concerning this feature.