Access Reviews with Entra ID Agent (Public Preview)

Access reviews are essential for keeping your organization secure—but let’s be honest, they’re often a pain. Reviewers are asked to make decisions with little context, leading to rushed approvals or long investigations. Microsoft is changing that with a new AI-powered agent built into Entra ID Governance and Security Copilot.

This blog post walks you through how to set up and use the Access Review Agent (Public Preview as of right now).
It’s designed to help reviewers make better decisions faster, and it’s part of a broader push to bring intelligent automation into identity governance—alongside other innovations like the Conditional Access Policy Optimization Agent, which helps fine-tune your access policies based on real-world usage.

What Is the Access Review Agent?

The agent acts like a smart assistant for reviewers. It:

• Gathers context like user activity, past decisions, and unusual access patterns.
• Summarizes findings.
• Proposes decisions in a Microsoft Teams chat for the reviewer to confirm or adjust.

It’s not just automation—it’s support. The agent helps reviewers focus on what matters and avoid rubber-stamping.

What You’ll Need

Before diving in, make sure you tick essential boxes:

1. Licensing
   • You need Microsoft Entra ID Governance or Microsoft Entra Suite—Access Review Agent is included in those.
   • Licensing must cover identity governance features (like Access Reviews, Entitlement Management, etc.), either via standalone or bundle offerings.
2. Roles & Permissions
   • The admin configuring the agent must have:
     • Identity Governance Administrator
     • Lifecycle Workflows Administrator
     • Security Copilot Contributor, or alternatively Global Administrator with equivalent privileges.
3. Security Copilot Setup
   • Security Copilot must be enabled in your tenant—this powers the agent’s capabilities. If needed, follow Microsoft's setup guide for Security Copilot.
     • Setup Security Pilot here: https://securitycopilot.microsoft.com/

• Reviewers must be licensed for Microsoft Teams.
• Role assignments:
  • Security Copilot Contributor
  • Identity Governance Administrator
  • Lifecycle Workflows Administrator

How to Set Up the Agent

1. Navigate to Entra Admin Portal
2. Select "Agents" in the left menu
3. Click "Set up" on Access Review Agent

The agent will process all active access reviews in the tenant which have the “Access Review Agent (Preview)” setting set and precomputes data and recommendations for the natural language conversation with the reviewers.

Create or Use an Active Access Review

1. Navigate to Entra Portal
2. Click on ID Governance -> Access Reviews
3. Select a existing access review or create a new one

Provide Reviewers with the AI Agent in Microsoft Teams

Once the Access Review Agent is enabled in Entra, reviewers need to interact with it through Microsoft Teams. The AI agent doesn’t replace the normal review process — it’s an assistant that lives in Teams and helps reviewers make smarter, faster decisions.

Note: If reviewers use Security Copilot outside of Teams, their access is still limited by their default user permissions.

Here’s how to get it set up for your team:

1. Assign Security Copilot permissions

   • Ensure that all reviewers are assigned at least the Security Copilot Contributor role.
     This role is required because every natural-language conversation with the Access Review Agent in Microsoft Teams runs a Microsoft Security Copilot session in the background.
   • Best practice: create a security group for your pilot reviewers and assign the role once to the group, instead of to individuals.

   👉 Learn how to assign Security Copilot access

2. Install the Access Review Agent Teams app
   • The app is published by Microsoft Corporation and is available in the Teams App Store.
   • Direct link to Agent
   • If your organization has disabled Microsoft apps in the Microsoft Teams org-wide app settings your organizations' Microsoft Teams administrator must explicitly approve the app.
   • Learn how to Allow Teams apps

Reviewer Experience: How It Feels

Once everything is set up:

• Reviewers receive an email notification when a review starts.
• Upon clicking the Start review link, the Access Review Agent may open in Teams (or fallback to My Access).

Below is an example of doing a review directly from Teams

1. Start using the Agent
   • Once installed, reviewers will see the Access Review Agent available in Teams.

Open a chat and begin with a simple prompt:

Help me with my access reviews

The agent will then show a summary of active reviews, highlight unusual patterns, and propose decisions the reviewer can accept or adjust. Below is an example of a simple conversation between me and the Agent

You may review the agents' activities and the recommendations generated in the agent activity map. Each access review the agent processes will emit an individual run. Only after the agent has processed a given access review will the agent be able to help reviewers as part of the natural language conversation.

Final Thoughts

The Access Review Agent brings together the best of both worlds: business efficiency and technical simplicity. For leaders, it means stronger compliance, reduced risk of over-privileged accounts, and a clear audit trail without adding overhead to already busy teams. For IT admins, it provides a practical, AI-powered tool that integrates directly into Microsoft Teams, cutting down on training needs and manual portal work.

By combining natural language conversations with structured governance policies, the agent helps organizations strike the right balance between security, compliance, and usability a win for both business outcomes and technical operations.