This operator surface turns raw Microsoft Graph access-review exports into a buyer-readable control plane for Entra governance teams: overdue closeouts, self-reviews, auto-approvals, stale application gaps, and the remediation packet needed before the next audit window closes.
| Review | Owner | Status | Open | Privileged | Next action |
|---|---|---|---|---|---|
| Privileged roles Q2 closeout Privileged roles · core tenant Quarterly cadence · closes 2026-05-15 |
Entra Governance | InProgress | 1 | 3 | Escalate open Global Admin decision and require dual-control for privileged role closeout. Privileged review still shows a self-review and an approval with no reviewer evidence. |
| External guests and app grants Guests + app grants Monthly cadence · closes 2026-05-10 |
Identity Operations | Completed | 1 | 0 | Close stale guest and app-grant decisions before the next audit packet exports. Guest and app-grant reviews need better notification and application proof. |
| Privileged groups and break-glass accounts Privileged groups + break glass Monthly cadence · closes 2026-05-28 |
Platform Security | Auto-Reviewed | 0 | 1 | Validate break-glass reviewer independence and archive clean evidence for the next audit run. This lane is the healthiest posture, but it still needs evidence packaging. |