question

deniscooper avatar image
0 Votes"
deniscooper asked FlorianFrommherz-2238 edited

Querying Azure Access Reviews Decissions all show approve

Hi,

Not sure if I am misunderstanding the output here, but I,m trying to query access review decissions using Graph API.

If I run

 nvoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $decissionURL -UseBasicParsing -Method get -ContentType "application/json" 

where $decissionURL is `$decissionURL = "https://graph.microsoft.com/beta/accessReviews/$reviewID/decisions"'

I get a list of all the decissions that have been made but they all show as a reviewResult : Approve - where some should be set to Deny. checking the results in the portal show Deny for some of the results.



azure-ad-access-reviews
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

It's possible that this is happening because you are using the deprecated/beta version of Graph for querying. The portal should give a more accurate picture.

https://docs.microsoft.com/en-us/graph/api/resources/accessreviews-root?view=graph-rest-beta

You can also try the method in this article.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FlorianFrommherz-2238 avatar image
0 Votes"
FlorianFrommherz-2238 answered FlorianFrommherz-2238 edited

Hi!

To get to the decisions, you'd query for:

GET https://graph.microsoft.com/v1.0/identitygovernance/accessreviews/definitions/<access review ID>/instances/<instance ID>/decisions.

If this is a one-time review, then the access review ID and the instance ID are the same - and you can retrieve them from the Azure AD Portal in the review overview.

https://docs.microsoft.com/en-us/graph/api/accessreviewinstancedecisionitem-list?view=graph-rest-beta&tabs=http

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.