Forum Discussion
Amin7RDR
Oct 04, 2021Copper Contributor
Can we have two level of review in Azure Access review?
Hi, we are looking for some additional functionality in Azure Access Review. Currently we can assign multiple reviewers, however we want a flow where we can have two level of review. 1st reviewe...
Amin7RDR
Copper Contributor
As I understood, its based on sharepoint list. that will require a lot of fine tuning i think.
there will be n number of apps, roles, groups etc. That way its seems a lot.
Thanks for proving your thought on this.
there will be n number of apps, roles, groups etc. That way its seems a lot.
Thanks for proving your thought on this.
thijoubertold
Oct 04, 2021Iron Contributor
Hello, we implemented this solution as a quickwin to review our administrators (both in Azure AD, Exchange Online and in the Security and Compliance Centers).
- 2 flows for the process
- 1 SharePoint List for the tracking
- 1 SharePoint List to know who is the responsible of a service / application
Flow 1 : Daily flow to collect all current administrators (and update the existing list)
Flow 2 : search for the admins for which "last review date" or "creation date" > 30 days, for each one them :
- Create a new approval for the manager of the team
- If validated, create a new approval for the Service Delivery Manager of the platform or the CTO of the organization
- Update of the list with the answers
However we had several limitations :
- No possibility to manage column level permissions for the different answers. With Dataverse we should be able to improve the process
- At the time, we were not able to remove the assignement through the API / PowerShell (but now, I am pretty sure that it is possible)
- 2 flows for the process
- 1 SharePoint List for the tracking
- 1 SharePoint List to know who is the responsible of a service / application
Flow 1 : Daily flow to collect all current administrators (and update the existing list)
Flow 2 : search for the admins for which "last review date" or "creation date" > 30 days, for each one them :
- Create a new approval for the manager of the team
- If validated, create a new approval for the Service Delivery Manager of the platform or the CTO of the organization
- Update of the list with the answers
However we had several limitations :
- No possibility to manage column level permissions for the different answers. With Dataverse we should be able to improve the process
- At the time, we were not able to remove the assignement through the API / PowerShell (but now, I am pretty sure that it is possible)
- Amin7RDROct 04, 2021Copper Contributorthats a good solution without requiring the licensing.