Microsoft.Entra.Governance-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirectoryRoleAssignment</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirectoryRoleAssignment</command:noun> <maml:description> <maml:para>Get a Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirectoryRoleAssignment` cmdlet gets information about role assignments in Microsoft Entra ID. To get a role assignment, specify the `UnifiedRoleAssignmentId` parameter. Specify the `SearchString` or `Filter` parameter to find a particular role assignment.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with one of the following permissions:</maml:para> <maml:para>- microsoft.directory/roleAssignments/standard/read (least privileged)</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/read</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/allTasks</maml:para> <maml:para></maml:para> <maml:para>The least privileged roles for this operation, from least to most privileged, are:</maml:para> <maml:para>- Directory Readers</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Privileged Role Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID roleAssignment object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID roleAssignment object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleAssignment</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Get-EntraRoleAssignment` is an alias for `Get-EntraDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Get role assignments ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleAssignment Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 22223333-cccc-4444-dddd-5555eeee6666 cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 33334444-dddd-5555-eeee-6666ffff7777 dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 44445555-eeee-6666-ffff-7777aaaa8888 eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 2: Get role assignments using 'All' parameter ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleAssignment -All Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 22223333-cccc-4444-dddd-5555eeee6666 cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 33334444-dddd-5555-eeee-6666ffff7777 dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 44445555-eeee-6666-ffff-7777aaaa8888 eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets all the role assignments in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 3: Get role assignments by Id ------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleAssignment -UnifiedRoleAssignmentId '00001111-aaaa-2222-bbbb-3333cccc4444' Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments using specified roleAssignment Id.</maml:para> <maml:para>- `UnifiedRoleAssignmentId` parameter specifies the roleAssignment object ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 4: Get role assignments filter by principalId ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleAssignment -Filter "principalId eq 'aaaaaaaa-bbbb-cccc-1111-222222222222'" Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments containing the specified principalId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 5: Get role assignments filter by roleDefinitionId --</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleAssignment -Filter "roleDefinitionId eq 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1'" Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 22223333-cccc-4444-dddd-5555eeee6666 cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 33334444-dddd-5555-eeee-6666ffff7777 dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 44445555-eeee-6666-ffff-7777aaaa8888 eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments containing the specified roleDefinitionId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 6: Get top two role assignments -----------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleAssignment -Top 2 Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 00001111-aaaa-2222-bbbb-3333cccc4444 aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / 11112222-bbbb-3333-cccc-4444dddd5555 bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets top two role assignments.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Get-EntraDirectoryRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirectoryRoleDefinition</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Gets information about role definitions in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirectoryRoleDefinition` cmdlet gets information about role definitions in Microsoft Entra ID. To get a role definition, specify the `UnifiedRoleDefinitionId` parameter. Specify the `SearchString` or `Filter` parameter to find particular role definition.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with one of the following permissions:</maml:para> <maml:para>- microsoft.directory/roleAssignments/standard/read (least privileged)</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/read</maml:para> <maml:para>- microsoft.directory/roleAssignments/allProperties/allTasks</maml:para> <maml:para></maml:para> <maml:para>The least privileged roles for this operation, from least to most privileged, are:</maml:para> <maml:para>- Directory Readers</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Privileged Role Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the UnifiedRoleDefinitionId of the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records that this cmdlet gets. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter string to match a set of role definitions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the UnifiedRoleDefinitionId of the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records that this cmdlet gets. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter string to match a set of role definitions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>`Get-EntraRoleDefinition` is an alias for `Get-EntraDirectoryRoleDefintion`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get all role definitions -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleDefinition DisplayName Id TemplateId Description ----------- -- ---------- ----------- Guest User 10dae51f-b6af-4016-8d66-8c2a99b929b3 10dae51f-b6af-4016-8d66-8c2a99b929b3 Default role for guest users. Can read a limited set of directory information. Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command returns all the role definitions present.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Get a role definition by UnifiedRoleDefinitionId -</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleDefinition -UnifiedRoleDefinitionId '1a327991-10cb-4266-877a-998fb4df78ec' DisplayName Id TemplateId Description ----------- -- ---------- ----------- Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command returns a specified role definition.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Filter role definitions by display name ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleDefinition -Filter "startsWith(displayName, 'Restricted')" DisplayName Id TemplateId Description ----------- -- ---------- ----------- Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command return all the role definitions containing the specified display name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 4: Get top two role definition ------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleDefinition -Top 2 DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- Restricted Guest User 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information. True True</dev:code> <dev:remarks> <maml:para>This command return top two the role definitions in Microsoft Entra DirectoryRoleId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 5: Filter role definitions by display name ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory','EntitlementManagement.Read.All' Get-EntraDirectoryRoleDefinition -SearchString 'Global' DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- Global Administrator 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 62e90394-69f5-4237-9190-012177145e10 Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identit… Global Reader 11bb11bb-cc22-dd33-ee44-55ff55ff55ff f2ef992c-3afb-46b9-b7cf-a126ee74c451 Can read everything that a Global Administrator can, but not update anything.</dev:code> <dev:remarks> <maml:para>This command return all the role definitions containing the specified display name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Get-EntraDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraDirectoryRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraDirectoryRoleAssignment</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraDirectoryRoleAssignment` cmdlet creates a new Microsoft Entra role assignment.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraDirectoryRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DirectoryScopeId</maml:name> <maml:description> <maml:para>Specifies the scope for the role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the principal for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the role definition for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DirectoryScopeId</maml:name> <maml:description> <maml:para>Specifies the scope for the role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the principal for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the role definition for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleAssignment</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`New-EntraRoleAssignment` is an alias for `New-EntraDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Create a new Microsoft Entra ID role assignment --</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory','EntitlementManagement.ReadWrite.All' $params = @{ RoleDefinitionId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' PrincipalId = 'aaaaaaaa-bbbb-cccc-1111-222222222222' DirectoryScopeId = '/' } New-EntraDirectoryRoleAssignment @params Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command creates a new role assignment in Microsoft Entra ID.</maml:para> <maml:para>- `-RoleDefinitionId` parameter specifies the ID of the role definition that you want to assign. Role definitions describe the permissions that are granted to users or groups by the role. This is the Identifier of the `unifiedRoleDefinition` the assignment is for.</maml:para> <maml:para>- `-PrincipalId` parameter specifies the ID of the principal (user, group, or service principal) to whom the role is being assigned.</maml:para> <maml:para>- `-DirectoryScopeId` parameter specifies the scope of the directory over which the role assignment is effective. The '/' value typically represents the root scope, meaning the role assignment is applicable across the entire directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/New-EntraDirectoryRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraDirectoryRoleDefinition</command:name> <command:verb>New</command:verb> <command:noun>EntraDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID roleDefinition.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Create a new Microsoft Entra ID roleDefinition object.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraDirectoryRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role isn't available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role isn't available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`New-EntraRoleDefinition` is an alias for `New-EntraDirectoryRoleDefintion`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Creates a new role definition -----------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' } New-EntraDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 93ff7659-04bd-4d97-8add-b6c992cce98e False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Creates a new role definition with Description parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' Description = 'Role Definition demo' } New-EntraDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 e14cb8e2-d696-4756-bd7f-c7df25271f3d Role Definition demo False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with Description parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-Description` parameter specifies the description for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Creates a new role definition with ResourceScopes parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' ResourceScopes = '/' } New-EntraDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 2bc29892-ca2e-457e-b7c0-03257a0bcd0c False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with ResourceScopes parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-ResourceScopes` parameter specifies the resource scopes for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Creates a new role definition with TemplateId parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' TemplateId = '4dd5aa9c-cf4d-4895-a993-740d342802b9' } New-EntraDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 4dd5aa9c-cf4d-4895-a993-740d342802b9 False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with TemplateId parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-TemplateId` parameter specifies the template ID for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: Creates a new role definition with Version parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' Version = '2' } New-EntraDirectoryRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 b69d16e9-b3f9-4289-a87f-8f796bd9fa28 False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with Version parameter.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-Version` parameter specifies the version for the role definition.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/New-EntraDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDirectoryRoleAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDirectoryRoleAssignment</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraDirectoryRoleAssignment` cmdlet removes a role assignment from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDirectoryRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleAssignmentId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Remove-EntraRoleAssignment` is an alias for `Remove-EntraDirectoryRoleAssignment`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Remove a role assignment -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory','EntitlementManagement.ReadWrite.All' Remove-EntraDirectoryRoleAssignment -UnifiedRoleAssignmentId Y1vFBcN4i0e3ngdNDocmngJAWGnAbFVAnJQyBBLv1lM-1</dev:code> <dev:remarks> <maml:para>This example removes the specified role assignment from Microsoft Entra ID.</maml:para> <maml:para>- `-Id` parameter specifies the role assignment ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Remove-EntraDirectoryRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDirectoryRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDirectoryRoleDefinition</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID Directory roleDefinition object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Delete a Microsoft Entra ID Directory roleDefinition object by ID.</maml:para> <maml:para>You can't delete built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDirectoryRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Remove-EntraRoleDefinition` is an alias for `Remove-EntraDirectoryRoleDefintion`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Remove a specified role definition --------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Remove-EntraDirectoryRoleDefinition -UnifiedRoleDefinitionId a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove the specified role definition from Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Remove-EntraDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraDirectoryRoleDefinition</command:name> <command:verb>Set</command:verb> <command:noun>EntraDirectoryRoleDefinition</command:noun> <maml:description> <maml:para>Update an existing Microsoft Entra ID roleDefinition.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Updates a Microsoft Entra roleDefinition object identified by ID. You can't update built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraDirectoryRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the roleDefinition object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition. List of permissions included in the role. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition. A custom template ID can be set when `isBuiltIn` is `false`. This ID is typically used to keep the same identifier across different directories. It is read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition. Indicates version of the role definition. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="Id"> <maml:name>UnifiedRoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the roleDefinition object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition. List of permissions included in the role. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition. A custom template ID can be set when `isBuiltIn` is `false`. This ID is typically used to keep the same identifier across different directories. It is read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition. Indicates version of the role definition. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`Set-EntraRoleDefinition` is an alias for `Set-EntraDirectoryRoleDefintion`.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Update an roleDefinition -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" Set-EntraDirectoryRoleDefinition -UnifiedRoleDefinitionId $roleDefinition.Id -DisplayName 'UpdatedDisplayName'</dev:code> <dev:remarks> <maml:para>This example updates the specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Update an roleDefinition with Description -----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" Set-EntraDirectoryRoleDefinition -UnifiedRoleDefinitionId $roleDefinition.Id -Description 'MYROLEUPDATE1S'</dev:code> <dev:remarks> <maml:para>This example updates the Description of specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-Description` parameter specifies the description for the role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Update an roleDefinition with IsEnabled ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" Set-EntraDirectoryRoleDefinition -UnifiedRoleDefinitionId $roleDefinition.Id -IsEnabled $true</dev:code> <dev:remarks> <maml:para>This example updates the IsEnabled of specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 4: Update an roleDefinition -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $roleDefinition = Get-EntraDirectoryRoleDefinition -Filter "DisplayName eq '<Role-Definition-Name>'" $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/standard/read") $params = @{ UnifiedRoleDefinitionId = $roleDefinition.Id Description = 'Update' DisplayName = 'Update' ResourceScopes = '/' IsEnabled = $false RolePermissions = $RolePermissions TemplateId = '54d418b2-4cc0-47ee-9b39-e8f84ed8e073' Version = 2 } Set-EntraDirectoryRoleDefinition @params</dev:code> <dev:remarks> <maml:para>This example updates the RolePermissions, TemplateId, TemplateId, ResourceScopes of specified role definition in Microsoft Entra ID.</maml:para> <maml:para>- `-UnifiedRoleDefinitionId` parameter specifies the roleDefinition object ID.</maml:para> <maml:para>- `-RolePermissions` parameter specifies the permissions for the role definition.</maml:para> <maml:para>- `-IsEnabled` parameter specifies whether the role definition is enabled.</maml:para> <maml:para>- `-DisplayName` parameter specifies the display name for the role definition.</maml:para> <maml:para>- `-Description` parameter specifies the description for the role definition.</maml:para> <maml:para>- `-ResourceScopes` parameter specifies the resource scopes for the role definition.</maml:para> <maml:para>- `-TemplateId` parameter specifies the template ID for the role definition.</maml:para> <maml:para>- `-Version` parameter specifies the version for the role definition.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Entra/Set-EntraDirectoryRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDirectoryRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |