I need the powershell command to active the PIM eligible assignment

Question

Hello Microsoft.

My Requirement is i have Multiple PIM Role Eligible Assignments in Azure.

I am not using MFA for activate, just using the Justification so every day I need to active the multiple roles which is taking time to activate all the role.

Is there a way to using Powershell Script which i can execute once it will enable all the roles?

Answer 1

@Vasil Michev , this is for the MFA configuartion at the time of actiavting the role, we dont have MFA we just give the business justfication for this.

Moreover I am looking for Multiple role, i have almost 11 different role which i enable daily.

I need one script which will enable all the 11 role at one go.

Answer 2

Yes, you can use the New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest cmdlet for that, or the underlying call to the /roleManagement/directory/roleAssignmentScheduleRequests Graph API endpoint. For your scenario, the selfActivate action should do.

Yoi can find additional details in the documentation: https://learn.microsoft.com/en-us/graph/api/rbacapplication-post-roleassignmentschedulerequests?view=graph-rest-1.0&tabs=powershell