You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the **Predicates** and **PredicateValidations** elements you can control the minimum and maximum date values of the **UserInputType** by using a `DateTimeDropdown`. To do this, create a **Predicate** with the `IsDateRange` method and provide the minimum and maximum parameters.
Copy file name to clipboardExpand all lines: articles/active-directory/develop/reference-aadsts-error-codes.md
+1
Original file line number
Diff line number
Diff line change
@@ -251,6 +251,7 @@ Looking for info about the AADSTS error codes that are returned from the Azure A
251
251
| AADSTS221000 | DeviceOnlyTokensNotSupportedByResource - The resource is not configured to accept device-only tokens. |
252
252
| AADSTS240001 | BulkAADJTokenUnauthorized - The user isn't authorized to register devices in Azure AD. |
253
253
| AADSTS240002 | RequiredClaimIsMissing - The id_token can't be used as `urn:ietf:params:oauth:grant-type:jwt-bearer` grant.|
254
+
| AADSTS530032 | BlockedByConditionalAccessOnSecurityPolicy - The tenant admin has configured a security policy that blocks this request. Check the security policies that are defined on the tenant level to determine if your request meets the policy requirements. |
254
255
| AADSTS700016 | UnauthorizedClient_DoesNotMatchRequest - The application wasn't found in the directory/tenant. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have misconfigured the identifier value for the application or sent your authentication request to the wrong tenant. |
255
256
| AADSTS700020 | InteractionRequired - The access grant requires interaction. |
256
257
| AADSTS700022 | InvalidMultipleResourcesScope - The provided value for the input parameter scope isn't valid because it contains more than one resource. |
-[Create an access review for members of a group or access to an application](create-access-review.md)
104
+
-[Create an access review of groups or applications](create-access-review.md)
103
105
-[Create an access review of users in an Azure AD administrative role](../privileged-identity-management/pim-how-to-start-security-review.md?toc=%2fazure%2factive-directory%2fgovernance%2ftoc.json)
104
-
-[Perform an access review with Azure AD Access Reviews](perform-access-review.md)
105
-
-[Complete an access review of members of a group or users' access to an application in Azure AD](complete-access-review.md)
106
+
-[Review access to groups or applications](perform-access-review.md)
107
+
-[Complete an access review of groups or applications](complete-access-review.md)
Copy file name to clipboardExpand all lines: articles/active-directory/governance/complete-access-review.md
+5-5
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Complete an access review of members of a group or users' access to an application with Azure AD| Microsoft Docs
3
-
description: Learn how to complete an access review for members of a group or users with access to an application in Azure Active Directory.
2
+
title: Complete an access review of groups or applications in Azure AD Access Reviews | Microsoft Docs
3
+
description: Learn how to complete an access review of group members or application access in Azure AD Access Reviews.
4
4
services: active-directory
5
5
documentationcenter: ''
6
6
author: rolyon
@@ -18,10 +18,10 @@ ms.reviewer: mwahl
18
18
ms.collection: M365-identity-device-management
19
19
---
20
20
21
-
# Complete an access review of members of a group or users' access to an application in Azure AD
21
+
# Complete an access review of groups or applications in Azure AD Access Reviews
22
22
23
23
Administrators can use Azure Active Directory (Azure AD) to [create an access review](create-access-review.md) for group members or users assigned to an application. Azure AD automatically sends reviewers an email that prompts them to review access. If a user didn't get an email, you can send them the instructions
24
-
in [Review your access](perform-access-review.md). (Note that guests who are assigned as reviewers but have not accepted the invite will not receive an email from access reviews, as they must first accept an invite prior to reviewing.) After the access review period is over or if an administrator stops the access review, follow the steps in this article to see and apply the results.
24
+
in [review access to groups or applications](perform-access-review.md). (Note that guests who are assigned as reviewers but have not accepted the invite will not receive an email from access reviews, as they must first accept an invite prior to reviewing.) After the access review period is over or if an administrator stops the access review, follow the steps in this article to see and apply the results.
25
25
26
26
## View an access review in the Azure portal
27
27
@@ -58,5 +58,5 @@ If you're no longer interested in the review, you can delete it. Select **Delete
58
58
-[Manage user access with Azure AD access reviews](manage-user-access-with-access-reviews.md)
59
59
-[Manage guest access with Azure AD access reviews](manage-guest-access-with-access-reviews.md)
60
60
-[Manage programs and controls for Azure AD access reviews](manage-programs-controls.md)
61
-
-[Create an access review for members of a group or access to an application](create-access-review.md)
61
+
-[Create an access review of groups or applications](create-access-review.md)
62
62
-[Create an access review of users in an Azure AD administrative role](../privileged-identity-management/pim-how-to-start-security-review.md)
Copy file name to clipboardExpand all lines: articles/active-directory/governance/conditional-access-exclusion.md
+5-5
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Use Azure AD access reviews to manage users that have been excluded from conditional access policies | Microsoft Docs
3
-
description: Use Azure Active Directory (Azure AD) access reviews to manage users that have been excluded from conditional access policies
2
+
title: Use Azure AD Access Reviews to manage users excluded from conditional access policies | Microsoft Docs
3
+
description: Learn how to use Azure Active Directory (Azure AD) Access Reviews to manage users that have been excluded from conditional access policies
4
4
services: active-directory
5
5
documentationcenter: ''
6
6
author: rolyon
@@ -18,9 +18,9 @@ ms.reviewer: mwahl
18
18
ms.collection: M365-identity-device-management
19
19
---
20
20
21
-
# Use Azure AD access reviews to manage users that have been excluded from conditional access policies
21
+
# Use Azure AD Access Reviews to manage users excluded from conditional access policies
22
22
23
-
In an ideal world, all users would follow the access polices to secure access to your organization's resources. However, sometimes there are business cases that require you to make exceptions. This article describes some examples where exclusions might be required and how you, as the IT administrator, can manage this task, avoid oversight of policy exceptions, and provide auditors with proof that these exceptions are reviewed regularly using Azure Active Directory (Azure AD) access reviews.
23
+
In an ideal world, all users would follow the access polices to secure access to your organization's resources. However, sometimes there are business cases that require you to make exceptions. This article describes some examples where exclusions might be required and how you, as the IT administrator, can manage this task, avoid oversight of policy exceptions, and provide auditors with proof that these exceptions are reviewed regularly using Azure Active Directory (Azure AD) Access Reviews.
24
24
25
25
> [!NOTE]
26
26
> A valid Azure AD Premium P2, Enterprise Mobility + Security E5 paid, or trial license is required to use Azure AD access reviews. For more information, see [Azure Active Directory editions](../fundamentals/active-directory-whatis.md).
@@ -153,5 +153,5 @@ As an IT administrator, you know that managing exclusion groups to your policies
153
153
154
154
## Next steps
155
155
156
-
-[Create an access review of group members or application access with Azure AD](create-access-review.md)
156
+
-[Create an access review of groups or applications](create-access-review.md)
157
157
-[What is conditional access in Azure Active Directory?](../conditional-access/overview.md)
Copy file name to clipboardExpand all lines: articles/active-directory/governance/create-access-review.md
+26-11
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Create an access review for members of a group or users with access to an application with Azure AD| Microsoft Docs
3
-
description: Learn how to create an access review for members of a group or users with access to an application.
2
+
title: Create an access review of groups or applications in Azure AD Access Reviews | Microsoft Docs
3
+
description: Learn how to create an access review of group members or application access in Azure AD Access Reviews.
4
4
services: active-directory
5
5
author: rolyon
6
6
manager: mtillman
@@ -11,24 +11,24 @@ ms.tgt_pltfrm: na
11
11
ms.devlang: na
12
12
ms.topic: conceptual
13
13
ms.subservice: compliance
14
-
ms.date: 11/15/2018
14
+
ms.date: 02/20/2019
15
15
ms.author: rolyon
16
16
ms.reviewer: mwahl
17
17
ms.collection: M365-identity-device-management
18
18
---
19
19
20
-
# Create an access review of group members or application access with Azure AD
20
+
# Create an access review of groups or applications in Azure AD Access Reviews
21
21
22
22
Access to groups and applications for employees and guests changes over time. To reduce the risk associated with stale access assignments, administrators can use Azure Active Directory (Azure AD) to create access reviews for group members or application access. If you need to routinely review access, you can also create recurring access reviews. For more information about these scenarios, see [Manage user access](manage-user-access-with-access-reviews.md) and [Manage guest access](manage-guest-access-with-access-reviews.md).
23
23
24
-
This article describes how to create a new access review for group members or application access.
24
+
This article describes how to create one or more access reviews for group members or application access.
- Global Administrator or User Account Administrator
30
30
31
-
## Create an access review
31
+
## Create one or more access reviews
32
32
33
33
1. Sign-in to the Azure portal and open the [Access Reviews page](https://portal.azure.com/#blade/Microsoft_AAD_ERM/DashboardBlade/).
34
34
@@ -54,6 +54,20 @@ This article describes how to create a new access review for group members or ap
54
54
55
55
56
56
57
+
1. In the **Groups** section, select one or more groups that you would like to review membership of.
58
+
59
+
> [!NOTE]
60
+
> Selecting more than one group will create multiple access reviews. For example, selecting five groups will create five separate access reviews.
61
+
62
+
63
+
64
+
1. In the **Applications** section (if you selected **Assigned to an application** in step 8), select the applications that you would like to review access to.
65
+
66
+
> [!NOTE]
67
+
> Selecting more than one application will create multiple access reviews. For example, selecting five applications will create five separate access reviews.
68
+
69
+
70
+
57
71
1. In the **Reviewers** section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review. You also can require that the reviewers supply a reason when they approve access.
58
72
59
73
@@ -95,15 +109,15 @@ This article describes how to create a new access review for group members or ap
95
109
96
110
Once you have specified the settings for an access review, click **Start**.
97
111
98
-
By default, Azure AD sends an email to reviewers shortly after the review starts. If you choose not to have Azure AD send the email, be sure to inform the reviewers that an access review is waiting for them to complete. You can show them the instructions for how to [review access](perform-access-review.md). If your review is for guests to review their own access, show them the instructions for how to [review your own access](perform-access-review.md).
112
+
By default, Azure AD sends an email to reviewers shortly after the review starts. If you choose not to have Azure AD send the email, be sure to inform the reviewers that an access review is waiting for them to complete. You can show them the instructions for how to [review access to groups or applications](perform-access-review.md). If your review is for guests to review their own access, show them the instructions for how to [review access for yourself to groups or applications](review-your-access.md).
99
113
100
114
If some of the reviewers are guests, guests are notified via email only if they've already accepted their invitation.
101
115
102
116
## Manage the access review
103
117
104
118
You can track the progress as the reviewers complete their reviews in the Azure AD dashboard in the **Access Reviews** section. No access rights are changed in the directory until [the review is completed](complete-access-review.md).
105
119
106
-
If this is a one-time review, then after the access review period is over or the administrator stops the access review, follow the steps in [Complete an access review](complete-access-review.md) to see and apply the results.
120
+
If this is a one-time review, then after the access review period is over or the administrator stops the access review, follow the steps in [Complete an access review of groups or applications](complete-access-review.md) to see and apply the results.
107
121
108
122
To manage a series of access reviews, navigate to the access review from **Controls**, and you will find upcoming occurrences in Scheduled reviews, and edit the end date or add/remove reviewers accordingly.
109
123
@@ -115,5 +129,6 @@ You can also create access reviews using APIs. What you do to manage access revi
115
129
116
130
## Next steps
117
131
118
-
-[Start an access review with Azure AD Access Reviews](perform-access-review.md)
119
-
-[Complete an access review of members of a group or users' access to an application in Azure AD](complete-access-review.md)
132
+
-[Review access to groups or applications](perform-access-review.md)
133
+
-[Review access for yourself to groups or applications](review-your-access.md)
134
+
-[Complete an access review of groups or applications](complete-access-review.md)
0 commit comments