Merge pull request #205845 from JamesJBarnett/perform-access-review

ShawnJackson · web-flow · commit a86926c8b5f6 · 2022-08-22T12:14:02.000-05:00
edit pass: perform-access-review
diff --git a/articles/active-directory/governance/perform-access-review.md b/articles/active-directory/governance/perform-access-review.md
@@ -18,46 +18,46 @@ ms.collection: M365-identity-device-management
 
 # Review access to groups and applications in Azure AD access reviews
 
-Azure Active Directory (Azure AD) simplifies how enterprises manage access to groups and applications in Azure AD and other Microsoft Online Services with a feature called Azure AD access reviews. This article will go over how a designated reviewer performs an access review for members of a group or users with access to an application. If you would like to review access to an access package read [Review access of an access package in Azure AD entitlement management](entitlement-management-access-reviews-review-access.md)
+Azure Active Directory (Azure AD) simplifies how enterprises manage access to groups and applications in Azure AD and other Microsoft web services with a feature called Azure AD access reviews. This article will cover how a designated reviewer performs an access review for members of a group or users with access to an application. If you want to review access to an access package, read [Review access of an access package in Azure AD entitlement management](entitlement-management-access-reviews-review-access.md).
 
-## Perform access review using My Access
-You can review access to groups and applications via My Access, an end-user friendly portal for granting, approving, and reviewing access needs.
+## Perform access review by using My Access
+You can review access to groups and applications via My Access. My Access is a user-friendly portal for granting, approving, and reviewing access needs.
 
-### Use email to navigate to My Access
+### Use email to go to My Access
 
 >[!IMPORTANT]
-> There could be delays in receiving email and it some cases it could take up to 24 hours. Add azure-noreply@microsoft.com to your safe recipients list to make sure that you are receiving all emails.
+> There could be delays in receiving email. In some cases, it could take up to 24 hours. Add azure-noreply@microsoft.com to your safe recipients list to make sure that you're receiving all emails.
 
-1. Look for an email from Microsoft asking you to review access. You can see an example email message below:
+1. Look for an email from Microsoft asking you to review access. Here's an example email message:
 
-   ![Example email from Microsoft to review access to a group](./media/perform-access-review/access-review-email-preview.png)
+   ![Screenshot of example email from Microsoft to review access to a group.](./media/perform-access-review/access-review-email-preview.png)
 
-1. Click the **Start review** link to open the access review.git pu
+1. Select the **Start review** link to open the access review.
 
-### Navigate directly to My Access 
+### Go directly to My Access
 
 You can also view your pending access reviews by using your browser to open My Access.
 
-1. Sign in to the My Access at https://myaccess.microsoft.com/
+1. Sign in to My Access at https://myaccess.microsoft.com/.
 
-2. Select **Access reviews** from the menu on the left side bar to see a list of pending access reviews assigned to you.
+2. Select **Access reviews** from the left menu to see a list of pending access reviews assigned to you.
 
 ## Review access for one or more users
 
-After you open My Access under Groups and Apps you can see:
+After you open My Access under **Groups and Apps**, you can see:
 
-- **Name** The name of the access review.
-- **Due** The due date for the review. After this date denied users could be removed from the group or app being reviewed.
-- **Resource** The name of the resource under review.
-- **Progress** The number of users reviewed over the total number of users part of this access review.
+- **Name**: The name of the access review.
+- **Due**: The due date for the review. After this date, denied users could be removed from the group or app being reviewed.
+- **Resource**: The name of the resource under review.
+- **Progress**: The number of users reviewed over the total number of users part of this access review.
 
-Click on the name of an access review to get started.
+Select the name of an access review to get started.
 
-![Pending access reviews list for apps and groups](./media/perform-access-review/access-reviews-list-preview.png)
+![Screenshot of pending access reviews list for apps and groups.](./media/perform-access-review/access-reviews-list-preview.png)
 
-Once that it opens, you will see the list of users in scope for the access review. 
+After it opens, you'll see the list of users in scope for the access review.
 
-> [!NOTE] 
+> [!NOTE]
 > If the request is to review your own access, the page will look different. For more information, see [Review access for yourself to groups or applications](review-your-access.md).
 
 There are two ways that you can approve or deny access:
@@ -69,72 +69,75 @@ There are two ways that you can approve or deny access:
 
 1. Review the list of users and decide whether to approve or deny their continued access.
 
-1. Select one or more users by clicking the circle next to their names.
+1. Select one or more users by selecting the circle next to their names.
+
+1. Select **Approve** or **Deny** on the bar.
+
+   If you're unsure if a user should continue to have access, you can select **Don't know**. The user gets to keep their access, and your choice is recorded in the audit logs. Keep in mind that any information you provide will be available to other reviewers. They can read your comments and take them into account when they review the request.
 
-1. Select **Approve** or **Deny** on the bar above.
-    - If you are unsure if a user should continue to have access or not, you can click **Don't know**. The user gets to keep their access and your choice is recorded in the audit logs. It is important that you keep in mind that any information you provide will be available to other reviewers. They can read your comments and take them into account when they review the request.
+    ![Screenshot of open access review listing the users who need review.](./media/perform-access-review/user-list-preview.png)
 
-    ![Open access review listing the users who need review](./media/perform-access-review/user-list-preview.png)
+1. The administrator of the access review might require you to supply a reason for your decision in the **Reason** box, even when a reason is not required. You can still provide a reason for your decision. The information that you include will be available to other approvers for review.
 
-1. The administrator of the access review may require that you supply a reason in the **Reason** box for your decision. Even when a reason is not required. You can still provide a reason for your decision and the information that you include will be available to other approvers for review.
+1. Select **Submit**.
 
-1. Click **Submit**.
-    - You can change your response at any time until the access review has ended. If you want to change your response, select the row and update the response. For example, you can approve a previously denied user or deny a previously approved user.
+   You can change your response at any time until the access review has ended. If you want to change your response, select the row and update the response. For example, you can approve a previously denied user or deny a previously approved user.
 
  > [!IMPORTANT]
- > - If a user is denied access, they aren't removed immediately. They are removed when the review period has ended or when an administrator stops the review. 
- > - If there are multiple reviewers, the last submitted response is recorded. Consider an example where an administrator designates two reviewers – Alice and  Bob. Alice opens the access review first and approves a user's access request. Before the review period ends, Bob opens the access review and denies access on the same request previously approved by Alice. The last decision denying the access is the response that gets recorded.
+ > - If a user is denied access, they aren't removed immediately. The user is removed when the review period has ended or when an administrator stops the review.
+ > - If there are multiple reviewers, the last submitted response is recorded. Consider an example where an administrator designates two reviewers: Alice and Bob. Alice opens the access review first and approves a user's access request. Before the review period ends, Bob opens the access review and denies access on the same request previously approved by Alice. The last decision denying the access is the response that gets recorded.
 
 ### Review access based on recommendations
 
-To make access reviews easier and faster for you, we also provide recommendations that you can accept with a single click. There are two ways recommendations are generated for the reviewer. One method the system uses to create recommendations is by the user's sign-in activity. If a user has been inactive for 30 days or more, the reviewer will be recommended to deny access. The other method is based on the access the user's peers have. If the user doesn't have the same access as their peers, the reviewer will be recommended to deny that user access. 
+To make access reviews easier and faster for you, we also provide recommendations that you can accept with a single selection. There are two ways that the system generates recommendations for the reviewer. One method is by the user's sign-in activity. If a user has been inactive for 30 days or more, the system will recommend that the reviewer deny access. 
 
-If you have **No sign-in within 30 days** or **Peer outlier** enabled, follow the steps below to accept recommendations:
+The other method is based on the access that the user's peers have. If the user doesn't have the same access as their peers, the system will recommend that the reviewer deny that user access.
 
-1. Select one or more users and then Click **Accept recommendations**.
+If you have **No sign-in within 30 days** or **Peer outlier** enabled, follow these steps to accept recommendations:
 
-    ![Open access review listing showing the Accept recommendations button](./media/perform-access-review/accept-recommendations-preview.png)
+1. Select one or more users, and then select **Accept recommendations**.
 
-1. Or to accept recommendations for all unreviewed users, make sure that no users are selected and click on the **Accept recommendations** button on the top bar.
+    ![Screenshot of open access review listing that shows the Accept recommendations button.](./media/perform-access-review/accept-recommendations-preview.png)
 
-1. Click **Submit** to accept the recommendations.
+   Or to accept recommendations for all unreviewed users, make sure that no users are selected and then select the **Accept recommendations** button on the top bar.
 
+1. Select **Submit** to accept the recommendations.
 
 > [!NOTE]
-> When you accept recommendations previous decisions will not be changed.
+> When you accept recommendations, previous decisions won't be changed.
 
 ### Review access for one or more users in a multi-stage access review (preview)
 
-If multi-stage access reviews have been enabled by the administrator, there will be 2 or 3 total stages of review. Each stage of review will have a specified reviewer.
+If the administrator has enabled multi-stage access reviews, there will be two or three total stages of review. Each stage of review will have a specified reviewer.
 
-You will review access either manually or accept the recommendations based on sign-in activity for the stage you are assigned as the reviewer.
+You will either review access manually or accept the recommendations based on sign-in activity for the stage you're assigned as the reviewer.
 
-If you are the 2nd stage or 3rd stage reviewer, you will also see the decisions made by the reviewers in the prior stage(s) if the administrator enabled this setting when creating the access review. The decision made by a 2nd or 3rd stage reviewer will overwrite the previous stage. So, the decision the 2nd stage reviewer makes will overwrite the first stage, and the 3rd stage reviewer's decision will overwrite the second stage.
+If you're the second-stage or third-stage reviewer, you'll also see the decisions made by the reviewers in the prior stages, if the administrator enabled this setting when creating the access review. The decision made by a second-stage or third-stage reviewer will overwrite the previous stage. So, the decision that the second-stage reviewer makes will overwrite the first stage. And the third-stage reviewer's decision will overwrite the second stage.
 
- ![Select user to show the multi-stage access review results](./media/perform-access-review/multi-stage-access-review.png)
+ ![Screenshot showing selection of a user to show the multi-stage access review results.](./media/perform-access-review/multi-stage-access-review.png)
 
 Approve or deny access as outlined in [Review access for one or more users](#review-access-for-one-or-more-users).
 
 > [!NOTE]
-> The next stage of the review won't become active until the duration specified during the access review setup has passed. If the administrator believes a stage is done but the review duration for this stage has not expired yet, they can use the **Stop current stage** button in the overview of the access review in the Azure AD portal. This will close the active stage and start the next stage. 
+> The next stage of the review won't become active until the duration specified during the access review setup has passed. If the administrator believes a stage is done but the review duration for this stage has not expired yet, they can use the **Stop current stage** button in the overview of the access review in the Azure AD portal. This action will close the active stage and start the next stage.
 
-### Review access for B2B direct connect users in Teams Shared Channels and Microsoft 365 groups (preview)
+### Review access for B2B direct connect users in Teams shared channels and Microsoft 365 groups (preview)
 
 To review access of B2B direct connect users, use the following instructions:
 
-1. As the reviewer, you should receive an email that requests you to review access for the team or group. Click the link in the email, or navigate directly to https://myaccess.microsoft.com/.
+1. As the reviewer, you should receive an email that requests you to review access for the team or group. Select the link in the email, or go directly to https://myaccess.microsoft.com/.
 
-1. Follow the instructions in [Review access for one or more users](#review-access-for-one-or-more-users) to make decisions to approve or deny the users access to the Teams.
+1. Follow the instructions in [Review access for one or more users](#review-access-for-one-or-more-users) to make decisions to approve or deny the users access to the teams.
 
 > [!NOTE]
-> Unlike internal users and B2B Collaboration users, B2B direct connect users and Teams **don't** have recommendations based on last sign-in activity to make decisions when you perform the review. 
+> Unlike internal users and B2B collaboration users, B2B direct connect users and teams _don't_ have recommendations based on last sign-in activity to make decisions when you perform the review.
 
-If a Team you review has shared channels, all B2B direct connect users and teams that access those shared channels are part of the review. This includes B2B collaboration users and internal users. When a B2B direct connect user or team is denied access in an access review, the user will lose access to every shared channel in the Team. To learn more about B2B direct connect users, read [B2B direct connect](../external-identities/b2b-direct-connect-overview.md).
+If a team you review has shared channels, all B2B direct connect users and teams that access those shared channels are part of the review. This includes B2B collaboration users and internal users. When a B2B direct connect user or team is denied access in an access review, the user will lose access to every shared channel in the team. To learn more about B2B direct connect users, read [B2B direct connect](../external-identities/b2b-direct-connect-overview.md).
 
-## If no action is taken on access review
-When the access review is setup, the administrator has the option to use advanced settings to determine what will happen in the event a reviewer doesn't respond to an access review request. 
+## Set up what will happen if no action is taken on access review
+When the access review is set up, the administrator has the option to use advanced settings to determine what will happen if a reviewer doesn't respond to an access review request.
 
-The administrator can set up the review so that if reviewers do not respond at the end of the review period, all unreviewed users can have an automatic decision made on their access. This includes the loss of access to the group or application under review.
+The administrator can set up the review so that if reviewers don't respond at the end of the review period, all unreviewed users can have an automatic decision made on their access. This includes the loss of access to the group or application under review.
 
 ## Next steps
 
