AccessReview.ReadWrite.All

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
Beta D DELETE /accessReviews/{reviewId}
Beta D DELETE /accessReviews/{reviewId}/reviewers/{userId}
V1 A,D DELETE /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
Beta A,D DELETE /identityGovernance/accessReviews/definitions/{review-id}
Beta D GET /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0
Beta D GET /accessReviews/{reviewId}
Beta D GET /accessReviews/{reviewId}/decisions
Beta D GET /accessReviews/{reviewId}/myDecisions
Beta D GET /accessReviews/{reviewId}/reviewers
Beta D GET /businessFlowTemplates
V1 A,D GET /identityGovernance/accessReviews/definitions
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/contactedReviewers
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')
Beta A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages
Beta A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}
Beta A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions
Beta A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/filterByCurrentUser(on='reviewer')
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer')
Beta A,D GET /identityGovernance/accessReviews/definitions/{definition-id}/instances
Beta A,D GET /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}
Beta A,D GET /identityGovernance/accessReviews/definitions/{review-id}
V1 A,D GET /identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')
V1 A,D GET /identityGovernance/accessReviews/historyDefinitions
V1 A,D GET /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances
V1 A,D GET /identityGovernance/accessReviews/historyDefinitions/{definition-id}
Beta D GET /me/pendingAccessReviewInstances
Beta D GET /me/pendingAccessReviewInstances/{instance-id}/decisions
Beta D PATCH /accessReviews/{reviewId}
V1 A,D PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
Beta A,D PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}
Beta D POST /accessReviews
Beta D POST /accessReviews/{reviewId}/applyDecisions
Beta D POST /accessReviews/{reviewId}/resetDecisions
Beta D POST /accessReviews/{reviewId}/reviewers
Beta D POST /accessReviews/{reviewId}/sendReminder
Beta D POST /accessReviews/{reviewId}/stop
Beta A,D POST /identityGovernance/accessReviews/decisions/filterByCurrentUser(on='reviewer')/recordAllDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions
V1 D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/acceptRecommendations
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/applyDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/batchRecordDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/resetDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/sendReminder
Beta A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/stop
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stop
Beta A,D POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/applyDecisions
Beta A,D POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/stop
Beta A,D POST /identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/sendReminder
V1 A,D POST /identityGovernance/accessReviews/historyDefinitions
V1 A,D POST /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri
Beta A,D POST /me/pendingAccessReviewInstances/{accessReviewInstanceId}/batchRecordDecisions
Beta D POST /me/pendingAccessReviewInstances/{instance-id}/acceptRecommendations
V1 A,D PUT /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
V1 A,D PUT /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}
Beta A,D PUT /identityGovernance/accessReviews/definitions/{review-id}

Delegate Permission
Id e4aa47b9-9a69-4109-82ed-36ec70d85ff1
Consent Type Admin
Display String Manage all access reviews that user can access
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.

Application Permission
Id ef5f7d5c-338f-44b0-86c3-351f46c8bb5f
Display String Manage all access reviews
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user.

Resources

accessreview

Property Type Description
id String The feature-assigned unique identifier of an access review.
displayName String The access review name. Required on create.
startDateTime DateTimeOffset The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create.
endDateTime DateTimeOffset The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create.
status String This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
description String The description provided by the access review creator, to show to the reviewers.
businessFlowTemplateId String The business flow template identifier. Required on create. This value is case sensitive.
reviewerType String The relationship type of reviewer to the target object, one of self, delegated or entityOwners. Required on create.
createdBy userIdentity The user who created this review.
reviewedEntity identity The object for which the access reviews is reviewing the access rights assignments. This can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create.
settings accessReviewSettings The settings of an accessReview, see type definition below.

accessreviewdecision

Property Type Description
id String The id of the decision within the access review.
accessReviewId String The feature-generated id of the access review.
reviewedBy userIdentity The identity of the reviewer. If the recommendation was used as the review, the userPrincipalName is empty.
reviewedDate DateTimeOffset The date and time the most recent review for this access right was supplied.
reviewResult String The result of the review, one of NotReviewed, Deny, DontKnow or Approve.
justification String The reviewer's business justification, if supplied.
appliedBy userIdentity When the review completes, if the results were manually applied, the user identity of the user who applied the decision. If the review was auto-applied, the userPrincipalName is empty.
appliedDateTime DateTimeOffset The date and time when the review decision was applied.
applyResult String The outcome of applying the decision, one of NotApplied, Success, Failed, NotFound or NotSupported.
accessRecommendation String The feature- generated recommendation shown to the reviewer, one of Approve, Deny or NotAvailable.

accessReviewHistoryDefinition

Property Type Description
createdBy userIdentity User who created this review history definition.
createdDateTime DateTimeOffset Timestamp when the access review definition was created.
decisions String collection Determines which review decisions will be included in the fetched review history data if specified. Optional on create. All decisions will be included by default if no decisions are provided on create. Possible values are: approve, deny, dontKnow, notReviewed, and notNotified.
displayName String Name for the access review history data collection. Required.
id String The assigned unique identifier of an access review history definition.
reviewHistoryPeriodEndDateTime DateTimeOffset A timestamp. Reviews ending on or before this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
reviewHistoryPeriodStartDateTime DateTimeOffset A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
scheduleSettings accessReviewHistoryScheduleSettings The settings for a recurring access review history definition series. Only required if reviewHistoryPeriodStartDateTime or reviewHistoryPeriodEndDateTime are not defined. Not supported yet.
scopes accessReviewScope collection Used to scope what reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required.
status accessReviewHistoryStatus Represents the status of the review history data collection. The possible values are: done, inProgress, error, requested, unknownFutureValue.

accessReviewHistoryInstance

Property Type Description
downloadUri String Uri which can be used to retrieve review history data. This URI will be active for 24 hours after being generated. Required.
expirationDateTime DateTimeOffset Timestamp when this instance and associated data expires and the history is deleted. Required.
fulfilledDateTime DateTimeOffset Timestamp when all of the available data for this instance was collected. This will be set after this instance's status is set to done. Required.
id String The assigned unique identifier of an access review history instance. Read-only. Required.
reviewHistoryPeriodEndDateTime DateTimeOffset Timestamp, reviews ending on or before this date will be included in the fetched history data.
reviewHistoryPeriodStartDateTime DateTimeOffset Timestamp, reviews starting on or after this date will be included in the fetched history data.
runDateTime DateTimeOffset Timestamp when the instance's history data is scheduled to be generated.
status accessReviewHistoryStatus Represents the status of the review history data collection. The possible values are: done, inProgress, error, requested, unknownFutureValue. Once the **s

accessReviewInstance

Property Type Description
endDateTime DateTimeOffset DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
fallbackReviewers accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.
id String Unique identifier of the instance. Inherited from entity. Supports $select. Read-only.
scope accessReviewScope Created based on scope and instanceEnumerationScope at the accessReviewScheduleDefinition level. Defines the scope of users reviewed in a group. Supports $select and $filter (contains only). Read-only.
startDateTime DateTimeOffset DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
status String Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only.
reviewers accessReviewReviewerScope collection This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.

accessReviewInstanceDecisionItem

Property Type Description
accessReviewId String The identifier of the accessReviewInstance parent. Supports $select. Read-only.
appliedBy userIdentity The identifier of the user who applied the decision. Read-only.
appliedDateTime DateTimeOffset The timestamp when the approval decision was applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
applyResult String The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.
decision String Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).
id String The identifier of the decision. Inherited from entity. Supports $select. Read-only.
justification String Justification left by the reviewer when they made the decision.
principal identity Every decision item in an access review represents a principal's access to a resource. This property represents details of the principal. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is "Bob" and the resource is "Sales". Principals can be of two types - userIdentity and servicePrincipalIdentity. Supports $select. Read-only.
principalLink String A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.
recommendation String A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. Recommend approve if sign-in is within thirty days of start of review. Recommend deny if sign-in is greater than thirty days of start of review. Recommendation not available otherwise. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.
resource accessReviewInstanceDecisionItemResource Every decision item in an access review represents a principal's access to a resource. This property represents details of the resource. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is Bob and the resource is "Sales". Resources can be of multiple types. See accessReviewInstanceDecisionItemResource. Read-only.
resourceLink String A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.
reviewedBy userIdentity The identifier of the reviewer. Supports $select. Read-only.
reviewedDateTime DateTimeOffset The timestamp when the review decision occurred. Supports $select. Read-only.

accessReviewQueryScope

Property Type Description
query String The query representing what will be reviewed in an access review.
queryRoot String In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.
queryType String Indicates the type of query. Types include MicrosoftGraph and ARM.

accessreviewrecurrencesettings

Property Type Description
recurrenceType String The recurrence interval. Possible vaules: onetime, weekly, monthly, quarterly, halfyearly or annual.
recurrenceEndType String How the recurrence ends. Possible values: never, endBy, occurrences, or recurrenceCount. If it is never, then there is no explicit end of the recurrence series. If it is endBy, then the recurrence ends at a certain date. If it is occurrences, then the series ends after recurrenceCount instances of the review have completed.
durationInDays Int32 The duration in days for recurrence.
recurrenceCount Int32 The count of recurrences, if the value of **r

accessReviewReviewer

Property Type Description
createdDateTime DateTimeOffset The date when the reviewer was added for the access review.
displayName String Name of reviewer.
id String Identifier of the reviewer. Inherited from entity.
userPrincipalName String User principal name of the reviewer.

accessReviewReviewerScope

Property Type Description
query String The query specifying who will be the reviewer. See table for examples.
queryType String The type of query. Examples include MicrosoftGraph and ARM.
queryRoot String In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.

accessreviews-root

accessReviewScheduleDefinition

Property Type Description
additionalNotificationRecipients accessReviewNotificationRecipientItem collection Defines the list of additional users or group members to be notified of the access review progress.
createdBy userIdentity User who created this review. Read-only.
createdDateTime DateTimeOffset Timestamp when the access review series was created. Supports $select and $orderBy. Read-only.
descriptionForAdmins String Description provided by review creators to provide more context of the review to admins. Supports $select.
descriptionForReviewers String Description provided by review creators to provide more context of the review to reviewers. Reviewers will see this description in the email sent to them requesting their review. Email notifications support up to 256 characters. Supports $select.
displayName String Name of the access review series. Supports $select and $orderBy. Required on create.
fallbackReviewers accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. See accessReviewReviewerScope. Replaces backupReviewers. Supports $select.
id String The feature-assigned unique identifier of an access review. Supports $select. Read-only.
instanceEnumerationScope accessReviewScope This property is required when scoping a review to guest users' access across all Microsoft 365 groups and determines which Microsoft 365 groups are reviewed. Each group will become a unique accessReviewInstance of the access review series. For supported scopes, see accessReviewScope. Supports $select. For examples of options for configuring instanceEnumerationScope, see Configure the scope of your access review definition using the Microsoft Graph API.
lastModifiedDateTime DateTimeOffset Timestamp when the access review series was last modified. Supports $select. Read-only.
reviewers accessReviewReviewerScope collection This collection of access review scopes is used to define who are the reviewers. The reviewers property is only updatable if individual users are assigned as reviewers. Required on create. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
scope accessReviewScope Defines the entities whose access is reviewed. For supported scopes, see accessReviewScope. Required on create. Supports $select and $filter (contains only). For examples of options for configuring scope, see Configure the scope of your access review definition using the Microsoft Graph API.
settings accessReviewScheduleSettings The settings for an access review series, see type definition below. Supports $select. Required on create.
status String This read-only field specifies the status of an access review. The typical states include Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
Supports $select, $orderby, and $filter (eq only). Read-only.
backupReviewers (deprecated) accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.
**N

accessReviewScheduleSettings

Property Type Description
mailNotificationsEnabled Boolean Indicates whether emails are enabled or disabled. Default value is false.
reminderNotificationsEnabled Boolean Indicates whether reminders are enabled or disabled. Default value is false.
justificationRequiredOnApproval Boolean Indicates whether reviewers are required to provide justification with their decision. Default value is false.
defaultDecisionEnabled Boolean Indicates whether the default decision is enabled or disabled when reviewers do not respond. Default value is false.
defaultDecision String Decision chosen if defaultDecisionEnabled is true. Can be one of Approve, Deny, or Recommendation.
instanceDurationInDays Int32 Duration of each recurrence of review (accessReviewInstance) in number of days.
recurrence patternedRecurrence Detailed settings for recurrence using the standard Outlook recurrence object.

Note: Only dayOfMonth, interval, and type (weekly, absoluteMonthly) properties are supported. Use the property startDate on recurrenceRange to determine the day the review starts.
autoApplyDecisionsEnabled Boolean Indicates whether decisions are automatically applied. When set to false, an admin must apply the decisions manually once the reviewer completes the access review. When set to true, decisions are applied automatically after the access review instance duration ends, whether or not the reviewers have responded. Default value is false.
applyActions accessReviewApplyAction collection Optional field. Describes the actions to take once a review is complete. There are two types that are currently supported: removeAccessApplyAction (default) and disableAndDeleteUserApplyAction. Field only needs to be specified in the case of disableAndDeleteUserApplyAction.
recommendationsEnabled Boolean Indicates whether decision recommendations are enabled or disabled.

accessReviewScope

accessReviewStage

Property Type Description
endDateTime DateTimeOffset DateTime when review stage is scheduled to end. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. This property is the cumulative total of the durationInDays for all stages. Read-only.
fallbackReviewers accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist.
id String Unique identifier of the stage. Read-only.
reviewers accessReviewReviewerScope collection This collection of access review scopes is used to define who the reviewers are. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
startDateTime DateTimeOffset DateTime when review stage is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.
status String Specifies the status of an accessReviewStage. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $orderby, and $filter (eq only). Read-only.

accessReviewStageSettings

Property Type Description
decisionsThatWillMoveToNextStage String collection Indicate which decisions will go to the next stage. Can be a sub-set of Approve, Deny, Recommendation, or NotReviewed. If not provided, all decisions will go to the next stage. Optional.
dependsOn String collection Defines the sequential or parallel order of the stages and depends on the stageId. Only sequential stages are currently supported. For example, if stageId is 2, then dependsOn must be 1. If stageId is 1, do not specify dependsOn. Required if stageId is not 1.
durationInDays Int32 The duration of the stage. Required.

NOTE: The cumulative value of this property across all stages
1. Will override the instanceDurationInDays setting on the accessReviewScheduleDefinition object.
2. Cannot exceed the length of one recurrence. That is, if the review recurs weekly, the cumulative durationInDays cannot exceed 7.
fallbackReviewers accessReviewReviewerScope collection If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as reviewers and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal.

NOTE: The value of this property will override the corresponding setting on the accessReviewScheduleDefinition object.
recommendationsEnabled Boolean Indicates whether showing recommendations to reviewers is enabled. Required.

NOTE: The value of this property will override override the corresponding setting on the accessReviewScheduleDefinition object.
recommendationInsightsSettings accessReviewRecommendationInsightSetting collection Determines which recommendations to show to reviewers.

NOTE: The value of this property will override the corresponding setting on the accessReviewScheduleDefinition object.
recommendationLookBackDuration Duration Optional field. Indicates the time period of inactivity (with respect to the start date of the review instance) that recommendations will be configured from. The recommendation will be to deny if the user is inactive during the look back duration. For reviews of groups and Azure AD roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days.

NOTE: The value of this property will override the corresponding setting on the accessReviewScheduleDefinition object.
reviewers accessReviewReviewerScope collection Defines who the reviewers are. If none are specified, the review is a self-review (users review their own access). For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.

NOTE: The value of this property will override the corresponding setting on the accessReviewScheduleDefinition.
stageId String Unique identifier of the **a

accessreviewsv2-overview

businessflowtemplate

Property Type Description
id String The feature-assigned identifier of the business flow template. These values are case sensitive.
displayName String The name of the business flow template

Identity

Property Type Description
displayName String The identity's display name. Note that this may not always be available or up to date. For example, if a user changes their display name, the API may show the new value in a future response, but the items associated with the user won't show up as having changed when using delta.
id String Unique identifier for the identity.

programcontrol

Property Type Description
id String The feature-assigned identifier of the link between program and control.
programId String The programId of the program this control is a part of. Required on create.
controlId String The controlId of the control, in particular the identifier of an access review. Required on create.
controlTypeId String The programControlType identifies the type of program control - for example, a control linking to guest access reviews. Required on create.
displayName String The name of the control.
status String The life cycle status of the control.
createdDateTime DateTimeOffset The creation date and time of the program control.
owner userIdentity The user who created the program control.
resource programResource The resource, a group or an app, targeted by this program control's access review.

userIdentity

Property Type Description
displayName String The identity's display name. Note that this may not always be available or up-to-date.
id String Unique identifier for the identity.
ipAddress String Indicates the client IP address used by user performing the activity (audit log only).
userPrincipalName String The userPrincipalName attribute of the user.