Microsoft.Graph.Entra-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraAdministrativeUnitMember</command:name> <command:verb>Add</command:verb> <command:noun>EntraAdministrativeUnitMember</command:noun> <maml:description> <maml:para>Adds an administrative unit member.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Add-EntraAdministrativeUnitMember cmdlet adds a Microsoft Entra ID administrative unit member.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraAdministrativeUnitMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a Microsoft Entra ID administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the specific Microsoft Entra ID object that are as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a Microsoft Entra ID administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the specific Microsoft Entra ID object that are as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Add user as an administrative unit member -----</maml:title> <dev:code>PS C:\>Add-EntraAdministrativeUnitMember -Id f306a126-cf2e-439d-b20f-95ce4bcb7ffa -RefObjectId d6873b36-81d6-4c5e-bec0-9e3ca2c86846</dev:code> <dev:remarks> <maml:para>This command adds a user as an administrative unit member.</maml:para> <maml:para>`-Id` - specifies the unique identifier (ID) of the administrative unit to which you want to add a member. In this example, `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` represents the ID of the administrative unit.</maml:para> <maml:para>`-RefObjectId` - specifies the unique identifier (Object ID) of the user or group you want to add as a member of the administrative unit. In this example, `dddddddd-3333-4444-5555-eeeeeeeeeeee` is the Object ID of the user or group being added.</maml:para> <maml:para>Administrative units can help manage permissions and access in a more granular way, especially in large organizations or in scenarios where administrative responsibilities are divided among different departments or regions.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraAdministrativeUnitMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAdministrativeUnitMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraAdministrativeUnitMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraApplicationOwner</command:name> <command:verb>Add</command:verb> <command:noun>EntraApplicationOwner</command:noun> <maml:description> <maml:para>Adds an owner to an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Add-EntraApplicationOwner` cmdlet adds an owner to a Microsoft Entra ID application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraApplicationOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Add a user as an owner to an application -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $ApplicationId = (Get-EntraApplication -Top 1).ObjectId $UserObjectId = (Get-EntraUser -Top 1).ObjectId Add-EntraApplicationOwner -ObjectId $ApplicationId -RefObjectId $UserObjectId</dev:code> <dev:remarks> <maml:para>- The first command gets an application using Get-EntraApplication (./Get-EntraApplication.md)cmdlet, and stores the ObjectId property value in $ApplicationId variable. - The second command gets a user using Get-EntraUser (./Get-EntraUser.md)cmdlet, and stores the ObjectId property value in $UserObjectId variable. - This final command adds an owner in $UserObjectId to an application in $ApplicationId.</maml:para> <maml:para>This command adds an owner to an application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraApplicationOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraDeviceRegisteredOwner</command:name> <command:verb>Add</command:verb> <command:noun>EntraDeviceRegisteredOwner</command:noun> <maml:description> <maml:para>Adds a registered owner for a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Add-EntraDeviceRegisteredOwner` cmdlet adds a registered owner for a Microsoft Entra ID device.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraDeviceRegisteredOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Active Directory object to add.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Active Directory object to add.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.ReadWrite.All' $DeviceId = (Get-EntraDevice -top 1).ObjectId $UserObjectId = (Get-EntraUser -Top 1).ObjectId Add-EntraDeviceRegisteredOwner -ObjectId $DeviceId -RefObjectId $UserObjectId</dev:code> <dev:remarks> <maml:para>This examples shows how to add a registered owner to a device.</maml:para> <maml:para>`-ObjectId` - specifies the unique identifier (Object ID) of the device to which you want to add a registered owner. The $DeviceId variable should contain the Object ID of the device.</maml:para> <maml:para>`-RefObjectId` - specifies the unique identifier (Object ID) of the user who will be added as a registered owner of the device. The $UserObjectId variable should contain the Object ID of the user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeviceRegisteredOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDeviceRegisteredOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraDeviceRegisteredUser</command:name> <command:verb>Add</command:verb> <command:noun>EntraDeviceRegisteredUser</command:noun> <maml:description> <maml:para>Adds a registered user for a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Add-EntraDeviceRegisteredUser` cmdlet adds a registered user for a Microsoft Entra ID device.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraDeviceRegisteredUser</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Add a user as a registered user ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.ReadWrite.All' $User = Get-EntraUser -Top 1 $Device = Get-EntraDevice -Top 1 Add-EntraDeviceRegisteredUser -ObjectId $Device.ObjectId -RefObjectId $User.ObjectId</dev:code> <dev:remarks> <maml:para>This example shows how to add a registered user to a device.</maml:para> <maml:para>- `-ObjectId` - specifies the unique identifier (Object ID) of the device to which you want to add a registered user. The $Device.ObjectId variable should contain the Object ID of the device.</maml:para> <maml:para>- `-RefObjectId` - specifies the unique identifier (Object ID) of the user who will be added as a registered user of the device. The $User.ObjectId variable should contain the Object ID of the user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraDeviceRegisteredUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeviceRegisteredUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDeviceRegisteredUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraDirectoryRoleMember</command:name> <command:verb>Add</command:verb> <command:noun>EntraDirectoryRoleMember</command:noun> <maml:description> <maml:para>Adds a member to a directory role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Add-EntraDirectoryRoleMember` cmdlet adds a member to a Microsoft Entra ID role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraDirectoryRoleMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Add a member to a Microsoft Entra ID role -----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Add-EntraDirectoryRoleMember -ObjectId '019ea7a2-1613-47c9-81cb-20ba35b1ae48' -RefObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc'</dev:code> <dev:remarks> <maml:para>This command adds a member to a directory role.</maml:para> <maml:para>- `ObjectId` parameter specifies the ID of the directory role to which the member will be added. Use the `Get-EntraDirectoryRole` command to retrieve the details of the directory role.</maml:para> <maml:para>- `RefObjectId` parameter specifies the ID of Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraDirectoryRoleMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDirectoryRoleMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraEnvironment</command:name> <command:verb>Add</command:verb> <command:noun>EntraEnvironment</command:noun> <maml:description> <maml:para>Adds Microsoft Entra environment to the settings file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Adds Microsoft Entra environment to the settings file.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraEnvironment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GraphEndpoint</maml:name> <maml:description> <maml:para>Specifies the GraphEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AzueADEndpoint</maml:name> <maml:description> <maml:para>Specifies the AzureADEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GraphEndpoint</maml:name> <maml:description> <maml:para>Specifies the GraphEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AzueADEndpoint</maml:name> <maml:description> <maml:para>Specifies the AzureADEndpoint URL of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Add a user defined environment ----------</maml:title> <dev:code>$params = @{ Name = 'Canary' GraphEndpoint = 'https://canary.graph.microsoft.com' AzureADEndpoint = 'https://login.microsoftonline.com' } Add-EntraEnvironment @params Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- Canary https://login.microsoftonline.com https://microsoftgraph.com User-defined {}</dev:code> <dev:remarks> <maml:para>Adds a user-defined Entra environment to the settings file.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraEnvironment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraEnvironment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraGroupMember</command:name> <command:verb>Add</command:verb> <command:noun>EntraGroupMember</command:noun> <maml:description> <maml:para>Adds a member to a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Add-EntraGroupMember cmdlet adds a member to a group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraGroupMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object that assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object that assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Add a member to a group --------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.ReadWrite.All' Add-EntraGroupMember -ObjectId 'dddddddd-2222-3333-5555-rrrrrrrrrrrr' -RefObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc'</dev:code> <dev:remarks> <maml:para>This command is used to add a member to a group. The `-ObjectId` parameter specifies the ID of the group to which the member should be added. The `-RefObjectId` parameter specifies the ID of the member to be added to the group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraGroupMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraGroupOwner</command:name> <command:verb>Add</command:verb> <command:noun>EntraGroupOwner</command:noun> <maml:description> <maml:para>Adds an owner to a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Add-EntraGroupOwner cmdlet adds an owner to a Microsoft Entra ID group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraGroupOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object that will be assigned as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object that will be assigned as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Add an owner to a group --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Add-EntraGroupOwner -ObjectId 'hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq' -RefObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc'</dev:code> <dev:remarks> <maml:para>This command is used to add an owner to a group. The `-ObjectId` parameter specifies the ID of the group to which the owner should be added. The `-RefObjectId` parameter specifies the ID of the owner to be added to the group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraGroupOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraLifecyclePolicyGroup</command:name> <command:verb>Add</command:verb> <command:noun>EntraLifecyclePolicyGroup</command:noun> <maml:description> <maml:para>Adds a group to a lifecycle policy</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Add-EntraLifecyclePolicyGroup cmdlet adds a group to a lifecycle policy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraLifecyclePolicyGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the lifecycle policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the lifecycle policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Add a group to the lifecycle policy --------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All' Add-EntraLifecyclePolicyGroup -Id '2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6' -groupId 'hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq'</dev:code> <dev:remarks> <maml:para>This command adds a group to a Microsoft Lifecycle Policy. The `-Id` parameter specifies the ID of the Lifecycle Policy to which the group should be added. The `-groupId` parameter specifies the ID of the group to be added to the Lifecycle Policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraLifecyclePolicyGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraScopedRoleMembership</command:name> <command:verb>Add</command:verb> <command:noun>EntraScopedRoleMembership</command:noun> <maml:description> <maml:para>Adds a scoped role membership to an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Add-EntraScopedRoleMembership` cmdlet adds a scoped role membership to an administrative unit. Specify `-ObjectId` parameter to add a scoped role membership.</maml:para> <maml:para>For delegated scenarios, the calling user needs at least the Privileged Role Administrator Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraScopedRoleMembership</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleMemberInfo</maml:name> <maml:description> <maml:para>Specifies a RoleMemberInfo object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.MsRoleMemberInfo</command:parameterValue> <dev:type> <maml:name>System.MsRoleMemberInfo</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleMemberInfo</maml:name> <maml:description> <maml:para>Specifies a RoleMemberInfo object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.MsRoleMemberInfo</command:parameterValue> <dev:type> <maml:name>System.MsRoleMemberInfo</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Add a scoped role membership to an administrative unit</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $User = Get-EntraUser -SearchString 'MarkWood' $Role = Get-EntraDirectoryRole -Filter "DisplayName eq 'User Administrator'" $Unit = Get-EntraAdministrativeUnit -Filter "DisplayName eq 'New MSAdmin unit'" $RoleMember = New-Object -TypeName Microsoft.Open.MSGraph.Model.MsRolememberinfo $RoleMember.Id = $User.ObjectID $params = @{ ObjectId = $unit.ObjectId RoleObjectId = $Role.ObjectId RoleMemberInfo = $RoleMember } Add-EntraScopedRoleMembership @params Id AdministrativeUnitId RoleId -- -------------------- ------ dddddddddddd-bbbb-aaaa-bbbb-cccccccccccc aaaaaaaa-bbbb-aaaa-bbbb-cccccccccccc bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>The example shows how to add a user to the specified role within the specified administrative unit.</maml:para> <maml:para>- `-ObjectId` Paramater specifies the ID of an administrative unit.</maml:para> <maml:para>- `-RoleObjectId` Paramater specifies the ID of a directory role.</maml:para> <maml:para>- `-RoleMemberInfo` Paramater specifies a RoleMemberInfo object.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraScopedRoleMembership</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraScopedRoleMembership</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraScopedRoleMembership</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraServicePrincipalDelegatedPermissionClassification</command:name> <command:verb>Add</command:verb> <command:noun>EntraServicePrincipalDelegatedPermissionClassification</command:noun> <maml:description> <maml:para>Add a classification for a delegated permission.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Add-EntraServicePrincipalDelegatedPermissionClassification cmdlet creates a delegated permission classification for the given permission on service principal.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraServicePrincipalDelegatedPermissionClassification</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionId</maml:name> <maml:description> <maml:para>The id for a delegated permission.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionName</maml:name> <maml:description> <maml:para>The name for a delegated permission.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Classification</maml:name> <maml:description> <maml:para>The classification for a delegated permission. This parameter can take one of the following values:</maml:para> <maml:para>- Low: Specifies a classification for a permission as low impact.</maml:para> <maml:para>- Medium: Specifies a classification for a permission as medium impact.</maml:para> <maml:para>- High: Specifies a classification for a permission as high impact.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ClassificationEnum</command:parameterValue> <dev:type> <maml:name>ClassificationEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionId</maml:name> <maml:description> <maml:para>The id for a delegated permission.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionName</maml:name> <maml:description> <maml:para>The name for a delegated permission.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Classification</maml:name> <maml:description> <maml:para>The classification for a delegated permission. This parameter can take one of the following values:</maml:para> <maml:para>- Low: Specifies a classification for a permission as low impact.</maml:para> <maml:para>- Medium: Specifies a classification for a permission as medium impact.</maml:para> <maml:para>- High: Specifies a classification for a permission as high impact.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ClassificationEnum</command:parameterValue> <dev:type> <maml:name>ClassificationEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Online.Administration.DelegatedPermissionClassification</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Create Delegated Permission Classification ----</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $ServicePrincipal = Get-EntraServicePrincipal -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' $PermissionId = $ServicePrincipal.Oauth2PermissionScopes[0].Id $PermissionName = $ServicePrincipal.Oauth2PermissionScopes[0].Value $params = @{ ServicePrincipalId = $ServicePrincipal.Id PermissionId = $PermissionId Classification = 'Low' PermissionName = $PermissionName } Add-EntraServicePrincipalDelegatedPermissionClassification @params Id Classification PermissionId PermissionName -- -------------- ------------ -------------- eszf101IRka9VZoGVVnbBgE low 205e70e5-aba6-4c52-a976-6d2d46c48043 Sites.Read.All</dev:code> <dev:remarks> <maml:para>This command creates a delegated permission classification for the given permission on the service principal.</maml:para> <maml:para>- The first command get the specified service principal using Get-EntraServicePrincipal (Get-EntraServicePrincipal.md)cmdlet and stores it in $ServicePrincipal. - The second command gets the Id from first item in Oauth2PermissionScopes list from the retrieved service principal.</maml:para> <maml:para>- The third command gets the value from first item in Oauth2PermissionScopes list from the retrieved service principal. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraServicePrincipalDelegatedPermissionClassification</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalDelegatedPermissionClassification</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalDelegatedPermissionClassification</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Add-EntraServicePrincipalOwner</command:name> <command:verb>Add</command:verb> <command:noun>EntraServicePrincipalOwner</command:noun> <maml:description> <maml:para>Adds an owner to a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Add-EntraServicePrincipalOwner cmdlet adds an owner to a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Add-EntraServicePrincipalOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Add a user as an owner to a service principal ---</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId $OwnerId = (Get-EntraUser -Top 1).ObjectId Add-EntraServicePrincipalOwner -ObjectId $ServicePrincipalId -RefObjectId -$OwnerId</dev:code> <dev:remarks> <maml:para>This example demonstrates how to add an owner to a service principal.</maml:para> <maml:para>- The first command gets the object ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet, and then stores it in the $ServicePrincipalId variable.</maml:para> <maml:para>- The second command gets the object ID a user by using the Get-EntraUser (./Get-EntraUser.md) cmdlet, and then stores it in the $OwnerId variable.</maml:para> <maml:para>- The final command adds the user specified by $OwnerId an owner to a service principal specified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Add-EntraServicePrincipalOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Confirm-EntraDomain</command:name> <command:verb>Confirm</command:verb> <command:noun>EntraDomain</command:noun> <maml:description> <maml:para>Validate the ownership of a domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Confirm-EntraDomain` cmdlet validates the ownership of a Microsoft Entra ID domain.</maml:para> <maml:para>The work or school account needs to belong to at least the Domain Name Administrator Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Confirm-EntraDomain</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CrossCloudVerificationCode</maml:name> <maml:description> <maml:para>The cross-cloud domain verification code.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CrossCloudVerificationCodeBody</command:parameterValue> <dev:type> <maml:name>CrossCloudVerificationCodeBody</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CrossCloudVerificationCode</maml:name> <maml:description> <maml:para>The cross-cloud domain verification code.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CrossCloudVerificationCodeBody</command:parameterValue> <dev:type> <maml:name>CrossCloudVerificationCodeBody</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Confirm the domain ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' Confirm-EntraDomain -Name Contoso.com</dev:code> <dev:remarks> <maml:para>This command confirms your domain; changing the status to "Verified".</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Confirm the domain with a cross cloud verification code</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' Confirm-EntraDomain -Name Contoso.com -CrossCloudVerificationCode ms84324896</dev:code> <dev:remarks> <maml:para>This command confirms your domain for dual federation scenarios.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Confirm-EntraDomain</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Connect-Entra</command:name> <command:verb>Connect</command:verb> <command:noun>Entra</command:noun> <maml:description> <maml:para>Connect to Microsoft Entra ID with an authenticated account.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Connect-Entra` cmdlet connects to Microsoft Entra ID with an authenticated account.</maml:para> <maml:para>Several authentication scenarios are supported based on your use case, such as delegated (interactive) and app-only (non-interactive).</maml:para> <maml:para>`Connect-Entra` is an alias for `Connect-MgGraph`.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CertificateThumbprint</maml:name> <maml:description> <maml:para>Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Certificate</maml:name> <maml:description> <maml:para>An X.509 certificate supplied during invocation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificateSubject, CertificateName"> <maml:name>CertificateSubjectName</maml:name> <maml:description> <maml:para>The subject distinguished name of a certificate. The certificate is retrieved from the current user's certificate store.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Scopes</maml:name> <maml:description> <maml:para>An array of delegated permissions to consent to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UseDeviceAuthentication, DeviceCode, DeviceAuth, Device"> <maml:name>UseDeviceCode</maml:name> <maml:description> <maml:para>Use device code authentication instead of a browser control.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ManagedIdentity, ManagedServiceIdentity, MSI"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Sign-in using a managed identity</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SecretCredential, Credential"> <maml:name>ClientSecretCredential</maml:name> <maml:description> <maml:para>The PSCredential object provides the application ID and client secret for service principal credentials. For more information about the PSCredential object, type Get-Help Get-Credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>Specifies a bearer token for Microsoft Entra service. Access tokens do time out and you have to handle their refresh.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Connect-Entra</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Process</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">CurrentUser</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>EnvironmentVariable</maml:name> <maml:description> <maml:para>Allows for authentication using environment variables configured on the host machine. See <https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#environment-variables></maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CertificateThumbprint</maml:name> <maml:description> <maml:para>Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="AppId, ApplicationId"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>Specifies the application ID of the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Audience, Tenant"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the ID of a tenant.</maml:para> <maml:para>If you don't specify this parameter, the account is authenticated with the home tenant.</maml:para> <maml:para>You must specify the TenantId parameter to authenticate as a service principal or when using Microsoft account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccessToken</maml:name> <maml:description> <maml:para>Specifies a bearer token for Microsoft Entra service. Access tokens do time out and you have to handle their refresh.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientTimeout</maml:name> <maml:description> <maml:para>Sets the HTTP client timeout in seconds.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Double</command:parameterValue> <dev:type> <maml:name>System.Double</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ContextScope</maml:name> <maml:description> <maml:para>Determines the scope of authentication context. This ContextScope accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ContextScope</command:parameterValue> <dev:type> <maml:name>ContextScope</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="EnvironmentName, NationalCloud"> <maml:name>Environment</maml:name> <maml:description> <maml:para>The name of the national cloud environment to connect to. By default global cloud is used.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>NoWelcome</maml:name> <maml:description> <maml:para>Hides the welcome message.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none"> <maml:name>Scopes</maml:name> <maml:description> <maml:para>An array of delegated permissions to consent to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="UseDeviceAuthentication, DeviceCode, DeviceAuth, Device"> <maml:name>UseDeviceCode</maml:name> <maml:description> <maml:para>Use device code authentication instead of a browser control.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Certificate</maml:name> <maml:description> <maml:para>An X.509 certificate supplied during invocation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">X509Certificate2</command:parameterValue> <dev:type> <maml:name>X509Certificate2</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="CertificateSubject, CertificateName"> <maml:name>CertificateSubjectName</maml:name> <maml:description> <maml:para>The subject distinguished name of a certificate. The certificate is retrieved from the current user's certificate store.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="SecretCredential, Credential"> <maml:name>ClientSecretCredential</maml:name> <maml:description> <maml:para>The PSCredential object provides the application ID and client secret for service principal credentials. For more information about the PSCredential object, type Get-Help Get-Credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue> <dev:type> <maml:name>PSCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>EnvironmentVariable</maml:name> <maml:description> <maml:para>Allows for authentication using environment variables configured on the host machine. See <https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#environment-variables></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="ManagedIdentity, ManagedServiceIdentity, MSI"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Sign-in using a managed identity</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ActionPreference</command:parameterValue> <dev:type> <maml:name>ActionPreference</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Delegated access: Connect a PowerShell session to a tenant</maml:title> <dev:code>Connect-Entra</dev:code> <dev:remarks> <maml:para>This example shows how to connect your current PowerShell session to a Microsoft Entra ID tenant using credentials.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Delegated access: Connect a PowerShell session to a tenant with required scopes</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All', 'Group.ReadWrite.All' Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example shows how to authenticate to Microsoft Entra ID with scopes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Delegated access: Using an access token ------</maml:title> <dev:code>$secureString = ConvertTo-SecureString -String $AccessToken -AsPlainText -Force Connect-Entra -AccessToken $secureString Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example shows how to interactively authenticate to Microsoft Entra ID using an access token.</maml:para> <maml:para>For more information on how to get or create access token, see Request an access token (https://learn.microsoft.com/graph/auth-v2-user#3-request-an-access-token).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4: Delegated access: Using device code flow -----</maml:title> <dev:code>Connect-Entra -UseDeviceCode To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code A1B2CDEFGH to authenticate.</dev:code> <dev:remarks> <maml:para>This example shows how to interactively authenticate to Microsoft Entra ID using device code flow.</maml:para> <maml:para>For more information, see Device Code flow (https://learn.microsoft.com/entra/identity-platform/v2-oauth2-device-code).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: App-only access: Using client credential with a Certificate thumbprint</maml:title> <dev:code>$connectParams = @{ TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' ApplicationId = '00001111-aaaa-2222-bbbb-3333cccc4444' CertificateThumbprint = 'AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00' } Connect-Entra @connectParams Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example shows how to authenticate using an ApplicationId and CertificateThumbprint.</maml:para> <maml:para>For more information on how to get or create CertificateThumbprint, see Authenticate with app-only access (https://learn.microsoft.com/powershell/entra-powershell/app-only-access-auth).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 6: App-only access: Using client credential with a certificate name</maml:title> <dev:code>$params = @{ ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444' TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' CertificateName = 'YOUR_CERT_SUBJECT' } Connect-Entra @params $Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint Connect-Entra -ClientId '<App-Id>' -TenantId '<Tenant-Id>' -Certificate $Cert</dev:code> <dev:remarks> <maml:para>You can find the certificate subject by running the above command.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 7: App-only access: Using client credential with a certificate</maml:title> <dev:code>$Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint $params = @{ ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444' TenantId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' Certificate = $Cert } Connect-Entra @params</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 8: App-only access: Using client secret credentials -</maml:title> <dev:code>$ClientSecretCredential = Get-Credential -Credential '00001111-aaaa-2222-bbbb-3333cccc4444' # Enter client_secret in the password prompt. Connect-Entra -TenantId 'aaaabbbb-0000-cccc-1111-dddd2222eeee' -ClientSecretCredential $ClientSecretCredential</dev:code> <dev:remarks> <maml:para>This authentication method is ideal for background interactions.</maml:para> <maml:para>For more information on how to get credential, see Get-Credential (https://learn.microsoft.com/powershell/module/microsoft.powershell.security/get-credential)command.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 9: App-only access: Using managed identity: System-assigned managed identity</maml:title> <dev:code>Connect-Entra -Identity</dev:code> <dev:remarks> <maml:para>Uses an automatically managed identity on a service instance. The identity is tied to the lifecycle of a service instance.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 10: App-only access: Using managed identity: User-assigned managed identity</maml:title> <dev:code>Connect-Entra -Identity -ClientId 'User_Assigned_Managed_identity_Client_Id'</dev:code> <dev:remarks> <maml:para>Uses a user created managed identity as a standalone Azure resource.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 11: Connecting to an environment as a different identity</maml:title> <dev:code>Connect-Entra -ContextScope 'Process' Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>To connect as a different identity other than CurrentUser, specify the ContextScope parameter with the value Process.</maml:para> <maml:para>For more information on how to get the current context, see Get-EntraContext (https://learn.microsoft.com/powershell/module/microsoft.graph.entra/get-entracontext)command.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 12: Connecting to an environment or cloud ------</maml:title> <dev:code>Get-EntraEnvironment Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- China https://login.chinacloudapi.cn https://microsoftgraph.chinacloudapi.cn Built-in Global https://login.microsoftonline.com https://graph.microsoft.com Built-in USGov https://login.microsoftonline.us https://graph.microsoft.us Built-in USGovDoD https://login.microsoftonline.us https://dod-graph.microsoft.us Built-in Connect-Entra -Environment 'Global'</dev:code> <dev:remarks> <maml:para>When you use Connect-Entra, you can choose to target other environments. By default, Connect-Entra targets the global public cloud.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 13: Sets the HTTP client timeout in seconds -----</maml:title> <dev:code>Connect-Entra -ClientTimeout 60 Welcome to Microsoft Graph!</dev:code> <dev:remarks> <maml:para>This example Sets the HTTP client timeout in seconds.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 14: Hides the welcome message ------------</maml:title> <dev:code>Connect-Entra -NoWelcome</dev:code> <dev:remarks> <maml:para>This example hides the welcome message.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 15: Allows for authentication using environment variables</maml:title> <dev:code>Connect-Entra -EnvironmentVariable</dev:code> <dev:remarks> <maml:para>This example allows for authentication using environment variables.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Connect-Entra</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Disconnect-Entra</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Convert-EntraFederatedUser</command:name> <command:verb>Convert</command:verb> <command:noun>EntraFederatedUser</command:noun> <maml:description> <maml:para>Updates a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Convert-EntraFederatedUser` cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user.</maml:para> <maml:para>This process writes the new password to Microsoft Entra ID and, if configured with password writeback, pushes it to on-premises Active Directory. The admin can provide a new password or let the system generate one. The user will be prompted to change their password at their next sign-in.</maml:para> <maml:para>For delegated scenarios, the administrator needs at least the Authentication Administrator or Privileged Authentication Administrator Microsoft Entra role.</maml:para> <maml:para>Admins with User Administrator, Helpdesk Administrator, or Password Administrator roles can also reset passwords for non-admin users and a limited set of admin roles.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Convert-EntraFederatedUser</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>The Microsoft Entra ID UserID for the user to convert.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none"> <maml:name>NewPassword</maml:name> <maml:description> <maml:para>The new password of the user.</maml:para> <maml:para>The new password is required for tenants with hybrid password scenarios. If omitted for a cloud-only password, the system generates a password. This password is a Unicode string with no other encoding. It is validated against the tenant's banned password system before acceptance and must meet the tenant's cloud and/or on-premises password requirements.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="none"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>The Microsoft Entra ID UserID for the user to convert.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none"> <maml:name>NewPassword</maml:name> <maml:description> <maml:para>The new password of the user.</maml:para> <maml:para>The new password is required for tenants with hybrid password scenarios. If omitted for a cloud-only password, the system generates a password. This password is a Unicode string with no other encoding. It is validated against the tenant's banned password system before acceptance and must meet the tenant's cloud and/or on-premises password requirements.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>- For more information, see resetPassword (/graph/api/authenticationmethod-resetpassword).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- EXAMPLE 1: Update a user in a domain -------------</maml:title> <dev:code>Connect-Entra -Scopes 'UserAuthenticationMethod.ReadWrite.All' Convert-EntraFederatedUser -UserPrincipalName 'pattifuller@contoso.com'</dev:code> <dev:remarks> <maml:para>This command updates a user in a domain.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Convert-EntraFederatedUser</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Disconnect-Entra</command:name> <command:verb>Disconnect</command:verb> <command:noun>Entra</command:noun> <maml:description> <maml:para>Disconnects the current session from a Microsoft Entra ID tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Disconnect-Entra cmdlet disconnects the current session from a Microsoft Entra ID tenant.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Disconnect-Entra</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Disconnect your session from a tenant -------</maml:title> <dev:code>Disconnect-Entra ClientId : 00001111-aaaa-2222-bbbb-3333cccc4444 TenantId : bbbbcccc-1111-dddd-2222-eeee3333ffff Scopes : {Agreement.ReadWrite.All, CustomSecAttributeDefinition.ReadWrite.All, TeamMember.Read.All...} AuthType : AppOnly TokenCredentialType : ClientCertificate CertificateThumbprint : AA11BB22CC33DD44EE55FF66AA77BB88CC99DD00 CertificateSubjectName : Account : AppName : MG_graph_auth ContextScope : Process Certificate : PSHostVersion : 5.1.22621.2506 ManagedIdentityId : ClientSecret : Environment : Global</dev:code> <dev:remarks> <maml:para>This command disconnects your session from a tenant.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Disconnect-Entra</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Connect-Entra</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Enable-EntraAzureADAlias</command:name> <command:verb>Enable</command:verb> <command:noun>EntraAzureADAlias</command:noun> <maml:description> <maml:para>Enables aliases for AzureAD modules.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Enables aliases for Azure AD modules.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Enable-EntraAzureADAlias</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Enable-EntraAzureADAlias</dev:code> <dev:remarks> <maml:para>Enables all Azure AD prefixes for the current PowerShell session.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Enable-EntraAzureADAlias</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Enable-EntraDirectoryRole</command:name> <command:verb>Enable</command:verb> <command:noun>EntraDirectoryRole</command:noun> <maml:description> <maml:para>Activates an existing directory role in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Enable-EntraDirectoryRole` cmdlet activates an existing directory role in Microsoft Entra ID.</maml:para> <maml:para>The Company Administrators and the default user directory roles (User, Guest User, and Restricted Guest User) are activated by default. To access and assign members to other directory roles, you must first activate them using their corresponding directory role template ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Enable-EntraDirectoryRole</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleTemplateId</maml:name> <maml:description> <maml:para>The ID of the directoryRoleTemplate that the role is based on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleTemplateId</maml:name> <maml:description> <maml:para>The ID of the directoryRoleTemplate that the role is based on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>- For additional details see Activate directoryRole (/graph/api/directoryrole-post-directoryroles).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Enable a directory role --------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $InviterRole = Get-EntraDirectoryRoleTemplate | Where-Object {$_.DisplayName -eq 'Guest Inviter'} Enable-EntraDirectoryRole -RoleTemplateId $InviterRole.ObjectId DeletedDateTime Id Description DisplayName RoleTemplateId --------------- -- ----------- ----------- -------------- b5baa59b-86ab-4053-ac3a-0396116d1924 Guest Inviter has access to invite guest users. Guest Inviter 92ed04bf-c94a-4b82-9729-b799a7a4c178</dev:code> <dev:remarks> <maml:para>The example shows how to enable the directory role.</maml:para> <maml:para>You can use `Get-EntraDirectoryRoleTemplate` to fetch a specific directory role to activate.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Enable-EntraDirectoryRole</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRole</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleTemplate</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Find-EntraPermission</command:name> <command:verb>Find</command:verb> <command:noun>EntraPermission</command:noun> <maml:description> <maml:para>Helps users determine the necessary permissions for resources and identify the appropriate permissions required for various commands.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Find-EntraPermission` cmdlet helps users determine the necessary permissions for resources and identify the appropriate permissions required for various commands.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Find-EntraPermission</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True" position="1" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies the filter for the permissions e.g. domain and scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>Sets if the cmdlet will return all parameters.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExactMatch</maml:name> <maml:description> <maml:para>Sets if Search String should be an exact match.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Online</maml:name> <maml:description> <maml:para></maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specifies the type of Permission e.g. Delegated or Application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="progra"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>Specifics the progra option.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True" position="1" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies the filter for the permissions e.g. domain and scope.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>Sets if the cmdlet will return all parameters.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExactMatch</maml:name> <maml:description> <maml:para>Sets if Search String should be an exact match.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Online</maml:name> <maml:description> <maml:para></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specifies the type of Permission e.g. Delegated or Application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="progra"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para>Specifics the progra option.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Get a list of all Application permissions -----</maml:title> <dev:code>Find-EntraPermission application PermissionType: Delegated Id Consent Name Description -- ------- ---- ----------- c79f8feb-a9db-4090-85f9-90d820caa0eb Admin Application.Read.All Allows the app to read applications and service principals on behalf of the signed-in user. bdfbf15f-ee85-4955-8675-146e8e5296b5 Admin Application.ReadWrite.All Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants. PermissionType: Application Id Consent Name Description -- ------- ---- ----------- 9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30 Admin Application.Read.All Allows the app to read all applications and service principals without a signed-in user. 1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9 Admin Application.ReadWrite.All Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants. 18a4783c-866b-4cc7-a460-3d5e5662c884 Admin Application.ReadWrite.OwnedBy Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user...</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title> Example 2. Get a list of permissions for the Read permissions </maml:title> <dev:code>Find-EntraPermission application.Read | Format-List Id : c79f8feb-a9db-4090-85f9-90d820caa0eb PermissionType : Delegated Consent : Admin Name : Application.Read.All Description : Allows the app to read applications and service principals on behalf of the signed-in user. Id : bdfbf15f-ee85-4955-8675-146e8e5296b5 PermissionType : Delegated Consent : Admin Name : Application.ReadWrite.All Description : Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants. Id : 9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30 PermissionType : Application Consent : Admin Name : Application.Read.All Description : Allows the app to read all applications and service principals without a signed-in user.</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3. Search for permissions with exact match ------</maml:title> <dev:code>Find-EntraPermission -SearchString 'User.Read.All' -ExactMatch PermissionType: Delegated Id Consent Name Description -- ------- ---- ----------- a154be20-db9c-4678-8ab7-66f6cc099a59 Admin User.Read.All Allows the app to read the full set of profile properties, reports, and ma… PermissionType: Application Id Consent Name Description -- ------- ---- ----------- df021288-bdef-4463-88db-98f22de89214 Admin User.Read.All Allows the app to read user profiles without a signed in user.</dev:code> <dev:remarks> <maml:para>This example demonstrates how to search for permissions that exactly match a specified permission name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4. Get all permissions of the specified type -----</maml:title> <dev:code>Find-EntraPermission -PermissionType 'Delegated' Id Consent Name Description -- ------- ---- ----------- ebfcd32b-babb-40f4-a14b-42706e83bd28 Admin AccessReview.Read.All Allows the app to read access re… e4aa47b9-9a69-4109-82ed-36ec70d85ff1 Admin AccessReview.ReadWrite.All Allows the app to read, update, … 5af8c3f5-baca-439a-97b0-ea58a435e269 Admin AccessReview.ReadWrite.Membership Allows the app to read,</dev:code> <dev:remarks> <maml:para>This examples shows how to get all permissions of a specified type e.g. `Delegated` or `Application` permissions.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Find-EntraPermission</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-CrossCloudVerificationCode</command:name> <command:verb>Get</command:verb> <command:noun>CrossCloudVerificationCode</command:noun> <maml:description> <maml:para>Gets the verification code used to validate the ownership of the domain in another connected cloud. Important: Only applies to a verified domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para></maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-CrossCloudVerificationCode</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Online.Administration.GetCrossCloudVerificationCodeResponse</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Get the cross cloud verification code -------</maml:title> <dev:code>PS C:\>Get-CrossCloudVerificationCode -Name Contoso.com</dev:code> <dev:remarks> <maml:para>This command returns a string that can be used to enable cross cloud federation scenarios.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraAccountSku</command:name> <command:verb>Get</command:verb> <command:noun>EntraAccountSku</command:noun> <maml:description> <maml:para>Retrieves all the SKUs for a company.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraAccountSku` retrieves the list of commercial subscriptions acquired by an organization.</maml:para> <maml:para>To map license names as displayed in the Microsoft Entra admin center or the Microsoft 365 admin center to their Microsoft Graph skuId and skuPartNumber properties, refer to the provided mapping information.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraAccountSku</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- EXAMPLE 1: Gets a list of SKUs ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraAccountSku Id AccountId AccountName AppliesTo -- --------- ----------- ------- eeeeeeee-4444-5555-6666-ffffffffffff aaaabbbb-0000-cccc-1111-dddd2222eeee Contoso User ffffffff-5555-6666-7777-aaaaaaaaaaaa aaaabbbb-0000-cccc-1111-dddd2222eeee Contoso User dddddddd-3333-4444-5555-eeeeeeeeeeee aaaabbbb-0000-cccc-1111-dddd2222eeee Contoso User</dev:code> <dev:remarks> <maml:para>This command returns a list of SKUs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2: Gets a list of SKUs by TenantId ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraAccountSku -TenantId 'aaaabbbb-0000-cccc-1111-dddd2222eeee' Id AccountId AccountName AppliesTo -- --------- ----------- ------- eeeeeeee-4444-5555-6666-ffffffffffff aaaabbbb-0000-cccc-1111-dddd2222eeee Contoso User ffffffff-5555-6666-7777-aaaaaaaaaaaa aaaabbbb-0000-cccc-1111-dddd2222eeee Contoso User dddddddd-3333-4444-5555-eeeeeeeeeeee aaaabbbb-0000-cccc-1111-dddd2222eeee Contoso User</dev:code> <dev:remarks> <maml:para>This command returns a list of SKUs for a tenant.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraAccountSku</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraAdministrativeUnit</command:name> <command:verb>Get</command:verb> <command:noun>EntraAdministrativeUnit</command:noun> <maml:description> <maml:para>Gets an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraAdministrativeUnit` cmdlet gets a Microsoft Entra ID administrative unit.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraAdministrativeUnit</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter filters which objects are returned.</maml:para> <maml:para>For more information about OData v4.0 filter expressions, see <https://msdn.microsoft.com/library/hh169248%28v=nav.90%29.aspx></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraAdministrativeUnit</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter filters which objects are returned.</maml:para> <maml:para>For more information about OData v4.0 filter expressions, see <https://msdn.microsoft.com/library/hh169248%28v=nav.90%29.aspx></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Get all administrative units -----------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnit Id OdataType Description DisplayName -- --------- ----------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Dynamic AU testing in CORP tenant DAU-Test bbbbbbbb-1111-2222-3333-cccccccccccc SOC Retention cccccccc-2222-3333-4444-dddddddddddd Container AU for restricted object control DSR RMAU dddddddd-3333-4444-5555-eeeeeeeeeeee Use to contain Personnel-managed project groups Personnel Projects</dev:code> <dev:remarks> <maml:para>This command gets all the administrative units.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Get all administrative units using '-All' parameter</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnit -All Id OdataType Description DisplayName -- --------- ----------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Dynamic AU testing in CORP tenant DAU-Test bbbbbbbb-1111-2222-3333-cccccccccccc SOC Retention cccccccc-2222-3333-4444-dddddddddddd Container AU for restricted object control DSR RMAU dddddddd-3333-4444-5555-eeeeeeeeeeee Use to contain Personnel-managed project groups Personnel Projects</dev:code> <dev:remarks> <maml:para>This command gets all the administrative units.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 3: Get a specific administrative unit --------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnit -Id aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Id OdataType Description DisplayName -- --------- ----------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Dynamic AU testing in CORP tenant DAU-Test</dev:code> <dev:remarks> <maml:para>This example returns the details of the specified administrative unit.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 4: Get administrative units filter by display name --</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnit -Filter "DisplayName eq 'DAU-Test'" Id OdataType Description DisplayName -- --------- ----------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Dynamic AU testing in CORP tenant DAU-Test</dev:code> <dev:remarks> <maml:para>This example list of administrative units containing display name with the specified name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 5: Get top one administrative unit ----------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnit -Top 1 Id OdataType Description DisplayName -- --------- ----------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Dynamic AU testing in CORP tenant DAU-Test</dev:code> <dev:remarks> <maml:para>This example returns the specified top administrative units.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraAdministrativeUnit</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraAdministrativeUnitMember</command:name> <command:verb>Get</command:verb> <command:noun>EntraAdministrativeUnitMember</command:noun> <maml:description> <maml:para>Gets a member of an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraAdministrativeUnitMember cmdlet gets a member of a Microsoft Entra ID administrative unit.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraAdministrativeUnitMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Get an administrative unit member by ID ------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnitMember -Id 'ffffffff-5555-6666-7777-aaaaaaaaaaaa' Id OdataType -- --------- bbbbbbbb-7777-8888-9999-cccccccccccc #microsoft.graph.user cccccccc-8888-9999-0000-dddddddddddd #microsoft.graph.user dddddddd-9999-0000-1111-eeeeeeeeeeee #microsoft.graph.user</dev:code> <dev:remarks> <maml:para>This example returns the list of administrative unit members from specified administrative unit ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Get all administrative unit members by ID -----</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnitMember -Id 'ffffffff-5555-6666-7777-aaaaaaaaaaaa' -All Id OdataType -- --------- bbbbbbbb-7777-8888-9999-cccccccccccc #microsoft.graph.user cccccccc-8888-9999-0000-dddddddddddd #microsoft.graph.user dddddddd-9999-0000-1111-eeeeeeeeeeee #microsoft.graph.user</dev:code> <dev:remarks> <maml:para>This example returns the list of administrative unit members from specified administrative unit ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 3: Get top two administrative unit members by ID ---</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' Get-EntraAdministrativeUnitMember -Id 'ffffffff-5555-6666-7777-aaaaaaaaaaaa' -Top 2 Id OdataType -- --------- bbbbbbbb-7777-8888-9999-cccccccccccc #microsoft.graph.user cccccccc-8888-9999-0000-dddddddddddd #microsoft.graph.user</dev:code> <dev:remarks> <maml:para>This example returns top specified administrative unit members from specified administrative unit ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraAdministrativeUnitMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraAdministrativeUnitMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraAdministrativeUnitMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplication</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplication</command:noun> <maml:description> <maml:para>Gets an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraApplication` cmdlet gets a Microsoft Entra ID application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Get an application by ObjectId ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplication -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- ToGraph_443democc3c aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve specific application by providing ID. This command gets an application for the specified ObjectId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 2: Get all applications ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplication -All DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- test app aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADandPersonalMicrosoftAccount contoso.com ToGraph_443DEM cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.com test adms eeeeeeee-6666-7777-8888-ffffffffffff ffffffff-7777-8888-9999-gggggggggggg AzureADandPersonalMicrosoftAccount contoso.com test adms app azure gggggggg-8888-9999-aaaa-hhhhhhhhhhhh hhhhhhhh-9999-aaaa-bbbb-iiiiiiiiiiii AzureADandPersonalMicrosoftAccount contoso.com test adms2 iiiiiiii-aaaa-bbbb-cccc-jjjjjjjjjjjj jjjjjjjj-bbbb-cccc-dddd-kkkkkkkkkkkk AzureADandPersonalMicrosoftAccount contoso.com</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get all applications from Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Get applications with expiring secrets ------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplication | Where-Object { $_.PasswordCredentials.keyId -ne $null -and $_.PasswordCredentials.EndDateTime -lt (Get-Date).AddDays(30) } | ForEach-Object { $_.DisplayName, $_.Id, $_.PasswordCredentials } CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- AppOne 8/19/2024 9:00:00 PM 1jQ aaaaaaaa-0b0b-1c1c-2d2d-333333333333 8/6/2024 6:07:47 PM</dev:code> <dev:remarks> <maml:para>This example retrieves applications with expiring secrets within 30 days.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 4: Get an application by display name --------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplication -Filter "DisplayName eq 'ToGraph_443DEMO'" DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- ToGraph_443DEMO cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>In this example, we retrieve application by its display name from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 5: Search among retrieved applications --------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplication -SearchString 'My new application 2' DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- My new application 2 kkkkkkkk-cccc-dddd-eeee-llllllllllll llllllll-dddd-eeee-ffff-mmmmmmmmmmmm AzureADandPersonalMicrosoftAccount contoso.com</dev:code> <dev:remarks> <maml:para>This cmdlet gets all applications that match the value of SearchString against the first characters in DisplayName.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 6: Retrieve an application by identifierUris -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplication -Filter "identifierUris/any(uri:uri eq 'http://wingtips.wingtiptoysonline.com')"</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve applications by its identifierUris from Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplication</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationExtensionProperty</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationExtensionProperty</command:noun> <maml:description> <maml:para>Gets application extension properties.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraApplicationExtensionProperty` cmdlet gets application extension properties in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationExtensionProperty</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get extension properties -------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplicationExtensionProperty -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' ObjectId Name TargetObjects -------- ---- ------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb extension_36ee4c6c081240a2b820b22ebd02bce3_NewAttribute {}</dev:code> <dev:remarks> <maml:para>This command gets the extension properties for the specified application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationExtensionProperty</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplicationExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationKeyCredential</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationKeyCredential</command:noun> <maml:description> <maml:para>Gets the key credentials for an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraApplicationKeyCredential` cmdlet retrieves the key credentials for an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID for which to get key credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID for which to get key credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Get key credentials ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $application = Get-EntraApplication -Filter "DisplayName eq 'Contoso Helpdesk Application'" Get-EntraApplicationKeyCredential -ObjectId $application.ObjectId CustomKeyIdentifier DisplayName EndDateTime Key KeyId StartDateTime Type Usage ------------------- ----------- ----------- --- ----- ------------- ---- ----- {116, 101, 115, 116…} MyApp Cert 6/27/2024 11:49:17 AM bbbbbbbb-1c1c-2d2d-3e3e-444444444444 6/27/2023 11:29:17 AM AsymmetricX509Cert Verify</dev:code> <dev:remarks> <maml:para>This command gets the key credentials for the specified application.</maml:para> <maml:para>`-ObjectId` parameter specifies the ID of an application object in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationKeyCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplicationKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationLogo</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationLogo</command:noun> <maml:description> <maml:para>Retrieve the logo of an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraApplicationLogo cmdlet retrieves the logo that is set for an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationLogo</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FileName</maml:name> <maml:description> <maml:para>If provided, the application logo is saved to the file using the specified file name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>If provided, the application logo is saved to the specified file path using a random file name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The ObjectID of the application for which the logo is to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>View</maml:name> <maml:description> <maml:para>If set to $true, displays the application logo in a new window.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FileName</maml:name> <maml:description> <maml:para>If provided, the application logo is saved to the file using the specified file name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>If provided, the application logo is saved to the specified file path using a random file name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The ObjectID of the application for which the logo is to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>View</maml:name> <maml:description> <maml:para>If set to $true, displays the application logo in a new window.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Boolean</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Get-EntraApplicationLogo -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' Tag : PhysicalDimension : {Width=279, Height=390} Size : {Width=279, Height=390} Width : 279 Height : 390 HorizontalResolution : 96 VerticalResolution : 96 Flags : 77840 RawFormat : [ImageFormat: b96b3cae-0728-11d3-9d7b-0000f81ef32e] PixelFormat : Format24bppRgb Palette : System.Drawing.Imaging.ColorPalette FrameDimensionsList : {7462dc86-6180-4c7e-8e3f-ee7333a7a483} PropertyIdList : {274, 305, 306, 36867...} PropertyItems : {274, 305, 306, 36867...}</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve the application logo for an application that is specified through the Object ID parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationLogo</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraApplicationLogo</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationOwner</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationOwner</command:noun> <maml:description> <maml:para>Gets the owner of an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraApplicationOwner` cmdlet gets an owner of a Microsoft Entra application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationOwner</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Get the owner of an application ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission Get-EntraApplicationOwner -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {adelev@contoso.com} preferredLanguage : mail : AdeleV@contoso.com securityIdentifier : S-1-12-1-2222222222-3333333333-4444444444-5555555555 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=AdeleV@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName :</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get the owners of an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 2: Get all owners of an application ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission Get-EntraApplicationOwner -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {adelev@contoso.com} preferredLanguage : mail : AdeleV@contoso.com securityIdentifier : S-1-12-1-2222222222-3333333333-4444444444-5555555555 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=AdeleV@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName :</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get the all owners of a specified application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 3: Get top two owners of an application -------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission Get-EntraApplicationOwner -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 2 ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {adelev@contoso.com} preferredLanguage : mail : AdeleV@contoso.com securityIdentifier : S-1-12-1-2222222222-3333333333-4444444444-5555555555 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=AdeleV@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName :</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get the two owners of a specified application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraApplicationOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationPasswordCredential</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationPasswordCredential</command:noun> <maml:description> <maml:para>Gets the password credential for an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraApplicationPasswordCredential` cmdlet gets the password credentials for a Microsoft Entra ID application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationPasswordCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The objectID of the application for which to get the password credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The objectID of the application for which to get the password credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Get password credential for specified application -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' New-EntraApplicationPasswordCredential -ObjectId aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- {116, 101, 115, 116} 11/24/2024 6:28:39 AM 123 bbbbbbbb-1111-2222-3333-cccccccccccc 11/24/2023 6:28:39 AM</dev:code> <dev:remarks> <maml:para>This command gets the password credential for specified application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationPasswordCredential</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyApplication</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyApplication</command:noun> <maml:description> <maml:para>The Get-EntraApplicationProxyApplication cmdlet retrieves an application configured for Application Proxy in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraApplicationProxyApplication cmdlet retrieves an application configured for Application Proxy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyApplication</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>This is the unique application Id of the application. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to AAD, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>This is the unique application Id of the application. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to AAD, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyApplication -ObjectId 8d6c6684-6f8c-42e2-8914-32ed2adf9ccf ExternalAuthenticationType : AadPreAuthentication ApplicationServerTimeout : Default ExternalUrl : https://travel.cycles.adventure-works.com/ InternalUrl : https://awcyclesapps.adventure-works.com:3000/ IsTranslateHostHeaderEnabled : False IsTranslateLinksInBodyEnabled : False IsOnPremPublishingEnabled : True VerifiedCustomDomainCertificatesMetadata : class OnPremisesPublishingVerifiedCustomDomainCertificatesMetadataObject { Thumbprint: [XXXXX] SubjectName: [XXXXX] Issuer: IssueDate: 11/9/2017 5:54:29 ExpiryDate: 11/9/2019 5:54:29 } VerifiedCustomDomainKeyCredential : VerifiedCustomDomainPasswordCredential : SingleSignOnSettings :</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyApplication</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyApplicationConnectorGroup</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyApplicationConnectorGroup</command:noun> <maml:description> <maml:para>The Get-EntraApplicationProxyApplicationConnectorGroup cmdlet retrieves the connector group assigned for a specific application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraApplicationProxyApplicationConnectorGroup cmdlet retrieves the connector group assigned for the specified application. The application must be configured for Application Proxy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyApplicationConnectorGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>ObjectId is the ID of the application. This can be found using the Get-EntraApplication (Get-EntraApplication.md)command. You can also find this in the Microsoft Portal by navigating to Microsoft Entra ID, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>ObjectId is the ID of the application. This can be found using the Get-EntraApplication (Get-EntraApplication.md)command. You can also find this in the Microsoft Portal by navigating to Microsoft Entra ID, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Retrieve application connector group by ID ----</maml:title> <dev:code>PS C:\WINDOWS\system32> Get-EntraApplicationProxyApplicationConnectorGroup -ObjectId "8d6c6684-6f8c-42e2-8914-32ed2adf9ccf"</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve specific application connector group by providing ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyApplicationConnectorGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyConnector</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyConnector</command:noun> <maml:description> <maml:para>The Get-EntraApplicationProxyConnector cmdlet a list of all connectors, or if specified, details of a specific connector.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The cmdlet retrieves the details for a given conneGet-EntraApplicationProxyConnectorctor. If no connectorId is specified, it retrieves all the connectors assigned to the tenant.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnector</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnector</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the specific connector. You can find ID by running the command without this parameter to get the desired ID, or by going into the portal and viewing connector details.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnector</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the specific connector. You can find ID by running the command without this parameter to get the desired ID, or by going into the portal and viewing connector details.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Retrieve connectors. ---------------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnector Id MachineName ExternalIp Status -- ----------- ---------- ------ 4c8b06e7-9751-41d5-8e5e-48e9b9bc2c66 AWCyclesApps.adventure-works.com 52.165.149.115 active 834c5dd6-f2e8-47ae-973a-9fc769289b3d AWCyclesAD.adventure-works.com 52.165.149.131 active</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all connectors.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 2: Retrieve connectors with ID parameter -------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnector -Id 4c8b06e7-9751-41d5-8e5e-48e9b9bc2c66 Id MachineName ExternalIp Status -- ----------- ---------- ------ 4c8b06e7-9751-41d5-8e5e-48e9b9bc2c66 AWCyclesApps.adventure-works.com 52.165.149.115 active</dev:code> <dev:remarks> <maml:para>This example demonstrates how to Retrieve information for a specific connector.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyConnector</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyConnectorGroup</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyConnectorGroup</command:noun> <maml:description> <maml:para>The Get-EntraApplicationProxyConnectorGroup cmdlet retrieves a list of all connector groups, or if specified, details of a specific connector group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraApplicationProxyConnectorGroup cmdlet retrieves a list of all connector groups, or if specified, details of the specified connector group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnectorGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnectorGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the specific connector group. You can find this by running the command without this parameter to get the desired ID, or by going into the portal and viewing connector group details.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnectorGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies the search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the specific connector group. You can find this by running the command without this parameter to get the desired ID, or by going into the portal and viewing connector group details.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies the search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Retrieve all connector groups -----------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnectorGroup Id Name ConnectorGroupType IsDefault -- ---- ------------------ --------- 1a0bc41a-8663-4da3-934c-214640663a33 Default applicationProxy True 68348ab6-4cc5-4c8c-a0f0-7a43db2f4ff6 Guest Applications applicationProxy False a39b9095-8dc8-4d3a-86c3-e7b5c3f0fb84 Application Servers applicationProxy False</dev:code> <dev:remarks> <maml:para>This command retrieves all connector groups.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Retrieve a specific connector group --------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnectorGroup -Id a39b9095-8dc8-4d3a-86c3-e7b5c3f0fb84 Id Name ConnectorGroupType IsDefault -- ---- ------------------ --------- a39b9095-8dc8-4d3a-86c3-e7b5c3f0fb84 Application Servers applicationProxy False</dev:code> <dev:remarks> <maml:para>This command retrieves a specific connector group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyConnectorGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyConnectorGroupMember.</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyConnectorGroupMember.</command:noun> <maml:description> <maml:para>Get members from applicationProxyConnectorGroup.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Get members from applicationProxyConnectorGroup.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnectorGroupMember.</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System. Nullable`1[[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System. Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Get members from applicationProxyConnectorGroup --</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnectorGroupMember -Id 87ffe1e2-6313-4a22-93eb-da1eb8a2bf8d Name Value ---- ----- id 147bd8b4-2134-4454-8f2a-1da81cf27917 externalIp 3.7.211.5 machineName PERE-VARSHAM-FULLSTAK version 1.5.3437.0 status active</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyConnectorGroupMember</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyConnectorGroupMembers</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyConnectorGroupMembers</command:noun> <maml:description> <maml:para>The Get-EntraApplicationProxyConnectorGroupMembers get all the Application Proxy connectors associated with the given connector group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraApplicationProxyConnectorGroupMembers gets all the Application Proxy connectors associated with the given connector group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnectorGroupMembers</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the Connector group. This can be found by running the Get-EntraApplicationProxyConnectorGroup command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the Connector group. This can be found by running the Get-EntraApplicationProxyConnectorGroup command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Show all the connectors in the group -------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnectorGroupMembers -Id ba07e273-6b9e-4567-afe4-efddac32509d Id MachineName ExternalIp Status -- ----------- ---------- ------ 969eddd2-ad11-47ca-92ba-4442b9901edf vm-test-010 13.93.84.164 active ea4a4b91-aace-4e8b-b81a-b2f6429a477e test-vm-conn1 52.18.9.115 active</dev:code> <dev:remarks> <maml:para>The output of this command, showing all the connectors in the group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyConnectorGroupMembers</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationProxyConnectorMemberOf.</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationProxyConnectorMemberOf.</command:noun> <maml:description> <maml:para>The Get-EntraApplicationProxyConnectorMemberOf command gets the ConnectorGroup that the specified Connector is a member of.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraApplicationProxyConnectorMemberOf command gets the ConnectorGroup that the specified Connector is a member of. If no group is assigned to the connector, by default it is in 'Default.'</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationProxyConnectorMemberOf.</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the connector. You can find ID by running Get-EntraApplicationProxyConnector.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the connector. You can find ID by running Get-EntraApplicationProxyConnector.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Gets the ConnectorGroup --------------</maml:title> <dev:code>PS C:\> Get-EntraApplicationProxyConnectorMemberOf -Id 4c8b06e7-9751-41d5-8e5e-48e9b9bc2c66 Id Name ConnectorGroupType IsDefault -- ---- ------------------ --------- a39b9095-8dc8-4d3a-86c3-e7b5c3f0fb84 Application Servers applicationProxy False</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the ConnectorGroup that the specified Connector is a member of.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationProxyConnectorMemberOf</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraApplicationServiceEndpoint</command:name> <command:verb>Get</command:verb> <command:noun>EntraApplicationServiceEndpoint</command:noun> <maml:description> <maml:para>Retrieve the service endpoint of an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet retrieves the service endpoint(s) of an application. The service endpoint entity contains service discovery information. The serviceEndpoints property of the Application entity is of type ServiceEndpoint. Other services can use the information stored in the ServiceEndpoint entity to find this service and its addressable endpoints.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraApplicationServiceEndpoint</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>Return all service endpoints.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of the application for which the service endpoint is retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of results that are returned. The default is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>Return all service endpoints.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of the application for which the service endpoint is retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of results that are returned. The default is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Retrieve the application service endpoint by ID --</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplicationServiceEndpoint -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve service endpoint of the application that is specified through the Object ID parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 2: Get all service endpoints -------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplicationServiceEndpoint -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all service endpoints of a specified application.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Get top five service endpoints ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraApplicationServiceEndpoint -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 5</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve five service endpoints of a specified application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraApplicationServiceEndpoint</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraAttributeSet</command:name> <command:verb>Get</command:verb> <command:noun>EntraAttributeSet</command:noun> <maml:description> <maml:para>Gets a list of attribute sets.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraAttributeSet` cmdlet gets a list of Microsoft Entra ID attribute sets.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the necessary permissions. The supported roles for this operation are:</maml:para> <maml:para>- Attribute Assignment Reader</maml:para> <maml:para>- Attribute Definition Reader</maml:para> <maml:para>- Attribute Assignment Administrator</maml:para> <maml:para>- Attribute Definition Administrator</maml:para> <maml:para></maml:para> <maml:para>By default, other administrator roles cannot read, define, or assign custom security attributes.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraAttributeSet</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get an all attribute sets -------------</maml:title> <dev:code>Connect-Entra -Scopes 'CustomSecAttributeDefinition.Read.All' Get-EntraAttributeSet Id Description MaxAttributesPerSet -- ----------- ------------------- Engineering Attributes for cloud engineering team 25 HR Attributes for HR team 15 Hackathon Hackathon attribute set 20</dev:code> <dev:remarks> <maml:para>This example Get all attribute sets.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 2: Get an attribute sets ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'CustomSecAttributeDefinition.Read.All' Get-EntraAttributeSet -Id 'Engineering' Id Description MaxAttributesPerSet -- ----------- ------------------- Engineering Attributes for cloud engineering team 25</dev:code> <dev:remarks> <maml:para>This example gets an attribute set.</maml:para> <maml:para>- Attribute set: `Engineering`</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraAttributeSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraAttributeSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraAttributeSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraAuthorizationPolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraAuthorizationPolicy</command:noun> <maml:description> <maml:para>Gets an authorization policy, which represents a policy that can control Microsoft Entra ID authorization settings.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraAuthorizationPolicy cmdlet gets a Microsoft Entra ID authorization policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraAuthorizationPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get an authorization policy by ID ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraAuthorizationPolicy DeletedDateTime Description DisplayName Id AllowEmailVerifiedUsersToJoinOrganization AllowInvitesFrom AllowUserConsentForRiskyApps AllowedToSig nUpEmailBase dSubscriptio ns --------------- ----------- ----------- -- ----------------------------------------- ---------------- ---------------------------- ------------ test Authorization Policies authorizationPolicy True everyone False</dev:code> <dev:remarks> <maml:para>This command gets the Microsoft Entra ID authorization policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraAuthorizationPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraAuthorizationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraConditionalAccessPolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraConditionalAccessPolicy</command:noun> <maml:description> <maml:para>Gets a Microsoft Entra ID conditional access policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to get the Microsoft Entra ID conditional access policy. Conditional access policies are custom rules that define an access scenario.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraConditionalAccessPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieves a list of all conditional access policies in Microsoft Entra ID</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraConditionalAccessPolicy Id CreatedDateTime Description DisplayName ModifiedDateTime State TemplateId -- --------------- ----------- ----------- ---------------- ----- ---------- eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM ConditionalAccessPolicy 2/29/2024 2:41:17 PM disabled ffffffff-5555-6666-7777-aaaaaaaaaaaa 2/27/2024 6:26:00 AM ConditionalAccessPolicy 2/29/2024 2:41:34 PM disabled aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb 2/27/2024 6:30:48 AM ConditionalAccessPolicy 2/29/2024 2:43:53 PM disabled</dev:code> <dev:remarks> <maml:para>This command retrieves a list of all conditional access policies in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieves a conditional access policy in Microsoft Entra ID with given ID</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraConditionalAccessPolicy -PolicyId 'eeeeeeee-4444-5555-6666-ffffffffffff' Id CreatedDateTime Description DisplayName ModifiedDateTime State TemplateId -- --------------- ----------- ----------- ---------------- ----- ---------- eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM ConditionalAccessPolicy 2/29/2024 2:41:17 PM disabled</dev:code> <dev:remarks> <maml:para>This command retrieves the conditional access policy in Microsoft Entra ID specified by the `-PolicyID`.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraConditionalAccessPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContact</command:name> <command:verb>Get</command:verb> <command:noun>EntraContact</command:noun> <maml:description> <maml:para>Gets a contact from Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraContact` cmdlet gets a contact from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContact</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraContact</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Retrieve all contact objects in the directory ---</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContact ObjectId Mail DisplayName -------- ---- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb contact@contoso.com Contoso Contact bbbbbbbb-1111-2222-3333-cccccccccccc contact1@contoso.com Contoso Contact1 cccccccc-2222-3333-4444-dddddddddddd contact2@contoso.com Contoso Contact2</dev:code> <dev:remarks> <maml:para>This command retrieves all contact objects in the directory. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Retrieve specific contact object in the directory -</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContact -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' ObjectId Mail DisplayName -------- ---- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb contact@contoso.com Contoso Contact</dev:code> <dev:remarks> <maml:para>This command retrieves specified contact in the directory. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 3: Retrieve all contacts objects in the directory --</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContact -All ObjectId Mail DisplayName -------- ---- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb contact@contoso.com Contoso Contact bbbbbbbb-1111-2222-3333-cccccccccccc contact1@contoso.com Contoso Contact1 cccccccc-2222-3333-4444-dddddddddddd contact2@contoso.com Contoso Contact2</dev:code> <dev:remarks> <maml:para>This command retrieves all the contacts in the directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title> Example 4: Retrieve top two contacts objects in the directory </maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContact -Top 2 ObjectId Mail DisplayName -------- ---- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb contact@contoso.com Contoso Contact bbbbbbbb-1111-2222-3333-cccccccccccc contact1@contoso.com Contoso Contact1</dev:code> <dev:remarks> <maml:para>This command retrieves top two contacts in the directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: Retrieve all contacts objects in the directory filter by DisplayName</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContact -Filter "DisplayName eq 'Contoso Contact'" ObjectId Mail DisplayName -------- ---- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb contact@contoso.com Contoso Contact bbbbbbbb-1111-2222-3333-cccccccccccc contact1@contoso.com Contoso Contact1</dev:code> <dev:remarks> <maml:para>This command retrieves contacts having the specified display name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContact</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraContact</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContactDirectReport</command:name> <command:verb>Get</command:verb> <command:noun>EntraContactDirectReport</command:noun> <maml:description> <maml:para>Get the direct reports for a contact.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraContactDirectReport` cmdlet gets the direct reports for an organizational contact.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContactDirectReport</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Get the direct reports of a contact --------</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' $Contact = Get-EntraContact -Top 1 Get-EntraContactDirectReport -ObjectId $Contact.ObjectId</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve direct reports for an organizational contact.</maml:para> <maml:para>You can use `Get-EntraContact` cmdlet to retrieve an organizational contact.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContactDirectReport</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraContact</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContactManager</command:name> <command:verb>Get</command:verb> <command:noun>EntraContactManager</command:noun> <maml:description> <maml:para>Gets the manager of a contact.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraContactManager` cmdlet gets the manager of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContactManager</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Get the manager of a contact -----------</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' $Contact = Get-EntraContact -Top 1 Get-EntraContactManager -ObjectId $Contact.ObjectId</dev:code> <dev:remarks> <maml:para>The example demonstrates how to retrieve the manager of a contact.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContactManager</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraContact</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContactMembership</command:name> <command:verb>Get</command:verb> <command:noun>EntraContactMembership</command:noun> <maml:description> <maml:para>Get a contact membership.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraContactMembership` cmdlet gets a contact membership in Microsoft Entra ID.</maml:para> <maml:para>This command is useful to administrators who need to understand which groups, roles, or administrative units a particular contact belongs to. This can be important for troubleshooting access issues, auditing memberships, and ensuring that contact memberships are correctly configured.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContactMembership</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get the memberships of a contact ---------</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' $Contact = Get-EntraContact -Top 1 Get-EntraContactMembership -ObjectId $Contact.ObjectId Id DeletedDateTime -- --------------- ffffffff-5555-6666-7777-aaaaaaaaaaaa aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb bbbbbbbb-7777-8888-9999-cccccccccccc</dev:code> <dev:remarks> <maml:para>This command gets all the memberships for specified contact.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 2: Get all memberships of a contact ---------</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContactMembership -ObjectId 'dddddddd-3333-4444-5555-eeeeeeeeeeee' -All Id DeletedDateTime -- --------------- ffffffff-5555-6666-7777-aaaaaaaaaaaa aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb bbbbbbbb-7777-8888-9999-cccccccccccc</dev:code> <dev:remarks> <maml:para>This command gets all the memberships for specified contact.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 3: Get top two memberships of a contact -------</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' Get-EntraContactMembership -ObjectId 'dddddddd-3333-4444-5555-eeeeeeeeeeee' -Top 2 Id DeletedDateTime -- --------------- ffffffff-5555-6666-7777-aaaaaaaaaaaa aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb</dev:code> <dev:remarks> <maml:para>This command gets top two memberships for specified contact.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContactMembership</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraContact</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContactThumbnailPhoto</command:name> <command:verb>Get</command:verb> <command:noun>EntraContactThumbnailPhoto</command:noun> <maml:description> <maml:para>Retrieves the thumbnail photo of a contact.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves the thumbnail photo of a contact.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContactThumbnailPhoto</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FileName</maml:name> <maml:description> <maml:para>When provided, the cmdlet writes a copy of the thumbnail photo to this filename.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>When provided, the cmdlet writes a copy of the thumbnail photo to this file path using a random filename.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the contact for which the thumbnail photo is retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>View</maml:name> <maml:description> <maml:para>If this parameter value is set to $True, display the retrieved thumbnail photo in a new window.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FileName</maml:name> <maml:description> <maml:para>When provided, the cmdlet writes a copy of the thumbnail photo to this filename.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>When provided, the cmdlet writes a copy of the thumbnail photo to this file path using a random filename.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the contact for which the thumbnail photo is retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>View</maml:name> <maml:description> <maml:para>If this parameter value is set to $True, display the retrieved thumbnail photo in a new window.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Boolean</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get the memberships of a contact ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Contacts.Read' Get-EntraContactThumbnailPhoto -ObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc' Tag : PhysicalDimension : {Width=279, Height=390} Size : {Width=279, Height=390} Width : 279 Height : 390 HorizontalResolution : 96 VerticalResolution : 96 Flags : 77840 RawFormat : [ImageFormat: aaaa0000-bb11-2222-33cc-444444dddddd] PixelFormat : Format24bppRgb Palette : System.Drawing.Imaging.ColorPalette FrameDimensionsList : {eeee4444-ff55-6666-77aa-888888bbbbbb} PropertyIdList : {274, 305, 306, 36867...} PropertyItems : {274, 305, 306, 36867...}</dev:code> <dev:remarks> <maml:para>This example retrieves the thumbnail photo of the contact object specified with the object ID parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContactThumbnailPhoto</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContext</command:name> <command:verb>Get</command:verb> <command:noun>EntraContext</command:noun> <maml:description> <maml:para>`Get-EntraContext` is used to retrieve the details about your current session.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>`Get-EntraContext` is used to retrieve the details about your current session, which include: - ClientID</maml:para> <maml:para>- TenantID</maml:para> <maml:para>- Certificate Thumbprint</maml:para> <maml:para>- Scopes consented to</maml:para> <maml:para>- AuthType: Delegated or app-only</maml:para> <maml:para>- AuthProviderType</maml:para> <maml:para>- CertificateName</maml:para> <maml:para>- Account</maml:para> <maml:para>- AppName</maml:para> <maml:para>- ContextScope</maml:para> <maml:para>- Certificate</maml:para> <maml:para>- PSHostVersion</maml:para> <maml:para>- ClientTimeOut.</maml:para> <maml:para></maml:para> <maml:para>`Get-EntraCurrentSessionInfo` is an alias for `Get-EntraContext`.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContext</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ProgressAction</maml:name> <maml:description> <maml:para></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Get the current session --------------</maml:title> <dev:code>Get-EntraContext ClientId : 11112222-bbbb-3333-cccc-4444dddd5555 TenantId : aaaabbbb-0000-cccc-1111-dddd2222eeee CertificateThumbprint : Scopes : {User.ReadWrite.All,...} AuthType : Delegated AuthProviderType : InteractiveAuthenticationProvider CertificateName : Account : SawyerM@Contoso.com AppName : Microsoft Graph PowerShell ContextScope : CurrentUser Certificate : PSHostVersion : 5.1.17763.1 ClientTimeout : 00:05:00</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the details of the current session.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Get the current session scopes ----------</maml:title> <dev:code>Get-EntraContext | Select -ExpandProperty Scopes AppRoleAssignment.ReadWrite.All Directory.AccessAsUser.All Directory.ReadWrite.All EntitlementManagement.ReadWrite.All Group.ReadWrite.All openid Organization.Read.All profile RoleManagement.ReadWrite.Directory User.Read User.ReadWrite.All</dev:code> <dev:remarks> <maml:para>Retrieves all scopes.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContext</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraContract</command:name> <command:verb>Get</command:verb> <command:noun>EntraContract</command:noun> <maml:description> <maml:para>Gets a contract.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraContract` cmdlet gets a contract information associated to a partner tenant.</maml:para> <maml:para>The contract object contains the following attributes:</maml:para> <maml:para>- `contractType` - type of the contract.</maml:para> <maml:para>Possible values are: ++ "SyndicationPartner", which indicates a partner that exclusively resells and manages O365 and Intune for this customer. They resell and support their customers. ++ "BreadthPartner", which indicates that the partner has the ability to provide administrative support for this customer. However the partner isn't allowed to resell to the customer. ++ "ResellerPartner", which indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners.</maml:para> <maml:para>- `customerContextId` - unique identifier for the customer tenant referenced by this partnership.</maml:para> <maml:para>Corresponds to the ObjectId property of the customer tenant's TenantDetail object.</maml:para> <maml:para>- `defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes.</maml:para> <maml:para>- `deletionTimestamp` - this property isn't valid for contracts and always returns null.</maml:para> <maml:para>- `displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes.</maml:para> <maml:para>- `objectType` - a string that identifies the object type. The value is always `Contract`.</maml:para> <maml:para>- `ObjectId` - the unique identifier for the partnership.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraContract</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraContract</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contract.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a contract.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------------- Example 1: Get all contracts -----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraContract</dev:code> <dev:remarks> <maml:para>This command gets all contracts in the Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraContract</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDeletedApplication</command:name> <command:verb>Get</command:verb> <command:noun>EntraDeletedApplication</command:noun> <maml:description> <maml:para>Retrieves the list of previously deleted applications.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves the list of previously deleted applications.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDeletedApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Retrieve only those deleted applications that satisfy the filter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of applications returned by this cmdlet. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDeletedApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Retrieve only those applications that satisfy the -SearchString value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> <maml:para></maml:para> <maml:para>Type: System.Management.Automation.SwitchParameter</maml:para> <maml:para>Parameter Sets: (All)</maml:para> <maml:para>Aliases:</maml:para> <maml:para></maml:para> <maml:para>Required: False</maml:para> <maml:para>Position: Named</maml:para> <maml:para>Default value: False</maml:para> <maml:para>Accept pipeline input: False</maml:para> <maml:para>Accept wildcard characters: False</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Retrieve only those deleted applications that satisfy the filter.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Retrieve only those applications that satisfy the -SearchString value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of applications returned by this cmdlet. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get list of deleted applications ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraDeletedApplication DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com TestApp2 cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.com TestApp3 eeeeeeee-6666-7777-8888-ffffffffffff ffffffff-7777-8888-9999-gggggggggggg AzureADMyOrg contoso.com TestApp4 gggggggg-8888-9999-aaaa-hhhhhhhhhhhh hhhhhhhh-9999-aaaa-bbbb-iiiiiiiiiiii AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves the list of deleted applications. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Get list of deleted applications using All parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraDeletedApplication -All DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com TestApp2 cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.com TestApp3 eeeeeeee-6666-7777-8888-ffffffffffff ffffffff-7777-8888-9999-gggggggggggg AzureADMyOrg contoso.com TestApp4 gggggggg-8888-9999-aaaa-hhhhhhhhhhhh hhhhhhhh-9999-aaaa-bbbb-iiiiiiiiiiii AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves the list of deleted applications using All parameter. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 3: Get top two deleted applications ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraDeletedApplication -Top 2 DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com TestApp2 cccccccc-4444-5555-6666-dddddddddddd dddddddd-5555-6666-7777-eeeeeeeeeeee AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves top two deleted applications.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Get deleted applications using SearchString parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraDeletedApplication -SearchString 'TestApp1' DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves deleted applications using SearchString parameter. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 5: Get deleted applications filter by display name --</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraDeletedApplication -Filter "DisplayName contains 'TestApp1'" DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- TestApp1 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves deleted applications having specified display name. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDeletedApplication</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDeletedDirectoryObject</command:name> <command:verb>Get</command:verb> <command:noun>EntraDeletedDirectoryObject</command:noun> <maml:description> <maml:para>This cmdlet is used to retrieve a soft deleted directory object from the directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to retrieve a soft deleted directory object from the directory. Soft delete for groups is currently only implemented for Unified Groups (also known as Office 365 Groups).</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDeletedDirectoryObject</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the directory object to retrieve.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the directory object to retrieve.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Retrieve a deleted directory object. -------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All', 'Application.Read.All','Group.Read.All','User.Read.All' Get-EntraDeletedDirectoryObject -Id 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Id DeletedDateTime -- --------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 2/2/2024 5:33:56 AM</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve the deleted directory object with `Id` `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` from the directory</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDeletedDirectoryObject</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDeletedGroup</command:name> <command:verb>Get</command:verb> <command:noun>EntraDeletedGroup</command:noun> <maml:description> <maml:para>This cmdlet is used to retrieve the soft deleted groups in a directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to retrieve the soft deleted groups in a directory. When a group is deleted, it's initially soft deleted and can be recovered during the first 30 days after deletion. After 30 days the group is permanently deleted and can no longer be recovered. Soft delete is currently only implemented for Unified Groups (also known as Office 365 Groups).</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDeletedGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDeletedGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the deleted group to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDeletedGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the deleted group to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Get deleted groups in the directory --------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.Read.All' Get-EntraDeletedGroup DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- test21 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb test21 desc1 {Unified, DynamicMembership} test22 bbbbbbbb-1111-2222-3333-cccccccccccc test22 desc2 {Unified, DynamicMembership} test23 cccccccc-2222-3333-4444-dddddddddddd test23 desc3 {Unified, DynamicMembership} test24 dddddddd-3333-4444-5555-eeeeeeeeeeee test24 desc4 {Unified, DynamicMembership}</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves all recoverable deleted groups in the directory. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Get deleted groups in the directory using All parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Group.Read.All' Get-EntraDeletedGroup -All DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- test21 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb test21 desc1 {Unified, DynamicMembership} test22 bbbbbbbb-1111-2222-3333-cccccccccccc test22 desc2 {Unified, DynamicMembership} test23 cccccccc-2222-3333-4444-dddddddddddd test23 desc3 {Unified, DynamicMembership} test24 dddddddd-3333-4444-5555-eeeeeeeeeeee test24 desc4 {Unified, DynamicMembership}</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves all recoverable deleted groups in the directory, using All parameter. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 3: Get top two deleted groups ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.Read.All' Get-EntraDeletedGroup -Top 2 DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- test21 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb test21 desc1 {Unified, DynamicMembership} test22 bbbbbbbb-1111-2222-3333-cccccccccccc test22 desc2 {Unified, DynamicMembership}</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves top two deleted groups in the directory. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 4: Get deleted groups containing string 'test2' ---</maml:title> <dev:code>Connect-Entra -Scopes 'Group.Read.All' Get-EntraDeletedGroup -SearchString 'test2' DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- test21 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb test21 desc1 {Unified, DynamicMembership} test22 bbbbbbbb-1111-2222-3333-cccccccccccc test22 desc2 {Unified, DynamicMembership} test23 cccccccc-2222-3333-4444-dddddddddddd test23 desc3 {Unified, DynamicMembership} test24 dddddddd-3333-4444-5555-eeeeeeeeeeee test24 desc4 {Unified, DynamicMembership}</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves deleted groups in the directory, containing the specified string. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 5: Get deleted groups filter by display name -----</maml:title> <dev:code>Connect-Entra -Scopes 'Group.Read.All' Get-EntraDeletedGroup -Filter "displayname eq 'test21'" DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- test21 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb test21 desc1 {Unified, DynamicMembership}</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves deleted groups in the directory, having the specified display name. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 6: Get deleted group by Id --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.Read.All' Get-EntraDeletedGroup -Id "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb" DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- test21 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb test21 desc1 {Unified, DynamicMembership}</dev:code> <dev:remarks> <maml:para>This cmdlet retrieves the deleted group specified by `-Id`. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDeletedGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDevice</command:name> <command:verb>Get</command:verb> <command:noun>EntraDevice</command:noun> <maml:description> <maml:para>Gets a device from Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraDevice cmdlet gets a device from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDevice</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies the OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDevice</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDevice</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies the OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Get a device by ID ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDevice -ObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc' DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership --------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve specific device by providing ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------------ Example 2: Get all devices ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDevice DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership --------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData cccccccc-2222-3333-4444-dddddddddddd True eeeeeeee-4444-5555-6666-ffffffffffff MetaData</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all devices from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------------- Example 3: Get top two devices ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDevice -Top 2 DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership --------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData cccccccc-2222-3333-4444-dddddddddddd True eeeeeeee-4444-5555-6666-ffffffffffff MetaData</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve top two devices from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 4: Get a device by display name -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDevice -Filter "DisplayName eq 'Woodgrove Desktop'" DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership --------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve device by display name from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 5: Get a device by display name -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDevice -Filter "startsWith(DisplayName,'Woodgrove')" DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership --------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all the devices whose display name starts with Woodgrove from Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 6: Search among retrieved devices ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDevice -SearchString 'DESKTOP' DeletedDateTime Id AccountEnabled ApproximateLastSignInDateTime ComplianceExpirationDateTime DeviceCategory DeviceId DeviceMetadata DeviceOwnership --------------- -- -------------- ----------------------------- ---------------------------- -------------- -------- -------------- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc True eeeeeeee-4444-5555-6666-ffffffffffff MetaData</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve devices by search string from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDevice</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDeviceRegisteredOwner</command:name> <command:verb>Get</command:verb> <command:noun>EntraDeviceRegisteredOwner</command:noun> <maml:description> <maml:para>Gets the registered owner of a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDeviceRegisteredOwner` cmdlet gets the registered owner of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDeviceRegisteredOwner</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Retrieve the registered owner of a device -----</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' $DevId = (Get-EntraDevice -Top 1).ObjectId Get-EntraDeviceRegisteredOwner -ObjectId $DevId ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Maria Sullivan maria@contoso.com Member</dev:code> <dev:remarks> <maml:para>This example shows how to find the registered owner of a device.</maml:para> <maml:para>- The first command gets the object ID of a device by using the Get-EntraDevice (./Get-EntraDevice.md)cmdlet, and then stores it in the `$DevId` variable. - The second command gets the registered owner of the device in `$DevId`.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Retrieve the registered owner of a device -----</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDeviceRegisteredOwner -ObjectId bbbbbbbb-1111-2222-3333-cccccccccccc ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Maria Sullivan maria@contoso.com Member cccccccc-2222-3333-4444-dddddddddddd Parker McLean parker@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command gets the registered owner of a device.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 3: Retrieve all the registered owners of a device --</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDeviceRegisteredOwner -ObjectId bbbbbbbb-1111-2222-3333-cccccccccccc -All ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Maria Sullivan maria@contoso.com Member cccccccc-2222-3333-4444-dddddddddddd Parker McLean parker@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command retrieves all the registered owners of a device.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 4: Retrieve top one registered owner of a device ---</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDeviceRegisteredOwner -ObjectId bbbbbbbb-1111-2222-3333-cccccccccccc -Top 1 ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Maria Sullivan maria@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command retrieves top one registered owner of a device.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraDeviceRegisteredOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDeviceRegisteredOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDeviceRegisteredUser</command:name> <command:verb>Get</command:verb> <command:noun>EntraDeviceRegisteredUser</command:noun> <maml:description> <maml:para>Gets a registered user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDeviceRegisteredUser` cmdlet gets a registered user for a Microsoft Entra ID device.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDeviceRegisteredUser</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID of a device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID of a device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Retrieve the registered user of a device -----</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' $DevId = (Get-EntraDevice -Top 1).ObjectId Get-EntraDeviceRegisteredUser -ObjectId $DevId ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {} preferredLanguage : mail : admin@contoso.onmicrosoft.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.onmicrosoft.com; issuerAssignedId=admin@contoso.onmicrosoft.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve registered user for a specific Microsoft Entra ID device.</maml:para> <maml:para>- The first command gets the object ID of a device by using the Get-EntraDevice (./Get-EntraDevice.md) cmdlet, and then stores it in the `$DevId` variable.</maml:para> <maml:para>- The second command gets the registered users of the device in `$DevId`.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 2: Get all registered users of a device -------</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDeviceRegisteredUser -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {} preferredLanguage : mail : admin@contoso.onmicrosoft.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.onmicrosoft.com; issuerAssignedId=admin@contoso.onmicrosoft.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all registered users for a specified device.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 3: Get top two registered users of a device -----</maml:title> <dev:code>Connect-Entra -Scopes 'Device.Read.All' Get-EntraDeviceRegisteredUser -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 2 ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {} preferredLanguage : mail : admin@contoso.onmicrosoft.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.onmicrosoft.com; issuerAssignedId=admin@contoso.onmicrosoft.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve top two registered users for the specified device.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDeviceRegisteredUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraDeviceRegisteredUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDeviceRegisteredUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirectoryRole</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirectoryRole</command:noun> <maml:description> <maml:para>Gets a directory role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirectoryRole` cmdlet gets a directory role from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirectoryRole</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraDirectoryRole</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Get a directory role by ID ------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraDirectoryRole -ObjectId '019ea7a2-1613-47c9-81cb-20ba35b1ae48' ObjectId DisplayName Description -------- ----------- ----------- 019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator Company Administrator role has full access to perform any operation in the company scope.</dev:code> <dev:remarks> <maml:para>This command gets the specified directory role.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 2: Get all directory roles --------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraDirectoryRole ObjectId DisplayName Description -------- ----------- ----------- 019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator Company Administrator role has full access to perform any operation in the company scope. 2b3a80bc-51a4-476d-8e09-cd8b6cdde5ea Directory Writers Allows access read tasks and a subset of write tasks in the directory. 526b7173-5a6e-49dc-88ec-b677a9093709 User Account Administrator User Account Administrator has access to perform common user management related tasks. 542f5aef-b23f-4e34-a838-6f2b9205b3d6 Directory Synchronization Accounts Directory Synchronization Accounts 68239fa3-6b01-4396-aeb4-6af38a1b6abf Directory Readers Allows access to various read only tasks in the directory. 8c6a5c45-e93e-4f2b-81be-b57ad4c43ddd Privileged Role Administrator Privileged Role Administrator has access to perform common role management related tasks. 8f8a1cf4-d535-4ccd-8552-7267c7ee0a88 Helpdesk Administrator Helpdesk Administrator has access to perform common helpdesk related tasks. b89a48d4-7595-48d0-bb36-69fe4b220668 Device Administrators Device Administrators d96eb2b3-0970-4827-8f26-6008efd86511 Security Administrator Security Administrator allows ability to read and manage security configuration and reports.</dev:code> <dev:remarks> <maml:para>This command gets all the directory roles.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Get a directory role filter by ObjectId ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraDirectoryRole -Filter "ObjectId eq '019ea7a2-1613-47c9-81cb-20ba35b1ae48'" ObjectId DisplayName Description -------- ----------- ----------- 019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator Company Administrator role has full access to perform any operation in the company scope.</dev:code> <dev:remarks> <maml:para>This command gets the directory role by ObjectId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 4: Get a directory role filter by displayName ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraDirectoryRole -Filter "displayName eq 'Company Administrator'" ObjectId DisplayName Description -------- ----------- ----------- 019ea7a2-1613-47c9-81cb-20ba35b1ae48 Company Administrator Company Administrator role has full access to perform any operation in the company scope.</dev:code> <dev:remarks> <maml:para>This command gets the directory role by display name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDirectoryRole</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Enable-EntraDirectoryRole</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirectoryRoleMember</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirectoryRoleMember</command:noun> <maml:description> <maml:para>Gets members of a directory role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirectoryRoleMember` cmdlet retrieves the members of a directory role in Microsoft Entra ID. To obtain the members of a specific directory role, specify the `ObjectId`. Use the `Get-EntraDirectoryRole` cmdlet to get the `ObjectId` value.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Get members by role ID --------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraDirectoryRoleMember -ObjectId '1d73e796-aac5-4b3a-b7e7-74a3d1926a85' Id DeletedDateTime -- --------------- bbbbbbbb-7777-8888-9999-cccccccccccc</dev:code> <dev:remarks> <maml:para>This command demonstrates how to get the members of the specified role.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDirectoryRoleMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraDirectoryRoleMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDirectoryRoleMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirectoryRoleTemplate</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirectoryRoleTemplate</command:noun> <maml:description> <maml:para>Gets directory role templates.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirectoryRoleTemplate` cmdlet gets directory role templates in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirectoryRoleTemplate</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Get role templates ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraDirectoryRoleTemplate DeletedDateTime Id Description --------------- -- ----------- 62e90394-69f5-4237-9190-012177145e10 Can manage all aspects of Microsoft Entra ID and Microsoft services that use... 10dae51f-b6af-4016-8d66-8c2a99b929b3 Default role for guest users. Can read a limited set of directory information. 2af84b1e-32c8-42b7-82bc-daa82404023b Default role for guest users with restricted access. Can read a limited set of director... 95e79109-95c0-4d8e-aee3-d01accf2d47b Can invite guest users independent of the 'members can invite guests' setting. fe930be7-5e62-47db-91af-98c3a49a38b1 Can manage all aspects of users and groups, including resetting passwords for limited a... 729827e3-9c14-49f7-bb1b-9608f156bbb8 Can reset passwords for non-administrators and Helpdesk Administrators. f023fd81-a637-4b56-95fd-791ac0226033 Can read service health information and manage support tickets. b0f54661-2d74-4c50-afa3-1ec803f12efe Can perform common billing related tasks like updating payment information.</dev:code> <dev:remarks> <maml:para>This command gets the role templates in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDirectoryRoleTemplate</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirSyncConfiguration</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirSyncConfiguration</command:noun> <maml:description> <maml:para>Gets the directory synchronization settings.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirSyncConfiguration` cmdlet gets the directory synchronization settings.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirSyncConfiguration</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then it defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then it defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Nullable`1[[System.Guid, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Get directory synchronization settings ------</maml:title> <dev:code>Get-EntraDirSyncConfiguration AccidentalDeletionThreshold DeletionPreventionType --------------------------- ---------------------- 500 enabledForCount</dev:code> <dev:remarks> <maml:para>This command gets directory synchronization settings.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title> Example 2: Get directory synchronization settings by TenantId </maml:title> <dev:code>Get-EntraDirSyncConfiguration -TenantId 'aaaabbbb-0000-cccc-1111-dddd2222eeee' AccidentalDeletionThreshold DeletionPreventionType --------------------------- ---------------------- 500 enabledForCount</dev:code> <dev:remarks> <maml:para>This command gets directory synchronization settings by TenantId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDirSyncConfiguration</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDirSyncConfiguration</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDirSyncfeature</command:name> <command:verb>Get</command:verb> <command:noun>EntraDirSyncfeature</command:noun> <maml:description> <maml:para>Used to check the status of identity synchronization features for a tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDirSyncfeature` cmdlet checks the status of identity synchronization features for a tenant.</maml:para> <maml:para>Features that can be used with this cmdlet include:</maml:para> <maml:para>- DeviceWriteback - DirectoryExtensions - DuplicateProxyAddressResiliency - DuplicateUPNResiliency - EnableSoftMatchOnUpn - PasswordSync - SynchronizeUpnForManagedUsers - UnifiedGroupWriteback - UserWriteback The cmdlet can be run without specifying any features, in which case it returns a list of all features and their enabled or disabled status.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDirSyncfeature</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Feature</maml:name> <maml:description> <maml:para>The DirSync feature to get the status of.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Feature</maml:name> <maml:description> <maml:para>The DirSync feature to get the status of.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>EXAMPLE 1: Return a list of all possible DirSync features and whether they're enabled (True) or disabled (False)</maml:title> <dev:code>Connect-Entra -Scopes 'OnPremDirectorySynchronization.Read.All' Get-EntraDirSyncfeature Enabled DirSyncFeature ------- -------------- False BlockCloudObjectTakeoverThroughHardMatch False BlockSoftMatch False BypassDirSyncOverrides False CloudPasswordPolicyForPasswordSyncedUsers False ConcurrentCredentialUpdate True ConcurrentOrgIdProvisioning False DeviceWriteback False DirectoryExtensions False FopeConflictResolution False GroupWriteBack False PasswordSync False PasswordWriteback True QuarantineUponProxyAddressesConflict True QuarantineUponUpnConflict True SoftMatchOnUpn True SynchronizeUpnForManagedUsers False UnifiedGroupWriteback False UserForcePasswordChangeOnLogon False UserWriteback</dev:code> <dev:remarks> <maml:para>This command returns a list of all possible DirSync features and whether they're enabled (True) or disabled (False).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>EXAMPLE 2: Return whether PasswordSync is enabled for the tenant (True) or disabled (False)</maml:title> <dev:code>Connect-Entra -Scopes 'OnPremDirectorySynchronization.Read.All' Get-EntraDirSyncfeature -Feature PasswordSync Enabled DirSyncFeature ------- -------------- False PasswordSync</dev:code> <dev:remarks> <maml:para>This command returns whether PasswordSync is enabled for the tenant (True) or disabled (False).</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDirSyncfeature</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDirSyncFeature</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDomain</command:name> <command:verb>Get</command:verb> <command:noun>EntraDomain</command:noun> <maml:description> <maml:para>Gets a domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDomain` cmdlet gets a domain in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDomain</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of a domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Get a list of Domains that are created ------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraDomain Id AuthenticationType AvailabilityStatus IsAdminManaged IsDefault IsInitial IsRoot IsVerified Manufacturer Model PasswordNotificationWindowInDays PasswordValidityPeriodInDays SupportedServices -- ------------------ ------------------ -------------- --------- --------- ------ ---------- ------------ ----- -------------------------------- ---------------------------- ----------------- TEST22.com Managed True False False False False {} test26.com Managed True False False False False {} test25.com Managed True False False False False {}</dev:code> <dev:remarks> <maml:para>This command retrieves a list of domains.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 2: Get a specific Domain ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraDomain -Name TEST22.com Id AuthenticationType AvailabilityStatus IsAdminManaged IsDefault IsInitial IsRoot IsVerified Manufacturer Model PasswordNotificationWindowInDays PasswordValidityPeriodInDays SupportedServices -- ------------------ ------------------ -------------- --------- --------- ------ ---------- ------------ ----- -------------------------------- ---------------------------- ----------------- TEST22.com Managed True False False False False {}</dev:code> <dev:remarks> <maml:para>This command retrieves a domain with the specified name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDomain</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Confirm-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDomainFederationSettings</command:name> <command:verb>Get</command:verb> <command:noun>EntraDomainFederationSettings</command:noun> <maml:description> <maml:para>Gets key settings for a federated domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDomainFederationSettings` cmdlet gets key settings from Microsoft Entra ID.</maml:para> <maml:para>Use the Get-EntraFederationProperty (./Get-EntraFederationProperty.md)cmdlet to get settings for both Microsoft Entra ID and the Entra ID Federation Services server.</maml:para> <maml:para>For delegated scenarios, the calling user must be assigned at least one of the following Microsoft Entra roles:</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Security Reader</maml:para> <maml:para>- Domain Name Administrator</maml:para> <maml:para>- External Identity Provider Administrator</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> <maml:para>- Security Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDomainFederationSettings</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The fully qualified domain name to retrieve.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The fully qualified domain name to retrieve.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Guid</command:parameterValue> <dev:type> <maml:name>System.Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Online.Administration.DomainFederationSettings</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>This cmdlet returns the following settings</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>ActiveLogOnUri</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>FederationBrandName</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>IssuerUri</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>LogOffUri</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>MetadataExchangeUri</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>NextSigningCertificate</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>PassiveLogOnUri</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>SigningCertificate</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- EXAMPLE 1: Get federation settings for specified domain ---</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraDomainFederationSettings -DomainName contoso.com</dev:code> <dev:remarks> <maml:para>This command gets federation settings for specified domain.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDomainFederationSettings</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDomainNameReference</command:name> <command:verb>Get</command:verb> <command:noun>EntraDomainNameReference</command:noun> <maml:description> <maml:para>This cmdlet retrieves the objects that are referenced with a given domain name.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraDomainNameReference` cmdlet retrieves the objects that are referenced with a given domain name.</maml:para> <maml:para>The work or school account needs to belong to at least the Domain Name Administrator or Global Reader Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDomainNameReference</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The name of the domain name for which the referenced objects are retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The name of the domain name for which the referenced objects are retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve the domain name reference objects for a domain</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraDomainNameReference -Name contoso.com ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {} preferredLanguage : mail : Hood@contoso.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=Hood@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {} department : jobTitle : proxyAddresses : {SMTP:Hood@contoso.com}</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve the domain name reference objects for a domain that is specified through the -Name parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDomainNameReference</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDomainServiceConfigurationRecord</command:name> <command:verb>Get</command:verb> <command:noun>EntraDomainServiceConfigurationRecord</command:noun> <maml:description> <maml:para>Gets the domain's service configuration records from the `serviceConfigurationRecords` navigation property.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Gets the domain's service configuration records from the `serviceConfigurationRecords` navigation property.</maml:para> <maml:para>After you have successfully verified the ownership of a domain and you have indicated what services you plan to use with the domain, you can request Microsoft Entra ID to return you a set of DNS records which you need to add to the zone file of the domain so that the services can work properly with your domain.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDomainServiceConfigurationRecord</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The name of the domain for which the domain service configuration records are to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The name of the domain for which the domain service configuration records are to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve domain service configuration records by name</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraDomainServiceConfigurationRecord -name test.mail.contoso.com Id IsOptional Label RecordType SupportedService Ttl -- ---------- ----- ---------- ---------------- --- aaaa0000-bb11-2222-33cc-444444dddddd False test.mail.contoso.com Mx Email 3600 bbbb1111-cc22-3333-44dd-555555eeeeee False test.mail.contoso.com Txt Email 3600 cccc2222-dd33-4444-55ee-666666ffffff False autodiscover.test.mail.contoso.com CName Email 3600 dddd3333-ee44-5555-66ff-777777aaaaaa False msoid.test.mail.contoso.com CName OrgIdAuthentication 3600 eeee4444-ff55-6666-77aa-888888bbbbbb False enterpriseregistration.test.mail.contoso.com CName Intune 3600 ffff5555-aa66-7777-88bb-999999cccccc False enterpriseenrollment.test.mail.contoso.com CName Intune 3600</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve the Domain service configuration records for a domain with the given name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDomainServiceConfigurationRecord</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraDomainVerificationDnsRecord</command:name> <command:verb>Get</command:verb> <command:noun>EntraDomainVerificationDnsRecord</command:noun> <maml:description> <maml:para>Retrieve the domain verification DNS record for a domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Gets the domain's verification records from the `verificationDnsRecords` navigation property.</maml:para> <maml:para>You can't use the domain with your Microsoft Entra ID tenant until you have successfully verified that you own the domain.</maml:para> <maml:para>To verify the ownership of the domain, you need to first retrieve a set of domain verification records that you need to add to the zone file of the domain. This can be done through the domain registrar or DNS server configuration.</maml:para> <maml:para>Root domains require verification. For example, contoso.com requires verification. If a root domain is verified, subdomains of the root domain are automatically verified. For example, subdomain.contoso.com is automatically be verified if contoso.com has been verified.</maml:para> <maml:para>The work or school account needs to belong to at least the Domain Name Administrator or Global Reader Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraDomainVerificationDnsRecord</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The domain name for which the domain verification Domain Name System (DNS) records are to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The domain name for which the domain verification Domain Name System (DNS) records are to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Retrieve the domain verification DNS record ----</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraDomainVerificationDnsRecord -Name mail.contoso.com Id IsOptional Label RecordType SupportedService Ttl -- ---------- ----- ---------- ---------------- --- aaaa0000-bb11-2222-33cc-444444dddddd False mail.contoso.com Txt Email 3600 bbbb1111-cc22-3333-44dd-555555eeeeee False mail.contoso.com Mx Email 3600</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve the Domain verification DNS records for a domain with the given name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraDomainVerificationDnsRecord</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraEnvironment</command:name> <command:verb>Get</command:verb> <command:noun>EntraEnvironment</command:noun> <maml:description> <maml:para>Gets global public Environments.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>When you use `Connect-Entra`, you can choose to target other environments. By default, `Connect-Entra` targets the global public cloud.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraEnvironment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of an environment</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false"></command:parameterValue> <dev:type> <maml:name></maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Get a list of public cloud environments ------</maml:title> <dev:code>Get-EntraEnvironment Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- Global https://login.microsoftonline.com https://graph.microsoft.com Built-in China https://login.chinacloudapi.cn https://microsoftgraph.chinacloudapi.cn Built-in USGovDoD https://login.microsoftonline.us https://dod-graph.microsoft.us Built-in USGov https://login.microsoftonline.us https://graph.microsoft.us Built-in Germany https://login.microsoftonline.de https://graph.microsoft.de Built-in Canary https://login.microsoftonline.com https://canary.graph.microsoft.com User-defined</dev:code> <dev:remarks> <maml:para>This command retrieves a list of global public Environments.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Get a specific environment created --------</maml:title> <dev:code>Get-EntraEnvironment -Name 'Global' Name AzureADEndpoint GraphEndpoint Type ---- --------------- ------------- ---- Global https://login.microsoftonline.com https://graph.microsoft.com Built-in</dev:code> <dev:remarks> <maml:para>This command retrieves an environment with the specified name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraEnvironment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraEnvironment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraExtensionProperty</command:name> <command:verb>Get</command:verb> <command:noun>EntraExtensionProperty</command:noun> <maml:description> <maml:para>Gets extension properties registered with Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraExtensionProperty cmdlet gets a collection that contains the extension properties registered with Microsoft Entra ID through Microsoft Entra ID Connect.</maml:para> <maml:para>You can get extension properties that are synced with on-premises Microsoft Entra ID that aren't synced with on-premises Microsoft Entra ID or both types.</maml:para> <maml:para>This command returns all directory extension definitions that have been registered in a directory, including through multi-tenant apps. The following entities support extension properties:</maml:para> <maml:para>- User</maml:para> <maml:para>- Group</maml:para> <maml:para>- AdministrativeUnit</maml:para> <maml:para>- Application</maml:para> <maml:para>- Device</maml:para> <maml:para>- Organization</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraExtensionProperty</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsSyncedFromOnPremises</maml:name> <maml:description> <maml:para>Specifies whether this cmdlet gets extension properties that are synced or not synced.</maml:para> <maml:para>- `$True` - get extension properties that are synced from the on-premises Microsoft Entra ID.</maml:para> <maml:para>- `$False` - get extension properties that aren't synced from the on-premises Microsoft Entra ID.</maml:para> <maml:para>- `No value` - get all extension properties (both synced and non-synced).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsSyncedFromOnPremises</maml:name> <maml:description> <maml:para>Specifies whether this cmdlet gets extension properties that are synced or not synced.</maml:para> <maml:para>- `$True` - get extension properties that are synced from the on-premises Microsoft Entra ID.</maml:para> <maml:para>- `$False` - get extension properties that aren't synced from the on-premises Microsoft Entra ID.</maml:para> <maml:para>- `No value` - get all extension properties (both synced and non-synced).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Get extension properties synced from on-premises Microsoft Entra ID</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraExtensionProperty -IsSyncedFromOnPremises $True DeletedDateTime Id AppDisplayName DataType IsMultiValued IsSyncedFromOnPremises Name TargetObjects --------------- -- -------------- -------- ------------- ---------------------- ---- ------------- aaaabbbb-0000-cccc-1111-dddd2222eeee Tenant Schema Extension App String False True extension_aaaabbbb-0000-cccc-1111-dddd2222eeee_extensionAttribute1 {User}</dev:code> <dev:remarks> <maml:para>This command gets extension properties that have sync from on-premises Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraExtensionProperty</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraFederationProperty</command:name> <command:verb>Get</command:verb> <command:noun>EntraFederationProperty</command:noun> <maml:description> <maml:para>Displays the properties of the Microsoft Entra ID Federation Services 2.0 server and Microsoft Online.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraFederationProperty` cmdlet gets key settings from both the Microsoft Entra ID Federation Services 2.0 server and Microsoft Online.</maml:para> <maml:para>You can use this information to troubleshoot authentication problems caused by mismatched settings between the Microsoft Entra ID Federation Services 2.0 server and Microsoft Online.</maml:para> <maml:para>For delegated scenarios, the calling user must be assigned at least one of the following Microsoft Entra roles:</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Security Reader</maml:para> <maml:para>- Domain Name Administrator</maml:para> <maml:para>- External Identity Provider Administrator</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> <maml:para>- Security Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraFederationProperty</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The domain name for which the properties from both the Microsoft Entra ID Federation Services 2.0 server and Microsoft Online are displayed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The domain name for which the properties from both the Microsoft Entra ID Federation Services 2.0 server and Microsoft Online are displayed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Display properties for specified domain ------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraFederationProperty -DomainName contoso.com</dev:code> <dev:remarks> <maml:para>This command displays properties for specified domain.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraFederationProperty</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraGroup</command:name> <command:verb>Get</command:verb> <command:noun>EntraGroup</command:noun> <maml:description> <maml:para>Gets a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraGroup cmdlet gets a group in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a group in Microsoft Entra ID (ObjectId)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a group in Microsoft Entra ID (ObjectId)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Get all groups ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroup ObjectId DisplayName Description -------- ----------- ----------- hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq Contoso Group Contoso Group pppppppp-4444-0000-8888-yyyyyyyyyyyy Crimson Eagle Crimson Eagle Group tttttttt-0000-3333-9999-mmmmmmmmmmmm Bold Falcon Bold Falcon Group</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get all groups from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Get a specific group by using an ObjectId -----</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroup -ObjectId 'pppppppp-4444-0000-8888-yyyyyyyyyyyy' DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- Crimson Eagle pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneaglegroup Crimson Eagle Group {Unified}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve specific group by providing ID. This command gets information for the group that has the specified ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------------- Example 3: Get top five groups ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroup -Top 5 DisplayName Id MailNickname Description ----------- -- ------------ ----------- Contoso Group hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq contosogroup Contoso Group Crimson Eagle pppppppp-4444-0000-8888-yyyyyyyyyyyy crimsoneagle Crimson Eagle Group Bold Falcon tttttttt-0000-3333-9999-mmmmmmmmmmmm boldfalcon Bold Falcon Group Azure Panda qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh azurepanda Azure Panda Misty Fox kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn mistyfox Misty Fox Group</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get top five groups from Microsoft Entra ID. This command gets the five groups in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 4: Get a group by DisplayName ------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroup -Filter "DisplayName eq 'Azure Panda'" DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- Azure Panda qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh azurepanda Azure Panda {Unified}</dev:code> <dev:remarks> <maml:para>In this example, we retrieve group by display name from Microsoft Entra ID. This command gets the specified group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 5: Get groups that contain a search string ------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroup -SearchString 'New' DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- New Sparkling Deer bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq newsparklingdeer New Sparkling Deer Group {Unified} New Golden Fox xxxxxxxx-8888-5555-9999-bbbbbbbbbbbb newgoldenfox New Golden Fox {DynamicMembership}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve groups that include the text new in their display names from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraGroup</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraGroupAppRoleAssignment</command:name> <command:verb>Get</command:verb> <command:noun>EntraGroupAppRoleAssignment</command:noun> <maml:description> <maml:para>Gets a group application role assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraGroupAppRoleAssignment cmdlet gets a group application role assignment in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraGroupAppRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Retrieve application role assignments of a group -</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' $GroupId = (Get-EntraGroup -Top 1).ObjectId Get-EntraGroupAppRoleAssignment -ObjectId $GroupId ObjectId ResourceDisplayName PrincipalDisplayName -------- ------------------- -------------------- AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 Microsoft Resource One Ask HR BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 Microsoft Resource Two Ask HR CcDdEeFfGgHhIiJjKkLlMmNnOoPpQq3 Microsoft Resource Three Ask HR</dev:code> <dev:remarks> <maml:para>The first command gets the object ID of a group by using the Get-EntraGroup (./Get-EntraGroup.md)cmdlet. The command stores the ID in the $GroupId variable.</maml:para> <maml:para>The second command gets the application role assignments of the group in $GroupId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve all application role assignments of a group</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraGroupAppRoleAssignment -ObjectId 'ffffffffff-7777-9999-7777-vvvvvvvvvvv' -All ObjectId ResourceDisplayName PrincipalDisplayName -------- ------------------- -------------------- AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 Microsoft Resource One Ask HR BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 Microsoft Resource Two Ask HR CcDdEeFfGgHhIiJjKkLlMmNnOoPpQq3 Microsoft Resource Three Ask HR</dev:code> <dev:remarks> <maml:para>This command gets all application role assignments of the specified group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve top two application role assignments of a group</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraGroupAppRoleAssignment -ObjectId 'ffffffffff-7777-9999-7777-vvvvvvvvvvv' -Top 2 ObjectId ResourceDisplayName PrincipalDisplayName -------- ------------------- -------------------- AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 Microsoft Resource One Ask HR BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 Microsoft Resource Two Ask HR</dev:code> <dev:remarks> <maml:para>This command gets top two application role assignments of the specified group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraGroupAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroupAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraGroupLifecyclePolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraGroupLifecyclePolicy</command:noun> <maml:description> <maml:para>Retrieves the properties and relationships of a groupLifecyclePolicies object in Microsoft Entra ID. If you specify no parameters, this cmdlet gets all groupLifecyclePolicies.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraGroupLifecyclePolicy command retrieves the properties and relationships of a groupLifecyclePolicies object in Microsoft Entra ID. If you specify no parameters, this cmdlet gets all groupLifecyclePolicies.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraGroupLifecyclePolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a groupLifecyclePolicies object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a groupLifecyclePolicies object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Retrieve all groupLifecyclePolicies --------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraGroupLifecyclePolicy Id AlternateNotificationEmails GroupLifetimeInDays ManagedGroupTypes -- --------------------------- ------------------- ----------------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 admingroup@contoso.com 200 All</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the properties and relationships of all groupLifecyclePolicies in Microsoft Entra ID. This command retrieves the group expiration settings configured for the tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 2: Retrieve properties of an groupLifecyclePolicy --</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraGroupLifecyclePolicy -Id '1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5' Id AlternateNotificationEmails GroupLifetimeInDays ManagedGroupTypes -- --------------------------- ------------------- ----------------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 admingroup@contoso.com 200 All</dev:code> <dev:remarks> <maml:para>This command is used to retrieve a specific Microsoft Group Lifecycle Policy. The `-Id` parameter specifies the ID of the Lifecycle Policy to be retrieved.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraGroupLifecyclePolicy</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraGroupMember</command:name> <command:verb>Get</command:verb> <command:noun>EntraGroupMember</command:noun> <maml:description> <maml:para>Gets a member of a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraGroupMember` cmdlet retrieves a member of a group in Microsoft Entra ID. Specify `ObjectId` parameter to retrieve a member of a group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraGroupMember</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get a group member by ID -------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupMember -ObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc' Id DeletedDateTime -- --------------- 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 11bb11bb-cc22-dd33-ee44-55ff55ff55ff 22cc22cc-dd33-ee44-ff55-66aa66aa66aa 33dd33dd-ee44-ff55-aa66-77bb77bb77bb 44ee44ee-ff55-aa66-bb77-88cc88cc88cc</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve group member by ID.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 2: Get two group member ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupMember -ObjectId 'hhhhhhhh-8888-9999-8888-cccccccccccc' -Top 2 Id DeletedDateTime -- --------------- 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 11bb11bb-cc22-dd33-ee44-55ff55ff55ff</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve top two groups from Microsoft Entra ID. - `-ObjectId` Specifies the ID of a group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 3: Get all members within a group by group ID ----</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupMember -ObjectId 'tttttttt-0000-2222-0000-aaaaaaaaaaaa' -All Id DeletedDateTime -- --------------- 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 11bb11bb-cc22-dd33-ee44-55ff55ff55ff 22cc22cc-dd33-ee44-ff55-66aa66aa66aa 33dd33dd-ee44-ff55-aa66-77bb77bb77bb 44ee44ee-ff55-aa66-bb77-88cc88cc88cc</dev:code> <dev:remarks> <maml:para>This command is used to retrieve all members of a specific group. The `-ObjectId` parameter specifies the ID of the group whose members should be retrieved. The `-All` parameter indicates that all members of the group should be retrieved.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 4: Retrieve and Select Group Member Properties ----</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupMember -ObjectId 'tttttttt-0000-2222-0000-aaaaaaaaaaaa' | Select-Object DisplayName, '@odata.type' displayName @odata.type ----------- ----------- test1 #microsoft.graph.user test2 #microsoft.graph.user test2 #microsoft.graph.servicePrincipal test3 #microsoft.graph.servicePrincipal</dev:code> <dev:remarks> <maml:para>This example retrieves the members of a specified group by its `ObjectId` and selects only the `DisplayName` and `@odata.type` properties for each member.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraGroupMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraGroupMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraGroupOwner</command:name> <command:verb>Get</command:verb> <command:noun>EntraGroupOwner</command:noun> <maml:description> <maml:para>Gets an owner of a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraGroupOwner cmdlet gets an owner of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraGroupOwner</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Get a group owner by ID --------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupOwner -ObjectId 'vvvvvvvv-7777-9999-7777-jjjjjjjjjjjj' ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {HaydenL@contoso.com} preferredLanguage : en mail : HaydenL@contoso.com securityIdentifier : B-2-33-4-5555555555-6666666666-7777777-8888888888 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=HaydenL@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName :</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the owner of a specific group. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 2: Gets all group owners ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupOwner -ObjectId 'zzzzzzzz-6666-8888-9999-pppppppppppp' -All ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {BlakeM@contoso.com} preferredLanguage : en mail : BlakeM@contoso.com securityIdentifier : E-5-66-7-8888888888-9999999999-0000000-1111111111 identities : {System.Collections.Hashtable} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable...} department : jobTitle :</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the all owner of a specific group. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 3: Gets two group owners ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupOwner -ObjectId 'vvvvvvvv-8888-9999-0000-jjjjjjjjjjjj' -Top 2 ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {QuinnA@contoso.com} preferredLanguage : en mail : QuinnA@contoso.com securityIdentifier : D-4-55-6-7777777777-8888888888-9999999-0000000000 identities : {System.Collections.Hashtable} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable...} department : jobTitle : proxyAddresses : {SMTP:QuinnA@contoso.com} legalAgeGroupClassification : assignedPlans : {System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable...} id : tttttttt-0000-2222-0000-aaaaaaaaaaaa</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the top two owners of a specific group. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraGroupOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraGroupOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraGroupPermissionGrant</command:name> <command:verb>Get</command:verb> <command:noun>EntraGroupPermissionGrant</command:noun> <maml:description> <maml:para>Retrieves a list of permission grants that have been consented for this group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves a list of permission grants that have been consented for this group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraGroupPermissionGrant</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>string</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.GetMSGroupPermissionGrantsResponse</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: List existing permission grants for the group ---</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' Get-EntraGroupPermissionGrant -Id 'CcDdEeFfGgHhIiJjKkLlMmNnOoPpQq3' Id : CcDdEeFfGgHhIiJjKkLlMmNnOoPpQq3 ClientId : 00001111-aaaa-2222-bbbb-3333cccc4444 ClientAppId : 44445555-eeee-6666-ffff-7777aaaa8888 ResourceAppId : bbbb1111-cc22-3333-44dd-555555eeeeee PermissionType : Application Permission : Member.Read.Group</dev:code> <dev:remarks> <maml:para>This cmdlet list existing permission grants for the specified group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraGroupPermissionGrant</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraHasObjectsWithDirSyncProvisioningError</command:name> <command:verb>Get</command:verb> <command:noun>EntraHasObjectsWithDirSyncProvisioningError</command:noun> <maml:description> <maml:para>Returns whether Microsoft Entra ID has objects with DirSync provisioning error.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraHasObjectsWithDirSyncProvisioningError` returns whether Microsoft Entra ID has objects with DirSync provisioning error.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraHasObjectsWithDirSyncProvisioningError</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on.</maml:para> <maml:para>If this isn't provided then the value defaults to the tenant of the current user.</maml:para> <maml:para>This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on.</maml:para> <maml:para>If this isn't provided then the value defaults to the tenant of the current user.</maml:para> <maml:para>This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System. Nullable`1[[System.Guid, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Return whether Microsoft Entra ID has objects with DirSync provisioning error</maml:title> <dev:code>Get-EntraHasObjectsWithDirSyncProvisioningError False</dev:code> <dev:remarks> <maml:para>This command returns whether Microsoft Entra ID has objects with DirSync provisioning error.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraHasObjectsWithDirSyncProvisioningError</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraIdentityProvider</command:name> <command:verb>Get</command:verb> <command:noun>EntraIdentityProvider</command:noun> <maml:description> <maml:para>This cmdlet is used to retrieve the configured identity providers in the directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to retrieve the identity providers that are configured in the directory. These identity providers can be used to allow users to sign up for or sign into applications secured by Microsoft Entra ID B2C.</maml:para> <maml:para>Configuring an identity provider in your Microsoft Entra ID tenant also enables future B2B guest scenarios. For example, for an organization that has resources in Office 365 that need to be shared with a Gmail user, the Gmail user can use their Google account credentials to authenticate and access the documents.</maml:para> <maml:para>The current set of identity providers can be Microsoft, Google, Facebook, Amazon, or LinkedIn.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraIdentityProvider</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier for an identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier for an identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Retrieve all identity providers ----------</maml:title> <dev:code>Connect-Entra -Scopes 'IdentityProvider.Read.All' Get-EntraIdentityProvider Id DisplayName -- ----------- AADSignup-OAUTH Azure Active Directory Sign up Google-OAUTH Test EmailOtpSignup-OAUTH Email One Time Passcode MSASignup-OAUTH Microsoft Account</dev:code> <dev:remarks> <maml:para>This example retrieves the list of all configured identity providers and their properties.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 2: Retrieve identity provider by Id ---------</maml:title> <dev:code>Connect-Entra -Scopes 'IdentityProvider.Read.All' Get-EntraIdentityProvider -Id Google-OAUTH Id DisplayName -- ----------- Google-OAUTH Test</dev:code> <dev:remarks> <maml:para>This example retrieves the properties for the specified identity provider.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraIdentityProvider</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraLifecyclePolicyGroup</command:name> <command:verb>Get</command:verb> <command:noun>EntraLifecyclePolicyGroup</command:noun> <maml:description> <maml:para>Retrieves the lifecycle policy object to which a group belongs.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraLifecyclePolicyGroup retrieves the lifecycle policy object to which a group belongs.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraLifecyclePolicyGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Retrieve lifecycle policy object ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraLifecyclePolicyGroup -Id 'bbbbbbbb-1111-2222-3333-cccccccccccc' Id AlternateNotificationEmails GroupLifetimeInDays ManagedGroupTypes -- --------------------------- ------------------- ----------------- bbbbbbbb-1111-2222-3333-cccccccccccc admingroup@contoso.com 200 All</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve lifecycle policy object by Id in Microsoft Entra ID. This command retrieves the lifecycle policy object to which a group belongs.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraLifecyclePolicyGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraNamedLocationPolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraNamedLocationPolicy</command:noun> <maml:description> <maml:para>Gets a Microsoft Entra ID named location policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to get the Microsoft Entra ID named location policies.</maml:para> <maml:para>Named locations are custom rules that define network locations, which can then be used in a Conditional Access policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraNamedLocationPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieves a list of all named location policies in Microsoft Entra ID</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraNamedLocationPolicy Id CreatedDateTime DisplayName ModifiedDateTime -- --------------- ----------- ---------------- dddddddd-3333-4444-5555-eeeeeeeeeeee 3/1/2024 9:53:10 AM NamedLocation 3/1/2024 9:53:10 AM eeeeeeee-4444-5555-6666-ffffffffffff 3/4/2024 4:38:42 AM NamedLocation 3/4/2024 4:38:42 AM ffffffff-5555-6666-7777-aaaaaaaaaaaa 3/4/2024 4:39:42 AM NamedLocation 3/4/2024 4:39:42 AM aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb 3/4/2024 4:57:03 AM NamedLocation 3/4/2024 4:57:03 AM</dev:code> <dev:remarks> <maml:para>This command retrieves a list of all named location policies in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieves a named location policy in Microsoft Entra ID with given Id</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraNamedLocationPolicy -PolicyId 'dddddddd-3333-4444-5555-eeeeeeeeeeee' Id CreatedDateTime DisplayName ModifiedDateTime -- --------------- ----------- ---------------- dddddddd-3333-4444-5555-eeeeeeeeeeee 3/1/2024 9:53:10 AM NamedLocation 3/1/2024 9:53:10 AM</dev:code> <dev:remarks> <maml:para>This command retrieves a named location policy specified by the `-PolicyID` in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraNamedLocationPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraOAuth2PermissionGrant</command:name> <command:verb>Get</command:verb> <command:noun>EntraOAuth2PermissionGrant</command:noun> <maml:description> <maml:para>Gets OAuth2PermissionGrant entities.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraOAuth2PermissionGrant` cmdlet gets OAuth2PermissionGrant entities in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraOAuth2PermissionGrant</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get the OAuth2 permission grants ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraOAuth2PermissionGrant Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 User.Read H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 d3d3d3d3-eeee-ffff-aaaa-b4b4b4b4b4b4 ActivityFeed.Read ServiceHealth.Read</dev:code> <dev:remarks> <maml:para>This command gets the OAuth2 permission grants.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 2: Get All the OAuth2 permission grants -------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraOAuth2PermissionGrant -All Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 c2c2c2c2-dddd-eeee-ffff-a3a3a3a3a3a3 User.Read H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a 22223333-cccc-4444-dddd-5555eeee6666 Principal aaaaaaaa-bbbb-cccc-1111-222222222222 d3d3d3d3-eeee-ffff-aaaa-b4b4b4b4b4b4 ActivityFeed.Read ServiceHealth.Read</dev:code> <dev:remarks> <maml:para>This command gets all the OAuth2 permission grants.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 3: Get top 2 OAuth2 permission grants record -----</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraOAuth2PermissionGrant -Top 1 Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 User.ReadBasic.All C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2 User.Read</dev:code> <dev:remarks> <maml:para>This command gets top 2 OAuth2 permission grants records.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraOAuth2PermissionGrant</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraOAuth2PermissionGrant</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraObjectByObjectId</command:name> <command:verb>Get</command:verb> <command:noun>EntraObjectByObjectId</command:noun> <maml:description> <maml:para>Retrieves the objects specified by the ObjectIds parameter.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieves the objects specified by the ObjectIds parameter.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraObjectByObjectId</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ObjectIds</maml:name> <maml:description> <maml:para>One or more object IDs's, separated by commas, for which the objects are retrieved. The IDs are GUIDs, represented as strings. You can specify up to 1000 IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Types</maml:name> <maml:description> <maml:para>Specifies the type of objects that the cmdlet returns. If not specified, the default is directoryObject, which includes all resource types defined in the directory. You can specify any object derived from directoryObject in the collection, such as User, Group, and Device objects.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ObjectIds</maml:name> <maml:description> <maml:para>One or more object IDs's, separated by commas, for which the objects are retrieved. The IDs are GUIDs, represented as strings. You can specify up to 1000 IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Types</maml:name> <maml:description> <maml:para>Specifies the type of objects that the cmdlet returns. If not specified, the default is directoryObject, which includes all resource types defined in the directory. You can specify any object derived from directoryObject in the collection, such as User, Group, and Device objects.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Get an object One or more object IDs -------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraObjectByObjectId -ObjectIds aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb , bbbbbbbb-1111-2222-3333-cccccccccccc ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {admin@contoso.onmicrosoft.com} preferredLanguage : mail : admin@contoso.onmicrosoft.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.onmicrosoft.com; issuerAssignedId=admin@contoso.onmicrosoft.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {@{disabledPlans=System.Object[]; skuId=cccccccc-2222-3333-4444-dddddddddddd}, @{disabledPlans=System.Object[]; skuId=dddddddd-3333-4444-5555-eeeeeeeeeeee}, @{disabledPlans=System.Object[]; skuId=eeeeeeee-4444-5555-6666-ffffffffffff}} department : Engineering jobTitle : Product Manager</dev:code> <dev:remarks> <maml:para>This example two objects are retrieved (a DeviceConfiguration object and an Application object) as specified by the value of the ObjectIds parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 2: Get an object by types --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraObjectByObjectId -ObjectIds aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -Types User ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {admin@contoso.onmicrosoft.com} preferredLanguage : mail : admin@contoso.onmicrosoft.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.onmicrosoft.com; issuerAssignedId=admin@contoso.onmicrosoft.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {@{disabledPlans=System.Object[]; skuId=cccccccc-2222-3333-4444-dddddddddddd}, @{disabledPlans=System.Object[]; skuId=dddddddd-3333-4444-5555-eeeeeeeeeeee}, @{disabledPlans=System.Object[]; skuId=eeeeeeee-4444-5555-6666-ffffffffffff}} department : Engineering jobTitle : Product Manager</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve objects for a specified object type.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraObjectByObjectId</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraPartnerInformation</command:name> <command:verb>Get</command:verb> <command:noun>EntraPartnerInformation</command:noun> <maml:description> <maml:para>Retrieves company-level information for partners.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraBetaPartnerInformation cmdlet is used to retrieve partner-specific information. This cmdlet should only be used for partner tenants.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraPartnerInformation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided, then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided, then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Guid</command:parameterValue> <dev:type> <maml:name>Guid</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>The cmdlet returns the following company level information:</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- CompanyType: The type of this company (can be partner or regular tenant)</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- PartnerCompanyName: The name of the company</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- PartnerSupportTelephones: Support Telephone numbers for the partner.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- PartnerSupportEmails: Support E-Mail address for the partner.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- PartnerCommerceUrl: URL for the partner's commerce web site.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- PartnerSupportUrl: URL for the Partner's support website.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>- PartnerHelpUrl: URL for the partner's help web site.</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Retrieve partner information -----------</maml:title> <dev:code>PS C:\> Get-EntraPartnerInformation PartnerCompanyName : Contoso companyType : PartnerSupportTelephones : {12123, +1911} PartnerSupportEmails : {} PartnerHelpUrl : http://www.help.contoso.com PartnerCommerceUrl : ObjectID : d5aec55f-2d12-4442-8d2f-ccca95d4390e PartnerSupportUrl :</dev:code> <dev:remarks> <maml:para>This command retrieves partner-specific information.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraPartnerInformation</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraPasswordPolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraPasswordPolicy</command:noun> <maml:description> <maml:para>Retrieves the current password policy for the tenant or the specified domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraPasswordPolicy` cmdlet can be used to retrieve the values associated with the Password Expiry window or Password Expiry Notification window for a tenant or specified domain.</maml:para> <maml:para>When a domain name is specified, it must be a verified domain for the company.</maml:para> <maml:para>The work or school account needs to belong to one of the following Microsoft Entra roles:</maml:para> <maml:para>- Domain Name Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraPasswordPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The fully qualified name of the domain to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The fully qualified name of the domain to be retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- EXAMPLE 1: Get password policy for a specified domain ----</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.Read.All' Get-EntraPasswordPolicy -DomainName contoso.com NotificationDays ValidityPeriod ---------------- -------------- 90 180</dev:code> <dev:remarks> <maml:para>Returns the password policy for the domain contoso.com.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraPasswordPolicy</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraPermissionGrantConditionSet</command:name> <command:verb>Get</command:verb> <command:noun>EntraPermissionGrantConditionSet</command:noun> <maml:description> <maml:para>Get a Microsoft Entra ID permission grant condition set by id.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Get a Microsoft Entra ID permission grant condition set object by id.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraPermissionGrantConditionSet</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant condition set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant condition set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.PermissionGrantConditionSet</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Get all permission grant condition sets that are included in the permission grant policy</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.PermissionGrant' $params = @{ PolicyId = 'policy1' ConditionSetType = 'includes' } Get-EntraPermissionGrantConditionSet @params Id ClientApplicationIds ClientApplicationPublisherIds ClientApplicationTenantIds ClientApplicationsFromVerifiedPublisherOnly -- -------------------- ----------------------------- -------------------------- ------------------------------------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {00001111-aaaa-2222-bbbb-3333cccc4444} {all} {aaaabbbb-0000-cccc-1111-dddd2222eeee} True</dev:code> <dev:remarks> <maml:para>This command gets all permission grant condition sets that are included in the policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Get all permission grant condition sets that are excluded in the permission grant policy</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.PermissionGrant' $params = @{ PolicyId = 'policy1' ConditionSetType = 'excludes' } Get-EntraPermissionGrantConditionSet @params Id ClientApplicationIds ClientApplicationPublisherIds ClientApplicationTenantIds ClientApplicationsFromVerifiedPublisherOnly -- -------------------- ----------------------------- -------------------------- ------------------------------------------- cccccccc-2222-3333-4444-dddddddddddd {33334444-dddd-5555-eeee-6666ffff7777} {all} {aaaabbbb-0000-cccc-1111-dddd2222eeee} True bbbbbbbb-1111-2222-3333-cccccccccccc {11112222-bbbb-3333-cccc-4444dddd5555} {all} {aaaabbbb-0000-cccc-1111-dddd2222eeee} True</dev:code> <dev:remarks> <maml:para>This command gets all permission grant condition sets that are excluded in the policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 3: Get a permission grant condition set -------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.PermissionGrant' $params = @{ PolicyId = 'policy1' ConditionSetType = 'includes' Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' } Get-EntraPermissionGrantConditionSet @params Id ClientApplicationIds ClientApplicationPublisherIds ClientApplicationTenantIds ClientApplicationsFromVerifiedPublisherOnly -- -------------------- ----------------------------- -------------------------- ------------------------------------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb {00001111-aaaa-2222-bbbb-3333cccc4444} {all} {aaaabbbb-0000-cccc-1111-dddd2222eeee} True</dev:code> <dev:remarks> <maml:para>This command gets a permission grant condition set specified by `Id`.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraPermissionGrantConditionSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraPermissionGrantPolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraPermissionGrantPolicy</command:noun> <maml:description> <maml:para>Gets a permission grant policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraPermissionGrantPolicy` cmdlet gets a Microsoft Entra ID permission grant policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraPermissionGrantPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get all permission grant policies ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.PermissionGrant' Get-EntraPermissionGrantPolicy DeletedDateTime Description --------------- ----------- Includes all application permissions (app roles), for all APIs, for any client application. Includes all chat resoruce-specific application permissions, for all APIs, for any client application. (Deprecated) Includes all team resource-specific application permissions, for all APIs, for any client application.</dev:code> <dev:remarks> <maml:para>This command gets all the permission grant policies. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Get a permission grant policy by ID --------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.PermissionGrant' Get-EntraPermissionGrantPolicy -Id 'testtenant-sampleapp-permissions' DeletedDateTime Description DisplayName Id --------------- ----------- ----------- -- Permissions for sample app in test tenant Sample app permissions testtenant-sampleapp-permissions</dev:code> <dev:remarks> <maml:para>This command gets the specified permission grant policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraPermissionGrantPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraPolicy</command:name> <command:verb>Get</command:verb> <command:noun>EntraPolicy</command:noun> <maml:description> <maml:para>Gets a policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraPolicy` cmdlet gets a policy in Microsoft Entra ID. Specify `Id` parameter to get a policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the policy you want to retrieve.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all policies.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all policies.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the policy you want to retrieve.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all policies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Gets all policy ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraPolicy Definition DeletedDateTime Description DisplayName Id ---------- --------------- ----------- ----------- -- {{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}} Activepolicy bbbbbbbb-1111-2222-3333-cccccccccccc {{"HomeRealmDiscoveryPolicy":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}} PolicyDemo aaaaaaaa-1111-1111-1111-000000000000</dev:code> <dev:remarks> <maml:para>This example shows how to return all policies.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 2: Get a policy with specific ID -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraPolicy -Id 'bbbbbbbb-1111-2222-3333-cccccccccccc' Definition DeletedDateTime Description DisplayName Id ---------- --------------- ----------- ----------- -- {{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}} Activepolicy bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>This example demonstrated how to receive policy with specific ID.</maml:para> <maml:para>- `Id` parameter specifies the unique policy ID, which you want to receive. In this example, `bbbbbbbb-1111-2222-3333-cccccccccccc` represents the ID of the policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------------- Example 3: Get all policies -----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraPolicy -All Definition DeletedDateTime Description DisplayName Id ---------- --------------- ----------- ----------- -- {{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}} Activepolicy bbbbbbbb-1111-2222-3333-cccccccccccc {{"HomeRealmDiscoveryPolicy":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}} PolicyDemo aaaaaaaa-1111-1111-1111-000000000000</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all policies in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------------- Example 4: Get a top one policy ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.All' Get-EntraPolicy -Top 1 Definition DeletedDateTime Description DisplayName Id ---------- --------------- ----------- ----------- -- {{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}} Activepolicy bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve top one policies in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraRoleAssignment</command:name> <command:verb>Get</command:verb> <command:noun>EntraRoleAssignment</command:noun> <maml:description> <maml:para>Get a Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraRoleAssignment` cmdlet gets information about role assignments in Microsoft Entra ID. To get a role assignment, specify the `Id` parameter. Specify the `SearchString` or `Filter` parameter to find a particular role assignment.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID roleAssignment object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID roleAssignment object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>string</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleAssignment</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Get role assignments ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleAssignment Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / J5kL6mN7oP8qR9sT0uV1wX2yZ3aB4c eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 2: Get role assignments using 'All' parameter ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleAssignment -All Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / J5kL6mN7oP8qR9sT0uV1wX2yZ3aB4c eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets all the role assignments in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 3: Get role assignments filter by principalId ----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleAssignment -Filter "principalId eq 'aaaaaaaa-bbbb-cccc-1111-222222222222'" Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments containing the specified principalId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 4: Get role assignments filter by roleDefinitionId --</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleAssignment -Filter "roleDefinitionId eq 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1'" Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w bbbbbbbb-cccc-dddd-2222-333333333333 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y cccccccc-dddd-eeee-3333-444444444444 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / H4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3a dddddddd-eeee-ffff-4444-555555555555 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / J5kL6mN7oP8qR9sT0uV1wX2yZ3aB4c eeeeeeee-ffff-aaaa-5555-666666666666 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets the role assignments containing the specified roleDefinitionId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 5: Get top two role assignments -----------</maml:title> <dev:code>PS C:\> Get-EntraRoleAssignment -Top 2 Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 / C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command gets top two role assignments.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraRoleDefinition</command:name> <command:verb>Get</command:verb> <command:noun>EntraRoleDefinition</command:noun> <maml:description> <maml:para>Gets information about role definitions in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraRoleDefinition` cmdlet gets information about role definitions in Microsoft Entra ID. To get a role definition, specify the `Id` parameter. Specify the `SearchString` or `Filter` parameter to find particular role definition.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records that this cmdlet gets. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter string to match a set of role definitions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records that this cmdlet gets. The default value is 100.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter string to match a set of role definitions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get all role definitions -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleDefinition DisplayName Id TemplateId Description ----------- -- ---------- ----------- Guest User 10dae51f-b6af-4016-8d66-8c2a99b929b3 10dae51f-b6af-4016-8d66-8c2a99b929b3 Default role for guest users. Can read a limited set of directory information. Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command returns all the role definitions present.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 2: Get a role definition by ID ------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleDefinition -Id 1a327991-10cb-4266-877a-998fb4df78ec DisplayName Id TemplateId Description ----------- -- ---------- ----------- Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command returns a specified role definition.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Filter role definitions by display name ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.Read.All' #For the entitlement management provider Get-EntraRoleDefinition -Filter "startsWith(displayName, 'Restricted')" DisplayName Id TemplateId Description ----------- -- ---------- ----------- Restricted Guest User 2af84b1e-32c8-42b7-82bc-daa82404023b 2af84b1e-32c8-42b7-82bc-daa82404023b Restricted role for guest users. Can read a limited set of directory information.</dev:code> <dev:remarks> <maml:para>This command return all the role definitions containing the specified display name.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraRoleDefinition</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraScopedRoleMembership</command:name> <command:verb>Get</command:verb> <command:noun>EntraScopedRoleMembership</command:noun> <maml:description> <maml:para>Gets a scoped role membership from an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraScopedRoleMembership cmdlet gets a scoped role membership from an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraScopedRoleMembership</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ScopedRoleMembershipId</maml:name> <maml:description> <maml:para>Specifies the ID of a scoped role membership.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ScopedRoleMembershipId</maml:name> <maml:description> <maml:para>Specifies the ID of a scoped role membership.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Get Scoped Role Administrator -----------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraScopedRoleMembership -Id 'bbbbbbbb-1111-2222-3333-cccccccccccc' -ScopedRoleMembershipId '3d3d3d3d-4444-eeee-5555-6f6f6f6f6f6f' AdministrativeUnitId Id RoleId -------------------- -- ------ bbbbbbbb-1111-2222-3333-cccccccccccc 1b1b1b1b-2222-cccc-3333-4d4d4d4d4d4d 356b7173-5a6e-49dc-88ec-b...</dev:code> <dev:remarks> <maml:para>This command gets the scoped role membership from a specified administrative unit with specified scoped role membership ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title> Example 2: List scoped administrators for administrative unit </maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' Get-EntraScopedRoleMembership -Id 'bbbbbbbb-1111-2222-3333-cccccccccccc' AdministrativeUnitId Id RoleId -------------------- -- ------ bbbbbbbb-1111-2222-3333-cccccccccccc 1b1b1b1b-2222-cccc-3333-4d4d4d4d4d4d 8a20c604-291f-4cc3-b6d0-2... bbbbbbbb-1111-2222-3333-cccccccccccc 3d3d3d3d-4444-eeee-5555-6f6f6f6f6f6f 8a20c604-291f-4cc3-b6d0-2...</dev:code> <dev:remarks> <maml:para>This command gets the list of scoped role membership from a specified administrative unit.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraScopedRoleMembership</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraScopedRoleMembership</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraScopedRoleMembership</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServiceAppRoleAssignedTo</command:name> <command:verb>Get</command:verb> <command:noun>EntraServiceAppRoleAssignedTo</command:noun> <maml:description> <maml:para>Gets app role assignments for this app or service, granted to users, groups and other service principals.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraServiceAppRoleAssignedTo` cmdlet gets app role assignments for this app or service, granted to users, groups and other service principals.</maml:para> <maml:para>For delegated scenarios, the calling user needs at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- Directory Synchronization Accounts</maml:para> <maml:para>- Directory Writer</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> <maml:para>- Identity Governance Administrator</maml:para> <maml:para>- Privileged Role Administrator</maml:para> <maml:para>- User Administrator</maml:para> <maml:para>- Application Administrator</maml:para> <maml:para>- Cloud Application Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServiceAppRoleAssignedTo</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Retrieve the app role assignments ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServiceAppRoleAssignedTo -ObjectId $ServicePrincipalId</dev:code> <dev:remarks> <maml:para>This example shows how to get app role assignments for an app or service, granted to users, groups and other service principals.</maml:para> <maml:para>- The first command gets the ID of a service principal and stores it in the $ServicePrincipalId variable.</maml:para> <maml:para>- The second command gets the app role assignments for the service principal granted to users, groups and other service principals.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 2: Get all app role assignments -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServiceAppRoleAssignedTo -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 -All DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:41 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:38 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:37 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:39 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:39 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This command gets the all app role assignments for the service principal granted to users, groups and other service principals.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 3: Get five app role assignments -----------</maml:title> <dev:code>Get-EntraServiceAppRoleAssignedTo -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 -Top 5 DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:41 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:38 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:37 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:39 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:39 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This command gets the five app role assignments for the service principal granted to users, groups and other service principals.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServiceAppRoleAssignedTo</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServiceAppRoleAssignment</command:name> <command:verb>Get</command:verb> <command:noun>EntraServiceAppRoleAssignment</command:noun> <maml:description> <maml:para>Gets a service principal application role assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraServiceAppRoleAssignment` cmdlet gets a role assignment for a service principal application in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServiceAppRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve the application role assignments for a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServiceAppRoleAssignment -ObjectId $ServicePrincipalId DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName --------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 29-02-2024 05:53:00 Ask HR aaaaaaaa-bbbb-cccc-1111-222222222222 Group M365 License Manager</dev:code> <dev:remarks> <maml:para>This command gets application role assignments for specified service principal.</maml:para> <maml:para>- The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>- The second command gets the application role assignments for the service principal in identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve all application role assignments for a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServiceAppRoleAssignment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -All DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:41 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:38 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:37 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:39 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:39 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This command gets all application role assignments for specified service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve the top five application role assignments for a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServiceAppRoleAssignment -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -Top 3 DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:41 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:38 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222 3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 00000000-0000-0000-0000-000000000000 20/10/2023 17:03:37 Entra-App-Testing aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This command gets three application role assignments for specified service principal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServiceAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServiceAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServiceAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipal</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipal</command:noun> <maml:description> <maml:para>Gets a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraServicePrincipal` cmdlet gets a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipal</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraServicePrincipal</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraServicePrincipal</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Retrieve all service principal from the directory -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipal ObjectId AppId DisplayName -------- ----- ----------- bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 Demo App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 22223333-cccc-4444-dddd-5555eeee6666 Demo Two App dddddddd-3333-4444-5555-eeeeeeeeeeee 33334444-dddd-5555-eeee-6666ffff7777 ProjectWorkManagement</dev:code> <dev:remarks> <maml:para>This command retrieves all service principal from the directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Retrieve a service principal by ID --------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipal $ServicePrincipalId ObjectId AppId DisplayName -------- ----- ----------- bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 Demo App</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md)cmdlet. The command stores the ID in the $ServicePrincipalId variable. The second command gets the service principal identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title> Example 3: Retrieve all service principals from the directory </maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipal -All ObjectId AppId DisplayName -------- ----- ----------- bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 Demo App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 22223333-cccc-4444-dddd-5555eeee6666 Demo Two App dddddddd-3333-4444-5555-eeeeeeeeeeee 33334444-dddd-5555-eeee-6666ffff7777 ProjectWorkManagement ffffffff-5555-6666-7777-aaaaaaaaaaaa 44445555-eeee-6666-ffff-7777aaaa8888 Reports App</dev:code> <dev:remarks> <maml:para>This command retrieves all service principals from the directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Retrieve top three service principal from the directory</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipal -Top 3 ObjectId AppId DisplayName -------- ----- ----------- bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 Demo App aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb 22223333-cccc-4444-dddd-5555eeee6666 Demo Two App dddddddd-3333-4444-5555-eeeeeeeeeeee 33334444-dddd-5555-eeee-6666ffff7777 ProjectWorkManagement</dev:code> <dev:remarks> <maml:para>This command retrieves top three service principals from the directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 5: Get a service principal by display name ------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipal -Filter "DisplayName eq 'ProjectWorkManagement'" ObjectId AppId DisplayName -------- ----- ----------- dddddddd-3333-4444-5555-eeeeeeeeeeee 33334444-dddd-5555-eeee-6666ffff7777 ProjectWorkManagement</dev:code> <dev:remarks> <maml:para>This command gets a service principal by its display name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 6: Retrieve a list of all service principal that have a display name that contains "ProjectWorkManagement"</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipal -SearchString "ProjectWorkManagement" ObjectId AppId DisplayName -------- ----- ----------- dddddddd-3333-4444-5555-eeeeeeeeeeee 33334444-dddd-5555-eeee-6666ffff7777 ProjectWorkManagement</dev:code> <dev:remarks> <maml:para>This command gets a list of service principal, which has the specified display name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 7: Retrieve all Enterprise apps -----------</maml:title> <dev:code>Get-EntraServicePrincipal -Filter "tags/Any(x: x eq 'WindowsAzureActiveDirectoryIntegratedApp')" DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Enterprise App1 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777 Application Enterprise App2 11112222-bbbb-3333-cccc-4444dddd5555 22223333-cccc-4444-dddd-5555eeee6666 AzureADMultipleOrgs Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all enterprise apps.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 8: Retrieve all App proxy apps ------------</maml:title> <dev:code>Get-EntraServicePrincipal -Filter "tags/Any(x: x eq 'WindowsAzureActiveDirectoryOnPremApp')" DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- App proxy 1 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777 Application App proxy 2 11112222-bbbb-3333-cccc-4444dddd5555 22223333-cccc-4444-dddd-5555eeee6666 AzureADMultipleOrgs Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all app proxy apps.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 9: Retrieve all disabled apps ------------</maml:title> <dev:code>Get-EntraServicePrincipal -Filter "accountEnabled eq false" DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Disabled App1 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777 Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all disabled apps.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 10: Retrieve all Global Secure Access apps ------</maml:title> <dev:code>Get-EntraServicePrincipal -Filter "tags/Any(x: x eq 'PrivateAccessNonWebApplication') or tags/Any(x: x eq 'NetworkAccessManagedApplication')" DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Global secure access app 00001111-aaaa-2222-bbbb-3333cccc4444 33334444-dddd-5555-eeee-6666ffff7777 Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all Global secure access apps.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipal</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalCreatedObject</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalCreatedObject</command:noun> <maml:description> <maml:para>Get objects created by a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalCreatedObject cmdlet gets an object created by a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalCreatedObject</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve the objects created by a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipalCreatedObject -ObjectId $ServicePrincipalId</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>The second command gets the objects created by the service principal identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve the all objects created by a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipalCreatedObject -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -All</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get the all object created by a specified service principal in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve the top two objects created by a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipalCreatedObject -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -Top 2</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get the top two object created by a specified service principal in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalCreatedObject</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalDelegatedPermissionClassification</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalDelegatedPermissionClassification</command:noun> <maml:description> <maml:para>Retrieve the delegated permission classification objects on a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalDelegatedPermissionClassification cmdlet retrieves the delegated permission classifications from a service principal.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalDelegatedPermissionClassification</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a delegated permission classification object id.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalDelegatedPermissionClassification</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a delegated permission classification object id.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>The OData v4.0 filter statement. Controls which objects are returned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Online.Administration.DelegatedPermissionClassification</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title> Example 1: Get a list of delegated permission classifications </maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" Get-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id Id Classification PermissionId PermissionName -- -------------- ------------ -------------- bbbbbbbb-7777-8888-9999-cccccccccccc low eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All cccccccc-8888-9999-0000-dddddddddddd low dddd3333-ee44-5555-66ff-777777aaaaaa profile</dev:code> <dev:remarks> <maml:para>This command retrieves all delegated permission classifications from the service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Get a delegated permission classification -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" $Params = @{ ServicePrincipalId = $servicePrincipal.Id Id = 'bbbbbbbb-7777-8888-9999-cccccccccccc' } Get-EntraServicePrincipalDelegatedPermissionClassification @Params Id Classification PermissionId PermissionName -- -------------- ------------ -------------- bbbbbbbb-7777-8888-9999-cccccccccccc low eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All</dev:code> <dev:remarks> <maml:para>This command retrieves the delegated permission classification by Id from the service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Get a delegated permission classification with filter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" $Params = @{ ServicePrincipalId = 'bbbb1111-cc22-3333-44dd-555555eeeeee' Filter = "PermissionName eq 'Sites.Read.All'" } Get-EntraServicePrincipalDelegatedPermissionClassification @Params Id Classification PermissionId PermissionName -- -------------- ------------ -------------- bbbbbbbb-7777-8888-9999-cccccccccccc low eeeeeeee-4444-5555-6666-ffffffffffff Sites.Read.All</dev:code> <dev:remarks> <maml:para>This command retrieves the filtered delegated permission classifications from the service principal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalDelegatedPermissionClassification</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalDelegatedPermissionClassification</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalDelegatedPermissionClassification</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalKeyCredential</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalKeyCredential</command:noun> <maml:description> <maml:para>Get key credentials for a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalKeyCredential cmdlet gets the key credentials for a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the application for which to get the password credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the application for which to get the password credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title> Example 1: Retrieve the key credential of a service principal </maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipalKeyCredential -ObjectId $ServicePrincipalId CustomKeyIdentifier DisplayName EndDateTime Key KeyId StartDateTime Type Usage ------------------- ----------- ----------- --- ----- ------------- ---- ----- 08/02/2025 09:57:08 aaaaaaaa-0b0b-1c1c-2d2d-333333333333 08/02/2024 09:57:08 Symmetric Sign</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>The second command gets the key credential for the service principal identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalKeyCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServicePrincipalKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalMembership</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalMembership</command:noun> <maml:description> <maml:para>Get a service principal membership.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalMembership cmdlet gets the memberships of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalMembership</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Retrieve the memberships of a service principal. -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipalMembership -ObjectId $ServicePrincipalId</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>The second command gets the memberships of a service principal identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 2: Retrieve all memberships of a service principal --</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipalMembership -ObjectId '33334444-dddd-5555-eeee-6666ffff7777' -All Id DeletedDateTime -- --------------- 33334444-dddd-5555-eeee-6666ffff7777</dev:code> <dev:remarks> <maml:para>This command gets all memberships of a specified service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve top two memberships of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipalMembership -ObjectId '22223333-cccc-4444-dddd-5555eeee6666' -Top 2 Id DeletedDateTime -- --------------- 22223333-cccc-4444-dddd-5555eeee6666</dev:code> <dev:remarks> <maml:para>This command gets two memberships of a specified service principal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalMembership</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalOAuth2PermissionGrant</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalOAuth2PermissionGrant</command:noun> <maml:description> <maml:para>Gets an oAuth2PermissionGrant object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalOAuth2PermissionGrant cmdlet gets an oAuth2PermissionGrant object for a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalOAuth2PermissionGrant</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve the OAuth2 permission grants of a service principal.</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipalOAuth2PermissionGrant -ObjectId $ServicePrincipalId Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- A1bC2dE3f... 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>The second command gets the OAuth2 permission grants of a service principal identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Get all OAuth2 permission grants of a service principal.</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraServicePrincipalOAuth2PermissionGrant -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -All Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- A1bC2dE3f... 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals A1bC2dE3f... openid profile U... A1bC2dE3f... 00001111-aaaa-2222-bbbb-3333cccc4444 Principal 412be9d1-1460-4061-8eed-cca203fcb215 aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U... A1bC2dE3f... 00001111-aaaa-2222-bbbb-3333cccc4444 Principal 996d39aa-fdac-4d97-aa3d-c81fb47362ac aaaaaaaa-bbbb-cccc-1111-222222222222 PrivilegedAccess...</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get all oAuth2PermissionGrant object for a service principal in Microsoft Entra ID. This command gets all OAuth2 permission grants of a service principal for specified ObjectId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Get two OAuth2 permission grants of a service principal.</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraServicePrincipalOAuth2PermissionGrant -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -Top 2 Id ClientId ConsentType PrincipalId ResourceId Scope -- -------- ----------- ----------- ---------- ----- A1bC2dE3f... 00001111-aaaa-2222-bbbb-3333cccc4444 AllPrincipals aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U... A1bC2dE3f... 00001111-aaaa-2222-bbbb-3333cccc4444 Principal 412be9d1-1460-4061-8eed-cca203fcb215 aaaaaaaa-bbbb-cccc-1111-222222222222 openid profile U...</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get top two oAuth2PermissionGrant object for a service principal in Microsoft Entra ID. This command gets two OAuth2 permission grants of a service principal for specified ObjectId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalOAuth2PermissionGrant</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalOwnedObject</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalOwnedObject</command:noun> <maml:description> <maml:para>Gets an object owned by a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalOwnedObject cmdlet gets an object owned by a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalOwnedObject</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Retrieve the owned objects of a service principal -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipalOwnedObject -ObjectId $ServicePrincipalId Id DeletedDateTime -- --------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md)cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>The second command gets the owned objects of a service principal identified by $ServicePrincipalId. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve all the owned objects of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipalOwnedObject -ObjectId '11112222-bbbb-3333-cccc-4444dddd5555' -All Id DeletedDateTime -- --------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>This command gets the owned objects of a service principal identified by `11112222-bbbb-3333-cccc-4444dddd5555`. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve top one owned object of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' Get-EntraServicePrincipalOwnedObject -ObjectId '11112222-bbbb-3333-cccc-4444dddd5555' -Top 1 Id DeletedDateTime -- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>This command gets top one owned object of a service principal identified by `11112222-bbbb-3333-cccc-4444dddd5555`. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalOwnedObject</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalOwner</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalOwner</command:noun> <maml:description> <maml:para>Get the owner of a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraServicePrincipalOwner` command gets the owners of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalOwner</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Retrieve the owner of a service principal -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Adams Smith Adams@contoso.com Member bbbbbbbb-1111-2222-3333-cccccccccccc Peter Kons Peter@contoso.com Member cccccccc-2222-3333-4444-dddddddddddd Mary Kom Mary@contoso.com Member</dev:code> <dev:remarks> <maml:para>This example gets the owners of a specified service principal. You can use the comand `Get-EntraServicePrincipal` to get service principal object Id.</maml:para> <maml:para>- `ObjectId` parameter specifies the unique identifier of a service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 2: Retrieve all the owners of a service principal --</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId -All ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Adams Smith Adams@contoso.com Member bbbbbbbb-1111-2222-3333-cccccccccccc Peter Kons Peter@contoso.com Member cccccccc-2222-3333-4444-dddddddddddd Mary Kom Mary@contoso.com Member</dev:code> <dev:remarks> <maml:para>This example retrieves all the owners of a service principal. You can use the comand `Get-EntraServicePrincipal` to get service principal object Id.</maml:para> <maml:para>- `ObjectId` parameter specifies the unique identifier of a service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 3: Retrieve top two owners of a service principal --</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId -Top 2 ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Adams Smith Adams@contoso.com Member bbbbbbbb-1111-2222-3333-cccccccccccc Peter Kons Peter@contoso.com Member</dev:code> <dev:remarks> <maml:para>This example retrieves the top two owners of a service principal. You can use the comand `Get-EntraServicePrincipal` to get service principal object Id.</maml:para> <maml:para>- `-ObjectId` parameter specifies the unique identifier of a service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4: Retrieve service principal owner details -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<service-principal-displayName>'" # Get the owners of the service principal $owners = Get-EntraServicePrincipalOwner -ObjectId $servicePrincipal.ObjectId -All $result = @() # Loop through each owner and get their UserPrincipalName and DisplayName foreach ($owner in $owners) { $userId = $owner.Id $user = Get-EntraUser -ObjectId $userId $userDetails = [PSCustomObject]@{ Id = $owner.Id UserPrincipalName = $user.UserPrincipalName DisplayName = $user.DisplayName } $result += $userDetails } # Output the result in a table format $result | Format-Table -AutoSize Id UserPrincipalName DisplayName -- ----------------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AlexW@contoso.com Alex Wilber bbbbbbbb-1111-2222-3333-cccccccccccc AdeleV@contoso.com Adele Vance</dev:code> <dev:remarks> <maml:para>This example retrieve additional details of a service principal owners such as displayName, userPrincipalName.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraServicePrincipalOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraServicePrincipalPasswordCredential</command:name> <command:verb>Get</command:verb> <command:noun>EntraServicePrincipalPasswordCredential</command:noun> <maml:description> <maml:para>Get credentials for a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraServicePrincipalPasswordCredential cmdlet gets the password credentials for a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraServicePrincipalPasswordCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the service principal for which to get password credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the service principal for which to get password credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve the password credential of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $ServicePrincipalId = (Get-EntraServicePrincipal -Top 1).ObjectId Get-EntraServicePrincipalPasswordCredential -ObjectId $ServicePrincipalId CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 21/03/2025 08:12:08 333 aaaaaaaa-0b0b-1c1c-2d2d-333333333333 21/03/2024 08:12:08 12/12/2024 08:39:07 444 bbbbbbbb-1c1c-2d2d-3e3e-444444444444 12/12/2023 08:39:10</dev:code> <dev:remarks> <maml:para>The first command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md) cmdlet. The command stores the ID in the $ServicePrincipalId variable.</maml:para> <maml:para>The second command gets the password credential of a service principal identified by $ServicePrincipalId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraServicePrincipalPasswordCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServicePrincipalPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraSubscribedSku</command:name> <command:verb>Get</command:verb> <command:noun>EntraSubscribedSku</command:noun> <maml:description> <maml:para>Gets subscribed SKUs to Microsoft services.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraSubscribedSku` cmdlet gets subscribed SKUs to Microsoft services.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraSubscribedSku</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the SKU (Stock Keeping Unit).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the SKU (Stock Keeping Unit).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Get subscribed SKUs ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraSubscribedSku Id AccountId AccountName AppliesTo CapabilityStatus ConsumedUnits SkuId SkuPart Number -- --------- ----------- --------- ---------------- ------------- ----- ------- abcdefgh-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso User Enabled 20 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb EMSP... ijklmnop-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 11bb11bb-cc22-dd33-ee44-55ff55ff55ff Contoso User Enabled 20 bbbbbbbb-1111-2222-3333-cccccccccccc ENTE... qrstuvwx-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 22cc22cc-dd33-ee44-ff55-66aa66aa66aa Contoso User Enabled 2 cccccccc-2222-3333-4444-dddddddddddd ENTE... yzabcdef-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 33dd33dd-ee44-ff55-aa66-77bb77bb77bb Contoso User Enabled 3 dddddddd-3333-4444-5555-eeeeeeeeeeee FLOW... ghijklmn-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 44ee44ee-ff55-aa66-bb77-88cc88cc88cc Contoso User Enabled 3 eeeeeeee-4444-5555-6666-ffffffffffff Win1... opqrstuv-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 55ff55ff-gg66-bb77-cc88-99dd99dd99dd Contoso User Enabled 20 ffffffff-7777-8888-9999-gggggggggggg INFO...</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve subscribed SKUs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Get subscribed SKUs by ObjectId ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraSubscribedSku -ObjectId 'abcdefgh-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666' Id AccountId AccountName AppliesTo CapabilityStatus ConsumedUnits SkuId SkuPart Number -- --------- ----------- --------- ---------------- ------------- ----- ------- abcdefgh-1111-2222-bbbb-cccc33333333_dddddddd-4444-5555-eeee-666666666666 00aa00aa-bb11-cc22-dd33-44ee44ee44ee Contoso User Enabled 20 aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb EMSP...</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve specified subscribed SKUs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Get a list of users, their assigned licenses, and licensing source</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All','User.Read.All','Group.Read.All' # Get all users with specified properties $Users = Get-EntraUser -All -Property AssignedLicenses, LicenseAssignmentStates, DisplayName, UserPrincipalName, ObjectId $SelectedUsers = $Users | Select-Object ObjectId, UserPrincipalName, DisplayName, AssignedLicenses -ExpandProperty LicenseAssignmentStates # Group Name lookup $GroupDisplayNames = @{} # Sku Part Number lookup $SkuPartNumbers = @{} # Populate the hashtable with group display names and SKU part numbers foreach ($User in $SelectedUsers) { $AssignedByGroup = $User.AssignedByGroup $SkuId = $User.SkuId try { # Check if the group display name is already in the hashtable if (-not $GroupDisplayNames.ContainsKey($AssignedByGroup)) { $Group = Get-EntraGroup -ObjectId $AssignedByGroup $GroupDisplayNames[$AssignedByGroup] = $Group.DisplayName } $User | Add-Member -NotePropertyName 'GroupDisplayName' -NotePropertyValue $GroupDisplayNames[$AssignedByGroup] } catch { $User | Add-Member -NotePropertyName 'GroupDisplayName' -NotePropertyValue 'N/A (Direct Assignment)' } try { # Check if the SKU part number is already in the hashtable if (-not $SkuPartNumbers.ContainsKey($SkuId)) { $Sku = Get-EntraSubscribedSku | Where-Object { $_.SkuId -eq $SkuId } | Select-Object -ExpandProperty SkuPartNumber $SkuPartNumbers[$SkuId] = $Sku } $User | Add-Member -NotePropertyName 'SkuPartNumber' -NotePropertyValue $SkuPartNumbers[$SkuId] } catch { $User | Add-Member -NotePropertyName 'SkuPartNumber' -NotePropertyValue 'N/A' } } $SelectedUsers | Format-Table UserPrincipalName, DisplayName, AssignedByGroup, GroupDisplayName, SkuId, SkuPartNumber, State, Error -AutoSize userPrincipalName displayName assignedByGroup GroupDisplayName skuId SkuPartNumber state error ----------------- ----------- --------------- ---------------- ----- ------------- ----- ----- averyh@contoso.com Avery Howard cccccccc-2222-3333-4444-dddddddddddd Contoso Team abcdefgh-1111-2222-bbbb-cccc33333333 ENTERPRISEPACK Active None devont@contoso.com Devon Torres ffffffff-5555-6666-7777-aaaaaaaaaaaa Retail abcdefgh-1111-2222-bbbb-cccc33333333 ENTERPRISEPACK Active None</dev:code> <dev:remarks> <maml:para>This example shows a list of users, their licenses, and the source of the license such as directly assigned or group assigned.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraSubscribedSku</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraTenantDetail</command:name> <command:verb>Get</command:verb> <command:noun>EntraTenantDetail</command:noun> <maml:description> <maml:para>Gets the details of a tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraTenantDetail` cmdlet gets the details of a tenant in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraTenantDetail</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Get all tenant details --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraTenantDetail -All DisplayName Id TenantType CountryLetterCode VerifiedDomains ----------- -- ---------- ----------------- --------------- Contoso aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AAD NL {@{Capabilities=Email, OfficeCommunicationsOnline; IsDefault=False; IsInitial=True; Name=contoso.onmicrosoft.com; Type=Mana...</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve all tenant details.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 2: Get top five tenant details ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraTenantDetail -Top 5 DisplayName Id TenantType CountryLetterCode VerifiedDomains ----------- -- ---------- ----------------- --------------- Contoso aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AAD NL {@{Capabilities=Email, OfficeCommunicationsOnline; IsDefault=False; IsInitial=True; Name=contoso.onmicrosoft.com; Type=Mana...</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve details of a top five tenants in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraTenantDetail</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraTenantDetail</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraTrustedCertificateAuthority</command:name> <command:verb>Get</command:verb> <command:noun>EntraTrustedCertificateAuthority</command:noun> <maml:description> <maml:para>Gets the trusted certificate authority.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraTrustedCertificateAuthority` cmdlet gets the trusted certificate authority in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraTrustedCertificateAuthority</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TrustedIssuer</maml:name> <maml:description> <maml:para>Specifies a trusted issuer.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TrustedIssuerSki</maml:name> <maml:description> <maml:para>Specifies a trusted issuer ski.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TrustedIssuer</maml:name> <maml:description> <maml:para>Specifies a trusted issuer.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>TrustedIssuerSki</maml:name> <maml:description> <maml:para>Specifies a trusted issuer ski.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Retrieve the trusted certificate authorities that are defined in your directory</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraTrustedCertificateAuthority AuthorityType : RootAuthority CrlDistributionPoint : https://example.crl1 DeltaCrlDistributionPoint : TrustedCertificate : {48, 130, 3, 4...} TrustedIssuer : CN=example.azure.com, O=MSIT. Ltd, L=Redmond, C=US TrustedIssuerSki : E48DBC5D4AF447E9D9D4A5440D4096C70AF5352A AuthorityType : RootAuthority CrlDistributionPoint : https://example.crl DeltaCrlDistributionPoint : https://deltaexample.crl TrustedCertificate : {48, 130, 3, 4...} TrustedIssuer : CN=example.azure.com, O=MSIT. Ltd, L=Redmond, C=US TrustedIssuerSki : 69506400C9806497DCB48F160C31CFFEA87E544C AuthorityType : RootAuthority CrlDistributionPoint : https://example.crl DeltaCrlDistributionPoint : TrustedCertificate : {48, 130, 3, 0...} TrustedIssuer : CN=example1.azure.com, O=MSIT. Ltd, L=Redmond, C=US TrustedIssuerSki : 4BA2D7AC2A5DF47C70E19E61EDFB4E62B3BF67FD</dev:code> <dev:remarks> <maml:para>This command retrieves the trusted certificate authorities that are defined in your directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve the trusted certificate authorities that are defined in your directory based on TrustedIssuer</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraTrustedCertificateAuthority -TrustedIssuer 'CN=example.azure.com, O=MSIT. Ltd, L=Redmond, C=US' AuthorityType : RootAuthority CrlDistributionPoint : https://example.crl1 DeltaCrlDistributionPoint : TrustedCertificate : {48, 130, 3, 4...} TrustedIssuer : CN=example.azure.com, O=MSIT. Ltd, L=Redmond, C=US TrustedIssuerSki : E48DBC5D4AF447E9D9D4A5440D4096C70AF5352A AuthorityType : RootAuthority CrlDistributionPoint : https://example.crl DeltaCrlDistributionPoint : https://deltaexample.crl TrustedCertificate : {48, 130, 3, 4...} TrustedIssuer : CN=example.azure.com, O=MSIT. Ltd, L=Redmond, C=US TrustedIssuerSki : 69506400C9806497DCB48F160C31CFFEA87E544C</dev:code> <dev:remarks> <maml:para>This command retrieves the trusted certificate authorities that are defined in your directory based on TrustedIssuer.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve the trusted certificate authorities that are defined in your directory based on TrustedIssuerSki</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.Read.All' Get-EntraTrustedCertificateAuthority -TrustedIssuerSki 4BA2D7AC2A5DF47C70E19E61EDFB4E62B3BF67FD AuthorityType : RootAuthority CrlDistributionPoint : https://example.crl DeltaCrlDistributionPoint : TrustedCertificate : {48, 130, 3, 0...} TrustedIssuer : CN=example1.azure.com, O=MSIT. Ltd, L=Redmond, C=US TrustedIssuerSki : 4BA2D7AC2A5DF47C70E19E61EDFB4E62B3BF67FD</dev:code> <dev:remarks> <maml:para>This command retrieves the trusted certificate authorities that are defined in your directory based on TrustedIssuerSki.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraTrustedCertificateAuthority</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUnsupportedCommand</command:name> <command:verb>Get</command:verb> <command:noun>EntraUnsupportedCommand</command:noun> <maml:description> <maml:para>{{ Fill in the Synopsis }}</maml:para> </maml:description> </command:details> <maml:description> <maml:para>{{ Fill in the Description }}</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUnsupportedCommand</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>PS C:\> {{ Add example code here }}</dev:code> <dev:remarks> <maml:para>{{ Add example description here }}</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUnsupportedCommand</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUser</command:name> <command:verb>Get</command:verb> <command:noun>EntraUser</command:noun> <maml:description> <maml:para>Gets a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUser cmdlet gets a user from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUser</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraUser</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UserPrincipalName or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-EntraUser</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Filter</maml:name> <maml:description> <maml:para>Specifies an OData v4.0 filter statement. This parameter controls which objects are returned. Details on querying with oData can be found here: <https://learn.microsoft.com/graph/aad-advanced-queries?tabs=powershell></maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UserPrincipalName or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SearchString</maml:name> <maml:description> <maml:para>Specifies a search string.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Get top three users ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUser -Top 3 DisplayName Id Mail UserPrincipalName ----------- -- ---- ----------------- Angel Brown cccccccc-2222-3333-4444-dddddddddddd AngelB@contoso.com AngelB@contoso.com Avery Smith dddddddd-3333-4444-5555-eeeeeeeeeeee AveryS@contoso.com AveryS@contoso.com Sawyer Miller eeeeeeee-4444-5555-6666-ffffffffffff SawyerM@contoso.com SawyerM@contoso.com</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get top three users from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------------- Example 2: Get a user by ID -----------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUser -ObjectId 'cccccccc-2222-3333-4444-dddddddddddd' DisplayName Id Mail UserPrincipalName ----------- -- ---- ----------------- Angel Brown cccccccc-2222-3333-4444-dddddddddddd AngelB@contoso.com AngelB@contoso.com</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve specific user by providing ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 3: Search among retrieved users -----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUser -SearchString 'New' ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb New user NewUser@contoso.com Member dddddddd-9999-0000-1111-eeeeeeeeeeee New Test user NewTestUser@contoso.com Member</dev:code> <dev:remarks> <maml:para>This cmdlet gets all users that match the value of SearchString against the first characters in DisplayName or UserPrincipalName.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 4: Get a user by userPrincipalName ----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUser -Filter "UserPrincipalName eq 'NewUser@contoso.com'" ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb New user NewUser@contoso.com Member</dev:code> <dev:remarks> <maml:para>In this example, we retrieve user by `UserPrincipalName` from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 5: Get a user by MailNickname ------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUser -Filter "startswith(MailNickname,'Ada')" DisplayName Id Mail UserPrincipalName ----------- -- ---- ----------------- Mark Adams bbbbbbbb-1111-2222-3333-cccccccccccc Adams@contoso.com Adams@contoso.com</dev:code> <dev:remarks> <maml:para>In this example, we retrieve all users whose MailNickname starts with Ada.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 6: Get SignInActivity of a User -----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All' Get-EntraUser -ObjectId 'cccccccc-2222-3333-4444-dddddddddddd' -Property 'SignInActivity' | Select-Object -ExpandProperty 'SignInActivity' lastNonInteractiveSignInRequestId : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa lastNonInteractiveSignInDateTime : 7/31/2024 1:20:28 PM lastSuccessfulSignInRequestId : bbbbbbbb-1111-2222-3333-cccccccccccc lastSignInDateTime : 7/31/2024 8:18:35 AM lastSignInRequestId : bbbbbbbb-1111-2222-3333-dddddddddddd lastSuccessfulSignInDateTime : 7/31/2024 1:20:28 PM</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the SignInActivity of a specific user by selecting a property.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserAppRoleAssignment</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserAppRoleAssignment</command:noun> <maml:description> <maml:para>Get a user application role assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserAppRoleAssignment cmdlet gets a user application role assignment.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserAppRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Get a user application role assignment ------</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Directory.Read.All' #Application Permission $UserId = (Get-EntraUser -Top 1).ObjectId Get-EntraUserAppRoleAssignment -ObjectId $UserId DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName --------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve user application role assignment by providing ID. - The first command gets the ID of a Microsoft Entra ID user by using the Get-EntraUser (./Get-EntraUser.md)cmdlet and stores the value in the $UserId variable. - The second command gets a user application role assignment for the user in $UserId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 2: Get all application role assignments -------</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Directory.Read.All' #Application Permission Get-EntraUserAppRoleAssignment -ObjectId 'aaaaaaaa-bbbb-cccc-1111-222222222222' -All DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName --------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2 0ekrQWAUYUCO7cyiA_H4iJ5kL6mN7o 22223333-cccc-4444-dddd-5555eeee6666 13-09-2023 16:41:53 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-5 0ekrQWAUYUCO7cyiA_J5kL6mN7oP8q 33334444-dddd-5555-eeee-6666ffff7777 13-09-2023 17:28:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-7</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all application role assignment for the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 3: Get top two application role assignments -----</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Directory.Read.All' #Application Permission Get-EntraUserAppRoleAssignment -ObjectId 'aaaaaaaa-bbbb-cccc-1111-222222222222' -Top 2 DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName --------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- 0ekrQWAUYUCO7cyiA_A1bC2dE3fH4i 00001111-aaaa-2222-bbbb-3333cccc4444 31-07-2023 04:29:57 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-1 0ekrQWAUYUCO7cyiA_C2dE3fH4iJ5k 11112222-bbbb-3333-cccc-4444dddd5555 12-07-2023 10:09:17 Avery Smith aaaaaaaa-bbbb-cccc-1111-222222222222 User Test-App-2</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve top two application role assignment for the specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraUserAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUserAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserCreatedObject</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserCreatedObject</command:noun> <maml:description> <maml:para>Get objects created by the user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-EntraUserCreatedObject` cmdlet gets objects created by a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserCreatedObject</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UPN or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UPN or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get a user-created object -------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read','User.Read.All' Get-EntraUserCreatedObject -ObjectId 'SawyerM@contoso.com' Id DeletedDateTime -- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc cccccccc-2222-3333-4444-dddddddddddd dddddddd-3333-4444-5555-eeeeeeeeeeee eeeeeeee-4444-5555-6666-ffffffffffff</dev:code> <dev:remarks> <maml:para>This example retrieves an object created by the specified user.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 2: Get a top one user-created object ---------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read','User.Read.All' Get-EntraUserCreatedObject -ObjectId 'SawyerM@contoso.com' -Top 1 Id DeletedDateTime -- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>This example retrieves all objects created by the specified user.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 3: Get a top one user-created object ---------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read','User.Read.All' Get-EntraUserCreatedObject -ObjectId 'SawyerM@contoso.com' -Top 1 Id DeletedDateTime -- --------------- bbbbbbbb-1111-2222-3333-cccccccccccc</dev:code> <dev:remarks> <maml:para>This example retrieves top one object created by the specified user.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserCreatedObject</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserDirectReport</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserDirectReport</command:noun> <maml:description> <maml:para>Get the user's direct reports.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserDirectReport cmdlet gets the direct reports for a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserDirectReport</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user in Microsoft Entra ID (UserPrincipalName or ObjectId).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user in Microsoft Entra ID (UserPrincipalName or ObjectId).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Get a user's direct reports ------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read','User.Read.All' Get-EntraUserDirectReport -ObjectId 'SawyerM@contoso.com' ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {debrab@contoso.com} preferredLanguage : mail : DebraB@contoso.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=DebraB@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {@{disabledPlans=System.Object[]; skuId=33334444-dddd-5555-eeee-6666ffff7777}, @{disabledPlans=System.Object[]; skuId=44445555-eeee-6666-ffff-7777aaaa8888}, @{disabledPlans=System.Object[]; skuId=55556666-ffff-7777-aaaa-8888bbbb9999}}</dev:code> <dev:remarks> <maml:para>This command gets the direct report for the specified user.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 2: Get all direct reports --------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read','User.Read.All' Get-EntraUserDirectReport -ObjectId 'SawyerM@contoso.com' -All ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {debrab@contoso.com} preferredLanguage : mail : DebraB@contoso.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=DebraB@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {@{disabledPlans=System.Object[]; skuId=33334444-dddd-5555-eeee-6666ffff7777}, @{disabledPlans=System.Object[]; skuId=44445555-eeee-6666-ffff-7777aaaa8888}, @{disabledPlans=System.Object[]; skuId=55556666-ffff-7777-aaaa-8888bbbb9999}}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve all direct reports for a user in Microsoft Entra ID.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 3: Get a top five direct reports -----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read','User.Read.All' Get-EntraUserDirectReport -ObjectId 'SawyerM@contoso.com' -Top 5 ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {debrab@contoso.com} preferredLanguage : mail : DebraB@contoso.com securityIdentifier : A-1-22-3-4444444444-5555555555-6666666-7777777777 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=DebraB@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName : assignedLicenses : {@{disabledPlans=System.Object[]; skuId=33334444-dddd-5555-eeee-6666ffff7777}, @{disabledPlans=System.Object[]; skuId=44445555-eeee-6666-ffff-7777aaaa8888}, @{disabledPlans=System.Object[]; skuId=55556666-ffff-7777-aaaa-8888bbbb9999}}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve top five direct reports for a user in Microsoft Entra ID.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserDirectReport</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserExtension</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserExtension</command:noun> <maml:description> <maml:para>Gets a user extension.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserExtension cmdlet gets a user extension in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserExtension</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Retrieve extension attributes for a user -----</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' $UserId = (Get-EntraUser -ObjectId 'SawyerM@contoso.com').ObjectId Get-EntraUserExtension -ObjectId $UserId</dev:code> <dev:remarks> <maml:para>This example shows how to retrieve the extension attributes for a specified user. You can use the command `Get-EntraUser` to get user object Id.</maml:para> <maml:para>- `-Objectid` parameter specifies the user object Id.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserExtension</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUserExtension</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserExtension</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserLicenseDetail</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserLicenseDetail</command:noun> <maml:description> <maml:para>Retrieves license details for a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet retrieves license details for a user.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserLicenseDetail</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the user for which the license details are retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the user for which the license details are retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Retrieve user license details -----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserLicenseDetail -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' ObjectId ServicePlans -------- ------------ Hv-1hQIEDECePA-A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u {class ServicePlanInfo {... Hv-1hQIEDECePA-C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w {class ServicePlanInfo {...</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve license details for a user from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserLicenseDetail</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserManager</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserManager</command:noun> <maml:description> <maml:para>Gets the manager of a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserManager cmdlet gets the manager of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserManager</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a user in Microsoft Entra ID (UserPrincipalName or ObjectId).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a user in Microsoft Entra ID (UserPrincipalName or ObjectId).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Get the manager of a user -------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read.All' Get-EntraUserManager -ObjectId 'eeeeeeee-4444-5555-6666-ffffffffffff' ageGroup : onPremisesLastSyncDateTime : creationType : imAddresses : {miriamg@contoso.com} preferredLanguage : mail : MiriamG@contoso.com securityIdentifier : B-2-33-4-5555555555-6666666666-7777777-8888888888 identities : {@{signInType=userPrincipalName; issuer=contoso.com; issuerAssignedId=MiriamG@contoso.com}} consentProvidedForMinor : onPremisesUserPrincipalName :</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the manager of a specific user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserManager</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUserManager</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserManager</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserMembership</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserMembership</command:noun> <maml:description> <maml:para>Get user memberships.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserMembership cmdlet gets user memberships in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserMembership</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Get user memberships ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserMembership -ObjectId 'dddddddd-9999-0000-1111-eeeeeeeeeeee' Id DeletedDateTime -- --------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc cccccccc-2222-3333-4444-dddddddddddd eeeeeeee-4444-5555-6666-ffffffffffff ffffffff-5555-6666-7777-aaaaaaaaaaaa bbbbbbbb-7777-8888-9999-cccccccccccc</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve user memberships in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------------- Example 2: Get All memberships ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserMembership -ObjectId 'dddddddd-9999-0000-1111-eeeeeeeeeeee' -All Id DeletedDateTime -- --------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc cccccccc-2222-3333-4444-dddddddddddd eeeeeeee-4444-5555-6666-ffffffffffff ffffffff-5555-6666-7777-aaaaaaaaaaaa bbbbbbbb-7777-8888-9999-cccccccccccc</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve users all memberships in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 3: Get top five memberships -------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserMembership -ObjectId 'dddddddd-9999-0000-1111-eeeeeeeeeeee' -Top 5 Id DeletedDateTime -- --------------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb bbbbbbbb-1111-2222-3333-cccccccccccc cccccccc-2222-3333-4444-dddddddddddd eeeeeeee-4444-5555-6666-ffffffffffff ffffffff-5555-6666-7777-aaaaaaaaaaaa</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve users top five memberships in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserMembership</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserOAuth2PermissionGrant</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserOAuth2PermissionGrant</command:noun> <maml:description> <maml:para>Gets an oAuth2PermissionGrant object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserOAuth2PermissionGrant cmdlet gets an oAuth2PermissionGrant object for the specified user in Microsoft Entra ID.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.</maml:para> <maml:para>- Application Administrator</maml:para> <maml:para>- Application Developer</maml:para> <maml:para>- Cloud Application Administrator</maml:para> <maml:para>- Directory Writers</maml:para> <maml:para>- Privileged Role Administrator</maml:para> <maml:para>- User Administrator</maml:para> <maml:para>- Directory Readers</maml:para> <maml:para>- Global Reader</maml:para> <maml:para>- Guest Inviter</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserOAuth2PermissionGrant</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UPN or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UPN or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Retrieve the OAuth2 permission grants for a user -</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' $UserId = (Get-EntraUser -Top 1).ObjectId Get-EntraUserOAuth2PermissionGrant -ObjectId $UserId</dev:code> <dev:remarks> <maml:para>This example retrieves the OAuth2 permission grants for a user using the ObjectId parameter. Use the `Get-EntraBetaUser` cmdlet to obtain the `ObjectId` value.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Retrieve the OAuth2 permission grants for a user using object ID parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraUserOAuth2PermissionGrant -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Id ClientId ConsentType PrincipalId ResourceId -- -------- ----------- ----------- ---------- C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 Principal aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 11112222-bbbb-3333-cccc-4444dddd5555 Principal aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1</dev:code> <dev:remarks> <maml:para>This example retrieve the OAuth2 permission grants for a user using object ID parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Retrieve the OAuth2 permission grants for a user using All parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.Read.All' Get-EntraUserOAuth2PermissionGrant -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All Id ClientId ConsentType PrincipalId ResourceId -- -------- ----------- ----------- ---------- C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w 00001111-aaaa-2222-bbbb-3333cccc4444 Principal aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 E3fH4iJ5kL6mN7oP8qR9sT0uV1wX2y 11112222-bbbb-3333-cccc-4444dddd5555 Principal aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1</dev:code> <dev:remarks> <maml:para>This Example Retrieve the OAuth2 permission grants for a user using All parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserOAuth2PermissionGrant</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserOwnedDevice</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserOwnedDevice</command:noun> <maml:description> <maml:para>Get registered devices owned by a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserOwnedDevice cmdlet gets registered devices owned by the specified user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserOwnedDevice</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Get devices owned by a user ------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserOwnedDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' ObjectId DeviceId DisplayName -------- -------- ----------- cccccccc-2222-3333-4444-dddddddddddd aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Device1 dddddddd-3333-4444-5555-eeeeeeeeeeee aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Device2</dev:code> <dev:remarks> <maml:para>This command gets the registered devices owned by the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Get all devices owned by a user ----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserOwnedDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All ObjectId DeviceId DisplayName -------- -------- ----------- cccccccc-2222-3333-4444-dddddddddddd aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Device1 dddddddd-3333-4444-5555-eeeeeeeeeeee aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Device2</dev:code> <dev:remarks> <maml:para>This command gets all the registered devices owned by the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 3: Get top one device owned by a user --------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserOwnedDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 1 ObjectId DeviceId DisplayName -------- -------- ----------- cccccccc-2222-3333-4444-dddddddddddd aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Device1</dev:code> <dev:remarks> <maml:para>This command gets top one registered device owned by the specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserOwnedDevice</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserOwnedObject</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserOwnedObject</command:noun> <maml:description> <maml:para>Get objects owned by a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserOwnedObject cmdlet gets objects owned by a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserOwnedObject</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies the maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Get objects owned by a user ------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserOwnedObject -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' ObjectId ObjectType -------- ---------- bbbbbbbb-1111-2222-3333-cccccccccccc Group cccccccc-2222-3333-4444-dddddddddddd Group dddddddd-3333-4444-5555-eeeeeeeeeeee Group eeeeeeee-4444-5555-6666-ffffffffffff Group ffffffff-5555-6666-7777-aaaaaaaaaaaa Group aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb Group bbbbbbbb-7777-8888-9999-cccccccccccc Application cccccccc-8888-9999-0000-dddddddddddd Group</dev:code> <dev:remarks> <maml:para>This command gets objects owned by the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Get all objects owned by a user ----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserOwnedObject -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All ObjectId ObjectType -------- ---------- bbbbbbbb-1111-2222-3333-cccccccccccc Group cccccccc-2222-3333-4444-dddddddddddd Group dddddddd-3333-4444-5555-eeeeeeeeeeee Group eeeeeeee-4444-5555-6666-ffffffffffff Group ffffffff-5555-6666-7777-aaaaaaaaaaaa Group aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb Group bbbbbbbb-7777-8888-9999-cccccccccccc Application cccccccc-8888-9999-0000-dddddddddddd Group</dev:code> <dev:remarks> <maml:para>This command gets all the objects owned by the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 3: Get top three objects owned by a user -------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserOwnedObject -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 3 ObjectId ObjectType -------- ---------- ffffffff-5555-6666-7777-aaaaaaaaaaaa Group aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb Group bbbbbbbb-7777-8888-9999-cccccccccccc Application</dev:code> <dev:remarks> <maml:para>This command gets the top three objects owned by the specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserOwnedObject</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserRegisteredDevice</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserRegisteredDevice</command:noun> <maml:description> <maml:para>Get devices registered by a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Get-EntraUserRegisteredDevice cmdlet gets devices registered by a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserRegisteredDevice</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a User Principle Name or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>All</maml:name> <maml:description> <maml:para>List all pages.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a User Principle Name or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Top</maml:name> <maml:description> <maml:para>Specifies The maximum number of records to return.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Get registered devices --------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserRegisteredDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Id DeletedDateTime -- --------------- dddddddd-3333-4444-5555-eeeeeeeeeeee eeeeeeee-4444-5555-6666-ffffffffffff</dev:code> <dev:remarks> <maml:para>This command gets the devices that are registered to the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 2: Get all registered devices ------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserRegisteredDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -All Id DeletedDateTime -- --------------- dddddddd-3333-4444-5555-eeeeeeeeeeee eeeeeeee-4444-5555-6666-ffffffffffff</dev:code> <dev:remarks> <maml:para>This command gets all the devices that are registered to the specified user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 3: Get two registered devices ------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' Get-EntraUserRegisteredDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -Top 2 Id DeletedDateTime -- --------------- dddddddd-3333-4444-5555-eeeeeeeeeeee eeeeeeee-4444-5555-6666-ffffffffffff</dev:code> <dev:remarks> <maml:para>This command gets the top two devices that are registered to the specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserRegisteredDevice</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-EntraUserThumbnailPhoto</command:name> <command:verb>Get</command:verb> <command:noun>EntraUserThumbnailPhoto</command:noun> <maml:description> <maml:para>Retrieve the thumbnail photo of a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Retrieve the thumbnail photo of a user.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-EntraUserThumbnailPhoto</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FileName</maml:name> <maml:description> <maml:para>If specified, a copy of the thumbnail photo is written to the specified file name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>If specified, a copy of the thumbnail photo is written to the specified file path with a random name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the user for which the thumbnail photo is retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>View</maml:name> <maml:description> <maml:para>If true, view the photo on the screen in a new window.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FileName</maml:name> <maml:description> <maml:para>If specified, a copy of the thumbnail photo is written to the specified file name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>If specified, a copy of the thumbnail photo is written to the specified file path with a random name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The object ID of the user for which the thumbnail photo is retrieved.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>View</maml:name> <maml:description> <maml:para>If true, view the photo on the screen in a new window.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Property</maml:name> <maml:description> <maml:para>Specifies properties to be returned</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Boolean</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Retrieve thumbnail photo by Id ----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.Read' #Delegated Permission Connect-Entra -Scopes 'User.Read.All' #Application Permission Get-EntraUserThumbnailPhoto -ObjectId '00aa00aa-bb11-cc22-dd33-44ee44ee44ee' Id Height Width -- ------ ----- default 292 278</dev:code> <dev:remarks> <maml:para>This example demonstrates how to retrieve the thumbnail photo of a specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Get-EntraUserThumbnailPhoto</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserThumbnailPhoto</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraAdministrativeUnit</command:name> <command:verb>New</command:verb> <command:noun>EntraAdministrativeUnit</command:noun> <maml:description> <maml:para>Creates an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraAdministrativeUnit` cmdlet creates an administrative unit in Microsoft Entra ID. Specify `DisplayName` parameter to create an administrative unit.</maml:para> <maml:para>In delegated scenarios, the signed-in user must be assigned a supported Microsoft Entra role or a custom role that includes the `microsoft.directory/administrativeUnits/allProperties/allTasks` permission. The Privileged Role Administrator role is the least privileged role that meets this requirement.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraAdministrativeUnit</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the new administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the new administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the new administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the new administrative unit.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Create an administrative unit -----------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All' New-EntraAdministrativeUnit -DisplayName 'TestAU' DeletedDateTime Id Description DisplayName Visibility --------------- -- ----------- ----------- ---------- bbbbbbbb-1111-2222-3333-cccccccccccc TestAU</dev:code> <dev:remarks> <maml:para>This command creates an administrative unit.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create an administrative unit using '-Description' parameter</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All' $params = @{ DisplayName = 'Pacific Administrative Unit' Description = 'Administrative Unit for Pacific region' } New-EntraAdministrativeUnit @params DeletedDateTime Id Description DisplayName Visibility --------------- -- ----------- ----------- ---------- dddddddd-3333-4444-5555-eeeeeeeeeeee Administrative Unit for Pacific region Pacific Administrative Unit</dev:code> <dev:remarks> <maml:para>This command creates an administrative unit.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraAdministrativeUnit</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplication</command:name> <command:verb>New</command:verb> <command:noun>EntraApplication</command:noun> <maml:description> <maml:para>Creates (registers) a new application object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates (registers) a new application object.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AddIns</maml:name> <maml:description> <maml:para>Defines custom behavior that a consuming service can use to call an app in specific contexts.</maml:para> <maml:para>For example, applications that can render file streams might set the addIns property for its "FileHandler" functionality.</maml:para> <maml:para>This lets services like Office 365 call the application in the context of a document the user is working on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AddIn]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AddIn]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Api</maml:name> <maml:description> <maml:para>Specifies settings for an application that implements a web API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApiApplication</command:parameterValue> <dev:type> <maml:name>ApiApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoles</maml:name> <maml:description> <maml:para>The collection of application roles that an application might declare. These roles can be assigned to users, groups, or service principals.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupMembershipClaims</maml:name> <maml:description> <maml:para>Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentifierUris</maml:name> <maml:description> <maml:para>User-defined URIs that uniquely identify a Web application within its Microsoft Entra ID tenant, or within a verified custom domain (see "Domains" tab in the Azure classic portal) if the application is multitenant.</maml:para> <maml:para>The first element is populated from the Web application's "APP ID URI" field if updated via the Azure classic portal (or respective Microsoft Entra ID PowerShell cmdlet parameter).</maml:para> <maml:para>Extra URIs can be added via the application manifest; see Understanding the Microsoft Entra ID Application Manifest for details.</maml:para> <maml:para>This collection is also used to populate the Web application's servicePrincipalNames collection.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InformationalUrl</maml:name> <maml:description> <maml:para>Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs.</maml:para> <maml:para>The terms of service and privacy statement are surfaced to users through the user consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InformationalUrl</command:parameterValue> <dev:type> <maml:name>InformationalUrl</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDeviceOnlyAuthSupported</maml:name> <maml:description> <maml:para>Specifies if the application supports authentication using a device token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsFallbackPublicClient</maml:name> <maml:description> <maml:para>Specifies the fallback application type as public client, such as an installed application running on a mobile device.</maml:para> <maml:para>The default value is false that means the fallback application type is confidential client such as web app.</maml:para> <maml:para>There are certain scenarios where Microsoft Entra ID can't determine the client application type (for example, ROPC flow where it's configured without specifying a redirect URI).</maml:para> <maml:para>In those cases Microsoft Entra ID interprets the application type based on the value of this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>The collection of key credentials associated with the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OptionalClaims</maml:name> <maml:description> <maml:para>Application developers can configure optional claims in their Microsoft Entra ID apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">OptionalClaims</command:parameterValue> <dev:type> <maml:name>OptionalClaims</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ParentalControlSettings</maml:name> <maml:description> <maml:para>Specifies parental control settings for an application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ParentalControlSettings</command:parameterValue> <dev:type> <maml:name>ParentalControlSettings</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>The collection of password credentials associated with the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicClient</maml:name> <maml:description> <maml:para>Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.</maml:para> <maml:para>Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PublicClientApplication</command:parameterValue> <dev:type> <maml:name>PublicClientApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RequiredResourceAccess</maml:name> <maml:description> <maml:para>Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources.</maml:para> <maml:para>This preconfiguration of required resource access drives the consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInAudience</maml:name> <maml:description> <maml:para>Specifies what Microsoft accounts are supported for the current application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Custom strings that can be used to categorize and identify the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TokenEncryptionKeyId</maml:name> <maml:description> <maml:para>Specifies the keyId of a public key from the keyCredentials collection.</maml:para> <maml:para>When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to.</maml:para> <maml:para>The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Web</maml:name> <maml:description> <maml:para>Specifies settings for a web application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">WebApplication</command:parameterValue> <dev:type> <maml:name>WebApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AddIns</maml:name> <maml:description> <maml:para>Defines custom behavior that a consuming service can use to call an app in specific contexts.</maml:para> <maml:para>For example, applications that can render file streams might set the addIns property for its "FileHandler" functionality.</maml:para> <maml:para>This lets services like Office 365 call the application in the context of a document the user is working on.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AddIn]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AddIn]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Api</maml:name> <maml:description> <maml:para>Specifies settings for an application that implements a web API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApiApplication</command:parameterValue> <dev:type> <maml:name>ApiApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoles</maml:name> <maml:description> <maml:para>The collection of application roles that an application might declare. These roles can be assigned to users, groups, or service principals.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupMembershipClaims</maml:name> <maml:description> <maml:para>Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentifierUris</maml:name> <maml:description> <maml:para>User-defined URIs that uniquely identify a Web application within its Microsoft Entra ID tenant, or within a verified custom domain (see "Domains" tab in the Azure classic portal) if the application is multitenant.</maml:para> <maml:para>The first element is populated from the Web application's "APP ID URI" field if updated via the Azure classic portal (or respective Microsoft Entra ID PowerShell cmdlet parameter).</maml:para> <maml:para>Extra URIs can be added via the application manifest; see Understanding the Microsoft Entra ID Application Manifest for details.</maml:para> <maml:para>This collection is also used to populate the Web application's servicePrincipalNames collection.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InformationalUrl</maml:name> <maml:description> <maml:para>Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs.</maml:para> <maml:para>The terms of service and privacy statement are surfaced to users through the user consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InformationalUrl</command:parameterValue> <dev:type> <maml:name>InformationalUrl</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDeviceOnlyAuthSupported</maml:name> <maml:description> <maml:para>Specifies if the application supports authentication using a device token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsFallbackPublicClient</maml:name> <maml:description> <maml:para>Specifies the fallback application type as public client, such as an installed application running on a mobile device.</maml:para> <maml:para>The default value is false that means the fallback application type is confidential client such as web app.</maml:para> <maml:para>There are certain scenarios where Microsoft Entra ID can't determine the client application type (for example, ROPC flow where it's configured without specifying a redirect URI).</maml:para> <maml:para>In those cases Microsoft Entra ID interprets the application type based on the value of this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>The collection of key credentials associated with the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OptionalClaims</maml:name> <maml:description> <maml:para>Application developers can configure optional claims in their Microsoft Entra ID apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">OptionalClaims</command:parameterValue> <dev:type> <maml:name>OptionalClaims</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ParentalControlSettings</maml:name> <maml:description> <maml:para>Specifies parental control settings for an application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ParentalControlSettings</command:parameterValue> <dev:type> <maml:name>ParentalControlSettings</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>The collection of password credentials associated with the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicClient</maml:name> <maml:description> <maml:para>Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.</maml:para> <maml:para>Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PublicClientApplication</command:parameterValue> <dev:type> <maml:name>PublicClientApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RequiredResourceAccess</maml:name> <maml:description> <maml:para>Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources.</maml:para> <maml:para>This preconfiguration of required resource access drives the consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInAudience</maml:name> <maml:description> <maml:para>Specifies what Microsoft accounts are supported for the current application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Custom strings that can be used to categorize and identify the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TokenEncryptionKeyId</maml:name> <maml:description> <maml:para>Specifies the keyId of a public key from the keyCredentials collection.</maml:para> <maml:para>When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to.</maml:para> <maml:para>The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Web</maml:name> <maml:description> <maml:para>Specifies settings for a web application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">WebApplication</command:parameterValue> <dev:type> <maml:name>WebApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>Boolean</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.ApiApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.InformationalUrl</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.OptionalClaims</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.ParentalControlSettings</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.PublicClientApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.WebApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.Add-in]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System. Nullable`1[System.Boolean]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.MsApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- See more details - <https://learn.microsoft.com/graph/api/application-post-applications></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Create an application ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission New-EntraApplication -DisplayName 'My new application' DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- My new application dddd3333-ee44-5555-66ff-777777aaaaaa 22223333-cccc-4444-dddd-5555eeee6666 AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This command creates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create an application using IdentifierUris parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission New-EntraApplication -DisplayName 'My new application' -IdentifierUris 'https://mynewapp.contoso.com' DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- My new application dddd3333-ee44-5555-66ff-777777aaaaaa 22223333-cccc-4444-dddd-5555eeee6666 AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This command creates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 3: Create an application using AddIns parameter ---</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $addin = New-Object Microsoft.Open.MSGraph.Model.AddIn $addin.Type = 'testtype' $addinproperties = New-Object System.collections.Generic.List[Microsoft.Open.MSGraph.Model.KeyValue] $addinproperties.Add([Microsoft.Open.MSGraph.Model.KeyValue]@{ Key = "key"; Value = "value" }) $addin.Properties = $addinproperties New-EntraApplication -DisplayName 'My new application' -AddIns $addin DisplayName Id AppId SignInAudience PublisherDomain ----------- -- ----- -------------- --------------- My new application dddd3333-ee44-5555-66ff-777777aaaaaa 22223333-cccc-4444-dddd-5555eeee6666 AzureADMyOrg contoso.com</dev:code> <dev:remarks> <maml:para>This command creates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplication</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationExtensionProperty</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationExtensionProperty</command:noun> <maml:description> <maml:para>Creates an application extension property.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraApplicationExtensionProperty` cmdlet creates an application extension property for an object in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationExtensionProperty</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DataType</maml:name> <maml:description> <maml:para>Specifies the data type of the value the extension property can hold. Following values are supported.</maml:para> <maml:para>- Binary - 256 bytes maximum</maml:para> <maml:para>- Boolean</maml:para> <maml:para>- DateTime - Must be specified in ISO 8601 format. Will be stored in UTC.</maml:para> <maml:para>- Integer - 32-bit value.</maml:para> <maml:para>- LargeInteger - 64-bit value.</maml:para> <maml:para>- String - 256 characters maximum</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Name of the extension property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TargetObjects</maml:name> <maml:description> <maml:para>Specifies the Microsoft Graph resources that can use the extension property. All values must be in PascalCase. The following values are supported.</maml:para> <maml:para>- User</maml:para> <maml:para>- Group</maml:para> <maml:para>- AdministrativeUnit</maml:para> <maml:para>- Application</maml:para> <maml:para>- Device</maml:para> <maml:para>- Organization</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DataType</maml:name> <maml:description> <maml:para>Specifies the data type of the value the extension property can hold. Following values are supported.</maml:para> <maml:para>- Binary - 256 bytes maximum</maml:para> <maml:para>- Boolean</maml:para> <maml:para>- DateTime - Must be specified in ISO 8601 format. Will be stored in UTC.</maml:para> <maml:para>- Integer - 32-bit value.</maml:para> <maml:para>- LargeInteger - 64-bit value.</maml:para> <maml:para>- String - 256 characters maximum</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Name of the extension property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TargetObjects</maml:name> <maml:description> <maml:para>Specifies the Microsoft Graph resources that can use the extension property. All values must be in PascalCase. The following values are supported.</maml:para> <maml:para>- User</maml:para> <maml:para>- Group</maml:para> <maml:para>- AdministrativeUnit</maml:para> <maml:para>- Application</maml:para> <maml:para>- Device</maml:para> <maml:para>- Organization</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Create an extension property -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectID = '11112222-bbbb-3333-cccc-4444dddd5555' Name = 'NewAttribute' } New-EntraApplicationExtensionProperty @params DeletedDateTime Id AppDisplayName DataType IsSyncedFromOnPremises Name TargetObjects --------------- -- -------------- -------- ---------------------- ---- ------------- 11112222-bbbb-3333-cccc-4444dddd5555 My new test app String False extension_11112222-bbbb-3333-cccc-4444dddd5555_NewAttribute {}</dev:code> <dev:remarks> <maml:para>This command creates an application extension property of the string type for the specified object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create an extension property with data type parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectID = '11112222-bbbb-3333-cccc-4444dddd5555' Name = 'NewAttribute' DataType = 'Boolean' } New-EntraApplicationExtensionProperty @params DeletedDateTime Id AppDisplayName DataType IsSyncedFromOnPremises Name TargetObjects --------------- -- -------------- -------- ---------------------- ---- ------------- 11112222-bbbb-3333-cccc-4444dddd5555 My new test app Boolean False extension_11112222-bbbb-3333-cccc-4444dddd5555_NewAttribute {}</dev:code> <dev:remarks> <maml:para>This command creates an application extension property of the specified data type for the specified object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Create an extension property with targets parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $targets = New-Object System.Collections.Generic.List[System.String] $targets.Add('User') $params = @{ ObjectID = '11112222-bbbb-3333-cccc-4444dddd5555' Name = 'NewAttribute' TargetObjects = $targets } New-EntraApplicationExtensionProperty @params DeletedDateTime Id AppDisplayName DataType IsSyncedFromOnPremises Name TargetObjects --------------- -- -------------- -------- ---------------------- ---- ------------- 11112222-bbbb-3333-cccc-4444dddd5555 My new test app String False extension_11112222-bbbb-3333-cccc-4444dddd5555_NewAttribute {User}</dev:code> <dev:remarks> <maml:para>The example shows how to create an application extension property with the specified target objects for the specified object.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationExtensionProperty</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationKey</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationKey</command:noun> <maml:description> <maml:para>Adds a new key to an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Adds a new key to an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredential</maml:name> <maml:description> <maml:para>The application key credential to add.</maml:para> <maml:para>NOTES: keyId value should be null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyCredential</command:parameterValue> <dev:type> <maml:name>KeyCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the object specific Microsoft Entra ID object</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredential</maml:name> <maml:description> <maml:para>The application password credential to add.</maml:para> <maml:para>NOTES: keyId value should be null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordCredential</command:parameterValue> <dev:type> <maml:name>PasswordCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Proof</maml:name> <maml:description> <maml:para>A signed JWT token used as a proof of possession of the existing keys.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredential</maml:name> <maml:description> <maml:para>The application key credential to add.</maml:para> <maml:para>NOTES: keyId value should be null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyCredential</command:parameterValue> <dev:type> <maml:name>KeyCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the object specific Microsoft Entra ID object</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredential</maml:name> <maml:description> <maml:para>The application password credential to add.</maml:para> <maml:para>NOTES: keyId value should be null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordCredential</command:parameterValue> <dev:type> <maml:name>PasswordCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Proof</maml:name> <maml:description> <maml:para>A signed JWT token used as a proof of possession of the existing keys.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.KeyCredential</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.PasswordCredential</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.KeyCredential</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Add a key credential to an application ------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = 'cccccccc-8888-9999-0000-dddddddddddd' KeyCredential = @{ key=[System.Convert]::FromBase64String("{base64cert}") } PasswordCredential = @{ DisplayName = 'mypassword' } Proof = "{token}" } New-EntraApplicationKey @params</dev:code> <dev:remarks> <maml:para>This command adds a key credential the specified application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationKey</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationKeyCredential</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationKeyCredential</command:noun> <maml:description> <maml:para>Creates a key credential for an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraApplicationKeyCredential` cmdlet creates a key credential for an application.</maml:para> <maml:para>An application can use this command along with `Remove-EntraApplicationKeyCredential` to automate the rolling of its expiring keys.</maml:para> <maml:para>As part of the request validation, proof of possession of an existing key is verified before the action can be performed.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationKeyCredential</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CustomKeyIdentifier</maml:name> <maml:description> <maml:para>Specifies a custom key ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes invalid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes valid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyType</command:parameterValue> <dev:type> <maml:name>KeyType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Usage</maml:name> <maml:description> <maml:para>Specifies the key usage.</maml:para> <maml:para>- `AsymmetricX509Cert`: The usage must be `Verify`.</maml:para> <maml:para>- `X509CertAndPassword`: The usage must be `Sign`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyUsage</command:parameterValue> <dev:type> <maml:name>KeyUsage</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Value</maml:name> <maml:description> <maml:para>Specifies the value for the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CustomKeyIdentifier</maml:name> <maml:description> <maml:para>Specifies a custom key ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes invalid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes valid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyType</command:parameterValue> <dev:type> <maml:name>KeyType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Usage</maml:name> <maml:description> <maml:para>Specifies the key usage.</maml:para> <maml:para>- `AsymmetricX509Cert`: The usage must be `Verify`.</maml:para> <maml:para>- `X509CertAndPassword`: The usage must be `Sign`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyUsage</command:parameterValue> <dev:type> <maml:name>KeyUsage</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Value</maml:name> <maml:description> <maml:para>Specifies the value for the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Create a new application key credential ------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $AppId = (Get-EntraApplication -Top 1).Objectid $params = @{ ObjectId = $AppId CustomKeyIdentifier = 'EntraPowerShellKey' StartDate = '11/7/2016' Type = 'Symmetric' Usage = 'Sign' Value = '<my-value>' } New-EntraApplicationKeyCredential @params CustomKeyIdentifier : {84, 101, 115, 116} EndDate : 11/7/2017 12:00:00 AM KeyId : aaaaaaaa-0b0b-1c1c-2d2d-333333333333 StartDate : 11/7/2016 12:00:00 AM Type : Symmetric Usage : Sign Value : {49, 50, 51}</dev:code> <dev:remarks> <maml:para>This example shows how to create an application key credential.</maml:para> <maml:para>You can use the `Get-EntraApplication` cmdlet to retrieve the application Object ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Use a certificate to add an application key credential</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 #create a new certificate object $cer.Import('C:\Users\PFuller\Desktop\abc.cer') $bin = $cer.GetRawCertData() $base64Value = [System.Convert]::ToBase64String($bin) $bin = $cer.GetCertHash() $base64Thumbprint = [System.Convert]::ToBase64String($bin) $keyid = [System.Guid]::NewGuid().ToString() $params = @{ ObjectId = '22223333-cccc-4444-dddd-5555eeee6666' CustomKeyIdentifier = $base64Thumbprint Type = 'AsymmetricX509Cert' Usage = 'Verify' Value = $base64Value StartDate = $cer.GetEffectiveDateString() EndDate = $cer.GetExpirationDateString() } New-EntraApplicationKeyCredential @params</dev:code> <dev:remarks> <maml:para>This example shows how to create an application key credential.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationKeyCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationPassword</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationPassword</command:noun> <maml:description> <maml:para>Adds a strong password to an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Adds a strong password to an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the object specific Microsoft Entra ID object</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredential</maml:name> <maml:description> <maml:para>Represents a password credential associated with an application or a service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordCredential</command:parameterValue> <dev:type> <maml:name>PasswordCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the object specific Microsoft Entra ID object</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredential</maml:name> <maml:description> <maml:para>Represents a password credential associated with an application or a service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordCredential</command:parameterValue> <dev:type> <maml:name>PasswordCredential</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.PasswordCredential</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Add a password to an application ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' PasswordCredential = @{ displayname = 'mypassword' } } New-EntraApplicationPassword @params CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- mypassword 10/28/2021 3:57:37 PM EQ: bbbbbbbb-1c1c-2d2d-3e3e-444444444444 <my-secret-text> 10/28/2019 3:57:37 PM</dev:code> <dev:remarks> <maml:para>This command adds a password to the specified application.</maml:para> <maml:para>The secretText property in the response object contains the strong passwords/secrets generated by Microsoft Entra ID that are 16-64 characters in length. </maml:para> <maml:para>There is no way to retrieve this password in the future.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationPassword</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationPassword</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationPasswordCredential</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationPasswordCredential</command:noun> <maml:description> <maml:para>Creates a password credential for an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraApplicationPasswordCredential` cmdlet creates a password credential for an application in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationPasswordCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CustomKeyIdentifier</maml:name> <maml:description> <maml:para>A unique binary identifier.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>The date and time at which the password becomes valid.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>The date and time at which the password expires.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CustomKeyIdentifier</maml:name> <maml:description> <maml:para>A unique binary identifier.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>The date and time at which the password becomes valid.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>The date and time at which the password expires.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Create a password credential -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "displayName eq '<displayName>'" New-EntraApplicationPasswordCredential -ObjectId $application.Id CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 3/21/2026 9:48:40 AM n34 tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 3/21/2024 9:48:40 AM</dev:code> <dev:remarks> <maml:para>This command creates new password credential for specified application.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create a password credential using CustomKeyIdentifier parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "displayName eq '<displayName>'" $params = @{ ObjectId = $application.Id CustomKeyIdentifier = '<userfriendlyDisplayName>' } New-EntraApplicationPasswordCredential @params CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 100 101 109 111 demo 8/2/2026 11:47:53 AM 8Mw tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 8/2/2024 11:47:53 AM</dev:code> <dev:remarks> <maml:para>This command creates new password credential for specified application.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a user.</maml:para> <maml:para>- `-CustomKeyIdentifier` Speicifies unique binary identifier.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Create a password credential using StartDate parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "displayName eq '<displayName>'" $params = @{ ObjectId = $application.Id StartDate = (Get-Date).AddYears(0) CustomKeyIdentifier = '<userfriendlyDisplayName>' } New-EntraApplicationPasswordCredential @params CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 3/21/2026 9:48:40 AM n34 tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 3/21/2024 9:48:40 AM</dev:code> <dev:remarks> <maml:para>This command creates new password credential for specified application.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a user.</maml:para> <maml:para>- `-StartDate` Speicifies the date and time at which the password becomes valid.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Create a password credential using EndDate parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "displayName eq '<displayName>'" $params = @{ ObjectId = $application.Id EndDate = (Get-Date).AddYears(2) CustomKeyIdentifier = '<userfriendlyDisplayName>' } New-EntraApplicationPasswordCredential @params CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 3/21/2026 9:48:40 AM n34 tttttttt-0000-2222-0000-aaaaaaaaaaaa wbBNW8kCuiPjNRg9NX98W_aaaaaaa 3/21/2024 9:48:40 AM</dev:code> <dev:remarks> <maml:para>This command creates new password credential for specified application.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of a user.</maml:para> <maml:para>- `-EndDate` Speicifies The date and time at which the password expires.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationPasswordCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationProxyApplication</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationProxyApplication</command:noun> <maml:description> <maml:para>The New-EntraApplicationProxyApplication cmdlet creates a new application configured for Application Proxy in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraApplicationProxyApplication cmdlet creates a new application configured for Application Proxy in Microsoft Entra ID. To ensure this application is usable, also make sure you assign users and configure SSO if needed. Without specifying a ConnectorGroupId, this application by default uses the Default connector group in your tenant.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationProxyApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ApplicationServerTimeout</maml:name> <maml:description> <maml:para>Set this value to Long only if your application is slow to authenticate and connect.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">Default</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Long</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ApplicationServerTimeoutEnum</command:parameterValue> <dev:type> <maml:name>ApplicationServerTimeoutEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConnectorGroupId</maml:name> <maml:description> <maml:para>Provide the Id of the Connector group you would like assigned to this application. You can find this value by using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command. Connectors process the remote access to your application, and connector groups help you organize connectors and apps by region, network, or purpose. If you don't have any connector groups created yet, your app is assigned to Default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>The display name of the new Application</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalAuthenticationType</maml:name> <maml:description> <maml:para>How Application Proxy verifies users before giving them access to your application. AadPreAuthentication: Application Proxy redirects users to sign in with Microsoft Entra ID, which authenticates their permissions for the directory and application. We recommend keeping this option as the default, so that you can take advantage of Microsoft Entra ID security features like conditional access and multifactor authentication. Pass through: Users don't have to authenticate against Microsoft Entra ID to access the application. You can still set up authentication requirements on the backend.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">AadPreAuthentication</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">Passthru</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">ExternalAuthenticationTypeEnum</command:parameterValue> <dev:type> <maml:name>ExternalAuthenticationTypeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalUrl</maml:name> <maml:description> <maml:para>The address your users go to in order to access the app from outside your network.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>InternalUrl</maml:name> <maml:description> <maml:para>The URL that you use to access the application from inside your private network. You can provide a specific path on the backend server to publish, while the rest of the server is unpublished. In this way, you can publish different sites on the same server as different apps, and give each one its own name and access rules. If you publish a path, make sure that it includes all the necessary images, scripts, and style sheets for your application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateHostHeaderEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in headers. Keep this value true unless your application required the original host header in the authentication request.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateLinksInBodyEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in body. Keep this value as No unless your hardcode HTML links to other on-premises applications, and don't use custom domains.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsHttpOnlyCookieEnabled</maml:name> <maml:description> <maml:para>Yes allows application proxy to include the HTTPOnly flag in HTTP response headers. This flag provides extra security benefits, for example, it prevents client-side scripting (CSS) from copying or modifying the cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsPersistentCookieEnabled</maml:name> <maml:description> <maml:para>Yes allows application proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsSecureCookieEnabled</maml:name> <maml:description> <maml:para>Yes allows application proxy to include the Secure flag in HTTP response headers. Secure Cookies enhances security by transmitting cookies over a TLS secured channel such as HTTPS. TLS prevents cookie transmission in clear text.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ApplicationServerTimeout</maml:name> <maml:description> <maml:para>Set this value to Long only if your application is slow to authenticate and connect.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApplicationServerTimeoutEnum</command:parameterValue> <dev:type> <maml:name>ApplicationServerTimeoutEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConnectorGroupId</maml:name> <maml:description> <maml:para>Provide the Id of the Connector group you would like assigned to this application. You can find this value by using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command. Connectors process the remote access to your application, and connector groups help you organize connectors and apps by region, network, or purpose. If you don't have any connector groups created yet, your app is assigned to Default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>The display name of the new Application</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalAuthenticationType</maml:name> <maml:description> <maml:para>How Application Proxy verifies users before giving them access to your application. AadPreAuthentication: Application Proxy redirects users to sign in with Microsoft Entra ID, which authenticates their permissions for the directory and application. We recommend keeping this option as the default, so that you can take advantage of Microsoft Entra ID security features like conditional access and multifactor authentication. Pass through: Users don't have to authenticate against Microsoft Entra ID to access the application. You can still set up authentication requirements on the backend.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ExternalAuthenticationTypeEnum</command:parameterValue> <dev:type> <maml:name>ExternalAuthenticationTypeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalUrl</maml:name> <maml:description> <maml:para>The address your users go to in order to access the app from outside your network.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>InternalUrl</maml:name> <maml:description> <maml:para>The URL that you use to access the application from inside your private network. You can provide a specific path on the backend server to publish, while the rest of the server is unpublished. In this way, you can publish different sites on the same server as different apps, and give each one its own name and access rules. If you publish a path, make sure that it includes all the necessary images, scripts, and style sheets for your application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateHostHeaderEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in headers. Keep this value true unless your application required the original host header in the authentication request.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateLinksInBodyEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in body. Keep this value as No unless your hardcode HTML links to other on-premises applications, and don't use custom domains.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsHttpOnlyCookieEnabled</maml:name> <maml:description> <maml:para>Yes allows application proxy to include the HTTPOnly flag in HTTP response headers. This flag provides extra security benefits, for example, it prevents client-side scripting (CSS) from copying or modifying the cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsPersistentCookieEnabled</maml:name> <maml:description> <maml:para>Yes allows application proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsSecureCookieEnabled</maml:name> <maml:description> <maml:para>Yes allows application proxy to include the Secure flag in HTTP response headers. Secure Cookies enhances security by transmitting cookies over a TLS secured channel such as HTTPS. TLS prevents cookie transmission in clear text.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[Microsoft.Open.MSGraph.Model.ApplicationProxyApplicationObject+ExternalAuthenticationTypeEnum, Microsoft.Open.MS.GraphV10.Client, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null]] System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[Microsoft.Open.MSGraph.Model.ApplicationProxyApplicationObject+ApplicationServerTimeoutEnum, Microsoft.Open.MS.GraphV10.Client, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Creating a new application with only the basic required settings, and the default domain for applications.</maml:title> <dev:code>PS C:\> New-EntraApplicationProxyApplication -DisplayName "Finance Tracker" -ExternalUrl "https://finance-awcycles.msappproxy.net/" -InternalUrl "https://finance/" ExternalAuthenticationType : AadPreAuthentication ApplicationServerTimeout : Default ExternalUrl : https://finance-awcycles.msappproxy.net/ InternalUrl : https://finance/ IsTranslateHostHeaderEnabled : True IsTranslateLinksInBodyEnabled : False IsOnPremPublishingEnabled : True VerifiedCustomDomainCertificatesMetadata : VerifiedCustomDomainKeyCredential : VerifiedCustomDomainPasswordCredential : SingleSignOnSettings :</dev:code> <dev:remarks> <maml:para>This command creates a new application with only the basic required settings, and the default domain for applications.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Creating a new application that uses a custom domain and sets several optional flags.</maml:title> <dev:code>PS C:\> New-EntraApplicationProxyApplication -DisplayName "HR Resources" -ExternalUrl "https://hr.adventure-works.com/" -InternalUrl "https://hr.adventure-works.com/" -ApplicationServerTimeout Long ExternalAuthenticationType : AadPreAuthentication ApplicationServerTimeout : Long ExternalUrl : https://hr.adventure-works.com/ InternalUrl : https://hr.adventure-works.com/ IsTranslateHostHeaderEnabled : True IsTranslateLinksInBodyEnabled : False IsOnPremPublishingEnabled : True VerifiedCustomDomainCertificatesMetadata : class OnPremisesPublishingVerifiedCustomDomainCertificatesMetadataObject { Thumbprint: [XXXXX] SubjectName: [XXXXX] Issuer: IssueDate: 11/9/2017 5:54:29 ExpiryDate: 11/9/2019 5:54:29 } VerifiedCustomDomainKeyCredential : VerifiedCustomDomainPasswordCredential : SingleSignOnSettings :</dev:code> <dev:remarks> <maml:para>This command creates a new application that uses a custom domain and sets several optional flags.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationProxyApplication</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraApplicationProxyConnectorGroup</command:name> <command:verb>New</command:verb> <command:noun>EntraApplicationProxyConnectorGroup</command:noun> <maml:description> <maml:para>The New-EntraApplicationProxyConnectorGroup cmdlet creates a new Application Proxy Connector group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraApplicationProxyConnectorGroup cmdlet creates a new Application Proxy connector group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraApplicationProxyConnectorGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The name of the new Connector Group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Name</command:parameterValue> <dev:type> <maml:name>Name</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The name of the new Connector Group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Name</command:parameterValue> <dev:type> <maml:name>Name</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.Name</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Create a new Connector Group -----------</maml:title> <dev:code>PS C:\> New-EntraApplicationProxyConnectorGroup -Name "Backup Application Servers" Id Name ConnectorGroupType IsDefault -- ---- ------------------ --------- d533d7b1-fd92-49e8-a200-3e7dcf7c2ab5 Backup Application Servers applicationProxy False</dev:code> <dev:remarks> <maml:para>This example demonstrated how to create a new Connector Group with the name "Backup Application Servers"</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraApplicationProxyConnectorGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraAttributeSet</command:name> <command:verb>New</command:verb> <command:noun>EntraAttributeSet</command:noun> <maml:description> <maml:para>Adds a new attribute set.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraAttributeSet` cmdlet creates a new attribute set object in Microsoft Entra ID.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission.</maml:para> <maml:para>Note: Only the Attribute Definition Administrator role is supported for this operation. Ensure the user is assigned this role.</maml:para> <maml:para>By default, Global Administrator and other administrator roles can't read, define, or assign custom security attributes.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraAttributeSet</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Description of the attribute set, up to 128 Unicode characters. This can be changed later.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Name of the attribute set. Unique identifier for the attribute set within a tenant, up to 32 Unicode characters. It can't contain spaces or special characters, is case sensitive, and can't be changed later. Required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MaxAttributesPerSet</maml:name> <maml:description> <maml:para>Maximum number of custom security attributes for this set. Default is null. If not specified, up to 500 active attributes per tenant can be added. This can be changed later. Optional.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Description of the attribute set, up to 128 Unicode characters. This can be changed later.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Name of the attribute set. Unique identifier for the attribute set within a tenant, up to 32 Unicode characters. It can't contain spaces or special characters, is case sensitive, and can't be changed later. Required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MaxAttributesPerSet</maml:name> <maml:description> <maml:para>Maximum number of custom security attributes for this set. Default is null. If not specified, up to 500 active attributes per tenant can be added. This can be changed later. Optional.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example: Add a single attribute set -------------</maml:title> <dev:code>Connect-Entra -Scopes 'CustomSecAttributeDefinition.ReadWrite.All' $params = @{ Id = 'NewCustomAttributeSet' Description = 'Attributes for engineering team' MaxAttributesPerSet = 10 } New-EntraAttributeSet @params Id Description MaxAttributesPerSet -- ----------- ------------------- NewCustomAttributeSet Attributes for engineering team 10</dev:code> <dev:remarks> <maml:para>This example adds a single attribute set.</maml:para> <maml:para>- Attribute set: `NewCustomAttributeSet`</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraAttributeSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAttributeSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraAttributeSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraConditionalAccessPolicy</command:name> <command:verb>New</command:verb> <command:noun>EntraConditionalAccessPolicy</command:noun> <maml:description> <maml:para>Creates a new conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to create new conditional access policy in Microsoft Entra ID.</maml:para> <maml:para>Conditional access policies are custom rules that define an access scenario.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraConditionalAccessPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the enabled or disabled state of the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Conditions</maml:name> <maml:description> <maml:para>Specifies the conditions for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessConditionSet</command:parameterValue> <dev:type> <maml:name>ConditionalAccessConditionSet</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GrantControls</maml:name> <maml:description> <maml:para>Specifies the controls for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessGrantControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessGrantControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the policy id of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SessionControls</maml:name> <maml:description> <maml:para>Enables limited experiences within specific cloud applications.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessSessionControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessSessionControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the enabled or disabled state of the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Conditions</maml:name> <maml:description> <maml:para>Specifies the conditions for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessConditionSet</command:parameterValue> <dev:type> <maml:name>ConditionalAccessConditionSet</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GrantControls</maml:name> <maml:description> <maml:para>Specifies the controls for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessGrantControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessGrantControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the policy id of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SessionControls</maml:name> <maml:description> <maml:para>Enables limited experiences within specific cloud applications.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessSessionControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessSessionControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Creates a new conditional access policy in Microsoft Entra ID that require MFA to access Exchange Online</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition $conditions.Applications.IncludeApplications = '00000002-0000-0ff1-ce00-000000000000' $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition $conditions.Users.IncludeUsers = 'all' $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls $controls._Operator = 'OR' $controls.BuiltInControls = 'mfa' $params = @{ DisplayName = 'MFA policy' State = 'Enabled' Conditions = $conditions GrantControls = $controls } New-EntraConditionalAccessPolicy @params Id : 5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9 DisplayName : MFA policy CreatedDateTime : 2019-09-26T23:12:16.0792706Z ModifiedDateTime : 2019-09-27T00:12:12.5986473Z State : Enabled</dev:code> <dev:remarks> <maml:para>This command creates a new conditional access policy in Microsoft Entra ID that requires MFA to access Exchange Online.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Creates a new conditional access policy in Microsoft Entra ID that blocks access to Exchange Online from nontrusted regions</maml:title> <dev:code>$conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition $conditions.Applications.IncludeApplications = '00000002-0000-0ff1-ce00-000000000000' $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition $conditions.Users.IncludeUsers = 'all' $conditions.Locations = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessLocationCondition $conditions.Locations.IncludeLocations = '5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9' $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls $controls._Operator = 'OR' $controls.BuiltInControls = 'block' $params = @{ DisplayName = 'MFA policy' State = 'Enabled' Conditions = $conditions GrantControls = $controls } New-EntraConditionalAccessPolicy @params Id : 5eeeeee5-6ff6-7aa7-8bb8-9cccccccccc9 DisplayName : MFA policy CreatedDateTime : 2019-09-26T23:12:16.0792706Z ModifiedDateTime : 2019-09-27T00:12:12.5986473Z State : Enabled</dev:code> <dev:remarks> <maml:para>This command creates a new conditional access policy in Microsoft Entra ID that blocks access to Exchange Online from non-trusted regions.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraConditionalAccessPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraDevice</command:name> <command:verb>New</command:verb> <command:noun>EntraDevice</command:noun> <maml:description> <maml:para>Creates a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraDevice` cmdlet creates a device in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraDevice</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeSecurityIds</maml:name> <maml:description> <maml:para>Specifies alternative security IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ApproximateLastLogonTimeStamp</maml:name> <maml:description> <maml:para>Specifies last sign-in date time.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceId</maml:name> <maml:description> <maml:para>Specifies the ID of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceMetadata</maml:name> <maml:description> <maml:para>The metadata for this device</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceObjectVersion</maml:name> <maml:description> <maml:para>Specifies the object version of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSType</maml:name> <maml:description> <maml:para>Specifies the operating system type of the new device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSVersion</maml:name> <maml:description> <maml:para>Specifies the operating system version of the new device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DevicePhysicalIds</maml:name> <maml:description> <maml:para>Specifies the physical ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceTrustType</maml:name> <maml:description> <maml:para>The trust type for this device</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the new device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsCompliant</maml:name> <maml:description> <maml:para>True if the device complies with Mobile Device Management (MDM) policies; otherwise, false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsManaged</maml:name> <maml:description> <maml:para>True if the device is managed by a Mobile Device Management (MDM) app such as Intune; otherwise, false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ProfileType</maml:name> <maml:description> <maml:para>Specifies profile type of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SystemLabels</maml:name> <maml:description> <maml:para>Specifies labels for the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeSecurityIds</maml:name> <maml:description> <maml:para>Specifies alternative security IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ApproximateLastLogonTimeStamp</maml:name> <maml:description> <maml:para>Specifies last sign-in date time.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceId</maml:name> <maml:description> <maml:para>Specifies the ID of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceMetadata</maml:name> <maml:description> <maml:para>The metadata for this device</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceObjectVersion</maml:name> <maml:description> <maml:para>Specifies the object version of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSType</maml:name> <maml:description> <maml:para>Specifies the operating system type of the new device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSVersion</maml:name> <maml:description> <maml:para>Specifies the operating system version of the new device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DevicePhysicalIds</maml:name> <maml:description> <maml:para>Specifies the physical ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceTrustType</maml:name> <maml:description> <maml:para>The trust type for this device</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the new device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsCompliant</maml:name> <maml:description> <maml:para>True if the device complies with Mobile Device Management (MDM) policies; otherwise, false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsManaged</maml:name> <maml:description> <maml:para>True if the device is managed by a Mobile Device Management (MDM) app such as Intune; otherwise, false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ProfileType</maml:name> <maml:description> <maml:para>Specifies profile type of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SystemLabels</maml:name> <maml:description> <maml:para>Specifies labels for the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Create a device ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission $params = @{ AccountEnabled = $true DisplayName = 'My new device' AlternativeSecurityIds = $altsecid DeviceId = $guid DeviceOSType = 'OS/2' DeviceOSVersion = '9.3' } New-EntraDevice @params ObjectId DeviceId DisplayName -------- -------- ----------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb dddddddd-3333-4444-5555-eeeeeeeeeeee My new device</dev:code> <dev:remarks> <maml:para>This command creates a new device.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraDevice</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraDomain</command:name> <command:verb>New</command:verb> <command:noun>EntraDomain</command:noun> <maml:description> <maml:para>Creates a domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraDomain` cmdlet creates a domain in Microsoft Entra ID.</maml:para> <maml:para>The work or school account needs to belong to at least the Domain Name Administrator role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraDomain</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDefault</maml:name> <maml:description> <maml:para>Indicates whether or not this is the default domain that is used for user creation.</maml:para> <maml:para>There's only one default domain per company.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The fully qualified name of the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SupportedServices</maml:name> <maml:description> <maml:para>The capabilities assigned to the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDefault</maml:name> <maml:description> <maml:para>Indicates whether or not this is the default domain that is used for user creation.</maml:para> <maml:para>There's only one default domain per company.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The fully qualified name of the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SupportedServices</maml:name> <maml:description> <maml:para>The capabilities assigned to the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Create a new Domain ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' New-EntraDomain -Name testingDemo.com Id AuthenticationType AvailabilityStatus IsAdminManaged IsDefault IsInitial IsRoot IsVerified Manufacturer Model PasswordNotificationWindowInDays PasswordValidityPeriodInDays SupportedServices -- ------------------ ------------------ -------------- --------- --------- ------ ---------- ------------ ----- -------------------------------- ---------------------------- ----------------- testingDemo.com Managed True False False False False {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new domain in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create a new Domain with a list of domain capabilities</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' New-EntraDomain -Name testingDemo1.com -SupportedServices @('Email', 'OfficeCommunicationsOnline') Id AuthenticationType AvailabilityStatus IsAdminManaged IsDefault IsInitial IsRoot IsVerified Manufacturer Model PasswordNotificationWindowInDays PasswordValidityPeriodInDays SupportedServices -- ------------------ ------------------ -------------- --------- --------- ------ ---------- ------------ ----- -------------------------------- ---------------------------- ----------------- testingDemo1.com Managed True False False False False {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new domain with the specified services in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Create a new Domain and make if the default new user creation</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' New-EntraDomain -Name testingDemo2.com -IsDefault $True Id AuthenticationType AvailabilityStatus IsAdminManaged IsDefault IsInitial IsRoot IsVerified Manufacturer Model PasswordNotificationWindowInDays PasswordValidityPeriodInDays SupportedServices -- ------------------ ------------------ -------------- --------- --------- ------ ---------- ------------ ----- -------------------------------- ---------------------------- ----------------- testingDemo2.com Managed True False False False False {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new domain in Microsoft Entra ID and marks it as the default to be used for new user creation.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraDomain</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Confirm-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraGroup</command:name> <command:verb>New</command:verb> <command:noun>EntraGroup</command:noun> <maml:description> <maml:para>Creates a Microsoft Entra ID group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraGroup cmdlet creates a Microsoft Entra ID group.</maml:para> <maml:para>For information about creating dynamic groups, see: Using attributes to create advanced rules (/entra/identity/users/groups-dynamic-membership). Notes on permissions: - To create the group with users as owners or members, the app must have at least the `User.Read.All` permission.</maml:para> <maml:para>- To create the group with other service principals as owners or members, the app must have at least the `Application.Read.All` permission.</maml:para> <maml:para>- To create the group with either users or service principals as owners or members, the app must have at least the `Directory.Read.All` permission.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailEnabled</maml:name> <maml:description> <maml:para>Specifies whether this group is mail enabled.</maml:para> <maml:para>Currently, you can't create mail enabled groups in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickname</maml:name> <maml:description> <maml:para>Specifies a mail nickname for the group. If MailEnabled is $False, you must still specify a mail nickname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityEnabled</maml:name> <maml:description> <maml:para>Specifies whether the group is security enabled. For security groups, this value must be $True.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupTypes</maml:name> <maml:description> <maml:para>Specifies that the group is a unified or dynamic group. </maml:para> <maml:para>Notes: </maml:para> <maml:para>- This parameter currently can't be used to create dynamic groups. To create a dynamic group in PowerShell, you must use the Entra module.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Visibility</maml:name> <maml:description> <maml:para>This parameter determines the visibility of the group's content and members list. This parameter can take one of the following values:</maml:para> <maml:para>- Public: Anyone can view the contents of the group.</maml:para> <maml:para>- Private: Only members can view the content of the group.</maml:para> <maml:para>- HiddenMembership: Only members can view the content of the group and only members, owners, Global/Company Administrator, User Administrator, and Helpdesk Administrators can view the members list of the group.</maml:para> <maml:para></maml:para> <maml:para>If no value is provided, the default value is "Public."</maml:para> <maml:para>Notes:</maml:para> <maml:para>- This parameter is only valid for groups that have the groupType set to "Unified."</maml:para> <maml:para>- If a group has this attribute set to "HiddenMembership," it can't be changed later.</maml:para> <maml:para>- Anyone can join a group that has this attribute set to "Public" If the attribute is set to Private or HiddenMembership, only owners can add new members to the group and requests to join the group need approval of the owners.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsAssignableToRole</maml:name> <maml:description> <maml:para>Indicates whether group can be assigned to a role. This property can only be set at the time of group creation and can't be modified on an existing group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailEnabled</maml:name> <maml:description> <maml:para>Specifies whether this group is mail enabled.</maml:para> <maml:para>Currently, you can't create mail enabled groups in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickname</maml:name> <maml:description> <maml:para>Specifies a mail nickname for the group. If MailEnabled is $False, you must still specify a mail nickname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityEnabled</maml:name> <maml:description> <maml:para>Specifies whether the group is security enabled. For security groups, this value must be $True.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupTypes</maml:name> <maml:description> <maml:para>Specifies that the group is a unified or dynamic group. </maml:para> <maml:para>Notes: </maml:para> <maml:para>- This parameter currently can't be used to create dynamic groups. To create a dynamic group in PowerShell, you must use the Entra module.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Visibility</maml:name> <maml:description> <maml:para>This parameter determines the visibility of the group's content and members list. This parameter can take one of the following values:</maml:para> <maml:para>- Public: Anyone can view the contents of the group.</maml:para> <maml:para>- Private: Only members can view the content of the group.</maml:para> <maml:para>- HiddenMembership: Only members can view the content of the group and only members, owners, Global/Company Administrator, User Administrator, and Helpdesk Administrators can view the members list of the group.</maml:para> <maml:para></maml:para> <maml:para>If no value is provided, the default value is "Public."</maml:para> <maml:para>Notes:</maml:para> <maml:para>- This parameter is only valid for groups that have the groupType set to "Unified."</maml:para> <maml:para>- If a group has this attribute set to "HiddenMembership," it can't be changed later.</maml:para> <maml:para>- Anyone can join a group that has this attribute set to "Public" If the attribute is set to Private or HiddenMembership, only owners can add new members to the group and requests to join the group need approval of the owners.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsAssignableToRole</maml:name> <maml:description> <maml:para>Indicates whether group can be assigned to a role. This property can only be set at the time of group creation and can't be modified on an existing group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>This cmdlet is currently in Public Preview. While a cmdlet is in Public Preview, we might make changes to the cmdlet, which could have unexpected effects. We recommend that you don't use this cmdlet in a production environment.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Create a group ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Group.Create' #Application permission New-EntraGroup -DisplayName 'HelpDesk admin group2' -MailEnabled $False -MailNickname 'helpDeskAdminGroup' -SecurityEnabled $True DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- HelpDesk admin group2 bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq helpDeskAdminGroup {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create the new group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Create a group with Description parameter -----</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Group.Create' #Application permission New-EntraGroup -DisplayName 'HelpDesk admin group' -MailEnabled $false -MailNickname 'helpDeskAdminGroup' -SecurityEnabled $true -Description 'Group assignable to role' DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- HelpDesk admin group zzzzzzzz-6666-8888-9999-pppppppppppp helpDeskAdminGroup Group assignable to role {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create the new group with description parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 3: Create a group with IsAssignableToRole parameter -</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Group.Create' #Application permission New-EntraGroup -DisplayName 'HelpDesk admin group2' -Description 'Group assignable to role' -MailEnabled $False -MailNickname 'helpDeskAdminGroup' -SecurityEnabled $True -IsAssignableToRole $True DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- HelpDesk admin group2 vvvvvvvv-8888-9999-0000-jjjjjjjjjjjj helpDeskAdminGroup Group assignable to role {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create the new group with IsAssignableToRole parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4: Create a group with Visibility parameter -----</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Group.Create' #Application Permission New-EntraGroup -DisplayName 'HelpDesk admin group2' -Description 'Group assignable to role' -MailEnabled $False -MailNickname 'helpDeskAdminGroup' -SecurityEnabled $True -Visibility 'Private' DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- HelpDesk admin group2 gggggggg-0000-4444-3333-llllllllllll helpDeskAdminGroup Group assignable to role {}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create the new group with Visibility parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 5: Create a group with GroupTypes parameter -----</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Group.Create' #Application permission New-EntraGroup -DisplayName 'HelpDesk admin group3' -Description 'group des' -MailEnabled $False -MailNickname 'helpDeskAdminGroup1' -SecurityEnabled $True -GroupTypes 'Unified' DisplayName Id MailNickname Description GroupTypes ----------- -- ------------ ----------- ---------- HelpDesk admin group3 xxxxxxxx-8888-5555-9999-bbbbbbbbbbbb helpDeskAdminGroup1 group des {Unified}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create the new group with GroupTypes parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraGroup</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Using attributes to create advanced rules</maml:linkText> <maml:uri>https://azure.microsoft.com/documentation/articles/active-directory-accessmanagement-groups-with-advanced-rules/</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraGroupAppRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraGroupAppRoleAssignment</command:noun> <maml:description> <maml:para>Assign a group of users to an application role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraGroupAppRoleAssignment cmdlet assigns a group of users to an application role in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraGroupAppRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the app role (defined on the resource service principal) to assign.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique identifier of group to which the new app role is to be assigned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the ID of a group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier (ID) for the resource service principal for which the assignment is made. Required on create. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the app role (defined on the resource service principal) to assign.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique identifier of group to which the new app role is to be assigned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the ID of a group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The unique identifier (ID) for the resource service principal for which the assignment is made. Required on create. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Assign a group of users to an application -----</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $appname = 'Box' $spo = Get-EntraServicePrincipal -Filter "Displayname eq '$appname'" $group = Get-EntraGroup -SearchString 'Contoso Team' New-EntraGroupAppRoleAssignment -ObjectId $group.ObjectId -PrincipalId $group.ObjectId -ResourceId $spo.ObjectId -Id $spo.Approles[1].id DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 00000000-0000-0000-0000-000000000000 3/13/2024 4:41:43 AM Contoso Team aaaaaaaa-bbbb-cccc-1111-222222222222 3/13/2024 4:45:00 AM BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 00000000-0000-0000-0000-000000000000 3/13/2024 4:45:00 AM Finance Group bbbbbbbb-cccc-dddd-2222-333333333333</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign a group of users to an application role in Microsoft Entra ID. - `ObjectId`: The ID of the group to which you're assigning the app role.</maml:para> <maml:para>- `PrincipalId`: The ID of the group to which you're assigning the app role.</maml:para> <maml:para>- `ResourceId`: The ID of the resource service Principal, which has defined the app role.</maml:para> <maml:para>- `Id`: The ID of the appRole (defined on the resource service principal) to assign to the group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraGroupAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraGroupLifecyclePolicy</command:name> <command:verb>New</command:verb> <command:noun>EntraGroupLifecyclePolicy</command:noun> <maml:description> <maml:para>Creates a new groupLifecyclePolicy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Creates a new groupLifecyclePolicy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraGroupLifecyclePolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternateNotificationEmails</maml:name> <maml:description> <maml:para>Notification emails for groups that have no owners sent to these email addresses. List of email addresses separated by a ";"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupLifetimeInDays</maml:name> <maml:description> <maml:para>The number of days a group can exist before it needs to be renewed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ManagedGroupTypes</maml:name> <maml:description> <maml:para>This parameter allows the admin to select which office 365 groups the policy applies to. "None" create the policy in a disabled state. "All" apply the policy to every Office 365 group in the tenant. "Selected" allow the admin to choose specific Office 365 groups that the policy applies to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternateNotificationEmails</maml:name> <maml:description> <maml:para>Notification emails for groups that have no owners sent to these email addresses. List of email addresses separated by a ";"</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupLifetimeInDays</maml:name> <maml:description> <maml:para>The number of days a group can exist before it needs to be renewed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ManagedGroupTypes</maml:name> <maml:description> <maml:para>This parameter allows the admin to select which office 365 groups the policy applies to. "None" create the policy in a disabled state. "All" apply the policy to every Office 365 group in the tenant. "Selected" allow the admin to choose specific Office 365 groups that the policy applies to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Creates a new groupLifecyclePolicy --------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All' New-EntraGroupLifecyclePolicy -GroupLifetimeInDays 99 -ManagedGroupTypes 'Selected' -AlternateNotificationEmails 'example@contoso.com' Id AlternateNotificationEmails GroupLifetimeInDays ManagedGroupTypes -- --------------------------- ------------------- ----------------- 3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7 example@contoso.com 99 Selected</dev:code> <dev:remarks> <maml:para>This example creates a new groupLifecyclePolicy setting the group lifetime to 99 days for a selected set of Office 365 groups and sends renewal notification emails to groups that have no owners to 'example@contoso.com'.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraGroupLifecyclePolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraIdentityProvider</command:name> <command:verb>New</command:verb> <command:noun>EntraIdentityProvider</command:noun> <maml:description> <maml:para>This cmdlet is used to configure a new identity provider in the directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to configure an identity provider in the directory.</maml:para> <maml:para>Adding an identity provider will allow users to sign up for or sign into applications secured by Microsoft Entra ID B2C using the identity provider.</maml:para> <maml:para>Configuring an identity provider in your Microsoft Entra ID tenant also enables future B2B guest scenarios.</maml:para> <maml:para>For example, an organization has resources in Office 365 that needs to be shared with a Gmail user. The Gmail user will use their Google account credentials to authenticate and access the documents.</maml:para> <maml:para>The current set of identity providers can be:</maml:para> <maml:para>- Microsoft</maml:para> <maml:para>- Google</maml:para> <maml:para>- Facebook</maml:para> <maml:para>- Amazon</maml:para> <maml:para>- LinkedIn</maml:para> <maml:para></maml:para> <maml:para>The work or school account needs to belong to at least the External Identity Provider Administrator Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraIdentityProvider</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The client identifier for the application, obtained during the application's registration with the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The client secret for the application, obtained during registration with the identity provider, is write-only. A read operation returns ` * *`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The display name of the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>The identity provider type. It must be one of the following values: Microsoft, Google, Facebook, Amazon, or LinkedIn.</maml:para> <maml:para>For a B2B scenario, possible values: Google, Facebook. For a B2C scenario, possible values: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The client identifier for the application, obtained during the application's registration with the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The client secret for the application, obtained during registration with the identity provider, is write-only. A read operation returns ` * *`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The display name of the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>The identity provider type. It must be one of the following values: Microsoft, Google, Facebook, Amazon, or LinkedIn.</maml:para> <maml:para>For a B2B scenario, possible values: Google, Facebook. For a B2C scenario, possible values: Microsoft, Google, Amazon, LinkedIn, Facebook, GitHub, Twitter, Weibo, QQ, WeChat.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Add LinkedIn identity provider ----------</maml:title> <dev:code>Connect-Entra -Scopes 'IdentityProvider.ReadWrite.All' $params = @{ Type = 'LinkedIn' Name = 'LinkedInName' ClientId = 'LinkedInAppClientId' ClientSecret = 'LinkedInAppClientSecret' } New-EntraIdentityProvider @params Id DisplayName -- ----------- LinkedIn-OAUTH LinkedInName</dev:code> <dev:remarks> <maml:para>This example adds a LinkedIn identity provider.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraIdentityProvider</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraIdentityProvider</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraInvitation</command:name> <command:verb>New</command:verb> <command:noun>EntraInvitation</command:noun> <maml:description> <maml:para>This cmdlet is used to invite a new external user to your directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to invite a new external user to your directory.</maml:para> <maml:para>Invitation adds an external user to the organization. When creating a new invitation, you have several options available:</maml:para> <maml:para>- On invitation creation, Microsoft Graph can automatically send an invitation email directly to the invited user, or your app can use the inviteRedeemUrl returned in the response to craft your own invitation (through your communication mechanism of choice) to the invited user. If you decide to have Microsoft Graph send an invitation email automatically, you can specify the content and language of the email by using invitedUserMessageInfo.</maml:para> <maml:para>- When the user is invited, a user entity (of userType Guest) is created and can be used to control access to resources. The invited user has to go through the redemption process to access any resources they have been invited to.</maml:para> <maml:para></maml:para> <maml:para>To reset the redemption status for a guest user, the User.ReadWrite.All permission is the minimum required.</maml:para> <maml:para>For delegated scenarios, the signed-in user must have at least one of the following roles: Guest Inviter, Directory Writers, or User Administrator. Additionally, to reset the redemption status, the signed-in user must have the Helpdesk Administrator or User Administrator role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraInvitation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserDisplayName</maml:name> <maml:description> <maml:para>The display name of the user as it appears in your directory.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserEmailAddress</maml:name> <maml:description> <maml:para>The Email address to which the invitation is sent.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserMessageInfo</maml:name> <maml:description> <maml:para>Addition information to specify how the invitation message is sent.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InvitedUserMessageInfo</command:parameterValue> <dev:type> <maml:name>InvitedUserMessageInfo</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUser</maml:name> <maml:description> <maml:para>An existing user object in the directory that you want to add or update the B2B credentials for.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">User</command:parameterValue> <dev:type> <maml:name>User</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserType</maml:name> <maml:description> <maml:para>The userType of the user being invited. By default, userType is Guest.</maml:para> <maml:para>You can invite as Member of your company administrator.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InviteRedirectUrl</maml:name> <maml:description> <maml:para>The URL that the invited user is forwarded after accepting the invitation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SendInvitationMessage</maml:name> <maml:description> <maml:para>A Boolean parameter that indicates whether or not an invitation message sent to the invited user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserDisplayName</maml:name> <maml:description> <maml:para>The display name of the user as it appears in your directory.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserEmailAddress</maml:name> <maml:description> <maml:para>The Email address to which the invitation is sent.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserMessageInfo</maml:name> <maml:description> <maml:para>Addition information to specify how the invitation message is sent.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InvitedUserMessageInfo</command:parameterValue> <dev:type> <maml:name>InvitedUserMessageInfo</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUser</maml:name> <maml:description> <maml:para>An existing user object in the directory that you want to add or update the B2B credentials for.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">User</command:parameterValue> <dev:type> <maml:name>User</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InvitedUserType</maml:name> <maml:description> <maml:para>The userType of the user being invited. By default, userType is Guest.</maml:para> <maml:para>You can invite as Member of your company administrator.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InviteRedirectUrl</maml:name> <maml:description> <maml:para>The URL that the invited user is forwarded after accepting the invitation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SendInvitationMessage</maml:name> <maml:description> <maml:para>A Boolean parameter that indicates whether or not an invitation message sent to the invited user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- See more information - <https://learn.microsoft.com/graph/api/invitation-post>.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Invite a new external user to your directory ---</maml:title> <dev:code>Connect-Entra -Scopes 'User.Invite.All' $params = @{ InvitedUserEmailAddress = 'someexternaluser@externaldomain.com' SendInvitationMessage = $True InviteRedirectUrl = 'https://myapps.onmicrosoft.com' } New-EntraInvitation @params Id : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb InviteRedeemUrl : https://login.microsoftonline.com/redeem?... InviteRedirectUrl : https://myapps.onmicrosoft.com/ InvitedUser : @{AboutMe=; AccountEnabled=; Activities=; AgeGroup=; AgreementAcceptances=; AppRoleAssignments=; AssignedLicenses=; UserType=} InvitedUserDisplayName : InvitedUserEmailAddress : someexternaluser@externaldomain.com InvitedUserMessageInfo : @{CcRecipients=System.Object[]; CustomizedMessageBody=; MessageLanguage=} InvitedUserType : Guest ResetRedemption : False SendInvitationMessage : True Status : PendingAcceptance ObjectId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdditionalProperties : @{@odata.context=https://graph.microsoft.com/v1.0/$metadata#invitations/$entity}</dev:code> <dev:remarks> <maml:para>This example sent an email to the user who's email address is in the -InvitedUserEmailAddress parameter.</maml:para> <maml:para>When the user accepts the invitation, they're forwarded to the url as specified in the -InviteRedirectUrl parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Invite a new external user to your directory with InvitedUserDisplayName parameter</maml:title> <dev:code>Connect-Entra -Scopes 'User.Invite.All' $params = @{ InvitedUserEmailAddress = 'someexternaluser@externaldomain.com' SendInvitationMessage = $True InviteRedirectUrl = 'https://myapps.onmicrosoft.com' InvitedUserDisplayName = 'microsoftuser' } New-EntraInvitation @params Id : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb InviteRedeemUrl : https://login.microsoftonline.com/redeem?... InviteRedirectUrl : https://myapps.onmicrosoft.com/ InvitedUser : @{AboutMe=; AccountEnabled=; Activities=; AgeGroup=; AgreementAcceptances=; AppRoleAssignments=; AssignedLicenses=; UserType=} InvitedUserDisplayName : microsoftuser InvitedUserEmailAddress : someexternaluser@externaldomain.com InvitedUserMessageInfo : @{CcRecipients=System.Object[]; CustomizedMessageBody=; MessageLanguage=} InvitedUserType : Guest ResetRedemption : False SendInvitationMessage : True Status : PendingAcceptance ObjectId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdditionalProperties : @{@odata.context=https://graph.microsoft.com/v1.0/$metadata#invitations/$entity}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to invite a new external user to your directory with InvitedUserDisplayName parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Invite a new external user to your directory with InvitedUserMessageInfo parameter</maml:title> <dev:code>Connect-Entra -Scopes 'User.Invite.All' $a= New-Object Microsoft.Open.MSGraph.Model.InvitedUserMessageInfo $a.CustomizedMessageBody = 'Hi there, how are you' $a.MessageLanguage = 'EN' $params = @{ InvitedUserEmailAddress = 'someexternaluser@externaldomain.com' SendInvitationMessage = $True InviteRedirectUrl = 'https://myapps.microsoft.com' InvitedUserMessageInfo = $a } New-EntraInvitation @params Id : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb InviteRedeemUrl : https://login.microsoftonline.com/redeem?... InviteRedirectUrl : https://myapps.microsoft.com/ InvitedUser : @{AboutMe=; AccountEnabled=; Activities=; AgeGroup=; AgreementAcceptances=; AppRoleAssignments=; AssignedLicenses=; UserType=} InvitedUserDisplayName : InvitedUserEmailAddress : someexternaluser@externaldomain.com InvitedUserMessageInfo : @{CcRecipients=System.Object[]; CustomizedMessageBody=Hi there, how are you; MessageLanguage=EN} InvitedUserType : Guest ResetRedemption : False SendInvitationMessage : True Status : PendingAcceptance ObjectId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdditionalProperties : @{@odata.context=https://graph.microsoft.com/v1.0/$metadata#invitations/$entity}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to invite a new external user to your directory with InvitedUserMessageInfo parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Invite a new external user to your directory with InvitedUserType parameter</maml:title> <dev:code>Connect-Entra -Scopes 'User.Invite.All' $params = @{ InvitedUserEmailAddress = 'someexternaluser@externaldomain.com' SendInvitationMessage = $True InviteRedirectUrl = 'https://myapps.microsoft.com' InvitedUserType = 'Guest' } New-EntraInvitation @params Id : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb InviteRedeemUrl : https://login.microsoftonline.com/redeem?... InviteRedirectUrl : https://myapps.microsoft.com/ InvitedUser : @{AboutMe=; AccountEnabled=; Activities=; AgeGroup=; AgreementAcceptances=; AppRoleAssignments=; AssignedLicenses=; UserType=} InvitedUserDisplayName : InvitedUserEmailAddress : someexternaluser@externaldomain.com InvitedUserMessageInfo : @{CcRecipients=System.Object[]; CustomizedMessageBody=; MessageLanguage=} InvitedUserType : Guest ResetRedemption : False SendInvitationMessage : True Status : PendingAcceptance ObjectId : aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb AdditionalProperties : @{@odata.context=https://graph.microsoft.com/v1.0/$metadata#invitations/$entity}</dev:code> <dev:remarks> <maml:para>This example demonstrates how to invite a new external user to your directory with InvitedUserType parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraInvitation</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraNamedLocationPolicy</command:name> <command:verb>New</command:verb> <command:noun>EntraNamedLocationPolicy</command:noun> <maml:description> <maml:para>Creates a new named location policy in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to create new named location policy in Microsoft Entra ID.</maml:para> <maml:para>Conditional access policies are custom rules that define an access scenario.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraNamedLocationPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OdataType</maml:name> <maml:description> <maml:para>Specifies the OData type of a named location policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the human-readable name of the location.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IpRanges</maml:name> <maml:description> <maml:para>List of IP address ranges in IPv4 CIDR format (e.g., 1.2.3.4/32) or any valid IPv6 format as specified in IETF RFC596. The @odata.type of the ipRange is also required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsTrusted</maml:name> <maml:description> <maml:para>Specifies the isTrusted value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CountriesAndRegions</maml:name> <maml:description> <maml:para>List of countries and/or regions in the two-letter format specified by ISO 3166-2.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IncludeUnknownCountriesAndRegions</maml:name> <maml:description> <maml:para>Specifies the includeUnknownCountriesAndRegions value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OdataType</maml:name> <maml:description> <maml:para>Specifies the OData type of a named location policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the human-readable name of the location.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IpRanges</maml:name> <maml:description> <maml:para>List of IP address ranges in IPv4 CIDR format (e.g., 1.2.3.4/32) or any valid IPv6 format as specified in IETF RFC596. The @odata.type of the ipRange is also required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsTrusted</maml:name> <maml:description> <maml:para>Specifies the isTrusted value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CountriesAndRegions</maml:name> <maml:description> <maml:para>List of countries and/or regions in the two-letter format specified by ISO 3166-2.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IncludeUnknownCountriesAndRegions</maml:name> <maml:description> <maml:para>Specifies the includeUnknownCountriesAndRegions value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>- For more information, see Create namedLocation (/graph/api/conditionalaccessroot-post-namedlocations).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Creates a new Ip named location policy in Microsoft Entra ID</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $ipRanges = New-Object -TypeName Microsoft.Open.MSGraph.Model.IpRange $ipRanges.cidrAddress = '6.5.4.3/32' $params = @{ OdataType = '#microsoft.graph.ipNamedLocation' DisplayName = 'IP named location policy' IsTrusted = $false IpRanges = $ipRanges } New-EntraNamedLocationPolicy @params OdataType : #microsoft.graph.ipNamedLocation Id : bbbbbbbb-1111-2222-3333-cccccccccccc DisplayName : IP named location policy CreatedDateTime : 2019-09-26T23:12:16.0792706Z ModifiedDateTime : 2019-09-27T00:12:12.5986473Z IsTrusted : false IpRanges : { class IpRange { CidrAddress: 6.5.4.3/32 } }</dev:code> <dev:remarks> <maml:para>This command creates a new country named location policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Creates a new country named location policy in Microsoft Entra ID</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $params = @{ ODataType = '#microsoft.graph.countryNamedLocation' DisplayName = 'Country named location policy' CountriesAndRegions = 'IN' IncludeUnknownCountriesAndRegions = $false } New-EntraNamedLocationPolicy @params OdataType : #microsoft.graph.countryNamedLocation Id : bbbbbbbb-1111-2222-3333-cccccccccccc DisplayName : Country named location policy CreatedDateTime : 2019-09-26T23:12:16.0792706Z ModifiedDateTime : 2019-09-27T00:12:12.5986473Z CountriesAndRegions : {IN} IncludeUnknownCountriesAndRegions : False</dev:code> <dev:remarks> <maml:para>This command creates a new country named location policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraNamedLocationPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraOauth2PermissionGrant</command:name> <command:verb>New</command:verb> <command:noun>EntraOauth2PermissionGrant</command:noun> <maml:description> <maml:para>Create a delegated permission grant using an oAuth2PermissionGrant object. This grant allows a client service principal to access a resource service principal on behalf of a signed-in user, with access restricted to the specified delegated permissions.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraOauth2PermissionGrant` cmdlet creates a delegated permission grant using an oAuth2PermissionGrant object. This grant authorizes a client service principal to access a resource service principal on behalf of a signed-in user, with access limited to the specified delegated permissions.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraOauth2PermissionGrant</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The object ID (not appId) of the client service principal for the application, which is authorized to act on behalf of a signed-in user when accessing an API. Required. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConsentType</maml:name> <maml:description> <maml:para>Indicates whether the client application is authorized to impersonate all users or only a specific user.</maml:para> <maml:para>- `AllPrincipals`: Authorizes the application to impersonate all users.</maml:para> <maml:para>- `Principal`: Authorizes the application to impersonate a specific user.</maml:para> <maml:para>An administrator can grant consent on behalf of all users. In some cases, non-admin users are authorized to consent on behalf of themselves for certain delegated permissions. This parameter is required and supports the $filter query (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The ID of the resource service principal to which access is authorized. This identifies the API, which the client is authorized to attempt to call on behalf of a signed-in user. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>The ID of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal, If consentType is AllPrincipals this value is null. Required when consentType is Principal. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Scope</maml:name> <maml:description> <maml:para>A space-separated list of the claim values for delegated permissions, which should be included in access tokens for the resource application (the API). For example, openid User.Read GroupMember.Read.All. Each claim value should match the value field of one of the delegated permissions defined by the API, listed in the oauth2PermissionScopes property of the resource service principal. Must not exceed 3,850 characters in length.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The object ID (not appId) of the client service principal for the application, which is authorized to act on behalf of a signed-in user when accessing an API. Required. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConsentType</maml:name> <maml:description> <maml:para>Indicates whether the client application is authorized to impersonate all users or only a specific user.</maml:para> <maml:para>- `AllPrincipals`: Authorizes the application to impersonate all users.</maml:para> <maml:para>- `Principal`: Authorizes the application to impersonate a specific user.</maml:para> <maml:para>An administrator can grant consent on behalf of all users. In some cases, non-admin users are authorized to consent on behalf of themselves for certain delegated permissions. This parameter is required and supports the $filter query (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The ID of the resource service principal to which access is authorized. This identifies the API, which the client is authorized to attempt to call on behalf of a signed-in user. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>The ID of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal, If consentType is AllPrincipals this value is null. Required when consentType is Principal. Supports $filter (eq only).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Scope</maml:name> <maml:description> <maml:para>A space-separated list of the claim values for delegated permissions, which should be included in access tokens for the resource application (the API). For example, openid User.Read GroupMember.Read.All. Each claim value should match the value field of one of the delegated permissions defined by the API, listed in the oauth2PermissionScopes property of the resource service principal. Must not exceed 3,850 characters in length.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert /> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: To grant authorization to impersonate all users --</maml:title> <dev:code>Connect-Entra -Scopes 'DelegatedPermissionGrant.ReadWrite.All' $params = @{ ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444' ConsentType = 'Principal' PrincipalId = 'aaaaaaaa-bbbb-cccc-1111-222222222222' ResourceId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' Scope = 'DelegatedPermissionGrant.ReadWrite.All' } New-EntraOauth2PermissionGrant @params Id ClientId ConsentType ExpiryTime PrincipalId ResourceId Scope -- -------- ----------- ---------- ----------- ---------- ----- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 AllPrincipals 28/06/2025 07:44:25 aaaaaaaa-bbbb-cccc-1111-222222222222 Dele...</dev:code> <dev:remarks> <maml:para>This command Grant authorization to impersonate all users.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: To grant authorization to impersonate a specific user</maml:title> <dev:code>Connect-Entra -Scopes 'DelegatedPermissionGrant.ReadWrite.All' $params = @{ ClientId = '00001111-aaaa-2222-bbbb-3333cccc4444' ConsentType = 'AllPrincipals' ResourceId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' Scope = 'DelegatedPermissionGrant.ReadWrite.All' } New-EntraOauth2PermissionGrant @params Id ClientId ConsentType ExpiryTime PrincipalId ResourceId Scope -- -------- ----------- ---------- ----------- ---------- ----- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 AllPrincipals 28/06/2025 07:44:25 aaaaaaaa-bbbb-cccc-1111-222222222222 Dele...</dev:code> <dev:remarks> <maml:para>This command Grant authorization to impersonate a specific user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraOauth2PermissionGrant</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraPermissionGrantConditionSet</command:name> <command:verb>New</command:verb> <command:noun>EntraPermissionGrantConditionSet</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID permission grant condition set in a given policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Create a new Microsoft Entra ID permission grant condition set object in an existing policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraPermissionGrantConditionSet</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specific type of permissions (application, delegated) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionClassification</maml:name> <maml:description> <maml:para>Specific classification (all, low, medium, high) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be @("All") or a list of permission IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationIds</maml:name> <maml:description> <maml:para>The set of client application IDs to scope consent operation down to. It could be @("All") or a list of client application Ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationTenantIds</maml:name> <maml:description> <maml:para>The set of client application tenant IDs to scope consent operation down to. It could be @("All") or a list of client application tenant IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationPublisherIds</maml:name> <maml:description> <maml:para>The set of client applications publisher IDs to scope consent operation down to. It could be @("All") or a list of client application publisher IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationsFromVerifiedPublisherOnly</maml:name> <maml:description> <maml:para>A value indicates whether to only includes client applications from verified publishers.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceApplication</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be "Any" or a specific resource application ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specific type of permissions (application, delegated) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionClassification</maml:name> <maml:description> <maml:para>Specific classification (all, low, medium, high) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be @("All") or a list of permission IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationIds</maml:name> <maml:description> <maml:para>The set of client application IDs to scope consent operation down to. It could be @("All") or a list of client application Ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationTenantIds</maml:name> <maml:description> <maml:para>The set of client application tenant IDs to scope consent operation down to. It could be @("All") or a list of client application tenant IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationPublisherIds</maml:name> <maml:description> <maml:para>The set of client applications publisher IDs to scope consent operation down to. It could be @("All") or a list of client application publisher IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationsFromVerifiedPublisherOnly</maml:name> <maml:description> <maml:para>A value indicates whether to only includes client applications from verified publishers.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceApplication</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be "Any" or a specific resource application ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.PermissionGrantConditionSet</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Create a basic permission grant condition set in an existing policy with all build in values</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ PolicyId = 'test1' ConditionSetType = 'includes' PermissionType = 'delegated' } New-EntraPermissionGrantConditionSet @params Id ClientApplicationIds ClientApplicationPublisherIds ClientApplicationTenantIds ClientApplicationsFromVerifiedPublisherOnly PermissionClassification PermissionType Permissions -- -------------------- ----------------------------- -------------------------- ------------------------------------------- ------------------------ -------------- --------- aaaa0000-bb11-2222-33cc-444444dddddd {all} {all} {all} False all delegated {all}</dev:code> <dev:remarks> <maml:para>This command creates a basic permission grant condition set in an existing policy with all build in values.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create a permission grant condition set in an existing policy that includes specific permissions for a resource application</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ PolicyId = 'test1' ConditionSetType = 'includes' PermissionType = 'delegated' Permissions = @('8b590330-0eb2-45d0-baca-a00ecf7e7b87', 'dac1c8fa-e6e4-47b8-a128-599660b8cd5c', 'f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b') ResourceApplication = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' } New-EntraPermissionGrantConditionSet @params Id ClientApplicationIds ClientApplicationPublisherIds ClientApplicationTenantIds ClientApplicationsFromVerifiedPublisherOnly PermissionClassification PermissionType Permissions -- -------------------- ----------------------------- -------------------------- ------------------------------------------- ------------------------ -------------- --------- aaaa0000-bb11-2222-33cc-444444dddddd {all} {all} {all} False all delegated {8b590...</dev:code> <dev:remarks> <maml:para>This command creates a permission grant condition set in an existing policy that includes specific permissions for a resource application.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Create a permission grant condition set in an existing policy that is excluded</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ PolicyId = 'test1' ConditionSetType = 'excludes' PermissionType = 'delegated' Permissions = @('8b590330-0eb2-45d0-baca-a00ecf7e7b87', 'dac1c8fa-e6e4-47b8-a128-599660b8cd5c', 'f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b') ResourceApplication = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' PermissionClassification = 'low' ClientApplicationsFromVerifiedPublisherOnly = $true ClientApplicationIds = @('00001111-aaaa-2222-bbbb-3333cccc4444', '11112222-bbbb-3333-cccc-4444dddd5555') ClientApplicationTenantIds = @('aaaabbbb-0000-cccc-1111-dddd2222eeee', 'bbbbcccc-1111-dddd-2222-eeee3333ffff', 'ccccdddd-2222-eeee-3333-ffff4444aaaa') ClientApplicationPublisherIds = @('verifiedpublishermpnid') } New-EntraPermissionGrantConditionSet @params Id ClientApplicationIds ClientApplicationPublisherIds ClientApplicationTenantIds -- -------------------- ----------------------------- -------------------------- aaaa0000-bb11-2222-33cc-444444dddddd {00001111-aaaa-2222-bbbb-3333cccc4444, 11112222-bbbb-3333-cccc-4444dddd5555} {verifiedpublishermpnid} {aaaabbbb-0000-cccc-1111-dddd2222eeee, bbbbcccc-1111-dddd-2222-eeee3333ffff...</dev:code> <dev:remarks> <maml:para>This command creates a permission grant condition set in an existing policy that is excluded.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraPermissionGrantConditionSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraPermissionGrantPolicy</command:name> <command:verb>New</command:verb> <command:noun>EntraPermissionGrantPolicy</command:noun> <maml:description> <maml:para>Creates a permission grant policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraPermissionGrantPolicy cmdlet creates a Microsoft Entra ID permission grant policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraPermissionGrantPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies the description for the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name for the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies the description for the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name for the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Create a permission grant policy ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' New-EntraPermissionGrantPolicy -Id 'my_new_permission_grant_policy_id' DeletedDateTime Description DisplayName Id --------------- ----------- ----------- -- my_new_permission_grant_policy_id</dev:code> <dev:remarks> <maml:para>This command creates new permission grant policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 1: Create a permission grant policy with display name and description parameters</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ Id = 'my_new_permission_grant_policy_id' DisplayName = 'MyNewPermissionGrantPolicy' Description = 'My new permission grant policy' } New-EntraPermissionGrantPolicy @params DeletedDateTime Description DisplayName Id --------------- ----------- ----------- -- My new permission grant policy MyNewPermissionGrantPolicy my_new_permission_grant_policy_id</dev:code> <dev:remarks> <maml:para>This command creates new permission grant policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraPermissionGrantPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraPolicy</command:name> <command:verb>New</command:verb> <command:noun>EntraPolicy</command:noun> <maml:description> <maml:para>Creates a policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraPolicy` cmdlet creates a policy in Microsoft Entra ID. Specify `-DisplayName`, `-Definition` and `-Type` parameters for create a new policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Definition</maml:name> <maml:description> <maml:para>Specifies an array of JSON that contains all the rules of the policy, for example: -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"20:00:00"}}').</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>String of the policy name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsOrganizationDefault</maml:name> <maml:description> <maml:para>True if this policy is the organizational default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of policy. For token lifetimes, specify "TokenLifetimePolicy."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Definition</maml:name> <maml:description> <maml:para>Specifies an array of JSON that contains all the rules of the policy, for example: -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"20:00:00"}}').</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>String of the policy name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsOrganizationDefault</maml:name> <maml:description> <maml:para>True if this policy is the organizational default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of policy. For token lifetimes, specify "TokenLifetimePolicy."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Create a new HomeRealmDiscoveryPolicy policy ---</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration' $params = @{ Definition = @('{"HomeRealmDiscoveryPolicy":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}') DisplayName = 'NewPolicy' Type = 'HomeRealmDiscoveryPolicy' } New-EntraPolicy @params Definition DeletedDateTime Description DisplayName Id IsOrganizationD efault ---------- --------------- ----------- ----------- -- --------------- {{"HomeReayPolicy":{"AlternateLoginIDLookup":true, "IncluderIds":["UserID"]}}} NewPolicy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False</dev:code> <dev:remarks> <maml:para>This command creates a new policy in Microsoft Entra ID.</maml:para> <maml:para>- `-Definition` Parameter specifies an array of JSON that contains all the rules of the policy</maml:para> <maml:para>- `-Type` Parameter specifies the type of policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create a new policy by 'IsOrganizationDefault' parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration' $params = @{ Definition = @('{"HomeRealmDiscoveryPolicy":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}') DisplayName = 'NewPolicy' Type = 'HomeRealmDiscoveryPolicy' IsOrganizationDefault = $false } New-EntraPolicy @params Definition DeletedDateTime Description DisplayName Id IsOrganizationD efault ---------- --------------- ----------- ----------- -- --------------- {{"HomeReayPolicy":{"AlternateLoginIDLookup":true, "IncluderIds":["UserID"]}}} NewPolicy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False</dev:code> <dev:remarks> <maml:para>This command creates a new policy using 'IsOrganizationDefault' parameter in Microsoft Entra ID.</maml:para> <maml:para>- `-Definition` Parameter specifies an array of JSON that contains all the rules of the policy</maml:para> <maml:para>- `-Type` - Parameter specifies the type of policy. In this example, `HomeRealmDiscoveryPolicy` represents the type of policy.</maml:para> <maml:para>- `-IsOrganizationDefault` If true, activates this policy. Only one policy of the same type can be the organization default. Optional, default is false.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraRoleAssignment</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraRoleAssignment` cmdlet creates a new Microsoft Entra role assignment.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraRoleAssignment</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DirectoryScopeId</maml:name> <maml:description> <maml:para>Specifies the scope for the role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the principal for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the role definition for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DirectoryScopeId</maml:name> <maml:description> <maml:para>Specifies the scope for the role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies the principal for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RoleDefinitionId</maml:name> <maml:description> <maml:para>Specifies the role definition for role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleAssignment</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Create a new Microsoft Entra ID role assignment --</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.ReadWrite.All' #For the entitlement management provider $params = @{ RoleDefinitionId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' PrincipalId = 'aaaaaaaa-bbbb-cccc-1111-222222222222' DirectoryScopeId = '/' } New-EntraRoleAssignment @params Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u aaaaaaaa-bbbb-cccc-1111-222222222222 a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 /</dev:code> <dev:remarks> <maml:para>This command creates a new role assignment.</maml:para> <maml:para>- `-RoleDefinitionId` - specifies the ID of the role definition that you want to assign. Role definitions describe the permissions that are granted to users or groups by the role. This is the Identifier of the `unifiedRoleDefinition` the assignment is for.</maml:para> <maml:para>- `-PrincipalId` - specifies the ID of the principal (user, group, or service principal) to whom the role is being assigned.</maml:para> <maml:para>- `-DirectoryScopeId` - specifies the scope of the directory over which the role assignment is effective. The '/' value typically represents the root scope, meaning the role assignment is applicable across the entire directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraRoleDefinition</command:name> <command:verb>New</command:verb> <command:noun>EntraRoleDefinition</command:noun> <maml:description> <maml:para>Create a new Microsoft Entra ID roleDefinition.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Create a new Microsoft Entra ID `roleDefinition` object.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraRoleDefinition</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies the template ID for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <command:returnValue> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Creates a new role definition -----------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' } New-EntraRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 93ff7659-04bd-4d97-8add-b6c992cce98e False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Creates a new role definition with Description parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' Description = 'Role Definition demo' } New-EntraRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 e14cb8e2-d696-4756-bd7f-c7df25271f3d Role Definition demo False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with Description parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Creates a new role definition with ResourceScopes parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' ResourceScopes = '/' } New-EntraRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 2bc29892-ca2e-457e-b7c0-03257a0bcd0c False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with ResourceScopes parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Creates a new role definition with TemplateId parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' TemplateId = '4dd5aa9c-cf4d-4895-a993-740d342802b9' } New-EntraRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 4dd5aa9c-cf4d-4895-a993-740d342802b9 False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with TemplateId parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: Creates a new role definition with Version parameter</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/basic/read") $params = @{ RolePermissions = $RolePermissions IsEnabled = $false DisplayName = 'MyRoleDefinition' Version = '2' } New-EntraRoleDefinition @params DisplayName Id TemplateId Description IsBuiltIn IsEnabled ----------- -- ---------- ----------- --------- --------- MyRoleDefinition a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 b69d16e9-b3f9-4289-a87f-8f796bd9fa28 False False</dev:code> <dev:remarks> <maml:para>This command creates a new role definition with Version parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraServiceAppRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraServiceAppRoleAssignment</command:noun> <maml:description> <maml:para>Assigns a service principal to an application role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraServiceAppRoleAssignment` cmdlet assigns a service principal to an application role in Microsoft Entra ID.</maml:para> <maml:para>For delegated scenarios, the calling user needs at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- Directory Synchronization Accounts</maml:para> <maml:para>- Directory Writer</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> <maml:para>- Identity Governance Administrator</maml:para> <maml:para>- Privileged Role Administrator</maml:para> <maml:para>- User Administrator</maml:para> <maml:para>- Application Administrator</maml:para> <maml:para>- Cloud Application Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraServiceAppRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies a principal ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>Specifies a resource ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>Specifies a principal ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>Specifies a resource ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Assign an app role to another service principal --</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $appname = 'Box' $spo = Get-EntraServicePrincipal -Filter "Displayname eq '$appname'" $params = @{ ObjectId = $spo.ObjectId ResourceId = $spo.ObjectId Id = $spo.Approles[1].id PrincipalId = $spo.ObjectId } New-EntraServiceAppRoleAssignment @params DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 3/12/2024 11:05:29 AM Box aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign an app role to another service principal in Microsoft Entra ID.</maml:para> <maml:para>- `ObjectId`: The ObjectId of the client service principal to which you're assigning the app role.</maml:para> <maml:para>- `ResourceId`: The ObjectId of the resource service principal (for example, an API).</maml:para> <maml:para>- `Id`: The Id of the app role (defined on the resource service principal) to assign to the client service principal. If no app roles are defined on the resource app, you can use `00000000-0000-0000-0000-000000000000`.</maml:para> <maml:para>- `PrincipalId`: The ObjectId of the client service principal to which you're assigning the app role.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 2: Assign an app role to a user -----------</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $appname = 'Box' $spo = Get-EntraServicePrincipal -Filter "Displayname eq '$appname'" $user = Get-EntraUser -SearchString 'Test Contoso' $params = @{ ObjectId = $spo.ObjectId ResourceId = $spo.ObjectId Id = $spo.Approles[1].id PrincipalId = $user.ObjectId } New-EntraServiceAppRoleAssignment @params DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 3/12/2024 11:07:15 AM Test Contoso aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign an app role to a user in Microsoft Entra ID.</maml:para> <maml:para>- `ObjectId`: The ObjectId of the app's service principal.</maml:para> <maml:para>- `ResourceId`: The ObjectId of the app's service principal.</maml:para> <maml:para>- `Id`: The Id of the app role (defined on the app's service principal) to assign to the user. If no app roles are defined to the resource app, you can use `00000000-0000-0000-0000-000000000000` to indicate that the app is assigned to the user.</maml:para> <maml:para>- `PrincipalId`: The ObjectId of the user to which you're assigning the app role.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 3: Assign an app role to a group -----------</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $appname = 'Box' $spo = Get-EntraServicePrincipal -Filter "Displayname eq '$appname'" $group = Get-EntraGroup -SearchString 'testGroup12' $params = @{ ObjectId = $spo.ObjectId ResourceId = $spo.ObjectId Id = $spo.Approles[1].id PrincipalId = $group.ObjectId } New-EntraServiceAppRoleAssignment @params DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId --------------- -- --------- --------------- -------------------- ----------- 2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6 00000000-0000-0000-0000-000000000000 3/12/2024 10:59:38 AM testGroup12 aaaaaaaa-bbbb-cccc-1111-222222222222</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign an app role to a group in Microsoft Entra ID.</maml:para> <maml:para>- `ObjectId`: The ObjectId of the app's service principal.</maml:para> <maml:para>- `ResourceId`: The ObjectId of the app's service principal.</maml:para> <maml:para>- `Id`: The Id of the app role (defined on the app's service principal) to assign to the user. If no app roles are defined to the resource app, you can use `00000000-0000-0000-0000-000000000000` to indicate that the app is assigned to the user.</maml:para> <maml:para>- `PrincipalId`: The ObjectId of the user to which you're assigning the app role.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraServiceAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServiceAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServiceAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraServicePrincipal</command:name> <command:verb>New</command:verb> <command:noun>EntraServicePrincipal</command:noun> <maml:description> <maml:para>Creates a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Create a new service Principal.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraServicePrincipal</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>True if the service principal account is enabled; otherwise, false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeNames</maml:name> <maml:description> <maml:para>The alternative names for this service principal</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppId</maml:name> <maml:description> <maml:para>The unique identifier for the associated application (its appId property).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoleAssignmentRequired</maml:name> <maml:description> <maml:para>Indicates whether an application role assignment is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Homepage</maml:name> <maml:description> <maml:para>Specifies the home page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>The collection of key credentials associated with the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>LogoutUrl</maml:name> <maml:description> <maml:para>Specifies the logout URL.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>Specifies password credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ReplyUrls</maml:name> <maml:description> <maml:para>The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalNames</maml:name> <maml:description> <maml:para>Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal. A client uses ServicePrincipalNames to:</maml:para> <maml:para>- populate requiredResourceAccess, via "Permissions to other applications" in the Microsoft Entra ID classic portal. - specify a resource URI to acquire an access token, which is the URI returned in the claim.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalType</maml:name> <maml:description> <maml:para>The type of the service principal</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Tags linked to this service principal.</maml:para> <maml:para>If you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>True if the service principal account is enabled; otherwise, false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeNames</maml:name> <maml:description> <maml:para>The alternative names for this service principal</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppId</maml:name> <maml:description> <maml:para>The unique identifier for the associated application (its appId property).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoleAssignmentRequired</maml:name> <maml:description> <maml:para>Indicates whether an application role assignment is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Homepage</maml:name> <maml:description> <maml:para>Specifies the home page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>The collection of key credentials associated with the service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>LogoutUrl</maml:name> <maml:description> <maml:para>Specifies the logout URL.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>Specifies password credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ReplyUrls</maml:name> <maml:description> <maml:para>The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalNames</maml:name> <maml:description> <maml:para>Specifies an array of service principal names. Based on the identifierURIs collection, plus the application's appId property, these URIs are used to reference an application's service principal. A client uses ServicePrincipalNames to:</maml:para> <maml:para>- populate requiredResourceAccess, via "Permissions to other applications" in the Microsoft Entra ID classic portal. - specify a resource URI to acquire an access token, which is the URI returned in the claim.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalType</maml:name> <maml:description> <maml:para>The type of the service principal</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Tags linked to this service principal.</maml:para> <maml:para>If you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Create a new service principal by DisplayName, AccountEnabled, Tags, and AppRoleAssignmentRequired</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $MyApp=(Get-EntraApplication -Filter "DisplayName eq 'Demo App'") New-EntraServicePrincipal -AccountEnabled $true -AppId $MyApp.AppId -AppRoleAssignmentRequired $true -DisplayName $MyApp.DisplayName -Tags {WindowsAzureActiveDirectoryIntegratedApp} DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Demo App bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 AzureADandPersonalMicrosoftAccount Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new service Principal in Microsoft Entra ID. - First command gets the application and stored in variable. - Second command creates a new service principal.</maml:para> <maml:para>The tag "-Tags {WindowsAzureActiveDirectoryIntegratedApp}" is used to have this service principal show up in the list of Integrated Applications in the Admin Portal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Create a new service principal by Homepage, logoutUrl, and ReplyUrls</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $MyApp=(Get-EntraApplication -Filter "DisplayName eq 'Demo App'") New-EntraServicePrincipal -AppId $MyApp.AppId -Homepage 'https://localhost/home' -LogoutUrl 'htpp://localhost/logout' -ReplyUrls 'https://localhost/redirect' DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Demo App bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 AzureADandPersonalMicrosoftAccount Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new service Principal in Microsoft Entra ID. - First command gets the application and stored in variable. - Second command creates a new service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 3: Create a new service principal by KeyCredentials -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $creds = New-Object Microsoft.Open.AzureAD.Model.KeyCredential $creds.CustomKeyIdentifier = [System.Text.Encoding]::UTF8.GetBytes('Test') $startdate = Get-Date -Year 2023 -Month 10 -Day 23 $creds.StartDate = $startdate $creds.Type = 'Symmetric' $creds.Usage = 'Sign' $creds.Value = [System.Text.Encoding]::UTF8.GetBytes('strong-cred-value') $creds.EndDate = Get-Date -Year 2024 -Month 10 -Day 23 $MyApp=(Get-EntraApplication -Filter "DisplayName eq 'Demo App'") New-EntraServicePrincipal -AppId '00001111-aaaa-2222-bbbb-3333cccc4444' -Homepage 'https://localhost/home' -KeyCredentials $creds New-EntraServicePrincipal -AppId $MyApp.AppId -KeyCredentials $creds DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Demo App bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 AzureADandPersonalMicrosoftAccount Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new service Principal in Microsoft Entra ID. - First command stored the key credentials in a variable.</maml:para> <maml:para>- Second command gets the application and stored in variable. - Last command creates a new service principal.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Create a new service principal by AlternativeNames, ServicePrincipalType, and ServicePrincipalName</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $MyApp=(Get-EntraApplication -Filter "DisplayName eq 'Demo App'") New-EntraServicePrincipal -AppId $MyApp.AppId -AlternativeNames 'sktest2' -ServicePrincipalType 'Application' -ServicePrincipalNames $MyApp.AppId DisplayName Id AppId SignInAudience ServicePrincipalType ----------- -- ----- -------------- -------------------- Demo App bbbbbbbb-1111-2222-3333-cccccccccccc 00001111-aaaa-2222-bbbb-3333cccc4444 AzureADandPersonalMicrosoftAccount Application</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a new service Principal in Microsoft Entra ID. - First command gets the application and stored in variable. - Second command creates a new service principal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraServicePrincipal</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraServicePrincipalKeyCredential</command:name> <command:verb>New</command:verb> <command:noun>EntraServicePrincipalKeyCredential</command:noun> <maml:description> <maml:para>Creates a password credential for a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraServicePrincipalKeyCredential cmdlet creates a key credential for a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraServicePrincipalKeyCredential</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CustomKeyIdentifier</maml:name> <maml:description> <maml:para>Specifies a custom key ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes invalid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes valid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyType</command:parameterValue> <dev:type> <maml:name>KeyType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Usage</maml:name> <maml:description> <maml:para>Specifies the key usage.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyUsage</command:parameterValue> <dev:type> <maml:name>KeyUsage</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Value</maml:name> <maml:description> <maml:para>Specifies the value for the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CustomKeyIdentifier</maml:name> <maml:description> <maml:para>Specifies a custom key ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes invalid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>Specifies the time when the key becomes valid as a DateTime object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyType</command:parameterValue> <dev:type> <maml:name>KeyType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Usage</maml:name> <maml:description> <maml:para>Specifies the key usage.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KeyUsage</command:parameterValue> <dev:type> <maml:name>KeyUsage</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Value</maml:name> <maml:description> <maml:para>Specifies the value for the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Create a key credential --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' New-EntraServicePrincipalKeyCredential</dev:code> <dev:remarks> <maml:para>This command creates a key credential for a service principal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraServicePrincipalKeyCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraServicePrincipalPasswordCredential</command:name> <command:verb>New</command:verb> <command:noun>EntraServicePrincipalPasswordCredential</command:noun> <maml:description> <maml:para>Creates a password credential for a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraServicePrincipalPasswordCredential cmdlet creates a password credential for a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraServicePrincipalPasswordCredential</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EndDate</maml:name> <maml:description> <maml:para>The date and time at which the password expires represented using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>StartDate</maml:name> <maml:description> <maml:para>The date and time at which the password becomes valid. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2024 is 2024-01-01T00:00:00Z.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Create a password credential with StartDate ----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission New-EntraServicePrincipalPasswordCredential -ObjectID '00001111-aaaa-2222-bbbb-3333cccc4444' -StartDate 2024-03-21T14:14:14Z CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 21-03-2026 12:12:13 333 aaaaaaaa-0b0b-1c1c-2d2d-333333333333 Aa1Bb2Cc3.-Dd4Ee5Ff6Gg7Hh8Ii9_~Jj0Kk1Ll2 21-03-2024 14:14:14</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a password credential with StartDate for a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 2: Create a password credential with EndtDate ----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission New-EntraServicePrincipalPasswordCredential -ObjectID '00001111-aaaa-2222-bbbb-3333cccc4444' -EndDate 2030-03-21T14:14:14Z CustomKeyIdentifier DisplayName EndDateTime Hint KeyId SecretText StartDateTime ------------------- ----------- ----------- ---- ----- ---------- ------------- 21-03-2030 14:14:14 333 aaaaaaaa-0b0b-1c1c-2d2d-333333333333 Aa1Bb2Cc3.-Dd4Ee5Ff6Gg7Hh8Ii9_~Jj0Kk1Ll2 21-03-2024 12:15:10</dev:code> <dev:remarks> <maml:para>This example demonstrates how to create a password credential with EndDate for a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraServicePrincipalPasswordCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipalPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraTrustedCertificateAuthority</command:name> <command:verb>New</command:verb> <command:noun>EntraTrustedCertificateAuthority</command:noun> <maml:description> <maml:para>Creates a trusted certificate authority.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraTrustedCertificateAuthority cmdlet creates a trusted certificate authority in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraTrustedCertificateAuthority</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CertificateAuthorityInformation</maml:name> <maml:description> <maml:para>Specifies a CertificateAuthorityInformation object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CertificateAuthorityInformation</command:parameterValue> <dev:type> <maml:name>CertificateAuthorityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CertificateAuthorityInformation</maml:name> <maml:description> <maml:para>Specifies a CertificateAuthorityInformation object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CertificateAuthorityInformation</command:parameterValue> <dev:type> <maml:name>CertificateAuthorityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Creates the trusted certificate authorities in your directory</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' $new_ca = New-Object -TypeName Microsoft.Open.AzureAD.Model.CertificateAuthorityInformation #Create CertificateAuthorityInformation object $new_ca.AuthorityType = "RootAuthority" $new_ca.CrlDistributionPoint = "https://example.crl" $new_ca.DeltaCrlDistributionPoint = "https://deltaexample.crl" $new_ca.TrustedCertificate = "Path to .cer file(including cer file name)" New-EntraTrustedCertificateAuthority -CertificateAuthorityInformation $new_ca Id CertificateAuthorities -- ---------------------- 0a0a0a0a-1111-bbbb-2222-3c3c3c3c3c3c {class CertificateAuthorityInformation {...</dev:code> <dev:remarks> <maml:para>This command creates the trusted certificate authorities in your directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraTrustedCertificateAuthority</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraUser</command:name> <command:verb>New</command:verb> <command:noun>EntraUser</command:noun> <maml:description> <maml:para>Creates a Microsoft Entra ID user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The New-EntraUser cmdlet creates a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraUser</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the user's account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>City</maml:name> <maml:description> <maml:para>Specifies the user's city.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Country</maml:name> <maml:description> <maml:para>Specifies the user's country.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CreationType</maml:name> <maml:description> <maml:para>Indicates whether the user account is a local account for a Microsoft Entra ID B2C tenant. Possible values are "LocalAccount" and null.</maml:para> <maml:para>- When creating a local account, the property is required and you must set it to "LocalAccount".</maml:para> <maml:para>- When creating a work or school account, don't specify the property or set it to null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Department</maml:name> <maml:description> <maml:para>Specifies the user's department.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the user's display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtensionProperty</maml:name> <maml:description> <maml:para>Add data to custom user properties as the basic open extensions or the more versatile schema extensions .</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.Dictionary`2[System.String,System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.Dictionary`2[System.String,System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GivenName</maml:name> <maml:description> <maml:para>Specifies the user's given name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ImmutableId</maml:name> <maml:description> <maml:para>This property is used to associate an on-premises user account to their Microsoft Entra ID user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property.</maml:para> <maml:para>Important: The $ and _ characters can't be used when specifying this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsCompromised</maml:name> <maml:description> <maml:para>Indicates whether this user is compromised.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>JobTitle</maml:name> <maml:description> <maml:para>Specifies the user's job title.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickName</maml:name> <maml:description> <maml:para>Specifies the user's mail nickname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Mobile</maml:name> <maml:description> <maml:para>Specifies the user's mobile phone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OtherMails</maml:name> <maml:description> <maml:para>A list of other email addresses for the user; for example: 'bob@contoso.com', 'robert@fabrikam.com'.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordPolicies</maml:name> <maml:description> <maml:para>Specifies password policies for the user. This value is an enumeration with one possible value being "DisableStrongPassword", which allows weaker passwords than the default policy to be specified. "DisablePasswordExpiration" can also be specified. The two might be specified together; for example: "DisablePasswordExpiration, DisableStrongPassword".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordProfile</maml:name> <maml:description> <maml:para>Specifies the user's password profile.</maml:para> <maml:para>The parameter type for this parameter is "PasswordProfile".</maml:para> <maml:para>In order to pass a parameter of this type, you first need to create a variable in PowerShell with that type:</maml:para> <maml:para>$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile</maml:para> <maml:para>Then you can proceed to set the value of the password in this variable:</maml:para> <maml:para>$PasswordProfile.Password = "<Password>"</maml:para> <maml:para>And finally you can pass this variable to the cmdlet:</maml:para> <maml:para>New-EntraUser -PasswordProfile $PasswordProfile ...</maml:para> <maml:para>Other attributes that can be set in the PasswordProfile are</maml:para> <maml:para>$PasswordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $PasswordProfile.</maml:para> <maml:para>ForceChangePasswordNextLogin - a boolean indicating that the user must change the password at the next sign in.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordProfile</command:parameterValue> <dev:type> <maml:name>PasswordProfile</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PhysicalDeliveryOfficeName</maml:name> <maml:description> <maml:para>Specifies the user's physical delivery office name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PostalCode</maml:name> <maml:description> <maml:para>Specifies the user's postal code.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PreferredLanguage</maml:name> <maml:description> <maml:para>Specifies the user's preferred language.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowInAddressList</maml:name> <maml:description> <maml:para>If True, show this user in the address list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInNames</maml:name> <maml:description> <maml:para>Specifies the collection of sign-in names for a local account in a Microsoft Entra ID B2C tenant.</maml:para> <maml:para>Each sign-in name must be unique across the company/tenant.</maml:para> <maml:para>The property must be specified when you create a local account user; don't specify it when you create a work or school account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the user's state.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>StreetAddress</maml:name> <maml:description> <maml:para>Specifies the user's street address.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Surname</maml:name> <maml:description> <maml:para>Specifies the user's surname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TelephoneNumber</maml:name> <maml:description> <maml:para>Specifies a telephone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UsageLocation</maml:name> <maml:description> <maml:para>A two letter country code (ISO standard 3166).</maml:para> <maml:para>Required for users that are assigned licenses due to legal requirement to check for availability of services in countries.</maml:para> <maml:para>Examples include: "US", "JP", and "GB".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>The user principal name (UPN) of the user.</maml:para> <maml:para>The UPN is an Internet-style login name for the user based on the Internet standard RFC 822.</maml:para> <maml:para>By convention, this should map to the user's email name.</maml:para> <maml:para>The general format is "alias@domain". For work or school accounts, the domain must be present in the tenant's collection of verified domains.</maml:para> <maml:para>This property is required when a work or school account is created; it's optional for local accounts.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserType</maml:name> <maml:description> <maml:para>A string value that can be used to classify user types in your directory, such as "Member" and "Guest".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>FacsimileTelephoneNumber</maml:name> <maml:description> <maml:para>This specifies the user's telephone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AgeGroup</maml:name> <maml:description> <maml:para>This specifies the user's age group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CompanyName</maml:name> <maml:description> <maml:para>This specifies the user's company name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConsentProvidedForMinor</maml:name> <maml:description> <maml:para>Sets whether consent was obtained for minors.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserState</maml:name> <maml:description> <maml:para>For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserStateChangedOn</maml:name> <maml:description> <maml:para>Shows the timestamp for the latest change to the userState property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the user's account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>City</maml:name> <maml:description> <maml:para>Specifies the user's city.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Country</maml:name> <maml:description> <maml:para>Specifies the user's country.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CreationType</maml:name> <maml:description> <maml:para>Indicates whether the user account is a local account for a Microsoft Entra ID B2C tenant. Possible values are "LocalAccount" and null.</maml:para> <maml:para>- When creating a local account, the property is required and you must set it to "LocalAccount".</maml:para> <maml:para>- When creating a work or school account, don't specify the property or set it to null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Department</maml:name> <maml:description> <maml:para>Specifies the user's department.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the user's display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtensionProperty</maml:name> <maml:description> <maml:para>Add data to custom user properties as the basic open extensions or the more versatile schema extensions .</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.Dictionary`2[System.String,System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.Dictionary`2[System.String,System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GivenName</maml:name> <maml:description> <maml:para>Specifies the user's given name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ImmutableId</maml:name> <maml:description> <maml:para>This property is used to associate an on-premises user account to their Microsoft Entra ID user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName (UPN) property.</maml:para> <maml:para>Important: The $ and _ characters can't be used when specifying this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsCompromised</maml:name> <maml:description> <maml:para>Indicates whether this user is compromised.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>JobTitle</maml:name> <maml:description> <maml:para>Specifies the user's job title.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickName</maml:name> <maml:description> <maml:para>Specifies the user's mail nickname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Mobile</maml:name> <maml:description> <maml:para>Specifies the user's mobile phone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OtherMails</maml:name> <maml:description> <maml:para>A list of other email addresses for the user; for example: 'bob@contoso.com', 'robert@fabrikam.com'.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordPolicies</maml:name> <maml:description> <maml:para>Specifies password policies for the user. This value is an enumeration with one possible value being "DisableStrongPassword", which allows weaker passwords than the default policy to be specified. "DisablePasswordExpiration" can also be specified. The two might be specified together; for example: "DisablePasswordExpiration, DisableStrongPassword".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordProfile</maml:name> <maml:description> <maml:para>Specifies the user's password profile.</maml:para> <maml:para>The parameter type for this parameter is "PasswordProfile".</maml:para> <maml:para>In order to pass a parameter of this type, you first need to create a variable in PowerShell with that type:</maml:para> <maml:para>$PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile</maml:para> <maml:para>Then you can proceed to set the value of the password in this variable:</maml:para> <maml:para>$PasswordProfile.Password = "<Password>"</maml:para> <maml:para>And finally you can pass this variable to the cmdlet:</maml:para> <maml:para>New-EntraUser -PasswordProfile $PasswordProfile ...</maml:para> <maml:para>Other attributes that can be set in the PasswordProfile are</maml:para> <maml:para>$PasswordProfile.EnforceChangePasswordPolicy - a boolean indicating that the change password policy is enababled or disabled for this user $PasswordProfile.</maml:para> <maml:para>ForceChangePasswordNextLogin - a boolean indicating that the user must change the password at the next sign in.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordProfile</command:parameterValue> <dev:type> <maml:name>PasswordProfile</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PhysicalDeliveryOfficeName</maml:name> <maml:description> <maml:para>Specifies the user's physical delivery office name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PostalCode</maml:name> <maml:description> <maml:para>Specifies the user's postal code.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PreferredLanguage</maml:name> <maml:description> <maml:para>Specifies the user's preferred language.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowInAddressList</maml:name> <maml:description> <maml:para>If True, show this user in the address list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInNames</maml:name> <maml:description> <maml:para>Specifies the collection of sign-in names for a local account in a Microsoft Entra ID B2C tenant.</maml:para> <maml:para>Each sign-in name must be unique across the company/tenant.</maml:para> <maml:para>The property must be specified when you create a local account user; don't specify it when you create a work or school account.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the user's state.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>StreetAddress</maml:name> <maml:description> <maml:para>Specifies the user's street address.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Surname</maml:name> <maml:description> <maml:para>Specifies the user's surname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TelephoneNumber</maml:name> <maml:description> <maml:para>Specifies a telephone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UsageLocation</maml:name> <maml:description> <maml:para>A two letter country code (ISO standard 3166).</maml:para> <maml:para>Required for users that are assigned licenses due to legal requirement to check for availability of services in countries.</maml:para> <maml:para>Examples include: "US", "JP", and "GB".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>The user principal name (UPN) of the user.</maml:para> <maml:para>The UPN is an Internet-style login name for the user based on the Internet standard RFC 822.</maml:para> <maml:para>By convention, this should map to the user's email name.</maml:para> <maml:para>The general format is "alias@domain". For work or school accounts, the domain must be present in the tenant's collection of verified domains.</maml:para> <maml:para>This property is required when a work or school account is created; it's optional for local accounts.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserType</maml:name> <maml:description> <maml:para>A string value that can be used to classify user types in your directory, such as "Member" and "Guest".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>FacsimileTelephoneNumber</maml:name> <maml:description> <maml:para>This specifies the user's telephone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AgeGroup</maml:name> <maml:description> <maml:para>This specifies the user's age group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CompanyName</maml:name> <maml:description> <maml:para>This specifies the user's company name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConsentProvidedForMinor</maml:name> <maml:description> <maml:para>Sets whether consent was obtained for minors.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserState</maml:name> <maml:description> <maml:para>For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserStateChangedOn</maml:name> <maml:description> <maml:para>Shows the timestamp for the latest change to the userState property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Create a user using MailNickName parameter ----</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = '<Password>' $userParams = @{ DisplayName = 'Avery Iona' PasswordProfile = $PasswordProfile UserPrincipalName = 'AveryI@contoso.com' AccountEnabled = $true MailNickName = 'averyi' } New-EntraUser @userParams ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Avery Iona AveryI@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command creates a new user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 2: Create a user using AgeGroup parameter ------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = '<Password>' $userParams = @{ DisplayName = 'Peyton Davis' PasswordProfile = $PasswordProfile UserPrincipalName = 'PeytonD@contoso.com' AccountEnabled = $true MailNickName = 'PeytonD' AgeGroup = 'adult' } New-EntraUser @userParams ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- bbbbbbbb-1111-2222-3333-cccccccccccc Peyton Davis PeytonD@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command creates a new user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 3: Create a user using City parameter --------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = '<Password>' $userParams = @{ DisplayName = 'Blake Martin' PasswordProfile = $PasswordProfile UserPrincipalName = 'BlakeM@contoso.com' AccountEnabled = $true MailNickName = 'BlakeM' City = 'New York' } New-EntraUser @userParams ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- cccccccc-2222-3333-4444-dddddddddddd Blake Martin BlakeM@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command creates a new user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 4: Create a user using Department parameter -----</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = '<Password>' $userParams = @{ DisplayName = 'Parker Jones' PasswordProfile = $PasswordProfile UserPrincipalName = 'ParkerJ@contoso.com' AccountEnabled = $true MailNickName = 'ParkerJ' Department = 'IT' } New-EntraUser @userParams ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- dddddddd-3333-4444-5555-eeeeeeeeeeee Parker Jones ParkerJ@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command creates a new user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 5: Create a user using Mobile parameter -------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile $PasswordProfile.Password = '<Password>' $UserParams = @{ DisplayName = 'Sawyer Miller' PasswordProfile = $PasswordProfile UserPrincipalName = 'SawyerM@contoso.com' AccountEnabled = $true MailNickName = 'SawyerM' Mobile = '+18989898989' } New-EntraUser @UserParams ObjectId DisplayName UserPrincipalName UserType -------- ----------- ----------------- -------- eeeeeeee-4444-5555-6666-ffffffffffff Sawyer Miller SawyerM@contoso.com Member</dev:code> <dev:remarks> <maml:para>This command creates a new user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>New-EntraUserAppRoleAssignment</command:name> <command:verb>New</command:verb> <command:noun>EntraUserAppRoleAssignment</command:noun> <maml:description> <maml:para>Assigns a user to an application role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `New-EntraUserAppRoleAssignment` cmdlet assigns a user to an application role in Microsoft Entra ID.</maml:para> <maml:para>To grant an app role assignment to a user, you need three identifiers:</maml:para> <maml:para>- PrincipalId: The id of the user to whom you are assigning the app role.</maml:para> <maml:para>- ResourceId: The id of the resource servicePrincipal that has defined the app role.</maml:para> <maml:para>- Id: The id of the appRole (defined on the resource service principal) to assign to the user.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>New-EntraUserAppRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the app role to assign.</maml:para> <maml:para>If application doesn't have any roles while creating new app role assignment then provide an empty guid, or the Id of the role to assign to the user.</maml:para> <maml:para>You can retrieve the application's roles by examining the application object's AppRoles property:</maml:para> <maml:para>`Get-EntraApplication -SearchString 'Your-Application-DisplayName' | select Approles | Format-List`</maml:para> <maml:para>This cmdlet returns the list of roles that are defined in an application:</maml:para> <maml:para>AppRoles: {GUID1, GUID2}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the user (as a User Principal Name or ObjectId) in Microsoft Entra ID to which the new app role is to be assigned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>The object ID of the principal to which the new app role is assigned.</maml:para> <maml:para>When assigning a new role to a user, provide the object ID of the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The object ID of the Service Principal for the application to which the user role is assigned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the app role to assign.</maml:para> <maml:para>If application doesn't have any roles while creating new app role assignment then provide an empty guid, or the Id of the role to assign to the user.</maml:para> <maml:para>You can retrieve the application's roles by examining the application object's AppRoles property:</maml:para> <maml:para>`Get-EntraApplication -SearchString 'Your-Application-DisplayName' | select Approles | Format-List`</maml:para> <maml:para>This cmdlet returns the list of roles that are defined in an application:</maml:para> <maml:para>AppRoles: {GUID1, GUID2}</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the user (as a User Principal Name or ObjectId) in Microsoft Entra ID to which the new app role is to be assigned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrincipalId</maml:name> <maml:description> <maml:para>The object ID of the principal to which the new app role is assigned.</maml:para> <maml:para>When assigning a new role to a user, provide the object ID of the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceId</maml:name> <maml:description> <maml:para>The object ID of the Service Principal for the application to which the user role is assigned.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Assign a user to an application without roles ---</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $appId = (Get-EntraApplication -SearchString '<App-DisplayName>').AppId $user = Get-EntraUser -SearchString '<UserPrincipalName>' $servicePrincipal = Get-EntraServicePrincipal -Filter "appId eq '$appId'" $params = @{ ObjectId = $user.ObjectId PrincipalId = $user.ObjectId ResourceId = $servicePrincipal.ObjectId Id = [Guid]::Empty } New-EntraUserAppRoleAssignment @params DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName --------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- - A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 18-06-2024 11:22:40 UserPrincipalName aaaaaaaa-bbbb-cccc-1111-222222222222 User App-DisplayName</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign a user to an application role in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Assign a user to a specific role within an application</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $userName = 'SawyerM@contoso.com' $appName = 'Box' $spo = Get-EntraServicePrincipal -Filter "DisplayName eq '$appName'" $user = Get-EntraUser -Filter "userPrincipalName eq '$userName'" $params = @{ ObjectId = $user.ObjectId PrincipalId = $user.ObjectId ResourceId = $spo.ObjectId Id = $spo.AppRoles[1].Id } New-EntraUserAppRoleAssignment @params DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId PrincipalType ResourceDisplayName --------------- -- --------- --------------- -------------------- ----------- ------------- ------------------- A1bC2dE3fH4iJ5kL6mN7oP8qR9sT0u 00aa00aa-bb11-cc22-dd33-44ee44ee44ee 06/18/2024 09:47:00 Sawyer Miller 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 User Box</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign a user to an application role in Microsoft Entra ID.</maml:para> <maml:para>For more information on how to retrieve application roles for an application, see description of the Id parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/New-EntraUserAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUserAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraAdministrativeUnit</command:name> <command:verb>Remove</command:verb> <command:noun>EntraAdministrativeUnit</command:noun> <maml:description> <maml:para>Removes an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraAdministrativeUnit` cmdlet removes an administrative unit from Microsoft Entra ID. Specify the `ObjectId` parameter to remove of administrative unit.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraAdministrativeUnit</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Remove an administrative unit ----------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All' Remove-EntraAdministrativeUnit -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This example removes an administrative unit from Microsoft Entra ID.</maml:para> <maml:para>- `-ObjectId` - specifies the unique identifier (ID) of the administrative unit, which you want to remove. In this example, `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` represents the ID of the administrative unit.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraAdministrativeUnit</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraAdministrativeUnitMember</command:name> <command:verb>Remove</command:verb> <command:noun>EntraAdministrativeUnitMember</command:noun> <maml:description> <maml:para>Removes an administrative unit member.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraAdministrativeUnitMember` cmdlet removes an administrative unit member in Microsoft Entra ID. Specify `ObjectId` and `MemberId` to Remove an administrative unit member.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraAdministrativeUnitMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>MemberId</maml:name> <maml:description> <maml:para>Specifies the ID of the administrative unit member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>MemberId</maml:name> <maml:description> <maml:para>Specifies the ID of the administrative unit member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Remove an administrative unit member -------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.Read.All' $params = @{ ObjectId = 'bbbbbbbb-1111-2222-3333-cccccccccccc' MemberId = 'eeeeeeee-4444-5555-6666-ffffffffffff' } Remove-EntraAdministrativeUnitMember @params</dev:code> <dev:remarks> <maml:para>This command removes a specified member (user or group) from a specified administrative unit.</maml:para> <maml:para>- `-ObjectId` - specifies the unique identifier (ID) of the administrative unit from which you want to remove a member. In this example, `bbbbbbbb-1111-2222-3333-cccccccccccc` represents the ObjectId of the administrative unit.</maml:para> <maml:para>- `-MemberId` - specifies the unique identifier (Object ID) of the user or group you want to remove from the administrative unit. In this example, `eeeeeeee-4444-5555-6666-ffffffffffff` is the Object ID of the member being removed.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraAdministrativeUnitMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraAdministrativeUnitMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAdministrativeUnitMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplication</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplication</command:noun> <maml:description> <maml:para>Delete an application by ObjectId.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraApplication` cmdlet removes the specified application from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplication</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Remove an application ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' Remove-EntraApplication -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This command removes the specified application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplication</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationExtensionProperty</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationExtensionProperty</command:noun> <maml:description> <maml:para>Removes an application extension property.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraApplicationExtensionProperty` cmdlet removes an application extension property for an object in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationExtensionProperty</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExtensionPropertyId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the extension property to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExtensionPropertyId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the extension property to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Remove an application extension property -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '22223333-cccc-4444-dddd-5555eeee6666' ExtensionPropertyId = 'cccc2222-dd33-4444-55ee-666666ffffff' } Remove-EntraApplicationExtensionProperty @params</dev:code> <dev:remarks> <maml:para>This command removes the extension property that has the specified ID from an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationExtensionProperty</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplicationExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationKey</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationKey</command:noun> <maml:description> <maml:para>Removes a key from an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Removes a key from an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationKey</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the object specific Microsoft Entra ID object</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>The key id corresponding to the key object to be removed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Proof</maml:name> <maml:description> <maml:para>The JWT token provided as a proof of possession.</maml:para> <maml:para>A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed with a private key that corresponds to one of the existing valid certificates associated with the application. The token should contain the following claims:</maml:para> <maml:para>- `aud`: Audience needs to be 00000002-0000-0000-c000-000000000000.</maml:para> <maml:para>- `iss`: Issuer needs to be the ID of the application that initiates the request.</maml:para> <maml:para>- `nbf`: Not before time.</maml:para> <maml:para>- `exp`: Expiration time should be the value of nbf + 10 minutes.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the object specific Microsoft Entra ID object</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>The key id corresponding to the key object to be removed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Proof</maml:name> <maml:description> <maml:para>The JWT token provided as a proof of possession.</maml:para> <maml:para>A self-signed JWT token used as a proof of possession of the existing keys. This JWT token must be signed with a private key that corresponds to one of the existing valid certificates associated with the application. The token should contain the following claims:</maml:para> <maml:para>- `aud`: Audience needs to be 00000002-0000-0000-c000-000000000000.</maml:para> <maml:para>- `iss`: Issuer needs to be the ID of the application that initiates the request.</maml:para> <maml:para>- `nbf`: Not before time.</maml:para> <maml:para>- `exp`: Expiration time should be the value of nbf + 10 minutes.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Removes a key credential from an application ---</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' KeyId = 'cccccccc-2d2d-3e3e-4f4f-555555555555' Proof = {token} } Remove-EntraApplicationKey @params</dev:code> <dev:remarks> <maml:para>This command removes the specified key credential from the specified application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationKey</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplicationKey</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationKeyCredential</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationKeyCredential</command:noun> <maml:description> <maml:para>Removes a key credential from an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraApplicationKeyCredential` cmdlet removes a key credential from an application.</maml:para> <maml:para>An application can use this command along with `New-EntraApplicationKeyCredential` to automate the rolling of its expiring keys.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>Specifies a custom key ID. The unique identifier for the password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>Specifies a custom key ID. The unique identifier for the password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Remove a key credential --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "DisplayName eq '<Application-DisplayName>'" $params = @{ ObjectId = $application.Id KeyId = 'aaaaaaaa-0b0b-1c1c-2d2d-333333333333' } Remove-EntraApplicationKeyCredential @params</dev:code> <dev:remarks> <maml:para>This command removes the specified key credential from the specified application.</maml:para> <maml:para>- `-ObjectId` Specifies the ID of an application.</maml:para> <maml:para>- `-KeyId` Specifies a custom key ID. Use `Get-EntraApplicationKeyCredential` to get the keyId details.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationKeyCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplicationKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationOwner</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationOwner</command:noun> <maml:description> <maml:para>Removes an owner from an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraApplicationOwner` cmdlet removes an owner from an application in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies the ID of the owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies the ID of the owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Remove an owner from an application --------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $params = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' OwnerId = 'bbbbbbbb-1111-2222-3333-cccccccccccc' } Remove-EntraApplicationOwner @params</dev:code> <dev:remarks> <maml:para>This command removes the specified owner from the specified application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraApplicationOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationPassword</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationPassword</command:noun> <maml:description> <maml:para>Remove a password from an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Remove a password from an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>The unique identifier for the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>The unique identifier for the key.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>string</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Removes a password from an application ------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "DisplayName eq '<Application-DisplayName>'" $params = @{ ObjectId = $application.Id KeyId = 'cccccccc-2d2d-3e3e-4f4f-555555555555' } Remove-EntraApplicationPassword @params</dev:code> <dev:remarks> <maml:para>This example removes the specified password from the specified application.</maml:para> <maml:para>- `-ObjectId` parameter specifies the unique identifier of the application.</maml:para> <maml:para>- `-KeyId` parameter specifies the unique identifier of the PasswordCredential.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationPassword</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplicationPassword</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationPasswordCredential</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationPasswordCredential</command:noun> <maml:description> <maml:para>Removes a password credential from an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraApplicationPasswordCredential` cmdlet removes a password credential from an application in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationPasswordCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>The unique identifier for the password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>The unique identifier for the password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Remove an application password credential -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $application = Get-EntraApplication -Filter "displayName eq 'Contoso Helpdesk App'" $KeyIDs = Get-EntraApplicationPasswordCredential -ObjectId $application.Id Remove-EntraApplicationPasswordCredential -ObjectId $application.Id -KeyId $KeyIds[0].KeyId</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove the password credential for an application.</maml:para> <maml:para>- `ObjectId` Specifies the ID of the application. Use `Get-EntraApplication` to get application ObjectId value.</maml:para> <maml:para>- `KeyId` Specifies the ID of the password credential. Use `Get-EntraApplicationPasswordCredential` to retrieve a specific credential details.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationPasswordCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplicationPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationProxyApplication</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationProxyApplication</command:noun> <maml:description> <maml:para>Deletes an Application Proxy application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraApplicationProxyApplication cmdlet removes Application Proxy configurations from a specific application in Microsoft Entra ID, and can delete the application completely if specified.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationProxyApplication</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application Id of the application. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to Azure AD > App registrations > All applications. Select your application. This takes you to the application's overview page. Use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RemoveADApplication</maml:name> <maml:description> <maml:para>This allows you to delete application completely. When this is false (default), Application Proxy properties are removed from the application, but the application still exists. If this is true, the application is removed from Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application Id of the application. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to Azure AD > App registrations > All applications. Select your application. This takes you to the application's overview page. Use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RemoveADApplication</maml:name> <maml:description> <maml:para>This allows you to delete application completely. When this is false (default), Application Proxy properties are removed from the application, but the application still exists. If this is true, the application is removed from Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Remove a Proxy Application ------------</maml:title> <dev:code>PS C:\> Remove-EntraApplicationProxyApplication -ObjectId 257098d1-f8dd-4efb-88a2-1c92d3654f10</dev:code> <dev:remarks> <maml:para>This command removes a Proxy Application.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Remove a Proxy Application, and remove it from Microsoft Entra ID completely</maml:title> <dev:code>PS C:\> Remove-EntraApplicationProxyApplication -ObjectId 0d7b0f02-3f63-414d-8d20-4b8bd0291e42 -RemoveADApplication $true</dev:code> <dev:remarks> <maml:para>This command removes a Proxy Application, and removes it from Microsoft Entra ID completely.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationProxyApplication</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationProxyApplicationConnectorGroup</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationProxyApplicationConnectorGroup</command:noun> <maml:description> <maml:para>The Remove-EntraApplicationProxyApplicationConnectorGroup cmdlet sets the connector group assigned for the specified application to 'Default' and removes the current assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>If your application is already in the 'Default' group, you see an error because the application can't be removed from the 'Default' group unless it's being added to another group. The application must be configured for Application Proxy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationProxyApplicationConnectorGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application ID of the application. ObjectId can be found using the Get-EntraApplication command. You can also find ObjectId in the Microsoft Entra ID Portal by navigating to Microsoft Entra ID > App registrations > All applications. Select your application. This will takes you to the application's overview page. Use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application ID of the application. ObjectId can be found using the Get-EntraApplication command. You can also find ObjectId in the Microsoft Entra ID Portal by navigating to Microsoft Entra ID > App registrations > All applications. Select your application. This will takes you to the application's overview page. Use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Remove the Connector Group associated with an application.</maml:title> <dev:code>PS C:\> Remove-EntraApplicationProxyApplicationConnectorGroup -ObjectId 59462d3c-a1bc-40a0-9bed-be799357ebce</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove the Connector Group associated with an application, setting the group to 'Default.'</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationProxyApplicationConnectorGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationProxyConnectorGroup</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationProxyConnectorGroup</command:noun> <maml:description> <maml:para>The Remove-EntraApplicationProxyConnectorGroup cmdlet deletes an Application Proxy Connector group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraApplicationProxyConnectorGroup cmdlet deletes an Application Proxy Connector Group. It can only be used on an empty connector group, with no connectors assigned.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationProxyConnectorGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the Connector group to delete. You can find this value by running the Get-EntraApplicationProxyConnectorGroup command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the Connector group to delete. You can find this value by running the Get-EntraApplicationProxyConnectorGroup command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Remove a specific Connector Group ---------</maml:title> <dev:code>PS C:\> Remove-EntraApplicationProxyConnectorGroup -Id 59462d3c-a1bc-40a0-9bed-be799357ebce</dev:code> <dev:remarks> <maml:para>This example demonstrates how to Remove a specific Connector Group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationProxyConnectorGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraApplicationVerifiedPublisher</command:name> <command:verb>Remove</command:verb> <command:noun>EntraApplicationVerifiedPublisher</command:noun> <maml:description> <maml:para>Removes the verified publisher from an application.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Removes the verified publisher from an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraApplicationVerifiedPublisher</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID Application object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID Application object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Remove the verified publisher from an application -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $appObjId = '22223333-cccc-4444-dddd-5555eeee6666' Remove-EntraApplicationVerifiedPublisher -AppObjectId $appObjId</dev:code> <dev:remarks> <maml:para>This command demonstrates how to remove the verified publisher from an application. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraApplicationVerifiedPublisher</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraApplicationVerifiedPublisher</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraConditionalAccessPolicy</command:name> <command:verb>Remove</command:verb> <command:noun>EntraConditionalAccessPolicy</command:noun> <maml:description> <maml:para>Deletes a conditional access policy in Microsoft Entra ID by ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to delete a conditional access policy in Microsoft Entra ID by ID.</maml:para> <maml:para>Conditional access policies are custom rules that define an access scenario.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraConditionalAccessPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the policy ID of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the policy ID of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Deletes a conditional access policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' Remove-EntraConditionalAccessPolicy -PolicyId '3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7'</dev:code> <dev:remarks> <maml:para>This command deletes a conditional access policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraConditionalAccessPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraContact</command:name> <command:verb>Remove</command:verb> <command:noun>EntraContact</command:noun> <maml:description> <maml:para>Removes a contact.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraContact removes a contact from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraContact</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------------- Example 1: Remove a contact -----------------</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All' $Contact = Get-EntraContact -Top 1 Remove-EntraContact -ObjectId $Contact.ObjectId</dev:code> <dev:remarks> <maml:para>The example shows how to remove a contact.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraContact</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraContact</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDeletedApplication</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDeletedApplication</command:noun> <maml:description> <maml:para>Permanently delete a recently deleted application object from deleted items.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Permanently delete a recently deleted application object from deleted items. After an item is permanently deleted, it can't be restored.</maml:para> <maml:para>For delegated scenarios, the calling user needs to have at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- To permanently delete deleted applications or service principals: Application Administrator, Cloud Application Administrator, or Hybrid Identity Administrator.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDeletedApplication</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of deleted application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique identifier of deleted application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Remove deleted application object ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $Id = Get-EntraDeletedApplication -SearchString 'My Entra PowerShell Application' Remove-EntraDeletedApplication -ObjectId $Id.id</dev:code> <dev:remarks> <maml:para>This command removes recently deleted application.</maml:para> <maml:para>- `ObjectId`: The ObjectId of the deleted application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDeletedApplication</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeletedApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Restore-EntraDeletedApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDeletedDirectoryObject</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDeletedDirectoryObject</command:noun> <maml:description> <maml:para>This cmdlet is used to permanently delete a previously deleted directory object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to permanently delete a previously deleted directory object.</maml:para> <maml:para>When a directory object is permanently deleted, it can no longer be restored.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDeletedDirectoryObject</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the directory object that is permanently deleted.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the directory object that is permanently deleted.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Delete a previously deleted directory object ---</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Application resource type Connect-Entra -Scopes 'Group.ReadWrite.All' #Group resource type Connect-Entra -Scopes 'Application.ReadWrite.All' #Service Principal resource type Connect-Entra -Scopes 'User.ReadWrite.All' #User resource type Remove-EntraDeletedDirectoryObject -Id 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to permanently delete a previously deleted directory object by Id.</maml:para> <maml:para>NOTE: For delegated scenarios, the calling user needs to have at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- To permanently delete deleted applications or service principals: `Application Administrator`, `Cloud Application Administrator`, or `Hybrid Identity Administrator`.</maml:para> <maml:para>- To permanently delete deleted users: `User Administrator`.</maml:para> <maml:para>- To permanently delete deleted groups: `Groups Administrator`.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDeletedDirectoryObject</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeletedDirectoryObject</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Restore-EntraDeletedDirectoryObject</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDevice</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDevice</command:noun> <maml:description> <maml:para>Deletes a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraDevice` cmdlet removes a device from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDevice</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Remove a device ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission Remove-EntraDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This command removes the specified device.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDevice</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDeviceRegisteredOwner</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDeviceRegisteredOwner</command:noun> <maml:description> <maml:para>Removes the registered owner of a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraDeviceRegisteredOwner` cmdlet removes the registered owner of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDeviceRegisteredOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies an owner ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies an owner ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Remove an owner from a device -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' $Device = Get-EntraDevice -Top 1 $Owner = Get-EntraDeviceRegisteredOwner -ObjectId $Device.ObjectId Remove-EntraDeviceRegisteredOwner -ObjectId $Device.ObjectId -OwnerId $Owner.ObjectId</dev:code> <dev:remarks> <maml:para>This examples shows how to remove the owner of a device.</maml:para> <maml:para>- The first command gets a device by using the Get-EntraDevice (./Get-EntraDevice.md)cmdlet, and then stores it in the `$Device` variable. - The second command retrieves the registered owner of the device in `$Device` by using the Get-EntraDeviceRegisteredOwner (./Get-EntraDeviceRegisteredOwner.md)cmdlet. - The command stores the details in the `$Owner` variable. - The final command removes the owner in `$Owner` from the device in `$Device`.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraDeviceRegisteredOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeviceRegisteredOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDeviceRegisteredUser</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDeviceRegisteredUser</command:noun> <maml:description> <maml:para>Removes a registered user from a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraDeviceRegisteredUser` cmdlet removes a registered user from a Microsoft Entra ID device.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDeviceRegisteredUser</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the ID of a user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>UserId</maml:name> <maml:description> <maml:para>Specifies the ID of a user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Remove a registered user from a device ------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' $Device = Get-EntraDevice -Top 1 $User = Get-EntraDeviceRegisteredUser -ObjectId $Device.ObjectId Remove-EntraDeviceRegisteredOwner -ObjectId $Device.ObjectId -OwnerId $Owner.ObjectId</dev:code> <dev:remarks> <maml:para>This example shows how to remove the registered user from device. - The first command gets a device by using the Get-EntraDevice (./Get-EntraDevice.md)cmdlet, and then stores it in the `$Device` variable.</maml:para> <maml:para>- The second command gets the registered user for the device in `$Device` by using the Get-EntraDeviceRegisteredUser (./Get-EntraDeviceRegisteredUser.md)cmdlet.The command stores it in the `$User` variable.</maml:para> <maml:para>- The final command removes the user in `$User` from the device in `$Device`.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDeviceRegisteredUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraDeviceRegisteredUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeviceRegisteredUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDirectoryRoleMember</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDirectoryRoleMember</command:noun> <maml:description> <maml:para>Removes a member of a directory role.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraDirectoryRoleMember` cmdlet removes a member from a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDirectoryRoleMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>MemberId</maml:name> <maml:description> <maml:para>Specifies the object ID of a role member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>MemberId</maml:name> <maml:description> <maml:para>Specifies the object ID of a role member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a directory role in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------- Example 1: Remove a member from a directory role -------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $params = @{ ObjectId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee' MemberId = '11bb11bb-cc22-dd33-ee44-55ff55ff55ff' } Remove-EntraDirectoryRoleMember @params</dev:code> <dev:remarks> <maml:para>This command removes the specified member from the specified role.</maml:para> <maml:para>- `-ObjectId` - specifies the unique identifier (ObjectId) of the directory role from which the member will be removed.</maml:para> <maml:para>- `-MemberId` - specifies the unique identifier (MemberId) of the member (user, group, or service principal) that is to be removed from the specified directory role.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDirectoryRoleMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraDirectoryRoleMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirectoryRoleMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraDomain</command:name> <command:verb>Remove</command:verb> <command:noun>EntraDomain</command:noun> <maml:description> <maml:para>Removes a domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraDomain` cmdlet removes a domain from Microsoft Entra ID.</maml:para> <maml:para>Important:</maml:para> <maml:para>- Deleted domains are not recoverable.</maml:para> <maml:para>- Attempts to delete will fail if there are any resources or objects still dependent on the domain.</maml:para> <maml:para></maml:para> <maml:para>The work or school account needs to belong to at least the `Domain Name Administrator` Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraDomain</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the domain to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specifies the name of the domain to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Remove a domain ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' Remove-EntraDomain -Name Contoso.com</dev:code> <dev:remarks> <maml:para>This command removes a domain from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraDomain</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Confirm-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraGroup</command:name> <command:verb>Remove</command:verb> <command:noun>EntraGroup</command:noun> <maml:description> <maml:para>Removes a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraGroup cmdlet removes a group from Microsoft Entra ID. Note that a Unified Group can be restored withing 30 days after deletion using the Restore-EntraDeletedDirectoryObject cmdlet. Security groups can't be restored after deletion. Notes on permissions: The following conditions apply for apps to delete role-assignable groups:</maml:para> <maml:para>- For delegated scenarios, the app must be assigned the `RoleManagement.ReadWrite.Directory` delegated permission, and the calling user must be the creator of the group or be assigned at least the Privileged Role Administrator Microsoft Entra role.</maml:para> <maml:para>- For app-only scenarios, the calling app must be the owner of the group or be assigned the `RoleManagement.ReadWrite.Directory` application permission or be assigned at least the Privileged Role Administrator Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Remove a group ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' $group = Get-EntraGroup -Filter "DisplayName eq 'HelpDesk Team Leaders'" Remove-EntraGroup -ObjectId $group.Id</dev:code> <dev:remarks> <maml:para>This command is used to remove a group. The `-ObjectId` parameter specifies the ID of the group to be removed.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraGroup</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraGroupAppRoleAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>EntraGroupAppRoleAssignment</command:noun> <maml:description> <maml:para>Delete a group application role assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraGroupAppRoleAssignment cmdlet removes a group application role assignment from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraGroupAppRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppRoleAssignmentId</maml:name> <maml:description> <maml:para>Specifies the object ID of the group application role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppRoleAssignmentId</maml:name> <maml:description> <maml:para>Specifies the object ID of the group application role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Removes a group application role assignment ----</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All' Remove-AzureADGroupAppRoleAssignment -ObjectId 'hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq' -AppRoleAssignmentId 'CcDdEeFfGgHhIiJjKkLlMmNnOoPpQq3'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove the specified group application role assignment. ObjectId - Specifies the object ID of a group. AppRoleAssignmentId - Specifies the object ID of the group application role assignment.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraGroupAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroupAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraGroupLifecyclePolicy</command:name> <command:verb>Remove</command:verb> <command:noun>EntraGroupLifecyclePolicy</command:noun> <maml:description> <maml:para>Deletes a groupLifecyclePolicies object</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraGroupLifecyclePolicy command deletes a groupLifecyclePolicies object in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraGroupLifecyclePolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the groupLifecyclePolicies object that this cmdlet removes.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the groupLifecyclePolicies object that this cmdlet removes.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Remove a groupLifecyclePolicies. ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All' Remove-EntraGroupLifecyclePolicy -Id '1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5'</dev:code> <dev:remarks> <maml:para>This cmdlet deletes the groupLifecyclePolicies object that has the specified ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraGroupLifecyclePolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraGroupMember</command:name> <command:verb>Remove</command:verb> <command:noun>EntraGroupMember</command:noun> <maml:description> <maml:para>Removes a member from a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraGroupMember cmdlet removes a member from a group in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraGroupMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>MemberId</maml:name> <maml:description> <maml:para>Specifies the ID of the member to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>MemberId</maml:name> <maml:description> <maml:para>Specifies the ID of the member to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Remove a member ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.ReadWrite.All' Remove-EntraGroupMember -ObjectId 'hhhhhhhh-3333-5555-3333-qqqqqqqqqqqq' -MemberId 'zzzzzzzz-6666-8888-9999-pppppppppppp'</dev:code> <dev:remarks> <maml:para>This command removes the specified member from the specified group. ObjectId - Specifies the object ID of a group in Microsoft Entra ID.</maml:para> <maml:para>MemberId - Specifies the ID of the member to remove.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraGroupMember</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraGroupMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupMember</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraGroupOwner</command:name> <command:verb>Remove</command:verb> <command:noun>EntraGroupOwner</command:noun> <maml:description> <maml:para>Removes an owner from a group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraGroupOwner cmdlet removes an owner from a group in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraGroupOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies the ID of an owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies the ID of an owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Remove an owner ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Remove-EntraGroupOwner -ObjectId 'qqqqqqqq-5555-0000-1111-hhhhhhhhhhhh' -OwnerId 'xxxxxxxx-8888-5555-9999-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove an owner from a group in Microsoft Entra ID.</maml:para> <maml:para>ObjectID - Specifies the ID of a group in Microsoft Entra ID. OwnerId - Specifies the ID of an owner.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraGroupOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraGroupOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraIdentityProvider</command:name> <command:verb>Remove</command:verb> <command:noun>EntraIdentityProvider</command:noun> <maml:description> <maml:para>This cmdlet is used to delete an identity provider in the directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to delete an identity provider that has been configured in the directory.</maml:para> <maml:para>The identity provider is permanently deleted.</maml:para> <maml:para>The work or school account needs to belong to at least the External Identity Provider Administrator Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraIdentityProvider</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier for an identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier for an identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Connect-Entra -Scopes 'IdentityProvider.ReadWrite.All' Remove-EntraIdentityProvider -Id LinkedIn-OAUTH</dev:code> <dev:remarks> <maml:para>This command demonstrates how to remove the specified identity provider.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraIdentityProvider</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraIdentityProvider</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraLifecyclePolicyGroup</command:name> <command:verb>Remove</command:verb> <command:noun>EntraLifecyclePolicyGroup</command:noun> <maml:description> <maml:para>Removes a group from a lifecycle policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraLifecyclePolicyGroup cmdlet removes a group from a lifecycle policy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraLifecyclePolicyGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the lifecycle policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of the lifecycle policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Remove a group from a lifecycle policy ------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All' Remove-EntraLifecyclePolicyGroup -Id '1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5' -GroupId 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove a group from a lifecycle policy in Microsoft Entra ID with specified Id and groupId. Id - Specifies the ID of the lifecycle policy object. GroupId - Specifies the ID of a group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraLifecyclePolicyGroup</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraLifecyclePolicyGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraLifecyclePolicyGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraNamedLocationPolicy</command:name> <command:verb>Remove</command:verb> <command:noun>EntraNamedLocationPolicy</command:noun> <maml:description> <maml:para>Deletes a Microsoft Entra ID named location policy by PolicyId.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to delete the Microsoft Entra ID named location policy.</maml:para> <maml:para>Named locations are custom rules that define network locations, which can then be used in a Conditional Access policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraNamedLocationPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Deletes a named location policy in Microsoft Entra ID with given PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' Remove-EntraNamedLocationPolicy -PolicyId '1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5'</dev:code> <dev:remarks> <maml:para>This command demonstrates how to delete the named location policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraNamedLocationPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraOAuth2PermissionGrant</command:name> <command:verb>Remove</command:verb> <command:noun>EntraOAuth2PermissionGrant</command:noun> <maml:description> <maml:para>Removes an oAuth2PermissionGrant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraOAuth2PermissionGrant` cmdlet removes an oAuth2PermissionGrant object in Microsoft Entra ID.</maml:para> <maml:para>When a delegated permission grant is deleted, the access it granted is revoked. Existing access tokens will continue to be valid for their lifetime, but new access tokens will not be granted for the delegated permissions identified in the deleted oAuth2PermissionGrant.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraOAuth2PermissionGrant</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an oAuth2PermissionGrant object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an oAuth2PermissionGrant object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Remove an OAuth2 permission grant ---------</maml:title> <dev:code>Connect-Entra -Scopes 'DelegatedPermissionGrant.ReadWrite.All' $SharePointSP = Get-EntraServicePrincipal | Where-Object {$_.DisplayName -eq 'Microsoft.SharePoint'} $SharePointOA2AllSitesRead = Get-EntraOAuth2PermissionGrant | Where-Object {$_.ResourceId -eq $SharePointSP.ObjectId} | Where-Object {$_.Scope -eq 'AllSites.Read'} Remove-EntraOAuth2PermissionGrant -ObjectId $SharePointOA2AllSitesRead.ObjectId</dev:code> <dev:remarks> <maml:para>This example shows how to remove an oAuth2PermissionGrant object in Microsoft Entra ID.</maml:para> <maml:para>- The first command gets a service principal that matches the specified display name by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md)cmdlet. The command stores the result in the $SharePointSP variable.</maml:para> <maml:para>- The second command gets certain permission grants by using the Get-EntraOAuth2PermissionGrant (./Get-EntraOAuth2PermissionGrant.md)cmdlet. The command stores the result in the $SharePointOA2AllSitesRead variable.</maml:para> <maml:para>- The final command removes the permission grant in $SharePointOA2AllSitesRead.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraOAuth2PermissionGrant</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraOAuth2PermissionGrant</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraPermissionGrantConditionSet</command:name> <command:verb>Remove</command:verb> <command:noun>EntraPermissionGrantConditionSet</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID permission grant condition set by ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Delete a Microsoft Entra ID permission grant condition set object by ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraPermissionGrantConditionSet</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant condition set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant condition set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Delete a permission grant condition set from a policy</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ PolicyId = 'policy1' ConditionSetType = 'excludes' Id = '1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5' } Remove-EntraPermissionGrantConditionSet @params</dev:code> <dev:remarks> <maml:para>This command demonstrates how to remove the Microsoft Entra ID permission grant condition set by ID. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraPermissionGrantConditionSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraPermissionGrantPolicy</command:name> <command:verb>Remove</command:verb> <command:noun>EntraPermissionGrantPolicy</command:noun> <maml:description> <maml:para>Removes a permission grant policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraPermissionGrantPolicy` cmdlet removes a Microsoft Entra ID permission grant policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraPermissionGrantPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Remove a permission grant policy ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' Remove-EntraPermissionGrantPolicy -Id 'my_permission_grant_policy_id'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove permission grant policy with specified ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraPermissionGrantPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraPolicy</command:name> <command:verb>Remove</command:verb> <command:noun>EntraPolicy</command:noun> <maml:description> <maml:para>Removes a policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraPolicy` cmdlet removes a policy from Microsoft Entra ID. Specify `Id` parameter to remove a specific policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the policy you want to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the policy you want to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------ Example 1: Remove a policy ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.Read.ApplicationConfiguration' Remove-EntraPolicy -Id 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'</dev:code> <dev:remarks> <maml:para>This command removes the specified policy from Microsoft Entra ID.</maml:para> <maml:para>- `-Id` - specifies the ID of the policy you want to remove. In this example, `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` represents the ID of the Policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Get-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraRoleAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>EntraRoleAssignment</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID roleAssignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraRoleAssignment` cmdlet removes a role assignment from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Remove a role assignment -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' #For the directory (Microsoft Entra ID) provider Connect-Entra -Scopes 'EntitlementManagement.ReadWrite.All' #For the entitlement management provider Remove-EntraRoleAssignment -Id Y1vFBcN4i0e3ngdNDocmngJAWGnAbFVAnJQyBBLv1lM-1</dev:code> <dev:remarks> <maml:para>Removes the specified role assignment from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraRoleDefinition</command:name> <command:verb>Remove</command:verb> <command:noun>EntraRoleDefinition</command:noun> <maml:description> <maml:para>Delete a Microsoft Entra ID roleDefinition by ObjectId.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Delete a Microsoft Entra ID roleDefinition object by ID.</maml:para> <maml:para>You can't delete built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>string</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------- Example 1: Remove a specified role definition --------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Remove-EntraRoleDefinition -Id a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove the specified role definition from Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraScopedRoleMembership</command:name> <command:verb>Remove</command:verb> <command:noun>EntraScopedRoleMembership</command:noun> <maml:description> <maml:para>Removes a scoped role membership.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraScopedRoleMembership` cmdlet removes a scoped role membership from Microsoft Entra ID. Specify `ObjectId` and `ScopedRoleMembershipId` parameter to remove a scoped role membership.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraScopedRoleMembership</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ScopedRoleMembershipId</maml:name> <maml:description> <maml:para>Specifies the ID of the scoped role membership to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ScopedRoleMembershipId</maml:name> <maml:description> <maml:para>Specifies the ID of the scoped role membership to remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Removes a scoped role membership ---------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.Read.Directory' $params = @{ ObjectId = 'aaaaaaaa-bbbb-aaaa-bbbb-cccccccccccc' ScopedRoleMembershipId = 'dddddddddddd-bbbb-aaaa-bbbb-cccccccccccc' } Remove-EntraScopedRoleMembership @params</dev:code> <dev:remarks> <maml:para>This cmdlet removes a specific scoped role membership from Microsoft Entra ID.</maml:para> <maml:para>- `ObjectId` - specifies the object (ID) which you want to remove. In this example, `aaaaaaaa-2222-bbbb-aaaa-cccccccccccc` represents the ID of the Administrative Unit.</maml:para> <maml:para>- `ScopedRoleMembershipId` - This parameter specifies the unique identifier (ID) of the scoped role membership that you want to remove. In this example, aaaaaaaa-bbbb-1111-aaaa-ddddddddddd represents the ID of the ScopedRoleMembership. To obtain the details of a scoped role membership, you can use the `Get-EntraScopedRoleMembership` command</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraScopedRoleMembership</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraScopedRoleMembership</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraScopedRoleMembership</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraServiceAppRoleAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>EntraServiceAppRoleAssignment</command:noun> <maml:description> <maml:para>Removes a service principal application role assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraServiceAppRoleAssignment` cmdlet removes a service principal application role assignment in Microsoft Entra ID.</maml:para> <maml:para>App roles which are assigned to service principals are also known as application permissions. Deleting an app role assignment for a service principal is equivalent to revoking the app-only permission grant.</maml:para> <maml:para>For delegated scenarios, the calling user needs at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- Directory Synchronization Accounts</maml:para> <maml:para>- Directory Writer</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> <maml:para>- Identity Governance Administrator</maml:para> <maml:para>- Privileged Role Administrator</maml:para> <maml:para>- User Administrator</maml:para> <maml:para>- Application Administrator</maml:para> <maml:para>- Cloud Application Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraServiceAppRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppRoleAssignmentId</maml:name> <maml:description> <maml:para>Specifies the ID of the application role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppRoleAssignmentId</maml:name> <maml:description> <maml:para>Specifies the ID of the application role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Removes a service principal application role assignment</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' Remove-EntraServiceAppRoleAssignment -ObjectId '11112222-bbbb-3333-cccc-4444dddd5555' -AppRoleAssignmentId '2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove a service principal application role assignment in Microsoft Entra ID.</maml:para> <maml:para>- `-ObjectId` - specifies the unique identifier (Object ID) of the service principal or user from which you want to remove an app role assignment. In this example, `11112222-bbbb-3333-cccc-4444dddd5555` is the Object ID of the target service principal or user.</maml:para> <maml:para>- `-AppRoleAssignmentId` - specifies the unique identifier (ID) of the app role assignment that you want to remove. The value `2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6` represents the ID of the specific app role assignment to be removed.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraServiceAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServiceAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServiceAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraServicePrincipal</command:name> <command:verb>Remove</command:verb> <command:noun>EntraServicePrincipal</command:noun> <maml:description> <maml:para>Removes a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraServicePrincipal cmdlet removes a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraServicePrincipal</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Removes a service principal ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission Remove-EntraServicePrincipal -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraServicePrincipal</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraServicePrincipalDelegatedPermissionClassification</command:name> <command:verb>Remove</command:verb> <command:noun>EntraServicePrincipalDelegatedPermissionClassification</command:noun> <maml:description> <maml:para>Remove delegated permission classification.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraServicePrincipalDelegatedPermissionClassification cmdlet deletes the given delegated permission classification by ID from service principal.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraServicePrincipalDelegatedPermissionClassification</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a delegated permission classification object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ServicePrincipalId</maml:name> <maml:description> <maml:para>The unique identifier of a service principal object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a delegated permission classification object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Remove a delegated permission classification ---</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' Remove-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId '11112222-bbbb-3333-cccc-4444dddd5555' -Id '3cccccc3-4dd4-5ee5-6ff6-7aaaaaaaaaa7'</dev:code> <dev:remarks> <maml:para>This command deletes the delegated permission classification by ID from the service principal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraServicePrincipalDelegatedPermissionClassification</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalDelegatedPermissionClassification</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraServicePrincipalDelegatedPermissionClassification</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraServicePrincipalKeyCredential</command:name> <command:verb>Remove</command:verb> <command:noun>EntraServicePrincipalKeyCredential</command:noun> <maml:description> <maml:para>Removes a key credential from a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraServicePrincipalKeyCredential cmdlet removes a key credential from a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraServicePrincipalKeyCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>Specifies the ID of a key credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>Specifies the ID of a key credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Remove a key credential --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $SPObjectID = (Get-EntraServicePrincipal -SearchString 'Entra Multi-Factor Auth Client').ObjectID Get-EntraServicePrincipalKeyCredential -ObjectId $SPObjectID Remove-EntraServicePrincipalKeyCredential -ObjectID $SPObjectID -KeyId <PASTE_KEYID_VALUE></dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove a key credential from a service principal in Microsoft Entra ID.</maml:para> <maml:para>- First command stores the ObjectID of your service principal in the $SPObjectID variable.</maml:para> <maml:para>- The second command gets all the Key Credentials for the service principal. Copy the preferred KeyID associated with the certificate to be removed and paste it at the <PASTE_KEYID_VALUE> in the third command.</maml:para> <maml:para>- The last command removes the certificate (key credential) from the service principal configuration.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraServicePrincipalKeyCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServicePrincipalKeyCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraServicePrincipalOwner</command:name> <command:verb>Remove</command:verb> <command:noun>EntraServicePrincipalOwner</command:noun> <maml:description> <maml:para>Removes an owner from a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraServicePrincipalOwner` cmdlet removes an owner from a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraServicePrincipalOwner</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies the ID of the owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>OwnerId</maml:name> <maml:description> <maml:para>Specifies the ID of the owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Removes an owner from a service principal -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $servicePrincipal = Get-EntraServicePrincipal -Filter "DisplayName eq '<ServicePrincipal-DisplayName>'" $owner = Get-EntraUser -ObjectId 'SawyerM@contoso.com' $params= @{ ObjectId = $servicePrincipal.Id OwnerId = $owner.Id } Remove-EntraServicePrincipalOwner @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove an owner from a service principal in Microsoft Entra ID.</maml:para> <maml:para>- `-ObjectId` parameter specifies the service principal Id.</maml:para> <maml:para>- `-OwnerId` parameter specifies the service principal owner Id.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraServicePrincipalOwner</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Add-EntraServicePrincipalOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalOwner</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraServicePrincipalPasswordCredential</command:name> <command:verb>Remove</command:verb> <command:noun>EntraServicePrincipalPasswordCredential</command:noun> <maml:description> <maml:para>Removes a password credential from a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraServicePrincipalPasswordCredential` cmdlet removes a password credential from a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraServicePrincipalPasswordCredential</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>Specifies the unique identifier of password credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KeyId</maml:name> <maml:description> <maml:para>Specifies the unique identifier of password credential.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All','Application.ReadWrite.OwnedBy' $Params = @{ ObjectID = '00001111-aaaa-2222-bbbb-3333cccc4444' KeyId = 'aaaaaaaa-0b0b-1c1c-2d2d-333333333333' } Remove-EntraServicePrincipalPasswordCredential @Params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to remove a password credential from a service principal in Microsoft Entra ID. - `-ObjectId` parameter specifies the ObjectId of a specified Service Principal Password Credential. - `-KeyId` parameter specifies the unique identifier of a Password Credential.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraServicePrincipalPasswordCredential</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipalPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServicePrincipalPasswordCredential</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraTrustedCertificateAuthority</command:name> <command:verb>Remove</command:verb> <command:noun>EntraTrustedCertificateAuthority</command:noun> <maml:description> <maml:para>Removes a trusted certificate authority.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraTrustedCertificateAuthority cmdlet removes a trusted certificate authority from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraTrustedCertificateAuthority</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CertificateAuthorityInformation</maml:name> <maml:description> <maml:para>Specifies a CertificateAuthorityInformation object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CertificateAuthorityInformation</command:parameterValue> <dev:type> <maml:name>CertificateAuthorityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CertificateAuthorityInformation</maml:name> <maml:description> <maml:para>Specifies a CertificateAuthorityInformation object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CertificateAuthorityInformation</command:parameterValue> <dev:type> <maml:name>CertificateAuthorityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Remove the trusted certificate authorities that are defined in your directory</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' $cer = Get-EntraTrustedCertificateAuthority #Get the CertificateAuthorityInformation object Remove-EntraTrustedCertificateAuthority -CertificateAuthorityInformation $cer[0] Name Value ---- ----- @odata.context https://graph.microsoft.com/v1.0/$metadata#certificateBasedAuthConfiguration/$entity certificateAuthorities {System.Collections.Hashtable, System.Collections.Hashtable, System.Collections.Hashtable...} id 0a0a0a0a-1111-bbbb-2222-3c3c3c3c3c3c</dev:code> <dev:remarks> <maml:para>This command deletes the trusted certificate authorities that are defined in your directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraTrustedCertificateAuthority</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraUser</command:name> <command:verb>Remove</command:verb> <command:noun>EntraUser</command:noun> <maml:description> <maml:para>Removes a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraUser cmdlet removes a user in Microsoft Entra ID.</maml:para> <maml:para>The calling user must be assigned at least one of the following Microsoft Entra roles:</maml:para> <maml:para>- User Administrator</maml:para> <maml:para>- Privileged Authentication Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraUser</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------- Example 1: Remove a user -------------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' Remove-EntraUser -ObjectId 'SawyerM@Contoso.com'</dev:code> <dev:remarks> <maml:para>This command removes the specified user in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraUserAppRoleAssignment</command:name> <command:verb>Remove</command:verb> <command:noun>EntraUserAppRoleAssignment</command:noun> <maml:description> <maml:para>Removes a user application role assignment.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraUserAppRoleAssignment` cmdlet removes a user application role assignment in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraUserAppRoleAssignment</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppRoleAssignmentId</maml:name> <maml:description> <maml:para>Specifies the ID of an application role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a User Principal Name or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppRoleAssignmentId</maml:name> <maml:description> <maml:para>Specifies the ID of an application role assignment.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a User Principal Name or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All' $RemoveAppRoleParams = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' AppRoleAssignmentId = 'C2dE3fH4iJ5kL6mN7oP8qR9sT0uV1w' } Remove-EntraUserAppRoleAssignment @RemoveAppRoleParams</dev:code> <dev:remarks> <maml:para>This example demonstrates how to Remove the user app role assignment in Microsoft Entra ID.</maml:para> <maml:para>- `ObjectId` parameter specifies the user ID.</maml:para> <maml:para>- `AppRoleAssignmentId` parameter specifies the application role assignment ID.</maml:para> <maml:para></maml:para> <maml:para>Use the `Get-EntraUserAppRoleAssignment` cmdlet to get more details.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraUserAppRoleAssignment</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraUserAppRoleAssignment</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraUserExtension</command:name> <command:verb>Remove</command:verb> <command:noun>EntraUserExtension</command:noun> <maml:description> <maml:para>Removes a user extension.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Remove-EntraUserExtension` cmdlet removes a user extension from Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraUserExtension</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExtensionName</maml:name> <maml:description> <maml:para>Specifies the name of an extension.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Remove-EntraUserExtension</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExtensionNames</maml:name> <maml:description> <maml:para>Specifies an array of extension names.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExtensionName</maml:name> <maml:description> <maml:para>Specifies the name of an extension.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExtensionNames</maml:name> <maml:description> <maml:para>Specifies an array of extension names.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies an object ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Remove the "Test Extension" attribute from user: <TestUser@example.com></maml:title> <dev:code>$params = @{ ObjectId = 'TestUser@example.com' ExtensionName = 'Test Extension' } Remove-EntraUserExtension @params</dev:code> <dev:remarks> <maml:para>This will remove the "Test Extension" attribute from user: <TestUser@example.com>.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraUserExtension</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserExtension</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserExtension</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Remove-EntraUserManager</command:name> <command:verb>Remove</command:verb> <command:noun>EntraUserManager</command:noun> <maml:description> <maml:para>Removes a user's manager.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Remove-EntraUserManager cmdlet removes a user's manager in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Remove-EntraUserManager</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a User Principle Name or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a User Principle Name or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Remove the manager of a user -----------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $User = Get-EntraUser -Top 1 Remove-EntraUserManager -ObjectId $User.ObjectId</dev:code> <dev:remarks> <maml:para>This example demonstrates how to removes a user's manager.</maml:para> <maml:para>- The first command gets a user by using the `Get-EntraUser` cmdlet, and then stores it in the $User variable.</maml:para> <maml:para>- The second command removes the user in $User.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Remove-EntraUserManager</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserManager</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Set-EntraUserManager</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Reset-EntraLifeCycleGroup</command:name> <command:verb>Reset</command:verb> <command:noun>EntraLifeCycleGroup</command:noun> <maml:description> <maml:para>Renews a group by updating the RenewedDateTime property on a group to the current DateTime.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Reset-EntraLifeCycleGroup renews a group by updating the RenewedDateTime property on a group to the current DateTime. When a group is renewed, it extends the group expiration by the number of days defined in the policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Reset-EntraLifeCycleGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------- Example 1: Renew a group -------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Reset-EntraLifeCycleGroup -Id 'hhhhhhhh-8888-9999-8888-cccccccccccc'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to renew a specified group. The Reset-EntraLifeCycleGroup renews a specified group by updating the RenewedDateTime property on a group to the current DateTime.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Reset-EntraLifeCycleGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Restore-EntraDeletedApplication</command:name> <command:verb>Restore</command:verb> <command:noun>EntraDeletedApplication</command:noun> <maml:description> <maml:para>Restores a previously deleted application</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet restores a previously deleted application.</maml:para> <maml:para>Restoring an application doesn't restore the associated service principal automatically. You must explicitly restore the deleted service principal.</maml:para> <maml:para>For delegated scenarios, the calling user needs to have at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- Application Administrator</maml:para> <maml:para>- Cloud Application Administrator</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Restore-EntraDeletedApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentifierUris</maml:name> <maml:description> <maml:para>The IdentifierUris of the application that is to be restored</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The ObjectId of the deleted application that is to be restored</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentifierUris</maml:name> <maml:description> <maml:para>The IdentifierUris of the application that is to be restored</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The ObjectId of the deleted application that is to be restored</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Restores a previously deleted application -----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' Get-EntraApplication ObjectId AppId DisplayName -------- ----- ----------- dddddddd-3333-4444-5555-eeeeeeeeeeee 00001111-aaaa-2222-bbbb-3333cccc4444 PowerShellGraphAPI eeeeeeee-4444-5555-6666-ffffffffffff 11112222-bbbb-3333-cccc-4444dddd5555 WingTips ffffffff-5555-6666-7777-aaaaaaaaaaaa 22223333-cccc-4444-dddd-5555eeee6666 AzurePopulator Connect-Entra -Scopes 'Application.ReadWrite.All' Remove-EntraApplication -ObjectId dddddddd-3333-4444-5555-eeeeeeeeeeee Get-EntraDeletedApplication ObjectId AppId DisplayName -------- ----- ----------- dddddddd-3333-4444-5555-eeeeeeeeeeee 00001111-aaaa-2222-bbbb-3333cccc4444 analog Connect-Entra -Scopes 'Application.ReadWrite.All' Restore-EntraDeletedApplication -ObjectId dddddddd-3333-4444-5555-eeeeeeeeeeee ObjectId AppId DisplayName -------- ----- ----------- dddddddd-3333-4444-5555-eeeeeeeeeeee 00001111-aaaa-2222-bbbb-3333cccc4444 analog</dev:code> <dev:remarks> <maml:para>This example shows how an application is deleted, then the deleted application is retrieved using the `Get-EntraDeletedApplication` cmdlet, and after the application is restored by specifying the application's Object ID in the `Restore-EntraDeletedApplication` cmdlet.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Restore-EntraDeletedApplication</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Restore-EntraDeletedDirectoryObject</command:name> <command:verb>Restore</command:verb> <command:noun>EntraDeletedDirectoryObject</command:noun> <maml:description> <maml:para>This cmdlet is used to restore a previously deleted object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to restore previously deleted objects, such as application, group, service principal, administrative unit, or user objects.</maml:para> <maml:para>When a group or application is deleted, it is initially soft deleted and can be recovered within the first 30 days. After 30 days, the deleted object is permanently deleted and cannot be recovered. Notes: - Only Unified Groups (also known as Office 365 Groups) can be restored; Security groups cannot be restored.</maml:para> <maml:para>- Restoring an application does not automatically restore its associated service principal. You must explicitly use this cmdlet to restore the deleted service principal.</maml:para> <maml:para></maml:para> <maml:para>For delegated scenarios, the calling user needs to have at least one of the following Microsoft Entra roles:</maml:para> <maml:para>- To restore deleted applications or service principals: Application Administrator, Cloud Application Administrator, or Hybrid Identity Administrator. - To restore deleted users: User Administrator. - However, to restore users with privileged administrator roles: - In delegated scenarios, the app must be assigned the `Directory.AccessAsUser.All` delegated permission, and the calling user must also be assigned a higher privileged administrator role. - In app-only scenarios, in addition to being granted the `User.ReadWrite.All` application permission, the app must be assigned a higher privileged administrator role. - To restore deleted groups: Groups Administrator. - However, to restore role-assignable groups, the calling user must be assigned the Privileged Role Administrator role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Restore-EntraDeletedDirectoryObject</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the directory object to restore</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The Id of the directory object to restore</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Restore a deleted object with ID ---------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All' #administrativeUnit resource Connect-Entra -Scopes 'Application.ReadWrite.All' #application resource Connect-Entra -Scopes 'Group.ReadWrite.All' #group resource Connect-Entra -Scopes 'Application.ReadWrite.All' #servicePrincipal resource Connect-Entra -Scopes 'User.ReadWrite.All' #user resource Restore-EntraDeletedDirectoryObject -Id 'dddddddd-3333-4444-5555-eeeeeeeeeeee' Id DeletedDateTime -- --------------- dddddddd-3333-4444-5555-eeeeeeeeeeee</dev:code> <dev:remarks> <maml:para>This example shows how to restore a deleted object.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Restore-EntraDeletedDirectoryObject</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDeletedApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Restore-EntraDeletedApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDeletedDirectoryObject</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeletedApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDeletedDirectoryObject</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Revoke-EntraSignedInUserAllRefreshToken</command:name> <command:verb>Revoke</command:verb> <command:noun>EntraSignedInUserAllRefreshToken</command:noun> <maml:description> <maml:para>Invalidates the refresh tokens issued to applications for the current user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Revoke-EntraSignedInUserAllRefreshToken` cmdlet invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time.</maml:para> <maml:para>Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation prevents access to the organization's data through applications on the device by requiring the user to sign in again to all applications that they have previously consented to, independent of device.</maml:para> <maml:para>Note: If the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application will get an error. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint, which will force the user to sign in.</maml:para> <maml:para>After running this command, there might be a small delay of a few minutes before tokens are revoked.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Revoke-EntraSignedInUserAllRefreshToken</maml:name> </command:syntaxItem> </command:syntax> <command:parameters /> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Revoke refresh tokens for the current user ----</maml:title> <dev:code>Connect-Entra -Scopes 'User.RevokeSessions.All' Revoke-EntraSignedInUserAllRefreshToken</dev:code> <dev:remarks> <maml:para>This command revokes the tokens for the current user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Revoke-EntraSignedInUserAllRefreshToken</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Revoke-EntraUserAllRefreshToken</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Revoke-EntraUserAllRefreshToken</command:name> <command:verb>Revoke</command:verb> <command:noun>EntraUserAllRefreshToken</command:noun> <maml:description> <maml:para>Invalidates the refresh tokens issued to applications for a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Revoke-EntraUserAllRefreshToken` cmdlet invalidates the refresh tokens issued to applications for a user. The cmdlet also invalidates tokens issued to session cookies in a browser for the user. The cmdlet operates by resetting the refreshTokensValidFromDateTime user property to the current date and time.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Revoke-EntraUserAllRefreshToken</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of a user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the unique ID of a user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Revoke refresh tokens for a user ---------</maml:title> <dev:code>Connect-Entra -Scopes 'User.RevokeSessions.All' Revoke-EntraUserAllRefreshToken -ObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to revoke the tokens for the specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Revoke-EntraUserAllRefreshToken</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Revoke-EntraSignedInUserAllRefreshToken</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Select-EntraGroupIdsContactIsMemberOf</command:name> <command:verb>Select</command:verb> <command:noun>EntraGroupIdsContactIsMemberOf</command:noun> <maml:description> <maml:para>Get groups in which a contact is a member.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Select-EntraGroupIdsContactIsMemberOf cmdlet gets groups in Microsoft Entra ID in which a contact is a member.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Select-EntraGroupIdsContactIsMemberOf</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a contact in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Get groups in which a contact is a member. ----</maml:title> <dev:code>Connect-Entra -Scopes 'OrgContact.Read.All,Group.Read.All' $Groups = New-Object Microsoft.Open.Entra.Model.GroupIdsForMembershipCheck $Groups.GroupIds = (Get-EntraGroup -ObjectId 'jjjjjjjj-9999-7777-7777-uuuuuuuuuuuu').ObjectId $UserID = (Get-EntraContact -ObjectId 'hhhhhhhh-8888-9999-8888-cccccccccccc').ObjectId Select-EntraGroupIdsContactIsMemberOf -ObjectId $UserID -GroupIdsForMembershipCheck $Groups</dev:code> <dev:remarks> <maml:para>This example demonstrates how to get groups in which a contact is a member.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Select-EntraGroupIdsContactIsMemberOf</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Select-EntraGroupIdsGroupIsMemberOf</command:name> <command:verb>Select</command:verb> <command:noun>EntraGroupIdsGroupIsMemberOf</command:noun> <maml:description> <maml:para>Gets group IDs that a group is a member of.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Select-EntraGroupIdsGroupIsMemberOf` cmdlet gets the groups that a specified group is a member of in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Select-EntraGroupIdsGroupIsMemberOf</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a group in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Get the group membership of a group for a group --</maml:title> <dev:code>Connect-Entra -Scopes 'GroupMember.Read.All' $Groups = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck $Groups.GroupIds = (Get-EntraGroup -Top 1).ObjectId $GroupId = (Get-EntraGroup -Top 1).ObjectId Select-EntraGroupIdsGroupIsMemberOf -ObjectId $GroupId -GroupIdsForMembershipCheck $Groups</dev:code> <dev:remarks> <maml:para>This example gets the group membership of a group identified by $GroupId. Use `Get-EntraGroup` cmdlet to obtain group `ObjectId` value.</maml:para> <maml:para>- `-ObjectId` parameter specifies the group ID.</maml:para> <maml:para>- `-GroupIdsForMembershipCheck` Specifies an array of group object IDs.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Select-EntraGroupIdsGroupIsMemberOf</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Select-EntraGroupIdsServicePrincipalIsMemberOf</command:name> <command:verb>Select</command:verb> <command:noun>EntraGroupIdsServicePrincipalIsMemberOf</command:noun> <maml:description> <maml:para>Selects the groups in which a service principal is a member.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Select-EntraGroupIdsServicePrincipalIsMemberOf cmdlet selects the groups in which a service principal is a member in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Select-EntraGroupIdsServicePrincipalIsMemberOf</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Get the group membership of a group for a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $Groups = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck $Groups.GroupIds = (Get-EntraGroup -Top 1).ObjectId $SPId = (Get-EntraServicePrincipal -Top 1).ObjectId Select-EntraGroupIdsServicePrincipalIsMemberOf -ObjectId $SPId -GroupIdsForMembershipCheck $Groups bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq</dev:code> <dev:remarks> <maml:para>The first command creates a GroupIdsForMembershipCheck object, and then stores it in the $Groups variable.</maml:para> <maml:para>The second command gets an ID for a group by using the Get-EntraGroup (./Get-EntraGroup.md)cmdlet, and then stores it as a property of $Groups.</maml:para> <maml:para>The third command gets the ID of a service principal by using the Get-EntraServicePrincipal (./Get-EntraServicePrincipal.md)cmdlet, and then stores it in the $SPId variable.</maml:para> <maml:para>The final command gets the group membership of a group for a service principal identified by $SPId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Select-EntraGroupIdsServicePrincipalIsMemberOf</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Select-EntraGroupIdsUserIsMemberOf</command:name> <command:verb>Select</command:verb> <command:noun>EntraGroupIdsUserIsMemberOf</command:noun> <maml:description> <maml:para>Selects the groups that a user is a member of.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Select-EntraGroupIdsUserIsMemberOf` cmdlet selects the groups that a user is a member of in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Select-EntraGroupIdsUserIsMemberOf</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:description> <maml:para>Specifies an array of group object IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">GroupIdsForMembershipCheck</command:parameterValue> <dev:type> <maml:name>GroupIdsForMembershipCheck</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UserPrincipalName or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Get the group membership of a group for a user --</maml:title> <dev:code>Connect-Entra -Scopes 'Application.Read.All' $myGroup = Get-EntraGroup -Filter "DisplayName eq '<Group-DisplayName>'" $UserId = 'SawyerM@contoso.com' $Groups = New-Object Microsoft.Open.AzureAD.Model.GroupIdsForMembershipCheck $Groups.GroupIds = $myGroup.ObjectId $Params = @{ ObjectId = $UserId GroupIdsForMembershipCheck = $Groups } Select-EntraGroupIdsUserIsMemberOf @Params bbbbbbbb-5555-5555-0000-qqqqqqqqqqqq</dev:code> <dev:remarks> <maml:para>This example retrieves the group membership of a group for a user.</maml:para> <maml:para>- `-ObjectId` parameter specifies the object Id of a user(as a UserPrincipalName or ObjectId).</maml:para> <maml:para>- `-GroupIdsForMembershipCheck` parameter specifies the group Object Ids.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Select-EntraGroupIdsUserIsMemberOf</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraAdministrativeUnit</command:name> <command:verb>Set</command:verb> <command:noun>EntraAdministrativeUnit</command:noun> <maml:description> <maml:para>Updates an administrative unit.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraAdministrativeUnit` cmdlet updates an administrative unit in Microsoft Entra ID. Use the `ObjectId` parameter to specify the unit to update.</maml:para> <maml:para>In delegated scenarios, the signed-in user needs a supported Microsoft Entra role or a custom role with `microsoft.directory/administrativeUnits/allProperties/allTasks permission`. The least privileged role for this operation is Privileged Role Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraAdministrativeUnit</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an administrative unit in Microsoft Entra ID</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Update Description ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All' $params = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Description = 'Updated AU Description' } Set-EntraAdministrativeUnit @params</dev:code> <dev:remarks> <maml:para>This Command update Description of specific administrative unit.</maml:para> <maml:para>- `-ObjectId` - Specifies the ID of an administrative unit, which you want to update. In this example, `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` represents the ID of the administrative unit.</maml:para> <maml:para>- `-Description` - Specifies a description, which you want to update.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------------- Example 2: Update DisplayName ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'AdministrativeUnit.ReadWrite.All' $params = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' DisplayName = 'UpdatedAU' } Set-EntraAdministrativeUnit @params</dev:code> <dev:remarks> <maml:para>This Command update DisplayName specific administrative unit.</maml:para> <maml:para>- `-ObjectId` - Specifies the ID of an administrative unit, which you want to update. In this example, `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` represents the ID of the administrative unit.</maml:para> <maml:para>- `-DisplayName` - Specifies a display name, which you want to update.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraAdministrativeUnit</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraAdministrativeUnit</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplication</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplication</command:noun> <maml:description> <maml:para>Updates the properties of an application object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Updates the properties of an application object.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplication</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Api</maml:name> <maml:description> <maml:para>Specifies settings for an application that implements a web API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApiApplication</command:parameterValue> <dev:type> <maml:name>ApiApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoles</maml:name> <maml:description> <maml:para>The collection of application roles that an application might declare. These roles can be assigned to users, groups, or service principals.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupMembershipClaims</maml:name> <maml:description> <maml:para>Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentifierUris</maml:name> <maml:description> <maml:para>Specifies identifier URIs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InformationalUrl</maml:name> <maml:description> <maml:para>Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InformationalUrl</command:parameterValue> <dev:type> <maml:name>InformationalUrl</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDeviceOnlyAuthSupported</maml:name> <maml:description> <maml:para>Specifies if the application supports authentication using a device token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsFallbackPublicClient</maml:name> <maml:description> <maml:para>Specifies the fallback application type as public client, such as an installed application running on a mobile device.</maml:para> <maml:para>The default value is `false` that means the fallback application type is confidential client such as web app.</maml:para> <maml:para>There are certain scenarios where Microsoft Entra ID can't determine the client application type (for example, ROPC flow where it's configured without specifying a redirect URI).</maml:para> <maml:para>In those cases Microsoft Entra ID interprets the application type based on the value of this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>Specifies key credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OptionalClaims</maml:name> <maml:description> <maml:para>Application developers can configure optional claims in their Microsoft Entra ID apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">OptionalClaims</command:parameterValue> <dev:type> <maml:name>OptionalClaims</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ParentalControlSettings</maml:name> <maml:description> <maml:para>Specifies parental control settings for an application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ParentalControlSettings</command:parameterValue> <dev:type> <maml:name>ParentalControlSettings</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>The collection of password credentials associated with the application</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicClient</maml:name> <maml:description> <maml:para>Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PublicClientApplication</command:parameterValue> <dev:type> <maml:name>PublicClientApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RequiredResourceAccess</maml:name> <maml:description> <maml:para>Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources.</maml:para> <maml:para>This preconfiguration of required resource access drives the consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInAudience</maml:name> <maml:description> <maml:para>Specifies what Microsoft accounts are supported for the current application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Custom strings that can be used to categorize and identify the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TokenEncryptionKeyId</maml:name> <maml:description> <maml:para>Specifies the keyId of a public key from the keyCredentials collection.</maml:para> <maml:para>When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to.</maml:para> <maml:para>The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Web</maml:name> <maml:description> <maml:para>Specifies settings for a web application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">WebApplication</command:parameterValue> <dev:type> <maml:name>WebApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Api</maml:name> <maml:description> <maml:para>Specifies settings for an application that implements a web API.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApiApplication</command:parameterValue> <dev:type> <maml:name>ApiApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoles</maml:name> <maml:description> <maml:para>The collection of application roles that an application might declare. These roles can be assigned to users, groups, or service principals.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupMembershipClaims</maml:name> <maml:description> <maml:para>Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IdentifierUris</maml:name> <maml:description> <maml:para>Specifies identifier URIs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>InformationalUrl</maml:name> <maml:description> <maml:para>Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">InformationalUrl</command:parameterValue> <dev:type> <maml:name>InformationalUrl</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDeviceOnlyAuthSupported</maml:name> <maml:description> <maml:para>Specifies if the application supports authentication using a device token.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsFallbackPublicClient</maml:name> <maml:description> <maml:para>Specifies the fallback application type as public client, such as an installed application running on a mobile device.</maml:para> <maml:para>The default value is `false` that means the fallback application type is confidential client such as web app.</maml:para> <maml:para>There are certain scenarios where Microsoft Entra ID can't determine the client application type (for example, ROPC flow where it's configured without specifying a redirect URI).</maml:para> <maml:para>In those cases Microsoft Entra ID interprets the application type based on the value of this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>Specifies key credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an application in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OptionalClaims</maml:name> <maml:description> <maml:para>Application developers can configure optional claims in their Microsoft Entra ID apps to specify which claims they want in tokens sent to their application by the Microsoft security token service.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">OptionalClaims</command:parameterValue> <dev:type> <maml:name>OptionalClaims</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ParentalControlSettings</maml:name> <maml:description> <maml:para>Specifies parental control settings for an application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ParentalControlSettings</command:parameterValue> <dev:type> <maml:name>ParentalControlSettings</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>The collection of password credentials associated with the application</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PublicClient</maml:name> <maml:description> <maml:para>Specifies whether this application is a public client (such as an installed application running on a mobile device). Default is false.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PublicClientApplication</command:parameterValue> <dev:type> <maml:name>PublicClientApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RequiredResourceAccess</maml:name> <maml:description> <maml:para>Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources.</maml:para> <maml:para>This preconfiguration of required resource access drives the consent experience.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInAudience</maml:name> <maml:description> <maml:para>Specifies what Microsoft accounts are supported for the current application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Custom strings that can be used to categorize and identify the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TokenEncryptionKeyId</maml:name> <maml:description> <maml:para>Specifies the keyId of a public key from the keyCredentials collection.</maml:para> <maml:para>When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to.</maml:para> <maml:para>The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Web</maml:name> <maml:description> <maml:para>Specifies settings for a web application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">WebApplication</command:parameterValue> <dev:type> <maml:name>WebApplication</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>Boolean</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.ApiApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.InformationalUrl</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.OptionalClaims</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.ParentalControlSettings</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.PublicClientApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.WebApplication</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.Add-in]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AppRole]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.KeyCredential]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.PasswordCredential]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RequiredResourceAccess]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Nullable`1[System.Boolean]</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Update an application ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '11112222-bbbb-3333-cccc-4444dddd5555' DisplayName = 'My new application' } Set-EntraApplication @params</dev:code> <dev:remarks> <maml:para>This command updates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Update an application using IdentifierUris parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '11112222-bbbb-3333-cccc-4444dddd5555' IdentifierUris = 'https://mynewapp.contoso.com' } Set-EntraApplication @params</dev:code> <dev:remarks> <maml:para>This command updates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Update an application using GroupMembershipClaims parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '11112222-bbbb-3333-cccc-4444dddd5555' GroupMembershipClaims = 'SecurityGroup' } Set-EntraApplication @params</dev:code> <dev:remarks> <maml:para>This command updates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Update an application using IsDeviceOnlyAuthSupported parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '11112222-bbbb-3333-cccc-4444dddd5555' IsDeviceOnlyAuthSupported = $false } Set-EntraApplication @params</dev:code> <dev:remarks> <maml:para>This command updates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 5: Update an application using Tags parameter ----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '11112222-bbbb-3333-cccc-4444dddd5555' Tags = 'mytag' } Set-EntraApplication @params</dev:code> <dev:remarks> <maml:para>This command updates an application in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplication</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplication</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationLogo</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationLogo</command:noun> <maml:description> <maml:para>Sets the logo for an Application</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to set the logo for an application.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationLogo</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>The file path of the file that is to be uploaded as the application logo.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The ObjectID of the Application for which the logo is set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>The file path of the file that is to be uploaded as the application logo.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The ObjectID of the Application for which the logo is set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.IO.Stream System.Byte[]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Sets the application logo for the application specified by the ObjectID parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $params = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' FilePath = 'D:\applogo.jpg' } Set-EntraApplicationLogo @params</dev:code> <dev:remarks> <maml:para>This cmdlet sets the application logo for the application specified by the ObjectID parameter to the image specified with the Filepath parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationLogo</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationProxyApplication</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationProxyApplication</command:noun> <maml:description> <maml:para>The Set-EntraApplicationProxyApplication allows you to modify and set configurations for an application in Microsoft Entra ID configured to use ApplicationProxy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraApplicationProxyApplication allows you to modify and set more settings for an application in Microsoft Entra ID configured to use ApplicationProxy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationProxyApplication</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique application ID of an application in Microsoft Entra ID. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalUrl</maml:name> <maml:description> <maml:para>The address your users go to in order to access the app from outside your network.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>InternalUrl</maml:name> <maml:description> <maml:para>The URL that you use to access the application from inside your private network. You can provide a specific path on the backend server to publish, while the rest of the server is unpublished. In this way, you can publish different sites on the same server as different apps, and give each one its own name and access rules. If you publish a path, make sure that it includes all the necessary images, scripts, and style sheets for your application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalAuthenticationType</maml:name> <maml:description> <maml:para>How Application Proxy verifies users before giving them access to your application. AadPreAuthentication: Application Proxy redirects users to sign in with Microsoft Entra ID, which authenticates their permissions for the directory and application. We recommend keeping this option as the default, so that you can take advantage of Microsoft Entra ID security features like conditional access and multifactor authentication. Pass through: Users don't have to authenticate against Microsoft Entra ID to access the application. You can still set up authentication requirements on the backend.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ExternalAuthenticationTypeEnum</command:parameterValue> <dev:type> <maml:name>ExternalAuthenticationTypeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateHostHeaderEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in headers. Keep this value true unless your application required the original host header in the authentication request.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateLinksInBodyEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in body. Keep this value as No unless your hardcoded HTML links to other on-premises applications, and don't use custom domains.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ApplicationServerTimeout</maml:name> <maml:description> <maml:para>Specifies the backend server timeout type. Set this value to Long only if your application is slow to authenticate and connect.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApplicationServerTimeoutEnum</command:parameterValue> <dev:type> <maml:name>ApplicationServerTimeoutEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConnectorGroupId</maml:name> <maml:description> <maml:para>Provide the ID of the Connector group you would like assigned to this application. You can find this value by using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command. Connectors process the remote access to your application, and connector groups help you organize connectors and apps by region, network, or purpose. If you don't have any connector groups created yet, your app is assigned to Default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsHttpOnlyCookieEnabled</maml:name> <maml:description> <maml:para>Allows application proxy to include the HTTPOnly flag in HTTP response headers. This flag provides extra security benefits, for example, it prevents client-side scripting (CSS) from copying or modifying the cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsPersistentCookieEnabled</maml:name> <maml:description> <maml:para>Allows application proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsSecureCookieEnabled</maml:name> <maml:description> <maml:para>Allows application proxy to include the Secure flag in HTTP response headers. Secure Cookies enhances security by transmitting cookies over a TLS secured channel such as HTTPS. TLS prevents cookie transmission in clear text.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies a unique application ID of an application in Microsoft Entra ID. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalUrl</maml:name> <maml:description> <maml:para>The address your users go to in order to access the app from outside your network.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>InternalUrl</maml:name> <maml:description> <maml:para>The URL that you use to access the application from inside your private network. You can provide a specific path on the backend server to publish, while the rest of the server is unpublished. In this way, you can publish different sites on the same server as different apps, and give each one its own name and access rules. If you publish a path, make sure that it includes all the necessary images, scripts, and style sheets for your application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ExternalAuthenticationType</maml:name> <maml:description> <maml:para>How Application Proxy verifies users before giving them access to your application. AadPreAuthentication: Application Proxy redirects users to sign in with Microsoft Entra ID, which authenticates their permissions for the directory and application. We recommend keeping this option as the default, so that you can take advantage of Microsoft Entra ID security features like conditional access and multifactor authentication. Pass through: Users don't have to authenticate against Microsoft Entra ID to access the application. You can still set up authentication requirements on the backend.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ExternalAuthenticationTypeEnum</command:parameterValue> <dev:type> <maml:name>ExternalAuthenticationTypeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateHostHeaderEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in headers. Keep this value true unless your application required the original host header in the authentication request.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsTranslateLinksInBodyEnabled</maml:name> <maml:description> <maml:para>If set to true, translates urls in body. Keep this value as No unless your hardcoded HTML links to other on-premises applications, and don't use custom domains.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ApplicationServerTimeout</maml:name> <maml:description> <maml:para>Specifies the backend server timeout type. Set this value to Long only if your application is slow to authenticate and connect.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ApplicationServerTimeoutEnum</command:parameterValue> <dev:type> <maml:name>ApplicationServerTimeoutEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConnectorGroupId</maml:name> <maml:description> <maml:para>Provide the ID of the Connector group you would like assigned to this application. You can find this value by using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command. Connectors process the remote access to your application, and connector groups help you organize connectors and apps by region, network, or purpose. If you don't have any connector groups created yet, your app is assigned to Default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsHttpOnlyCookieEnabled</maml:name> <maml:description> <maml:para>Allows application proxy to include the HTTPOnly flag in HTTP response headers. This flag provides extra security benefits, for example, it prevents client-side scripting (CSS) from copying or modifying the cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsPersistentCookieEnabled</maml:name> <maml:description> <maml:para>Allows application proxy to set its access cookies to not expire when the web browser is closed. The persistence lasts until the access token expires, or until the user manually deletes the persistent cookies.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>IsSecureCookieEnabled</maml:name> <maml:description> <maml:para>Allows application proxy to include the Secure flag in HTTP response headers. Secure Cookies enhances security by transmitting cookies over a TLS secured channel such as HTTPS. TLS prevents cookie transmission in clear text.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title> Example 1: Add the link translation feature to an application </maml:title> <dev:code>PS C:\> Set-EntraApplicationProxyApplication -ObjectId 257098d1-f8dd-4efb-88a2-1c92d3654f10 -IsTranslateLinksInBodyEnabled $true ExternalAuthenticationType : AadPreAuthentication ApplicationServerTimeout : Default ExternalUrl : https://finance-awcycles.msappproxy.net/ InternalUrl : https://finance/ IsTranslateHostHeaderEnabled : True IsTranslateLinksInBodyEnabled : True IsOnPremPublishingEnabled : True VerifiedCustomDomainCertificatesMetadata : VerifiedCustomDomainKeyCredential : VerifiedCustomDomainPasswordCredential : SingleSignOnSettings :</dev:code> <dev:remarks> <maml:para>This command adds the link translation feature to an application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationProxyApplication</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationProxyApplicationCustomDomainCertificate</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationProxyApplicationCustomDomainCertificate</command:noun> <maml:description> <maml:para>The Set-EntraApplicationProxyApplicationCustomDomainCertificate cmdlet assigns a certificate to an application configured for Application Proxy in Microsoft Entra ID. This uploads the certificate and allows the application to use Custom Domains.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraApplicationProxyApplicationCustomDomainCertificate cmdlet assigns a certificate to an application configured for Application Proxy in Microsoft Entra ID. This uploads the certificate and allows the application to use Custom Domains. If you have one certificate that includes many of your applications, you only need to upload it with one application and are assigned to the other relevant applications.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationProxyApplicationCustomDomainCertificate</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application ID for the application the certificate should be uploaded to. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to AAD, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>A secure string containing the password for the pfx certificate</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PfxFilePath</maml:name> <maml:description> <maml:para>The file path for the pfx certificate for the custom domain</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application ID for the application the certificate should be uploaded to. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to AAD, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>A secure string containing the password for the pfx certificate</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PfxFilePath</maml:name> <maml:description> <maml:para>The file path for the pfx certificate for the custom domain</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Security.SecureString</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Assign a certificate to an application configured for Application Proxy</maml:title> <dev:code>PS C:\> $securePassword = Read-Host -AsSecureString PS C:\> Set-EntraApplicationProxyApplicationCustomDomainCertificate -ObjectId 4eba5342-8d17-4eac-a1f6-62a0de26311e -PfxFilePath "C:\Temp\Certificates\cert.pfx" -Password $securePassword</dev:code> <dev:remarks> <maml:para>This command assigns a certificate to an application configured for Application Proxy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationProxyApplicationCustomDomainCertificate</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationProxyApplicationSingleSignOn</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationProxyApplicationSingleSignOn</command:noun> <maml:description> <maml:para>The Set-EntraApplicationProxyApplicationSingleSignOn cmdlet allows you to set and modify single sign-on (SSO) settings for an application configured for Application Proxy in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraApplicationProxyApplicationSingleSignOn cmdlet allows you to set and modify single sign-on (SSO) settings for an application configured for Application Proxy in Microsoft Entra ID. This is limited to setting No SSO, Kerberos Constrained Delegation (for applications using Integrated Windows Authentication), and Header-based SSO.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationProxyApplicationSingleSignOn</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KerberosDelegatedLoginIdentity</maml:name> <maml:description> <maml:para>The identity that the Connector can use on behalf of your users to authenticate.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">UserPrincipalName</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">OnPremisesUserPrincipalName</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">UserPrincipalUsername</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">OnPremisesUserPrincipalUsername</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">OnPremisesSAMAccountName</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">KerberosSignOnMappingAttributeTypeEnum</command:parameterValue> <dev:type> <maml:name>KerberosSignOnMappingAttributeTypeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KerberosInternalApplicationServicePrincipalName</maml:name> <maml:description> <maml:para>The internal application SPN of the application server. This SPN needs to be in the list of services to which the Connector can present delegated credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application ID of the application that needs different SSO settings. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to AAD, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SingleSignOnMode</maml:name> <maml:description> <maml:para>Choose the type of SSO you would like the application to use. Only three SSO settings are supported in PowerShell, for more options, please use the Azure portal.</maml:para> </maml:description> <command:parameterValueGroup> <command:parameterValue required="false" command:variableLength="false">None</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">OnPremisesKerberos</command:parameterValue> <command:parameterValue required="false" command:variableLength="false">HeaderBased</command:parameterValue> </command:parameterValueGroup> <command:parameterValue required="true" variableLength="false">SingleSignOnModeEnum</command:parameterValue> <dev:type> <maml:name>SingleSignOnModeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KerberosDelegatedLoginIdentity</maml:name> <maml:description> <maml:para>The identity that the Connector can use on behalf of your users to authenticate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">KerberosSignOnMappingAttributeTypeEnum</command:parameterValue> <dev:type> <maml:name>KerberosSignOnMappingAttributeTypeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>KerberosInternalApplicationServicePrincipalName</maml:name> <maml:description> <maml:para>The internal application SPN of the application server. This SPN needs to be in the list of services to which the Connector can present delegated credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The unique application ID of the application that needs different SSO settings. This can be found using the Get-EntraApplication (./Get-EntraApplication.md)command. You can also find this in the Azure portal by navigating to AAD, Enterprise Applications, All Applications, Select your application, go to the properties tab, and use the ObjectId on that page.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SingleSignOnMode</maml:name> <maml:description> <maml:para>Choose the type of SSO you would like the application to use. Only three SSO settings are supported in PowerShell, for more options, please use the Azure portal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SingleSignOnModeEnum</command:parameterValue> <dev:type> <maml:name>SingleSignOnModeEnum</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.Nullable`1[[Microsoft.Open.MSGraph.Model.OnPremisesPublishingSingleSignOnObject+SingleSignOnModeEnum, Microsoft.Open.MS.GraphV10.Client, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null]] System.Nullable`1[[Microsoft.Open.MSGraph.Model.OnPremisesPublishingKerberosSignOnSettingsObject+KerberosSignOnMappingAttributeTypeEnum, Microsoft.Open.MS.GraphV10.Client, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null]]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Assign an application to use Kerberos Constrained Delegation, and specify required parameters</maml:title> <dev:code>PS C:\> Set-EntraApplicationProxyApplicationSingleSignOn -ObjectId 4eba5342-8d17-4eac-a1f6-62a0de26311e -SingleSignOnMode OnPremisesKerberos -KerberosInternalApplicationServicePrincipalName "https/www.adventure-works.com" -KerberosDelegatedLoginIdentity OnPremisesUserPrincipalName</dev:code> <dev:remarks> <maml:para>This command assigns an application to use Kerberos Constrained Delegation, and specify required parameters.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2: Remove SSO from an application ----------</maml:title> <dev:code>PS C:\> Set-EntraApplicationProxyApplicationSingleSignOn -ObjectId 4eba5342-8d17-4eac-a1f6-62a0de26311e -SingleSignOnMode None</dev:code> <dev:remarks> <maml:para>This command removes SSO from an application.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationProxyApplicationSingleSignOn</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationProxyConnector</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationProxyConnector</command:noun> <maml:description> <maml:para>The Set-EntraApplicationProxyConnector cmdlet allows reassignment of the connector to another connector group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraApplicationProxyConnector cmdlet allows reassignment of the connector to another connector group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationProxyConnector</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the Connector being moved. You can find this value using the Get-EntraApplicationProxyConnector (./Get-EntraApplicationProxyConnector.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConnectorGroupId</maml:name> <maml:description> <maml:para>The unique identifer of the target application proxy connector group in Microsoft Entra ID. You can find this value using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the Connector being moved. You can find this value using the Get-EntraApplicationProxyConnector (./Get-EntraApplicationProxyConnector.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConnectorGroupId</maml:name> <maml:description> <maml:para>The unique identifer of the target application proxy connector group in Microsoft Entra ID. You can find this value using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-- Example 1: Move a Connector to a different Connector Group --</maml:title> <dev:code>PS C:\> Set-EntraApplicationProxyConnector -Id 834c5dd6-f2e8-47ae-973a-9fc769289b3d -ConnectorGroupId a39b9095-8dc8-4d3a-86c3-e7b5c3f0fb84</dev:code> <dev:remarks> <maml:para>This command moves a Connector to a different Connector Group.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationProxyConnector</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationProxyConnectorGroup</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationProxyConnectorGroup</command:noun> <maml:description> <maml:para>The Set-EntraApplicationProxyConnectorGroup cmdlet allows you to change the name of a given Application Proxy connector group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraApplicationProxyConnectorGroup cmdlet allows you to change the name of a given Application Proxy connector group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationProxyConnectorGroup</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the Connector group that is renamed. You can find the ID using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The new name for the Connector group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Name</command:parameterValue> <dev:type> <maml:name>Name</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of the Connector group that is renamed. You can find the ID using the Get-EntraApplicationProxyConnectorGroup (./Get-EntraApplicationProxyConnectorGroup.md)command.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The new name for the Connector group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Name</command:parameterValue> <dev:type> <maml:name>Name</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.Name</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>## RELATED LINKS</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Rename a Connector Group to "Offsite Application Servers"</maml:title> <dev:code>PS C:\> Set-EntraApplicationProxyConnectorGroup -Id d533d7b1-fd92-49e8-a200-3e7dcf7c2ab5 -Name "Offsite Application Servers"</dev:code> <dev:remarks> <maml:para>This command renames a Connector Group to "Offsite Application Servers".</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationProxyConnectorGroup</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraApplicationVerifiedPublisher</command:name> <command:verb>Set</command:verb> <command:noun>EntraApplicationVerifiedPublisher</command:noun> <maml:description> <maml:para>Set the verified publisher for an application using a verified Microsoft Partner Network (MPN) identifier.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Set the verified publisher for an application using a verified Microsoft Partner Network (MPN) identifier.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraApplicationVerifiedPublisher</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID Application object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SetVerifiedPublisherRequest</maml:name> <maml:description> <maml:para>A request body object containing the verifiedPublisherId property it's the MPNID value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SetVerifiedPublisherRequest</command:parameterValue> <dev:type> <maml:name>SetVerifiedPublisherRequest</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AppObjectId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID Application object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>SetVerifiedPublisherRequest</maml:name> <maml:description> <maml:para>A request body object containing the verifiedPublisherId property it's the MPNID value.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SetVerifiedPublisherRequest</command:parameterValue> <dev:type> <maml:name>SetVerifiedPublisherRequest</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Set the verified publisher of an application ---</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' $appObjId = '11112222-bbbb-3333-cccc-4444dddd5555' $mpnId = '0433167' $req = @{verifiedPublisherId=$mpnId} $params = @{ AppObjectId = $appObjId SetVerifiedPublisherRequest = $req } Set-EntraApplicationVerifiedPublisher @params</dev:code> <dev:remarks> <maml:para>This command sets the verified publisher of an application.</maml:para> <maml:para>The Microsoft Partner Network ID (MPNID) of the verified publisher can be obtained from the publisher's Partner Center account.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraApplicationVerifiedPublisher</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraApplicationVerifiedPublisher</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraAttributeSet</command:name> <command:verb>Set</command:verb> <command:noun>EntraAttributeSet</command:noun> <maml:description> <maml:para>Updates an existing attribute set.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraAttributeSet` cmdlet updates a Microsoft Entra ID attribute set object specified by its ID. Specify `Id` parameter to Update a Microsoft Entra ID attribute set object.</maml:para> <maml:para>In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission.</maml:para> <maml:para>Note: Only the Attribute Definition Administrator role is supported for this operation. Ensure the signed-in user is assigned this role.</maml:para> <maml:para>You can only update the `description` and `maxAttributesPerSet` properties.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraAttributeSet</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Description of the attribute set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Name of the attribute set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MaxAttributesPerSet</maml:name> <maml:description> <maml:para>Maximum number of custom security attributes that can be defined in the attribute set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Description of the attribute set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Name of the attribute set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MaxAttributesPerSet</maml:name> <maml:description> <maml:para>Maximum number of custom security attributes that can be defined in the attribute set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Update an attribute set --------------</maml:title> <dev:code>Connect-Entra -Scopes 'CustomSecAttributeDefinition.ReadWrite.All' $params = @{ Id = 'Engineering' Description = 'Attributes for cloud engineering team' } Set-EntraAttributeSet @params</dev:code> <dev:remarks> <maml:para>This example Update an attribute set.</maml:para> <maml:para>- Attribute set: `Engineering`</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Update an attribute set using MaxAttributesPerSet -</maml:title> <dev:code>Connect-Entra -Scopes 'CustomSecAttributeDefinition.ReadWrite.All' $params = @{ Id = 'Engineering' MaxAttributesPerSet = 10 } Set-EntraAttributeSet @params</dev:code> <dev:remarks> <maml:para>This example Update an attribute set using MaxAttributesPerSet</maml:para> <maml:para>- Attribute set: `Engineering`</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraAttributeSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraAttributeSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAttributeSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraAuthorizationPolicy</command:name> <command:verb>Set</command:verb> <command:noun>EntraAuthorizationPolicy</command:noun> <maml:description> <maml:para>Updates an authorization policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraAuthorizationPolicy` cmdlet updates a Microsoft Entra ID authorization policy.</maml:para> <maml:para>For delegated scenarios, the user needs to have the `Privileged Role Administrator` Microsoft Entra role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraAuthorizationPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowedToSignUpEmailBasedSubscriptions</maml:name> <maml:description> <maml:para>Specifies whether users can sign up for email based subscriptions. The initial default value is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowedToUseSSPR</maml:name> <maml:description> <maml:para>Specifies whether the Self-Serve Password Reset feature used by users on the tenant. The initial default value is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowEmailVerifiedUsersToJoinOrganization</maml:name> <maml:description> <maml:para>Specifies whether a user can join the tenant by email validation. The initial default value is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>BlockMsolPowerShell</maml:name> <maml:description> <maml:para>Specifies whether the user-based access to the legacy service endpoint used by Microsoft Online PowerShell is blocked or not.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>allowUserConsentForRiskyApps</maml:name> <maml:description> <maml:para>Indicates whether user consent for risky apps is allowed. Default value is `false`. We recommend that you keep the value set to `false`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>allowInvitesFrom</maml:name> <maml:description> <maml:para>Indicates who can invite external users to the organization. Possible values are: `none`, `adminsAndGuestInviters`, `adminsGuestInvitersAndAllMembers`, `everyone`. Everyone is the default setting for all cloud environments except US Government.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">allowInvitesFrom</command:parameterValue> <dev:type> <maml:name>allowInvitesFrom</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DefaultUserRolePermissions</maml:name> <maml:description> <maml:para>Contains various customizable default user role permissions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">DefaultUserRolePermissions</command:parameterValue> <dev:type> <maml:name>DefaultUserRolePermissions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies the description of the authorization policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the authorization policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowedToSignUpEmailBasedSubscriptions</maml:name> <maml:description> <maml:para>Specifies whether users can sign up for email based subscriptions. The initial default value is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowedToUseSSPR</maml:name> <maml:description> <maml:para>Specifies whether the Self-Serve Password Reset feature used by users on the tenant. The initial default value is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AllowEmailVerifiedUsersToJoinOrganization</maml:name> <maml:description> <maml:para>Specifies whether a user can join the tenant by email validation. The initial default value is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>BlockMsolPowerShell</maml:name> <maml:description> <maml:para>Specifies whether the user-based access to the legacy service endpoint used by Microsoft Online PowerShell is blocked or not.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>allowUserConsentForRiskyApps</maml:name> <maml:description> <maml:para>Indicates whether user consent for risky apps is allowed. Default value is `false`. We recommend that you keep the value set to `false`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>allowInvitesFrom</maml:name> <maml:description> <maml:para>Indicates who can invite external users to the organization. Possible values are: `none`, `adminsAndGuestInviters`, `adminsGuestInvitersAndAllMembers`, `everyone`. Everyone is the default setting for all cloud environments except US Government.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">allowInvitesFrom</command:parameterValue> <dev:type> <maml:name>allowInvitesFrom</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DefaultUserRolePermissions</maml:name> <maml:description> <maml:para>Contains various customizable default user role permissions.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">DefaultUserRolePermissions</command:parameterValue> <dev:type> <maml:name>DefaultUserRolePermissions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies the description of the authorization policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the authorization policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>Microsoft.Open.MSGraph.Model.DefaultUserRolePermissions</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Update an authorization policy ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.Authorization' $params = @{ DisplayName = 'Updated displayName' Description = 'Updated Description' BlockMsolPowerShell = $true AllowedToUseSSPR = $false AllowEmailVerifiedUsersToJoinOrganization = $true AllowedToSignUpEmailBasedSubscriptions = $true } Set-EntraAuthorizationPolicy @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update a Microsoft Entra ID authorization policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Update DefaultUserRolePermissions of authorization policy</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.Authorization' $DefaultUserRolePermissions = New-Object -TypeName Microsoft.Open.MSGraph.Model.DefaultUserRolePermissions $DefaultUserRolePermissions.AllowedToCreateApps = $false $DefaultUserRolePermissions.AllowedToCreateSecurityGroups = $false $DefaultUserRolePermissions.AllowedToReadOtherUsers = $false Set-EntraAuthorizationPolicy -DefaultUserRolePermissions $DefaultUserRolePermissions</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update a DefaultUserRolePermissions of authorization policy in Microsoft Entra ID.</maml:para> <maml:para>- First command stored the DefaultUserRolePermissions in a variable. - Second command updates the DefaultUserRolePermissions of authorization policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraAuthorizationPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraAuthorizationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraConditionalAccessPolicy</command:name> <command:verb>Set</command:verb> <command:noun>EntraConditionalAccessPolicy</command:noun> <maml:description> <maml:para>Updates a conditional access policy in Microsoft Entra ID by Id.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to update a conditional access policy in Microsoft Entra ID by Id.</maml:para> <maml:para>Conditional access policies are custom rules that define an access scenario.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraConditionalAccessPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the policy id of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the enabled or disabled state of the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Conditions</maml:name> <maml:description> <maml:para>Specifies the conditions for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessConditionSet</command:parameterValue> <dev:type> <maml:name>ConditionalAccessConditionSet</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GrantControls</maml:name> <maml:description> <maml:para>Specifies the controls for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessGrantControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessGrantControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SessionControls</maml:name> <maml:description> <maml:para>This control allows organizations to require Microsoft Entra ID to pass device information to the selected cloud apps.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessSessionControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessSessionControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the policy id of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the enabled or disabled state of the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Conditions</maml:name> <maml:description> <maml:para>Specifies the conditions for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessConditionSet</command:parameterValue> <dev:type> <maml:name>ConditionalAccessConditionSet</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GrantControls</maml:name> <maml:description> <maml:para>Specifies the controls for the conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessGrantControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessGrantControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a conditional access policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SessionControls</maml:name> <maml:description> <maml:para>This control allows organizations to require Microsoft Entra ID to pass device information to the selected cloud apps.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">ConditionalAccessSessionControls</command:parameterValue> <dev:type> <maml:name>ConditionalAccessSessionControls</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Updates a conditional access policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $cond = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet $control = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls $session = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls $params = @{ PolicyId = '4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8' DisplayName = 'MFA policy 1' State = 'Enabled' Conditions = $cond GrantControls = $control SessionControls = $session } Set-EntraConditionalAccessPolicy @params</dev:code> <dev:remarks> <maml:para>The example shows how to update a conditional access policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Updates display name for a conditional access policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $params = @{ PolicyId = '4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8' DisplayName = 'MFA policy 1' } Set-EntraConditionalAccessPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates a conditional access policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Updates state for a conditional access policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $params = @{ PolicyId = '4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8' State = 'Enabled' } Set-EntraConditionalAccessPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates a conditional access policy in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraConditionalAccessPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraConditionalAccessPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraDevice</command:name> <command:verb>Set</command:verb> <command:noun>EntraDevice</command:noun> <maml:description> <maml:para>Updates a device.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraDevice` cmdlet updates a device in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraDevice</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeSecurityIds</maml:name> <maml:description> <maml:para>Specifies alternative security IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ApproximateLastLogonTimeStamp</maml:name> <maml:description> <maml:para>The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Supports $filter (eq, ne, not, ge, le, and eq on null values) and $orderby.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceId</maml:name> <maml:description> <maml:para>Specifies the device ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceMetadata</maml:name> <maml:description> <maml:para>The device metadata for this device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceObjectVersion</maml:name> <maml:description> <maml:para>Specifies the object version of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSType</maml:name> <maml:description> <maml:para>Specifies the operating system.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSVersion</maml:name> <maml:description> <maml:para>Specifies the operating system version.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DevicePhysicalIds</maml:name> <maml:description> <maml:para>Specifies the physical ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceTrustType</maml:name> <maml:description> <maml:para>Specifies the device trust type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsCompliant</maml:name> <maml:description> <maml:para>Indicates whether the device is compliant.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsManaged</maml:name> <maml:description> <maml:para>Indicates whether the device is managed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ProfileType</maml:name> <maml:description> <maml:para>Specifies the profile type of the device. Possible values: RegisteredDevice (default), SecureVM, Printer, Shared, IoT.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SystemLabels</maml:name> <maml:description> <maml:para>Specifies list of labels applied to the device by the system.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeSecurityIds</maml:name> <maml:description> <maml:para>Specifies alternative security IDs.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AlternativeSecurityId]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ApproximateLastLogonTimeStamp</maml:name> <maml:description> <maml:para>The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Supports $filter (eq, ne, not, ge, le, and eq on null values) and $orderby.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.DateTime</command:parameterValue> <dev:type> <maml:name>System.DateTime</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceId</maml:name> <maml:description> <maml:para>Specifies the device ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceMetadata</maml:name> <maml:description> <maml:para>The device metadata for this device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceObjectVersion</maml:name> <maml:description> <maml:para>Specifies the object version of the device.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSType</maml:name> <maml:description> <maml:para>Specifies the operating system.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceOSVersion</maml:name> <maml:description> <maml:para>Specifies the operating system version.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DevicePhysicalIds</maml:name> <maml:description> <maml:para>Specifies the physical ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DeviceTrustType</maml:name> <maml:description> <maml:para>Specifies the device trust type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsCompliant</maml:name> <maml:description> <maml:para>Indicates whether the device is compliant.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsManaged</maml:name> <maml:description> <maml:para>Indicates whether the device is managed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the object ID of a device in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ProfileType</maml:name> <maml:description> <maml:para>Specifies the profile type of the device. Possible values: RegisteredDevice (default), SecureVM, Printer, Shared, IoT.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SystemLabels</maml:name> <maml:description> <maml:para>Specifies list of labels applied to the device by the system.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Update a device display name -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission Set-EntraDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DisplayName 'My OS/2 computer'</dev:code> <dev:remarks> <maml:para>This example shows how to update a display name of a specified.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 2: Update a device alternative security ID ------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission $NewId= New-Object Microsoft.Open.AzureAD.Model.AlternativeSecurityId $NewId.Key =[System.Text.Encoding]::UTF8.GetBytes('test') $NewId.type = 2 Set-EntraDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AlternativeSecurityIds $NewId</dev:code> <dev:remarks> <maml:para>This example shows how to update an alternative security ID of a specified device.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 3: Update a device account enabled ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission Set-EntraDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -AccountEnabled $true</dev:code> <dev:remarks> <maml:para>This example shows how to update an account enabled of a specified device.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 4: Update a device OS type --------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission Set-EntraDevice -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -DeviceOSType Windows</dev:code> <dev:remarks> <maml:para>This example shows how to update an OS type of a specified device.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------------ Example 5: Update a device ------------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' #Delegated Permission Connect-Entra -Scopes 'Device.ReadWrite.All' #Application Permission $params = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' DeviceMetadata = 'Testdevice' DeviceObjectVersion = 4 DevicePhysicalIds = '[GID]:g:1234567890123456' IsCompliant = $false } Set-EntraDevice @params</dev:code> <dev:remarks> <maml:para>This example shows how to update multiple properties of a specified device.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraDevice</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDevice</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraDirSyncConfiguration</command:name> <command:verb>Set</command:verb> <command:noun>EntraDirSyncConfiguration</command:noun> <maml:description> <maml:para>Modifies the directory synchronization settings.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraDirSyncConfiguration` cmdlet modifies the directory synchronization settings.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraDirSyncConfiguration</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AccidentalDeletionThreshold</maml:name> <maml:description> <maml:para>Specifies the accidental deletion prevention configuration for a tenant.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.UInt32</command:parameterValue> <dev:type> <maml:name>System.UInt32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the tenant on which to perform the operation. The default value is the tenant of the current user. This parameter applies only to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>AccidentalDeletionThreshold</maml:name> <maml:description> <maml:para>Specifies the accidental deletion prevention configuration for a tenant.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.UInt32</command:parameterValue> <dev:type> <maml:name>System.UInt32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the tenant on which to perform the operation. The default value is the tenant of the current user. This parameter applies only to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.UInt32</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> <command:inputType> <dev:type> <maml:name>System.Guid</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- For additional details see Update onPremisesDirectorySynchronization (/graph/api/onpremisesdirectorysynchronization-update).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------ Example 1: Set directory synchronization settings ------</maml:title> <dev:code>Set-EntraDirSyncConfiguration -AccidentalDeletionThreshold 600 -Force</dev:code> <dev:remarks> <maml:para>This command sets directory synchronization settings.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Set directory synchronization settings for a Tenant</maml:title> <dev:code>$params = @{ AccidentalDeletionThreshold = 600 TenantId = 'bbbbcccc-1111-dddd-2222-eeee3333ffff' Force = $true } Set-EntraDirSyncConfiguration @params</dev:code> <dev:remarks> <maml:para>This command sets directory synchronization settings.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraDirSyncConfiguration</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirSyncConfiguration</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraDirSyncFeature</command:name> <command:verb>Set</command:verb> <command:noun>EntraDirSyncFeature</command:noun> <maml:description> <maml:para>Used to set identity synchronization features for a tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraDirSyncFeature` cmdlet sets identity synchronization features for a tenant. You can use the following synchronization features with this cmdlet: - EnableSoftMatchOnUpn : Soft match is the process used to link an object being synced from on-premises for the first time with one that already exists in the cloud. When this feature is enabled, soft match is attempted using the standard logic, based on the primary SMTP address. If a match isn't found based on primary SMTP, then a match is attempted based on UserPrincipalName. Once this feature is enabled, it can't be disabled. - PasswordSync : Used to indicate on-premise password synchronization. - SynchronizeUpnForManagedUsers : Allows for the synchronization of UserPrincipalName updates from on-premises for managed (nonfederated) users that are assigned a license. These updates are blocked if this feature isn't enabled. Once this feature is enabled, it can't be disabled. - BlockSoftMatch : When this feature is enabled, it blocks the soft match feature. Customers are encouraged to enable this feature and keep it enabled until soft matching is required again for their tenancy. This flag should be enabled again after any soft matching is completed and is no longer needed. - BlockCloudObjectTakeoverThroughHardMatch : Used to block cloud object takeover via source anchor hard match.</maml:para> <maml:para>Enabling some of these features, such as EnableSoftMatchOnUpn and SynchronizationUpnForManagedUsers, is a permanent operation. You can't disable these features once they're enabled.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraDirSyncFeature</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Feature</maml:name> <maml:description> <maml:para>The DirSync feature to turn on or off.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Enable</maml:name> <maml:description> <maml:para>Indicates whether the specified features are turned on for the company.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Feature</maml:name> <maml:description> <maml:para>The DirSync feature to turn on or off.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>Enable</maml:name> <maml:description> <maml:para>Indicates whether the specified features are turned on for the company.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>The unique ID of the tenant to perform the operation on. If this isn't provided then the value defaults to the tenant of the current user. This parameter is only applicable to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Force</maml:name> <maml:description> <maml:para>Forces the command to run without asking for user confirmation.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>- For additional details see Update onPremisesDirectorySynchronization (/graph/api/onpremisesdirectorysynchronization-update). - For the feature list see the onPremisesDirectorySynchronizationFeature resource type (/graph/api/resources/onpremisesdirectorysynchronizationfeature).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Enable a feature for the tenant ----------</maml:title> <dev:code>Connect-Entra -Scopes 'OnPremDirectorySynchronization.ReadWrite.All' $params = @{ Feature = 'EnableSoftMatchOnUpn' Enable = $True } Set-EntraDirSyncFeature @params</dev:code> <dev:remarks> <maml:para>This command enables the SoftMatchOnUpn feature for the tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Block Soft Matching for the tenant --------</maml:title> <dev:code>Connect-Entra -Scopes 'OnPremDirectorySynchronization.ReadWrite.All' $params = @{ Feature = 'BlockSoftMatch' Enable = $True } Set-EntraDirSyncFeature @params</dev:code> <dev:remarks> <maml:para>This command enables the BlockSoftMatch feature for the tenant - effectively blocking the Soft Matching feature in the tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Block Cloud object takeover through Hard Matching for the tenant</maml:title> <dev:code>Connect-Entra -Scopes 'OnPremDirectorySynchronization.ReadWrite.All' $params = @{ Feature = 'BlockCloudObjectTakeoverThroughHardMatch' Enable = $True } Set-EntraDirSyncFeature @params</dev:code> <dev:remarks> <maml:para>This command enables the BlockCloudObjectTakeoverThroughHardMatch feature for the tenant - effectively blocking the Hard Match object takeover.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraDirSyncFeature</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDirSyncFeature</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraDomain</command:name> <command:verb>Set</command:verb> <command:noun>EntraDomain</command:noun> <maml:description> <maml:para>Updates a domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraDomain` cmdlet updates a domain in Microsoft Entra ID.</maml:para> <maml:para>The work or school account needs to belong to at least one of the following Microsoft Entra roles:</maml:para> <maml:para>- Domain Name Administrator</maml:para> <maml:para>- Security Administrator</maml:para> <maml:para>- External Identity Provider Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraDomain</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDefault</maml:name> <maml:description> <maml:para>Indicates whether or not this is the default domain used for user creation. There's only one default domain per company.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The fully qualified name of the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SupportedServices</maml:name> <maml:description> <maml:para>The capabilities assigned to the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsDefault</maml:name> <maml:description> <maml:para>Indicates whether or not this is the default domain used for user creation. There's only one default domain per company.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The fully qualified name of the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SupportedServices</maml:name> <maml:description> <maml:para>The capabilities assigned to the domain.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Set the domain as the default domain for new user account creation</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' Set-EntraDomain -Name Contoso.com -IsDefault $true</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set default domain for new user account in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------- Example 2: Set the list of domain capabilities --------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' Set-EntraDomain -Name Contoso.com -SupportedServices @('Email', 'OfficeCommunicationsOnline')</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set domain capabilities for new user account in Microsoft Entra ID. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraDomain</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Confirm-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraDomain</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraDomainFederationSettings</command:name> <command:verb>Set</command:verb> <command:noun>EntraDomainFederationSettings</command:noun> <maml:description> <maml:para>Updates settings for a federated domain.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraDomainFederationSettings` cmdlet is used to update the settings of a single sign-on domain.</maml:para> <maml:para>For delegated scenarios, the calling user must be assigned at least one of the following Microsoft Entra roles:</maml:para> <maml:para>- Domain Name Administrator</maml:para> <maml:para>- External Identity Provider Administrator</maml:para> <maml:para>- Hybrid Identity Administrator</maml:para> <maml:para>- Security Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraDomainFederationSettings</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The fully qualified domain name (FQDN) to update.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="10" aliases="none"> <maml:name>PreferredAuthenticationProtocol</maml:name> <maml:description> <maml:para>Specifies the preferred authentication protocol.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="11" aliases="none"> <maml:name>SigningCertificateUpdateStatus</maml:name> <maml:description> <maml:para>Specifies the update status of the signing certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Object</command:parameterValue> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="12" aliases="none"> <maml:name>PromptLoginBehavior</maml:name> <maml:description> <maml:para>Specifies the prompt sign-in behavior.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>SigningCertificate</maml:name> <maml:description> <maml:para>The current certificate used to sign tokens passed to the Microsoft Entra ID Identity platform.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>NextSigningCertificate</maml:name> <maml:description> <maml:para>The next token signing certificate that will be used to sign tokens when the primary signing certificate expires.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="4" aliases="none"> <maml:name>LogOffUri</maml:name> <maml:description> <maml:para>The URL clients are redirected to when they sign out of Microsoft Entra ID services.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="5" aliases="none"> <maml:name>PassiveLogOnUri</maml:name> <maml:description> <maml:para>The URL that web-based clients are directed to when signing in to Microsoft Entra ID services.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="6" aliases="none"> <maml:name>ActiveLogOnUri</maml:name> <maml:description> <maml:para>A URL that specifies the end point used by active clients when authenticating with domains set up for single sign-on (also known as identity federation) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="7" aliases="none"> <maml:name>IssuerUri</maml:name> <maml:description> <maml:para>The unique identifier of the domain in the Microsoft Entra ID Identity platform derived from the federation server.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="8" aliases="none"> <maml:name>FederationBrandName</maml:name> <maml:description> <maml:para>The name of the string value shown to users when signing in to Microsoft Entra ID. We recommend that customers use something that is familiar to users such as "Contoso Inc."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="9" aliases="none"> <maml:name>MetadataExchangeUri</maml:name> <maml:description> <maml:para>The URL that specifies the metadata exchange end point used for authentication from rich client applications such as Lync Online.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none"> <maml:name>DomainName</maml:name> <maml:description> <maml:para>The fully qualified domain name (FQDN) to update.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="2" aliases="none"> <maml:name>SigningCertificate</maml:name> <maml:description> <maml:para>The current certificate used to sign tokens passed to the Microsoft Entra ID Identity platform.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="3" aliases="none"> <maml:name>NextSigningCertificate</maml:name> <maml:description> <maml:para>The next token signing certificate that will be used to sign tokens when the primary signing certificate expires.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="4" aliases="none"> <maml:name>LogOffUri</maml:name> <maml:description> <maml:para>The URL clients are redirected to when they sign out of Microsoft Entra ID services.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="5" aliases="none"> <maml:name>PassiveLogOnUri</maml:name> <maml:description> <maml:para>The URL that web-based clients are directed to when signing in to Microsoft Entra ID services.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="6" aliases="none"> <maml:name>ActiveLogOnUri</maml:name> <maml:description> <maml:para>A URL that specifies the end point used by active clients when authenticating with domains set up for single sign-on (also known as identity federation) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="7" aliases="none"> <maml:name>IssuerUri</maml:name> <maml:description> <maml:para>The unique identifier of the domain in the Microsoft Entra ID Identity platform derived from the federation server.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="8" aliases="none"> <maml:name>FederationBrandName</maml:name> <maml:description> <maml:para>The name of the string value shown to users when signing in to Microsoft Entra ID. We recommend that customers use something that is familiar to users such as "Contoso Inc."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="9" aliases="none"> <maml:name>MetadataExchangeUri</maml:name> <maml:description> <maml:para>The URL that specifies the metadata exchange end point used for authentication from rich client applications such as Lync Online.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="10" aliases="none"> <maml:name>PreferredAuthenticationProtocol</maml:name> <maml:description> <maml:para>Specifies the preferred authentication protocol.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="11" aliases="none"> <maml:name>SigningCertificateUpdateStatus</maml:name> <maml:description> <maml:para>Specifies the update status of the signing certificate.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Object</command:parameterValue> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="12" aliases="none"> <maml:name>PromptLoginBehavior</maml:name> <maml:description> <maml:para>Specifies the prompt sign-in behavior.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Set the PromptLoginBehavior ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Domain.ReadWrite.All' $params = @{ DomainName = 'contoso.com' PreferredAuthenticationProtocol = 'WsFed' PromptLoginBehavior = 'TranslateToFreshPasswordAuth' # Or 'NativeSupport' or 'Disabled', depending on the requirement } Set-EntraDomainFederationSettings @params</dev:code> <dev:remarks> <maml:para>This command updates the `PromptLoginBehavior` to either `TranslateToFreshPasswordAuth`, `NativeSupport`, or `Disabled`. These possible values are described:</maml:para> <maml:para>- `TranslateToFreshPasswordAuth` - means the default Microsoft Entra ID behavior of translating `prompt=login` to `wauth=https://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password` and `wfresh=0`.</maml:para> <maml:para>- `NativeSupport` - means that the `prompt=login` parameter is sent as is to ADFS.</maml:para> <maml:para>- `Disabled` - means that only wfresh=0 is sent to ADFS</maml:para> <maml:para></maml:para> <maml:para>Use the `Get-EntraDomainFederationSettings -DomainName <your_domain_name> | Format-List *` to get the values for `PreferredAuthenticationProtocol` and `PromptLoginBehavior` for the federated domain.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraDomainFederationSettings</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraDomainFederationSettings</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraGroup</command:name> <command:verb>Set</command:verb> <command:noun>EntraGroup</command:noun> <maml:description> <maml:para>Sets the properties for an existing Microsoft Entra ID group.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraGroup cmdlet sets the properties for an existing Microsoft Entra ID group.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraGroup</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupTypes</maml:name> <maml:description> <maml:para>Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the object ID of a group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailEnabled</maml:name> <maml:description> <maml:para>Indicates whether this group is mail enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickname</maml:name> <maml:description> <maml:para>Specifies a mail nickname for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityEnabled</maml:name> <maml:description> <maml:para>Indicates whether the group is security enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Visibility</maml:name> <maml:description> <maml:para>Specifies the visibility of the group's content and members list. This parameter can take one of the following values:</maml:para> <maml:para>* "Public": Anyone can view the contents of the group.</maml:para> <maml:para>* "Private": Only members can view the content of the group.</maml:para> <maml:para>* "HiddenMembership": Only members can view the content of the group and only members, owners, Global/Company Administrator, User Administrator, and Helpdesk Administrators can view the members list of the group.</maml:para> <maml:para></maml:para> <maml:para>If no value is provided, the default value is "Public."</maml:para> <maml:para>Notes:</maml:para> <maml:para>* This parameter is only valid for groups that have the groupType set to "Unified."</maml:para> <maml:para>* If a group has this attribute set to "HiddenMembership," it can't be changed later.</maml:para> <maml:para>* Anyone can join a group that has this attribute set to "Public." If the attribute is set to Private or HiddenMembership, only owner can add new members to the group and requests to join the group need approval of the owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsAssignableToRole</maml:name> <maml:description> <maml:para>This property can only be set at the time of group creation and can't be modified on an existing group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupTypes</maml:name> <maml:description> <maml:para>Specifies that the group is a dynamic group. To create a dynamic group, specify a value of DynamicMembership.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the object ID of a group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailEnabled</maml:name> <maml:description> <maml:para>Indicates whether this group is mail enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickname</maml:name> <maml:description> <maml:para>Specifies a mail nickname for the group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityEnabled</maml:name> <maml:description> <maml:para>Indicates whether the group is security enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Visibility</maml:name> <maml:description> <maml:para>Specifies the visibility of the group's content and members list. This parameter can take one of the following values:</maml:para> <maml:para>* "Public": Anyone can view the contents of the group.</maml:para> <maml:para>* "Private": Only members can view the content of the group.</maml:para> <maml:para>* "HiddenMembership": Only members can view the content of the group and only members, owners, Global/Company Administrator, User Administrator, and Helpdesk Administrators can view the members list of the group.</maml:para> <maml:para></maml:para> <maml:para>If no value is provided, the default value is "Public."</maml:para> <maml:para>Notes:</maml:para> <maml:para>* This parameter is only valid for groups that have the groupType set to "Unified."</maml:para> <maml:para>* If a group has this attribute set to "HiddenMembership," it can't be changed later.</maml:para> <maml:para>* Anyone can join a group that has this attribute set to "Public." If the attribute is set to Private or HiddenMembership, only owner can add new members to the group and requests to join the group need approval of the owner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsAssignableToRole</maml:name> <maml:description> <maml:para>This property can only be set at the time of group creation and can't be modified on an existing group.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Update a group display name ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Set-EntraGroup -Id 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn' -DisplayName 'UPDATE helpdesk'</dev:code> <dev:remarks> <maml:para>This command updates the display name of a specified group in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 2: Update a group description ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Set-EntraGroup -Id 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn' -Description 'This is my new group'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update a group description. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 3: Update a group mail nickname -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Set-EntraGroup -Id 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn' -MailNickName 'newnickname'</dev:code> <dev:remarks> <maml:para>This command updates the mail nickname of a specified group in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 4: Update a group security enabled ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Set-EntraGroup -Id 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn' -SecurityEnabled $true</dev:code> <dev:remarks> <maml:para>This command updates the security enabled of a specified group in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 5: Update a group mail enabled ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Group.ReadWrite.All' Set-EntraGroup -Id 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn' -MailEnabled $false</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update a group main enabled. </maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 6: Update a property for a group -----------</maml:title> <dev:code>Set-EntraGroup -Id 'kkkkkkkk-3333-5555-1111-nnnnnnnnnnnn' -Visibility 'Private' -GroupTypes 'DynamicMembership' -IsAssignableToRole $true</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update a property for an existing Microsoft Entra ID group. </maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraGroup</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroup</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraGroupLifecyclePolicy</command:name> <command:verb>Set</command:verb> <command:noun>EntraGroupLifecyclePolicy</command:noun> <maml:description> <maml:para>Updates a specific group Lifecycle Policy in Microsoft Entra ID.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraGroupLifecyclePolicy command updates a specific group Lifecycle Policy in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraGroupLifecyclePolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternateNotificationEmails</maml:name> <maml:description> <maml:para>Notification emails for groups that have no owners are sent to these email addresses. List of email addresses separated by a ";".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupLifetimeInDays</maml:name> <maml:description> <maml:para>The number of days a group can exist before it needs to be renewed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a groupLifecyclePolicies object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ManagedGroupTypes</maml:name> <maml:description> <maml:para>Allows the admin to select which office 365 groups the policy applies to. "None" create the policy in a disabled state. "All" apply the policy to every Office 365 group in the tenant. "Selected" allow the admin to choose specific Office 365 groups that the policy applies to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternateNotificationEmails</maml:name> <maml:description> <maml:para>Notification emails for groups that have no owners are sent to these email addresses. List of email addresses separated by a ";".</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GroupLifetimeInDays</maml:name> <maml:description> <maml:para>The number of days a group can exist before it needs to be renewed.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a groupLifecyclePolicies object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ManagedGroupTypes</maml:name> <maml:description> <maml:para>Allows the admin to select which office 365 groups the policy applies to. "None" create the policy in a disabled state. "All" apply the policy to every Office 365 group in the tenant. "Selected" allow the admin to choose specific Office 365 groups that the policy applies to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------- Example 1: Updates group lifecycle policy ----------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.ReadWrite.All' Set-EntraGroupLifecyclePolicy -Id '1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5' -GroupLifetimeInDays 200 -AlternateNotificationEmails 'admingroup@contoso.com' -ManagedGroupTypes 'All' Id AlternateNotificationEmails GroupLifetimeInDays ManagedGroupTypes -- --------------------------- ------------------- ----------------- 1aaaaaa1-2bb2-3cc3-4dd4-5eeeeeeeeee5 admingroup@contoso.com 200 All</dev:code> <dev:remarks> <maml:para>This command is used to set the properties of a specific Microsoft Group Lifecycle Policy.</maml:para> <maml:para>- The `-Id` parameter specifies the ID of the Lifecycle Policy to be modified.</maml:para> <maml:para>- The `-GroupLifetimeInDays` parameter sets the lifetime of the groups in the policy to 200 days. The GroupLifetimeInDays represents the number of days before a group expires and needs to be renewed. Once renewed, the group expiration is extended by the number of days defined.</maml:para> <maml:para>- The `-AlternateNotificationEmails` parameter sets the email address that receives notifications about the policy. Multiple email address can be defined by separating email address with a semicolon.</maml:para> <maml:para>- The `-ManagedGroupTypes` parameter sets the types of groups that the policy manages. Possible values are `All`, `Selected`, or `None`.</maml:para> <maml:para></maml:para> <maml:para>In this case, "All" suggests that the policy manages all types of groups.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraGroupLifecyclePolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraGroupLifecyclePolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraIdentityProvider</command:name> <command:verb>Set</command:verb> <command:noun>EntraIdentityProvider</command:noun> <maml:description> <maml:para>This cmdlet is used to update the properties of an existing identity provider configured in the directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet can be used to update the properties of an existing identity provider. The type of the identity provider can't be modified.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraIdentityProvider</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The client ID for the application. This is the client ID obtained when registering the application with the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The client secret for the application. This is the client secret obtained when registering the application with the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier for an identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The display name of the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>The identity provider type. It must be one of the following values: Microsoft, Google, Facebook, Amazon, or LinkedIn.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientId</maml:name> <maml:description> <maml:para>The client ID for the application. This is the client ID obtained when registering the application with the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientSecret</maml:name> <maml:description> <maml:para>The client secret for the application. This is the client secret obtained when registering the application with the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier for an identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Name</maml:name> <maml:description> <maml:para>The display name of the identity provider.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>The identity provider type. It must be one of the following values: Microsoft, Google, Facebook, Amazon, or LinkedIn.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----- Example 1: Update client id of an identity provider -----</maml:title> <dev:code>PS C:\> Set-EntraIdentityProvider -Id LinkedIn-OAUTH -ClientId NewClientId</dev:code> <dev:remarks> <maml:para>This example updates the client ID for the specified identity provider.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 2: Update client secret of an identity provider ---</maml:title> <dev:code>PS C:\> Set-EntraIdentityProvider -Id LinkedIn-OAUTH -ClientSecret NewClientSecret</dev:code> <dev:remarks> <maml:para>This example updates the client secret for the specified identity provider.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 3: Update display name of an identity provider ----</maml:title> <dev:code>PS C:\> Set-EntraIdentityProvider -Id LinkedIn-OAUTH -Name NewName</dev:code> <dev:remarks> <maml:para>This example updates the display name for the specified identity provider.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraIdentityProvider</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraNamedLocationPolicy</command:name> <command:verb>Set</command:verb> <command:noun>EntraNamedLocationPolicy</command:noun> <maml:description> <maml:para>Updates a named location policy in Microsoft Entra ID by PolicyId.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows an admin to update a named location policy in Microsoft Entra ID by PolicyId.</maml:para> <maml:para>Conditional access policies are custom rules that define an access scenario.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraNamedLocationPolicy</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OdataType</maml:name> <maml:description> <maml:para>Specifies the OData type of a named location policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IpRanges</maml:name> <maml:description> <maml:para>Specifies the ip ranges of the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsTrusted</maml:name> <maml:description> <maml:para>Specifies the isTrusted value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CountriesAndRegions</maml:name> <maml:description> <maml:para>Specifies the countries and regions for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IncludeUnknownCountriesAndRegions</maml:name> <maml:description> <maml:para>Specifies the includeUnknownCountriesAndRegions value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OdataType</maml:name> <maml:description> <maml:para>Specifies the OData type of a named location policy object in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IpRanges</maml:name> <maml:description> <maml:para>Specifies the ip ranges of the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsTrusted</maml:name> <maml:description> <maml:para>Specifies the isTrusted value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CountriesAndRegions</maml:name> <maml:description> <maml:para>Specifies the countries and regions for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.CountriesAndRegion]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IncludeUnknownCountriesAndRegions</maml:name> <maml:description> <maml:para>Specifies the includeUnknownCountriesAndRegions value for the named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the ID of a named location policy in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Update an IP named location policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $params = @{ PolicyId = '2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6' OdataType = '#microsoft.graph.ipNamedLocation' IsTrusted = $false } Set-EntraNamedLocationPolicy @params</dev:code> <dev:remarks> <maml:para>This example shows how to update an IP named location policy in Microsoft Entra ID by PolicyId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Update a country named location policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $params = @{ PolicyId = '2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6' OdataType = '#microsoft.graph.countryNamedLocation' IncludeUnknownCountriesAndRegions = $true } Set-EntraNamedLocationPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates a country named location policy in Microsoft Entra ID by PolicyId.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Update display name of a named location policy in Microsoft Entra ID by PolicyId</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess' $params = @{ PolicyId = '2bbbbbb2-3cc3-4dd4-5ee5-6ffffffffff6' OdataType = '#microsoft.graph.ipNamedLocation' DisplayName = 'NewName' } Set-EntraNamedLocationPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates display name of named location policy in Microsoft Entra ID by PolicyId.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraNamedLocationPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraNamedLocationPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraPartnerInformation</command:name> <command:verb>Set</command:verb> <command:noun>EntraPartnerInformation</command:noun> <maml:description> <maml:para>Sets company information for partners.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraPartnerInformation` cmdlet is used by partners to set partner-specific properties. These properties can view by all tenants that the partner has access to.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraPartnerInformation</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerCommerceUrl</maml:name> <maml:description> <maml:para>Specifies the URL for the partner's commerce website.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerHelpUrl</maml:name> <maml:description> <maml:para>Specifies the URL for the partner's Help website.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerSupportEmails</maml:name> <maml:description> <maml:para>Specifies the support email address for the partner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerSupportTelephones</maml:name> <maml:description> <maml:para>Specifies the support telephone numbers for the partner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerSupportUrl</maml:name> <maml:description> <maml:para>Specifies the URL for the partner's support website.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the tenant on which to perform the operation. The default value is the tenant of the current user. This parameter applies only to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>CompanyType</maml:name> <maml:description> <maml:para>Specifies the partner's company type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CompanyType</command:parameterValue> <dev:type> <maml:name>CompanyType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerCompanyName</maml:name> <maml:description> <maml:para>Specifies the partner's company name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerCommerceUrl</maml:name> <maml:description> <maml:para>Specifies the URL for the partner's commerce website.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerHelpUrl</maml:name> <maml:description> <maml:para>Specifies the URL for the partner's Help website.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerSupportEmails</maml:name> <maml:description> <maml:para>Specifies the support email address for the partner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerSupportTelephones</maml:name> <maml:description> <maml:para>Specifies the support telephone numbers for the partner.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerSupportUrl</maml:name> <maml:description> <maml:para>Specifies the URL for the partner's support website.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>TenantId</maml:name> <maml:description> <maml:para>Specifies the unique ID of the tenant on which to perform the operation. The default value is the tenant of the current user. This parameter applies only to partner users.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>CompanyType</maml:name> <maml:description> <maml:para>Specifies the partner's company type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CompanyType</command:parameterValue> <dev:type> <maml:name>CompanyType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases="none"> <maml:name>PartnerCompanyName</maml:name> <maml:description> <maml:para>Specifies the partner's company name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---------------- Example 1: Update the help URL ----------------</maml:title> <dev:code>Set-EntraPartnerInformation -PartnerHelpUrl 'http://www.help.contoso.com'</dev:code> <dev:remarks> <maml:para>This command updates the help URL for this partner.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 2: Update the Support URL --------------</maml:title> <dev:code>Set-EntraPartnerInformation -PartnerSupportUrl 'http://www.test1.com'</dev:code> <dev:remarks> <maml:para>This command updates the Support URL for this partner.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------- Example 3: Update the Commerce URL --------------</maml:title> <dev:code>Set-EntraPartnerInformation -PartnerCommerceUrl 'http://www.test1.com'</dev:code> <dev:remarks> <maml:para>This command updates the Commerce URL for this partner.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 4: Update the SupportEmails -------------</maml:title> <dev:code>Set-EntraPartnerInformation -PartnerSupportEmails 'contoso@example.com'</dev:code> <dev:remarks> <maml:para>This command updates the SupportEmails for this partner.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----------- Example 5: Update the SupportTelephones -----------</maml:title> <dev:code>$params = @{ PartnerSupportTelephones = '234234234' TenantId = 'bbbbcccc-1111-dddd-2222-eeee3333ffff' } Set-EntraPartnerInformation @params</dev:code> <dev:remarks> <maml:para>This command updates the SupportTelephones for this partner.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraPartnerInformation</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPartnerInformation</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraPermissionGrantConditionSet</command:name> <command:verb>Set</command:verb> <command:noun>EntraPermissionGrantConditionSet</command:noun> <maml:description> <maml:para>Update an existing Microsoft Entra ID permission grant condition set.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Updates a Microsoft Entra ID permission grant condition set object identified by ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraPermissionGrantConditionSet</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant condition set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specific type of permissions (application, delegated) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionClassification</maml:name> <maml:description> <maml:para>Specific classification (all, low, medium, high) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be @("All") or a list of permission ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationIds</maml:name> <maml:description> <maml:para>The set of client application ids to scope consent operation down to. It could be @("All") or a list of client application Ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationTenantIds</maml:name> <maml:description> <maml:para>The set of client application tenant ids to scope consent operation down to. It could be @("All") or a list of client application tenant ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationPublisherIds</maml:name> <maml:description> <maml:para>The set of client applications publisher ids to scope consent operation down to. It could be @("All") or a list of client application publisher ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationsFromVerifiedPublisherOnly</maml:name> <maml:description> <maml:para>A value indicates whether to only includes client applications from verified publishers.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceApplication</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be "Any" or a specific resource application id.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>PolicyId</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant policy object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ConditionSetType</maml:name> <maml:description> <maml:para>The value indicates whether the condition sets are included in the policy or excluded.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of a Microsoft Entra ID permission grant condition set object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionType</maml:name> <maml:description> <maml:para>Specific type of permissions (application, delegated) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PermissionClassification</maml:name> <maml:description> <maml:para>Specific classification (all, low, medium, high) to scope consent operation down to.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Permissions</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be @("All") or a list of permission ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationIds</maml:name> <maml:description> <maml:para>The set of client application ids to scope consent operation down to. It could be @("All") or a list of client application Ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationTenantIds</maml:name> <maml:description> <maml:para>The set of client application tenant ids to scope consent operation down to. It could be @("All") or a list of client application tenant ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationPublisherIds</maml:name> <maml:description> <maml:para>The set of client applications publisher ids to scope consent operation down to. It could be @("All") or a list of client application publisher ids.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ClientApplicationsFromVerifiedPublisherOnly</maml:name> <maml:description> <maml:para>A value indicates whether to only includes client applications from verified publishers.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceApplication</maml:name> <maml:description> <maml:para>The identifier of the resource application to scope consent operation down to. It could be "Any" or a specific resource application id.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Update a permission grant condition set to includes permissions that is classified as low</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ PolicyId = 'policy1' ConditionSetType = 'includes' Id = '665a9903-0398-48ab-b4e9-7a570d468b66' PermissionClassification = 'Low' } Set-EntraPermissionGrantConditionSet @params</dev:code> <dev:remarks> <maml:para>This command updates sets the specified permission grant set to classify as low.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 2: Update a permission grant condition set ------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ PolicyId = 'policy1' ConditionSetType = 'includes' Id = 'aaaa0000-bb11-2222-33cc-444444dddddd' PermissionType = 'Delegated' PermissionClassification = 'Low' ResourceApplication = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' Permissions = @('29bf4ca5-913e-427d-8a68-5890af945109') ClientApplicationIds = @('All') ClientApplicationTenantIds = @('All') ClientApplicationPublisherIds = @('All') ClientApplicationsFromVerifiedPublisherOnly = $true } Set-EntraPermissionGrantConditionSet @params</dev:code> <dev:remarks> <maml:para>This command updates sets the specified permission grant set.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraPermissionGrantConditionSet</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPermissionGrantConditionSet</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraPermissionGrantPolicy</command:name> <command:verb>Set</command:verb> <command:noun>EntraPermissionGrantPolicy</command:noun> <maml:description> <maml:para>Updates a permission grant policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraPermissionGrantPolicy command updates a Microsoft Entra ID permission grant policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraPermissionGrantPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies the description of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies the description of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>Specifies the unique identifier of the permission grant policy.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--- Example 1: Update description of permission grant policy ---</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ Id = 'my_permission_grant_policy_id' Description = 'Updated description' } Set-EntraPermissionGrantPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates the description of the specified permission grant policy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 2: Update display name of permission grant policy --</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant' $params = @{ Id = 'my_permission_grant_policy_id' DisplayName = 'Updated DisplayName' } Set-EntraPermissionGrantPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates the display name of the specified permission grant policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraPermissionGrantPolicy</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPermissionGrantPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraPolicy</command:name> <command:verb>Set</command:verb> <command:noun>EntraPolicy</command:noun> <maml:description> <maml:para>Updates a policy.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraPolicy` cmdlet sets a policy in Microsoft Entra ID. Specify `Id` parameter to updates specific policy.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraPolicy</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Definition</maml:name> <maml:description> <maml:para>Specifies the array of stringified JSON that contains all the rules of the policy. For example -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"20:00:00"}}').</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsOrganizationDefault</maml:name> <maml:description> <maml:para>True if this policy is the organizational default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of policy. For token lifetimes, use "TokenLifetimePolicy."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the policy for which you want to set values.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Definition</maml:name> <maml:description> <maml:para>Specifies the array of stringified JSON that contains all the rules of the policy. For example -Definition @('{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"20:00:00"}}').</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsOrganizationDefault</maml:name> <maml:description> <maml:para>True if this policy is the organizational default.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specifies the type of policy. For token lifetimes, use "TokenLifetimePolicy."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The ID of the policy for which you want to set values.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------- Example 1: Update a policy display name -----------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration' $params = @{ Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' DisplayName = 'NewUpdated' } Set-EntraPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates display name of the specified policy in Microsoft Entra ID.</maml:para> <maml:para>- `-Id` - Specifies the ID of the policy for which you want to set values.</maml:para> <maml:para>- `DisplayName` - Specifies the display name.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------ Example 2: Update a policy definition ------------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration' $params = @{ Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Definition = @('{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}') } Set-EntraPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates definition of the specified policy in Microsoft Entra ID.</maml:para> <maml:para>- `-Id` - Specifies the ID of the policy for which you want to set values.</maml:para> <maml:para>- `Definition` - Specifies the array of stringified JSON that contains all the rules of the policy. In this example, `@('{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}')` represents definition of the activityBasedTimeoutPolicy.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------- Example 3: Update a policy organization default -------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration' $params = @{ Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' IsOrganizationDefault = $false } Set-EntraPolicy @params</dev:code> <dev:remarks> <maml:para>This command updates organization default of the specified policy in Microsoft Entra ID.</maml:para> <maml:para>- `-Id` - Specifies the ID of the policy for which you want to set values.</maml:para> <maml:para>- `-IsOrganizationDefault` If true, activates this policy. Only one policy of the same type can be the organization default. Optional, default is false.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------------- Example 4: Update policy type ----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration' $params = @{ Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' Type = 'ActivityBasedTimeoutPolicy' } Set-EntraPolicy @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update the `type` property of a specified policy in Microsoft Entra ID.</maml:para> <maml:para>- `-Id` - Specifies the ID of the policy for which you want to set values.</maml:para> <maml:para>- `-Type` - Specifies the type of policy. In this example, `ActivityBasedTimeoutPolicy` represents the type of policy.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Get-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraPolicy</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraRoleDefinition</command:name> <command:verb>Set</command:verb> <command:noun>EntraRoleDefinition</command:noun> <maml:description> <maml:para>Update an existing Microsoft Entra ID roleDefinition.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Updates a Microsoft Entra roleDefinition object identified by ID. You cannot update built-in roles. This feature requires a Microsoft Entra ID P1 or P2 license.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraRoleDefinition</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition. List of permissions included in the role. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies template ID for the role definition. Custom template identifier that can be set when `isBuiltIn1 is 1false`. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition. Indicates version of the role definition. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Id</maml:name> <maml:description> <maml:para>The unique identifier of an object in Microsoft Entra ID</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Description</maml:name> <maml:description> <maml:para>Specifies a description for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies a display name for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>IsEnabled</maml:name> <maml:description> <maml:para>Specifies whether the role definition is enabled. Flag indicating if the role is enabled for assignment. If false, the role is not available for assignment. Read-only when `isBuiltIn` is true.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ResourceScopes</maml:name> <maml:description> <maml:para>Specifies the resource scopes for the role definition.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>RolePermissions</maml:name> <maml:description> <maml:para>Specifies permissions for the role definition. List of permissions included in the role. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.RolePermission]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TemplateId</maml:name> <maml:description> <maml:para>Specifies template ID for the role definition. Custom template identifier that can be set when `isBuiltIn1 is 1false`. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Version</maml:name> <maml:description> <maml:para>Specifies version for the role definition. Indicates version of the role definition. Read-only when `isBuiltIn` is `true`.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>String</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Update an roleDefinition -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Set-EntraRoleDefinition -ID a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -DisplayName 'UpdatedDisplayName'</dev:code> <dev:remarks> <maml:para>This example updates the specified role definition in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>----- Example 2: Update an roleDefinition with Description -----</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Set-EntraRoleDefinition -Id a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -Description 'MYROLEUPDATE1S'</dev:code> <dev:remarks> <maml:para>This example updates the Description of specified role definition in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 3: Update an roleDefinition with IsEnabled ------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' Set-EntraRoleDefinition -Id a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1 -IsEnabled $true</dev:code> <dev:remarks> <maml:para>This example updates the IsEnabled of specified role definition in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------------- Example 4: Update an roleDefinition -------------</maml:title> <dev:code>Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory' $RolePermissions = New-object Microsoft.Open.MSGraph.Model.RolePermission $RolePermissions.AllowedResourceActions = @("microsoft.directory/applications/standard/read") $params = @{ Id = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1' Description = 'Update' DisplayName = 'Update' ResourceScopes = '/' IsEnabled = $false RolePermissions = $RolePermissions TemplateId = '54d418b2-4cc0-47ee-9b39-e8f84ed8e073' Version = 2 } Set-EntraRoleDefinition @params</dev:code> <dev:remarks> <maml:para>This example updates the RolePermissions, TemplateId, TemplateId, ResourceScopes of specified role definition in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraRoleDefinition</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraRoleDefinition</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraServicePrincipal</command:name> <command:verb>Set</command:verb> <command:noun>EntraServicePrincipal</command:noun> <maml:description> <maml:para>This command updates a service principal.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraServicePrincipal` cmdlet updates a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraServicePrincipal</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeNames</maml:name> <maml:description> <maml:para>The alternative names for this service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppId</maml:name> <maml:description> <maml:para>Specifies the application ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoleAssignmentRequired</maml:name> <maml:description> <maml:para>Indicates whether an application role assignment is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Homepage</maml:name> <maml:description> <maml:para>Specifies the home page or landing page of the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>Specifies key credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>LogoutUrl</maml:name> <maml:description> <maml:para>Specifies the logout URL.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Species the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>Specifies password credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PreferredSingleSignOnMode</maml:name> <maml:description> <maml:para>Specifies the single sign-on mode configured for this application. Microsoft Entra ID uses the preferred single sign-on mode to launch the application from Microsoft 365 or the My Apps portal. The supported values are password, saml, notSupported, and oidc.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ReplyUrls</maml:name> <maml:description> <maml:para>The URLs that user tokens are sent to for sign in with the associated application, or the redirect Uniform Resource Identifiers that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalNames</maml:name> <maml:description> <maml:para>Specifies service principal names.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalType</maml:name> <maml:description> <maml:para>The service principal type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies an array of tags. Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AlternativeNames</maml:name> <maml:description> <maml:para>The alternative names for this service principal.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppId</maml:name> <maml:description> <maml:para>Specifies the application ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AppRoleAssignmentRequired</maml:name> <maml:description> <maml:para>Indicates whether an application role assignment is required.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Homepage</maml:name> <maml:description> <maml:para>Specifies the home page or landing page of the application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>KeyCredentials</maml:name> <maml:description> <maml:para>Specifies key credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.KeyCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>LogoutUrl</maml:name> <maml:description> <maml:para>Specifies the logout URL.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Species the ID of a service principal in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordCredentials</maml:name> <maml:description> <maml:para>Specifies password credentials.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.PasswordCredential]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PreferredSingleSignOnMode</maml:name> <maml:description> <maml:para>Specifies the single sign-on mode configured for this application. Microsoft Entra ID uses the preferred single sign-on mode to launch the application from Microsoft 365 or the My Apps portal. The supported values are password, saml, notSupported, and oidc.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ReplyUrls</maml:name> <maml:description> <maml:para>The URLs that user tokens are sent to for sign in with the associated application, or the redirect Uniform Resource Identifiers that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalNames</maml:name> <maml:description> <maml:para>Specifies service principal names.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ServicePrincipalType</maml:name> <maml:description> <maml:para>The service principal type.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Tags</maml:name> <maml:description> <maml:para>Specifies an array of tags. Note that if you intend for this service principal to show up in the All Applications list in the admin portal, you need to set this value to {WindowsAzureActiveDirectoryIntegratedApp}.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>---- Example 1: Disable the account of a service principal ----</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' AccountEnabled = $False } Set-EntraServicePrincipal @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update `AccountEnabled` of a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Update AppId and Homepage of a service principal -</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' AppId = '22223333-cccc-4444-dddd-5555eeee6666' Homepage = 'https://*.e-days.com/SSO/SAML2/SP/AssertionConsumer.aspx?metadata=e-days|ISV9.2|primary|z' } Set-EntraServicePrincipal @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update `AppId` and Homepage of a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Update AlternativeNames and DisplayName of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' AlternativeNames = 'Service Principal Demo' DisplayName = 'NewName' } Set-EntraServicePrincipal @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update AlternativeNames and DisplayName of a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Update LogoutUrl and ReplyUrls of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' LogoutUrl = 'https://securescore.office.com/SignOut' ReplyUrls = 'https://admin.contoso.com' } Set-EntraServicePrincipal @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update LogoutUrl and ReplyUrls of a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: Update ServicePrincipalType and AppRoleAssignmentRequired of a service principal</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $params = @{ ObjectId = '00001111-aaaa-2222-bbbb-3333cccc4444' ServicePrincipalType = 'Application' AppRoleAssignmentRequired = $True } Set-EntraServicePrincipal @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update `ServicePrincipalType` and `AppRoleAssignmentRequired` of a service principal in Microsoft Entra ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 6: Update KeyCredentials of a service principal ---</maml:title> <dev:code>Connect-Entra -Scopes 'Application.ReadWrite.All' #Delegated Permission Connect-Entra -Scopes 'Application.ReadWrite.OwnedBy' #Application Permission $creds = New-Object Microsoft.Open.AzureAD.Model.KeyCredential $creds.CustomKeyIdentifier = [System.Text.Encoding]::UTF8.GetBytes('Test') $startdate = Get-Date -Year 2024 -Month 10 -Day 10 $creds.StartDate = $startdate $creds.Type = 'Symmetric' $creds.Usage = 'Sign' $creds.Value = [System.Text.Encoding]::UTF8.GetBytes('A') $creds.EndDate = Get-Date -Year 2025 -Month 12 -Day 20 Set-EntraServicePrincipal -ObjectId '00001111-aaaa-2222-bbbb-3333cccc4444' -KeyCredentials $creds</dev:code> <dev:remarks> <maml:para>This example demonstrates how to update KeyCredentials of a service principal in Microsoft Entra ID.</maml:para> <maml:para>- First command stored the key credentials in a variable. - Second command updates KeyCredentials of a service principal.</maml:para> <maml:para>Use the `New-EntraServicePrincipalPasswordCredential` and `Remove-EntraServicePrincipalPasswordCredential` cmdlets to update the password or secret for a servicePrincipal.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraServicePrincipal</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraServicePrincipal</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraTenantDetail</command:name> <command:verb>Set</command:verb> <command:noun>EntraTenantDetail</command:noun> <maml:description> <maml:para>Set contact details for a tenant.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to set various contact details for a tenant.</maml:para> <maml:para>For delegated scenarios, the signed-in user must have at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- Application Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraTenantDetail</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MarketingNotificationEmails</maml:name> <maml:description> <maml:para>The email address that is used to send marketing notification emails.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityComplianceNotificationMails</maml:name> <maml:description> <maml:para>The email address that is used to send security compliance emails.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityComplianceNotificationPhones</maml:name> <maml:description> <maml:para>The phone number(s) that are used for security compliance.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TechnicalNotificationMails</maml:name> <maml:description> <maml:para>The email addresses that are used for technical notification emails.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrivacyProfile</maml:name> <maml:description> <maml:para>Represents a company's privacy profile, which includes a privacy statement URL and a contact person for questions regarding the privacy statement.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PrivacyProfile</command:parameterValue> <dev:type> <maml:name>PrivacyProfile</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MarketingNotificationEmails</maml:name> <maml:description> <maml:para>The email address that is used to send marketing notification emails.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityComplianceNotificationMails</maml:name> <maml:description> <maml:para>The email address that is used to send security compliance emails.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SecurityComplianceNotificationPhones</maml:name> <maml:description> <maml:para>The phone number(s) that are used for security compliance.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TechnicalNotificationMails</maml:name> <maml:description> <maml:para>The email addresses that are used for technical notification emails.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PrivacyProfile</maml:name> <maml:description> <maml:para>Represents a company's privacy profile, which includes a privacy statement URL and a contact person for questions regarding the privacy statement.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PrivacyProfile</command:parameterValue> <dev:type> <maml:name>PrivacyProfile</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>None</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>- For more details see Update organization (/graph/api/organization-update).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Set contact details for a tenant ---------</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' $params = @{ MarketingNotificationEmails = @('amy@contoso.com', 'henry@contoso.com') SecurityComplianceNotificationMails = @('john@contoso.com', 'mary@contoso.com') SecurityComplianceNotificationPhones = @('1-555-625-9999', '1-555-233-5544') TechnicalNotificationMails = 'peter@contoso.com' } Set-EntraTenantDetail @params</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set various contact details for a tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 2: Set MarketingNotificationEmails for a tenant ---</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' Set-EntraTenantDetail -MarketingNotificationEmails 'amy@contoso.com','henry@contoso.com'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set MarketingNotificationEmails detail for a tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Set SecurityComplianceNotificationMails for a tenant</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' Set-EntraTenantDetail -SecurityComplianceNotificationMails 'john@contoso.com','mary@contoso.com'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set SecurityComplianceNotificationMails detail for a tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Set -SecurityComplianceNotificationPhones for a tenant</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' Set-EntraTenantDetail -SecurityComplianceNotificationPhones '1-555-625-9999', '1-555-233-5544'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set MarketingNotificationEmails detail for a tenant.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---- Example 5: Set TechnicalNotificationMails for a tenant ----</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' Set-EntraTenantDetail -TechnicalNotificationMails 'peter@contoso.com'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set TechnicalNotificationMails detail for a tenant.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraTenantDetail</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraTenantDetail</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraTrustedCertificateAuthority</command:name> <command:verb>Set</command:verb> <command:noun>EntraTrustedCertificateAuthority</command:noun> <maml:description> <maml:para>Updates a trusted certificate authority.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraTrustedCertificateAuthority cmdlet updates a trusted certificate authority in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraTrustedCertificateAuthority</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CertificateAuthorityInformation</maml:name> <maml:description> <maml:para>Specifies a CertificateAuthorityInformation object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CertificateAuthorityInformation</command:parameterValue> <dev:type> <maml:name>CertificateAuthorityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CertificateAuthorityInformation</maml:name> <maml:description> <maml:para>Specifies a CertificateAuthorityInformation object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">CertificateAuthorityInformation</command:parameterValue> <dev:type> <maml:name>CertificateAuthorityInformation</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>Example 1: Updates the trusted certificate authorities that are defined in your directory</maml:title> <dev:code>Connect-Entra -Scopes 'Organization.ReadWrite.All' $cer = Set-EntraTrustedCertificateAuthority #Get the CertificateAuthorityInformation object $cer[0].CrlDistributionPoint = "https://example.crl" Set-EntraTrustedCertificateAuthority -CertificateAuthorityInformation $cer[0]</dev:code> <dev:remarks> <maml:para>This command updates the trusted certificate authorities that are defined in your directory.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraTrustedCertificateAuthority</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraTrustedCertificateAuthority</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUser</command:name> <command:verb>Set</command:verb> <command:noun>EntraUser</command:noun> <maml:description> <maml:para>Updates a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraUser cmdlet updates a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUser</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>City</maml:name> <maml:description> <maml:para>Specifies the user's city.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Country</maml:name> <maml:description> <maml:para>Specifies the user's country/region.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CreationType</maml:name> <maml:description> <maml:para>Indicates whether the user account is a local account for a Microsoft Entra ID B2C tenant. Possible values are "LocalAccount" and null. When we create a local account, the property is required and you must set it to "LocalAccount." When creating a work or school account, don't specify the property or set it to null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Department</maml:name> <maml:description> <maml:para>Specifies the user's department.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the user's display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtensionProperty</maml:name> <maml:description> <maml:para>Add data to custom user properties as the basic open extensions or the more versatile schema extensions. See [more about extensions][Learn more about extensions].</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.Dictionary`2[System.String,System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.Dictionary`2[System.String,System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GivenName</maml:name> <maml:description> <maml:para>Specifies the user's given name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ImmutableId</maml:name> <maml:description> <maml:para>This property is used to associate an on-premises Active Directory user account to their Microsoft Entra ID user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName property. Important: The $ and _ characters can't be used when specifying this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>JobTitle</maml:name> <maml:description> <maml:para>Specifies the user's job title.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickName</maml:name> <maml:description> <maml:para>Specifies a nickname for the user's mail address.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Mobile</maml:name> <maml:description> <maml:para>Specifies the user's mobile phone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OtherMails</maml:name> <maml:description> <maml:para>Specifies other email addresses for the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordPolicies</maml:name> <maml:description> <maml:para>Specifies password policies for the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordProfile</maml:name> <maml:description> <maml:para>Specifies the user's password profile.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordProfile</command:parameterValue> <dev:type> <maml:name>PasswordProfile</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PostalCode</maml:name> <maml:description> <maml:para>Specifies the user's postal code.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PreferredLanguage</maml:name> <maml:description> <maml:para>Specifies the user's preferred language.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowInAddressList</maml:name> <maml:description> <maml:para>Set to True to show this user in the address list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInNames</maml:name> <maml:description> <maml:para>The list of sign in names for this user</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the user's state.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>StreetAddress</maml:name> <maml:description> <maml:para>Specifies the user's street address.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Surname</maml:name> <maml:description> <maml:para>Specifies the user's surname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TelephoneNumber</maml:name> <maml:description> <maml:para>Specifies the user's telephone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UsageLocation</maml:name> <maml:description> <maml:para>A two letter country or region code (ISO standard 3166). Required for users that assigned licenses due to legal requirement to check for availability of services in country and regions. Examples include: "US," "JP," and "GB." Not nullable.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>Specifies the user's user principal name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserType</maml:name> <maml:description> <maml:para>A string value that can be used to classify user types in your directory, such as "Member" and "Guest."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AgeGroup</maml:name> <maml:description> <maml:para>Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, minor, notAdult, and adult. Refer to the [legal age group property definitions][Learn more about age group and minor consent definitions].</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CompanyName</maml:name> <maml:description> <maml:para>The company name, which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConsentProvidedForMinor</maml:name> <maml:description> <maml:para>Sets whether consent has to obtained for minors. Allowed values: null, granted, denied, and notRequired.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AccountEnabled</maml:name> <maml:description> <maml:para>Indicates whether the account is enabled.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>City</maml:name> <maml:description> <maml:para>Specifies the user's city.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Country</maml:name> <maml:description> <maml:para>Specifies the user's country/region.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CreationType</maml:name> <maml:description> <maml:para>Indicates whether the user account is a local account for a Microsoft Entra ID B2C tenant. Possible values are "LocalAccount" and null. When we create a local account, the property is required and you must set it to "LocalAccount." When creating a work or school account, don't specify the property or set it to null.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Department</maml:name> <maml:description> <maml:para>Specifies the user's department.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>DisplayName</maml:name> <maml:description> <maml:para>Specifies the user's display name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ExtensionProperty</maml:name> <maml:description> <maml:para>Add data to custom user properties as the basic open extensions or the more versatile schema extensions. See [more about extensions][Learn more about extensions].</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.Dictionary`2[System.String,System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.Dictionary`2[System.String,System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>GivenName</maml:name> <maml:description> <maml:para>Specifies the user's given name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ImmutableId</maml:name> <maml:description> <maml:para>This property is used to associate an on-premises Active Directory user account to their Microsoft Entra ID user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user's userPrincipalName property. Important: The $ and _ characters can't be used when specifying this property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>JobTitle</maml:name> <maml:description> <maml:para>Specifies the user's job title.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>MailNickName</maml:name> <maml:description> <maml:para>Specifies a nickname for the user's mail address.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Mobile</maml:name> <maml:description> <maml:para>Specifies the user's mobile phone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>OtherMails</maml:name> <maml:description> <maml:para>Specifies other email addresses for the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[System.String]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[System.String]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordPolicies</maml:name> <maml:description> <maml:para>Specifies password policies for the user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PasswordProfile</maml:name> <maml:description> <maml:para>Specifies the user's password profile.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">PasswordProfile</command:parameterValue> <dev:type> <maml:name>PasswordProfile</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PostalCode</maml:name> <maml:description> <maml:para>Specifies the user's postal code.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>PreferredLanguage</maml:name> <maml:description> <maml:para>Specifies the user's preferred language.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowInAddressList</maml:name> <maml:description> <maml:para>Set to True to show this user in the address list.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Boolean</command:parameterValue> <dev:type> <maml:name>Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>SignInNames</maml:name> <maml:description> <maml:para>The list of sign in names for this user</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</command:parameterValue> <dev:type> <maml:name>System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.SignInName]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>State</maml:name> <maml:description> <maml:para>Specifies the user's state.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>StreetAddress</maml:name> <maml:description> <maml:para>Specifies the user's street address.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Surname</maml:name> <maml:description> <maml:para>Specifies the user's surname.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>TelephoneNumber</maml:name> <maml:description> <maml:para>Specifies the user's telephone number.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UsageLocation</maml:name> <maml:description> <maml:para>A two letter country or region code (ISO standard 3166). Required for users that assigned licenses due to legal requirement to check for availability of services in country and regions. Examples include: "US," "JP," and "GB." Not nullable.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserPrincipalName</maml:name> <maml:description> <maml:para>Specifies the user's user principal name.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>UserType</maml:name> <maml:description> <maml:para>A string value that can be used to classify user types in your directory, such as "Member" and "Guest."</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>AgeGroup</maml:name> <maml:description> <maml:para>Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, minor, notAdult, and adult. Refer to the [legal age group property definitions][Learn more about age group and minor consent definitions].</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>CompanyName</maml:name> <maml:description> <maml:para>The company name, which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length of the company name is 64 characters.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ConsentProvidedForMinor</maml:name> <maml:description> <maml:para>Sets whether consent has to obtained for minors. Allowed values: null, granted, denied, and notRequired.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------------- Example 1: Update a user -------------------</maml:title> <dev:code>PS C:\> $user = Get-EntraUser -ObjectId TestUser@example.com PS C:\> $user.DisplayName = 'YetAnotherTestUser' PS C:\> Set-EntraUser -ObjectId TestUser@example.com -Displayname $user.Displayname</dev:code> <dev:remarks> <maml:para>This example updates the specified user's Display name property.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 2: Set the specified user's AccountEnabled property -</maml:title> <dev:code>PS C:\> Set-EntraUser -ObjectId 1139c016-f606-45f0-83f7-40eb2a552a6f -AccountEnabled $true</dev:code> <dev:remarks> <maml:para>This example updates the specified user's AccountEnabled property.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Set all but specified users as minors with parental consent</maml:title> <dev:code>PS C:\>Get-EntraUser -All | Where-Object -FilterScript { $_.DisplayName -notmatch '(George|James|Education)' } | ForEach-Object { Set-EntraUser -ObjectId $($_.ObjectId) -AgeGroup 'minor' -ConsentProvidedForMinor 'granted' }</dev:code> <dev:remarks> <maml:para>This example updates the specified user's property.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--------- Example 4: Set the specified user's property ---------</maml:title> <dev:code>PS C:\>Set-EntraUser -ObjectId 1139c016-f606-45f0-83f7-40eb2a552a6f -City "Add city name" -CompanyName "Microsoft" -ConsentProvidedForMinor Granted -Country 'Add country name' -Department "Add department name" -GivenName "Mircosoft" -ImmutableId "#1" -JobTitle "Manager" -MailNickName "Add mailnickname" -Mobile "9984534564" -OtherMails "test12@M365x99297270.OnMicrosoft.com" -PasswordPolicies "DisableStrongPassword" -State "UP" -StreetAddress "Add address" -UserType "Member"</dev:code> <dev:remarks> <maml:para>This example updates the specified user's City property.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>- Example 5: Set the specified user's PasswordProfile property -</maml:title> <dev:code>PS C:\> $a = @{ Password= "*****" ForceChangePasswordNextLogin = $true EnforceChangePasswordPolicy = $false } PS C:\> Set-EntraUser -ObjectId 1139c016-f606-45f0-83f7-40eb2a552a6f -PasswordProfile $a</dev:code> <dev:remarks> <maml:para>This example updates the specified user's PasswordProfile property.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraUser</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>New-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUserExtension</command:name> <command:verb>Set</command:verb> <command:noun>EntraUserExtension</command:noun> <maml:description> <maml:para>Sets a user extension.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraUserExtension` cmdlet updates a user extension in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUserExtension</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title> Example 1: Set the value of an extension attribute for a user </maml:title> <dev:code>$User = Get-EntraUser -ObjectId 'SawyerM@contoso.com' Set-EntraUserExtension -ObjectId $User.ObjectId</dev:code> <dev:remarks> <maml:para>This example shows how to update the value of the extension attribute for a specified user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraUserExtension</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserExtension</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraExtensionProperty</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUserExtension</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUserLicense</command:name> <command:verb>Set</command:verb> <command:noun>EntraUserLicense</command:noun> <maml:description> <maml:para>Adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraUserLicense` adds or removes licenses for a Microsoft online service to the list of assigned licenses for a user.</maml:para> <maml:para>For delegated scenarios, the calling user needs at least one of the following Microsoft Entra roles.</maml:para> <maml:para>- Directory Writers</maml:para> <maml:para>- License Administrator</maml:para> <maml:para>- User Administrator</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUserLicense</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AssignedLicenses</maml:name> <maml:description> <maml:para>Specifies a list of licenses to assign or remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">AssignedLicenses</command:parameterValue> <dev:type> <maml:name>AssignedLicenses</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>AssignedLicenses</maml:name> <maml:description> <maml:para>Specifies a list of licenses to assign or remove.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">AssignedLicenses</command:parameterValue> <dev:type> <maml:name>AssignedLicenses</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of a user (as a UPN or ObjectId) in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>- Example 1: Add a license to a user based on a template user -</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $LicensedUser = Get-EntraUser -ObjectId 'TemplateUser@contoso.com"' $User = Get-EntraUser -ObjectId 'SawyerM@contoso.com' $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense $License.SkuId = $LicensedUser.AssignedLicenses.SkuId $Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses $Licenses.AddLicenses = $License Set-EntraUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign a license to a user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Add a license to a user by copying license from another user</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' $LicensedUser = Get-EntraUser -ObjectId 'AdeleV@contoso.com' $User = Get-EntraUser -ObjectId 'SawyerM@contoso.com' $License1 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense $License1.SkuId = $LicensedUser.AssignedLicenses.SkuId[0] $License2 = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense $License2.SkuId = $LicensedUser.AssignedLicenses.SkuId[1] $addLicensesArray = @() $addLicensesArray += $License1 $addLicensesArray += $License2 $Licenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses $Licenses.AddLicenses = $addLicensesArray Set-EntraUserLicense -ObjectId $User.ObjectId -AssignedLicenses $Licenses</dev:code> <dev:remarks> <maml:para>This example demonstrates how to assign a license to a user by copying license from another user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraUserLicense</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUser</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUserManager</command:name> <command:verb>Set</command:verb> <command:noun>EntraUserManager</command:noun> <maml:description> <maml:para>Updates a user's manager.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The Set-EntraUserManager cmdlet update the manager for a user in Microsoft Entra ID.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUserManager</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UserPrincipalName or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID (as a UserPrincipalName or ObjectId) of a user in Microsoft Entra ID.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>RefObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of the Microsoft Entra ID object to assign as owner/manager/member.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------- Example 1: Update a user's manager --------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite.All' Set-EntraUserManager -ObjectId 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' -RefObjectId 'eeeeeeee-4444-5555-6666-ffffffffffff'</dev:code> <dev:remarks> <maml:para>This example demonstrates how to set the manager, with ID `eeeeeeee-4444-5555-6666-ffffffffffff` for the user with the ID `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb`.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraUserManager</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserManager</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Remove-EntraUserManager</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUserPassword</command:name> <command:verb>Set</command:verb> <command:noun>EntraUserPassword</command:noun> <maml:description> <maml:para>Sets the password of a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Set-EntraUserPassword` cmdlet sets the password for a user in Microsoft Entra ID.</maml:para> <maml:para>Any user can update their password without belonging to any administrator role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUserPassword</maml:name> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EnforceChangePasswordPolicy</maml:name> <maml:description> <maml:para>If set to true, force the user to change their password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ForceChangePasswordNextLogin</maml:name> <maml:description> <maml:para>Forces a user to change their password during their next sign in.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Specifies the password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.SecureString</command:parameterValue> <dev:type> <maml:name>System.SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>EnforceChangePasswordPolicy</maml:name> <maml:description> <maml:para>If set to true, force the user to change their password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ForceChangePasswordNextLogin</maml:name> <maml:description> <maml:para>Forces a user to change their password during their next sign in.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Boolean</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>Specifies the ID of an object.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>Password</maml:name> <maml:description> <maml:para>Specifies the password.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.SecureString</command:parameterValue> <dev:type> <maml:name>System.SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------------- Example 1: Set a user's password ---------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' Set-EntraUserPassword -ObjectId 'bbbbbbbb-1111-2222-3333-cccccccccccc' -Password $password</dev:code> <dev:remarks> <maml:para>This command sets the specified user's password.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 2: Set a user's password with EnforceChangePasswordPolicy parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' $params = @{ ObjectId = 'bbbbbbbb-1111-2222-3333-cccccccccccc' Password = $password EnforceChangePasswordPolicy = $true } Set-EntraUserPassword @params</dev:code> <dev:remarks> <maml:para>This command sets the specified user's password with EnforceChangePasswordPolicy parameter.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Set a user's password with ForceChangePasswordNextLogin parameter</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' $params = @{ ObjectId = 'bbbbbbbb-1111-2222-3333-cccccccccccc' Password = $password ForceChangePasswordNextLogin = $true } Set-EntraUserPassword @params</dev:code> <dev:remarks> <maml:para>This command sets the specified user's password with ForceChangePasswordNextLogin parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraUserPassword</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Set-EntraUserThumbnailPhoto</command:name> <command:verb>Set</command:verb> <command:noun>EntraUserThumbnailPhoto</command:noun> <maml:description> <maml:para>Set the thumbnail photo for a user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet is used to set the thumbnail photo for a user.</maml:para> <maml:para>Updating any user's photo in the organization requires the User.ReadWrite.All permission. Updating only the signed-in user's photo requires the User.ReadWrite permission.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Set-EntraUserThumbnailPhoto</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>The file path of the image to be uploaded as the user thumbnail photo.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The Object ID of the user for which the user thumbnail photo is set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>FilePath</maml:name> <maml:description> <maml:para>The file path of the image to be uploaded as the user thumbnail photo.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ObjectId</maml:name> <maml:description> <maml:para>The Object ID of the user for which the user thumbnail photo is set.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>System.IO.Stream System.Byte[]</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>System.Object</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------- Example 1: Sets the thumbnail photo -------------</maml:title> <dev:code>Connect-Entra -Scopes 'User.ReadWrite' #Delegated Permission Connect-Entra -Scopes 'User.ReadWrite.All' #Application Permission $params = @{ ObjectId = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' FilePath = 'D:\UserThumbnailPhoto.jpg' } Set-EntraUserThumbnailPhoto @params</dev:code> <dev:remarks> <maml:para>This example sets the thumbnail photo of the user specified with the ObjectId parameter to the image specified with the FilePath parameter.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Set-EntraUserThumbnailPhoto</maml:uri> </maml:navigationLink> <maml:navigationLink> <maml:linkText>Get-EntraUserThumbnailPhoto</maml:linkText> <maml:uri></maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Test-EntraScript</command:name> <command:verb>Test</command:verb> <command:noun>EntraScript</command:noun> <maml:description> <maml:para>Checks, whether the provided script is using Azure AD commands that are not supported by Microsoft.Graph.Entra.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>Checks, whether the provided script is using Azure AD commands that are not supported by Microsoft.Graph.Entra.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Test-EntraScript</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="FullName, Name"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path to the script file(s) to scan. Or name of the content, when also specifying -Content</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none"> <maml:name>Content</maml:name> <maml:description> <maml:para>Code content to scan. Used when scanning code that has no file representation (e.g. straight from a repository).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Quiet</maml:name> <maml:description> <maml:para>Only return $true or $false, based on whether the script could run under Microsoft.Graph.Entra ($true) or not ($false)</maml:para> </maml:description> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="1" aliases="FullName, Name"> <maml:name>Path</maml:name> <maml:description> <maml:para>Path to the script file(s) to scan. Or name of the content, when also specifying -Content</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none"> <maml:name>Content</maml:name> <maml:description> <maml:para>Code content to scan. Used when scanning code that has no file representation (e.g. straight from a repository).</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Quiet</maml:name> <maml:description> <maml:para>Only return $true or $false, based on whether the script could run under Microsoft.Graph.Entra ($true) or not ($false)</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para></maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>-------------------------- Example 1 --------------------------</maml:title> <dev:code>Test-EntraScript -Path .\usercreation.ps1 -Quiet</dev:code> <dev:remarks> <maml:para>Returns whether the script `usercreation.ps1` could run under Microsoft.Graph.Entra.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-------------------------- Example 2 --------------------------</maml:title> <dev:code>Get-ChildItem -Path \\contoso.com\it\code -Recurse -Filter *.ps1 | Test-EntraScript</dev:code> <dev:remarks> <maml:para>Returns a list of all scripts that would not run under the Microsoft.Graph.Entra module, listing each issue with line and code.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Test-EntraScript</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Update-EntraSignedInUserPassword</command:name> <command:verb>Update</command:verb> <command:noun>EntraSignedInUserPassword</command:noun> <maml:description> <maml:para>Updates the password for the signed-in user.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Update-EntraSignedInUserPassword` cmdlet updates the password for the signed-in user in Microsoft Entra ID.</maml:para> <maml:para>Allow users to update their own passwords. Any user can update their password without needing to be in an administrator role.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Update-EntraSignedInUserPassword</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CurrentPassword</maml:name> <maml:description> <maml:para>Specifies the current password of the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>NewPassword</maml:name> <maml:description> <maml:para>Specifies the new password for the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>CurrentPassword</maml:name> <maml:description> <maml:para>Specifies the current password of the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="named" aliases="none"> <maml:name>NewPassword</maml:name> <maml:description> <maml:para>Specifies the new password for the signed-in user.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">SecureString</command:parameterValue> <dev:type> <maml:name>SecureString</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <maml:alertSet> <maml:alert> <maml:para>- For more details see changePassword (/graph/api/user-changepassword).</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>----------------- Example 1: Update a password -----------------</maml:title> <dev:code>Connect-Entra -Scopes 'Directory.AccessAsUser.All' $CurrentPassword = ConvertTo-SecureString '<strong-password>' -AsPlainText -Force $NewPassword = ConvertTo-SecureString '<strong-password>' -AsPlainText -Force $params = @{ CurrentPassword = $CurrentPassword NewPassword = $NewPassword } Update-EntraSignedInUserPassword @params</dev:code> <dev:remarks> <maml:para>This command updates the password for the signed-in user.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks> <maml:navigationLink> <maml:linkText>Online Version:</maml:linkText> <maml:uri>https://learn.microsoft.com/powershell/module/Microsoft.Graph.Entra/Update-EntraSignedInUserPassword</maml:uri> </maml:navigationLink> </command:relatedLinks> </command:command> </helpItems> |