New-MgAccessReviewInstanceReviewer

Question

Hi

For some reason Microsoft has not built in functionality which allows access reviews performed by managers to fall back to the manager's manager. We need this functionality, so I'm trying to use powershell to add an extra reviewer to the current instance review of an ongoing series, if the review has been in progress for more than 14 days and the direct manager has not made any decisions. I've got most of the script sorted, but I can't get this part working and was hoping someone would be able to assist:

$ManagersManager = (Get-MgUserManager -UserId $ReviewerUPN).Id

	Id = "$ManagersManager"
}

New-MgAccessReviewInstanceReviewer -AccessReviewId $accessReview.Id -AccessReviewId1 $AccessReviewInstanceLatest.Id -BodyParameter $params

I get the error:

New-MgAccessReviewInstanceReviewer : No HTTP resource was found that matches the request URI 'https://api.accessreviews.identitygovernance.azure.com/accessReviews/v2.0/accessReviews('[Unique ID for the review series]
')/instances('[Unique ID for the review instance]')/reviewers?ring=2'.

It works fine if I just want to add the reviewer to the entire series, but not the current instance of the review:

$ManagersManager = (Get-MgUserManager -UserId $ReviewerUPN).Id

$params = @{
	Id = "$ManagersManager"
}

New-MgAccessReviewReviewer -AccessReviewId $accessReview.Id -BodyParameter $params

I have verified the ID for the instance is correct.

Various links:

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/new-mgaccessreviewinstancereviewer?view=graph-powershell-beta

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/new-mgaccessreviewreviewer?view=graph-powershell-beta

Any suggestions would be greatly appreciated. Thank you!

Answer 1

I figured out the solution. Just use New-MgAccessReviewReviewer but with the Id of the instance rather than the series

$ManagersManager = (Get-MgUserManager -UserId $ReviewerUPN).Id

$params = @{
	Id = "$ManagersManager"
}

New-MgAccessReviewReviewer -AccessReviewId $AccessReviewInstanceLatest.Id -BodyParameter $params