Medium

Access reviews not configured

Checks whether access reviews are configured for groups and applications.

Category: Governance
Default severity: Medium
Rule key: CHECK_ACCESS_REVIEWS
Last updated: February 20, 2026

How to fix it

Configure periodic access reviews for sensitive groups, privileged roles, and guest users.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

AccessReview.Read.All

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →