Lifecycle Workflow reporting API Overview

Lifecycle Workflows offers reports that enable organizations to gain insight into how lifecycle workflows were processed for users in your organization.


This article describes how to export personal data from a device or service. These steps can be used to support your obligations under the General Data Protection Regulation (GDPR). Authorized tenant admins can use Microsoft Graph to correct, update, or delete identifiable information about end users, including customer and employee user profiles or personal data, such as a user's name, work title, address, or phone number, in your Azure Active Directory (Azure AD) environment.

The lifecycle workflows API is defined in the OData subnamespace, microsoft.graph.identityGovernance.

Key elements of Lifecycle Workflows reports

Reporting feature Description
User processing result Result of a lifecycle workflow that was executed for a specific user. The result is an aggregation of all task processing results of the workflow tasks that were part of the lifecycle workflow and executed for the specific user.
Task processing result Result of a workflow task that was executed for a specific user.
Workflow run Result of a lifecycle workflow that was executed for a collection of users. The result is an aggregation of all user processing results of the users that were either processed within an interval or were part of an on-demand execution.
Task report An aggregation of task processing results for a specific workflow task within a workflow run. With this report, the health status of a workflow task within a workflow run can be easily determined and thus the source of error can be identified more quickly should a workflow run fail.

Lifecycle workflows in audit logs

All events run in Lifecycle Workflows are logged by Azure AD. These include creating, updating, deleting, or running workflows, and assigning permissions to apps.

These auditable logs are represented by the directoryAudit resource type and its associated GET methods in Microsoft Graph.

License checks

The Lifecycle Workflows feature, including the API, is included in the Azure AD Premium P2 license. The tenant where Lifecycle Workflows are being created must have a valid purchased, or trial, Azure AD Premium P2 or EMS E5 subscription. For more information about the license requirements, see Lifecycle Workflows license requirements.

Role and application permission authorization checks

The following Azure AD roles are required for a calling user to read reports in Lifecycle Workflows.

Operation Application permissions Required directory role of the calling user
Read LifecycleWorkflows.Read.All or LifecycleWorkflows.ReadWrite.All Global Reader or Lifecycle Workflows Administrator
Create, Update or Delete LifecycleWorkflows.ReadWrite.All Lifecycle Workflows Administrator

See also