Remove Custom security attribute assignment via Graph

Anthony Waters 0 Reputation points
2024-03-01T22:41:07.6866667+00:00

I have a custom security attibute set that is applied to various service principals within my directory. I'd like to use Graph powershell to remove this attribute assignment from a list of these service principals. I don't want to deprecate the attribute set, I just want to remove the service principal from the scope of assignment.

Service Principal Custom Security Attribute
ServicePrincipal1 owned=$true
ServicePrincipal2 owned=$true

I'd like to use Graph to make it so that ServicePrincipal1 simply isn't in scope for this assignment anymore. I don't want to flip the boolean from $true to $false, just make it so that ServicePrincipal1 isn't assigned to the set.

There is various documentation available for removing multi-valued attributes or string values, but nothing that I can find for boolean and those same methods don't appear to work.

Any assistance would be appreciated.

$params = @{
    customSecurityAttributes = @{
        Owned  = @{
            "@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue"
            Owned = $true
        }
    }
}

Update-MgServicePrincipal -ServicePrincipalId $appid -BodyParameter $params

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,779 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,286 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 103.4K Reputation points MVP
    2024-03-02T16:19:21.62+00:00

    Try setting the value to null:User's image

    Be aware that this effectively removes the specified attribute, or even the set if it does not contain any additional CSA assignments for said user.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.