Compartilhar via


New-MgIdentityGovernanceAccessReviewDefinitionInstance

Create new navigation property to instances for identityGovernance

Note

To view the beta release of this cmdlet, view New-MgBetaIdentityGovernanceAccessReviewDefinitionInstance

Syntax

New-MgIdentityGovernanceAccessReviewDefinitionInstance
   -AccessReviewScheduleDefinitionId <String>
   [-ResponseHeadersVariable <String>]
   [-AdditionalProperties <Hashtable>]
   [-ContactedReviewers <IMicrosoftGraphAccessReviewReviewer[]>]
   [-Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem[]>]
   [-EndDateTime <DateTime>]
   [-FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
   [-Id <String>]
   [-Reviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
   [-Scope <Hashtable>]
   [-Stages <IMicrosoftGraphAccessReviewStage[]>]
   [-StartDateTime <DateTime>]
   [-Status <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-MgIdentityGovernanceAccessReviewDefinitionInstance
   -AccessReviewScheduleDefinitionId <String>
   -BodyParameter <IMicrosoftGraphAccessReviewInstance>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-MgIdentityGovernanceAccessReviewDefinitionInstance
   -InputObject <IIdentityGovernanceIdentity>
   [-ResponseHeadersVariable <String>]
   [-AdditionalProperties <Hashtable>]
   [-ContactedReviewers <IMicrosoftGraphAccessReviewReviewer[]>]
   [-Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem[]>]
   [-EndDateTime <DateTime>]
   [-FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
   [-Id <String>]
   [-Reviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
   [-Scope <Hashtable>]
   [-Stages <IMicrosoftGraphAccessReviewStage[]>]
   [-StartDateTime <DateTime>]
   [-Status <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-MgIdentityGovernanceAccessReviewDefinitionInstance
   -InputObject <IIdentityGovernanceIdentity>
   -BodyParameter <IMicrosoftGraphAccessReviewInstance>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Create new navigation property to instances for identityGovernance

Parameters

-AccessReviewScheduleDefinitionId

The unique identifier of accessReviewScheduleDefinition

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

accessReviewInstance To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IMicrosoftGraphAccessReviewInstance
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ContactedReviewers

Returns the collection of reviewers who were contacted to complete this review. While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities. Supports $select. Read-only. To construct, see NOTES section for CONTACTEDREVIEWERS properties and create a hash table.

Type:IMicrosoftGraphAccessReviewReviewer[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Decisions

Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed. To construct, see NOTES section for DECISIONS properties and create a hash table.

Type:IMicrosoftGraphAccessReviewInstanceDecisionItem[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EndDateTime

DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FallbackReviewers

This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select. To construct, see NOTES section for FALLBACKREVIEWERS properties and create a hash table.

Type:IMicrosoftGraphAccessReviewReviewerScope[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Id

The unique identifier for an entity. Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:IIdentityGovernanceIdentity
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Reviewers

This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API. To construct, see NOTES section for REVIEWERS properties and create a hash table.

Type:IMicrosoftGraphAccessReviewReviewerScope[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Scope

accessReviewScope

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Stages

If the instance has multiple stages, this returns the collection of stages. A new stage will only be created when the previous stage ends. The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition. To construct, see NOTES section for STAGES properties and create a hash table.

Type:IMicrosoftGraphAccessReviewStage[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-StartDateTime

DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Status

Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.PowerShell.Models.IIdentityGovernanceIdentity

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessReviewInstance

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessReviewInstance

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphAccessReviewInstance>: accessReviewInstance

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [ContactedReviewers <IMicrosoftGraphAccessReviewReviewer- []>]: Returns the collection of reviewers who were contacted to complete this review. While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities. Supports $select. Read-only.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [CreatedDateTime <DateTime?>]: The date when the reviewer was added for the access review.
    • [DisplayName <String>]: Name of reviewer.
    • [UserPrincipalName <String>]: User principal name of the reviewer.
  • [Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem- []>]: Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [AccessReviewId <String>]: The identifier of the accessReviewInstance parent. Supports $select. Read-only.
    • [AppliedBy <IMicrosoftGraphUserIdentity>]: userIdentity
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
      • [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
      • [IPAddress <String>]: Indicates the client IP address associated with the user performing the activity (audit log only).
      • [UserPrincipalName <String>]: The userPrincipalName attribute of the user.
    • [AppliedDateTime <DateTime?>]: The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
    • [ApplyResult <String>]: The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.
    • [Decision <String>]: Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).
    • [Insights <IMicrosoftGraphGovernanceInsight- []>]: Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem.
      • [Id <String>]: The unique identifier for an entity. Read-only.
      • [InsightCreatedDateTime <DateTime?>]: Indicates when the insight was created.
    • [Justification <String>]: Justification left by the reviewer when they made the decision.
    • [Principal <IMicrosoftGraphIdentity>]: identity
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
      • [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
    • [PrincipalLink <String>]: A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.
    • [Recommendation <String>]: A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. The value is Approve if the sign-in is fewer than 30 days after the start of review, Deny if the sign-in is greater than 30 days after, or NoInfoAvailable. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.
    • [Resource <IMicrosoftGraphAccessReviewInstanceDecisionItemResource>]: accessReviewInstanceDecisionItemResource
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DisplayName <String>]: Display name of the resource
      • [Id <String>]: Identifier of the resource
      • [Type <String>]: Type of resource. Types include: Group, ServicePrincipal, DirectoryRole, AzureRole, AccessPackageAssignmentPolicy.
    • [ResourceLink <String>]: A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.
    • [ReviewedBy <IMicrosoftGraphUserIdentity>]: userIdentity
    • [ReviewedDateTime <DateTime?>]: The timestamp when the review decision occurred. Supports $select. Read-only.
  • [EndDateTime <DateTime?>]: DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
  • [FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope- []>]: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.
    • [Query <String>]: The query specifying who will be the reviewer.
    • [QueryRoot <String>]: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.
    • [QueryType <String>]: The type of query. Examples include MicrosoftGraph and ARM.
  • [Reviewers <IMicrosoftGraphAccessReviewReviewerScope- []>]: This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
  • [Scope <IMicrosoftGraphAccessReviewScope>]: accessReviewScope
    • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Stages <IMicrosoftGraphAccessReviewStage- []>]: If the instance has multiple stages, this returns the collection of stages. A new stage will only be created when the previous stage ends. The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem- []>]: Each user reviewed in an accessReviewStage has a decision item representing if they were approved, denied, or not yet reviewed.
    • [EndDateTime <DateTime?>]: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to end. This property is the cumulative total of the durationInDays for all stages. Read-only.
    • [FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope- []>]: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner doesn't exist, or manager is specified as reviewer but a user's manager doesn't exist.
    • [Reviewers <IMicrosoftGraphAccessReviewReviewerScope- []>]: This collection of access review scopes is used to define who the reviewers are. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
    • [StartDateTime <DateTime?>]: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to start. Read-only.
    • [Status <String>]: Specifies the status of an accessReviewStage. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $orderby, and $filter (eq only). Read-only.
  • [StartDateTime <DateTime?>]: DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
  • [Status <String>]: Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only.

CONTACTEDREVIEWERS <IMicrosoftGraphAccessReviewReviewer- []>: Returns the collection of reviewers who were contacted to complete this review. While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities. Supports $select. Read-only.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [CreatedDateTime <DateTime?>]: The date when the reviewer was added for the access review.
  • [DisplayName <String>]: Name of reviewer.
  • [UserPrincipalName <String>]: User principal name of the reviewer.

DECISIONS <IMicrosoftGraphAccessReviewInstanceDecisionItem- []>: Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AccessReviewId <String>]: The identifier of the accessReviewInstance parent. Supports $select. Read-only.
  • [AppliedBy <IMicrosoftGraphUserIdentity>]: userIdentity
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
    • [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
    • [IPAddress <String>]: Indicates the client IP address associated with the user performing the activity (audit log only).
    • [UserPrincipalName <String>]: The userPrincipalName attribute of the user.
  • [AppliedDateTime <DateTime?>]: The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
  • [ApplyResult <String>]: The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.
  • [Decision <String>]: Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).
  • [Insights <IMicrosoftGraphGovernanceInsight- []>]: Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [InsightCreatedDateTime <DateTime?>]: Indicates when the insight was created.
  • [Justification <String>]: Justification left by the reviewer when they made the decision.
  • [Principal <IMicrosoftGraphIdentity>]: identity
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
    • [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
  • [PrincipalLink <String>]: A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.
  • [Recommendation <String>]: A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. The value is Approve if the sign-in is fewer than 30 days after the start of review, Deny if the sign-in is greater than 30 days after, or NoInfoAvailable. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.
  • [Resource <IMicrosoftGraphAccessReviewInstanceDecisionItemResource>]: accessReviewInstanceDecisionItemResource
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [DisplayName <String>]: Display name of the resource
    • [Id <String>]: Identifier of the resource
    • [Type <String>]: Type of resource. Types include: Group, ServicePrincipal, DirectoryRole, AzureRole, AccessPackageAssignmentPolicy.
  • [ResourceLink <String>]: A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.
  • [ReviewedBy <IMicrosoftGraphUserIdentity>]: userIdentity
  • [ReviewedDateTime <DateTime?>]: The timestamp when the review decision occurred. Supports $select. Read-only.

FALLBACKREVIEWERS <IMicrosoftGraphAccessReviewReviewerScope- []>: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.

  • [Query <String>]: The query specifying who will be the reviewer.
  • [QueryRoot <String>]: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.
  • [QueryType <String>]: The type of query. Examples include MicrosoftGraph and ARM.

INPUTOBJECT <IIdentityGovernanceIdentity>: Identity Parameter

  • [AccessPackageAssignmentId <String>]: The unique identifier of accessPackageAssignment
  • [AccessPackageAssignmentPolicyId <String>]: The unique identifier of accessPackageAssignmentPolicy
  • [AccessPackageAssignmentRequestId <String>]: The unique identifier of accessPackageAssignmentRequest
  • [AccessPackageCatalogId <String>]: The unique identifier of accessPackageCatalog
  • [AccessPackageId <String>]: The unique identifier of accessPackage
  • [AccessPackageId1 <String>]: The unique identifier of accessPackage
  • [AccessPackageQuestionId <String>]: The unique identifier of accessPackageQuestion
  • [AccessPackageResourceEnvironmentId <String>]: The unique identifier of accessPackageResourceEnvironment
  • [AccessPackageResourceId <String>]: The unique identifier of accessPackageResource
  • [AccessPackageResourceRequestId <String>]: The unique identifier of accessPackageResourceRequest
  • [AccessPackageResourceRoleId <String>]: The unique identifier of accessPackageResourceRole
  • [AccessPackageResourceRoleId1 <String>]: The unique identifier of accessPackageResourceRole
  • [AccessPackageResourceRoleScopeId <String>]: The unique identifier of accessPackageResourceRoleScope
  • [AccessPackageResourceScopeId <String>]: The unique identifier of accessPackageResourceScope
  • [AccessPackageResourceScopeId1 <String>]: The unique identifier of accessPackageResourceScope
  • [AccessReviewHistoryDefinitionId <String>]: The unique identifier of accessReviewHistoryDefinition
  • [AccessReviewHistoryInstanceId <String>]: The unique identifier of accessReviewHistoryInstance
  • [AccessReviewInstanceDecisionItemId <String>]: The unique identifier of accessReviewInstanceDecisionItem
  • [AccessReviewInstanceId <String>]: The unique identifier of accessReviewInstance
  • [AccessReviewReviewerId <String>]: The unique identifier of accessReviewReviewer
  • [AccessReviewScheduleDefinitionId <String>]: The unique identifier of accessReviewScheduleDefinition
  • [AccessReviewStageId <String>]: The unique identifier of accessReviewStage
  • [AgreementAcceptanceId <String>]: The unique identifier of agreementAcceptance
  • [AgreementFileLocalizationId <String>]: The unique identifier of agreementFileLocalization
  • [AgreementFileVersionId <String>]: The unique identifier of agreementFileVersion
  • [AgreementId <String>]: The unique identifier of agreement
  • [AppConsentRequestId <String>]: The unique identifier of appConsentRequest
  • [ApprovalId <String>]: The unique identifier of approval
  • [ApprovalStageId <String>]: The unique identifier of approvalStage
  • [ConnectedOrganizationId <String>]: The unique identifier of connectedOrganization
  • [CustomCalloutExtensionId <String>]: The unique identifier of customCalloutExtension
  • [CustomExtensionStageSettingId <String>]: The unique identifier of customExtensionStageSetting
  • [CustomTaskExtensionId <String>]: The unique identifier of customTaskExtension
  • [DirectoryObjectId <String>]: The unique identifier of directoryObject
  • [EndDateTime <DateTime?>]: Usage: endDateTime={endDateTime}
  • [GovernanceInsightId <String>]: The unique identifier of governanceInsight
  • [IncompatibleAccessPackageId <String>]: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'
  • [On <String>]: Usage: on='{on}'
  • [PrivilegedAccessGroupAssignmentScheduleId <String>]: The unique identifier of privilegedAccessGroupAssignmentSchedule
  • [PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance
  • [PrivilegedAccessGroupAssignmentScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest
  • [PrivilegedAccessGroupEligibilityScheduleId <String>]: The unique identifier of privilegedAccessGroupEligibilitySchedule
  • [PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance
  • [PrivilegedAccessGroupEligibilityScheduleRequestId <String>]: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest
  • [RunId <String>]: The unique identifier of run
  • [StartDateTime <DateTime?>]: Usage: startDateTime={startDateTime}
  • [TaskDefinitionId <String>]: The unique identifier of taskDefinition
  • [TaskId <String>]: The unique identifier of task
  • [TaskProcessingResultId <String>]: The unique identifier of taskProcessingResult
  • [TaskReportId <String>]: The unique identifier of taskReport
  • [UnifiedRbacResourceActionId <String>]: The unique identifier of unifiedRbacResourceAction
  • [UnifiedRbacResourceNamespaceId <String>]: The unique identifier of unifiedRbacResourceNamespace
  • [UnifiedRoleAssignmentId <String>]: The unique identifier of unifiedRoleAssignment
  • [UnifiedRoleAssignmentScheduleId <String>]: The unique identifier of unifiedRoleAssignmentSchedule
  • [UnifiedRoleAssignmentScheduleInstanceId <String>]: The unique identifier of unifiedRoleAssignmentScheduleInstance
  • [UnifiedRoleAssignmentScheduleRequestId <String>]: The unique identifier of unifiedRoleAssignmentScheduleRequest
  • [UnifiedRoleDefinitionId <String>]: The unique identifier of unifiedRoleDefinition
  • [UnifiedRoleDefinitionId1 <String>]: The unique identifier of unifiedRoleDefinition
  • [UnifiedRoleEligibilityScheduleId <String>]: The unique identifier of unifiedRoleEligibilitySchedule
  • [UnifiedRoleEligibilityScheduleInstanceId <String>]: The unique identifier of unifiedRoleEligibilityScheduleInstance
  • [UnifiedRoleEligibilityScheduleRequestId <String>]: The unique identifier of unifiedRoleEligibilityScheduleRequest
  • [UserConsentRequestId <String>]: The unique identifier of userConsentRequest
  • [UserId <String>]: The unique identifier of user
  • [UserProcessingResultId <String>]: The unique identifier of userProcessingResult
  • [WorkflowId <String>]: The unique identifier of workflow
  • [WorkflowTemplateId <String>]: The unique identifier of workflowTemplate
  • [WorkflowVersionNumber <Int32?>]: The unique identifier of workflowVersion

REVIEWERS <IMicrosoftGraphAccessReviewReviewerScope- []>: This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.

  • [Query <String>]: The query specifying who will be the reviewer.
  • [QueryRoot <String>]: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.
  • [QueryType <String>]: The type of query. Examples include MicrosoftGraph and ARM.

STAGES <IMicrosoftGraphAccessReviewStage- []>: If the instance has multiple stages, this returns the collection of stages. A new stage will only be created when the previous stage ends. The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem- []>]: Each user reviewed in an accessReviewStage has a decision item representing if they were approved, denied, or not yet reviewed.
    • [Id <String>]: The unique identifier for an entity. Read-only.
    • [AccessReviewId <String>]: The identifier of the accessReviewInstance parent. Supports $select. Read-only.
    • [AppliedBy <IMicrosoftGraphUserIdentity>]: userIdentity
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
      • [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
      • [IPAddress <String>]: Indicates the client IP address associated with the user performing the activity (audit log only).
      • [UserPrincipalName <String>]: The userPrincipalName attribute of the user.
    • [AppliedDateTime <DateTime?>]: The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
    • [ApplyResult <String>]: The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.
    • [Decision <String>]: Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).
    • [Insights <IMicrosoftGraphGovernanceInsight- []>]: Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem.
      • [Id <String>]: The unique identifier for an entity. Read-only.
      • [InsightCreatedDateTime <DateTime?>]: Indicates when the insight was created.
    • [Justification <String>]: Justification left by the reviewer when they made the decision.
    • [Principal <IMicrosoftGraphIdentity>]: identity
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DisplayName <String>]: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.
      • [Id <String>]: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
    • [PrincipalLink <String>]: A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.
    • [Recommendation <String>]: A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. The value is Approve if the sign-in is fewer than 30 days after the start of review, Deny if the sign-in is greater than 30 days after, or NoInfoAvailable. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.
    • [Resource <IMicrosoftGraphAccessReviewInstanceDecisionItemResource>]: accessReviewInstanceDecisionItemResource
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DisplayName <String>]: Display name of the resource
      • [Id <String>]: Identifier of the resource
      • [Type <String>]: Type of resource. Types include: Group, ServicePrincipal, DirectoryRole, AzureRole, AccessPackageAssignmentPolicy.
    • [ResourceLink <String>]: A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.
    • [ReviewedBy <IMicrosoftGraphUserIdentity>]: userIdentity
    • [ReviewedDateTime <DateTime?>]: The timestamp when the review decision occurred. Supports $select. Read-only.
  • [EndDateTime <DateTime?>]: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to end. This property is the cumulative total of the durationInDays for all stages. Read-only.
  • [FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope- []>]: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner doesn't exist, or manager is specified as reviewer but a user's manager doesn't exist.
    • [Query <String>]: The query specifying who will be the reviewer.
    • [QueryRoot <String>]: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.
    • [QueryType <String>]: The type of query. Examples include MicrosoftGraph and ARM.
  • [Reviewers <IMicrosoftGraphAccessReviewReviewerScope- []>]: This collection of access review scopes is used to define who the reviewers are. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
  • [StartDateTime <DateTime?>]: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to start. Read-only.
  • [Status <String>]: Specifies the status of an accessReviewStage. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $orderby, and $filter (eq only). Read-only.

https://learn.microsoft.com/powershell/module/microsoft.graph.identity.governance/new-mgidentitygovernanceaccessreviewdefinitioninstance