4.5 Access Reviews and Privileged Identity Management
Key Takeaways
- Access reviews help determine whether existing access should continue.
- Microsoft Entra Privileged Identity Management focuses on governing privileged access.
- PIM scenarios often mention elevated administrative access, time-bound access, or reducing standing privilege.
- Access reviews and PIM both support least privilege but solve different governance problems.
Access reviews validate continued need
Access reviews answer a simple governance question: should this identity still have this access? That question matters because access that was appropriate at one point can become unnecessary later. People change roles, projects finish, and external collaboration may end. SC-900 access review scenarios usually mention periodic validation, recertification, or checking whether users still need access to applications, groups, or other resources.
- Access reviews evaluate existing access.
- The goal is to remove or reduce unnecessary access.
- Reviews support least privilege over time.
- Reviews are governance controls, not sign-in proof methods.
PIM governs privileged access
Microsoft Entra Privileged Identity Management, or PIM, focuses on privileged access. Privileged access is higher risk because it can change settings, manage users, or affect broad parts of an environment. PIM is the right conceptual match when a scenario wants to reduce standing administrative privilege, govern role activation, or make privileged access more controlled. It is not the same as a general user password reset or ordinary access review.
| Capability | Best clue |
|---|---|
| Access review | Should existing access continue? |
| PIM | Should privileged access be activated and governed? |
| MFA | Should sign-in require more proof? |
| Conditional Access | Should context affect access? |
Compare the governance jobs
Access reviews and PIM both support least privilege, but they approach different problems. Access reviews look at continued access and ask whether it is still needed. PIM focuses on privileged roles and how elevated access is controlled. In exam wording, review language usually points to access reviews, while administrator elevation language points to PIM. Both are part of Microsoft Entra governance rather than Defender or Purview.
- Review existing group or application access: access reviews.
- Govern elevated administrator roles: PIM.
- Add proof during sign-in: MFA.
- Classify and protect data: Microsoft Purview.
Common answer selection pattern
When a question includes privileged access, ask whether the issue is activation or continued need. If the concern is reducing always-on administrative power, PIM is usually the stronger answer. If the concern is whether users still need access after time has passed, choose access reviews. If the concern is proving the administrator is who they claim to be, choose MFA or authentication methods instead.
- Always-on administrator privilege: PIM clue.
- Periodic access validation: access review clue.
- Sign-in proof: authentication clue.
- Policy conditions: Conditional Access clue.
Exam anchor
Access reviews and PIM are both least-privilege tools, but the nouns in the question usually separate them. Review language points to access reviews. Privilege, administrator, elevation, or activation language points to PIM. If the scenario includes both, identify whether the core problem is continued eligibility or high-risk privileged power.
- Review wording: access reviews.
- Privilege wording: PIM.
- Added sign-in proof: MFA.
- Contextual allow or block: Conditional Access.
What question does an access review primarily answer?
Which scenario best matches Microsoft Entra Privileged Identity Management?
How do access reviews and PIM differ?