Skip to Content

AZ-500: How Do You Configure Self-Review for Access Reviews in Azure PIM?

By: Author Alex Lim

Posted on

Categories AZ-500

Home » Exam » AZ-500 » AZ-500: How Do You Configure Self-Review for Access Reviews in Azure PIM?

Can Users Perform Their Own Privileged Role Access Reviews in Azure PIM?

Master Azure PIM for the AZ-500 exam. Learn how to configure access reviews to allow eligible members to perform a self-review of their own privileged role assignments and understand the different reviewer options available.

Question

You can configure access reviews in Privileged Identity Management to be self-completed by the eligible members of the privileged roles.

A. TRUE
B. FALSE

Answer

A. TRUE

Explanation

Yes, you can assign designated reviewers, owners, or eligible role members.

The statement is true because Azure AD Privileged Identity Management (PIM) provides multiple options for selecting reviewers when configuring an access review for privileged roles. One of these options is to have the members perform a self-review.

When you create or edit an access review for an Azure AD role or an Azure resource role, you must specify who will perform the review. The available options for reviewers include:

  • Selected users or groups: You can designate a specific person (like a manager) or a team (like a security group) to review all the access assignments.
  • Members (self): This option assigns the review task to the individuals themselves. Each user who is an eligible or active member of the privileged role will receive a notification prompting them to review their own access. They must then provide a justification for why they continue to need the role.
  • Managers: The system can automatically identify and assign the review to the manager of each user, as specified in the user’s Azure AD profile.

Configuring a self-review places the responsibility on the individual user to attest to their continued need for elevated privileges. This helps to reduce “privilege creep” by prompting users to give up roles they no longer require. If a user does not respond or indicates they no longer need access, the system can be configured to automatically remove their role assignment upon completion of the review.

Microsoft AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.