Azure AD – Use Machine Learning in Azure AD Access Review (preview)

If you have Azure AD P2 license (either standalone or bundle with an Office 365 or EMS subscription), you know you can use the Access Review feature to help you manage access to your resources to only user which still need it.

Access Review involve some level of human intervention to either approve or review these access.

This can introduce some delay when a user is requesting access to a group (especially during onboarding process).

Well, good news as you can now use a Machine Learning capability (User-to-Group Affiliation) to automate this.

User-to-Group Affiliation is comparing users’ relative affiliation with other users in the group, based on the organization’s reporting structure.

It then provides a recommendation based on the the distance between the users in your organizational hierarchy; for example if the users are very distant with each other, they have a low affiliation and the recommendation will be a deny permission.

To enable this new access review capability, connect to your Azure AD (https://aad.portal.azure.com/) or Entra (https://entra.microsoft.com/) portal to access the Azure Active Directory\Identity Governance\Access Reviews blade

image  image

Then create or edit an access review, the option to enable (off by default) User-to-Group Affiliation is available at the Settings step

image

After enabling the option and once a new access review process kicks in, the reviewer will see the recommendation with the corresponding affiliation level

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.