New-MgBetaPolicyPermissionGrantPreApprovalPolicy
Create a new permissionGrantPreApprovalPolicy object.
Syntax
New-MgBetaPolicyPermissionGrantPreApprovalPolicy
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Conditions <IMicrosoftGraphPreApprovalDetail[]>]
[-DeletedDateTime <DateTime>]
[-Id <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgBetaPolicyPermissionGrantPreApprovalPolicy
-BodyParameter <IMicrosoftGraphPermissionGrantPreApprovalPolicy>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Create a new permissionGrantPreApprovalPolicy object.
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Policy.ReadWrite.PermissionGrant | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Policy.ReadWrite.PermissionGrant | Not available. |
Examples
Example 1: Create a preapproval policy for both group and chat scope
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
conditions = @(
@{
scopeType = "chat"
sensitivityLabels = @{
"@odata.type" = "#microsoft.graph.allScopeSensitivityLabels"
labelKind = "all"
}
permissions = @{
"@odata.type" = "#microsoft.graph.allPreApprovedPermissions"
permissionKind = "all"
permissionType = "application"
}
}
@{
scopeType = "group"
scopeSensitivityLabels = @{
"@odata.type" = "microsoft.graph.enumeratedScopeSensitivityLabels"
labelKind = "enumerated"
sensitivityLabels = @(
"d9c43deb-f3e1-4422-9fd6-ccf22a3206b8"
"c99dade2-aa54-4890-ac1c-a146fa26bd1e"
)
}
permissions = @{
"@odata.type" = "#microsoft.graph.enumeratedPreApprovedPermissions"
permissionKind = "enumerated"
permissionType = "application"
resourceApplicationId = "00000003-0000-0000-c000-000000000000"
permissionIds = @(
"134483aa-3dda-4d65-ac91-b8dda1417875"
"9d33613d-f855-483b-bca7-ea63ac9f5485"
)
}
}
)
}
New-MgBetaPolicyPermissionGrantPreApprovalPolicy -BodyParameter $paramsThis example will create a preapproval policy for both group and chat scope
Example 2: Create a preapproval policy for group scope and preapprove all permissions from a given API
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
conditions = @(
@{
scopeType = "group"
sensitivityLabels = @{
"@odata.type" = "#microsoft.graph.allScopeSensitivityLabels"
labelKind = "all"
}
permissions = @{
"@odata.type" = "#microsoft.graph.allPermissionsOnResourceApp"
permissionKind = "allPermissionsOnResourceApp"
permissionType = "application"
resourceApplicationId = "00000003-0000-0000-c000-000000000000"
}
}
)
}
New-MgBetaPolicyPermissionGrantPreApprovalPolicy -BodyParameter $paramsThis example will create a preapproval policy for group scope and preapprove all permissions from a given api
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
permissionGrantPreApprovalPolicy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphPermissionGrantPreApprovalPolicy |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Conditions
A list of condition sets describing the conditions under which the permission to grant consent for the app has been preapproved. To construct, see NOTES section for CONDITIONS properties and create a hash table.
| Type: | IMicrosoftGraphPreApprovalDetail[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DeletedDateTime
Date and time when this object was deleted. Always null when the object hasn't been deleted.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphPermissionGrantPreApprovalPolicy
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphPermissionGrantPreApprovalPolicy
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphPermissionGrantPreApprovalPolicy>: permissionGrantPreApprovalPolicy
[(Any) <Object>]: This indicates any property can be added to this object.[DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.[Id <String>]: The unique identifier for an entity. Read-only.[Conditions <IMicrosoftGraphPreApprovalDetail-[]>]: A list of condition sets describing the conditions under which the permission to grant consent for the app has been preapproved.[Permissions <IMicrosoftGraphPreApprovedPermissions>]: preApprovedPermissions[(Any) <Object>]: This indicates any property can be added to this object.[PermissionKind <String>]: permissionKind[PermissionType <String>]: permissionType
[ScopeType <String>]: resourceScopeType[SensitivityLabels <IMicrosoftGraphScopeSensitivityLabels>]: scopeSensitivityLabels[(Any) <Object>]: This indicates any property can be added to this object.[LabelKind <String>]: labelKind
CONDITIONS <IMicrosoftGraphPreApprovalDetail- []>: A list of condition sets describing the conditions under which the permission to grant consent for the app has been preapproved.
[Permissions <IMicrosoftGraphPreApprovedPermissions>]: preApprovedPermissions[(Any) <Object>]: This indicates any property can be added to this object.[PermissionKind <String>]: permissionKind[PermissionType <String>]: permissionType
[ScopeType <String>]: resourceScopeType[SensitivityLabels <IMicrosoftGraphScopeSensitivityLabels>]: scopeSensitivityLabels[(Any) <Object>]: This indicates any property can be added to this object.[LabelKind <String>]: labelKind