Azure AD PIM - pass that ticketing rule parameter Graph API

Question

Message: The following policy rules failed: ["TicketingRule"]

Can someone please help/advice how can I pass the value for ticket-number field while activating roles. I can easily activate roles which doesn't have ticket Number field.

Can't find any parameter which asks ticket number
Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId $providerId -ResourceId $tenantId -RoleDefinitionId $roleId -SubjectId $currentUser -Type 'UserAdd' -AssignmentState 'Active' -Schedule $schedule -reason $reason

Any help much appreciated.

Answer 1

Hi,

You can use New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest with TicketInfo parameter. Example from reference:

Import-Module Microsoft.Graph.DeviceManagement.Enrolment  
$params = @{  
	Action = "selfActivate"  
	PrincipalId = "071cc716-8147-4397-a5ba-b2105951cc0b"  
	RoleDefinitionId = "8424c6f0-a189-499e-bbd0-26c1753c96d4"  
	DirectoryScopeId = "/"  
	Justification = "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs"  
	ScheduleInfo = @{  
		StartDateTime = [System.DateTime]::Parse("2022-04-14T00:00:00.000Z")  
		Expiration = @{  
			Type = "AfterDuration"  
			Duration = "PT5H"  
		}  
	}  
	TicketInfo = @{  
		TicketNumber = "CONTOSO:Normal-67890"  
		TicketSystem = "MS Project"  
	}  
}  
New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest -BodyParameter $params  

New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.devicemanagement.enrolment/new-mgrolemanagementdirectoryroleassignmentschedulerequest?view=graph-powershell-1.0

Please Accept Answer if the above was helpful.

Thanks.

-TP