Microsoft.Entra.Beta.Governance-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraBetaDirectoryRoleAssignment</command:name> <command:verb>Get</command:verb> <command:noun>EntraBetaDirectoryRoleAssignment</command:noun> <maml:description> <maml:para>Get a Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraBetaDirectoryRoleAssignment` cmdlet gets information about role assignments in Microsoft Entra ID. To get a role assignment, specify the `UnifiedRoleAssignmentId` parameter. Specify the `SearchString` or `Filter` parameter to find a particular role assignment.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with one of the following permissions:</maml:para> <maml:para>- microsoft.directory/roleAssignments/standard/read (least privileged)</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/read</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/allTasks</maml:para> <maml:para></maml:para> <maml:para>The least privileged roles for this operation, from least to most privileged, are:</maml:para> <maml:para>- Directory Readers</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Privileged Role Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraBetaDirectoryRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaDirectoryRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID roleAssignment object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID roleAssignment object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleAssignment</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Get-EntraBetaRoleAssignment` is an alias for `Get-EntraBetaDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Get role assignments ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleAssignment Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 22223333-cccc-4444-dddd-5555eeee6666 cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 33334444-dddd-5555-eeee-6666ffff7777 dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 44445555-eeee-6666-ffff-7777aaaa8888 eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 2: Get role assignments using 'All' parameter ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleAssignment -All Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 22223333-cccc-4444-dddd-5555eeee6666 cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 33334444-dddd-5555-eeee-6666ffff7777 dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 44445555-eeee-6666-ffff-7777aaaa8888 eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets all the role assignments in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 3: Get role assignments by Id ------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleAssignment -UnifiedRoleAssignmentId '00001111-aaaa-2222-bbbb-3333cccc4444' Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments using specified roleAssignment Id.</maml:para> <maml:para>- `UnifiedRoleAssignmentId` parameter specifies the roleAssignment object ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 4: Get role assignments filter by principalId ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleAssignment -Filter "principalId eq 'aaaaaaaa-bbbb-cccc-1111-222222222222'" Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments containing the specified principalId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 5: Get role assignments filter by roleDefinitionId --</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleAssignment -Filter "roleDefinitionId eq 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1'" Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 22223333-cccc-4444-dddd-5555eeee6666 cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 33334444-dddd-5555-eeee-6666ffff7777 dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 44445555-eeee-6666-ffff-7777aaaa8888 eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments containing the specified roleDefinitionId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 6: Get top two role assignments -----------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleAssignment -Top 2 Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets top two role assignments.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaDirectoryRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraBetaDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraBetaDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraBetaDirectoryRoleDefinition</command:name> <command:verb>Get</command:verb> <command:noun>EntraBetaDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Gets information about role definitions in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraBetaDirectoryRoleDefinition` cmdlet gets information about role definitions in Microsoft Entra ID. To get a role definition, specify the `UnifiedRoleDefinitionId` parameter. Specify the SearchString or Filter parameter to find particular role definition.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with one of the following permissions:</maml:para> <maml:para>- microsoft.directory/roleAssignments/standard/read (least privileged)</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/read</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/allTasks</maml:para> <maml:para></maml:para> <maml:para>The least privileged roles for this operation, from least to most privileged, are:</maml:para> <maml:para>- Directory Readers</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Privileged Role Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraBetaDirectoryRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the ID of the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records that this cmdlet gets. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter string to match a set of role definitions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the ID of the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records that this cmdlet gets. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter string to match a set of role definitions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Get-EntraBetaRoleDefinition` is an alias for `Get-EntraBetaDirectoryRoleDefinition`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get all role definitions -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleDefinition DisplayName Id TemplateId Description ----------- -- ---------- ----------- Guest User 11bb11bb-cc22-dd33-ee44-55ff55ff55ff 10dae51f-b6af-4016-8d66-8c2a99b929b3 Default role for guest users. Can read a limited set of directory information. Restricted Guest User 33dd33dd-ee44-ff55-aa66-77bb77bb77bb 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory informati… Guest Inviter 44ee44ee-ff55-aa66-bb77-88cc88cc88cc 95e79109-95c0-4d8e-aee3-d01accf2d47b Can invite guest users independent of the 'members can invite guests' setting.</dev:code> <dev:remarks> <maml:para>This command returns all the role definitions present.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Get a role definition by UnifiedRoleDefinitionId -</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleDefinition -UnifiedRoleDefinitionId '1a327991-10cb-4266-877a-998fb4df78ec' DisplayName Id TemplateId Description ----------- -- ---------- ----------- Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command returns a specified role definition.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Filter role definitions by display name ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleDefinition -Filter "startsWith(displayName, 'Restricted')" DisplayName Id TemplateId Description ----------- -- ---------- ----------- Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command return all the role definitions containing the specified display name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 4: Get top two role definition ------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleDefinition -Top 2 DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- Restricted Guest User 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information. True True</dev:code> <dev:remarks> <maml:para>This command return top two the role definitions in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 5: Filter role definitions by display name ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraBetaDirectoryRoleDefinition -SearchString 'Global' DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- Global Administrator 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 62e90394-69f5-4237-9190-012177145e10 Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identit… Global Reader 11bb11bb-cc22-dd33-ee44-55ff55ff55ff f2ef992c-3afb-46b9-b7cf-a126ee74c451 Can read everything that a Global Administrator can, but not update anything.</dev:code> <dev:remarks> <maml:para>This command return all the role definitions containing the specified display name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraBetaPrivilegedResource</command:name> <command:verb>Get</command:verb> <command:noun>EntraBetaPrivilegedResource</command:noun> <maml:description> <maml:para>Get Microsoft Entra ID privileged resource.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraBetaPrivilegedResource` cmdlet get Microsoft Entra ID privileged resource.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedResource</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The top result count.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedResource</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The top result count.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------------- Example 1: Get all resources -----------------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' Get-EntraBetaPrivilegedResource -ProviderId 'aadRoles' Id DisplayName ExternalId RegisteredDateTime RegisteredRoot Status Type -- ----------- ---------- ------------------ -------------- ------ ---- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdminUnitName /administrativeUnits/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Active administrativeUnits</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all resources for aadRoles provider.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Get a specific privileged resource --------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' } Get-EntraBetaPrivilegedResource @params Id DisplayName ExternalId RegisteredDateTime RegisteredRoot Status Type -- ----------- ---------- ------------------ -------------- ------ ---- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdminUnitName /administrativeUnits/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Active administrativeUnits</dev:code> <dev:remarks> <maml:para>This example retrieves a resource for aadRoles provider with ID `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb`.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the unique identifier of the specific resource.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 3: Get a specific privileged resource by filter ---</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' Filter = "DisplayName eq 'AdminUnitName'" } Get-EntraBetaPrivilegedResource @params Id DisplayName ExternalId RegisteredDateTime RegisteredRoot Status Type -- ----------- ---------- ------------------ -------------- ------ ---- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdminUnitName /administrativeUnits/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Active administrativeUnits</dev:code> <dev:remarks> <maml:para>This example retrieves a resource for aadRoles provider Filter.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 4: Get top privileged resources -----------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' } Get-EntraBetaPrivilegedResource @params -Top 1 Id DisplayName ExternalId RegisteredDateTime RegisteredRoot Status Type -- ----------- ---------- ------------------ -------------- ------ ---- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Test /administrativeUnits/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Active administrativeUnits</dev:code> <dev:remarks> <maml:para>This example retrieves top resources for aadRoles provider.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaPrivilegedResource</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraBetaPrivilegedRole</command:name> <command:verb>Get</command:verb> <command:noun>EntraBetaPrivilegedRole</command:noun> <maml:description> <maml:para>{{ Fill in the Synopsis }}</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{ Fill in the Description }}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedRole</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>{{ Fill Filter Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedRole</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>{{ Fill Id Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>{{ Fill Filter Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>{{ Fill Id Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaPrivilegedRole</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraBetaPrivilegedRoleDefinition</command:name> <command:verb>Get</command:verb> <command:noun>EntraBetaPrivilegedRoleDefinition</command:noun> <maml:description> <maml:para>Get role definitions.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraBetaPrivilegedRoleDefinition` cmdlet gets role definitions from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of a role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The top result count.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of a role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The top result count.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Get role definitions for a specific provider and resource</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' ResourceId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' } Get-EntraBetaPrivilegedRoleDefinition @params Id DisplayName ExternalId ResourceId TemplateId -- ----------- ---------- ---------- ---------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb custom proxy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 22223333-cccc-4444-dddd-5555eeee6666 aaaaaaaa-0000-1111-2222… bbbbbbbb-1111-2222-3333-cccccccccccc Authentication Policy Administrator bbbbbbbb-1111-2222-3333-cccccccccccc 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-1111-2222-3333… cccccccc-2222-3333-4444-dddddddddddd Search Administrator cccccccc-2222-3333-4444-dddddddddddd 00001111-aaaa-2222-bbbb-3333cccc4444 cccccccc-2222-3333-4444…</dev:code> <dev:remarks> <maml:para>This example retrieves role definitions for a specific provider and resource.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-ResourceId` Parameter specifies the ID of the specific resource.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 2: Get a role definition for a specific provider ---</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' ResourceId = '11112222-bbbb-3333-cccc-4444dddd5555' Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc' } Get-EntraBetaPrivilegedRoleDefinition @params Id DisplayName ExternalId ResourceId TemplateId -- ----------- ---------- ---------- ---------- bbbbbbbb-1111-2222-3333-cccccccccccc Authentication Policy Administrator bbbbbbbb-1111-2222-3333-cccccccccccc 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-1111-2222-3333…</dev:code> <dev:remarks> <maml:para>This example retrieves a role definition for a specific provider, resource, and ID.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-ResourceId` Parameter specifies the ID of the specific resource.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of a role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 3: Get a specific role definition by filter -----</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' ResourceId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Filter = "DisplayName eq 'custom proxy'" } Get-EntraBetaPrivilegedRoleDefinition @params Id DisplayName ExternalId ResourceId TemplateId -- ----------- ---------- ---------- ---------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb custom proxy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 22223333-cccc-4444-dddd-5555eeee6666 aaaaaaaa-0000-1111-2222…</dev:code> <dev:remarks> <maml:para>This example retrieves a specific role definition by Filter.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-ResourceId` Parameter specifies the ID of the specific resource.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 4: Get top role definition --------------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' ResourceId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' } Get-EntraBetaPrivilegedRoleDefinition @params -Top 1 Id DisplayName ExternalId ResourceId TemplateId -- ----------- ---------- ---------- ---------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb custom proxy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 22223333-cccc-4444-dddd-5555eeee6666 aaaaaaaa-0000-1111-2222…</dev:code> <dev:remarks> <maml:para>This example retrieves a top one role definition.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-ResourceId` Parameter specifies the ID of the specific resource.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaPrivilegedRoleDefinition</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraBetaPrivilegedRoleSetting</command:name> <command:verb>Get</command:verb> <command:noun>EntraBetaPrivilegedRoleSetting</command:noun> <maml:description> <maml:para>Get role settings.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraBetaPrivilegedRoleSetting` cmdlet gets role settings from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedRoleSetting</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific role setting.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraBetaPrivilegedRoleSetting</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The top result count.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific role setting.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The top result count.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System. Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Get role settings for a specific provider and resource</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' Filter = "ResourceId eq 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'" } Get-EntraBetaPrivilegedRoleSetting @params Id IsDefault LastUpdatedBy LastUpdatedDateTime ResourceId RoleDefinitionId -- --------- ------------- ------------------- ---------- ---------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False MG_graph_auth 06/08/2024 05:12:08 22223333-cccc-4444-dddd-5555eeee6666 44445555-eeee-6666-ffff-7777aaaa8888 bbbbbbbb-1111-2222-3333-cccccccccccc False MG_graph_auth 26/07/2024 12:28:15 11112222-bbbb-3333-cccc-4444dddd5555 55556666-ffff-7777-aaaa-8888bbbb9999</dev:code> <dev:remarks> <maml:para>This example retrieves role settings for a specific provider and resource.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- In, `-Filter` parameter `ResourceId` specifies the ID of the specific resource.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Get a role setting for a specific provider and Id -</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' } Get-EntraBetaPrivilegedRoleSetting @params Id IsDefault LastUpdatedBy LastUpdatedDateTime ResourceId RoleDefinitionId -- --------- ------------- ------------------- ---------- ---------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False MG_graph_auth 06/08/2024 05:12:08 22223333-cccc-4444-dddd-5555eeee6666 44445555-eeee-6666-ffff-7777aaaa8888</dev:code> <dev:remarks> <maml:para>This example retrieves role settings for a specific provider and Id.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of the specific role setting.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Get role settings for a specific provider and resource</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' Filter = "ResourceId eq 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'" } Get-EntraBetaPrivilegedRoleSetting @params -Top 1 Id IsDefault LastUpdatedBy LastUpdatedDateTime ResourceId RoleDefinitionId -- --------- ------------- ------------------- ---------- ---------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False MG_graph_auth 06/08/2024 05:12:08 22223333-cccc-4444-dddd-5555eeee6666 44445555-eeee-6666-ffff-7777aaaa8888</dev:code> <dev:remarks> <maml:para>This example retrieves a top one specific role setting.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 4: Get role settings with Filter query --------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.Read.AzureAD', 'PrivilegedAccess.Read.AzureResources' 'PrivilegedAccess.Read.AzureADGroup' $params = @{ ProviderId = 'aadRoles' Filter = "ResourceId eq 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' and LastUpdatedBy eq 'MOD Administrator'" } Get-EntraBetaPrivilegedRoleSetting @params Id IsDefault LastUpdatedBy LastUpdatedDateTime ResourceId RoleDefinitionId -- --------- ------------- ------------------- ---------- ---------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False MG_graph_auth 06/08/2024 05:12:08 22223333-cccc-4444-dddd-5555eeee6666 44445555-eeee-6666-ffff-7777aaaa8888</dev:code> <dev:remarks> <maml:para>This example retrieves role settings for a specific provider and resource.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaPrivilegedRoleSetting</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraBetaPrivilegedRoleSetting</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraBetaDirectoryRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraBetaDirectoryRoleAssignment</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraBetaDirectoryRoleAssignment` cmdlet creates a new Microsoft Entra role assignment.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraBetaDirectoryRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DirectoryScopeId</maml:name> <maml:description> <maml:para>Specifies the scope for the role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the principal for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the role definition for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DirectoryScopeId</maml:name> <maml:description> <maml:para>Specifies the scope for the role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the principal for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the role definition for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleAssignment</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`New-EntraBetaRoleAssignment` is an alias for `New-EntraBetaDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Create a new Microsoft Entra ID role assignment --</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory','EntitlementManagement.ReadWrite.All' $params = @{ RoleDefinitionId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' PrincipalId = 'aaaaaaaa-bbbb-cccc-1111-222222222222' DirectoryScopeId = '/' } New-EntraBetaDirectoryRoleAssignment @params Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command creates a new role assignment in Microsoft Entra ID.</maml:para> <maml:para>- `-RoleDefinitionId` parameter specifies the ID of the role definition that you want to assign. Role definitions describe the permissions that are granted to users or groups by the role. This is the Identifier of the `unifiedRoleDefinition` the assignment is for.</maml:para> <maml:para>- `-PrincipalId` parameter specifies the ID of the principal (user, group, or service principal) to whom the role is being assigned.</maml:para> <maml:para>- `-DirectoryScopeId` parameter specifies the scope of the directory over which the role assignment is effective. The '/' value typically represents the root scope, meaning the role assignment is applicable across the entire directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/New-EntraBetaDirectoryRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraBetaDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraBetaDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraBetaDirectoryRoleDefinition</command:name> <command:verb>New</command:verb> <command:noun>EntraBetaDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID roleDefinition.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Create a new Microsoft Entra ID roleDefinition object.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraBetaDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InheritsPermissionsFrom</maml:name> <maml:description> <maml:para>Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role isn't available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InheritsPermissionsFrom</maml:name> <maml:description> <maml:para>Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role isn't available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`New-EntraBetaRoleDefinition` is an alias for `New-EntraBetaDirectoryRoleDefinition`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Creates a new role definition -----------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' } New-EntraBetaDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 93ff7659-04bd-4d97-8add-b6c992cce98e False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Creates a new role definition with Description parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' Description = 'Role Definition demo' } New-EntraBetaDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 e14cb8e2-d696-4756-bd7f-c7df25271f3d Role Definition demo False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with Description parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-Description` parameter specifies the description for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Creates a new role definition with ResourceScopes parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' ResourceScopes = '/' } New-EntraBetaDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 2bc29892-ca2e-457e-b7c0-03257a0bcd0c False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with ResourceScopes parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-ResourceScopes` parameter specifies the resource scopes for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Creates a new role definition with TemplateId parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' TemplateId = '4dd5aa9c-cf4d-4895-a993-740d342802b9' } New-EntraBetaDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 4dd5aa9c-cf4d-4895-a993-740d342802b9 False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with TemplateId parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-TemplateId` parameter specifies the template ID for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: Creates a new role definition with Version parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' Version = '2' } New-EntraBetaDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 b69d16e9-b3f9-4289-a87f-8f796bd9fa28 False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with Version parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-Version` parameter specifies the version for the role definition.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/New-EntraBetaDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraBetaPrivilegedRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraBetaPrivilegedRoleAssignment</command:noun> <maml:description> <maml:para>{{ Fill in the Synopsis }}</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{ Fill in the Description }}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraBetaPrivilegedRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExpirationDateTime</maml:name> <maml:description> <maml:para>{{ Fill ExpirationDateTime Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>{{ Fill Id Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsElevated</maml:name> <maml:description> <maml:para>{{ Fill IsElevated Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResultMessage</maml:name> <maml:description> <maml:para>{{ Fill ResultMessage Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleId</maml:name> <maml:description> <maml:para>{{ Fill RoleId Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserId</maml:name> <maml:description> <maml:para>{{ Fill UserId Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExpirationDateTime</maml:name> <maml:description> <maml:para>{{ Fill ExpirationDateTime Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue> <dev:type> <maml:name>DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>{{ Fill Id Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsElevated</maml:name> <maml:description> <maml:para>{{ Fill IsElevated Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResultMessage</maml:name> <maml:description> <maml:para>{{ Fill ResultMessage Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleId</maml:name> <maml:description> <maml:para>{{ Fill RoleId Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserId</maml:name> <maml:description> <maml:para>{{ Fill UserId Description }}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/New-EntraBetaPrivilegedRoleAssignment</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraBetaDirectoryRoleAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>EntraBetaDirectoryRoleAssignment</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraBetaDirectoryRoleAssignment` cmdlet removes a role assignment from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraBetaDirectoryRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Remove-EntraBetaRoleAssignment` is an alias for `Remove-EntraBetaDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Remove a role assignment -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory','EntitlementManagement.ReadWrite.All' Remove-EntraBetaDirectoryRoleAssignment -UnifiedRoleAssignmentId 'Y1vFBcN4i0e3ngdNDocmngJAWGnAbFVAnJQyBBLv1lM-1'</dev:code> <dev:remarks> <maml:para>This example removes the specified role assignment from Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleAssignmentId` parameter specifies the role assignment ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Remove-EntraBetaDirectoryRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraBetaDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraBetaDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraBetaDirectoryRoleDefinition</command:name> <command:verb>Remove</command:verb> <command:noun>EntraBetaDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID Directory roleDefinition object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Delete a Microsoft Entra ID Directory roleDefinition object by ID.</maml:para> <maml:para>You can't delete built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraBetaDirectoryRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Remove-EntraBetaRoleDefinition` is an alias for `Remove-EntraBetaDirectoryRoleDefinition`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Remove a specified role definition --------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Remove-EntraBetaDirectoryRoleDefinition -UnifiedRoleDefinitionId 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove the specified role definition from Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Remove-EntraBetaDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraBetaDirectoryRoleDefinition</command:name> <command:verb>Set</command:verb> <command:noun>EntraBetaDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Update an existing Microsoft Entra ID roleDefinition.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Updates a Microsoft Entra roleDefinition object identified by ID. You can't update built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraBetaDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the roleDefinition object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InheritsPermissionsFrom</maml:name> <maml:description> <maml:para>Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition. List of permissions included in the role. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition. A custom template ID can be set when `isBuiltIn` is `false`. This ID is typically used to keep the same identifier across different directories. It is read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition. Indicates version of the role definition. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the roleDefinition object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InheritsPermissionsFrom</maml:name> <maml:description> <maml:para>Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition. List of permissions included in the role. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition. A custom template ID can be set when `isBuiltIn` is `false`. This ID is typically used to keep the same identifier across different directories. It is read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition. Indicates version of the role definition. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Set-EntraBetaRoleAssignment` is an alias for `Set-EntraBetaDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Update an roleDefinition -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraBetaDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" $params = @{ UnifiedRoleDefinitionId = $roleDefinition.Id DisplayName = 'UpdatedDisplayName' } Set-EntraBetaDirectoryRoleDefinition @params</dev:code> <dev:remarks> <maml:para>This example updates the specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Update an roleDefinition with Description -----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraBetaDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" $params = @{ UnifiedRoleDefinitionId = $roleDefinition.Id Description = 'MYROLEUPDATE1S' } Set-EntraBetaDirectoryRoleDefinition @params</dev:code> <dev:remarks> <maml:para>This example updates the Description of specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-Description` parameter specifies the description for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Update an roleDefinition with IsEnabled ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraBetaDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" $params = @{ UnifiedRoleDefinitionId = $roleDefinition.Id IsEnabled = $true } Set-EntraBetaDirectoryRoleDefinition @params</dev:code> <dev:remarks> <maml:para>This example updates the IsEnabled of specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 4: Update an roleDefinition -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraBetaDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/standard/read") $params = @{ UnifiedRoleDefinitionId = $roleDefinition.Id Description = 'Update' DisplayName = 'Update' ResourceScopes = '/' IsEnabled = $false RolePermissions = $RolePermissions TemplateId = '54d418b2-4cc0-47ee-9b39-e8f84ed8e073' Version = 2 } Set-EntraBetaDirectoryRoleDefinition @params</dev:code> <dev:remarks> <maml:para>This example updates the RolePermissions, TemplateId, TemplateId, ResourceScopes of specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-Description` parameter specifies the description for the role definition.</maml:para> <maml:para>- `-ResourceScopes` parameter specifies the resource scopes for the role definition.</maml:para> <maml:para>- `-TemplateId` parameter specifies the template ID for the role definition.</maml:para> <maml:para>- `-Version` parameter specifies the version for the role definition.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Set-EntraBetaDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraBetaDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraBetaPrivilegedRoleAssignmentRequest</command:name> <command:verb>Set</command:verb> <command:noun>EntraBetaPrivilegedRoleAssignmentRequest</command:noun> <maml:description> <maml:para>Update a role assignment request</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Update a role assignment request</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraBetaPrivilegedRoleAssignmentRequest</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AssignmentState</maml:name> <maml:description> <maml:para>The state of assignment, and the values can be Eligible or Active. For decision of AdminApproved, it is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Decision</maml:name> <maml:description> <maml:para>The administrator decision of the role assignment request. The value should be updated as AdminApproved or AdminDenied.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific role assignment request</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Reason</maml:name> <maml:description> <maml:para>The reason provided by the administrator for his decision.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Schedule</maml:name> <maml:description> <maml:para>The schedule of the role assignment request. For status of AdminApproved, it is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">AzureADMSPrivilegedSchedule</command:parameterValue> <dev:type> <maml:name>AzureADMSPrivilegedSchedule</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AssignmentState</maml:name> <maml:description> <maml:para>The state of assignment, and the values can be Eligible or Active. For decision of AdminApproved, it is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Decision</maml:name> <maml:description> <maml:para>The administrator decision of the role assignment request. The value should be updated as AdminApproved or AdminDenied.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific role assignment request</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Reason</maml:name> <maml:description> <maml:para>The reason provided by the administrator for his decision.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Schedule</maml:name> <maml:description> <maml:para>The schedule of the role assignment request. For status of AdminApproved, it is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">AzureADMSPrivilegedSchedule</command:parameterValue> <dev:type> <maml:name>AzureADMSPrivilegedSchedule</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Set-EntraBetaPrivilegedRoleAssignmentRequest -ProviderId AzureResources -Id 8d28fcb3-1373-4810-8e84-75adea9a18be -Reason "{'RequestorReason':'test','AdminReason':'gg'}" -Decision "AdminDenied"</dev:code> <dev:remarks> <maml:para>Update a role assignment request by setting to denied</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Set-EntraBetaPrivilegedRoleAssignmentRequest</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraBetaPrivilegedRoleSetting</command:name> <command:verb>Set</command:verb> <command:noun>EntraBetaPrivilegedRoleSetting</command:noun> <maml:description> <maml:para>Update role setting.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraBetaPrivilegedRoleSetting` cmdlet update role setting.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraBetaPrivilegedRoleSetting</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AdminEligibleSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when an administrator tries to add an eligible role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AdminMemberSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when an administrator tries to add an activate role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific role setting.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>The unique identifier of the specific role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserEligibleSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when a user tries to add an eligible role assignment. This isn't supported for pimforazurerbac scenario for now, and may be available in the future scenarios.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserMemberSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when a user tries to activate their role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AdminEligibleSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when an administrator tries to add an eligible role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AdminMemberSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when an administrator tries to add an activate role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the specific role setting.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProviderId</maml:name> <maml:description> <maml:para>The unique identifier of the specific provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier of the specific resource.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>The unique identifier of the specific role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserEligibleSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when a user tries to add an eligible role assignment. This isn't supported for pimforazurerbac scenario for now, and may be available in the future scenarios.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserMemberSettings</maml:name> <maml:description> <maml:para>The rule settings that are evaluated when a user tries to activate their role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Update a UserMember Settings by setting the justification to be false</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup' $setting1 = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting $setting1.RuleIdentifier = "JustificationRule" $setting1.Setting = "{`"required`":false}" $params = @{ ProviderId = 'aadRoles' Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc' UserMemberSettings = $setting1 } Set-EntraBetaPrivilegedRoleSetting @params</dev:code> <dev:remarks> <maml:para>This command update a role setting by setting the justification to be false.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of the specific role setting.</maml:para> <maml:para>- `-UserMemberSettings` Parameter rule settings that are evaluated when a user tries to activate his role assignment.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Update a AdminEligible Settings by setting the MfaRule to be true</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup' $setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting $setting.RuleIdentifier = "MfaRule" $setting.Setting = "{`"mfaRequired`": true}" $params = @{ ProviderId = 'aadRoles' Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc' AdminEligibleSettings = $setting } Set-EntraBetaPrivilegedRoleSetting @params</dev:code> <dev:remarks> <maml:para>This command update a AdminEligible Settings by setting the MfaRule to be true.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of the specific role setting.</maml:para> <maml:para>- `-AdminEligibleSettings` Parameter rule settings that are evaluated when an administrator tries to add an eligible role assignment.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Update a UserEligibleSettings Settings ------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup' $setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting $setting.RuleIdentifier = "AttributeConditionRule" $setting.Setting = "{ `"condition`": null, `"conditionVersion`": null, `"conditionDescription`": null, `"enableEnforcement`": true }" $params = @{ ProviderId = 'aadRoles' Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc' UserEligibleSettings = $setting } Set-EntraBetaPrivilegedRoleSetting @params</dev:code> <dev:remarks> <maml:para>This command update a UserEligible Settings.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of the specific role setting.</maml:para> <maml:para>- `-UserEligibleSettings` Parameter rule settings that are evaluated when a user tries to add an eligible role assignment.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 4: Update a AdminMemberSettings Settings -------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup' $setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting $setting.RuleIdentifier = "JustificationRule" $setting.Setting = "{`"required`":true}" $temp = New-Object System.Collections.Generic.List[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting] $temp.Add($setting) $params = @{ ProviderId = 'aadRoles' Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc' AdminMemberSettings = $temp } Set-EntraBetaPrivilegedRoleSetting @params</dev:code> <dev:remarks> <maml:para>This command update a AdminMember Settings.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of the specific role setting.</maml:para> <maml:para>- `-AdminMemberSettings` Parameter rule settings that are evaluated when an administrator tries to add an activate role assignment.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 5: Update a AdminEligible Settings ----------</maml:title> <dev:code>Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup' $setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting $setting.RuleIdentifier = "MfaRule" $setting.Setting = "{`"mfaRequired`": true}" $params = @{ ProviderId = 'aadRoles' Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc' RoleDefinitionId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' ResourceId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' AdminEligibleSettings = $setting } Set-EntraBetaPrivilegedRoleSetting @params</dev:code> <dev:remarks> <maml:para>This command update a AdminEligible Settings.</maml:para> <maml:para>- `-ProviderId` Parameter specifies the ID of the specific provider.</maml:para> <maml:para>- `-Id` Parameter specifies the ID of the specific role setting.</maml:para> <maml:para>- `-AdminEligibleSettings` Parameter rule settings that are evaluated when an administrator tries to add an eligible role assignment.</maml:para> <maml:para>- `-ResourceId` Parameter specifies the ID of the specific resource.</maml:para> <maml:para>- `-RoleDefinitionId` Parameter specifies the ID of the specific role definition</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Set-EntraBetaPrivilegedRoleSetting</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraBetaPrivilegedRoleSetting</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |