Rencore
Product · Compliance & Audit Evidence

Access Reviews & Attestation

Periodic access review campaigns tuned for Microsoft 365, SharePoint permissions, Teams membership, Group ownership, guest access. Schedule, attest, track completion, close the loop with remediation actions.

Published For CISO, Compliance & Legal, M365 Product Owner
Book a demo Start free trial

Access Reviews & Attestation is Rencore's compliance capability for periodic certification of access rights. Campaigns target specific resource types, SharePoint sites, Teams, Groups, guests, assign reviewers, set deadlines, and track completion. Resource owners attest whether each access is still appropriate; bulk attestation handles routine cases; delegation handles vacations; remediation actions execute the outcomes. Required evidence for SOC 2 CC6.2, ISO 27001 A.9, and every major compliance framework.

Why access reviews matter

Access accumulates. Over a year, average M365 users gain access to dozens of new sites, channels, and groups they no longer need. Without periodic review, the access stays in place, every new permission compounds with every old one. Compliance frameworks require periodic certification specifically because the natural drift is one-directional.

Manual access reviews are notoriously friction-heavy. Reviewers receive long lists, do not understand the context for each entry, attest by approving everything (or by approving nothing). The compliance evidence shows reviews happened, but the underlying access stays unchanged. The certification is theater.

How Rencore makes it real

Reviews target specific resource scopes (one site, one team, one group) rather than dumping unfiltered access lists on reviewers. Each review entry includes context, last activity, sharing breadth, sensitivity classification, that helps the reviewer make an informed decision in seconds rather than minutes. Bulk operations handle the cases where context-free approval is actually appropriate.

Outcomes drive automated remediation. Access flagged as inappropriate triggers the remediation action (remove user, downgrade permission) automatically, with approval gating for sensitive cases. The compliance record shows what was reviewed and what changed.

Evidence pack

Each campaign produces an evidence record, reviewers assigned, completion rates, attestation outcomes, remediation actions executed. The record is exportable in formats the auditor will accept (PDF for presentation, CSV for analysis) and is retained according to the configured retention policy.

Frequently asked questions

What is Rencore governance?
Rencore governance is a SaaS platform that continuously monitors your Microsoft 365 tenant for policy violations, configuration drift, and security risks across SharePoint, Teams, Power Platform, Copilot, and AI Agents. It automates compliance evidence collection, surfaces oversharing and sprawl, and provides actionable remediation workflows, reducing manual audit effort by up to 80%.
How do Rencore policies work?
Rencore ships with hundreds of pre-built policies that detect governance violations across every connector, oversharing, sprawl, cost overruns, security risks, and compliance gaps. Policies run on a continuous schedule, evaluate each discovered object against configurable rules, and flag violations with severity (High, Medium, Low), category, and a recommended action.
What is Copilot governance?
Copilot governance is the practice of controlling what data Microsoft 365 Copilot can access and surface to users. Since Copilot inherits the permissions of the user who invokes it, overshared content in SharePoint and OneDrive becomes accessible through natural-language queries. Rencore identifies these oversharing risks before Copilot rollout and continuously monitors for new exposure after deployment.

Trusted by

MAPALBAMVille de LuxembourgWACKERGRUNDFOSAMGENOsramLufthansaHoneywellThyssenKruppSunrisePattern

See Rencore in your tenant

Connect your environment in minutes and surface the governance findings that matter on day one.

Try Rencore for free Book a demo