AccessReview.ReadWrite.All | Graph Permissions

Permission Details

Application Permission

Manage all access reviews

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user.

Permission ID: ef5f7d5c-338f-44b0-86c3-351f46c8bb5f

Delegated Permission

Manage all access reviews that user can access

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.

Permission ID: e4aa47b9-9a69-4109-82ed-36ec70d85ff1

Properties

Microsoft Graph beta exact-category-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property	Type	Description
`id`	`String`	The feature-assigned unique identifier of an access review.
`displayName`	`String`	The access review name. Required on create.
`startDateTime`	`DateTimeOffset`	The date and time when the review is scheduled to be start. This date can be in the future. Required on create.
`endDateTime`	`DateTimeOffset`	The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create.
`status`	`String`Nullable	This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
`description`	`String`Nullable	The description provided by the access review creator, to show to the reviewers.
`businessFlowTemplateId`	`String`	The business flow template identifier. Required on create. This value is case sensitive.
`reviewerType`	`String`Nullable	The relationship type of reviewer to the target object, one of: self, delegated, entityOwners. Required on create.
`createdBy`	`userIdentity`	The user who created this review.
`reviewedEntity`	`identity`	The object for which the access review is reviewing the access rights assignments. This identity can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create.
`settings`	`accessReviewSettings`	The settings of an accessReview, see type definition below.
`decisions`	`accessReviewDecision collection`	The collection of decisions for this access review.
`instances`	`accessReview collection`	The collection of access reviews instances past, present, and future, if this object is a recurring access review.
`myDecisions`	`accessReviewDecision collection`	The collection of decisions for the caller, if the caller is a reviewer.
`reviewers`	`accessReviewReviewer collection`	The collection of reviewers for an access review, if access review reviewerType is of type delegated.

JSON Representation

Microsoft Graph beta exact-category-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation

{
  "id": "string (identifier)",
  "displayName": "string",
  "startDateTime": "string (timestamp)",
  "endDateTime": "string (timestamp)",
  "status": "string",
  "description": "string",
  "businessFlowTemplateId": "string (identifier)",
  "reviewerType": "string",
  "createdBy": {
    "@odata.type": "microsoft.graph.userIdentity"
  },
  "reviewedEntity": {
    "@odata.type": "microsoft.graph.identity"
  },
  "settings": {
    "@odata.type": "microsoft.graph.accessReviewSettings"
  },
  "reviewers": [
    {
      "@odata.type": "microsoft.graph.userIdentity"
    }
  ]
}

Relationships

Microsoft Graph beta exact-category-docs

Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Relationship	Type	Description
`reviewers`	`userIdentity collection`	The collection of reviewers for an access review, if access review reviewerType is of type delegated.
`decisions`	`accessReviewDecision collection`	The collection of decisions for this access review.
`myDecisions`	`accessReviewDecision collection`	The collection of decisions for the caller, if the caller is a reviewer.
`instances`	`accessReview collection`	The collection of access reviews instances past, present, and future, if this object is a recurring access review.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/identityGovernance/accessReviews/definitions`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/contactedReviewers`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/{accessReviewInstanceDecisionItemId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/historyDefinitions`
GET `/identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances`
GET `/identityGovernance/accessReviews/historyDefinitions/{definition-id}`
POST `/identityGovernance/accessReviews/definitions`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/acceptRecommendations`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/applyDecisions`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/batchRecordDecisions`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/resetDecisions`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/sendReminder`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/stop`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stop`
POST `/identityGovernance/accessReviews/historyDefinitions`
POST `/identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri`
PATCH `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}`
PATCH `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}`
PATCH `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/{accessReviewInstanceDecisionItemId}`
PUT `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}`
PUT `/identityGovernance/accessReviews/definitions/{review-id}`
DELETE `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0`
GET `/accessReviews/{reviewId}`
GET `/accessReviews/{reviewId}/decisions`
GET `/accessReviews/{reviewId}/myDecisions`
GET `/accessReviews/{reviewId}/reviewers`
GET `/identityGovernance/accessReviews/definitions`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/contactedReviewers`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/{accessReviewInstanceDecisionItemId}`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/definitions/{definition-id}/instances`
GET `/identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}`
GET `/identityGovernance/accessReviews/definitions/{review-id}`
GET `/identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')`
GET `/identityGovernance/accessReviews/historyDefinitions`
GET `/identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances`
GET `/identityGovernance/accessReviews/historyDefinitions/{definition-id}`
GET `/me/pendingAccessReviewInstances`
GET `/me/pendingAccessReviewInstances/{instance-id}/decisions`
POST `/accessReviews`
POST `/accessReviews/{reviewId}/applyDecisions`
POST `/accessReviews/{reviewId}/resetDecisions`
POST `/accessReviews/{reviewId}/reviewers`
POST `/accessReviews/{reviewId}/sendReminder`
POST `/accessReviews/{reviewId}/stop`
POST `/identityGovernance/accessReviews/decisions/filterByCurrentUser(on='reviewer')/recordAllDecisions`
POST `/identityGovernance/accessReviews/definitions`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/resetDecisions`
POST `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/stop`
POST `/identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/applyDecisions`
POST `/identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/stop`
POST `/identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/stopApplyDecisions`
POST `/identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/sendReminder`
POST `/identityGovernance/accessReviews/historyDefinitions`
POST `/identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri`
POST `/me/pendingAccessReviewInstances/{accessReviewInstanceId}/batchRecordDecisions`
POST `/me/pendingAccessReviewInstances/{instance-id}/acceptRecommendations`
PATCH `/accessReviews/{reviewId}`
PATCH `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}`
PATCH `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}`
PATCH `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/{accessReviewInstanceDecisionItemId}`
PUT `/identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}`
PUT `/identityGovernance/accessReviews/definitions/{review-id}`
DELETE `/accessReviews/{reviewId}`
DELETE `/accessReviews/{reviewId}/reviewers/{userId}`
DELETE `/identityGovernance/accessReviews/definitions/{review-id}`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Add-MgIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/applyDecisions accessReviewInstance: applyDecisions
`Get-MgIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions List definitions
`Get-MgIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId} Get accessReviewScheduleDefinition
`Get-MgIdentityGovernanceAccessReviewDefinitionInstance` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances List instances
`Get-MgIdentityGovernanceAccessReviewDefinitionInstance` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId} Get accessReviewInstance
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceContactedReviewer` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/contactedReviewers List contactedReviewers
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions List decisions
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Get accessReviewInstanceDecisionItem
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceStage` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages List stages (of an access review)
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceStage` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId} Get accessReviewStage
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceStageDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Get accessReviewInstanceDecisionItem
`Get-MgIdentityGovernanceAccessReviewDefinitionInstanceStageDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions List decisions (from a multi-stage access review)
`Get-MgIdentityGovernanceAccessReviewHistoryDefinition` /identityGovernance/accessReviews/historyDefinitions List historyDefinitions
`Get-MgIdentityGovernanceAccessReviewHistoryDefinition` /identityGovernance/accessReviews/historyDefinitions/{definition-id} Get accessReviewHistoryDefinition
`Get-MgIdentityGovernanceAccessReviewHistoryDefinitionInstance` /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances List instances (of an accessReviewHistoryDefinition)
`Invoke-MgAcceptIdentityGovernanceAccessReviewDefinitionInstanceRecommendation` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/acceptRecommendations accessReviewInstance: acceptRecommendations
`Invoke-MgBatchIdentityGovernanceAccessReviewDefinitionInstanceRecordDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/batchRecordDecisions accessReviewInstance: batchRecordDecisions
`Invoke-MgFilterIdentityGovernanceAccessReviewDefinitionByCurrentUser` /identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer') accessReviewScheduleDefinition: filterByCurrentUser
`Invoke-MgFilterIdentityGovernanceAccessReviewDefinitionInstanceByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer') accessReviewInstance: filterByCurrentUser
`Invoke-MgFilterIdentityGovernanceAccessReviewDefinitionInstanceDecisionByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer') accessReviewInstanceDecisionItem: filterByCurrentUser
`Invoke-MgFilterIdentityGovernanceAccessReviewDefinitionInstanceStageByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/filterByCurrentUser(on='reviewer') accessReviewStage: filterByCurrentUser
`Invoke-MgFilterIdentityGovernanceAccessReviewDefinitionInstanceStageDecisionByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer') accessReviewInstanceDecisionItem: filterByCurrentUser
`New-MgIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions Create definitions
`New-MgIdentityGovernanceAccessReviewHistoryDefinition` /identityGovernance/accessReviews/historyDefinitions Create historyDefinitions
`New-MgIdentityGovernanceAccessReviewHistoryDefinitionInstanceDownloadUri` /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri accessReviewHistoryInstance: generateDownloadUri
`Remove-MgIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId} Delete accessReviewScheduleDefinition
`Set-MgIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions/{review-id} Update accessReviewScheduleDefinition
`Update-MgIdentityGovernanceAccessReviewDefinitionInstanceStage` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId} Update accessReviewStage
`Update-MgIdentityGovernanceAccessReviewDefinitionInstanceStageDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Update accessReviewInstanceDecisionItem

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Add-MgBetaAccessReviewDecision` /accessReviews/{reviewId}/applyDecisions Apply accessReview (deprecated)
`Add-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/applyDecisions accessReviewInstance: applyDecisions
`Get-MgBetaAccessReview` /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0 List accessReviews (deprecated)
`Get-MgBetaAccessReview` /accessReviews/{reviewId} Get accessReview (deprecated)
`Get-MgBetaAccessReviewDecision` /accessReviews/{reviewId}/decisions List accessReview decisions (deprecated)
`Get-MgBetaAccessReviewMyDecision` /accessReviews/{reviewId}/myDecisions List my accessReview decisions (deprecated)
`Get-MgBetaAccessReviewReviewer` /accessReviews/{reviewId}/reviewers List accessReview reviewers (deprecated)
`Get-MgBetaIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions List definitions
`Get-MgBetaIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions/{review-id} Get accessReviewScheduleDefinition
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstance` /identityGovernance/accessReviews/definitions/{definition-id}/instances List instances
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstance` /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id} Get accessReviewInstance
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceContactedReviewer` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/contactedReviewers List contactedReviewers
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions List decisions
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Get accessReviewInstanceDecisionItem
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceStage` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages List stages
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceStage` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId} Get accessReviewStage
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceStageDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Get accessReviewInstanceDecisionItem
`Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceStageDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions List decisions (from a multi-stage access review)
`Get-MgBetaIdentityGovernanceAccessReviewHistoryDefinition` /identityGovernance/accessReviews/historyDefinitions List historyDefinitions
`Get-MgBetaIdentityGovernanceAccessReviewHistoryDefinition` /identityGovernance/accessReviews/historyDefinitions/{definition-id} Get accessReviewHistoryDefinition
`Get-MgBetaIdentityGovernanceAccessReviewHistoryDefinitionInstance` /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances List instances (of an accessReviewHistoryDefinition)
`Invoke-MgBetaFilterIdentityGovernanceAccessReviewDecisionByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions List decisions
`Invoke-MgBetaFilterIdentityGovernanceAccessReviewDefinitionByCurrentUser` /identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer') accessReviewScheduleDefinition: filterByCurrentUser
`Invoke-MgBetaFilterIdentityGovernanceAccessReviewDefinitionInstanceByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer') accessReviewInstance: filterByCurrentUser
`Invoke-MgBetaFilterIdentityGovernanceAccessReviewDefinitionInstanceDecisionByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer') accessReviewInstanceDecisionItem: filterByCurrentUser
`Invoke-MgBetaFilterIdentityGovernanceAccessReviewDefinitionInstanceStageByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/filterByCurrentUser(on='reviewer') accessReviewStage: filterByCurrentUser
`Invoke-MgBetaFilterIdentityGovernanceAccessReviewDefinitionInstanceStageDecisionByCurrentUser` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer') accessReviewInstanceDecisionItem: filterByCurrentUser
`New-MgBetaAccessReview` /accessReviews Create accessReview (deprecated)
`New-MgBetaAccessReviewReviewer` /accessReviews/{reviewId}/reviewers Add accessReview reviewer (deprecated)
`New-MgBetaIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions Create definitions
`New-MgBetaIdentityGovernanceAccessReviewHistoryDefinition` /identityGovernance/accessReviews/historyDefinitions Create historyDefinitions
`New-MgBetaIdentityGovernanceAccessReviewHistoryDefinitionInstanceDownloadUri` /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri accessReviewHistoryInstance: generateDownloadUri
`Remove-MgBetaAccessReview` /accessReviews/{reviewId} Delete accessReview (deprecated)
`Remove-MgBetaAccessReviewReviewer` /accessReviews/{reviewId}/reviewers/{userId} Remove accessReview reviewer (deprecated)
`Remove-MgBetaIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions/{review-id} Delete accessReviewScheduleDefinition
`Set-MgBetaIdentityGovernanceAccessReviewDefinition` /identityGovernance/accessReviews/definitions/{review-id} Update accessReviewScheduleDefinition
`Update-MgBetaAccessReview` /accessReviews/{reviewId} Update accessReview (deprecated)
`Update-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Update accessReviewInstanceDecisionItem
`Update-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceStage` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId} Update accessReviewStage
`Update-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceStageDecision` /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId} Update accessReviewInstanceDecisionItem

Code Examples

C# / .NET SDK

accessReviewHistoryInstance: generateDownloadUri

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.HistoryDefinitions["{accessReviewHistoryDefinition-id}"].Instances["{accessReviewHistoryInstance-id}"].GenerateDownloadUri.PostAsync();

JavaScript

accessReviewHistoryInstance: generateDownloadUri

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/identityGovernance/accessReviews/historyDefinitions/b2cb022f-b7e1-40f3-9854-c65a40861c38/instances/b2cb022f-b7e1-40f3-9854-c65a40861c38/generateDownloadUri')
	.post();

PowerShell

accessReviewHistoryInstance: generateDownloadUri

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.Governance

New-MgIdentityGovernanceAccessReviewHistoryDefinitionInstanceDownloadUri -AccessReviewHistoryDefinitionId $accessReviewHistoryDefinitionId -AccessReviewHistoryInstanceId $accessReviewHistoryInstanceId

Python

accessReviewHistoryInstance: generateDownloadUri

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.identity_governance.access_reviews.history_definitions.by_access_review_history_definition_id('accessReviewHistoryDefinition-id').instances.by_access_review_history_instance_id('accessReviewHistoryInstance-id').generate_download_uri.post()

App Registration

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

Select Permission Type

Choose Application permissions or delegated permissions and search for AccessReview.ReadWrite.All

Grant Admin Consent

Application permissions always require admin consent.