Microsoft.Entra.Authentication-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraEnvironment</command:name> <command:verb>Add</command:verb> <command:noun>EntraEnvironment</command:noun> <maml:description> <maml:para>Adds Microsoft Entra environment to the settings file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Adds Microsoft Entra environment to the settings file.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraEnvironment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GraphEndpoint</maml:name> <maml:description> <maml:para>Specifies the GraphEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AzueADEndpoint</maml:name> <maml:description> <maml:para>Specifies the AzureADEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GraphEndpoint</maml:name> <maml:description> <maml:para>Specifies the GraphEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AzueADEndpoint</maml:name> <maml:description> <maml:para>Specifies the AzureADEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Add a user defined environment ----------</maml:title> <dev:code>$params = @{ Name = 'Canary' GraphEndpoint = 'https://canary.graph.microsoft.com' AzureADEndpoint = 'https://login.microsoftonline.com' } Add-EntraEnvironment @params Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- Canary https://login.microsoftonline.com https://microsoftgraph.com User-defined {}</dev:code> <dev:remarks> <maml:para>Adds a user-defined Entra environment to the settings file.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Add-EntraEnvironment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraEnvironment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Connect-Entra</command:name> <command:verb>Connect</command:verb> <command:noun>Entra</command:noun> <maml:description> <maml:para>Connect to Microsoft Entra ID with an authenticated account.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Connect-Entra` cmdlet connects to Microsoft Entra ID with an authenticated account.</maml:para> <maml:para>Several authentication scenarios are supported based on your use case, such as delegated (interactive) and app-only (non-interactive).</maml:para> <maml:para>`Connect-Entra` is an alias for `Connect-MgGraph`.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CertificateThumbprint</maml:name> <maml:description> <maml:para>Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Certificate</maml:name> <maml:description> <maml:para>An X.509 certificate supplied during invocation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificateSubject, CertificateName"> <maml:name>CertificateSubjectName</maml:name> <maml:description> <maml:para>The subject distinguished name of a certificate. The certificate is retrieved from the current user's certificate store.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Scopes</maml:name> <maml:description> <maml:para>An array of delegated permissions to consent to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UseDeviceAuthentication, DeviceCode, DeviceAuth, Device"> <maml:name>UseDeviceCode</maml:name> <maml:description> <maml:para>Use device code authentication instead of a browser control.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ManagedIdentity, ManagedServiceIdentity, MSI"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Sign-in using a managed identity</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SecretCredential, Credential"> <maml:name>ClientSecretCredential</maml:name> <maml:description> <maml:para>The PSCredential object provides the application ID and client secret for service principal credentials. For more information about the PSCredential object, type Get-Help Get-Credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>Specifies a bearer token for Microsoft Entra service. Access tokens do time out and you have to handle their refresh.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>EnvironmentVariable</maml:name> <maml:description> <maml:para>Allows for authentication using environment variables configured on the host machine. See <https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#environment-variables></maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CertificateThumbprint</maml:name> <maml:description> <maml:para>Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>Specifies a bearer token for Microsoft Entra service. Access tokens do time out and you have to handle their refresh.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Scopes</maml:name> <maml:description> <maml:para>An array of delegated permissions to consent to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UseDeviceAuthentication, DeviceCode, DeviceAuth, Device"> <maml:name>UseDeviceCode</maml:name> <maml:description> <maml:para>Use device code authentication instead of a browser control.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Certificate</maml:name> <maml:description> <maml:para>An X.509 certificate supplied during invocation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificateSubject, CertificateName"> <maml:name>CertificateSubjectName</maml:name> <maml:description> <maml:para>The subject distinguished name of a certificate. The certificate is retrieved from the current user's certificate store.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SecretCredential, Credential"> <maml:name>ClientSecretCredential</maml:name> <maml:description> <maml:para>The PSCredential object provides the application ID and client secret for service principal credentials. For more information about the PSCredential object, type Get-Help Get-Credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>EnvironmentVariable</maml:name> <maml:description> <maml:para>Allows for authentication using environment variables configured on the host machine. See <https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#environment-variables></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ManagedIdentity, ManagedServiceIdentity, MSI"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Sign-in using a managed identity</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Delegated access: Connect a PowerShell session to a tenant</maml:title> <dev:code>Connect-Entra</dev:code> <dev:remarks> <maml:para>This example shows how to connect your current PowerShell session to a Microsoft Entra ID tenant using credentials.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Delegated access: Connect a PowerShell session to a tenant with required scopes</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All', 'Group.ReadWrite.All' Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example shows how to authenticate to Microsoft Entra ID with scopes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Delegated access: Using an access token ------</maml:title> <dev:code>$secureString = ConvertTo-SecureString -String $AccessToken -AsPlainText -Force Connect-Entra -AccessToken $secureString Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example shows how to interactively authenticate to Microsoft Entra ID using an access token.</maml:para> <maml:para>For more information on how to get or create access token, see Request an access token (https://learn.microsoft.com/graph/auth-v2-user#3-request-an-access-token).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4: Delegated access: Using device code flow -----</maml:title> <dev:code>Connect-Entra -UseDeviceCode To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code A1B2CDEFGH to authenticate.</dev:code> <dev:remarks> <maml:para>This example shows how to interactively authenticate to Microsoft Entra ID using device code flow.</maml:para> <maml:para>For more information, see Device Code flow (https://learn.microsoft.com/entra/identity-platform/v2-oauth2-device-code).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: App-only access: Using client credential with a Certificate thumbprint</maml:title> <dev:code>$connectParams = @{ TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' ApplicationId = '00001111-aaaa-2222-bbbb-3333cccc4444' CertificateThumbprint = 'AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00' } Connect-Entra @connectParams Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example shows how to authenticate using an ApplicationId and CertificateThumbprint.</maml:para> <maml:para>For more information on how to get or create CertificateThumbprint, see Authenticate with app-only access (https://learn.microsoft.com/powershell/entra-powershell/app-only-access-auth).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 6: App-only access: Using client credential with a certificate name</maml:title> <dev:code>$params = @{ ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444' TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' CertificateName = 'YOUR_CERT_SUBJECT' } Connect-Entra @params $Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint Connect-Entra -ClientId '<App-Id>' -TenantId '<Tenant-Id>' -Certificate $Cert</dev:code> <dev:remarks> <maml:para>You can find the certificate subject by running the above command.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 7: App-only access: Using client credential with a certificate</maml:title> <dev:code>$Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint $params = @{ ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444' TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' Certificate = $Cert } Connect-Entra @params</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 8: App-only access: Using client secret credentials -</maml:title> <dev:code>$ClientSecretCredential = Get-Credential -Credential '00001111-aaaa-2222-bbbb-3333cccc4444' # Enter client_secret in the password prompt. Connect-Entra -TenantId 'aaaabbbb-0000-cccc-1111-dddd2222eeee' -ClientSecretCredential $ClientSecretCredential</dev:code> <dev:remarks> <maml:para>This authentication method is ideal for background interactions.</maml:para> <maml:para>For more information on how to get credential, see Get-Credential (https://learn.microsoft.com/powershell/module/microsoft.powershell.security/get-credential)command.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 9: App-only access: Using managed identity: System-assigned managed identity</maml:title> <dev:code>Connect-Entra -Identity</dev:code> <dev:remarks> <maml:para>Uses an automatically managed identity on a service instance. The identity is tied to the lifecycle of a service instance.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 10: App-only access: Using managed identity: User-assigned managed identity</maml:title> <dev:code>Connect-Entra -Identity -ClientId 'User_Assigned_Managed_identity_Client_Id'</dev:code> <dev:remarks> <maml:para>Uses a user created managed identity as a standalone Azure resource.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 11: Connecting to an environment as a different identity</maml:title> <dev:code>Connect-Entra -ContextScope 'Process' Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>To connect as a different identity other than CurrentUser, specify the ContextScope parameter with the value Process.</maml:para> <maml:para>For more information on how to get the current context, see Get-EntraContext (https://learn.microsoft.com/powershell/module/Microsoft.Entra/get-entracontext)command.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 12: Connecting to an environment or cloud ------</maml:title> <dev:code>Get-EntraEnvironment Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- China https://login.chinacloudapi.cn https://microsoftgraph.chinacloudapi.cn Built-in Global https://login.microsoftonline.com https://graph.microsoft.com Built-in USGov https://login.microsoftonline.us https://graph.microsoft.us Built-in USGovDoD https://login.microsoftonline.us https://dod-graph.microsoft.us Built-in Connect-Entra -Environment 'Global'</dev:code> <dev:remarks> <maml:para>When you use Connect-Entra, you can choose to target other environments. By default, Connect-Entra targets the global public cloud.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 13: Sets the HTTP client timeout in seconds -----</maml:title> <dev:code>Connect-Entra -ClientTimeout 60 Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example Sets the HTTP client timeout in seconds.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 14: Hides the welcome message ------------</maml:title> <dev:code>Connect-Entra -NoWelcome</dev:code> <dev:remarks> <maml:para>This example hides the welcome message.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 15: Allows for authentication using environment variables</maml:title> <dev:code>Connect-Entra -EnvironmentVariable</dev:code> <dev:remarks> <maml:para>This example allows for authentication using environment variables.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Connect-Entra</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Disconnect-Entra</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Disconnect-Entra</command:name> <command:verb>Disconnect</command:verb> <command:noun>Entra</command:noun> <maml:description> <maml:para>Disconnects the current session from a Microsoft Entra ID tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Disconnect-Entra cmdlet disconnects the current session from a Microsoft Entra ID tenant.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Disconnect-Entra</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Disconnect your session from a tenant -------</maml:title> <dev:code>Disconnect-Entra ClientId : 00001111-aaaa-2222-bbbb-3333cccc4444 TenantId : bbbbcccc-1111-dddd-2222-eeee3333ffff Scopes : {Agreement.ReadWrite.All, CustomSecAttributeDefinition.ReadWrite.All, TeamMember.Read.All...} AuthType : AppOnly TokenCredentialType : ClientCertificate CertificateThumbprint : AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00 CertificateSubjectName : Account : AppName : MG_graph_auth ContextScope : Process Certificate : PSHostVersion : 5.1.22621.2506 ManagedIdentityId : ClientSecret : Environment : Global</dev:code> <dev:remarks> <maml:para>This command disconnects your session from a tenant.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Disconnect-Entra</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Connect-Entra</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Find-EntraPermission</command:name> <command:verb>Find</command:verb> <command:noun>EntraPermission</command:noun> <maml:description> <maml:para>Helps users determine the necessary permissions for resources and identify the appropriate permissions required for various commands.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Find-EntraPermission` cmdlet helps users determine the necessary permissions for resources and identify the appropriate permissions required for various commands.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-EntraPermission</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies the filter for the permissions, for example, domain and scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>Sets if the cmdlet returns all parameters.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExactMatch</maml:name> <maml:description> <maml:para>Sets if Search String should be an exact match.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Online</maml:name> <maml:description> <maml:para>Use the -Online parameter with -SearchString in Find-MgGraphPermission to fetch the latest permissions from Microsoft Graph before searching. This ensures Find-MgGraphPermission returns accurate results by including any new permissions added for recent APIs. The command uses the existing Microsoft Graph connection established by Connect-MgGraph. If your connection lacks permissions to access this data or if there’s no network connectivity, the command fails. Once updated, Find-MgGraphPermission will continue using the refreshed permission list for future searches, even without the -Online parameter.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specifies the type of Permission, for example, Delegated or Application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Any</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="progra"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>Specifics the progra option.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies the filter for the permissions, for example, domain and scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>Sets if the cmdlet returns all parameters.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExactMatch</maml:name> <maml:description> <maml:para>Sets if Search String should be an exact match.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Online</maml:name> <maml:description> <maml:para>Use the -Online parameter with -SearchString in Find-MgGraphPermission to fetch the latest permissions from Microsoft Graph before searching. This ensures Find-MgGraphPermission returns accurate results by including any new permissions added for recent APIs. The command uses the existing Microsoft Graph connection established by Connect-MgGraph. If your connection lacks permissions to access this data or if there’s no network connectivity, the command fails. Once updated, Find-MgGraphPermission will continue using the refreshed permission list for future searches, even without the -Online parameter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specifies the type of Permission, for example, Delegated or Application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Any</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="progra"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>Specifics the progra option.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Get a list of all Application permissions -----</maml:title> <dev:code>Find-EntraPermission application PermissionType: Delegated Id Consent Name Description -- ------- ---- ----------- c79f8feb-a9db-4090-85f9-90d820caa0eb Admin Application.Read.All Allows the app to read applications and service principals on behalf of the signed-in user. bdfbf15f-ee85-4955-8675-146e8e5296b5 Admin Application.ReadWrite.All Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants. PermissionType: Application Id Consent Name Description -- ------- ---- ----------- 9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30 Admin Application.Read.All Allows the app to read all applications and service principals without a signed-in user. 1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9 Admin Application.ReadWrite.All Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants. 18a4783c-866b-4cc7-a460-3d5e5662c884 Admin Application.ReadWrite.OwnedBy Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user...</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title> Example 2. Get a list of permissions for the Read permissions </maml:title> <dev:code>Find-EntraPermission application.Read | Format-List Id : c79f8feb-a9db-4090-85f9-90d820caa0eb PermissionType : Delegated Consent : Admin Name : Application.Read.All Description : Allows the app to read applications and service principals on behalf of the signed-in user. Id : bdfbf15f-ee85-4955-8675-146e8e5296b5 PermissionType : Delegated Consent : Admin Name : Application.ReadWrite.All Description : Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants. Id : 9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30 PermissionType : Application Consent : Admin Name : Application.Read.All Description : Allows the app to read all applications and service principals without a signed-in user.</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3. Search for permissions with exact match ------</maml:title> <dev:code>Find-EntraPermission -SearchString 'User.Read.All' -ExactMatch PermissionType: Delegated Id Consent Name Description -- ------- ---- ----------- a154be20-db9c-4678-8ab7-66f6cc099a59 Admin User.Read.All Allows the app to read the full set of profile properties, reports, and ma… PermissionType: Application Id Consent Name Description -- ------- ---- ----------- df021288-bdef-4463-88db-98f22de89214 Admin User.Read.All Allows the app to read user profiles without a signed in user.</dev:code> <dev:remarks> <maml:para>This example demonstrates how to search for permissions that exactly match a specified permission name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4. Get all permissions of the specified type -----</maml:title> <dev:code>Find-EntraPermission -PermissionType 'Delegated' Id Consent Name Description -- ------- ---- ----------- ebfcd32b-babb-40f4-a14b-42706e83bd28 Admin AccessReview.Read.All Allows the app to read access re… e4aa47b9-9a69-4109-82ed-36ec70d85ff1 Admin AccessReview.ReadWrite.All Allows the app to read, update, … 5af8c3f5-baca-439a-97b0-ea58a435e269 Admin AccessReview.ReadWrite.Membership Allows the app to read,</dev:code> <dev:remarks> <maml:para>This example shows how to get all permissions of a specified type, for example, `Delegated` or `Application` permissions.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Find-EntraPermission</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContext</command:name> <command:verb>Get</command:verb> <command:noun>EntraContext</command:noun> <maml:description> <maml:para>Retrieve information about your current session</maml:para> </maml:description> </command:details> <maml:description> <maml:para>`Get-EntraContext` is used to retrieve the details about your current session, which include: - ClientID</maml:para> <maml:para>- TenantID</maml:para> <maml:para>- Certificate Thumbprint</maml:para> <maml:para>- Scopes consented to</maml:para> <maml:para>- AuthType: Delegated or app-only</maml:para> <maml:para>- AuthProviderType</maml:para> <maml:para>- CertificateName</maml:para> <maml:para>- Account</maml:para> <maml:para>- AppName</maml:para> <maml:para>- ContextScope</maml:para> <maml:para>- Certificate</maml:para> <maml:para>- PSHostVersion</maml:para> <maml:para>- ClientTimeOut.</maml:para> <maml:para></maml:para> <maml:para>`Get-EntraCurrentSessionInfo` is an alias for `Get-EntraContext`.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContext</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>Determines how PowerShell responds to progress updates generated by a script, cmdlet, or provider, such as the progress bars generated by the Write-Progress cmdlet.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Get the current session --------------</maml:title> <dev:code>Get-EntraContext ClientId : 11112222-bbbb-3333-cccc-4444dddd5555 TenantId : aaaabbbb-0000-cccc-1111-dddd2222eeee CertificateThumbprint : Scopes : {User.ReadWrite.All,...} AuthType : Delegated AuthProviderType : InteractiveAuthenticationProvider CertificateName : Account : SawyerM@Contoso.com AppName : Microsoft Graph PowerShell ContextScope : CurrentUser Certificate : PSHostVersion : 5.1.17763.1 ClientTimeout : 00:05:00</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the details of the current session.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Get the current session scopes ----------</maml:title> <dev:code>Get-EntraContext | Select -ExpandProperty Scopes AppRoleAssignment.ReadWrite.All Directory.AccessAsUser.All EntitlementManagement.ReadWrite.All Group.ReadWrite.All openid Organization.Read.All profile RoleManagement.ReadWrite.Directory User.Read User.ReadWrite.All</dev:code> <dev:remarks> <maml:para>Retrieves all scopes.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Get-EntraContext</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraEnvironment</command:name> <command:verb>Get</command:verb> <command:noun>EntraEnvironment</command:noun> <maml:description> <maml:para>Gets global public Environments.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>When you use `Connect-Entra`, you can choose to target other environments. By default, `Connect-Entra` targets the global public cloud.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraEnvironment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Get a list of public cloud environments ------</maml:title> <dev:code>Get-EntraEnvironment Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- Global https://login.microsoftonline.com https://graph.microsoft.com Built-in China https://login.chinacloudapi.cn https://microsoftgraph.chinacloudapi.cn Built-in USGovDoD https://login.microsoftonline.us https://dod-graph.microsoft.us Built-in USGov https://login.microsoftonline.us https://graph.microsoft.us Built-in Germany https://login.microsoftonline.de https://graph.microsoft.de Built-in Canary https://login.microsoftonline.com https://canary.graph.microsoft.com User-defined</dev:code> <dev:remarks> <maml:para>This command retrieves a list of global public Environments.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Get a specific environment created --------</maml:title> <dev:code>Get-EntraEnvironment -Name 'Global' Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- Global https://login.microsoftonline.com https://graph.microsoft.com Built-in</dev:code> <dev:remarks> <maml:para>This command retrieves an environment with the specified name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Get-EntraEnvironment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraEnvironment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Revoke-EntraSignedInUserAllRefreshToken</command:name> <command:verb>Revoke</command:verb> <command:noun>EntraSignedInUserAllRefreshToken</command:noun> <maml:description> <maml:para>Invalidates the refresh tokens issued to applications for the current user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Revoke-EntraSignedInUserAllRefreshToken` cmdlet invalidates all the refresh tokens issued to applications for a user (and session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time.</maml:para> <maml:para>The user or an administrator typically performs this operation if the user's device is lost or stolen. This action prevents access to the organization's data on the device by requiring the user to sign in again to all previously consented applications, regardless of the device.</maml:para> <maml:para>Note: If the application attempts to redeem a delegated access token for this user using an invalidated refresh token, the application receives an error. When this happens, the application needs to acquire a new refresh token by making a request to the authorized endpoint, which forces the user to sign in.</maml:para> <maml:para>After you run this command, a small delay of a few minutes can occur before tokens are revoked.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Revoke-EntraSignedInUserAllRefreshToken</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Revoke refresh tokens for the current user ----</maml:title> <dev:code>Connect-Entra -Scopes 'User.RevokeSessions.All' Revoke-EntraSignedInUserAllRefreshToken Value ----- True</dev:code> <dev:remarks> <maml:para>This command revokes the tokens for the current user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Revoke-EntraSignedInUserAllRefreshToken</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Revoke-EntraUserAllRefreshToken</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Revoke-EntraUserAllRefreshToken</command:name> <command:verb>Revoke</command:verb> <command:noun>EntraUserAllRefreshToken</command:noun> <maml:description> <maml:para>Invalidates the refresh tokens issued to applications for a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Revoke-EntraUserAllRefreshToken` cmdlet invalidates the refresh tokens issued to applications for a user.</maml:para> <maml:para>The cmdlet also invalidates tokens issued to session cookies in a browser for the user.</maml:para> <maml:para>The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.</maml:para> <maml:para>This operation is usually performed by the user or an administrator if the user's device is lost or stolen. It blocks access to the organization's data by requiring the user to sign in again to all previously authorized applications, regardless of the device.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Revoke-EntraUserAllRefreshToken</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="ObjectId"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the unique ID of a user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="ObjectId"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the unique ID of a user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Revoke refresh tokens for a user ---------</maml:title> <dev:code>Connect-Entra -Scopes 'User.RevokeSessions.All' Revoke-EntraUserAllRefreshToken -UserId 'SawyerM@contoso.com' Value ----- True</dev:code> <dev:remarks> <maml:para>This example demonstrates how to revoke the tokens for the specified user.</maml:para> <maml:para>- `-UserId` parameter specifies the unique identifier of a user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Revoke-EntraUserAllRefreshToken</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Revoke-EntraSignedInUserAllRefreshToken</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |