Create and manage downloadable access review history report (Preview) in Azure AD access reviews

With Azure Active Directory (Azure AD) Access Reviews, you can create a downloadable review history to help your organization gain more insight. The report pulls the decisions that were taken by reviewers when a report is created. These reports can be constructed to include specific access reviews, for a specific time frame, and can be filtered to include different review types and review results.

Who can access and request review history

Review history and request review history are available for any user if they're authorized to view access reviews. To see which roles can view and create access reviews, see What resource types can be reviewed?. Global Administrator and Global Reader can see all access reviews. All other users are only allowed to see reports on access reviews that they've generated.

How to create a review history report

Prerequisite role: All users authorized to view access reviews

  1. In the Azure portal, select Azure Active Directory and then select Identity Governance.

  2. In the left menu, under Access Reviews select Review history.

  3. Select New report.

  4. Specify a review start and end date.

  5. Select the review types and review results you want to include in the report.

    Access Reviews - Access Review History Report - Create

  6. Then select create to create an Access Review History Report.

How to download review history reports

Once a review history report is created, you can download it. All reports that are created are available for download for 30 days in CSV format.

  1. Select Review History under Identity Governance. All review history reports that you created will be available.
  2. Select the report you wish to download.

What is included in a review history report?

The reports provide details on a per-user basis showing the following:

Element name Description
AccessReviewId Review object id
ReviewType Review types include group, application, Azure AD role, Azure role, and access package
ResourceDisplayName Display Name of the resource being reviewed
ResourceId Id of the resource being reviewed
ReviewName Name of the review
CreatedDateTime Creation datetime of the review
ReviewStartDate Start date of the review
ReviewEndDate End date of the review
ReviewStatus Status of the review. For all review statuses, see the access review status table here
OwnerId Reviewer owner ID
OwnerName Reviewer owner name
OwnerUPN Reviewer owner User Principal Name
PrincipalId Id of the principal being reviewed
PrincipalName Name of the principal being reviewed
PrincipalUPN Principal Name of the user being reviewed
PrincipalType Type of the principal. Options include user, group, and service principal
ReviewDate Date of the review
ReviewResult Review results include Deny, Approve, and Not reviewed
Justification Justification for review result provided by reviewer
ReviewerId Reviewer Id
ReviewerName Reviewer Name
ReviewerUPN Reviewer User Principal Name
ReviewerEmailAddress Reviewer email address
AppliedByName Name of the user who applied the review result
AppliedByUPN User Principal Name of the user who applied the review result
AppliedByEmailAddress Email address of the user who applied the review result
AppliedDate Date when the review result were applied
AccessRecommendation System recommendations include Approve, Deny, and No Info
SubmissionResult Review result submission status include applied, and not applied.

Next steps