You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/governance/entitlement-management-access-reviews-create.md
+27-3Lines changed: 27 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ ms.tgt_pltfrm: na
12
12
ms.devlang: na
13
13
ms.topic: how-to
14
14
ms.subservice: compliance
15
-
ms.date: 06/18/2020
15
+
ms.date: 10/26/2021
16
16
ms.author: ajburnle
17
17
ms.reviewer:
18
18
ms.collection: M365-identity-device-management
@@ -38,9 +38,33 @@ For more information, see [License requirements](entitlement-management-overview
38
38
39
39
You can enable access reviews when [creating a new access package](entitlement-management-access-package-create.md) or [editing an existing access package](entitlement-management-access-package-lifecycle-policy.md) policy. Follow these steps to enable access reviews of an access package:
40
40
41
-
1. Open the **Lifecycle** tab for an access package and scroll down to **Access Reviews**.
41
+
1. Open the **Lifecycle** tab for an access package to specify when a user's assignment to the access package expires. You can also specify whether users can extend their assignments.
42
42
43
-
1. Move the **Require access reviews** toggle to **Yes**.
43
+
1. In the **Expiration** section, set Access package assignments expires to **On date**, **Number of days**, **Number of hours**, or **Never**.
44
+
45
+
For **On date**, select an expiration date in the future.
46
+
47
+
For **Number of days**, specify a number between 0 and 3660 days.
48
+
49
+
For **Number of hours**, specify a number of hours.
50
+
51
+
Based on your selection, a user's assignment to the access package expires on a certain date, a certain number of days after they are approved, or never.
1. Click Show advanced expiration settings to show additional settings.
56
+
57
+
1. To allow user to extend their assignments, set **Allow users to extend access** to **Yes**.
58
+
59
+
If extensions are allowed in the policy, the user will receive an email 14 days and also one day before their access package assignment is set to expire, prompting them to extend the assignment. The user must still be in the scope of the policy at the time they request an extension. Also, if the policy has an explicit end date for assignments, and a user submits a request to extend access, the extension date in the request must be at or before when assignments expire, as defined in the policy that was used to grant the user access to the access package. For example, if the policy indicates that assignments are set to expire on June 30, the maximum extension a user can request is June 30.
60
+
61
+
If a user's access is extended, they will not be able to request the access package after the specified extension date (date set in the time zone of the user who created the policy).
62
+
63
+
1. To require approval to grant an extension, set **Require approval to grant extension** to **Yes**.
64
+
65
+
The same approval settings that were specified on the Requests tab will be used.
66
+
67
+
1. Next, move the **Require access reviews** toggle to **Yes**.
44
68
45
69
0 commit comments