Forum Discussion
Can we have two level of review in Azure Access review?
Hi, we are looking for some additional functionality in Azure Access Review. Currently we can assign multiple reviewers, however we want a flow where we can have two level of review. 1st reviewe...
Not sure that you can do it natively with Azure AD Access Reviews (or to customize it), however I already implemented for a context without P2 licenses a combination of Approval, SharePoint list and Graph API.
It is working, but the solution needs to be improved in order to be scalable.
It is working, but the solution needs to be improved in order to be scalable.
- As I understood, its based on sharepoint list. that will require a lot of fine tuning i think.
there will be n number of apps, roles, groups etc. That way its seems a lot.
Thanks for proving your thought on this.- Hello, we implemented this solution as a quickwin to review our administrators (both in Azure AD, Exchange Online and in the Security and Compliance Centers).
- 2 flows for the process
- 1 SharePoint List for the tracking
- 1 SharePoint List to know who is the responsible of a service / application
Flow 1 : Daily flow to collect all current administrators (and update the existing list)
Flow 2 : search for the admins for which "last review date" or "creation date" > 30 days, for each one them :
- Create a new approval for the manager of the team
- If validated, create a new approval for the Service Delivery Manager of the platform or the CTO of the organization
- Update of the list with the answers
However we had several limitations :
- No possibility to manage column level permissions for the different answers. With Dataverse we should be able to improve the process
- At the time, we were not able to remove the assignement through the API / PowerShell (but now, I am pretty sure that it is possible)- thats a good solution without requiring the licensing.
