Approve or deny access requests in entitlement management
With entitlement management, you can configure policies to require approval for access packages, and choose one or more approvers. This article describes how designated approvers can approve or deny requests for access packages.
Open request
The first step to approve or deny access requests is to find and open the access request pending approval. There are two ways to open the access request.
Prerequisite role: Approver
Look for an email from Azure that asks you to approve or deny a request. Here's an example email:
Select the Approve or deny request link to open the access request.
Sign in to the My Access portal.
If you don't have the email, you can find the access requests pending your approval by following these steps.
Sign in to the My Access portal at https://myaccess.microsoftonline.cn.
In the left menu, select Approvals to see a list of access requests pending approval.
On the Pending tab, find the request.
View requestor's answers to questions
Navigate to the Approvals tab in My Access.
Go to the request you'd like to approve and select details. You can also select Approve or Deny if you're ready to make a decision.
Select Request details.
On the Request details page, basic information about the request are present such as who made the request, and whether it was for themselves or for someone else. See Request access package on-behalf-of other users(Preview) for more details on requesting access for other users.
The information provided by the requestor is at the bottom of the panel.
Based on the information the requestor provided, you can then approve or deny the request. See the steps in Approve or deny request for guidance.
Approve or deny request
After you open an access request pending approval, you can see details that will help you make an approve or deny decision.
Prerequisite role: Approver
Select the View link to open the Access request pane.
Select Details to see details about the access request.
The details include the user's name, organization, access start and end date if provided, business justification, when the request was submitted, and when the request expires.
Select Approve or Deny.
If necessary, enter a reason.
Select Submit to submit your decision.
If a policy is configured with multiple approvers in a stage, only one approver needs to make a decision about the pending approval. After an approver submits their decision to the access request, the request is completed and is no longer available for the other approvers to approve or deny the request. The other approvers can see the request decision and the decision maker in their My Access portal.
If none of the configured approvers in a stage are able to approve or deny the access request, the request expires after the configured request duration. The user gets notified that their access request has expired, and that they need to resubmit the access request.