locked
Azure Access Reviews RRS feed

  • Question

  • Testing Azure Access Reviews in Azure AD Premium P2.

    I have tried creating couple of Access Reviews for Azure AD Groups but the creation fails. I have tried with different setting

    The error is as shown below. How do I get rid of this error and create an Review.

    I am logging in as a Global Administrator

    Thanks


    • Edited by DCM-1 Wednesday, August 14, 2019 2:27 PM
    Wednesday, August 14, 2019 3:51 AM

Answers

All replies

  • As there is no answer or a suggestion from anyone as yet, presume no one has seen this error.

    As currently Azure Access Reviews cannot be created using PS, can someone guide me how they can be created using Shell script?

    Or at least point me in the direction for troubleshooting.

    Thanks



    • Edited by DCM-1 Thursday, August 15, 2019 7:44 PM
    Thursday, August 15, 2019 7:43 PM
  • Testing Azure Access Reviews in Azure AD Premium P2.

    I have tried creating couple of Access Reviews for Azure AD Groups but the creation fails. I have tried with different setting

    The error is as shown below. How do I get rid of this error and create an Review.

    I am logging in as a Global Administrator


    The list of requirements for Azure AD Access Reviews is:

    • To create Access Reviews, Global administrator or User administrator privileges are required.
    • Access Review results are visible to users in the Global administrator, User administrator, Security administrator, or Security reader role.
    • Administrators who create an access review, group owners who perform an access review, users assigned as reviewers and users who perform a self-review need to have an Azure AD Premium P2 license assigned (1:5 licensing for B2B users apply).
    • Access Reviews for Azure AD roles and Azure resource roles need to be created in Azure AD PIM
    • Access reviewers cannot be specified group owners for user assigned to a specific app, Azure AD role or Azure resource role.
    • Self-review options are not available for groups that are synchronized from Active Directory on-premises.
    • The Auto apply results to resource option is not available for groups that are synchronized from Active Directory on-premises.
    • The options to Remove access, Approve access and Take recommendations actions for the Should reviewer not respond option are not applicable.

           

    Are you sure you meet all the above requirements?

    Monday, August 19, 2019 6:16 PM
  • As currently Azure Access Reviews cannot be created using PS, can someone guide me how they can be created using Shell script?

                 

    You can create access reviews using APIs. What you do to manage access reviews of groups and application users in the Azure portal can also be done using Microsoft Graph APIs. For more information, see the Azure AD access reviews API reference. For a code sample, see Example of retrieving Azure AD access reviews via Microsoft Graph.

    • Marked as answer by DCM-1 Tuesday, August 20, 2019 1:47 AM
    Monday, August 19, 2019 6:17 PM
  • Thanks Sander for your reply and the pointers.

    Yes - all is in order.

    Without changing anything, I just tried once again creating after a few days and I could create it.  Also noticed after creating it, it does not show up under access reviews. I had to get out of reviews and come back again. Then only I could see it. 

    As no one else, seems to have seen this. May be this could be a Bug which I came across by accident. May be Microsoft should decide to look into this further or let it go. I just brought it to the forum thinking someone may have seen it and had a solution..

    Thanks Once Again

    Dilip

    Tuesday, August 20, 2019 1:47 AM