Share via

Access Review Reporting - Why only 30 days??

H. Singleton 20 Reputation points
2025-03-25T21:08:31.8533333+00:00

I'm new to Entra ID Governance. In looking at the Access Review reporting section, I see I can only go back 30 days with a new report. That is not useful at all as we typically will have audit and compliance reporting requests that can come at any time - sometimes months after the completion of a review. Curious why that 30-day parameter is set and if there are any plans to extend that timeframe.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Kancharla Saiteja 5,485 Reputation points Microsoft External Staff Moderator
    2025-03-28T09:37:59.0266667+00:00

    Hi @H. Singleton,

    Based on your query, here is my understanding: You would like to know why there is a limit of download the files within or till 30days.

    I would like to credit @Andy David - MVP regarding the impacts of load on the service while storing or retrieving the logs. As mentioned, it provides detailed information for the last 30days which is lot of information.

    Now I would like few more points regarding the 30 days logs. All the audit and sign in logs last mostly for 30days (depending on licenses). The lifecycle of the user as well depends on 30days. When a user soft deleted he gets permanently deleted in 30days which will also be dependent to access reviews when you review the lifecycle objects.

    These are just examples that I would like to provide you but there are many other features which are defined with same 30days time period. Since access reviews works on many features and logs that is the reason it has been dependent with specific days.

    Some of the examples how access review features work with 30days:

    Enable reviewer decision helpers: No sign-in within 30 days is Enabled by default. When this is enabled, system recommendations based on users' access information over the last 30 days will be shown to the reviewers.

    If reviewers don't respond:

    Remove access: The system automatically marks members that haven't signed in for greater than 30 days for removal. The system recommends users that have signed in within the last 30 days to remain as active members.

    Approve access: The system automatically marks members as approved allowing them to remain as active members. They remain active, even though the system's default recommendation is to remove the user's membership because they have not signed in for greater than 30 days.

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 157.4K Reputation points MVP Volunteer Moderator
    2025-03-25T22:05:03.8566667+00:00

    You can always go to to the access reviews and view the history.

    As far as the reports, I wouldnt expect them to go beyond 30 days. Thats a load on the service if they increased that to longer. Direct Entra logs are only 30 days generally.

    User's image

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.