在 Privileged Identity Management 中完成对 Azure AD 角色的访问评审Complete an access review of Azure AD roles in Privileged Identity Management

访问评审开始后,特权角色管理员可以评审特权访问。Privileged role administrators can review privileged access once an access review has been started. Privileged Identity Management (PIM) 会自动向 Azure Active Directory (Azure AD) 组织中的用户发送一封电子邮件,提示他们查看其访问权限。Privileged Identity Management (PIM) will automatically send an email to users in your Azure Active Directory (Azure AD) organization prompting them to review their access. 如果用户未收到电子邮件,可以向他们发送如何执行访问评审的相关说明。If a user did not get an email, you can send them the instructions in how to perform an access review.

访问评审期限结束,或者所有用户已完成其自评审后,请按照本文中的步骤管理评审并查看结果。After the access review period is over, or all the users have finished their self-review, follow the steps in this article to manage the review and see the results.

管理访问评审Manage access reviews

  1. 转到 Azure 门户,并在仪表板上选择“Azure AD Privileged Identity Management” 服务。Go to the Azure portal and select the Azure AD Privileged Identity Management service on your dashboard.
  2. 选择仪表板的“访问审阅” 部分。Select the Access reviews section of the dashboard.
  3. 选择要管理的访问审阅。Select the access review that you want to manage.

在访问审阅的详细信息边栏选项卡上,有大量用于管理该审阅的选项。On the access review's detail blade, there are a number of options for managing that review.

Privileged Identity Management 访问评审按钮 - 屏幕截图

提醒Remind

如果设置了用于用户审阅自身的访问审阅,“提醒” 按钮将发送一条通知。If an access review is set up so that the users review themselves, the Remind button sends out a notification.

停止Stop

所有访问审阅都有结束日期,但可以使用“停止” 按钮提前结束。All access reviews have an end date, but you can use the Stop button to finish it early. 如果此时还有未审阅的用户,他们在停止审阅后将无法再得到审阅。If any users haven't been reviewed by this time, they won't be able to after you stop the review. 停止后,无法重新开始审阅。You cannot restart a review after it's been stopped.

应用Apply

结束访问审阅后,“应用” 按钮将实现审阅结果,因为结束日期已到或已手动停止它。After an access review is completed, either because you reached the end date or stopped it manually, the Apply button implements the outcome of the review. 如果在审阅中拒绝了用户的访问,在此步骤中将删除其角色分配。If a user's access was denied in the review, this is the step that will remove their role assignment.

导出Export

如果要手动应用访问评审的结果,可以导出该评审。If you want to apply the results of the access review manually, you can export the review. “导出” 按钮将开始下载 CSV 文件。The Export button will start downloading a CSV file. 可以在 Excel 或可打开 CSV 文件的其他程序中管理结果。You can manage the results in Excel or other programs that open CSV files.

DeleteDelete

如果不想要进一步了解审阅,请将其删除。If you are not interested in the review any further, delete it. “删除”按钮 可从 Privileged Identity Management 服务中删除评审。The Delete button removes the review from the Privileged Identity Management service.

重要

不需确认此破坏性更改,因此请验证是否要删除该评审。You will not be required to confirm this destructive change, so verify that you want to delete that review.

后续步骤Next steps