Unable to add emailIDs in AzureAD roles notifications using Set-AzureADMSPrivilegedRoleSetting

Krupa Gundraju (Larsen & Toubro Infotech Limit) 126 Reputation points
2022-10-06T13:53:17.1+00:00

Hi Team,

I am trying to add below notifications under Azure active directory | Identity governance| Azure AD Roles | roles | Intune administrator| Settings using

$id = (Get-AzureADMSPrivilegedRoleSetting -ProviderId 'aadRoles' -Filter "ResourceId eq 'XXXX' and RoleDefinitionId eq 'XXXX'").id
$settings = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedRuleSetting
$settings.RuleIdentifier = ?
$settings.Setting = ?
Set-AzureADMSPrivilegedRoleSetting -ProviderId 'XXX' -Id $id -ResourceId XXXX' -RoleDefinitionId 'XXXX' -UserMemberSettings $settings

I need some help to add values to $settings.RuleIdentifier and $settings.Setting for enabling notifications, Kindly help? here we have to use only power shell for automation

248161-image.png

Microsoft Entra
Accepted answer
  1. Olga Os - MSFT 5,836 Reputation points Microsoft Employee
    2022-10-06T23:13:41.107+00:00

    Hello @Krupa Gundraju (Larsen & Toubro Infotech Limit) ,

    Welcome to the MS Q&A Forum.

    If I understand your question correctly, you are looking for the UserMemberSettings to set the notifications parameters.

    Below are the optional query parameters for Set-AzureADMSPrivilegedRoleSetting cmdlet for userMemberSettings. As we could see, It seems you can't configure notifications by using this specific cmdlet. 

                "userMemberSettings": [  
                {  
                    "ruleIdentifier": "ExpirationRule",  
                    "setting": "{\"permanentAssignment\":false,\"maximumGrantPeriodInMinutes\":480}"  
                },  
                {  
                    "ruleIdentifier": "MfaRule",  
                    "setting": "{\"mfaRequired\":false}"  
                },  
                {  
                    "ruleIdentifier": "JustificationRule",  
                    "setting": "{\"required\":true}"  
                },  
                {  
                    "ruleIdentifier": "ApprovalRule",  
                }  
            ]

    Reference: List governanceRoleSettings

    As a workaround, you could manage role settings through Microsoft Graph and set these parameters in the request body.

    248314-image.png

    Hope above answers your questions and concerns.

    Sincerely,
    Olga Os

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest