cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can we have two level of review in Azure Access review?

Amin7RDR
Copper Contributor

‎Oct 04 2021 01:16 AM

‎Oct 04 2021 01:16 AM

Can we have two level of review in Azure Access review?

Hi,

 

we are looking for some additional functionality in Azure Access Review.

Currently we can assign multiple reviewers, however we want a flow where we can have two level of review. 1st reviewer approves the group membership, app, role or resource role then it should go to the 2nd reviewer for approval.

 

Is there any way of achieving it thru Azure Functions or Power Automate? working on options with Graph API, but currently we can create, delete and manage it. is there anyway to achieve some customization?

 

 

 

743 Views
0 Likes
4 Replies
Reply
4 Replies
thijoubertold

‎Oct 04 2021 03:12 AM

‎Oct 04 2021 03:12 AM

Re: Can we have two level of review in Azure Access review?

Not sure that you can do it natively with Azure AD Access Reviews (or to customize it), however I already implemented for a context without P2 licenses a combination of Approval, SharePoint list and Graph API.
It is working, but the solution needs to be improved in order to be scalable.
1 Like
Reply
Amin7RDR

‎Oct 04 2021 04:11 AM

‎Oct 04 2021 04:11 AM

Re: Can we have two level of review in Azure Access review?

As I understood, its based on sharepoint list. that will require a lot of fine tuning i think.
there will be n number of apps, roles, groups etc. That way its seems a lot.
Thanks for proving your thought on this.
0 Likes
Reply
thijoubertold

‎Oct 04 2021 07:19 AM

‎Oct 04 2021 07:19 AM

Re: Can we have two level of review in Azure Access review?

Hello, we implemented this solution as a quickwin to review our administrators (both in Azure AD, Exchange Online and in the Security and Compliance Centers).
- 2 flows for the process
- 1 SharePoint List for the tracking
- 1 SharePoint List to know who is the responsible of a service / application

Flow 1 : Daily flow to collect all current administrators (and update the existing list)

Flow 2 : search for the admins for which "last review date" or "creation date" > 30 days, for each one them :
- Create a new approval for the manager of the team
- If validated, create a new approval for the Service Delivery Manager of the platform or the CTO of the organization
- Update of the list with the answers

However we had several limitations :
- No possibility to manage column level permissions for the different answers. With Dataverse we should be able to improve the process
- At the time, we were not able to remove the assignement through the API / PowerShell (but now, I am pretty sure that it is possible)
1 Like
Reply
Amin7RDR

‎Oct 04 2021 09:58 AM

‎Oct 04 2021 09:58 AM

Re: Can we have two level of review in Azure Access review?

thats a good solution without requiring the licensing.
0 Likes
Reply