MicrosoftDocs
diff --git a/‎learn-pr/wwl-sci/plan-implement-manage-access-review/7a-access-review-agent.yml‎
Lines changed: 15 additions & 0 deletions b/‎learn-pr/wwl-sci/plan-implement-manage-access-review/7a-access-review-agent.yml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/1-introduction.md‎
Lines changed: 2 additions & 2 deletions b/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/1-introduction.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/2-plan-for-access-reviews.md‎
Lines changed: 30 additions & 30 deletions b/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/2-plan-for-access-reviews.md‎
Lines changed: 30 additions & 30 deletions
diff --git a/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/3-create-access-reviews-for-groups-apps.md‎
Lines changed: 16 additions & 16 deletions b/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/3-create-access-reviews-for-groups-apps.md‎
Lines changed: 16 additions & 16 deletions
diff --git a/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/4-create-configure-access-review-programs.md‎
Lines changed: 2 additions & 2 deletions b/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/4-create-configure-access-review-programs.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/5-monitor-findings.md‎
Lines changed: 7 additions & 7 deletions b/‎learn-pr/wwl-sci/plan-implement-manage-access-review/includes/5-monitor-findings.md‎
Lines changed: 7 additions & 7 deletions
@@ -0,0 +1,15 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.plan-implement-manage-access-review.access-review-agent
+title: Explore the Access Review Agent in Microsoft Entra
+metadata:
+  title: Explore the Access Review Agent in Microsoft Entra
+  description: "Explore Access Review Agent in Microsoft Entra"
+  ms.date: 01/8/2026
+  author: wwlpublish
+  ms.author: roberts
+  ms.topic: unit
+  ms.custom:
+  - N/A
+durationInMinutes: 5
+content: |
+  [!include[](includes/7a-access-review-agent.md)]
@@ -1,6 +1,6 @@
-Once identity is deployed, you'll learn that proper governance is required. Using access reviews is necessary for a secure solution. Explore how you plan for and implement access reviews.
+Once identity is deployed, you learn that proper governance is required. Using access reviews is necessary for a secure solution. Explore how you plan for and implement access reviews.
 
-In this module, you will learn all about access reviews. Knowledge covered includes why access reviews are important to the security of your organization, and how to prepare for and perform them. Additionally you explore how to configure access reviews to occur on a recurring basis.
+In this module, you learn all about access reviews. Knowledge covered includes why access reviews are important to the security of your organization, and how to prepare for and perform them. Additionally you explore how to configure access reviews to occur on a recurring basis.
 
 ## Learning objectives
 
 
@@ -21,13 +21,13 @@ Access to groups and applications for employees and guests changes over time. To
 
     :::image type="content" source="../media/select-what-review.png" alt-text="Screenshot of the Create an access review - Review name and description dialog.":::
 
-5.  If you selected **Teams + Groups** in Step 1, you've two options in Step 2:
+5.  If you selected **Teams + Groups** in Step 1, you have two options in Step 2:
 
 
     - **All Microsoft 365 groups with guest users**. Select this option if you would like to create recurring reviews on all your guest users across all your Microsoft Teams and Microsoft 365 groups in your organization. You can choose to exclude certain groups by selecting "Select group(s) to exclude."
-    - **Select teams + groups**. Select this option if you would like to specify a finite set of teams and/or groups to review. After selecting on this option, you'll see a list of groups to the right to pick from.
+    - **Select teams + groups**. Select this option if you would like to specify a finite set of teams and/or groups to review. After selecting this option, you'll see a list of groups to the right to pick from.
 
-       :::image type="content" source="../media/teams-groups.png" alt-text="Screenshot of the Teams and groups settings.  Pick your groups to exclude.":::
+       :::image type="content" source="../media/teams-groups.png" alt-text="Screenshot of the Teams and groups settings. Pick your groups to exclude.":::
 
        :::image type="content" source="../media/teams-groups-detailed.png" alt-text="Screenshot of the Teams and groups chosen in the user interface. Selected items are excluded.":::
 
@@ -43,15 +43,15 @@ Access to groups and applications for employees and guests changes over time. To
 
        > [!NOTE]
        > If you selected All Microsoft 365 groups with guest users in Step 2, then your only option is to review Guest users in Step 3.
-8.  Select on Next: Reviews
+8.  Select **Next: Reviews**
 9.  In the **Select reviewers** section, select one or more people to perform the access reviews. You can choose from:
 
 
     - **Group owner(s)** (Only available when performing a review on a team or group)
     - **Selected user(s) or groups(s)**
     - **Users review own access**
-    - **(Preview) Managers of users**. If you choose either **Managers of users** or **Group owners,** you also have the option to specify a fallback reviewer. Fallback reviewers are asked to do a review when the user has no manager specified in the directory or the group doesn't have an owner.
-10. In the **Specify recurrence of review** section, you can specify a frequency such as **Weekly, Monthly, Quarterly, Semi-annually, Annually**. You then specify a **Duration**, which defines how long a review will be open for input from reviewers. For example, the maximum duration that you can set for a monthly review is 27 days to avoid overlapping reviews. You might want to shorten the duration to ensure that your reviewers input is applied earlier. Next, you can select a **Start date** and **End date**.
+    - **(Preview) Managers of users**. If you choose either **Managers of users** or **Group owners,** you can also specify a fallback reviewer. Fallback reviewers are asked to do a review when the user has no manager specified in the directory or the group doesn't have an owner.
+10. In the **Specify recurrence of review** section, you can specify a frequency such as **Weekly, Monthly, Quarterly, Semi-annually, Annually**. You then specify a **Duration**, which defines how long a review is open for input from reviewers. For example, the maximum duration that you can set for a monthly review is 27 days to avoid overlapping reviews. You might want to shorten the duration to ensure that your reviewers input is applied earlier. Next, you can select a **Start date** and **End date**.
 
     :::image type="content" source="../media/frequency.png" alt-text="Screenshot of the Choose how often the review should happen. Admins should set a reasonable timeline.":::
 
@@ -61,7 +61,7 @@ Access to groups and applications for employees and guests changes over time. To
     :::image type="content" source="../media/upon-completion-settings-new.png" alt-text="Screenshot of the Create an access review - upon completion settings.":::
 
 
-    If you want to automatically remove access for denied users, set **Auto apply results to resource** to **Enable**. If you want to manually apply the results when the review completes, set the switch to **Disable**. Use the **If reviewers don't respond** list to specify what happens for users that aren't reviewed by the reviewer within the review period. This setting doesn't impact users who have been reviewed by the reviewers manually. If the final reviewer's decision is Deny, then the user's access will be removed.
+    If you want to automatically remove access for denied users, set **Auto apply results to resource** to **Enable**. If you want to manually apply the results when the review completes, set the switch to **Disable**. Use the **If reviewers don't respond** list to specify what happens for users that aren't reviewed by the reviewer within the review period. This setting doesn't change users who were reviewed manually. If the final reviewers' decision is Deny, then the user's access is removed.
 
 
     - No change - Leave user's access unchanged
@@ -72,37 +72,37 @@ Access to groups and applications for employees and guests changes over time. To
     Use the Action to apply on denied **guest** users to specify what happens to guest users if they're denied.
 
 
-    - **Remove user’s membership from the resource** will remove denied user’s access to the group or application being reviewed, they'll still be able to sign-in to the tenant.
-    - **Block user from signing in for 30 days, then remove user from the tenant** will block the denied users from signing in to the tenant, regardless if they have access to other resources. If there was a mistake or if an admin decides to re-enable one’s access, they can do so within 30 days after the user has been disabled. If there's no action taken on the disabled users, they'll be deleted from the tenant.
+    - **Remove user’s membership from the resource** removes denied user’s access to the group or application being reviewed, they'll still be able to sign-in to the tenant.
+    - **Block user from signing in for 30 days, then remove user from the tenant** blocks the denied users from signing in to the tenant, regardless if they have access to other resources. If there was a mistake or if an admin decides to re-enable one’s access, they can do so within 30 days after the user is disabled. If there's no action taken on the disabled users, they are deleted from the tenant.
     - Action to apply on denied guest users isn't configurable on reviews scoped to more than guest users. It's also not configurable for reviews of all Microsoft 365 groups with guest users. When not configurable, the default option of removing user's membership from the resource is used on denied users.
 13. In **Enable review decision helpers** choose whether you would like your reviewer to receive recommendations during the review process.
 
-    :::image type="content" source="../media/helpers.png" alt-text="Screenshot of the Enable decision helpers options.  Offer recommendations to the reviewers.":::
+    :::image type="content" source="../media/helpers.png" alt-text="Screenshot of the Enable decision helpers options. Offer recommendations to the reviewers.":::
 
 14. In the **Advanced settings** section, you can choose the following
 
 
     - Set **Justification required** to **Enable** to require the reviewer to supply a reason for approval.
     - Set **email notifications** to **Enable** to have Microsoft Entra ID send email notifications to reviewers when an access review starts, and to administrators when a review completes.
-    - Set **Reminders** to **Enable** to have Microsoft Entra ID send reminders of access reviews in progress to reviewers who haven't completed their review. These reminders will be half-way through the duration of the review.
-    - The content of the email sent to reviewers is autogenerated based on the review details, such as review name, resource name, due date, etc. If you need a way to communicate additional information, such as additional instructions or contact information, you can specify these details in the **Additional content for reviewer email** section. The information that you enter is included in the invitation and reminder emails sent to assigned reviewers. The section highlighted in the image below shows where this information is displayed.
+    - Set **Reminders** to **Enable** to have Microsoft Entra ID send reminders of access reviews in progress to reviewers who haven't completed their review. These reminders are half-way through the duration of the review.
+    - The content of the email sent to reviewers is autogenerated based on the review details, such as review name, resource name, due date, etc. If you need a way to communicate additional information, such as extra instructions or contact information, you can specify these details in the **Additional content for reviewer email** section. The information that you enter is included in the invitation and reminder emails sent to assigned reviewers. The section highlighted in the image below shows where this information is displayed.
 15. Select **Next: Review + Create** to move to the next page.
 16. Name the access review. Optionally, give the review a description. The name and description are shown to the reviewers.
 17. Review the information and select **Create**.
 
-    :::image type="content" source="../media/create-review.png" alt-text="Screenshot of the create review screen. Overview of the access review that has just finished creation.":::
+    :::image type="content" source="../media/create-review.png" alt-text="Screenshot of the create review screen. Overview of the access review that finished creation.":::
 
 
 ## Start the access review
 
-Once you've specified the settings for an access review, select **Start**. The access review will appear in your list with an indicator of its status.
+Once you've specified the settings for an access review, select **Start**. The access review appears in your list with an indicator of its status.
 
 :::image type="content" source="../media/access-reviews-list.png" alt-text="Screenshot of the List of access reviews and their status. Review the status of each item.":::
 
 
 By default, Microsoft Entra ID sends an email to reviewers shortly after the review starts. If you choose not to have Microsoft Entra ID send the email, be sure to inform the reviewers that an access review is waiting for them to complete. You can show them the instructions for how to review access to groups or applications. If your review is for guests to review their own access, show them the instructions for how to review access for yourself to groups or applications.
 
-If you've assigned guests as reviewers and they haven't accepted the invite, they'll not receive an email from access reviews because they must first accept the invitation prior to reviewing.
+If you've assigned guests as reviewers and they haven't accepted the invite, they don't receive an email from access reviews because they must first accept the invitation.
 
 ## Access review status table
 
@@ -117,7 +117,7 @@ If you've assigned guests as reviewers and they haven't accepted the invite, the
 | Auto-Reviewed  | Decisions have been recorded by the system for all users who weren't reviewed. Review is ready to proceed to **Applying** if Auto-Apply is enabled.          |
 | Applying       | There will be no change in access for users who were approved.                                                                                               |
 | Applied        | Denied users, if any, have been removed from the resource or directory.                                                                                      |
-| Failed         | Review could not progress. This error could be related to the deletion of the tenant, a change in licenses, or other internal tenant changes.                |
+| Failed         | Review couldn't progress. This error could be related to the deletion of the tenant, a change in licenses, or other internal tenant changes.                |
 
 ## Create reviews via APIs
 
 
@@ -6,9 +6,9 @@ You can also create an access review in PowerShell with the `New-MgIdentityGover
 
 The access reviews API in Microsoft Graph enables organizations to audit and attest to the access that identities are assigned to resources in the organization. For example, access to a SharePoint site that contains customer contact information. And by using the access reviews API, organizations can check and attest to access to such groups and by extension, resources.
 
-## Access Review API for a security groups
+## Access Review API for security groups
 
-This learning module doesn't recreate the step by step method to use the API, to get that information see the article - [Review access to security groups using access reviews APIs.](/graph/tutorial-accessreviews-securitygroup)  Here are the high level steps that need to be performed.
+This learning module doesn't recreate the step-by-step method to use the API, to get that information see the article - [Review access to security groups using access reviews APIs.](/graph/tutorial-accessreviews-securitygroup) Here are the high-level steps that need to be performed.
 
 1. Create an access review for the security group
 2. List instances of the access review
 
@@ -20,11 +20,11 @@ You can start the Access Review process from the notification email or by going
         > If the Access reviews tile isn't visible, there are no access reviews to perform for that organization and no action is needed at this time.
     4.  Select the **Begin review** link for the access review you want to perform.
 
-Once you have opened the access review, you see the names of users who need to have their access reviewed.
+Once you open the access review, you see the names of users who need to have their access reviewed.
 
 There are two ways that you can approve or deny access:
 
-- You can approve or deny access for one or more users 'manually' by choosing the appropriate action for each user request.
+- You can approve or deny access for one or more users manually by choosing the appropriate action for each user request.
 - You can accept the system recommendations.
 
 ### Approve or deny access for one or more users
@@ -37,20 +37,20 @@ There are two ways that you can approve or deny access:
 2.  Select **Approve** or **Deny**.
 
     > [!NOTE]
-    > If you are unsure, you can select "Don't know" and the user gets to keep their access and your choice is recorded in the audit logs.
+    > If you're unsure, you can select "Don't know" and the user gets to keep their access and your choice is recorded in the audit logs.
 3.  The administrator of the access review can require that you supply a reason in the **Reason** box for your decision.
 
 
-    - Even when a reason is not required. You can still provide a reason for your decision and the information that you include will be available to other reviewers.
-4.  Once you have specified the action to take, select **Save**.
+    - Even when a reason isn't required, you can still provide a reason for your decision and the information that you include is available to other reviewers.
+4.  Once you specify the action to take, select **Save**.
 
 
-    - If a user is denied access, they aren't removed immediately. They are removed when the review period has ended. Or when an administrator stops the review if [Auto apply](/azure/active-directory/governance/complete-access-review) is enabled.
+    - If a user is denied access, they aren't removed immediately. They're removed when the review period ends or when an administrator stops the review if [Auto apply](/azure/active-directory/governance/complete-access-review) is enabled.
     - If there are multiple reviewers, the last submitted response is recorded. Consider an example where an administrator designates two reviewers – Alice and Bob. Alice opens the access review first and approves a user's access request. Before the review period ends, Bob opens the access review and denies access on the same request previously approved by Alice. The last decision denying the access is the response that gets recorded.
 
 ### Approve or deny access based on recommendations
 
 To make access reviews easier and faster for you, we also provide recommendations that you can accept with a single acceptance. The recommendations are generated based on the user's sign-in activity.
 
 1.  In the blue bar at the bottom of the page, select **Accept recommendations**. You see a summary of the recommended actions.
-2.  Select **Ok** to accept the recommendations.
+2.  Select **OK** to accept the recommendations.