Get-MgIdentityGovernanceLifecycleWorkflow does not return all Lifecycle Workflows #3118
Description
Describe the bug
I am trying to export all Identity Governance Lifecycle Workflows in my tenant but Get-MgIdentityGovernanceLifecycleWorkflow -All only returns 12 of 17. Even when specifying the 'missing' workflows by Workflow ID or filtering by displayName, they are not returned. I cannot see anything in common about the five workflows that are not found. All are enabled and functioning in the tenant. Is there some sort of ACL or permissions missing?
I am a member of Lifecycle Administrators role and accessing with Graph scope LifecycleWorkflows.ReadWrite.All.
Expected behavior
Expected behavior is for all 17 workflows to be returned by the command.
Expected behavior is for workflow to be returned when queried by Workflow ID
Expected behavior is for workflow to be returned when queried by displayName
How to reproduce
- Execute Get-MgIdentityGovernanceLifecycleWorkflow -All
- Returns 12 workflows when 17 are present in tenant
SDK Version
No response
Latest version known to work for scenario above?
2.24.0 Microsoft.Graph.Identity.Governance
Known Workarounds
No response
Debug output
Get-MgIdentityGovernanceLifecycleWorkflow -All -Debug
[CmdletBeginProcessing]: - Get-MgIdentityGovernanceLifecycleWorkflow begin processing with parameterSet 'List'.
[Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
[Authentication]: - Scopes: [Application.Read.All, AppRoleAssignment.ReadWrite.All, Directory.Read.All, LifecycleWorkflows.ReadWrite.All, openid, profile, RoleManagement.ReadWrite.Directory, User.Read, User.Read.All, User.ReadWrite.All, email].
============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://graph.microsoft.com/v1.0/identityGovernance/lifecycleWorkflows/workflows
Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; en-US),PowerShell/2025.0.0
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.24.0
client-request-id : 2583774c-1a36-4033-a7a9-8d0021826bfa
Body:
============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 7018c009-388b-4e23-a8cf-b49245affb15
client-request-id : 2583774c-1a36-4033-a7a9-8d0021826bfa
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Canada Central","Slice":"E","Ring":"3","ScaleUnit":"001","RoleInstance":"YT1PEPF00001AC4"}}
odata-version : 4.0
Date : Tue, 11 Feb 2025 12:40:53 GMT
Body:
<--omitted for client privacy-->
Category CreatedDateTime Description
mover 11/23/2024 9:22:41 PM Execute real-time tasks for employee job changes
leaver 11/29/2024 7:52:19 PM Configure offboarding tasks for employees after their last day of work
mover 11/29/2024 7:59:03 PM User Manager Updates
leaver 11/29/2024 8:09:05 PM Execute real-time termination tasks for employees on their last day of work
leaver 11/29/2024 8:14:31 PM Configure pre-offboarding tasks for employees before their last day of work
mover 11/29/2024 8:18:05 PM User Department Change
joiner 11/30/2024 3:20:21 PM Configure new hire tasks for onboarding employees on their first day
joiner 12/2/2024 11:03:55 AM Configure pre-hire tasks for onboarding employees before their first day
mover 1/9/2025 2:54:12 PM Attribute= LOA Add to xxxxxxx Add to yyyyyyyyy…
mover 1/14/2025 10:00:57 PM Configure mover tasks for employees once their group membership changes
mover 1/15/2025 11:47:08 AM streetAddress
mover 2/10/2025 9:01:53 PM Attribute= RFD remove from xxxxxxxx and Remove from yyyyyyyyyy Attribute=RFL remove from xxxxxxxxx and Re…
[CmdletEndProcessing]: - Get-MgIdentityGovernanceLifecycleWorkflow end processing.
Configuration
No response
Other information
No response