Remove-EntraBetaDirectoryRoleAssignment
Delete a Microsoft Entra ID roleAssignment.
Syntax
Remove-EntraBetaDirectoryRoleAssignment
-UnifiedRoleAssignmentId <String>
[<CommonParameters>] Description
The Remove-EntraBetaDirectoryRoleAssignment cmdlet removes a role assignment from Microsoft Entra ID.
In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are:
- Privileged Role Administrator
Examples
Example 1: Remove a role assignment
Connect-Entra -Scopes 'RoleManagement.ReadWrite.Directory', 'EntitlementManagement.ReadWrite.All'
$user = Get-EntraBetaUser -UserId 'SawyerM@contoso.com'
$role = Get-EntraBetaDirectoryRoleDefinition -Filter "DisplayName eq 'Helpdesk Administrator'"
$assignment = Get-EntraBetaDirectoryRoleAssignment -All | Where-Object { $_.principalId -eq $user.Id -AND $_.RoleDefinitionId -eq $role.Id }
Remove-EntraBetaDirectoryRoleAssignment -UnifiedRoleAssignmentId $assignment.IdThis example removes the specified role assignment from Microsoft Entra ID.
-UnifiedRoleAssignmentIdparameter specifies the role assignment ID.
Parameters
-UnifiedRoleAssignmentId
The unique identifier of an object in Microsoft Entra ID.
| Type: | System.String |
| Aliases: | Id |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
Inputs
System.String
Outputs
System.Object
Notes
Remove-EntraBetaRoleAssignment is an alias for Remove-EntraBetaDirectoryRoleAssignment.