Azure AD access review on level of single (shared) site collection
External sharing is decided by site owner, and configured on site collection level. Access review should be on same granularity. Current it is only possible on group level (but group can be authorized to multiple sites, thus also multiple site owners), or App = SharePoint Online, thus for ALL site collections.
still very much needed in 2019... if you can add azure subscriptions to the list quickly - then this is needed aswell.