Try setting the value to null:
Be aware that this effectively removes the specified attribute, or even the set if it does not contain any additional CSA assignments for said user.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a custom security attibute set that is applied to various service principals within my directory. I'd like to use Graph powershell to remove this attribute assignment from a list of these service principals. I don't want to deprecate the attribute set, I just want to remove the service principal from the scope of assignment.
Service Principal | Custom Security Attribute |
---|---|
ServicePrincipal1 | owned=$true |
ServicePrincipal2 | owned=$true |
I'd like to use Graph to make it so that ServicePrincipal1 simply isn't in scope for this assignment anymore. I don't want to flip the boolean from $true to $false, just make it so that ServicePrincipal1 isn't assigned to the set.
There is various documentation available for removing multi-valued attributes or string values, but nothing that I can find for boolean and those same methods don't appear to work.
Any assistance would be appreciated.
$params = @{
customSecurityAttributes = @{
Owned = @{
"@odata.type" = "#Microsoft.DirectoryServices.CustomSecurityAttributeValue"
Owned = $true
}
}
}
Update-MgServicePrincipal -ServicePrincipalId $appid -BodyParameter $params
Try setting the value to null:
Be aware that this effectively removes the specified attribute, or even the set if it does not contain any additional CSA assignments for said user.