Set-EntraBetaPrivilegedRoleSetting
Update role setting.
Syntax
Set-EntraBetaPrivilegedRoleSetting
[-ResourceId <String>]
[-UserEligibleSettings <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]>]
-Id <String>
[-AdminEligibleSettings <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]>]
[-RoleDefinitionId <String>]
[-AdminMemberSettings <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]>]
[-UserMemberSettings <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]>]
-ProviderId <String>
[<CommonParameters>] Description
The Set-EntraBetaPrivilegedRoleSetting cmdlet update role setting.
Examples
Example 1: Update a UserMember Settings by setting the justification to be false
Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup'
$setting1 = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting
$setting1.RuleIdentifier = "JustificationRule"
$setting1.Setting = "{`"required`":false}"
$params = @{
ProviderId = 'aadRoles'
Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc'
UserMemberSettings = $setting1
}
Set-EntraBetaPrivilegedRoleSetting @paramsThis command update a role setting by setting the justification to be false.
-ProviderIdParameter specifies the ID of the specific provider.-IdParameter specifies the ID of the specific role setting.-UserMemberSettingsParameter rule settings that are evaluated when a user tries to activate his role assignment.
Example 2: Update a AdminEligible Settings by setting the MfaRule to be true
Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup'
$setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting
$setting.RuleIdentifier = "MfaRule"
$setting.Setting = "{`"mfaRequired`": true}"
$params = @{
ProviderId = 'aadRoles'
Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc'
AdminEligibleSettings = $setting
}
Set-EntraBetaPrivilegedRoleSetting @paramsThis command update a AdminEligible Settings by setting the MfaRule to be true.
-ProviderIdParameter specifies the ID of the specific provider.-IdParameter specifies the ID of the specific role setting.-AdminEligibleSettingsParameter rule settings that are evaluated when an administrator tries to add an eligible role assignment.
Example 3: Update a UserEligibleSettings Settings
Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup'
$setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting
$setting.RuleIdentifier = "AttributeConditionRule"
$setting.Setting = "{
`"condition`": null,
`"conditionVersion`": null,
`"conditionDescription`": null,
`"enableEnforcement`": true
}"
$params = @{
ProviderId = 'aadRoles'
Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc'
UserEligibleSettings = $setting
}
Set-EntraBetaPrivilegedRoleSetting @paramsThis command update a UserEligible Settings.
-ProviderIdParameter specifies the ID of the specific provider.-IdParameter specifies the ID of the specific role setting.-UserEligibleSettingsParameter rule settings that are evaluated when a user tries to add an eligible role assignment.
Example 4: Update a AdminMemberSettings Settings
Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup'
$setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting
$setting.RuleIdentifier = "JustificationRule"
$setting.Setting = "{`"required`":true}"
$temp = New-Object System.Collections.Generic.List[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting]
$temp.Add($setting)
$params = @{
ProviderId = 'aadRoles'
Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc'
AdminMemberSettings = $temp
}
Set-EntraBetaPrivilegedRoleSetting @paramsThis command update a AdminMember Settings.
-ProviderIdParameter specifies the ID of the specific provider.-IdParameter specifies the ID of the specific role setting.-AdminMemberSettingsParameter rule settings that are evaluated when an administrator tries to add an activate role assignment.
Example 5: Update a AdminEligible Settings
Connect-Entra -Scopes 'PrivilegedAccess.ReadWrite.AzureAD', 'PrivilegedAccess.ReadWrite.AzureResources', 'PrivilegedAccess.ReadWrite.AzureADGroup'
$setting = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting
$setting.RuleIdentifier = "MfaRule"
$setting.Setting = "{`"mfaRequired`": true}"
$params = @{
ProviderId = 'aadRoles'
Id = 'bbbbbbbb-1111-2222-3333-cccccccccccc'
RoleDefinitionId = 'aaaabbbb-0000-cccc-1111-dddd2222eeee'
ResourceId = 'a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1'
AdminEligibleSettings = $setting
}
Set-EntraBetaPrivilegedRoleSetting @paramsThis command update a AdminEligible Settings.
-ProviderIdParameter specifies the ID of the specific provider.-IdParameter specifies the ID of the specific role setting.-AdminEligibleSettingsParameter rule settings that are evaluated when an administrator tries to add an eligible role assignment.-ResourceIdParameter specifies the ID of the specific resource.-RoleDefinitionIdParameter specifies the ID of the specific role definition
Parameters
-AdminEligibleSettings
The rule settings that are evaluated when an administrator tries to add an eligible role assignment.
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AdminMemberSettings
The rule settings that are evaluated when an administrator tries to add an activate role assignment.
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
The unique identifier of the specific role setting.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ProviderId
The unique identifier of the specific provider.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceId
The unique identifier of the specific resource.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleDefinitionId
The unique identifier of the specific role definition.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserEligibleSettings
The rule settings that are evaluated when a user tries to add an eligible role assignment. This isn't supported for pimforazurerbac scenario for now, and may be available in the future scenarios.
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserMemberSettings
The rule settings that are evaluated when a user tries to activate their role assignment.
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
System.String
Outputs
System.Object