Microsoft has shipped a public preview of its Access Review Agent, an AI-powered tool that aims to unclog one of the most tedious drains on identity teams: the manual access recertification process. Integrated directly into Microsoft Teams, the agent blends deterministic scoring and large language models to serve up approval recommendations, justification summaries, and a natural-language chat interface—all designed to turn hours of guesswork into minutes of guided decision-making. The catch? A strict set of licensing, Copilot, and role prerequisites, plus a 35-decision limit that reins in early ambitions.
How the Access Review Agent Works
The Access Review Agent isn’t a standalone app. It’s an Entra agent—one of several “agentic” automations Microsoft is weaving across its security and productivity stack—that sits inside your tenant and hunts for access reviews flagged for agent processing. Once activated (either manually or on a scheduled 24-hour cycle), it gathers contextual signals: sign-in activity patterns, group memberships, and employment status pulled from HR systems. Those signals feed a deterministic scoring mechanism that calculates an approve-or-deny recommendation for each access decision.
What sets the experience apart is what happens next. The agent generates a short, plain-language justification summary using a large language model, then stores both the recommendation and the summary. When a reviewer opens the Access Review Agent app in Teams, they see that recommendation in a chat pane and can ask follow-up questions in natural language. The entire flow—questions, responses, final decision—runs through a Security Copilot session behind the scenes, so the conversation is auditable and the final yes/no is recorded under the reviewer’s own identity, not the agent’s.
Key operational attributes:
- Trigger model: The agent runs automatically every 24 hours from the time it is configured, or it can be triggered manually. Expect a short initial processing window after startup.
- Identity model: The agent runs under the identity of the administrator who first activated it—for gathering insights and storing recommendations. Final decisions are made by the human reviewer under their own identity.
- Supported review types at preview: Teams + Groups, Access package assignments, and Application assignments. Azure resource roles, Entra roles, and PIM-managed groups are explicitly off the table.
- Size limit: The agent supports reviews of up to 35 decisions per review.
Prerequisites and Licensing
Before IT teams can switch on the Access Review Agent, they must clear several non-negotiable bars:
- Licensing: The tenant must hold either Microsoft Entra ID Governance or Microsoft Entra Suite licenses. No workaround.
- Security Copilot onboarding: The organization must be onboarded to Microsoft Security Copilot with at least one Security Compute Unit (SCU) provisioned. Microsoft estimates about one SCU per 20 decisions analyzed, but real consumption varies with conversation length and complexity.
- Roles for setup: The admin configuring the agent needs standing permissions—PIM-activated roles won’t work. The minimum roles are Identity Governance Administrator, Lifecycle Workflows Administrator, and Security Copilot Contributor. Reviewers who interact with the agent in Teams also need the Security Copilot Contributor role so the back-end Copilot session can execute.
- Teams app availability: The Access Review Agent Teams app must be allowed in org-wide app policies or explicitly approved by a Teams admin. Reviewers must have access to Teams to use the conversational experience.
A practical activation checklist:
1. Confirm license assignments for pilot users.
2. Provision SCUs and verify Security Copilot onboarding.
3. Designate a dedicated admin account with standing permissions to start the agent—preferably a service account, not a general-purpose Global Admin.
4. Approve the Teams app or configure the org-wide policy.
5. Run tenant-level diagnostics for Copilot/agent readiness and ensure audit logging and SIEM ingestion are in place.
What’s Supported (and What’s Not)
The Access Review Agent is intentionally scoped during preview. Here’s what IT planners need to know before building a rollout strategy:
- Supported review types: Only Teams + Groups, Access package assignments, and Application assignments. Azure resource roles, Microsoft Entra roles, and PIM-managed groups are not supported yet.
- Review size: The 35-decision limit per review is hard. Larger reviews must still go through the My Access portal or other manual channels.
- Stages and reviewer types: Only single-stage reviews work. Multi-stage workflows aren’t available. The agent supports reviews assigned to specific users, group owners, and managers; self-reviews are not supported.
- Language: English only at launch. Global tenants with non-English reviewers must maintain fallback processes.
- Operational quirks: Once started, the agent cannot be paused or stopped mid-run. It runs to completion and may take minutes to process. Avoid using an account that requires PIM activation to configure the agent—it will cause authentication failures.
These constraints mean that for large entitlement programs, staged rollouts and tight-scope pilots are mandatory. The agent is a complement to, not a replacement for, existing review workflows.
Security and Governance Considerations
Automating access recertification with an LLM-backed agent introduces governance vectors that identity teams must address head-on:
- Identity provenance: Recommendations are generated under the activating admin’s identity, not the reviewer’s. This separation reduces impersonation risk but means that if the activating account is over-privileged, the agent’s recommendations could be shaped by permissions that are broader than intended. Treat that account as a privileged, audited operator.
- Data handling: The Teams chat surface opens a Security Copilot session. Any conversational context and source data used to produce justifications traverse that pipeline. Review Microsoft’s Security Copilot data-security documentation and align with internal privacy and regulatory policies before turning on the agent for sensitive reviews.
- Cost and capacity: SCU consumption is both a financial and capacity control. The ~1 SCU per 20 decisions estimate is a planning figure; lengthy threads and deep follow-ups can inflate usage. Monitor SCU usage via the agent’s logs and set guardrails to avoid unexpected overage or throttling.
- Auditability: Agent logs and metrics—including total decisions analyzed, SCUs consumed, and reviewers engaged—should be forwarded to your SIEM or XDR. Treat agent telemetry as a first-class observability source and create alerts for anomalous recommendation patterns or SCU spikes.
- Least privilege: Because the agent operates under Entra identities and permissions, enforce strict RBAC and conditional access around the activating admin account. Consider dedicated, documented operator accounts exclusively for agent activation.
Community discussions have already surfaced a playbook for agentic governance: establish an agent registry that tracks owner, purpose, and lifecycle; ingest telemetry into centralized monitoring; and adopt a center-of-excellence model to oversee Copilot agents uniformly.
Deployment Best Practices
A measured, staged rollout reduces risk and surfaces empirical data to justify wider adoption. A typical playbook spans a few months:
Pilot design (2–4 weeks)
Pick a small group of non-production reviews (≤ 35 decisions) and a narrow set of reviewers—HR, IT app owners, or a test group. Assign licenses, provision at least one SCU, approve the Teams app in a test tenant, and grant Security Copilot Contributor roles to reviewers. Start the agent with a dedicated admin account and record its metadata in your agent registry.
Canary deployment (2–6 weeks)
Expand to a single business unit with a known volume of access reviews. Monitor agent logs, SCU consumption, and reviewer feedback from the Teams experience. Compare agent recommendations with decisions made through the My Access portal and track divergence rates. Use the agent’s logs to quantify accuracy and false positives/negatives.
Governance hardening (ongoing)
Enforce RBAC and conditional access for the activating admin and reviewers. Ingest agent telemetry into your SIEM/XDR and set alerts for anomalies. Create runbooks for revoking Security Copilot Contributor roles and disabling agent processing for specific reviews if drift becomes unacceptable.
Enterprise rollout
Gradually enable agent processing for broader scopes, keeping an eye on SCU budgets and Teams app adoption. Periodically audit agent recommendations against manual decisions to measure drift and recalibrate scoring thresholds or signals as needed.
Strengths and Risks
Where the Access Review Agent shines:
- Time savings: Automating insight-gathering slashes the time reviewers spend hunting for sign-in patterns or membership context.
- Consistency: A deterministic scoring mechanism reduces the subjectivity that plagues purely manual reviews.
- Workflow integration: Surfacing the experience in Teams—where many reviewers already work—lowers friction and lifts completion rates.
- Audit trail: Recommendations and justifications are retained and viewable alongside Entra logs, supporting compliance evidence.
Risks to watch:
- Automation bias: Reviewers may accept agent recommendations too readily. Regular audits and human-in-the-loop policies are essential.
- Data exposure: Conversations flow through Security Copilot, potentially exposing sensitive data to LLM processing. Assess data residency and model usage policies carefully.
- Cost creep: SCU consumption is an ongoing line item. Long conversations or higher-than-expected review volumes can drive overages. Set budget guardrails and monitor closely.
- Limited scope: The 35-decision cap, unsupported roles, and English-only language mean the agent won’t cover all entitlement programs. Hybrid workflows with the My Access portal are necessary for now.
- Identity binding: Recommendations tied to a single activating admin could introduce systemic bias if that account’s permissions are atypical.
Evaluating Adoption
Before piloting, run a decision rubric:
- Business fit: Are review volumes moderate (≤ 35 decisions) and performed in English? Do reviewers already use Teams? If yes, a pilot likely makes sense.
- Governance readiness: Have you onboarded to Security Copilot, provisioned SCUs, and established a governance plan with telemetry ingestion and role hardening? If not, pause until those controls are in place.
- Cost/benefit: Model SCU consumption based on typical decision counts and conversation depth. Run a small pilot to produce empirical SCU-per-decision numbers.
- Regulatory constraints: For reviews involving health records, financial controls, or other highly sensitive data, review data-flow and model-usage policies with legal/compliance before enabling the agent.
The Bigger Picture: AI Agents in Identity
The Access Review Agent is not a standalone gadget—it’s one of Microsoft’s first attempts to embed Copilot agents directly into administrative identity processes. The broader strategy, now visible across Security Copilot, Teams, and the Power Platform, aims to scale similar patterns: reasoning over directory signals, generating recommendations, and keeping a human in the loop for final sign-off. Governance patterns that work for security agents—registries, identity-first controls, telemetry-driven lifecycle management—apply equally here. Independent reporting on Microsoft’s agent strategy underscores both the opportunity and the need for robust operational controls; community practitioners are already calling for agent awareness training, canary testing, and dedicated operator roles.
Conclusion and Next Steps
Microsoft’s Access Review Agent takes a real operational headache—the drudgery of manual access recertification—and delivers a genuine productivity story inside the Teams environment most reviewers already inhabit. Yet the preview’s functional limits, the SCU cost model, and the centralized governance requirements mean this is not a “flip the switch” upgrade. For organizations with mature Entra governance and Copilot onboarding, it offers immediate gains. For everyone else, it’s a signal to get those foundational pieces in order.
Recommended next steps:
1. Assemble a cross-functional pilot team (Identity, Security, Compliance, Teams admin) and run a small-scale pilot for 4–8 weeks.
2. Provision SCUs, monitor consumption closely, and adjust pilot size as needed.
3. Define agent operator accounts, maintain an agent registry, and enforce RBAC and conditional access around activating accounts.
4. Ingest agent logs into your SIEM/XDR and create alerts for anomalous patterns or SCU spikes.
5. Maintain fallback flows through the My Access portal for unsupported reviews and non-English reviewers.
The Access Review Agent is a pragmatic step toward AI-assisted identity governance: powerful, but conditional on governance maturity. Pilot it where you can answer three questions empirically—does it save reviewer time, does it produce defensible recommendations, and does the SCU cost model scale?—and you’ll know whether this agent deserves a permanent seat in your identity toolkit.