Updates from: 06/19/2021 03:09:09
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Accessreviewinstance Acceptrecommendations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-acceptrecommendations.md
Title: "accessReviewInstance: acceptRecommendations"
-description: "Allows the acceptance of recommendations on all not reviewed decisions on an access review instance` that they are the reviewer on. "
+description: "Allows the acceptance of recommendations on all decisions that have not been reviewed for an access review instance for which the calling user is a reviewer. "
localization_priority: Normal ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Allows the acceptance of recommendations on all not reviewed [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) on an [accessReviewInstance](../resources/accessreviewinstance.md) that they are the reviewer on.
+Allows the acceptance of recommendations on all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects that have not been reviewed for an [accessReviewInstance](../resources/accessreviewinstance.md) object for which the calling user is a reviewer. Recommendations are generated if **recommendationsEnabled** is `true` on the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object. If there is not a recommendation on an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object no decision will be recorded.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Accessreviewinstance Batchrecorddecisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-batchrecorddecisions.md
Title: "accessReviewInstance: batchRecordDecisions"
-description: "Emable reviewers to review all accessReviewInstanceDecisionItems in batches."
+description: "Enables reviewers to review all accessReviewInstanceDecisionItem objects in batches."
localization_priority: Normal ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Enable reviewers to review all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in batches by using `principalId`, `resourceId`, or neither.
+Enables reviewers to review all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in batches by using **principalId**, **resourceId**, or neither.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). |Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|AccessReviews.ReadWrite.All|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
|Delegated (personal Microsoft account)|Not supported|
-|Application|AccessReviews.ReadWrite.All|
+|Application|AccessReview.ReadWrite.All|
## HTTP request
If successful, this action returns a `204 No Content` response code.
``` http POST https://graph.microsoft.com/beta/me/pendingAccessReviewInstances/{accessReviewInstanceId}/batchRecordDecisions Content-Type: application/json
-Content-length: 113
{ "decision": "Approve",
v1.0 Accessreviewinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-filterbycurrentuser.md
+
+ Title: "accessReviewInstance: filterByCurrentUser"
+description: "Returns all accessReviewInstance objects for a given reviewer."
+
+localization_priority: Normal
++
+# accessReviewInstance: filterByCurrentUser
+Namespace: microsoft.graph
++
+Returns all [accessReviewInstance](../resources/accessreviewinstance.md) objects on a given [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) where the calling user is a reviewer on one or more [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewInstance objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer')
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip` and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [accessReviewInstance](../resources/accessreviewinstance.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/08531375-eff6-4e21-b1a8-de0eb37ec913/instances/filterByCurrentUser(on='reviewer')
+```
+
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstance)",
+ "@odata.count": 2,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewInstance",
+ "id": "7ca879f0-77ea-4386-b110-776dec898935",
+ "startDateTime": "2021-04-20T00:45:51.627Z",
+ "endDateTime": "2021-04-23T00:45:51.627Z",
+ "status": "Applied",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/6b7b9930-38a0-4f93-a107-3bc9904c83d7/members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.accessReviewInstance",
+ "id": "00ef5dba-4a32-48b3-b18a-57b244c0c4ba",
+ "startDateTime": "2021-04-13T00:45:51.627Z",
+ "endDateTime": "2021-04-16T00:45:51.627Z",
+ "status": "Applied",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/6b7b9930-38a0-4f93-a107-3bc9904c83d7/members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-get.md
In order to call this API, the signed in user must also be in a directory role t
```http GET /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id} ```+
+## Optional query parameters
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers None.
v1.0 Accessreviewinstance List Decisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-list-decisions.md
+
+ Title: "List decisions"
+description: "Get the accessReviewInstanceDecisionItem resources from the decisions navigation property."
+
+localization_priority: Normal
++
+# List decisions
+Namespace: microsoft.graph
++
+Get the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects from the decisions on an [accessReviewInstance](../resources/accessreviewinstance.md).
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewInstance objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewinstancedecisionitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/16d424f6-0100-4bf1-9ebc-fe009c5e5006/instances/bb14c722-51b8-4962-9bd2-1d96ba773d80/decisions
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstanceDecisionItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('16d424f6-0100-4bf1-9ebc-fe009c5e5006')/instances('bb14c722-51b8-4962-9bd2-1d96ba773d80')/decisions",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "bfbd4d74-275c-4368-aaa1-06c93838d0d5",
+ "accessReviewId": "bb14c722-51b8-4962-9bd2-1d96ba773d80",
+ "reviewedDateTime": "2021-05-05T16:48:28.79Z",
+ "decision": "Deny",
+ "justification": "bye alexxxxx",
+ "appliedDateTime": "2021-05-05T16:50:30.9Z",
+ "applyResult": "AppliedSuccessfully",
+ "recommendation": "Approve",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/540da31b-4d25-4934-b7f7-98bc230eb15a",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "ff15bedb-22de-49ad-b2d7-59656607484d",
+ "displayName": "group owner",
+ "userPrincipalName": "group owner"
+ },
+ "appliedBy": {
+ "id": "8798d204-fa3c-4d7b-977d-bc939b8a0848",
+ "displayName": "Access Reviews",
+ "userPrincipalName": ""
+ },
+ "target": {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
+ "userId": "540da31b-4d25-4934-b7f7-98bc230eb15a",
+ "userDisplayName": "Alex Wilber",
+ "userPrincipalName": "AlexW@contoso.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "540da31b-4d25-4934-b7f7-98bc230eb15a",
+ "displayName": "Alex Wilber",
+ "userPrincipalName": "AlexW@contoso.com"
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstance List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-list.md
Namespace: microsoft.graph
Retrieve the [accessReviewInstance](../resources/accessreviewinstance.md) objects for a specific [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md). A list of zero or more **accessReviewInstance** objects are returned, including all of their nested properties. Returned objects do not include associated accessReviewInstanceDecisionItems. To retrieve the decisions on the instance, use [List accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem-list.md). >[!NOTE]
->If many **accessReviewInstances** are returned, to improve efficiency and avoid timeouts, retrieve the result set in pages, by including both the $top query parameter with a page size of at most 100, and the $skip=0 query parameter in the request. When a result set spans multiple pages, Microsoft Graph returns that page with an @odata.nextLink property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the @odata.nextLink URL in each response, until all the results are returned, as described in paging Microsoft Graph data in your app.
->
->If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
+>The default page size for this API is 100 accessReviewInstance objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
The signed-in user must also be in a directory role that permits them to read an
```http GET /identityGovernance/accessReviews/definitions/{definition-id}/instances ```+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers None.
v1.0 Accessreviewinstance Pendingaccessreviewinstances https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-pendingaccessreviewinstances.md
ms.prod: "governance"
doc_type: apiPageType
-# accessReviewInstance: pendingAccessReviewInstances
+# accessReviewInstance: pendingAccessReviewInstances (deprecated)
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve the [accessReviewInstance](../resources/accessreviewinstance.md) objects pending approval by the calling user. A list of zero or more accessReviewInstance objects are returned, of which the calling user is an assigned reviewer.
+>[!NOTE]
+>This method will be deprecated and will stop returning data on May 19, 2023. It has been replaced by [filterByCurrentUser](accessreviewinstance-filterbycurrentuser.md).
>[!NOTE]
->If many **accessReviewInstances** are returned, to improve efficiency and avoid timeouts, retrieve the result set in pages, by including both the $top query parameter with a page size of at most 100, and the $skip=0 query parameter in the request. When a result set spans multiple pages, Microsoft Graph returns that page with an @odata.nextLink property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the @odata.nextLink URL in each response, until all the results are returned, as described in paging Microsoft Graph data in your app.
->
->If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
+>The default page size for this API is 100 accessReviewInstance objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+Retrieve the [accessReviewInstance](../resources/accessreviewinstance.md) objects pending approval by the calling user. A list of zero or more accessReviewInstance objects are returned, of which the calling user is an assigned reviewer.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
```http GET /me/pendingAccessReviewInstances ```+
+## Optional query parameters
+This method supports `$skip` and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers None.
v1.0 Accessreviewinstance Resetdecisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-resetdecisions.md
+
+ Title: "accessReviewInstance: resetDecisions"
+description: "Resets all accessReviewInstanceDecisionItem objects on an accessReviewInstance to `notReviewed`."
+
+localization_priority: Normal
++
+# accessReviewInstance: resetDecisions
+Namespace: microsoft.graph
++
+Resets decisions of all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects on an [accessReviewInstance](../resources/accessreviewinstance.md) to `notReviewed`.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/resetDecisions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_resetdecisions"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-44b5-ae36-41b923c3bf87/resetDecisions
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstance Stop https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstance-stop.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Stop a currently active [accessReviewInstance](../resources/accessreviewinstance.md). To prevent a recurring access review from starting future instances, [update it](accessreviewscheduledefinition-update.md) to change its scheduled end date. After the access review stops, reviewers can no longer give input, and the access review decisions can be applied.
+Stop a currently active [accessReviewInstance](../resources/accessreviewinstance.md). After the access review instance stops, the instance status will be `Completed`, the reviewers can no longer give input, and the access review decisions can be applied.
+
+Stopping an instance will not effect future instances. To prevent a recurring access review from starting future instances, [update the schedule definition](accessreviewscheduledefinition-update.md) to change its scheduled end date.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Accessreviewinstancedecisionitem Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstancedecisionitem-filterbycurrentuser.md
+
+ Title: "accessReviewInstanceDecisionItem: filterByCurrentUser"
+description: "Retrieves all accessReviewInstanceDecisionItem objects on an accessReviewInstance for which the calling user is the reviewer."
+
+localization_priority: Normal
++
+# accessReviewInstanceDecisionItem: filterByCurrentUser
+Namespace: microsoft.graph
++
+Retrieves all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects on a given [accessReviewInstance](../resources/accessreviewinstance.md) for which the calling user is the reviewer.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewInstanceDecisionItem objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstancedecisionitem_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/decisions/filterByCurrentUser(on='reviewer')
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstanceDecisionItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstanceDecisionItem)",
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItem",
+ "id": "139166ec-d214-4835-95aa-3c1d89581e51",
+ "accessReviewId": "8d035c9d-798d-47fa-beb4-f986a4b8126f",
+ "reviewedDateTime": "2021-05-03T19:28:25.02Z",
+ "decision": "Approve",
+ "justification": "Kathleen still needs access to the Marketing group as she works in the Marketing organization.",
+ "appliedDateTime": null,
+ "applyResult": "New",
+ "recommendation": "Deny",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/1800bb2c-955d-4205-8471-3a6c3116435d",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "36c4c56e-fce3-4e2d-b28e-4ac0c7d2fa10",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "MOD Administrator"
+ },
+ "appliedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "target": {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
+ "userId": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "userDisplayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "displayName": "guest example",
+ "userPrincipalName": "guest@contoso.com"
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstancedecisionitem Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstancedecisionitem-get.md
+
+ Title: "Get accessReviewInstanceDecisionItem"
+description: "Read the properties and relationships of an accessReviewInstanceDecisionItem object."
+
+localization_priority: Normal
++
+# Get accessReviewInstanceDecisionItem
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
+```
+
+## Optional query parameters
+This method supports `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_accessreviewinstancedecisionitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0/instances/6444d4fd-ab55-4608-8cf9-c6702d172bcc/decisions/e6cafba0-cbf0-4748-8868-0810c7f4cc06
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewInstanceDecisionItem"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0')/instances('6444d4fd-ab55-4608-8cf9-c6702d172bcc')/decisions/$entity",
+ "id": "e6cafba0-cbf0-4748-8868-0810c7f4cc06",
+ "accessReviewId": "6444d4fd-ab55-4608-8cf9-c6702d172bcc",
+ "reviewedDateTime": null,
+ "decision": "NotReviewed",
+ "justification": "",
+ "appliedDateTime": null,
+ "applyResult": "New",
+ "recommendation": "Approve",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "appliedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "target": {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
+ "userId": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
+ "userDisplayName": "Diego Siciliani",
+ "userPrincipalName": "DiegoS@contoso.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
+ "displayName": "Diego Siciliani",
+ "userPrincipalName": "DiegoS@contoso.com"
+ }
+}
+```
v1.0 Accessreviewinstancedecisionitem List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstancedecisionitem-list.md
Namespace: microsoft.graph
Retrieve the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects for a specific [accessReviewInstance](../resources/accessreviewinstance.md). A list of zero or more accessReviewInstanceDecisionItem objects are returned, including all of their nested properties. >[!NOTE]
->If many **accessReviewInstanceDecisionItems** are returned, to improve efficiency and avoid timeouts, retrieve the result set in pages, by including both the $top query parameter with a page size of at most 100, and the $skip=0 query parameter in the request. When a result set spans multiple pages, Microsoft Graph returns that page with an @odata.nextLink property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the @odata.nextLink URL in each response, until all the results are returned, as described in paging Microsoft Graph data in your app.
->
->If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
+>The default page size for this API is 100 accessReviewInstanceDecisionItem objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
```http GET /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/decisions ```+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers None.
HTTP/1.1 200 OK
Content-type: application/json {
- "@odata.count": 4,
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0')/instances('6444d4fd-ab55-4608-8cf9-c6702d172bcc')/decisions",
+ "@odata.count": 2,
"value": [ {
- "id": "77a61af9-3bef-4bbf-b00b-04734d6d5eae",
- "accessReviewId": "70463350-742e-4909-bfa5-bc23447bd002",
+ "id": "e6cafba0-cbf0-4748-8868-0810c7f4cc06",
+ "accessReviewId": "6444d4fd-ab55-4608-8cf9-c6702d172bcc",
"reviewedDateTime": null, "decision": "NotReviewed", "justification": "", "appliedDateTime": null, "applyResult": "New",
- "recommendation": "Deny",
+ "recommendation": "Approve",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
+ "resourceLink": null,
+ "resource": null,
"reviewedBy": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "",
Content-type: application/json
}, "target": { "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
- "userId": "3736c87b-dc21-4290-8802-d6fef5fa3a08",
- "userDisplayName": "Irvin Sayers",
- "userPrincipalName": "IrvinS@M365x471116.OnMicrosoft.com"
- }
- },
- {
- "id": "f30b68ef-b843-4479-86b8-0a3a2f4bb209",
- "accessReviewId": "70463350-742e-4909-bfa5-bc23447bd002",
- "reviewedDateTime": "2020-09-18T16:56:08.377Z",
- "decision": "Approve",
- "justification": "This employee needs access for reason X",
- "appliedDateTime": null,
- "applyResult": "New",
- "recommendation": "Deny",
- "reviewedBy": {
- "id": "957f1027-c0ee-460d-9269-b8828e59e0fe",
- "displayName": "MOD Administrator",
- "userPrincipalName": "MOD Administrator"
+ "userId": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
+ "userDisplayName": "Diego Siciliani",
+ "userPrincipalName": "DiegoS@contoso.com"
},
- "appliedBy": {
- "id": "00000000-0000-0000-0000-000000000000",
- "displayName": "",
- "userPrincipalName": ""
- },
- "target": {
- "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
- "userId": "ecd78419-3f1e-4f07-9bd9-7c77137af4f1",
- "userDisplayName": "Bianca Pisani",
- "userPrincipalName": "BiancaP@M365x471116.OnMicrosoft.com"
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
+ "displayName": "Diego Siciliani",
+ "userPrincipalName": "DiegoS@contoso.com"
} }, {
- "id": "037b737f-e8ca-4507-b126-5a0620ba2c18",
- "accessReviewId": "70463350-742e-4909-bfa5-bc23447bd002",
- "reviewedDateTime": "2020-09-18T16:56:28.473Z",
- "decision": "Deny",
- "justification": "This employee changed roles and no longer needs access",
+ "id": "4bde8d40-9224-4aa3-936b-08d73e1baf47",
+ "accessReviewId": "6444d4fd-ab55-4608-8cf9-c6702d172bcc",
+ "reviewedDateTime": null,
+ "decision": "NotReviewed",
+ "justification": "",
"appliedDateTime": null, "applyResult": "New",
- "recommendation": "Deny",
+ "recommendation": "Approve",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/11feb738-0039-4a6c-a045-dcb91a47969a",
+ "resourceLink": null,
+ "resource": null,
"reviewedBy": {
- "id": "957f1027-c0ee-460d-9269-b8828e59e0fe",
- "displayName": "MOD Administrator",
- "userPrincipalName": "MOD Administrator"
- },
- "appliedBy": {
"id": "00000000-0000-0000-0000-000000000000", "displayName": "", "userPrincipalName": "" },
- "target": {
- "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
- "userId": "5f16b75b-031c-4944-9691-070f03273079",
- "userDisplayName": "Delia Dennis",
- "userPrincipalName": "DeliaD@M365x471116.OnMicrosoft.com"
- }
- },
- {
- "id": "7032f455-10a3-4d04-bf02-66fb65d26d10",
- "accessReviewId": "70463350-742e-4909-bfa5-bc23447bd002",
- "reviewedDateTime": "2020-09-18T16:56:44.38Z",
- "decision": "DontKnow",
- "justification": "I do not know what this employee needs",
- "appliedDateTime": null,
- "applyResult": "New",
- "recommendation": "Deny",
- "reviewedBy": {
- "id": "957f1027-c0ee-460d-9269-b8828e59e0fe",
- "displayName": "MOD Administrator",
- "userPrincipalName": "MOD Administrator"
- },
"appliedBy": { "id": "00000000-0000-0000-0000-000000000000", "displayName": "",
Content-type: application/json
}, "target": { "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
- "userId": "4169762e-895f-4350-a13d-e5b09b1efcfa",
- "userDisplayName": "Isaiah Langer",
- "userPrincipalName": "IsaiahL@M365x471116.OnMicrosoft.com"
+ "userId": "11feb738-0039-4a6c-a045-dcb91a47969a",
+ "userDisplayName": "Johanna Lorenz",
+ "userPrincipalName": "JohannaL@contoso.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "11feb738-0039-4a6c-a045-dcb91a47969a",
+ "displayName": "Johanna Lorenz",
+ "userPrincipalName": "JohannaL@contoso.com"
} } ]
v1.0 Accessreviewinstancedecisionitem Listpendingapproval https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewinstancedecisionitem-listpendingapproval.md
ms.prod: "governance"
doc_type: apiPageType
-# List accessReviewInstanceDecisionItems pending approval
+# List accessReviewInstanceDecisionItems pending approval (deprecated)
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+>[!NOTE]
+>This method will be deprecated and will stop returning data on May 19, 2023. It has been replaced by [filterByCurrentUser](accessreviewinstancedecisionitem-filterbycurrentuser.md).
+ Retrieve the [accessReviewInstanceDecisionItem](../resources/accessreviewinstance.md) objects for a specific [accessReviewInstance](../resources/accessreviewscheduledefinition.md) pending approval by the calling user. A list of zero or more accessReviewInstanceDecisionItem objects are returned, including all of their nested properties. >[!NOTE]
->If many **accessReviewInstanceDecisionItems** are returned, to improve efficiency and avoid timeouts, retrieve the result set in pages, by including both the $top query parameter with a page size of at most 100, and the $skip=0 query parameter in the request. When a result set spans multiple pages, Microsoft Graph returns that page with an @odata.nextLink property in the response that contains a URL to the next page of results. If that property is present, continue making additional requests with the @odata.nextLink URL in each response, until all the results are returned, as described in paging Microsoft Graph data in your app.
->
->If no query parameters are provided and there are more than 100 results, Microsoft Graph will automatically paginate results at 100 results per page.
+>The default page size for this API is 100 accessReviewInstanceDecisionItem objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
The signed-in user will also only see decisions of which they are assigned revie
```http GET /me/pendingAccessReviewInstances/{instance-id}/decisions ```+
+## Optional query parameters
+This method supports `$skip` and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers None.
v1.0 Accessreviewscheduledefinition Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-filterbycurrentuser.md
+
+ Title: "accessReviewScheduleDefinition: filterByCurrentUser"
+description: "Returns accessReviewScheduleDefinition objects where the calling user is the reviewer."
+
+localization_priority: Normal
++
+# accessReviewScheduleDefinition: filterByCurrentUser
+Namespace: microsoft.graph
++
+Returns [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects where the calling user is a reviewer on one or more [accessReviewInstance](../resources/accessreviewinstance.md) objects.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection in the response body.
+
+## Examples
+Returns all review definitions where the calling user is a reviewer.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewscheduledefinition_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewScheduleDefinition)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewScheduleDefinition)",
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewScheduleDefinition",
+ "id": "ad0ec492-c1b6-49f0-9025-ea15ca471ea9",
+ "displayName": "Test",
+ "createdDateTime": "2021-04-29T20:01:18.1084432Z",
+ "lastModifiedDateTime": "2021-04-29T20:01:52.3233462Z",
+ "status": "Completed",
+ "descriptionForAdmins": "Test",
+ "descriptionForReviewers": "Test",
+ "createdBy": {
+ "id": "36c4c56e-fce3-4e2d-b28e-4ac0c7d2fa10",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
+ "query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null,
+ "inactiveDuration": "P30D"
+ },
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups?$filter=(groupTypes/any(c:c+eq+'Unified'))&$count=true",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "reviewers": [
+ {
+ "query": "./owners",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "backupReviewers": [],
+ "fallbackReviewers": [],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Approve",
+ "instanceDurationInDays": 3,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-04-30",
+ "endDate": "2021-04-30"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+ }
+ ]
+ },
+ "instances": []
+ }
+ ]
+}
+```
v1.0 Accessreviewscheduledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-get.md
To call this API, the signed-in user must also be in a directory role that permi
```http GET /identityGovernance/accessReviews/definitions/{review-id} ```+
+## Optional query parameters
+This method supports `$select` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+ ## Request headers None.
v1.0 Accessreviewscheduledefinition Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-post.md
POST /identityGovernance/accessReviews/definitions
| Content-type | application/json. Required. | ## Request body
-In the request body, supply a JSON representation of an [accessReview](../resources/accessreview.md) object.
+In the request body, supply a JSON representation of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
The following table shows the properties accepted to create an accessReview.
The following table shows the properties accepted to create an accessReview.
| scope | [accessReviewScope](../resources/accessreviewscope.md) | Defines the scope of users reviewed in a group. See [accessReviewScope](../resources/accessreviewscheduledefinition.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept). Required.| | instanceEnumerationScope | [accessReviewScope](../resources/accessreviewscope.md) | In the case of an all groups review, this determines the scope of which groups will be reviewed. See [accessReviewScope](../resources/accessreviewscheduledefinition.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept).| | settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series. Recurrence is determined here. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). |
-| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection | Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
+| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection | Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept). |
+|fallbackReviewers|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as `reviewers` and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal.|
| additionalNotificationRecipients |[accessReviewNotificationRecipientItem](../resources/accessReviewNotificationRecipientItem.md) collection| Defines the list of additional users or group members to be notified of the access review progress. |
+| backupReviewers (deprecated) |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This property has been replaced by **fallbackReviewers**. However, specifying either **backupReviewers** or **fallbackReviewers** automatically populates the same values to the other property. |
## Response If successful, this method returns a `201 Created` response code and an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object in the response body.
v1.0 Accessreviewscheduledefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/accessreviewscheduledefinition-update.md
The following table shows the properties accepted to update an accessReviewSched
| descriptionForAdmins | String | Context of the review provided to admins. | | descriptionForReviewers | String | Context of the review provided to reviewers. | | settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md) | The settings for an access review series. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). |
-| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). The Reviewers property is only updatable if individual users assigned are as reviewers. See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
+| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| Defines who the reviewers are. If none are specified, the review is a self-review (users review their own access). The **reviewers** property is only updatable if individual users are assigned as reviewers. See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
+|fallbackReviewers|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|A collection of reviewer scopes used to define the list of fallback reviewers who are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist.|
+| backupReviewers (deprecated)|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This property has been replaced by **fallbackReviewers**. However, specifying either **backupReviewers** or **fallbackReviewers** automatically populates the same values to the other property. |
A **PUT** request expects the full object to be passed in, which includes all writable properties, not just the properties being updated.
v1.0 Chat List Operations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-list-operations.md
+
+ Title: "List operations on a chat"
+description: "Retrieve operations on a chat."
+
+localization_priority: Normal
++
+# List operations on a chat
+Namespace: microsoft.graph
++
+List all [Teams async operations](../resources/teamsasyncoperation.md) that ran or are running on the specified [chat](../resources/chat.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged)|
+| :- | : |
+| Delegated (work or school account) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite|
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+
+> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+
+## HTTP request
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /chats/{chat-id}/operations
+```
+
+## Optional query parameters
+
+This method supports the `$filter`, `$select`, `$top`, and `$skip` [OData query parameters](/graph/query-parameters) to help customize the response.
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this returns a `200 OK` response code and a collection of [teamsAsyncOperation](../resources/teamsasyncoperation.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_chat_operations"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/chats/19:c253a29b5f694b55a6baad8e83510af7@thread.v2/operations
+```
+++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.teamsAsyncOperation",
+ "isCollection": true
+}
+-->
+``` http
+HTTP/1.1 202 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#chats('19%3Ac253a29b5f694b55a6baad8e83510af7%40thread.v2')/operations",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "2432b57b-0abd-43db-aa7b-16eadd115d34-e88ae9aa-887e-4972-ac3e-bd578e38232e-cf58835e-43f0-4fc1-825e-5de55630e7e4",
+ "operationType": "createChat",
+ "createdDateTime": "2021-05-27T21:23:41.9085453Z",
+ "status": "succeeded",
+ "lastActionDateTime": "2021-05-27T21:23:45.1899277Z",
+ "attemptsCount": 1,
+ "targetResourceId": "19:c253a29b5f694b55a6baad8e83510af7@thread.v2",
+ "targetResourceLocation": "/chats('19:c253a29b5f694b55a6baad8e83510af7@thread.v2')",
+ "values": "{\"appIds\":[\"1542629c-01b3-4a6d-8f76-1938b779e48d\"]}",
+ "error": null
+ }
+ ]
+}
+```
v1.0 Chat Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/chat-post.md
The following table lists the properties that are required to create a chat obje
|topic|(Optional) String|The title of the chat. The chat title can be provided only if the chat is of `group` type.| |chatType|[chatType](../resources/chat.md#chattype-values)| Specifies the type of chat. Possible values are: `group` and `oneOnOne`. | |members|[conversationMember](../resources/conversationmember.md) collection|List of conversation members that should be added. Every single user, including the user initiating the create request, who will participate in the chat must be specified in this list.|
+|installedApps| [teamsApp](../resources/teamsapp.md) collection|List of apps that should be installed in the chat.|
+
+> **Note:** Currently, only one app installation is supported. If multiple app installations are listed in the request, the response will be a `Bad Request` error.
## Response
-If successful, this method returns a 201 Created response code and the newly created **chat** resource in the response body.
+### Response for creating a one-on-one chat without installed apps
+If successful, this method returns a `201 Created` response code and the newly created [chat](../resources/chat.md) resource in the response body.
+
+### Response for creating a one-on-one chat with installed apps
+If successful, this method returns a `202 Accepted` response code and Location header that contains a link to the [teamsAsyncOperation](../resources/teamsasyncoperation.md). The link can be used to get the operation status and details. For details, see [Get operation on chat](teamsasyncoperation-get.md#example-get-operation-on-chat).
## Examples ### Example 1: Create a one-on-one chat #### Request-
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_chat_oneOnOne"
Content-Type: application/json
] } ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--
Content-Type: application/json
### Example 2: Create a group chat #### Request-
-# [HTTP](#tab/http)
<!-- { "blockType": "request", "name": "create_chat_group"
Content-Type: application/json
] } ```
-# [C#](#tab/csharp)
-
-# [JavaScript](#tab/javascript)
-
-# [Objective-C](#tab/objc)
-
-# [Java](#tab/java)
--
Content-Type: application/json
} ```
+### Example 3: Create a one-on-one chat with installed apps
+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_chat_oneOnOne_with_installed_apps"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/chats
+Content-Type: application/json
+
+{
+ "chatType": "oneOnOne",
+ "members": [
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('8b081ef6-4792-4def-b2c9-c363a1bf41d5')"
+ },
+ {
+ "@odata.type": "#microsoft.graph.aadUserConversationMember",
+ "roles": ["owner"],
+ "user@odata.bind": "https://graph.microsoft.com/beta/users('82af01c5-f7cc-4a2e-a728-3a5df21afd9d')"
+ }
+ ],
+ "installedApps": [
+ {
+ "teamsApp@odata.bind":"https://graph.microsoft.com/beta/appCatalogs/teamsApps/05F59CEC-A742-4A50-A62E-202A57E478A4"
+ }
+ ]
+}
+```
+++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response"
+}
+-->
+``` http
+HTTP/1.1 202 Accepted
+Content-Type: application/json
+Location: /chats('19:82fe7758-5bb3-4f0d-a43f-e555fd399c6f_bfb5bb25-3a8d-487d-9828-7875ced51a30@unq.gbl.spaces')/operations('2432b57b-0abd-43db-aa7b-16eadd115d34-861f06db-0208-4815-b67a-965df0d28b7f-10adc8a6-60db-42e2-9761-e56a7e4c7bc9')
+```
+
+The async operation is initiated, and the response contains a Location header which includes a link to the to the [teamsAsyncOperation](../resources/teamsasyncoperation.md). The link can be used to get the operation status and details. For details, see [Get operation on chat](teamsasyncoperation-get.md#example-get-operation-on-chat).
+
+## See also
+- [Get teamsAsyncOperation](teamsasyncoperation-get.md)
v1.0 Teamsasyncoperation Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/teamsasyncoperation-get.md
+
+ Title: "Get teamsAsyncOperation"
+description: "Get the details of a teamsAsyncOperation."
+
+localization_priority: Normal
++
+# Get teamsAsyncOperation
+Namespace: microsoft.graph
++
+Get the specified [Teams async operation](../resources/teamsasyncoperation.md) that ran or is running on a specific resource.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+The following permissions are for getting the operation on a chat:
+
+| Permission type | Permissions (from least to most privileged)|
+| :- | : |
+| Delegated (work or school account) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite|
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+
+> **Note**: Permissions marked with * use [resource-specific consent]( https://aka.ms/teams-rsc).
+
+## HTTP request
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /chats/{chat-id}/operations/{operation-id}
+```
+
+## Optional query parameters
+
+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
+
+## Request headers
+
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this returns a `200 OK` response code and a [teamsAsyncOperation](../resources/teamsasyncoperation.md) object in the response body.
+
+## Example: Get operation on chat
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_chat_operation"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/chats/19:c253a29b5f694b55a6baad8e83510af7@thread.v2/operations/2432b57b-0abd-43db-aa7b-16eadd115d34-e88ae9aa-887e-4972-ac3e-bd578e38232e-cf58835e-43f0-4fc1-825e-5de55630e7e4
+```
+
+### Response
+<!-- {
+ "blockType": "response",
+ "@odata.type": "microsoft.graph.teamsAsyncOperation"
+}
+-->
+``` http
+HTTP/1.1 202 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#chats('19%3Ac253a29b5f694b55a6baad8e83510af7%40thread.v2')/operations/$entity",
+ "id": "2432b57b-0abd-43db-aa7b-16eadd115d34-e88ae9aa-887e-4972-ac3e-bd578e38232e-cf58835e-43f0-4fc1-825e-5de55630e7e4",
+ "operationType": "createChat",
+ "createdDateTime": "2021-05-27T21:23:41.9085453Z",
+ "status": "succeeded",
+ "lastActionDateTime": "2021-05-27T21:23:45.1899277Z",
+ "attemptsCount": 1,
+ "targetResourceId": "19:c253a29b5f694b55a6baad8e83510af7@thread.v2",
+ "targetResourceLocation": "/chats('19:c253a29b5f694b55a6baad8e83510af7@thread.v2')",
+ "values": "{\"appIds\":[\"1542629c-01b3-4a6d-8f76-1938b779e48d\"]}",
+ "error": null
+}
+```
v1.0 User List Memberof https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-list-memberof.md
One of the following permissions is required to call this API. To learn more, in
| Permission type | Permissions (from least to most privileged) | |: |:- |
-| Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+| Delegated (work or school account) | User.Read, GroupMember.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
| Delegated (personal Microsoft account) | Not supported. | | Application | Directory.Read.All, Directory.ReadWrite.All | + ## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|onPremisesImmutableId|String|This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the userΓÇÖs **userPrincipalName** (UPN) property. **Important:** The **$** and **_** characters cannot be used when specifying this property. | |otherMails|String |A list of additional email addresses for the user; for example: `["bob@contoso.com", "Robert@fabrikam.com"]`.| |passwordPolicies|String|Specifies password policies for the user. This value is an enumeration with one possible value being `DisableStrongPassword`, which allows weaker passwords than the default policy to be specified. `DisablePasswordExpiration` can also be specified. The two may be specified together; for example: `DisablePasswordExpiration, DisableStrongPassword`.|
-|passwordProfile|[PasswordProfile](../resources/passwordprofile.md)|Specifies the password profile for the user. The profile contains the userΓÇÖs password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required.|
+|passwordProfile|[PasswordProfile](../resources/passwordprofile.md)|Specifies the password profile for the user. The profile contains the userΓÇÖs password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. The *Directory.AccessAsUser.All* permission is required to update this property.|
|pastProjects|String collection|A list for the user to enumerate their past projects.| |postalCode|String|The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.| |preferredLanguage|String|The preferred language for the user. Should follow ISO 639-1 Code; for example `en-US`.|
v1.0 Accessreviewinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewinstance.md
Every **accessReviewInstance** contains a list of [decisions](accessreviewinstan
| Method | Return Type | Description | |:|:--|:-| |[List accessReviewInstances](../api/accessreviewinstance-list.md) | [accessReviewInstance](accessreviewinstance.md) collection | Get a list of the [accessReviewInstance](../resources/accessreviewinstance.md) objects and their properties. |
-|[Get accessReviewInstance](../api/accessreviewinstance-get.md) | [accessReviewInstance](accessreviewinstance.md) | Returns accessReviewInstance for an accessReviewScheduleDefinition. Does not include associated accessReviewInstanceDecisionItem`s in the object. |
-|[List pendingAccessReviewInstances](../api/accessreviewinstance-pendingaccessreviewinstances.md) | [accessReviewInstance](accessreviewinstance.md) collection. | Get all pending accessReviewInstance resources assigned to the calling user. |
+|[Get accessReviewInstance](../api/accessreviewinstance-get.md) | [accessReviewInstance](accessreviewinstance.md) | Read the properties and relationships of an [accessReviewInstance](../resources/accessreviewinstance.md) object. |
|[Send accessReviewInstance reminder](../api/accessreviewinstance-sendreminder.md) | None. | Send a reminder to the reviewers of an accessReviewInstance. | |[Stop accessReviewInstance](../api/accessreviewinstance-stop.md) | None. | Manually stop an accessReviewInstance. | |[Accept recommendations](../api/accessreviewinstance-acceptrecommendations.md) | None. | Allows the calling user to accept the decision recommendation for each NotReviewed accessReviewInstanceDecisionItem that they are the reviewer on for a specific accessReviewInstance. |
-|[Apply decisions](../api/accessreviewinstance-applydecisions.md) | None. | Manually apply decision on an accessReviewInstance. |
+|[Apply decisions](../api/accessreviewinstance-applydecisions.md) | None. | Manually apply decisions on an accessReviewInstance. |
|[Batch record decisions](../api/accessreviewinstance-batchrecorddecisions.md)|None|Review batches of principals or resources in one call.|
+|[Reset decisions](../api/accessreviewinstance-resetdecisions.md)|None|Resets all decision items on an instance to `notReviewed`.|
+|[filterByCurrentUser](../api/accessreviewinstance-filterbycurrentuser.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Returns all instances on a given [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) for which the calling user is the reviewer of one or more decisions.|
+|[List decisions](../api/accessreviewinstance-list-decisions.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Get the accessReviewInstanceDecisionItem resources from the decisions navigation property.|
+|[List pendingAccessReviewInstances (deprecated)](../api/accessreviewinstance-pendingaccessreviewinstances.md) | [accessReviewInstance](accessreviewinstance.md) collection. | Get all pending accessReviewInstance resources assigned to the calling user. This method is being deprecated and replaced by [filterByCurrentUser](../api/accessreviewinstance-filterbycurrentuser.md). |
## Properties | Property | Type | Description | | :-| :- | :- |
-| id | String | Unique identifier of the instance. |
-| displayName | String | Name of the parent [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). |
-| startDateTime | DateTimeOffset | DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. |
-| endDateTime | DateTimeOffset | DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. |
-| status | String | Specifies the status of an accessReview. The typical states include `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. Read-only.|
-| scope | [accessReviewScope](accessreviewscope.md) | Created based on **scope** and **instanceEnumerationScope** at the `accessReviewScheduleDefinition` level. Defines the scope of users reviewed in a group. In the case of a single-group review, the scope defined at the `accessReviewScheduleDefinition` level applies to all instances. In the case of all groups review, scope may be different for each group. Read-only. |
-| decisions | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection | Each user reviewed in an [accessReviewInstance](#accessreviewinstance-resource-type) has a decision item representing if their access was approved, denied, or not yet reviewed. |
-| definition |[accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | There is exactly one **accessReviewScheduleDefinition** associated with each instance. It is the parent schedule for the instance, where instances are created for each recurrence of a review definition and each group selected to review by the definition. |
+| id | String | Unique identifier of the instance. Supports `$select`. Read-only.|
+| startDateTime | DateTimeOffset | DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$select`. Read-only. |
+| endDateTime | DateTimeOffset | DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$select`. Read-only.|
+| status | String | Specifies the status of an accessReview. Possible values: `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only.|
+| scope | [accessReviewScope](accessreviewscope.md) | Created based on **scope** and **instanceEnumerationScope** at the accessReviewScheduleDefinition level. Defines the scope of users reviewed in a group. Supports `$select` and `$filter` (`contains` only). Read-only. |
## Relationships
v1.0 Accessreviewinstancedecisionitem https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewinstancedecisionitem.md
Represents an Azure AD [access review](accessreviewsv2-root.md) decision on an i
| Method | Return Type | Description | |:|:--|:-|
-|[List accessReviewInstanceDecisionItems](../api/accessreviewinstancedecisionitem-list.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection | Lists every accessReviewInstanceDecisionItem for a specific accessReviewInstance. |
-|[List accessReviewInstanceDecisionItems pending approval](../api/accessreviewinstancedecisionitem-listpendingapproval.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection. | Get all accessReviewInstanceDecisionItems assigned to the calling user, for a specific accessReviewInstance. |
+|[List accessReviewInstanceDecisionItems](../api/accessreviewinstancedecisionitem-list.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection | Get a list of the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects and their properties.|
+|[Get accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-get.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.|
|[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md) | None. | For any accessReviewInstanceDecisionItems that the calling user is assigned a reviewer on, calling user can record a decision by patching the decision object. |
+|[filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Retrieves all [accessReviewInstanceDecisionItems](accessreviewinstancedecisionitem.md) objects where the calling use is the reviewer for a given [accessReviewInstance](accessreviewinstance.md).|
+|[List accessReviewInstanceDecisionItems pending approval (deprecated)](../api/accessreviewinstancedecisionitem-listpendingapproval.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection. | Get all accessReviewInstanceDecisionItems assigned to the calling user, for a specific accessReviewInstance. This method is being deprecated and replaced by [filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md). |
## Properties | Property | Type | Description | | :| :- | :- |
-| id | String | The identifier of the decision. |
-| accessReviewId | String | The identifier of the accessReviewInstance parent. |
-| reviewedBy | [userIdentity](useridentity.md) | The identifier of the reviewer. |
-| reviewedDateTime | DateTimeOffset | The timestamp when the review occurred. |
-| decision | String | Result of the review. Possible values: `Approve`, `Deny`, `NotReviewed`, or `DontKnow`. |
-| justification | String | The review decision justification. |
-| appliedBy | [userIdentity](useridentity.md) | The identifier of the user who applied the decision. |
-| appliedDateTime | DateTimeOffset | The timestamp when the approval decision was applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-| applyResult | String | The result of applying the decision. Possible values: `NotApplied`, `Success`, `Failed`, `NotFound`, or `NotSupported`. |
-| recommendation | String | A system-generated recommendation for the approval decision. Possible values: `Approve`, `Deny`, or `NotAvailable`. |
-| target | [accessReviewInstanceDecisionItemTarget](accessreviewinstancedecisionitemtarget.md) | The target of this specific decision. Decision targets can be of different types ΓÇô each one with its own specific properties. See [accessReviewInstanceDecisionItemTarget](accessreviewinstancedecisionitemtarget.md). |
-|principal|[identity](../resources/identity.md)|Every decision item in an access review represents a principal's access to a resource. This property represents details of the principal. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is "Bob" and the resource is "Sales". Principals can be of two types - userIdentity and servicePrincipalIdentity.|
-|resource|[accessReviewInstanceDecisionItemResource](../resources/accessreviewinstancedecisionitemresource.md)|Every decision item in an access review represents a principal's access to a resource. This property represents details of the resource. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is Bob and the resource is "Sales". Resources can be of multiple types. See [accessReviewInstanceDecisionItemResource](../resources/accessreviewinstancedecisionitemresource.md)|
+|accessReviewId|String|The identifier of the accessReviewInstance parent. Supports `$select`. Read-only.|
+|appliedBy|[userIdentity](../resources/useridentity.md)|The identifier of the user who applied the decision. Read-only.|
+|appliedDateTime|DateTimeOffset|The timestamp when the approval decision was applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$select`. Read-only.|
+|applyResult|String|The result of applying the decision. Possible values: `New`, `AppliedSuccessfully`, `AppliedWithUnknownFailure`, `AppliedSuccessfullyButObjectNotFound` and `ApplyNotSupported`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only.|
+|decision|String|Result of the review. Possible values: `Approve`, `Deny`, `NotReviewed`, or `DontKnow`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). |
+|id|String| The identifier of the decision. Inherited from [entity](../resources/entity.md). Supports `$select`. Read-only.|
+|justification|String|Justification left by the reviewer when they made the decision.|
+| target | [accessReviewInstanceDecisionItemTarget](accessreviewinstancedecisionitemtarget.md) | The target of this specific decision. Decision targets can be of different types ΓÇô each one with its own specific properties. See [accessReviewInstanceDecisionItemTarget](accessreviewinstancedecisionitemtarget.md). Read-only.|
+|principal|[identity](../resources/identity.md)|Every decision item in an access review represents a principal's access to a resource. This property represents details of the principal. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is "Bob" and the resource is "Sales". Principals can be of two types - userIdentity and servicePrincipalIdentity. Supports `$select`. Read-only.|
+|principalLink|String|Link to the principal object. For example: `https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9`. Read-only.|
+|recommendation|String|A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. Recommend approve if sign-in is within thirty days of start of review. Recommend deny if sign-in is greater than thirty days of start of review. Recommendation not available otherwise. Possible values: `Approve`, `Deny`, or `NoInfoAvailable`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only.|
+|resource|[accessReviewInstanceDecisionItemResource](../resources/accessreviewinstancedecisionitemresource.md)|Every decision item in an access review represents a principal's access to a resource. This property represents details of the resource. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is Bob and the resource is "Sales". Resources can be of multiple types. See [accessReviewInstanceDecisionItemResource](../resources/accessreviewinstancedecisionitemresource.md). Read-only.|
+|resourceLink|String|A link to the resource. For example, `https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8`. Supports `$select`. Read-only.|
+|reviewedBy|[userIdentity](../resources/useridentity.md)| The identifier of the reviewer. Supports `$select`. Read-only.|
+|reviewedDateTime|DateTimeOffset| The timestamp when the review decision occurred. Supports `$select`. Read-only.|
## Relationships
Here is a JSON representation of the resource.
"principal": { "@odata.type": "microsoft.graph.identity" },
+ "principalLink": "String",
"resource": { "@odata.type": "microsoft.graph.accessReviewInstanceDecisionItemResource"
- }
+ },
+ "resourceLink": "String"
} ```-
-<!--
-{
- "type": "#page.annotation",
- "description": "accessReviewInstanceDecisionItem resource",
- "keywords": "",
- "section": "documentation",
- "tocPath": "",
- "suppressions": []
-}
>
v1.0 Accessreviews Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviews-root.md
Title: "Azure AD access reviews - legacy"
+ Title: "Azure AD access reviews (deprecated)"
description: "You can use Azure AD access reviews to configure one-time or recurring access reviews for attestation of user's access rights. This documentation serves the legacy APIs." localization_priority: Normal
v1.0 Accessreviewscheduledefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewscheduledefinition.md
An accessReviewScheduleDefinition contains a list of [accessReviewInstance](acce
| Method | Return Type |Description| |:|:--|:-| |[List accessReviewScheduleDefinitions](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Lists every accessReviewScheduleDefinition. Does not include associated accessReviewInstance objects in the results. |
-|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an accessReviewScheduleDefinition with a specified **id**. Does not include associated accessReviewInstance objects in the results.|
+|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an accessReviewScheduleDefinition with a specified **id**. Does not include associated accessReviewInstance objects in the results. |
|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new accessReviewScheduleDefinition. | |[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an accessReviewScheduleDefinition with a specified **id**. | |[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an accessReviewScheduleDefinition with a specified **id**. |
+|[filterByCurrentUser](../api/accessreviewscheduledefinition-filterbycurrentuser.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection|Retrieves all definitions for which the calling user is a reviewer on one or more instance.|
## Properties | Property | Type | Description | | :| :-- | :- |
-| id | String | The feature-assigned unique identifier of an access review. Supports `$select`.|
-| displayName | String | Name of the access review series. Required on create. Supports `$select`. |
-| createdDateTime |DateTimeOffset | Timestamp when the access review series was created. Supports `$select`.|
-| lastModifiedDateTime | DateTimeOffset | Timestamp when the access review series was last modified. Supports `$select`.|
-| status |String | This read-only field specifies the status of an access review. The typical states include `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. <br>Supports `$select`, `$orderby`, and `$filter` (`eq` only).|
+| id | String | The feature-assigned unique identifier of an access review. Supports `$select`. Read-only.|
+| displayName | String | Name of the access review series. Supports `$select` and `$orderBy`. Required on create. |
+| createdDateTime |DateTimeOffset | Timestamp when the access review series was created. Supports `$select`. Read-only. |
+| lastModifiedDateTime | DateTimeOffset | Timestamp when the access review series was last modified. Supports `$select`. Read-only.|
+| status |String | This read-only field specifies the status of an access review. The typical states include `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. <br>Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only. |
| descriptionForAdmins |string | Description provided by review creators to provide more context of the review to admins. Supports `$select`. | | descriptionForReviewers |string | Description provided by review creators to provide more context of the review to reviewers. Reviewers will see this description in the email sent to them requesting their review. Supports `$select`. |
-| createdBy |[userIdentity](../resources/useridentity.md) | User who created this review. |
-| scope |[accessReviewScope](../resources/accessreviewscope.md) | Defines scope of resources to review. For supported scopes, see [accessReviewScope](accessreviewscope.md). Required on create. Supports `$select` and `$filter` (`contains` only). For examples of options for configuring scope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).|
-| instanceEnumerationScope|[accessReviewScope](../resources/accessreviewscope.md) | This property is required when scoping a review to guest users' access across all Microsoft 365 groups and determines which Microsoft 365 groups are reviewed. Each group will become a unique **accessReviewInstance** of the access review series. For supported scopes, see [accessReviewScope](accessreviewscope.md). Supports `$select`. For examples of options for configuring instanceEnumerationScope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).|
-| settings |[accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series, see type definition below. Supports `$select`.|
-| reviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of access review scopes is used to define who are the reviewers. Required on create. Supports `$select`. For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).|
-| backupReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports `$select`. <br>**Note:** This property has been replaced by **fallbackReviewers**. However, specifying either **backupReviewers** or **fallbackReviewers** automatically populates the same values to the other property.|
-| fallbackReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports `$select`.|
+| createdBy |[userIdentity](../resources/useridentity.md) | User who created this review. Read-only. |
+| scope |[accessReviewScope](../resources/accessreviewscope.md) | Defines scope of resources to review. For supported scopes, see [accessReviewScope](accessreviewscope.md). Required on create. Supports `$select` and `$filter` (`contains` only). For examples of options for configuring scope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept). |
+| instanceEnumerationScope|[accessReviewScope](../resources/accessreviewscope.md) | This property is required when scoping a review to guest users' access across all Microsoft 365 groups and determines which Microsoft 365 groups are reviewed. Each group will become a unique **accessReviewInstance** of the access review series. For supported scopes, see [accessReviewScope](accessreviewscope.md). Supports `$select`. For examples of options for configuring instanceEnumerationScope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept). |
+| settings |[accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series, see type definition below. Supports `$select`. Required on create. |
+| reviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of access review scopes is used to define who are the reviewers. The reviewers property is only updatable if individual users are assigned as reviewers. Required on create. Supports `$select`. For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept). |
+| fallbackReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. See [accessReviewReviewerScope](accessreviewreviewerscope.md). Replaces backupReviewers. Supports `$select`. |
| instances |[accessReviewInstance](../resources/accessreviewinstance.md) collection| Set of access reviews instances for this access review series. Access reviews that do not recur will only have one instance; otherwise, there is an instance for each recurrence. |
+| backupReviewers (deprecated) |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports `$select`. <br>**Note:** This property has been replaced by **fallbackReviewers**. However, specifying either **backupReviewers** or **fallbackReviewers** automatically populates the same values to the other property. |
| additionalNotificationRecipients |[accessReviewNotificationRecipientItem](../resources/accessReviewNotificationRecipientItem.md) collection| Defines the list of additional users or group members to be notified of the access review progress. | ## Relationships
The following is a JSON representation of the resource.
"@odata.type": "microsoft.graph.accessReviewReviewerScope" } ],
+ "fallbackReviewers": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewReviewerScope"
+ }
+ ],
+ "backupReviewers": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewReviewerScope"
+ }
+ ],
"instanceEnumerationScope": { "@odata.type": "microsoft.graph.accessReviewScope" },
The following is a JSON representation of the resource.
} } ```
-<!--
-{
- "type": "#page.annotation",
- "description": "accessReviewScheduleDefinition resource",
- "keywords": "",
- "section": "documentation",
- "tocPath": "",
- "suppressions": []
-}
>
v1.0 Accessreviewscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewscope.md
The following is a JSON representation of the resource.
--> ``` json {
+ "@odata.type": "#microsoft.graph.accessReviewScope"
} ```
v1.0 Accessreviewsv2 Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/accessreviewsv2-root.md
Namespace: microsoft.graph
You can use [Azure AD access reviews](/azure/active-directory/active-directory-azure-ad-controls-access-reviews-overview) to configure one-time or recurring access reviews for attestation of user's access rights.
-Typical customer scenarios for access reviews of group memberships and application access are:
+Typical customer scenarios for access reviews of group memberships and application and Azure AD role access are:
-- Customers can review and certify guest user access by using access reviews of their access to applications and memberships of groups. Reviewers can use the insights that are provided to efficiently decide whether guests should have continued access.
+- Customers can review and certify guest user access to applications, Azure AD roles, and memberships of groups. Reviewers can use the insights that are provided to efficiently decide whether guests should have continued access.
-- Customers can review and certify employee access to applications and group memberships with access reviews.--- Customers can collect access review controls into programs that are relevant for your organization to track reviews for compliance or risk-sensitive applications.-
-There is also a related capability for customers to review and certify the role assignments of administrative users who are assigned to Azure AD roles such as Global Administrator or Azure subscription roles. This capability is included in [Azure AD Privileged Identity Management](privilegedidentitymanagement-root.md).
+- Customers can review and certify employee access to applications, Azure AD roles, and group memberships with access reviews.
Note that the access reviews feature, including the API, is included in Azure AD Premium P2. The tenant where an access review is being created must have a valid purchased or trial Azure AD Premium P2 or EMS E5 subscription.
The following table lists the methods that you can use to interact with access r
| Method | Return type |Description| |:|:--|:-|
-|[List accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Lists every `accessReviewScheduleDefinition`. Does not include associated `accessReviewInstance` instances in listings. |
-|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an `accessReviewScheduleDefinition` with a specified id. |
-|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new `accessReviewScheduleDefinition`. |
-|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an `accessReviewScheduleDefinition` with a specified ID. |
-|[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an `accessReviewScheduleDefinition` with a specified ID. |
-|[List accessReviewInstance](../api/accessreviewinstance-list.md) | [accessReviewInstance](accessreviewinstance.md) collection | Lists every `accessReviewInstance` for a specific `accessReviewScheduleDefinition`. Does not include associated `accessReviewInstanceDecisionItem`s in listings. |
-|[Get accessReviewInstance](../api/accessreviewinstance-get.md) | [accessReviewInstance](accessreviewinstance.md) | Returns `accessReviewInstance` for an `accessReviewScheduleDefinition`. Does not include associated `accessReviewInstanceDecisionItem`s in object. |
-|[List accessReviewInstances pending approval](../api/accessreviewinstance-pendingaccessreviewinstances.md) | [accessReviewInstance](accessreviewinstance.md) collection. | Get all `accessReviewInstance` assigned to the calling user. |
-|[Send accessReviewInstance reminder](../api/accessreviewinstance-sendreminder.md) | None. | Send a reminder to the reviewers of an `accessReviewInstance`. |
-|[Stop accessReviewInstance](../api/accessreviewinstance-stop.md) | None. | Manually stop an `accessReviewInstance`. |
-|[Accept recommendations](../api/accessreviewinstance-acceptrecommendations.md) | None. | Allows the calling user to accept the decision recommendation for each NotReviewed `accessReviewInstanceDecisionItem` that they are the reviewer on for a specific `accessReviewInstance`. |
-|[Apply decisions](../api/accessreviewinstance-applydecisions.md) | None. | Manually apply decision on an `accessReviewInstance`. |
-|[List accessReviewInstanceDecisionItems](../api/accessreviewinstancedecisionitem-list.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection | Lists every `accessReviewInstanceDecisionItem` for a specific `accessReviewInstance`. |
-|[List accessReviewInstanceDecisionItems pending approval](../api/accessreviewinstancedecisionitem-listpendingapproval.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection. | Get all `accessReviewInstanceDecisionItems` assigned to the calling user, for a specific `accessReviewInstance`. |
-|[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md) | None. | For any `accessReviewInstanceDecisionItems` that the calling user is assigned a reviewer on, calling user can record a decision by patching the decision object. |
+|[List accessReviewScheduleDefinitions](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Get a list of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects and their properties. |
+|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an accessReviewScheduleDefinition object and its properties. |
+|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new accessReviewScheduleDefinition. |
+|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an accessReviewScheduleDefinition. |
+|[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an accessReviewScheduleDefinition with a specified identifier. |
+|[accessReviewScheduleDefinition: filterByCurrentUser](../api/accessreviewscheduledefinition-filterbycurrentuser.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection|Retrieves all definitions for which the calling user is a reviewer on one or more instance.|
+|[List accessReviewInstances](../api/accessreviewinstance-list.md) | [accessReviewInstance](accessreviewinstance.md) collection | Get a list of the [accessReviewInstance](../resources/accessreviewinstance.md) objects and their properties. |
+|[Get accessReviewInstance](../api/accessreviewinstance-get.md) | [accessReviewInstance](accessreviewinstance.md) | Read the properties and relationships of an [accessReviewInstance](../resources/accessreviewinstance.md) object. |
+|[Send accessReviewInstance reminder](../api/accessreviewinstance-sendreminder.md) | None. | Send a reminder to the reviewers of an accessReviewInstance. |
+|[Stop accessReviewInstance](../api/accessreviewinstance-stop.md) | None. | Manually stop an accessReviewInstance. |
+|[Accept recommendations](../api/accessreviewinstance-acceptrecommendations.md) | None. | Allows the calling user to accept the decision recommendation for each NotReviewed accessReviewInstanceDecisionItem that they are the reviewer on for a specific accessReviewInstance. |
+|[Apply decisions](../api/accessreviewinstance-applydecisions.md) | None. | Manually apply decisions on an accessReviewInstance. |
+|[Batch record decisions](../api/accessreviewinstance-batchrecorddecisions.md)|None|Review batches of principals or resources in one call.|
+|[Reset decisions](../api/accessreviewinstance-resetdecisions.md)|None|Resets all decision items on an instance to `notReviewed`.|
+|[accessReviewInstance: filterByCurrentUser](../api/accessreviewinstance-filterbycurrentuser.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Returns all instances on a given [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) for which the calling user is the reviewer of one or more decisions.|
+|[List accessReviewInstanceDecisionItems](../api/accessreviewinstancedecisionitem-list.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection | Get a list of the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects and their properties.|
+|[Get accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-get.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.|
+|[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md) | None. | For any accessReviewInstanceDecisionItems that the calling user is assigned a reviewer on, calling user can record a decision by patching the decision object. |
+|[accessReviewInstanceDecisionItem: filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Retrieves all [accessReviewInstanceDecisionItems](accessreviewinstancedecisionitem.md) objects where the calling use is the reviewer for a given [accessReviewInstance](accessreviewinstance.md).|
+|[List accessReviewHistoryDefinitions](../api/accessreviewhistorydefinition-list.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md) collection|Get a list of the [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) objects and their properties.|
+|[Create accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-post.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Create a new [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[Get accessReviewHistoryDefinition](../api/accessreviewhistorydefinition-get.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Read the properties and relationships of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object.|
+|[generateDownloadUri](../api/accessreviewhistorydefinition-generatedownloaduri.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Generate a URI that can be used to retrieve review history data.|
+|[Get accessReviewPolicy](../api/accessreviewpolicy-get.md)|[accessReviewPolicy](../resources/accessreviewpolicy.md)|Read the properties and relationships of an [accessReviewPolicy](../resources/accessreviewpolicy.md) object.|
+|[Update accessReviewPolicy](../api/accessreviewpolicy-update.md)|[accessReviewPolicy](../resources/accessreviewpolicy.md)|Update the properties of an [accessReviewPolicy](../resources/accessreviewpolicy.md) object.|
+|[List definitions pending approval (deprecated)](../api/accessreviewscheduledefinition-filterbycurrentuser.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection|Retrieves all definitions for which the calling user is a reviewer on one or more instance. This method is being deprecated and replaced by [accessReviewScheduleDefinition: filterByCurrentUser](../api/accessreviewscheduledefinition-filterbycurrentuser.md).|
+|[List pendingAccessReviewInstances (deprecated)](../api/accessreviewinstance-pendingaccessreviewinstances.md) | [accessReviewInstance](accessreviewinstance.md) collection. | Get all pending accessReviewInstance resources assigned to the calling user. This method is being deprecated and replaced by [accessReviewInstance: filterByCurrentUser](../api/accessreviewinstance-filterbycurrentuser.md). |
+|[List accessReviewInstanceDecisionItems pending approval (deprecated)](../api/accessreviewinstancedecisionitem-listpendingapproval.md) | [accessReviewInstanceDecisionItem](accessreviewinstancedecisionitem.md) collection. | Get all accessReviewInstanceDecisionItems assigned to the calling user, for a specific accessReviewInstance. This method is being deprecated and replaced by [accessReviewInstanceDecisionItem: filterByCurrentUse](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md). |
## Role and application permission authorization checks
In addition, a user who is an assigned reviewer of an access review can manage t
} --> -
v1.0 Chat https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/chat.md
A chat is a collection of [chatMessages](chatmessage.md) between one or more par
|[Add tab to chat](../api/chat-post-tabs.md) | [teamsTab](teamstab.md) | Add (pin) a tab to a chat (and associated meeting).| |[Update tab in chat](../api/chat-patch-tabs.md) | [teamsTab](teamstab.md) | Update the properties of a tab in a chat (and associated meeting).| |[Remove tab from chat](../api/chat-delete-tabs.md) | None | Remove (unpin) a tab from a chat (and associated meeting).|
+| **Operations** |||
+|[List operations on chat](../api/chat-list-operations.md) | [teamsAsyncOperation](teamsAsyncOperation.md) collection | Get the list of async operations that ran or are running on the chat.|
+|[Get operation on chat](../api/teamsasyncoperation-get.md#example-get-operation-on-chat) | [teamsAsyncOperation](teamsAsyncOperation.md) | Get a single async operation that ran or is running on the chat.|
>**Note:** When using application permissions, be sure you know how you're going to get the chat ID. Because listing chats with application permissions is not supported, not all scenarios are possible. It is possible to get chat IDs with delegated permissions, and from [change notifications for /chats/getAllMessages](../api/subscription-post-subscriptions.md) with application permissions.
not all scenarios are possible. It is possible to get chat IDs with delegated pe
| members | [conversationMember](conversationmember.md) collection | A collection of all the members in the chat. Nullable. | | messages | [chatMessage](chatmessage.md) collection | A collection of all the messages in the chat. Nullable. | | permissionGrants| [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection| A collection of permissions granted to apps for the chat.|
+| operations | [teamsAsyncOperation](teamsasyncoperation.md) collection | A collection of all the Teams async operations that ran or are running on the chat. Nullable. |
## JSON representation
v1.0 Licenseunitsdetail https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/licenseunitsdetail.md
description: "The **prepaidUnits** property of the subscribedSku entity is of ty
localization_priority: Normal doc_type: resourcePageType ms.prod: "directory-management"-+ # licenseUnitsDetail resource type
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-The **prepaidUnits** property of the [subscribedSku](subscribedsku.md) entity is of type **licenseUnitsDetail**.
+The **prepaidUnits** property of the [subscribedSku](subscribedsku.md) entity is of type **licenseUnitsDetail**. For more information on the progression states of a subscription, see [What if my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide)
## Properties | Property | Type |Description| |:-|:--|:-|
-|enabled|Int32| The number of units that are enabled. |
-|suspended|Int32| The number of units that are suspended. |
-|warning|Int32| The number of units that are in warning status. |
+|enabled|Int32| The number of units that are enabled for the active subscription of the service SKU. |
+|suspended|Int32| The number of units that are suspended because the subscription of the service SKU has been cancelled. The units cannot be assigned but can still be reactivated before they are deleted. |
+|warning|Int32| The number of units that are in warning status. When the subscription of the service SKU has expired, the customer has a grace period to renew their subscription before it is cancelled (moved to a **suspended** state). |
## JSON representation
v1.0 Passwordprofile https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/passwordprofile.md
Contains the password profile associated with a user. The **passwordProfile** pr
## Properties | Property | Type |Description| |:|:--|:-|
-|forceChangePasswordNextSignIn|Boolean| If `true`, at next sign-in, the user must change their password. After a password change, this property will be automatically reset to *`false`. If not set, default is `false`. |
+|forceChangePasswordNextSignIn|Boolean| `true` if the user must change her password on the next login; otherwise `false`. If not set, default is `false`. **NOTE:** For Azure B2C tenants, set to `false` and instead use custom policies and user flows to force password reset at first sign in. See [Force password reset at first logon](https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon). |
|forceChangePasswordNextSignInWithMfa|Boolean| If `true`, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to **forceChangePasswordNextSignIn** except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to `false`. If not set, default is `false`. | |password|String|The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the userΓÇÖs **passwordPolicies** property. By default, a strong password is required.|
v1.0 Principalresourcemembershipsscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/principalresourcemembershipsscope.md
Title: "principalResourceMembershipsScope resource type"
-description: "Allows for the selection scopes to review access of the selected principals to the selected resources."
+description: "Allows for the selection of access review scope to review access of the selected principals to the selected resources."
localization_priority: Normal ms.prod: "governance"
Inherits from [accessReviewScope](../resources/accessreviewscope.md).
## Properties |Property|Type|Description| |:|:|:|
-|principalScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the principals to be included in an access review.|
-|resourceScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the resources for which access will be reviewed.|
+|principalScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the principals whose access to resources are reviewed in the access review.|
+|resourceScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the resources for which access is reviewed.|
You must also specify the **@odata.type** type property with the value `#microsoft.graph.principalResourceMembershipsScope`. For more about configuration options for **scope** using **principalResourceMembershipsScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
v1.0 Resourcespecificpermissiongrant https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/resourcespecificpermissiongrant.md
A resourceSpecificPermissionGrant declares the permission that has been granted
| : | :- | :-- | |[List permission grants of a chat](../api/chat-list-permissiongrants.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List permissions that have been granted in a specific chat. | |[List permission grants of a group](../api/group-list-permissiongrants.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List permissions that have been granted in a specific group. |
-|[List permission grants of a team](../api/team-list-permissiongrants.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List permissions that have been granted in a specific team. |
## Properties
v1.0 Subscribedsku https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/subscribedsku.md
Only the read operation is supported on subscribed SKUs; create, update, and del
| Property | Type |Description| |:|:--|:-| |appliesTo|String| For example, "User" or "Company". |
-|capabilityStatus|String| Possible values are: `Enabled`, `Warning`, `Suspended`, `Deleted`, `LockedOut`. |
+|capabilityStatus|String| Possible values are: `Enabled`, `Warning`, `Suspended`, `Deleted`, `LockedOut`. The capabilityStatus is `Enabled` if the **prepaidUnits** property has at least 1 unit that is **enabled**, and `LockedOut` if the customer cancelled their subscription. |
|consumedUnits|Int32| The number of licenses that have been assigned. | |id|String| The unique identifier for the subscribed sku object. Key, not nullable. | |prepaidUnits|[licenseUnitsDetail](licenseunitsdetail.md)| Information about the number and status of prepaid licenses. |
v1.0 Teamsasyncoperation https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/teamsasyncoperation.md
The response will also contain a Location header, which contains the location of
Periodically check the status of the operation by making a GET request to this location; wait >30 seconds between checks. When the request completes successfully, the status will be "succeeded" and the targetResourceLocation will point to the created/modified resource.
+## Methods
+
+| Method | Return Type | Description |
+| : | :- | :- |
+| [List operations on a chat](../api/chat-list-operations.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List async operations that ran or are running on a specific chat. |
+| [Get operation](../api/teamsasyncoperation-get.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | Get an async operation that ran or is running on a specific resource. |
+ ## Properties | Property | Type | Description |
v1.0 Teamsasyncoperationtype https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/resources/teamsasyncoperationtype.md
Types of [teamsAsyncOperation](teamsasyncoperation.md). Members will be added he
|cloneTeam|1|Operation to clone a team.| |archiveTeam|2|Operation to archive a team.| |unarchiveTeam|3|Operation to restore an archived team.|
-|createTeam|3|Operation to create a team from scratch.|
---
+|createTeam|4|Operation to create a team from scratch.|
+|createChat|5|Operation to create a chat from scratch.|
v1.0 Accessreviewinstance Acceptrecommendations https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-acceptrecommendations.md
+
+ Title: "accessReviewInstance: acceptRecommendations"
+description: "Allows the acceptance of recommendations on decisions for an access review instance that has not been reviewed by the calling user who is a reviewer."
+
+localization_priority: Normal
++
+# accessReviewInstance: acceptRecommendations
+
+Namespace: microsoft.graph
+
+Allows the acceptance of recommendations on all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects that have not been reviewed on an [accessReviewInstance](../resources/accessreviewinstance.md) object for which the calling user is a reviewer.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/acceptRecommendations
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_acceptrecommendations"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/1234fba0-cbf0-5678-8868-0810c7f91006/acceptRecommendations
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstance Applydecisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-applydecisions.md
+
+ Title: "accessReviewInstance: applyDecisions"
+description: "Apply decisions on an accessReviewInstance."
+
+localization_priority: Normal
++
+# accessReviewInstance: applyDecisions
+Namespace: microsoft.graph
+
+Apply review decisions to the resource reviewed in an [accessReviewInstance](../resources/accessreviewinstance.md).
+
+Decisions are applied automatically if the **autoApplyDecisionsEnabled** of the **settings** parameter of [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) is `true`.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/applyDecisions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_applydecisions"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/1234fba0-cbf0-5678-8868-0810c7f49101/applyDecisions
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstance Batchrecorddecisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-batchrecorddecisions.md
+
+ Title: "accessReviewInstance: batchRecordDecisions"
+description: "Enables reviewers to review all accessReviewInstanceDecisionItems in batches."
+
+localization_priority: Normal
++
+# accessReviewInstance: batchRecordDecisions
+Namespace: microsoft.graph
+
+Enables reviewers to review all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in batches by using **principalId**, **resourceId**, or neither.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/batchRecordDecisions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md).
+
+The following table lists the properties that you can use to review [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects.
+
+|Parameter|Type|Description|
+|:|:|:|
+|decision|String|Access decision for the entity being reviewed. Possible values are: `Approve`, `Deny`, `NotReviewed`, `DontKnow`. Required.|
+|justification|String|Context of the review provided to admins. Required if **justificationRequiredOnApproval** of the settings property of the **accessReviewScheduleDefinition** is `true` .|
+|principalId|String|If supplied, all the **accessReviewInstanceDecisionItems** with matching **principalId** values will be reviewed in this batch. If not supplied, all **accessReviewInstanceDecisionItems** will be reviewed.|
+|resourceId|String|If supplied, all the **accessReviewInstanceDecisionItems** with matching **resourceId** will be reviewed in this batch. If not supplied, all **accessReviewInstanceDecisionItems** will be reviewed.|
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_batchrecorddecisions"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/1234fba0-cbf0-6778-8868-9999c7f4cc06/batchRecordDecisions
+Content-type: application/json
+
+{
+ "decision": "Approve",
+ "justification": "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team",
+ "resourceId": "a5c51e59-3fcd-4a37-87a1-835c0c21488a"
+}
+```
+
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-filterbycurrentuser.md
+
+ Title: "accessReviewInstance: filterByCurrentUser"
+description: "Retrieve all accessReviewInstance objects for a given reviewer."
+
+localization_priority: Normal
++
+# accessReviewInstance: filterByCurrentUser
+Namespace: microsoft.graph
+
+Retrieve all [accessReviewInstance](../resources/accessreviewinstance.md) objects on a given [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) where the calling user is a reviewer on one or more [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewInstance objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer')
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [accessReviewInstance](../resources/accessreviewinstance.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/filterByCurrentUser(on='reviewer')
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(accessReviewInstance)",
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewInstance",
+ "id": "7ca879f0-77ea-4386-b110-776dec898935",
+ "startDateTime": "2021-04-20T00:45:51.627Z",
+ "endDateTime": "2021-04-23T00:45:51.627Z",
+ "status": "Applied",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/6b7b9930-38a0-4f93-a107-3bc9904c83d7/members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-get.md
+
+ Title: "Get accessReviewInstance"
+description: "Read the properties and relationships of an accessReviewInstance object."
+
+localization_priority: Normal
++
+# Get accessReviewInstance
+Namespace: microsoft.graph
++
+Read the properties and relationships of an [accessReviewInstance](../resources/accessreviewinstance.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}
+```
+
+## Optional query parameters
+This method supports `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessReviewInstance](../resources/accessreviewinstance.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_accessreviewinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/12345ba0-cbf0-5678-8868-4444c7f4cc06
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewInstance"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "@odata.type": "#microsoft.graph.accessReviewInstance",
+ "id": "d7fbc019-c019-d7fb-19c0-fbd719c0fbd7",
+ "startDateTime": "2021-03-11T16:44:59.337Z",
+ "endDateTime": "2021-06-09T16:44:59.337Z",
+ "status": "InProgress",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/97eebd44-61fd-4d42-8b2a-a4de41b6c572/transitiveMembers",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ }
+}
+```
v1.0 Accessreviewinstance List Decisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-list-decisions.md
+
+ Title: "List decisions"
+description: "Get the accessReviewInstanceDecisionItem resources from the decisions navigation property."
+
+localization_priority: Normal
++
+# List decisions
+Namespace: microsoft.graph
+
+Get the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) resources from the decisions navigation property on a given [accessReviewInstance](../resources/accessreviewinstance.md).
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewinstancedecisionitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/2dca8959-b716-4b4c-a93d-a535c01eb6e0/instances/8d035c9d-798d-47fa-beb4-f986a4b8126f/decisions
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstanceDecisionItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions('2dca8959-b716-4b4c-a93d-a535c01eb6e0')/instances('8d035c9d-798d-47fa-beb4-f986a4b8126f')/decisions",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "139166ec-d214-4835-95aa-3c1d89581e51",
+ "accessReviewId": "8d035c9d-798d-47fa-beb4-f986a4b8126f",
+ "reviewedDateTime": null,
+ "decision": "NotReviewed",
+ "justification": "",
+ "appliedDateTime": null,
+ "applyResult": "New",
+ "recommendation": "Deny",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/1800bb2c-955d-4205-8471-3a6c3116435d",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "appliedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "displayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstance List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-list.md
+
+ Title: "List accessReviewInstances"
+description: "Get a list of the accessReviewInstance objects and their properties."
+
+localization_priority: Normal
++
+# List accessReviewInstances
+Namespace: microsoft.graph
+
+Get a list of the [accessReviewInstance](../resources/accessreviewinstance.md) objects and their properties.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewInstance](../resources/accessreviewinstance.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/8564a649-4f67-4e09-88e7-55def6530e88/instances
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions('8564a649-4f67-4e09-88e7-55def6530e88')/instances",
+ "@odata.count": 2,
+ "value": [
+ {
+ "id": "7bc18cf4-3d70-4009-bc8e-a7c5adb30849",
+ "startDateTime": "2021-03-09T23:10:28.83Z",
+ "endDateTime": "2021-03-09T23:10:28.83Z",
+ "status": "Applied",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/f661fdd0-f0f7-42c0-8281-e89c6527ac63/members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstance Resetdecisions https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-resetdecisions.md
+
+ Title: "accessReviewInstance: resetDecisions"
+description: "Resets all accessReviewInstanceDecisionItem objects on an accessReviewInstance to `notReviewed`."
+
+localization_priority: Normal
++
+# accessReviewInstance: resetDecisions
+Namespace: microsoft.graph
+
+Resets all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects on an [accessReviewInstance](../resources/accessreviewinstance.md) to `notReviewed`.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/resetDecisions
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_resetdecisions"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/8564a649-4f67-4e09-88e7-55def6530e88/instances/1234a649-4f67-1234-88e7-55def6530e88/resetDecisions
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstance Sendreminder https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-sendreminder.md
+
+ Title: "accessReviewInstance: sendReminder"
+description: "Sends a reminder to the reviewers of a currently active accessReviewInstance."
+
+localization_priority: Normal
++
+# accessReviewInstance: sendReminder
+Namespace: microsoft.graph
+
+Send a reminder to the reviewers of an active [accessReviewInstance](../resources/accessreviewinstance.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/sendReminder
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_sendreminder"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/8564a649-4f67-4e09-88e7-55def6530e88/instances/1234a649-4f67-1234-88e7-55def6530e88/sendReminder
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstance Stop https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstance-stop.md
+
+ Title: "accessReviewInstance: stop"
+description: "Stop a currently active accessReviewInstance."
+
+localization_priority: Normal
++
+# accessReviewInstance: stop
+Namespace: microsoft.graph
+
+Stop a currently active [accessReviewInstance](../resources/accessreviewinstance.md). After the access review instance stops, the instance status is marked as `Completed`, the reviewers can no longer give input, and the access review decisions are applied.
+
+Stopping an instance will not stop future instances. To prevent a recurring access review from starting future instances, [update the schedule definition](accessreviewscheduledefinition-update.md) to change its scheduled end date.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stop
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstance_stop"
+}
+-->
+``` http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/8564a649-4f67-4e09-88e7-55def6530e88/instances/1234a649-4f67-1234-88e7-55def6530e88/stop
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewinstancedecisionitem Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstancedecisionitem-filterbycurrentuser.md
+
+ Title: "accessReviewInstanceDecisionItem: filterByCurrentUser"
+description: "Retrieves all accessReviewInstanceDecisionItem objects on an accessReviewInstance for which the calling user is the reviewer."
+
+localization_priority: Normal
++
+# accessReviewInstanceDecisionItem: filterByCurrentUser
+Namespace: microsoft.graph
+
+Retrieves all [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects on a given [accessReviewInstance](../resources/accessreviewinstance.md) for which the calling user is the reviewer.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewinstancedecisionitem_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/1234ea1c-8d12-457b-1234-a37dc59e54e0/instances/7070ea1c-8d12-457b-bd35-a37dc59e54e0/decisions/filterByCurrentUser(on='reviewer')
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstanceDecisionItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstanceDecisionItem)",
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItem",
+ "id": "9550e25b-f315-4454-9d87-16b885c35de4",
+ "accessReviewId": "7070ea1c-8d12-457b-bd35-a37dc59e54e0",
+ "reviewedDateTime": null,
+ "decision": "NotReviewed",
+ "justification": "",
+ "appliedDateTime": null,
+ "applyResult": "New",
+ "recommendation": "Deny",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/55555b2c-955d-4205-8471-3a6c3116435d",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "appliedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "target": {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
+ "userId": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "userDisplayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "displayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstancedecisionitem Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstancedecisionitem-get.md
+
+ Title: "Get accessReviewInstanceDecisionItem"
+description: "Read the properties and relationships of an accessReviewInstanceDecisionItem object."
+
+localization_priority: Normal
++
+# Get accessReviewInstanceDecisionItem
+Namespace: microsoft.graph
+
+Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
+```
+
+## Optional query parameters
+This method supports `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_accessreviewinstancedecisionitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/abadf3b6-8ea4-4dea-90a5-9eac8fe93fbd/instances/abadf3b6-8ea4-4dea-90a5-9eac8fe93fbd/decisions/9550e25b-f315-4454-9d87-16b885c35de4
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewInstanceDecisionItem"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('abadf3b6-8ea4-4dea-90a5-9eac8fe93fbd')/instances('7070ea1c-8d12-457b-bd35-a37dc59e54e0')/decisions/$entity",
+ "id": "9550e25b-f315-4454-9d87-16b885c35de4",
+ "accessReviewId": "7070ea1c-8d12-457b-bd35-a37dc59e54e0",
+ "reviewedDateTime": null,
+ "decision": "NotReviewed",
+ "justification": "",
+ "appliedDateTime": null,
+ "applyResult": "New",
+ "recommendation": "Deny",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/1800bb2c-955d-4205-8471-3a6c3116435d",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "appliedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "target": {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
+ "userId": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "userDisplayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "displayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ }
+}
+```
v1.0 Accessreviewinstancedecisionitem List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstancedecisionitem-list.md
+
+ Title: "List accessReviewInstanceDecisionItems"
+description: "Get a list of the accessReviewInstanceDecisionItem objects and their properties."
+
+localization_priority: Normal
++
+# List accessReviewInstanceDecisionItems
+Namespace: microsoft.graph
+
+Get a list of the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects and their properties.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewinstancedecisionitem"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/abadf3b6-8ea4-4dea-90a5-9eac8fe93fbd/instances/7070ea1c-8d12-457b-bd35-a37dc59e54e0/decisions
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstanceDecisionItem)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('abadf3b6-8ea4-4dea-90a5-9eac8fe93fbd')/instances('7070ea1c-8d12-457b-bd35-a37dc59e54e0')/decisions",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "9550e25b-f315-4454-9d87-16b885c35de4",
+ "accessReviewId": "7070ea1c-8d12-457b-bd35-a37dc59e54e0",
+ "reviewedDateTime": null,
+ "decision": "NotReviewed",
+ "justification": "",
+ "appliedDateTime": null,
+ "applyResult": "New",
+ "recommendation": "Deny",
+ "principalLink": "https://graph.microsoft.com/v1.0/users/1800bb2c-955d-4205-8471-3a6c3116435d",
+ "resourceLink": null,
+ "resource": null,
+ "reviewedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "appliedBy": {
+ "id": "00000000-0000-0000-0000-000000000000",
+ "displayName": "",
+ "userPrincipalName": ""
+ },
+ "target": {
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
+ "userId": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "userDisplayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ },
+ "principal": {
+ "@odata.type": "#microsoft.graph.userIdentity",
+ "id": "1800bb2c-955d-4205-8471-3a6c3116435d",
+ "displayName": "guest example",
+ "userPrincipalName": "guest@guest.com"
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewinstancedecisionitem Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewinstancedecisionitem-update.md
+
+ Title: "Update accessReviewInstanceDecisionItem"
+description: "Update the properties of an accessReviewInstanceDecisionItem object."
+
+localization_priority: Normal
++
+# Update accessReviewInstanceDecisionItem
+Namespace: microsoft.graph
+
+Update the properties of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.
++
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+Only a calling user who is listed as reviewer for the parent [accessReviewInstance](../resources/accessreviewinstance.md) can update the **accessReviewInstanceDecisionItem**.
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.
+
+The following table shows the properties that are accepted when you update the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md).
+
+|Property|Type|Description|
+|:|:|:|
+|decision|String|The reviewer's vote on whether the principal should have access to the resource under review. Possible values: `Approve`, `Deny`, or `DontKnow`. Required.|
+|justification|String|The reviewer's reason for decision. Required if the **justificationRequiredOnApproval** of the settings property of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) is `true`.|
+
+## Response
+
+If successful, this method returns a `204 OK` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "update_accessreviewinstancedecisionitem"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/abadf3b6-8ea4-4dea-90a5-9eac8fe93fbd/instances/4444f3b6-8ea4-4dea-90a5-9eac8fe95678/decisions/5555f3b6-8ea4-4dea-90a5-9eac8fe95555
+Content-Type: application/json
+Content-length: 691
+
+{
+ "decision": "Approve",
+ "justification": "Kathleen still needs access to the Marketing group as she works in the Marketing organization."
+}
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewscheduledefinition Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-delete.md
+
+ Title: "Delete accessReviewScheduleDefinition"
+description: "Deletes an accessReviewScheduleDefinition object."
+
+localization_priority: Normal
++
+# Delete accessReviewScheduleDefinition
+Namespace: microsoft.graph
+
+Deletes an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)| AccessReview.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application| AccessReview.ReadWrite.All |
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+DELETE /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "delete_accessreviewscheduledefinition"
+}
+-->
+``` http
+DELETE https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/3856fd6f-36e2-4152-97c9-76070d19f730
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+}
+-->
+``` http
+HTTP/1.1 204 No Content
+```
v1.0 Accessreviewscheduledefinition Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-filterbycurrentuser.md
+
+ Title: "accessReviewScheduleDefinition: filterByCurrentUser"
+description: "Returns accessReviewScheduleDefinition objects where the calling user is the reviewer."
+
+localization_priority: Normal
++
+# accessReviewScheduleDefinition: filterByCurrentUser
+Namespace: microsoft.graph
+
+Returns [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects where the calling user is a reviewer on one or more [accessReviewInstance](../resources/accessreviewinstance.md) objects.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection in the response body.
+
+## Examples
+Returns all review definitions where the calling user is a reviewer.
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "accessreviewscheduledefinition_filterbycurrentuser"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewScheduleDefinition)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(accessReviewScheduleDefinition)",
+ "@odata.count": 1,
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewScheduleDefinition",
+ "id": "66666337-b075-4a92-9d71-255cc4b5d12a",
+ "displayName": "All groups review",
+ "createdDateTime": "2021-03-09T00:45:51.6272836Z",
+ "lastModifiedDateTime": "2021-03-09T00:46:11.2041753Z",
+ "status": "InProgress",
+ "descriptionForAdmins": "All groups review",
+ "descriptionForReviewers": "",
+ "createdBy": {
+ "id": "cae33dff-88e8-4e02-8a52-de021295997e",
+ "displayName": "Example user",
+ "userPrincipalName": "exampleuser@contoso.com"
+ },
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups?$filter=(groupTypes/any(c:c+eq+'Unified'))&$count=true",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "reviewers": [
+ {
+ "query": "./owners",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "fallbackReviewers": [],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 3,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-03-09",
+ "endDate": "9999-12-31"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+ }
+ ]
+ },
+ "instances": []
+ }
+ ]
+}
+```
v1.0 Accessreviewscheduledefinition Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-get.md
+
+ Title: "Get accessReviewScheduleDefinition"
+description: "Read the properties and relationships of an accessReviewScheduleDefinition object."
+
+localization_priority: Normal
++
+# Get accessReviewScheduleDefinition
+Namespace: microsoft.graph
+
+Read the properties and relationships of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+To retrieve the instances of the access review series, use the [list accessReviewInstance](accessreviewinstance-list.md) API.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+To call this API, the signed-in user must also be in a directory role that permits them to read an access review, or the user can be assigned as a reviewer on the access review. For more details, see the role and permission requirements for [access reviews](../resources/accessreviewsv2-root.md).
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
+```
+
+## Optional query parameters
+This method supports `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "get_accessreviewscheduledefinition"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/3856fd6f-36e2-4152-97c9-76070d19f730
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": {
+ "id": "d6bf2f6c-2f6c-d6bf-6c2f-bfd66c2fbfd6",
+ "displayName": "Review example",
+ "status": "Applying",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/4444d821-ca3b-45cc-98ee-54c00a04deef/transitiveMembers/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "reviewers": [
+ {
+ "query": "/v1.0/users/5555556e-fce3-4e2d-b28e-4ac0c7d2fa10",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "fallbackReviewers": [],
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/4444d821-ca3b-45cc-98ee-54c00a04deef",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": false,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Deny",
+ "instanceDurationInDays": 10,
+ "autoApplyDecisionsEnabled": false,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": null,
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-04-28",
+ "endDate": "2021-05-08"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.disableAndDeleteUserApplyAction"
+ }
+ ]
+ }
+ }
+}
+```
+
+## See also
+
+- [Create accessReviewScheduleDefinition](accessreviewscheduledefinition-post.md)
+- [List accessReviewScheduleDefinition](accessreviewscheduledefinition-list.md)
+- [List accessReviewInstance](accessreviewinstance-list.md)
v1.0 Accessreviewscheduledefinition List Instances https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-list-instances.md
+
+ Title: "List instances"
+description: "Get the accessReviewInstance resources from the instances navigation property."
+
+localization_priority: Normal
++
+# List instances
+Namespace: microsoft.graph
+
+Get the [accessReviewInstance](../resources/accessreviewinstance.md) resources from the instances navigation property on an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md).
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances
+```
+
+## Optional query parameters
+This method supports `$select`, `$filter`, `$orderBy`, `$skip`, and `$top` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewInstance](../resources/accessreviewinstance.md) objects in the response body.
+
+## Examples
+
+### Request
+<!-- {
+ "blockType": "request",
+ "name": "list_accessreviewinstance"
+}
+-->
+``` http
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/2dca8959-b716-4b4c-a93d-a535c01eb6e0/instances
+```
++
+### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "Collection(microsoft.graph.accessReviewInstance)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions('2dca8959-b716-4b4c-a93d-a535c01eb6e0')/instances",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "8d035c9d-798d-47fa-beb4-f986a4b8126f",
+ "startDateTime": "2021-05-01T07:00:00Z",
+ "endDateTime": "2021-05-15T07:00:00Z",
+ "status": "InProgress",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/v1.0/groups/0914d821-ca3b-45cc-98ee-54c00a04deef/transitiveMembers",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ }
+ ]
+}
+```
v1.0 Accessreviewscheduledefinition List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-list.md
+
+ Title: "List accessReviewScheduleDefinitions"
+description: "Get a list of the accessReviewScheduleDefinition objects and their properties."
+
+localization_priority: Normal
++
+# List accessReviewScheduleDefinitions
+Namespace: microsoft.graph
+
+Get a list of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects and their properties.
+
+>[!NOTE]
+>The default page size for this API is 100 accessReviewScheduleDefinition objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the `$skip` and `$top` query parameters. For more information, see [Paging Microsoft Graph data in your app](/graph/paging).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.Read.All, AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.Read.All, AccessReview.ReadWrite.All|
+
+ The signed-in user must also be in a directory role that permits them to read an access review. See access review [role and application permission authorization checks](../resources/accessreviewsv2-root.md#role-and-application-permission-authorization-checks).
+
+## HTTP request
+
+To list all your accessReviewScheduleDefinitions:
+<!-- { "blockType": "ignored" } -->
+```http
+GET /identityGovernance/accessReviews/definitions
+```
+
+## Optional query parameters
+This method supports the `$select`, `$top`, `$skip`,`$orderBy`, and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+### Use the $filter query parameter
+The `$filter` query parameter with the `contains` operator is supported on the **scope** property of accessReviewScheduleDefinition. Use the following format for the request:
+
+```http
+GET /identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '{object}')
+```
+
+The value of `{object}` can be one of the following:
+
+|Value|Description|
+|: |: |
+|`/groups` |List every accessReviewScheduleDefinition on individual groups (excludes definitions scoped to all Microsoft 365 groups with guest users).|
+|`/groups/{group id}` |List every accessReviewScheduleDefinition on a specific group (excludes definitions scoped to all Microsoft 365 groups with guest users).|
+|`./members` |List every accessReviewScheduleDefinition scoped to all Microsoft 365 groups with guest users.|
+|`accessPackageAssignments` |List every accessReviewScheduleDefinition on an access package.|
+|`roleAssignmentScheduleInstances` |List every accessReviewScheduleDefinition for service principals assigned to a privileged role.|
+
+The `$filter` query parameter is not supported on **accessReviewInactiveUserQueryScope** or **principalResourceMembershipScope**.
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Do not supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects in the response body.
+
+## Examples
+
+### Example 1: List the first one hundred access review definitions
+
+#### Request
+
+<!-- {
+ "blockType": "request",
+ "name": "list_accessReviewScheduleDefinition"
+}-->
+```
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions?$top=100&$skip=0
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition",
+ "isCollection": "true"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "98dcebed-c7f6-46f4-bcf3-4a3fccdb3e2a",
+ "displayName": "Access Review",
+ "scope": {
+ "query": "/groups/119cc181-22f0-4e18-8537-264e7524ee0b/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ },
+ "instanceEnumerationScope": {
+ "query": "/groups/119cc181-22f0-4e18-8537-264e7524ee0b",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 0,
+ "autoApplyDecisionsEnabled": false,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2020-09-11",
+ "endDate": "9999-12-31"
+ }
+ }
+ }
+ }
+ ]
+}
+```
+
+### Example 2: Retrieve all access review definitions scoped to all Microsoft 365 groups in a tenant
+
+#### Request
+The following example shows a request to retrieve all the access review series scoped to all Microsoft 365 groups in a tenant.
+
+<!-- {
+ "blockType": "request",
+ "name": "list_accessReviewScheduleDefinition_allgroups"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, './members')
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition",
+ "isCollection": "true"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions",
+ "@odata.count": 1,
+ "value": [
+ {
+ "id": "cc701697-762c-439a-81f5-f58d680fde76",
+ "displayName": "Review guest access across Microsoft 365 groups",
+ "status": "InProgress",
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph"
+ },
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified'))&$count=true",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Recommendation",
+ "instanceDurationInDays": 25,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 3,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-04-27",
+ "endDate": "9999-12-31"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+ }
+ ]
+ },
+ "instances@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions('cc701697-762c-439a-81f5-f58d680fde76')/instances",
+ "instances": []
+ }
+ ]
+}
+
+```
v1.0 Accessreviewscheduledefinition Post https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-post.md
+
+ Title: "Create accessReviewScheduleDefinition"
+description: "Create a new accessReviewScheduleDefinition object."
+localization_priority: Normal
+++
+# Create accessReviewScheduleDefinition
+
+Namespace: microsoft.graph
+
+Create a new [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | AccessReview.ReadWrite.All |
+|Delegated (personal Microsoft account)|Not supported.|
+|Application | AccessReview.ReadWrite.All |
+
+The signed-in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for [access reviews](../resources/accessreviewsv2-root.md).
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /identityGovernance/accessReviews/definitions
+```
+## Request headers
+| Name | Description |
+|:-|:|
+|Authorization|Bearer {token}. Required.|
+| Content-type | application/json. Required. |
+
+## Request body
+In the request body, supply a JSON representation of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+The following table shows the properties accepted to create an accessReview.
+
+| Property | Type | Description |
+|:-|:|:|
+| displayName | String | Name of access review series. Required.|
+| descriptionForAdmins | string | Context of the review provided to admins. Required. |
+ descriptionForReviewers | string | Context of the review provided to reviewers. Required. |
+| scope | [accessReviewScope](../resources/accessreviewscope.md) | Defines the scope of users reviewed in a group. See [accessReviewScope](../resources/accessreviewscheduledefinition.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept). Required.|
+| instanceEnumerationScope | [accessReviewScope](../resources/accessreviewscope.md) | In the case of an all groups review, this determines the scope of which groups will be reviewed. See [accessReviewScope](../resources/accessreviewscheduledefinition.md) and also learn how to [configure the scope of your access review definition](/graph/accessreviews-scope-concept).|
+| settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series. Recurrence is determined here. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). |
+| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection | Defines who the reviewers are. If none are specified, the review is a self-review (users reviewed review their own access). See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
+|fallbackReviewers|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as `reviewers` and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal.|
+
+## Response
+If successful, this method returns a `201 Created` response code and an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object in the response body.
+
+## Examples
+
+### Example 1: Create an access review on a group
+
+This is an example of creating an access review with the following settings:
++ The review reviews all members of a group, whose group **id** is `02f3bafb-448c-487c-88c2-5fd65ce49a41`.++ A specific user, whose user **id** is `398164b1-5196-49dd-ada2-364b49f99b27` is the reviewer.++ It recurs weekly and continues indefinitely.+
+#### Request
+In the request body, supply a JSON representation of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
++
+# [HTTP](#tab/http)
+<!-- {
+ "blockType": "request",
+ "name": "create_accessReviewScheduleDefinition"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
+Content-type: application/json
+
+{
+ "displayName": "Test create",
+ "descriptionForAdmins": "New scheduled access review",
+ "descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
+ "scope": {
+ "query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 1,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2020-09-08T12:02:30.667Z"
+ }
+ }
+ }
+}
+```
++++
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "id": "29f2d16e-9ca6-4052-bbfe-802c48944448",
+ "displayName": "Test create",
+ "createdDateTime": "0001-01-01T00:00:00Z",
+ "lastModifiedDateTime": "0001-01-01T00:00:00Z",
+ "status": "NotStarted",
+ "descriptionForAdmins": "Test create",
+ "descriptionForReviewers": "Test create",
+ "instanceEnumerationScope": null,
+ "createdBy": {
+ "id": "957f1027-c0ee-460d-9269-b8444459e0fe",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scope": {
+ "query": "/groups/b74444cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [
+ {
+ "query": "/users/7eae986b-d425-48b2-adf2-3c777f4444f3",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 1,
+ "autoApplyDecisionsEnabled": false,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "noEnd",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2020-09-08",
+ "endDate": null
+ }
+ },
+ "applyActions": []
+ }
+}
+```
+
+### Example 2: Create an access review on all teams with inactive guest users
+
+This is an example of creating an access review with the following settings:
++ The review reviews all teams with inactive guest users. The period of inactivity is 30 days from the start date of the access review.++ The group owners are the reviewers and fallback reviewers are assigned.++ It recurs on the third day of every quarter and continues indefinitely.++ **autoApplyDecisionsEnabled** is set to `true` with the **defaultDecision** set to `Deny`.+
+#### Request
+In the request body, supply a JSON representation of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+<!-- {
+ "blockType": "request",
+ "name": "create_accessReviewScheduleDefinition_inactiveguests_M365"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
+Content-type: application/json
+
+{
+ "displayName": "Review inactive guests on teams",
+ "descriptionForAdmins": "Control guest user access to our teams.",
+ "descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
+ "queryType": "MicrosoftGraph"
+ },
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
+ "query": "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "inactiveDuration": "P30D"
+ },
+ "reviewers": [
+ {
+ "query": "./owners",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "recommendationsEnabled": true,
+ "instanceDurationInDays": 3,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "dayOfMonth": "5",
+ "interval": 3
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2020-05-04T00:00:00.000Z"
+ }
+ },
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Deny",
+ "autoApplyDecisionsEnabled": true
+ }
+}
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions/$entity",
+ "id": "b0966e21-a01e-43c9-8f8b-9ba30ed5710a",
+ "displayName": "Review inactive guests on teams",
+ "createdDateTime": "2021-05-04T18:27:02.6719849Z",
+ "lastModifiedDateTime": "2021-05-04T18:27:24.0889623Z",
+ "status": "InProgress",
+ "descriptionForAdmins": "Control guest user access to our teams.",
+ "descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
+ "createdBy": {
+ "id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "displayName": "MOD Administrator",
+ "userPrincipalName": "admin@contoso.com"
+ },
+ "scope": {
+ "@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
+ "query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null,
+ "inactiveDuration": "P30D"
+ },
+ "instanceEnumerationScope": {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team'))&$count=true",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ },
+ "reviewers": [
+ {
+ "query": "./owners",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "backupReviewers": [
+ {
+ "query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Deny",
+ "instanceDurationInDays": 3,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 3,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-05-05",
+ "endDate": "9999-12-31"
+ }
+ },
+ "applyActions": [
+ {
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+ }
+ ]
+ }
+}
+```
+
+### Example 3: Create an access review of all users to an application
+
+This is an example of creating an access review with the following settings:
++ The review reviews user access to an application.++ The people managers are the reviewers and fallback reviewers are the members of a group.++ It recurs semi-annually and ends 1 year from the startDate.+
+#### Request
+<!-- {
+ "blockType": "request",
+ "name": "create_accessReviewScheduleDefinition_allusers_M365_AADRole"
+}-->
+```http
+POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
+Content-type: application/json
+
+{
+ "displayName": "Review employee access to LinkedIn",
+ "descriptionForAdmins": "Review employee access to LinkedIn",
+ "scope": {
+ "@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
+ "principalScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/users",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "resourceScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
+ "queryType": "MicrosoftGraph"
+ }
+ ]
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "backupReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ }
+ ],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": true,
+ "defaultDecision": "Recommendation",
+ "instanceDurationInDays": 180,
+ "autoApplyDecisionsEnabled": true,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 6,
+ "dayOfMonth": 0
+ },
+ "range": {
+ "type": "numbered",
+ "startDate": "2021-05-05",
+ "endDate": "2022-05-05"
+ }
+ }
+ }
+}
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions/$entity",
+ "id": "1f79f34b-8667-40d9-875c-893b630b3dec",
+ "scope": {
+ "@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
+ "principalScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/users",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "resourceScopes": [
+ {
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ]
+ },
+ "reviewers": [
+ {
+ "query": "./manager",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": "decisions"
+ }
+ ],
+ "backupReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
+ "queryType": "MicrosoftGraph",
+ "queryRoot": null
+ }
+ ],
+ "settings": {
+ "instanceDurationInDays": 180,
+ "recurrence": {
+ "pattern": {
+ "type": "absoluteMonthly",
+ "interval": 6,
+ "month": 0,
+ "dayOfMonth": 0,
+ "daysOfWeek": [],
+ "firstDayOfWeek": "sunday",
+ "index": "first"
+ },
+ "range": {
+ "type": "numbered",
+ "numberOfOccurrences": 0,
+ "recurrenceTimeZone": null,
+ "startDate": "2021-05-05",
+ "endDate": "2022-05-05"
+ }
+ }
+ }
+}
+```
++
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create accessReviewScheduleDefinition",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Accessreviewscheduledefinition Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/accessreviewscheduledefinition-update.md
+
+ Title: "Update accessReviewScheduleDefinition"
+description: "Update the properties of an accessReviewScheduleDefinition object."
+
+localization_priority: Normal
++
+# Update accessReviewScheduleDefinition
+Namespace: microsoft.graph
+
+Update the properties of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+Any updates to an accessReviewScheduleDefinition only apply to future instances. Currently running instances cannot be updated. Additionally, this API is not intended to update properties, including decisions, on the accessReviewInstance level. See [accessReviewInstance](../resources/accessreviewinstance.md) for more information on instances.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type|Permissions (from least to most privileged)|
+|:|:|
+|Delegated (work or school account)|AccessReview.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|
+|Application|AccessReview.ReadWrite.All|
+
+## HTTP request
+
+<!-- {
+ "blockType": "ignored"
+}
+-->
+``` http
+PUT /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
+```
+
+## Request headers
+|Name|Description|
+|:|:|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+In the request body, supply a JSON representation of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+The following table shows the properties accepted to update an accessReviewScheduleDefinition.
+
+| Property | Type | Description |
+|:-|:|:|
+| displayName | String | Name of access review series. |
+| descriptionForAdmins | String | Context of the review provided to admins. |
+| descriptionForReviewers | String | Context of the review provided to reviewers. |
+| settings | [accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md) | The settings for an access review series. See [accessReviewScheduleSettings](../resources/accessreviewscheduledefinition.md). |
+| reviewers | [accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| Defines who the reviewers are. If none are specified, the review is a self-review (users review their own access). The **reviewers** property is only updatable if individual users are assigned as reviewers. See [accessReviewReviewerScope](../resources/accessreviewscheduledefinition.md). |
+|fallbackReviewers|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|A collection of reviewer scopes used to define the list of fallback reviewers who are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist.|
+
+A **PUT** request expects the full object to be passed in, which includes all writable properties, not just the properties being updated.
+
+## Response
+If successful, this method returns a `204 No Content` response code and no response body.
+
+## Examples
+This is an example of updating the displayName of an existing access review series.
+
+### Request
+In the request body, supply a JSON representation of the new properties of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.
+
+<!-- {
+ "blockType": "request",
+ "name": "update_accessreviewscheduledefinition"
+}
+-->
+``` http
+PUT https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/60860cdd-fb4d-4054-91ba-f75e04444aa6
+
+{
+ "id": "60860cdd-fb4d-4054-91ba-f75e04444aa6",
+ "displayName": "Test world UPDATED NAME!",
+ "descriptionForAdmins": "Test world",
+ "descriptionForReviewers": "Test world",
+ "scope": {
+ "query": "/groups/b7a059cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
+ "queryType": "MicrosoftGraph"
+ },
+ "instanceEnumerationScope": {
+ "query": "/groups/b7a059cb-038a-4802-8fc9-b9d1ed0cf11f",
+ "queryType": "MicrosoftGraph"
+ },
+ "reviewers": [],
+ "settings": {
+ "mailNotificationsEnabled": true,
+ "reminderNotificationsEnabled": true,
+ "justificationRequiredOnApproval": true,
+ "defaultDecisionEnabled": false,
+ "defaultDecision": "None",
+ "instanceDurationInDays": 3,
+ "autoApplyDecisionsEnabled": false,
+ "recommendationsEnabled": true,
+ "recurrence": {
+ "pattern": {
+ "type": "weekly",
+ "interval": 1
+ },
+ "range": {
+ "type": "noEnd",
+ "startDate": "2020-09-15"
+ }
+ }
+ }
+}
+```
++
+### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+```http
+HTTP/1.1 204 No Content
+```
v1.0 Group Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/group-get.md
Content-type: application/json
"groupTypes": [ "Unified" ],
+ "isAssignableToRole": null,
"mail": "library2@contoso.com", "mailEnabled": true, "mailNickname": "library",
v1.0 Group Getmemberobjects https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/group-getmemberobjects.md
doc_type: apiPageType
Namespace: microsoft.graph
-Return all of the groups that this group is a member of. The check is transitive. Note: Groups cannot be members of directory roles, so no directory roles will be returned.
+Return all of the groups that this group is a member of. The check is transitive.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Group List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/group-list.md
HTTP/1.1 200 OK
Content-type: application/json {
- "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#groups",
- "value":[
- {
- "id":"11111111-2222-3333-4444-555555555555",
- "mail":"group1@contoso.com",
- "mailEnabled":true,
- "mailNickname":"ContosoGroup1",
- "securityEnabled":true
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups",
+ "value": [
+ {
+ "id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",
+ "deletedDateTime": null,
+ "classification": null,
+ "createdDateTime": "2018-12-22T02:21:05Z",
+ "description": "Self help community for golf",
+ "displayName": "Golf Assist",
+ "expirationDateTime": null,
+ "groupTypes": [
+ "Unified"
+ ],
+ "isAssignableToRole": null,
+ "mail": "golfassist@contoso.com",
+ "mailEnabled": true,
+ "mailNickname": "golfassist",
+ "membershipRule": null,
+ "membershipRuleProcessingState": null,
+ "onPremisesLastSyncDateTime": null,
+ "onPremisesSecurityIdentifier": null,
+ "onPremisesSyncEnabled": null,
+ "preferredDataLocation": "CAN",
+ "preferredLanguage": null,
+ "proxyAddresses": [
+ "smtp:golfassist@contoso.onmicrosoft.com",
+ "SMTP:golfassist@contoso.com"
+ ],
+ "renewedDateTime": "2018-12-22T02:21:05Z",
+ "resourceBehaviorOptions": [],
+ "resourceProvisioningOptions": [],
+ "securityEnabled": false,
+ "theme": null,
+ "visibility": "Public",
+ "onPremisesProvisioningErrors": []
+ },
+ {
+ "id": "d7797254-3084-44d0-99c9-a3b5ab149538",
+ "deletedDateTime": null,
+ "classification": null,
+ "createdDateTime": "2018-11-19T20:29:40Z",
+ "description": "Talk about golf",
+ "displayName": "Golf Discussion",
+ "expirationDateTime": null,
+ "groupTypes": [],
+ "isAssignableToRole": null,
+ "mail": "golftalk@contoso.com",
+ "mailEnabled": true,
+ "mailNickname": "golftalk",
+ "membershipRule": null,
+ "membershipRuleProcessingState": null,
+ "onPremisesLastSyncDateTime": null,
+ "onPremisesSecurityIdentifier": null,
+ "onPremisesSyncEnabled": null,
+ "preferredDataLocation": "CAN",
+ "preferredLanguage": null,
+ "proxyAddresses": [
+ "smtp:golftalk@contoso.onmicrosoft.com",
+ "SMTP:golftalk@contoso.com"
+ ],
+ "renewedDateTime": "2018-11-19T20:29:40Z",
+ "resourceBehaviorOptions": [],
+ "resourceProvisioningOptions": [],
+ "securityEnabled": false,
+ "theme": null,
+ "visibility": null,
+ "onPremisesProvisioningErrors": []
+ }
+ ]
} ```
v1.0 Group Post Groups https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/group-post-groups.md
The following table shows the properties of the [group](../resources/group.md) r
|:|:--|:-| | displayName | string | The name to display in the address book for the group. Maximum length: 256 characters. Required. | | description | string | A description for the group. Max. length: 1024 characters. Optional. |
+| isAssignableToRole | Boolean | Set to **true** to enable the group to be assigned to an Azure AD role. Only Privileged Role Administrator and Global Administrator can set the value of this property. Optional. |
| mailEnabled | boolean | Set to **true** for mail-enabled groups. Required. | | mailNickname | string | The mail alias for the group. Max. length: 64 characters. These characters cannot be used in the mailNickName: `@()\[]";:.<>,SPACE`. Required. | | securityEnabled | boolean | Set to **true** for security-enabled groups, including Microsoft 365 groups. Required. |
Content-type: application/json
} ```
+### Example 3: Create a group that can be assigned to an Azure AD role
+
+#### Request
+
+The following is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_role_enabled_group"
+}-->
+``` http
+POST https://graph.microsoft.com/v1.0/groups
+Content-Type: application/json
+
+{
+ "description": "Group assignable to a role",
+ "displayName": "Role assignable group",
+ "groupTypes": [
+ "Unified"
+ ],
+ "isAssignableToRole": true,
+ "mailEnabled": true,
+ "securityEnabled": true,
+ "mailNickname": "contosohelpdeskadministrators",
+ "visibility" : "Private"
+}
+```
+
+> **Note:** The **visibility** and **groupTypes** properties are not required for creation, but are auto-populated with these values. A group with **isAssignableToRole** property set to `true` cannot be of dynamic membership type and cannot have an owner. For more information, see [Using a group to manage Azure AD role assignments](https://go.microsoft.com/fwlink/?linkid=2103037).
+
+#### Response
+
+The following is an example of the response. It includes only default properties.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.group",
+ "name": "create_role_enabled_group"
+} -->
+``` http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
+ "id": "502df398-d59c-469d-944f-34a50e60db3f",
+ "deletedDateTime": null,
+ "classification": null,
+ "createdDateTime": "2018-12-27T22:17:07Z",
+ "description": "Group assignable to a role",
+ "displayName": "Role assignable group",
+ "expirationDateTime": null,
+ "groupTypes": [
+ "Unified"
+ ],
+ "isAssignableToRole": true,
+ "mail": "operations2019@contoso.com",
+ "mailEnabled": true,
+ "mailNickname": "contosohelpdeskadministrators",
+ "membershipRule": null,
+ "membershipRuleProcessingState": null,
+ "onPremisesLastSyncDateTime": null,
+ "onPremisesSecurityIdentifier": null,
+ "onPremisesSyncEnabled": null,
+ "preferredDataLocation": "CAN",
+ "proxyAddresses": [
+ "SMTP:operations2019@contoso.com"
+ ],
+ "renewedDateTime": "2018-12-27T22:17:07Z",
+ "resourceBehaviorOptions": [],
+ "resourceProvisioningOptions": [],
+ "securityEnabled": true,
+ "securityIdentifier": "S-1-12-1-1905728287-1207447622-870010782-555555555",
+ "theme": null,
+ "visibility": "Private",
+ "onPremisesProvisioningErrors": []
+}
+```
+ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!-- {
Content-type: application/json
"tocPath": "", "suppressions": [ ]
-}-->
+} -->
v1.0 User List Memberof https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-list-memberof.md
One of the following permissions is required to call this API. To learn more, in
|Permission type | Permissions (from least to most privileged) | |:--|:|
-|Delegated (work or school account) | Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
+|Delegated (work or school account) | User.Read, GroupMember.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
|Delegated (personal Microsoft account) | Not supported. | |Application | Directory.Read.All, Directory.ReadWrite.All |
v1.0 User Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/user-update.md
In the request body, supply the values for relevant fields that should be update
|onPremisesImmutableId|String|This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the userΓÇÖs **userPrincipalName** (UPN) property. **Important:** The **$** and **_** characters cannot be used when specifying this property. | |otherMails|String |A list of additional email addresses for the user; for example: `["bob@contoso.com", "Robert@fabrikam.com"]`.| |passwordPolicies|String|Specifies password policies for the user. This value is an enumeration with one possible value being `DisableStrongPassword`, which allows weaker passwords than the default policy to be specified. `DisablePasswordExpiration` can also be specified. The two may be specified together; for example: `DisablePasswordExpiration, DisableStrongPassword`.|
-|passwordProfile|[PasswordProfile](../resources/passwordprofile.md)|Specifies the password profile for the user. The profile contains the userΓÇÖs password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. This cannot be used for federated users.|
+|passwordProfile|[PasswordProfile](../resources/passwordprofile.md)|Specifies the password profile for the user. The profile contains the userΓÇÖs password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. This cannot be used for federated users. The *Directory.AccessAsUser.All* permission is required to update this property.|
|pastProjects|String collection|A list for the user to enumerate their past projects.| |postalCode|String|The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.| |preferredLanguage|String|The preferred language for the user. Should follow ISO 639-1 Code; for example `en-US`.|
v1.0 Accessreviewapplyaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewapplyaction.md
+
+ Title: "accessReviewApplyAction resource type"
+description: "Represents the action to take on reviewed users after an access review instance is completed."
+
+localization_priority: Normal
++
+# accessReviewApplyAction resource type
+
+Namespace: microsoft.graph
+
+Represents a base class for apply actions in the [accessReviewScheduleSettings](accessreviewschedulesettings.md) of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). Supported derived types:
+
+- [removeAccessApplyAction](removeaccessapplyaction.md) is a derived type of accessReviewApplyAction that indicates removing access of an entity being reviewed upon completion of the review. This is the default type for the applyActions property in accessReviewScheduleSettings and does not need to be specified.
+
+- [disableAndDeleteUserApplyAction](disableanddeleteuserapplyaction.md) is a derived type of accessReviewApplyAction that indicates disabling and deleting the user being reviewed upon completion of the review. This is the non-default type and needs to specified in accessReviewScheduleSettings.
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewApplyAction"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewApplyAction"
+}
+```
+
v1.0 Accessreviewinactiveusersqueryscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewinactiveusersqueryscope.md
+
+ Title: "accessReviewInactiveUsersQueryScope resource type"
+description: "A type of accessReviewQueryScope that allows only inactive users to be selected in the scope of an access review."
+
+localization_priority: Normal
++
+# accessReviewInactiveUsersQueryScope resource type
+
+Namespace: microsoft.graph
+
+A type of [accessReviewQueryScope](../resources/accessreviewqueryscope.md) that allows only inactive users to be selected in the scope of an access review. The duration of inactivity is calculated based on the user's last sign-in date against the access review instance's start date as defined in the **settings** property of [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md).
+
+Inherits from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|inactiveDuration|Duration|Defines the duration of inactivity. Inactivity is based on the last sign in date of the user compared to the access review instance's start date. If this property is not specified, it's assigned the default value `PT0S`.|
+|query|String|Inherited from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).|
+|queryRoot|String|Inherited from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).|
+|queryType|String|Inherited from [accessReviewQueryScope](../resources/accessreviewqueryscope.md).|
+
+You must also specify the **@odata.type** type property with the value `#microsoft.graph.accessReviewInactiveUsersQueryScope`. For more about configuration options for **scope** using **accessReviewInactiveUsersQueryScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewInactiveUsersQueryScope"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
+ "query": "String",
+ "queryType": "String",
+ "queryRoot": "String",
+ "inactiveDuration": "String (duration)"
+}
+```
v1.0 Accessreviewinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewinstance.md
+
+ Title: "accessReviewInstance resource type"
+description: "Represents a recurrence of an `accessReviewScheduleDefinition`."
+
+localization_priority: Normal
++
+# accessReviewInstance resource type
+
+Namespace: microsoft.graph
+
+Represents an Azure AD [access review](accessreviewsv2-root.md) recurrence. System-generated based off of the parent [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). All properties are read-only.
+
+If the instance is a part of a recurring access review, instances represent each recurrence. A review that does not recur will have exactly one instance. Instances also represent each unique resource being reviewed in the schedule definition. If a schedule definition reviews multiple resources, each resource will have a unique instance for each recurrence.
+
+Every **accessReviewInstance** contains a list of [decisions](accessreviewinstancedecisionitem.md) that reviewers can take action on. There is one decision per identity being reviewed.
+
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List accessReviewInstances](../api/accessreviewinstance-list.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Get a list of the [accessReviewInstance](../resources/accessreviewinstance.md) objects and their properties.|
+|[Get accessReviewInstance](../api/accessreviewinstance-get.md)|[accessReviewInstance](../resources/accessreviewinstance.md)|Read the properties and relationships of an [accessReviewInstance](../resources/accessreviewinstance.md) object.|
+|[stop](../api/accessreviewinstance-stop.md)|None|Manually stop an accessReviewInstance.|
+|[sendReminder](../api/accessreviewinstance-sendreminder.md)|None|Send a reminder to the reviewers of an accessReviewInstance.|
+|[resetDecisions](../api/accessreviewinstance-resetdecisions.md)|None|Resets all decision items on an instance to `notReviewed`|
+|[applyDecisions](../api/accessreviewinstance-applydecisions.md)|None|Manually apply decision on an accessReviewInstance.|
+|[acceptRecommendations](../api/accessreviewinstance-acceptrecommendations.md)|None| Allows the calling user to accept the decision recommendation for each NotReviewed accessReviewInstanceDecisionItem that they are the reviewer on for a specific accessReviewInstance.|
+|[batchRecordDecisions](../api/accessreviewinstance-batchrecorddecisions.md)|None|Review batches of principals or resources in one call.|
+|[filterByCurrentUser](../api/accessreviewinstance-filterbycurrentuser.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Returns all instance objects on a definition for which the calling user is the reviewer.|
+|[List decisions](../api/accessreviewinstance-list-decisions.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Get the accessReviewInstanceDecisionItem resources from the decisions navigation property.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+| id | String | Unique identifier of the instance. Inherited from [entity](../resources/entity.md). Supports `$select`. Read-only.|
+| startDateTime | DateTimeOffset | DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$select`. Read-only. |
+| endDateTime | DateTimeOffset | DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$select`. Read-only.|
+| status | String | Specifies the status of an accessReview. Possible values: `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only.|
+| scope | [accessReviewScope](accessreviewscope.md) | Created based on **scope** and **instanceEnumerationScope** at the accessReviewScheduleDefinition level. Defines the scope of users reviewed in a group. Supports `$select` and `$filter` (`contains` only). Read-only. |
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|decisions|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Each principal reviewed in an `accessReviewInstance` has a decision item representing if they were approved, denied, or not yet reviewed.|
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewInstance",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewInstance",
+ "id": "String (identifier)",
+ "startDateTime": "String (timestamp)",
+ "endDateTime": "String (timestamp)",
+ "status": "String",
+ "scope": {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ }
+}
+```
v1.0 Accessreviewinstancedecisionitem https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewinstancedecisionitem.md
+
+ Title: "accessReviewInstanceDecisionItem resource type"
+description: "Represents a decision on an accessReviewInstance."
+
+localization_priority: Normal
++
+# accessReviewInstanceDecisionItem resource type
+
+Namespace: microsoft.graph
+
+Represents an Azure AD [access review](accessreviewsv2-root.md) decision on an instance of a review. This decision represents the determination of an identity's access to a resource for a given [accessReviewInstance](accessreviewinstance.md).
+
+Each decision item is system-generated based off of the parent [accessReviewInstance](accessreviewinstance.md).
+
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List accessReviewInstanceDecisionItems](../api/accessreviewinstancedecisionitem-list.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Get a list of the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects and their properties.|
+|[Get accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-get.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.|
+|[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Update the properties of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.|
+|[filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Returns the decision items for which the calling user is the reviewer.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|accessReviewId|String|The identifier of the accessReviewInstance parent. Supports `$select`. Read-only.|
+|appliedBy|[userIdentity](../resources/useridentity.md)|The identifier of the user who applied the decision. Read-only.|
+|appliedDateTime|DateTimeOffset|The timestamp when the approval decision was applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$select`. Read-only.|
+|applyResult|String|The result of applying the decision. Possible values: `New`, `AppliedSuccessfully`, `AppliedWithUnknownFailure`, `AppliedSuccessfullyButObjectNotFound` and `ApplyNotSupported`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only.|
+|decision|String|Result of the review. Possible values: `Approve`, `Deny`, `NotReviewed`, or `DontKnow`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). |
+|id|String| The identifier of the decision. Inherited from [entity](../resources/entity.md). Supports `$select`. Read-only.|
+|justification|String|Justification left by the reviewer when they made the decision.|
+|principal|[identity](../resources/identity.md)|Every decision item in an access review represents a principal's access to a resource. This property represents details of the principal. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is "Bob" and the resource is "Sales". Principals can be of two types - userIdentity and servicePrincipalIdentity. Supports `$select`. Read-only.|
+|principalLink|String|A link to the principal object. For example, `https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9`. Read-only.|
+|recommendation|String|A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. Recommend approve if sign-in is within thirty days of start of review. Recommend deny if sign-in is greater than thirty days of start of review. Recommendation not available otherwise. Possible values: `Approve`, `Deny`, or `NoInfoAvailable`. Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only.|
+|resource|[accessReviewInstanceDecisionItemResource](../resources/accessreviewinstancedecisionitemresource.md)|Every decision item in an access review represents a principal's access to a resource. This property represents details of the resource. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is Bob and the resource is "Sales". Resources can be of multiple types. See [accessReviewInstanceDecisionItemResource](../resources/accessreviewinstancedecisionitemresource.md). Read-only.|
+|resourceLink|String|A link to the resource. For example, "https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8". Supports `$select`. Read-only.|
+|reviewedBy|[userIdentity](../resources/useridentity.md)| The identifier of the reviewer. Supports `$select`. Read-only.|
+|reviewedDateTime|DateTimeOffset| The timestamp when the review decision occurred. Supports `$select`. Read-only.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewInstanceDecisionItem",
+ "baseType": "microsoft.graph.entity",
+ "openType": true
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItem",
+ "id": "String (identifier)",
+ "accessReviewId": "String",
+ "reviewedBy": {
+ "@odata.type": "microsoft.graph.userIdentity"
+ },
+ "reviewedDateTime": "String (timestamp)",
+ "decision": "String",
+ "justification": "String",
+ "appliedBy": {
+ "@odata.type": "microsoft.graph.userIdentity"
+ },
+ "appliedDateTime": "String (timestamp)",
+ "applyResult": "String",
+ "recommendation": "String",
+ "principal": {
+ "@odata.type": "microsoft.graph.identity"
+ },
+ "principalLink": "String",
+ "resource": {
+ "@odata.type": "microsoft.graph.accessReviewInstanceDecisionItemResource"
+ },
+ "resourceLink": "String"
+}
+```
v1.0 Accessreviewinstancedecisionitemresource https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewinstancedecisionitemresource.md
+
+ Title: "accessReviewInstanceDecisionItemResource resource type"
+description: "Represents the resource associated with the decision item."
+
+localization_priority: Normal
++
+# accessReviewInstanceDecisionItemResource resource type
+
+Namespace: microsoft.graph
+
+Every decision item in an access review represents a principal's access to a resource. The accessReviewInstanceDecisionItemResource object represents the resource associated with the decision item.
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|displayName|String|Display name of the resource|
+|id|String|Identifier of the resource|
+|type|String|Type of resource. Types include: `Group`, `ServicePrincipal`, `DirectoryRole`, `AzureRole`, `AccessPackageAssignmentPolicy`.|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewInstanceDecisionItemResource"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemResource",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "type": "String"
+}
+```
v1.0 Accessreviewqueryscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewqueryscope.md
+
+ Title: "accessReviewQueryScope resource type"
+description: "Defines what needs to be reviewed in an access review."
+
+localization_priority: Normal
++
+# accessReviewQueryScope resource type
+
+Namespace: microsoft.graph
+
+An accessReviewQueryScope object defines what is reviewed in an [access review](../resources/accessreviewsv2-root.md). To scope an access review to inactive users, see [accessReviewInactiveUserQueryScope](../resources/accessreviewinactiveusersqueryscope.md).
+
+Inherits from [accessReviewScope](../resources/accessreviewscope.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|query|String|The query representing what will be reviewed in an access review.|
+|queryRoot|String|In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, `./manager`.|
+|queryType|String|Indicates the type of query. Types include `MicrosoftGraph` and `ARM`.|
+
+Specifying the **@odata.type** type property with the value `#microsoft.graph.accessReviewQueryScope` is highly recommended. For more about configuration options for **scope** using **accessReviewQueryScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewQueryScope"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewQueryScope",
+ "query": "String",
+ "queryType": "String",
+ "queryRoot": "String"
+}
+```
v1.0 Accessreviewreviewerscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewreviewerscope.md
doc_type: resourcePageType
Namespace: microsoft.graph
-The accessReviewReviewerScope defines who is specified in the [adminConsentRequestPolicy](../resources/adminconsentrequestpolicy.md) to review [appConsentRequests](../resources/appconsentrequest.md) and [userConsentRequests](../resources/appconsentrequest.md). This is expressed as an OData query, which allows reviewers to be specified both as a static list of users (i.e., specific users, group owners, group members) or dynamically (i.e., the case where every user is reviewed by their manager).
+The accessReviewReviewerScope defines who will review instances of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). It is an OData query that allows reviewers to be specified both as a static list of users (that is, specific users, group owners, and group members) or dynamically in which every user is reviewed by their manager or by group owners. To create a self-review (where users review their own access), do not provide reviewers on [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) creation.
-## Properties
+Inherits from [accessReviewScope](../resources/accessreviewscope.md).
-|Property|Type|Description|
-|:|:|:|
-|query|String|The query specifying who will be the reviewer. See table for examples. |
-|queryRoot|String|The type of query. Examples include `MicrosoftGraph` and `ARM`.|
-|queryType|String|In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query (i.e., `./manager`) is specified.|
+## Properties
+| Property | Type | Description |
+| :-| :- | :- |
+| query | String | The query specifying who will be the reviewer. See table for examples. |
+| queryType | String | The type of query. Examples include `MicrosoftGraph` and `ARM`. |
+| queryRoot | String | In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, `./manager`, is specified. Possible value: `decisions`. |
-### Supported queries for accessReviewReviewerScope
+For more about configuration options for **reviewers**, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept).
-|Scenario| query | queryType | queryRoot |
-|--|--|--|--|
-| Group owner as reviewer | /groups/{group id}/owners |MicrosoftGraph||
-| Specific user as reviewer | /users/{user id} |MicrosoftGraph||
-| Manager of user being reviewed as reviewer | ./manager | MicrosoftGraph |decisions|
## Relationships- None. ## JSON representation- The following is a JSON representation of the resource. <!-- { "blockType": "resource",
v1.0 Accessreviewscheduledefinition https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewscheduledefinition.md
+
+ Title: "accessReviewScheduleDefinition resource type"
+description: "Represents the scheduling of an Azure AD access review."
+
+localization_priority: Normal
++
+# accessReviewScheduleDefinition resource type
+
+Namespace: microsoft.graph
+
+Represents the scheduling of an Azure AD [access review](accessreviewsv2-root.md).
+
+An accessReviewScheduleDefinition contains a list of [accessReviewInstance](accessreviewinstance.md) objects. Each recurrence of the schedule definition creates an instance. Instances also represent each unique resource being reviewed. If a schedule definition reviews multiple resources, each resource has a unique instance per each recurrence. In the case of a one-time review, only one instance is created per resource.
+
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+|Method|Return type|Description|
+|:|:|:|
+|[List accessReviewScheduleDefinitions](../api/accessreviewscheduledefinition-list.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) collection | Lists every accessReviewScheduleDefinition. Does not include associated accessReviewInstance objects in the results. |
+|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Get an accessReviewScheduleDefinition with a specified **id**. Does not include associated accessReviewInstance objects in the results. |
+|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md) | [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) | Create a new accessReviewScheduleDefinition. |
+|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md) | None. | Delete an accessReviewScheduleDefinition with a specified **id**. |
+|[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md) | None. | Update properties of an accessReviewScheduleDefinition with a specified **id**. |
+|[filterByCurrentUser](../api/accessreviewscheduledefinition-filterbycurrentuser.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection|Retrieves all definitions for which the calling user is a reviewer on one or more instance.|
+|[List instances](../api/accessreviewscheduledefinition-list-instances.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Get the accessReviewInstance resources from the instances navigation property.|
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+| id | String | The feature-assigned unique identifier of an access review. Supports `$select`. Read-only.|
+| displayName | String | Name of the access review series. Supports `$select` and `$orderBy`. Required on create. |
+| createdDateTime |DateTimeOffset | Timestamp when the access review series was created. Supports `$select` and `$orderBy`. Read-only. |
+| lastModifiedDateTime | DateTimeOffset | Timestamp when the access review series was last modified. Supports `$select`. Read-only.|
+| status |String | This read-only field specifies the status of an access review. The typical states include `Initializing`, `NotStarted`, `Starting`, `InProgress`, `Completing`, `Completed`, `AutoReviewing`, and `AutoReviewed`. <br>Supports `$select`, `$orderby`, and `$filter` (`eq` only). Read-only. |
+| descriptionForAdmins |string | Description provided by review creators to provide more context of the review to admins. Supports `$select`. |
+| descriptionForReviewers |string | Description provided by review creators to provide more context of the review to reviewers. Reviewers will see this description in the email sent to them requesting their review. Supports `$select`. |
+| createdBy |[userIdentity](../resources/useridentity.md) | User who created this review. Read-only. |
+| scope |[accessReviewScope](../resources/accessreviewscope.md) | Defines scope of resources to review. For supported scopes, see [accessReviewScope](accessreviewscope.md). Required on create. Supports `$select` and `$filter` (`contains` only). For examples of options for configuring scope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept). |
+| instanceEnumerationScope|[accessReviewScope](../resources/accessreviewscope.md) | This property is required when scoping a review to guest users' access across all Microsoft 365 groups and determines which Microsoft 365 groups are reviewed. Each group will become a unique **accessReviewInstance** of the access review series. For supported scopes, see [accessReviewScope](accessreviewscope.md). Supports `$select`. For examples of options for configuring instanceEnumerationScope, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept). |
+| settings |[accessReviewScheduleSettings](../resources/accessreviewschedulesettings.md)| The settings for an access review series, see type definition below. Supports `$select`. Required on create. |
+| reviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of access review scopes is used to define who are the reviewers. The reviewers property is only updatable if individual users are assigned as reviewers. Required on create. Supports `$select`. For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept). |
+| fallbackReviewers |[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection| This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. See [accessReviewReviewerScope](accessreviewreviewerscope.md). Replaces **backupReviewers**. Supports `$select`. |
+
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+| instances|[accessReviewInstance](accessreviewinstance.md) collection | If the **accessReviewScheduleDefinition** is a recurring access review, instances represent each recurrence. A review that does not recur will have exactly one instance. Instances also represent each unique resource under review in the **accessReviewScheduleDefinition**. If a review has multiple resources and multiple instances, each resource will have a unique instance for each recurrence. |
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "keyProperty": "id",
+ "@odata.type": "microsoft.graph.accessReviewScheduleDefinition",
+ "baseType": "microsoft.graph.entity",
+ "openType": false
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewScheduleDefinition",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "createdDateTime": "String (timestamp)",
+ "lastModifiedDateTime": "String (timestamp)",
+ "status": "String",
+ "descriptionForAdmins": "String",
+ "descriptionForReviewers": "String",
+ "createdBy": {
+ "@odata.type": "microsoft.graph.userIdentity"
+ },
+ "scope": {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ },
+ "reviewers": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewReviewerScope"
+ }
+ ],
+ "fallbackReviewers": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewReviewerScope"
+ }
+ ],
+ "instanceEnumerationScope": {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ },
+ "settings": {
+ "@odata.type": "microsoft.graph.accessReviewScheduleSettings"
+ }
+}
+```
v1.0 Accessreviewschedulesettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewschedulesettings.md
+
+ Title: "accessReviewScheduleSettings resource type"
+description: "Represents the settings associated with an access review series."
+
+localization_priority: Normal
++
+# accessReviewScheduleSettings resource type
+
+Namespace: microsoft.graph
+
+The **accessReviewScheduleSettings** defines the settings of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+| mailNotificationsEnabled|Boolean | Indicates whether emails are enabled or disabled. Default value is `false`. |
+| reminderNotificationsEnabled|Boolean | Indicates whether reminders are enabled or disabled. Default value is `false`. |
+| justificationRequiredOnApproval|Boolean | Indicates whether reviewers are required to provide justification with their decision. Default value is `false`. |
+| defaultDecisionEnabled|Boolean | Indicates whether the default decision is enabled or disabled when reviewers do not respond. Default value is `false`. |
+| defaultDecision|String | Decision chosen if **defaultDecisionEnabled** is `true`. Can be one of `Approve`, `Deny`, or `Recommendation`. |
+| instanceDurationInDays|Int32 | Duration of each recurrence of review (**accessReviewInstance**) in number of days. |
+| recurrence|[patternedRecurrence](../resources/patternedrecurrence.md) | Detailed settings for recurrence using the standard Outlook recurrence object. Only `weekly` and `absoluteMonthly` on **recurrencePattern** are supported. Use the property **startDate** on **recurrenceRange** to determine the day the review starts. |
+| autoApplyDecisionsEnabled|Boolean | Indicates whether decisions are automatically applied. When set to `false`, a user must apply the decisions manually once the reviewer completes the access review. When set to `true`, decisions are applied automatically after the access review instance duration ends, whether or not the reviewers have responded. Default value is `false`. |
+| applyActions|[accessReviewApplyAction](../resources/accessreviewapplyaction.md) collection | Optional field. Describes the actions to take once a review is complete. There are two types that are currently supported: `removeAccessApplyAction` (default) and `disableAndDeleteUserApplyAction`. Field only needs to be specified in the case of `disableAndDeleteUserApplyAction`. See [accessReviewApplyAction](accessreviewapplyaction.md). |
+| recommendationsEnabled|Boolean | Indicates whether decision recommendations are enabled or disabled. |
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewScheduleSettings"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewScheduleSettings",
+ "mailNotificationsEnabled": "Boolean",
+ "reminderNotificationsEnabled": "Boolean",
+ "justificationRequiredOnApproval": "Boolean",
+ "defaultDecisionEnabled": "Boolean",
+ "defaultDecision": "String",
+ "instanceDurationInDays": "Integer",
+ "recurrence": {
+ "@odata.type": "microsoft.graph.patternedRecurrence"
+ },
+ "autoApplyDecisionsEnabled": "Boolean",
+ "applyActions": [
+ {
+ "@odata.type": "microsoft.graph.removeAccessApplyAction"
+ }
+ ],
+ "recommendationsEnabled": "Boolean"
+}
+```
v1.0 Accessreviewscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewscope.md
+
+ Title: "accessReviewScope resource type"
+description: "Represents the entities that need to be reviewed in an access review."
+
+localization_priority: Normal
++
+# accessReviewScope resource type
+
+Namespace: microsoft.graph
+
+The **accessReviewScope** defines what entities will be reviewed in an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md). It is an abstract type that is inherited by [accessReviewQueryScope](accessreviewqueryscope.md), [principalResourceMembershipsScope](principalresourcemembershipsscope.md) and [accessReviewReviewerScope](accessreviewreviewerscope.md).
+
+For **scope** property on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) see [accessReviewQueryScope](accessreviewqueryscope.md) and [principalResourceMembershipsScope](principalresourcemembershipsscope.md).
+
+For **reviewers** property on an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) see [accessReviewReviewerScope](accessreviewreviewerscope.md).
+
+Specifying the OData type in the **scope** is highly recommended for all types but required for [principalResourceMembershipsScope](principalresourcemembershipsscope.md) and [accessReviewInactiveUserQueryScope](../resources/accessreviewinactiveusersqueryscope.md).
+
+## Properties
+None.
++
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.accessReviewScope"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.accessReviewScope"
+}
+```
v1.0 Accessreviewsv2 Root https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/accessreviewsv2-root.md
+
+ Title: "Azure AD access reviews"
+description: "Use Azure AD access reviews to configure one-time or recurring access reviews for attestation of user's access rights to Azure AD resources."
+localization_priority: Normal
+++
+# Azure AD access reviews
+
+Namespace: microsoft.graph
++
+Use [Azure AD access reviews](/azure/active-directory/active-directory-azure-ad-controls-access-reviews-overview) to configure one-time or recurring access reviews for attestation of user's access rights to Azure AD resources.
+
+Typical customer scenarios for access reviews of group memberships and application and Azure AD role access are:
+
+- Customers can review and certify guest user access to applications, Azure AD roles, and memberships of groups. Reviewers can use the insights that are provided to efficiently decide whether guests should have continued access.
+
+- Customers can review and certify employee access to applications, Azure AD roles, and group memberships with access reviews.
+
+The access reviews feature, including the API, is available only with a valid purchase or trial license of Azure AD Premium P2 or EMS E5 subscription.
++
+## Methods
+
+The following table lists the methods that you can use to interact with access review-related resources.
+
+| Method | Return type |Description|
+|:|:--|:-|
+|[List accessReviewScheduleDefinitions](../api/accessreviewscheduledefinition-list.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection|Get a list of the [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) objects and their properties.|
+|[Create accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-post.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md)|Create a new [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.|
+|[Get accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-get.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md)|Read the properties and relationships of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.|
+|[Update accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-update.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md)|Update the properties of an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.|
+|[Delete accessReviewScheduleDefinition](../api/accessreviewscheduledefinition-delete.md)|None|Deletes an [accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) object.|
+|[accessReviewScheduleDefinition: filterByCurrentUser](../api/accessreviewscheduledefinition-filterbycurrentuser.md)|[accessReviewScheduleDefinition](../resources/accessreviewscheduledefinition.md) collection|Returns all definitions where the calling user is the reviewer of any instances.|
+|[List accessReviewInstances](../api/accessreviewinstance-list.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Get a list of the [accessReviewInstance](../resources/accessreviewinstance.md) objects and their properties.|
+|[Get accessReviewInstance](../api/accessreviewinstance-get.md)|[accessReviewInstance](../resources/accessreviewinstance.md)|Read the properties and relationships of an [accessReviewInstance](../resources/accessreviewinstance.md) object.|
+|[accessReviewInstance: stop](../api/accessreviewinstance-stop.md)|None|Manually stop an accessReviewInstance.|
+|[accessReviewInstance: sendReminder](../api/accessreviewinstance-sendreminder.md)|None|Send a reminder to the reviewers of an accessReviewInstance.|
+|[accessReviewInstance: resetDecisions](../api/accessreviewinstance-resetdecisions.md)|None|Resets all decision items on an instance to `notReviewed`|
+|[accessReviewInstance: applyDecisions](../api/accessreviewinstance-applydecisions.md)|None|Manually apply decision on an accessReviewInstance.|
+|[accessReviewInstance: acceptRecommendations](../api/accessreviewinstance-acceptrecommendations.md)|None| Allows the calling user to accept the decision recommendation for each NotReviewed accessReviewInstanceDecisionItem that they are the reviewer on for a specific accessReviewInstance.|
+|[accessReviewInstance: batchRecordDecisions](../api/accessreviewinstance-batchrecorddecisions.md)|None|Review batches of principals or resources in one call.|
+|[accessReviewInstance: filterByCurrentUser](../api/accessreviewinstance-filterbycurrentuser.md)|[accessReviewInstance](../resources/accessreviewinstance.md) collection|Returns all instance objects on a definition for which the calling user is the reviewer.|
+|[List accessReviewInstanceDecisionItems](../api/accessreviewinstancedecisionitem-list.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Get a list of the [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) objects and their properties.|
+|[Get accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-get.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Read the properties and relationships of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.|
+|[Update accessReviewInstanceDecisionItem](../api/accessreviewinstancedecisionitem-update.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md)|Update the properties of an [accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) object.|
+|[accessReviewInstanceDecisionItem: filterByCurrentUser](../api/accessreviewinstancedecisionitem-filterbycurrentuser.md)|[accessReviewInstanceDecisionItem](../resources/accessreviewinstancedecisionitem.md) collection|Returns the decision items for which the calling user is the reviewer of.|
++
+## Role and application permission authorization checks
+
+The following directory roles are required for a calling user to manage access reviews.
+
+| Operation | Application permissions | Required directory role of the calling user |
+|:|:|:--|
+| Read | AccessReview.Read.All or AccessReview.ReadWrite.All | Global Administrator, Global Reader, Security Administrator, Security Reader or User Administrator |
+| Create, Update or Delete | AccessReview.ReadWrite.All | Global Administrator or User Administrator |
+
+In addition, a user who is an assigned reviewer of an access review can manage their decisions, without needing to be in a directory role.
+
+## See also
+
+- [How an administrator can manage user access with Azure AD access reviews](/azure/active-directory/active-directory-azure-ad-controls-manage-user-access-with-access-reviews)
+- [How an administrator can manage guest access with Azure AD access reviews](/azure/active-directory/active-directory-azure-ad-controls-manage-guest-access-with-access-reviews)
v1.0 Disableanddeleteuserapplyaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/disableanddeleteuserapplyaction.md
+
+ Title: "disableAndDeleteUserApplyAction resource type"
+description: "Disable and delete any B2B guest user who is denied in an access review."
+
+localization_priority: Normal
++
+# disableAndDeleteUserApplyAction resource type
+
+Namespace: microsoft.graph
+
+Disable any B2B guest user who is denied in an access review for 30 days, and then subsequently delete their account. This option does not contain any configuration options.
+
+Inherits from [accessReviewApplyAction](../resources/accessreviewapplyaction.md).
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.disableAndDeleteUserApplyAction"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.disableAndDeleteUserApplyAction"
+}
+```
v1.0 Group https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/group.md
This resource supports:
|hideFromAddressLists |Boolean |True if the group is not displayed in certain parts of the Outlook UI: the **Address Book**, address lists for selecting message recipients, and the **Browse Groups** dialog for searching groups; otherwise, false. Default value is `false`. <br><br>Returned only on `$select`. Supported only on the Get group API (`GET /groups/{ID}`).| |hideFromOutlookClients |Boolean |True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is `false`. <br><br>Returned only on `$select`. Supported only on the Get group API (`GET /groups/{ID}`).| |id|String|The unique identifier for the group. <br><br>Returned by default. Inherited from [directoryObject](directoryobject.md). Key. Not nullable. Read-only.|
+|isAssignableToRole|Boolean|Indicates whether this group can be assigned to an Azure Active Directory role or not.<br><br>This property can only be set while creating the group and is immutable. Only Global Administrator and Privileged Role Administrator roles can set this property. For more information, see [Using a group to manage Azure AD role assignments](https://go.microsoft.com/fwlink/?linkid=2103037)<br><br>Returned by default.|
|isSubscribedByMail|Boolean|Indicates whether the signed-in user is subscribed to receive email conversations. Default value is `true`. <br><br>Returned only on `$select`. Supported only on the Get group API (`GET /groups/{ID}`). | |licenseProcessingState|String|Indicates status of the group license assignment to all members of the group. Default value is `false`. Read-only. Possible values: `QueuedForProcessing`, `ProcessingInProgress`, and `ProcessingComplete`.<br><br>Returned only on `$select`. Read-only.| |mail|String|The SMTP address for the group, for example, "serviceadmins@contoso.onmicrosoft.com". <br><br>Returned by default. Read-only. Supports `$filter`.|
The following is a JSON representation of the resource.
"events", "extensions", "groupLifecyclePolicies",
+ "isAssignableToRole",
"memberOf", "members", "onenote",
The following is a JSON representation of the resource.
"hideFromOutlookClients": false, "id": "string (identifier)", "isSubscribedByMail": true,
+ "isAssignableRole": false,
"licenseProcessingState": "string", "mail": "string", "mailEnabled": true,
v1.0 Licenseunitsdetail https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/licenseunitsdetail.md
Title: "licenseUnitsDetail resource type" description: "The **prepaidUnits** property of the subscribedSku entity is of type **licenseUnitsDetail**." localization_priority: Normal-+ ms.prod: "directory-management" doc_type: resourcePageType
doc_type: resourcePageType
Namespace: microsoft.graph
-The **prepaidUnits** property of the [subscribedSku](subscribedsku.md) entity is of type **licenseUnitsDetail**.
+The **prepaidUnits** property of the [subscribedSku](subscribedsku.md) entity is of type **licenseUnitsDetail**. For more information on the progression states of a subscription, see [What if my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires?view=o365-worldwide)
## Properties | Property | Type |Description| |:-|:--|:-|
-|enabled|Int32| The number of units that are enabled. |
-|suspended|Int32| The number of units that are suspended. |
-|warning|Int32| The number of units that are in warning status. |
+|enabled|Int32| The number of units that are enabled for the active subscription of the service SKU. |
+|suspended|Int32| The number of units that are suspended because the subscription of the service SKU has been cancelled. The units cannot be assigned but can still be reactivated before they are deleted. |
+|warning|Int32| The number of units that are in warning status. When the subscription of the service SKU has expired, the customer has a grace period to renew their subscription before it is cancelled (moved to a **suspended** state). |
## JSON representation
v1.0 Passwordprofile https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/passwordprofile.md
Contains the password profile associated with a user. The **passwordProfile** pr
## Properties | Property | Type |Description| |:|:--|:-|
-|forceChangePasswordNextSignIn|Boolean| `true` if the user must change her password on the next login; otherwise `false`. |
+|forceChangePasswordNextSignIn|Boolean| `true` if the user must change her password on the next login; otherwise `false`. If not set, default is `false`. **NOTE:** For Azure B2C tenants, set to `false` and instead use custom policies and user flows to force password reset at first sign in. See [Force password reset at first logon](https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon).|
|forceChangePasswordNextSignInWithMfa|Boolean| If `true`, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to **forceChangePasswordNextSignIn** except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to `false`. If not set, default is `false`. | |password|String|The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the userΓÇÖs **passwordPolicies** property. By default, a strong password is required.|
v1.0 Patternedrecurrence https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/patternedrecurrence.md
The recurrence pattern and range.
## Properties | Property | Type |Description| |:|:--|:-|
-|pattern|[RecurrencePattern](recurrencepattern.md)|The frequency of an event.|
+|pattern|[RecurrencePattern](recurrencepattern.md)|The frequency of an event. Do not specify for a one-time access review.|
|range|[RecurrenceRange](recurrencerange.md)|The duration of an event.| ## JSON representation
v1.0 Principalresourcemembershipsscope https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/principalresourcemembershipsscope.md
+
+ Title: "principalResourceMembershipsScope resource type"
+description: "Allows for the selection of access review scope to review access of the selected principals to the selected resources."
+
+localization_priority: Normal
++
+# principalResourceMembershipsScope resource type
+
+Namespace: microsoft.graph
+
+The principalResourceMembershipsScope is a type of [accessReviewScope](accessreviewscope.md) which allows you to select a collection of principal scopes and a collection of resource scopes and review access of selected principals to selected resources. It is used to configure the **scope** property of an [accessReviewScheduleDefinition](accessreviewscheduledefinition.md).
+
+Inherits from [accessReviewScope](../resources/accessreviewscope.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|principalScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the principals whose access to resources are reviewed in the access review.|
+|resourceScopes|[accessReviewScope](../resources/accessreviewscope.md) collection|Defines the scopes of the resources for which access is reviewed.|
+
+You must also specify the **@odata.type** type property with the value `#microsoft.graph.principalResourceMembershipsScope`. For more about configuration options for **scope** using **principalResourceMembershipsScope**, see [Configure the scope of your access review definition using the Microsoft Graph API](/graph/accessreviews-scope-concept).
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.principalResourceMembershipsScope"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
+ "principalScopes": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ }
+ ],
+ "resourceScopes": [
+ {
+ "@odata.type": "microsoft.graph.accessReviewScope"
+ }
+ ]
+}
+```
v1.0 Printerstatus https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/printerstatus.md
The following is a JSON representation of the resource.
"description": "String" } ```-
v1.0 Removeaccessapplyaction https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/removeaccessapplyaction.md
+
+ Title: "removeAccessApplyAction resource type"
+description: "Removes access to a resource for those denied in an access review."
+
+localization_priority: Normal
++
+# removeAccessApplyAction resource type
+
+Namespace: microsoft.graph
+
+Removes access to a resource for those denied in an access review of that resource. This is the default option chosen for [accessReviewApplyAction](../resources/accessreviewapplyaction.md) if an option is not passed in.
+
+Inherits from [accessReviewApplyAction](../resources/accessreviewapplyaction.md).
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.removeAccessApplyAction"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.removeAccessApplyAction"
+}
+```
v1.0 Serviceprincipalidentity https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/serviceprincipalidentity.md
+
+ Title: "servicePrincipalIdentity resource type"
+description: "Models a service principal identity."
+
+localization_priority: Normal
++
+# servicePrincipalIdentity resource type
+
+Namespace: microsoft.graph
+
+Models a service principal identity.
+
+Inherits from [identity](../resources/identity.md).
+
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appId|String|The application identifier of the service principal.|
+|displayName|String|The display name of the service principal identity. Inherited from [identity](../resources/identity.md)|
+|id|String|The identifier of the service principal identity. Inherited from [identity](../resources/identity.md)|
+
+## Relationships
+None.
+
+## JSON representation
+The following is a JSON representation of the resource.
+<!-- {
+ "blockType": "resource",
+ "@odata.type": "microsoft.graph.servicePrincipalIdentity"
+}
+-->
+``` json
+{
+ "@odata.type": "#microsoft.graph.servicePrincipalIdentity",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "appId": "String"
+}
+```
v1.0 Subscribedsku https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/subscribedsku.md
Only the read operation is supported on subscribed SKUs; create, update, and del
| Property | Type |Description| |:|:--|:-| |appliesTo|String| For example, "User" or "Company". |
-|capabilityStatus|String| Possible values are: `Enabled`, `Warning`, `Suspended`, `Deleted`, `LockedOut`. |
+|capabilityStatus|String| Possible values are: `Enabled`, `Warning`, `Suspended`, `Deleted`, `LockedOut`. The capabilityStatus is `Enabled` if the **prepaidUnits** property has at least 1 unit that is **enabled**, and `LockedOut` if the customer cancelled their subscription. |
|consumedUnits|Int32| The number of licenses that have been assigned. | |id|String| The unique identifier for the subscribed sku object. Key, not nullable. | |prepaidUnits|[licenseUnitsDetail](licenseunitsdetail.md)| Information about the number and status of prepaid licenses. |
v1.0 Teamsasyncoperationtype https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/teamsasyncoperationtype.md
Types of [teamsAsyncOperation](teamsasyncoperation.md). Members will be added he
|cloneTeam|1|Operation to clone a team.| |archiveTeam|2|Operation to archive a team.| |unarchiveTeam|3|Operation to restore an archived team.|
-|createTeam|3|Operation to create a team from scratch.|
--
+|createTeam|4|Operation to create a team from scratch.|
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
href: api/identityapiconnector-delete.md - name: Governance items:
- - name: Consent requests
- href: resources/consentrequests-root.md
+ - name: Access reviews
+ href: resources/accessreviewsv2-root.md
+ items:
+ - name: Access review schedule definition
+ href: resources/accessreviewscheduledefinition.md
items:
- - name: Admin consent request policy
- href: resources/adminconsentrequestpolicy.md
- items:
- - name: Get
- href: api/adminconsentrequestpolicy-get.md
- - name: Update
- href: api/adminconsentrequestpolicy-update.md
+ - name: List
+ href: api/accessreviewscheduledefinition-list.md
+ - name: List instances
+ href: api/accessreviewscheduledefinition-list-instances.md
+ - name: Get
+ href: api/accessreviewscheduledefinition-get.md
+ - name: Create
+ href: api/accessreviewscheduledefinition-post.md
+ - name: Delete
+ href: api/accessreviewscheduledefinition-delete.md
+ - name: Update
+ href: api/accessreviewscheduledefinition-update.md
+ - name: Filter by current user
+ href: api/accessreviewscheduledefinition-filterbycurrentuser.md
+ - name: Access review instance
+ href: resources/accessreviewinstance.md
+ items:
+ - name: List
+ href: api/accessreviewinstance-list.md
+ - name: List decisions
+ href: api/accessreviewinstance-list-decisions.md
+ - name: Get
+ href: api/accessreviewinstance-get.md
+ - name: Accept recommendations
+ href: api/accessreviewinstance-acceptrecommendations.md
+ - name: Apply decisions
+ href: api/accessreviewinstance-applydecisions.md
+ - name: Batch record decisions
+ href: api/accessreviewinstance-batchrecorddecisions.md
+ - name: Filter by current user
+ href: api/accessreviewinstance-filterbycurrentuser.md
+ - name: Reset decisions
+ href: api/accessreviewinstance-resetdecisions.md
+ - name: Send reminder
+ href: api/accessreviewinstance-sendreminder.md
+ - name: Stop
+ href: api/accessreviewinstance-stop.md
+ - name: Access review instance decision item
+ href: resources/accessreviewinstancedecisionitem.md
+ items:
+ - name: Get
+ href: api/accessreviewinstancedecisionitem-get.md
+ - name: List
+ href: api/accessreviewinstancedecisionitem-list.md
+ - name: Update
+ href: api/accessreviewinstancedecisionitem-update.md
+ - name: Filter by current user
+ href: api/accessreviewinstancedecisionitem-filterbycurrentuser.md
+ - name: Consent requests
+ href: resources/consentrequests-root.md
+ items:
+ - name: Admin consent request policy
+ href: resources/adminconsentrequestpolicy.md
+ items:
+ - name: Get
+ href: api/adminconsentrequestpolicy-get.md
+ - name: Update
+ href: api/adminconsentrequestpolicy-update.md
- name: App consent requests href: resources/appconsentrequest.md items:
items:
href: api/appconsentrequest-get.md - name: Filter by current user href: api/appconsentrequest-filterByCurrentUser.md
- - name: User consent requests
- href: resources/userconsentrequest.md
- items:
- - name: List
- href: api/userconsentrequest-list.md
- - name: Get
- href: api/userconsentrequest-get.md
- - name: Filter by current user
- href: api/userconsentrequest-filterByCurrentUser.md
- - name: Terms of use
+ - name: User consent requests
+ href: resources/userconsentrequest.md
items:
- - name: Agreement
- href: resources/agreement.md
- name: List
- href: api/agreement-list.md
- - name: Create
- href: api/agreement-post-agreements.md
+ href: api/userconsentrequest-list.md
- name: Get
- href: api/agreement-get.md
- - name: Update
- href: api/agreement-update.md
- - name: Delete
- href: api/agreement-delete.md
- - name: List acceptance status
- href: api/user-list-agreementacceptances.md
+ href: api/userconsentrequest-get.md
+ - name: Filter by current user
+ href: api/userconsentrequest-filterByCurrentUser.md
+ - name: Terms of use
+ items:
+ - name: Agreement
+ href: resources/agreement.md
+ - name: List
+ href: api/agreement-list.md
+ - name: Create
+ href: api/agreement-post-agreements.md
+ - name: Get
+ href: api/agreement-get.md
+ - name: Update
+ href: api/agreement-update.md
+ - name: Delete
+ href: api/agreement-delete.md
+ - name: List acceptance status
+ href: api/user-list-agreementacceptances.md
- name: Mail displayName: Outlook, Outlook mail items: