Create and manage downloadable access review history report (Preview) in Azure AD access reviews
With Azure Active Directory (Azure AD) Access Reviews, you can create a downloadable review history to help your organization gain more insight. The report pulls the decisions that were taken by reviewers when a report is created. These reports can be constructed to include specific access reviews, for a specific time frame, and can be filtered to include different review types and review results.
Who can access and request review history
Review history and request review history are available for any user if they're authorized to view access reviews. To see which roles can view and create access reviews, see What resource types can be reviewed?. Global Administrator and Global Reader can see all access reviews. All other users are only allowed to see reports on access reviews that they've generated.
How to create a review history report
Prerequisite role: All users authorized to view access reviews
In the Azure portal, select Azure Active Directory and then select Identity Governance.
In the left menu, under Access Reviews select Review history.
Select New report.
Specify a review start and end date.
Select the review types and review results you want to include in the report.
Then select create to create an Access Review History Report.
How to download review history reports
Once a review history report is created, you can download it. All reports that are created are available for download for 30 days in CSV format.
- Select Review History under Identity Governance. All review history reports that you created will be available.
- Select the report you wish to download.
What is included in a review history report?
The reports provide details on a per-user basis showing the following:
|AccessReviewId||Review object id|
|ReviewType||Review types include group, application, Azure AD role, Azure role, and access package|
|ResourceDisplayName||Display Name of the resource being reviewed|
|ResourceId||Id of the resource being reviewed|
|ReviewName||Name of the review|
|CreatedDateTime||Creation datetime of the review|
|ReviewStartDate||Start date of the review|
|ReviewEndDate||End date of the review|
|ReviewStatus||Status of the review. For all review statuses, see the access review status table here|
|OwnerId||Reviewer owner ID|
|OwnerName||Reviewer owner name|
|OwnerUPN||Reviewer owner User Principal Name|
|PrincipalId||Id of the principal being reviewed|
|PrincipalName||Name of the principal being reviewed|
|PrincipalUPN||Principal Name of the user being reviewed|
|PrincipalType||Type of the principal. Options include user, group, and service principal|
|ReviewDate||Date of the review|
|ReviewResult||Review results include Deny, Approve, and Not reviewed|
|Justification||Justification for review result provided by reviewer|
|ReviewerUPN||Reviewer User Principal Name|
|ReviewerEmailAddress||Reviewer email address|
|AppliedByName||Name of the user who applied the review result|
|AppliedByUPN||User Principal Name of the user who applied the review result|
|AppliedByEmailAddress||Email address of the user who applied the review result|
|AppliedDate||Date when the review result were applied|
|AccessRecommendation||System recommendations include Approve, Deny, and No Info|
|SubmissionResult||Review result submission status include applied, and not applied.|