Querying Azure Access Reviews Decissions all show approve

Denis Cooper 26 Reputation points
2021-05-25T20:16:37.897+00:00

Hi,

Not sure if I am misunderstanding the output here, but I,m trying to query access review decissions using Graph API.

If I run

nvoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $decissionURL -UseBasicParsing -Method get -ContentType "application/json" 

where $decissionURL is `$decissionURL = "https://graph.microsoft.com/beta/accessReviews/$reviewID/decisions"'

I get a list of all the decissions that have been made but they all show as a reviewResult : Approve - where some should be set to Deny. checking the results in the portal show Deny for some of the results.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,919 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 37,056 Reputation points Microsoft Employee
    2021-05-25T22:31:27.22+00:00

    It's possible that this is happening because you are using the deprecated/beta version of Graph for querying. The portal should give a more accurate picture.

    https://learn.microsoft.com/en-us/graph/api/resources/accessreviews-root?view=graph-rest-beta

    You can also try the method in this article.

    0 comments No comments

  2. Florian Frommherz 76 Reputation points Microsoft Employee
    2021-10-27T09:37:26.723+00:00

    Hi!

    To get to the decisions, you'd query for:

    GET https://graph.microsoft.com/v1.0/identitygovernance/accessreviews/definitions/<access review ID>/instances/<instance ID>/decisions.

    If this is a one-time review, then the access review ID and the instance ID are the same - and you can retrieve them from the Azure AD Portal in the review overview.

    https://learn.microsoft.com/en-us/graph/api/accessreviewinstancedecisionitem-list?view=graph-rest-beta&tabs=http

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.