New-MgBetaPolicyRoleManagementPolicy
Create new navigation property to roleManagementPolicies for policies
Note
To view the v1.0 release of this cmdlet, view New-MgPolicyRoleManagementPolicy
Syntax
New-MgBetaPolicyRoleManagementPolicy
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-Description <String>]
[-DisplayName <String>]
[-EffectiveRules <IMicrosoftGraphUnifiedRoleManagementPolicyRule[]>]
[-Id <String>]
[-IsOrganizationDefault]
[-LastModifiedBy <IMicrosoftGraphIdentity>]
[-LastModifiedDateTime <DateTime>]
[-Rules <IMicrosoftGraphUnifiedRoleManagementPolicyRule[]>]
[-ScopeId <String>]
[-ScopeType <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-MgBetaPolicyRoleManagementPolicy
-BodyParameter <IMicrosoftGraphUnifiedRoleManagementPolicy>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Create new navigation property to roleManagementPolicies for policies
Examples
Example 1: Retrieve the role management policies that apply to Azure AD roles
Import-Module Microsoft.Graph.Beta.Identity.SignIns
Get-MgBetaPolicyRoleManagementPolicy -Filter "scopeId eq '/' and scopeType eq 'DirectoryRole'"This example shows how to use the New-MgBetaBetaPolicyRoleManagementPolicy Cmdlet.
To learn about permissions for this resource, see the permissions reference.
Example 2: Retrieve the role management policies that apply to the directory and expand the associated rules
Import-Module Microsoft.Graph.Beta.Identity.SignIns
Get-MgBetaPolicyRoleManagementPolicy -Filter "scopeId eq '/' and scopeType eq 'Directory'" -ExpandProperty "rules"This example shows how to use the New-MgBetaBetaPolicyRoleManagementPolicy Cmdlet.
To learn about permissions for this resource, see the permissions reference.
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
unifiedRoleManagementPolicy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphUnifiedRoleManagementPolicy |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Description for the policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
Display name for the policy.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EffectiveRules
The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand. To construct, see NOTES section for EFFECTIVERULES properties and create a hash table.
| Type: | IMicrosoftGraphUnifiedRoleManagementPolicyRule[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsOrganizationDefault
This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne).
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastModifiedBy
identity To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table.
| Type: | IMicrosoftGraphIdentity |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastModifiedDateTime
The time when the role setting was last modified.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Rules
The collection of rules like approval rules and expiration rules. Supports $expand. To construct, see NOTES section for RULES properties and create a hash table.
| Type: | IMicrosoftGraphUnifiedRoleManagementPolicyRule[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScopeId
The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScopeType
The type of the scope where the policy is created. One of Directory, DirectoryRole, Group. Required.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleManagementPolicy
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleManagementPolicy
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphUnifiedRoleManagementPolicy>: unifiedRoleManagementPolicy
[(Any) <Object>]: This indicates any property can be added to this object.[Id <String>]: The unique identifier for an entity. Read-only.[Description <String>]: Description for the policy.[DisplayName <String>]: Display name for the policy.[EffectiveRules <IMicrosoftGraphUnifiedRoleManagementPolicyRule-[]>]: The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports $expand.[Id <String>]: The unique identifier for an entity. Read-only.[Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]: unifiedRoleManagementPolicyRuleTarget[(Any) <Object>]: This indicates any property can be added to this object.[Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser.[EnforcedSettings <String-[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings.[InheritableSettings <String-[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings.[Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment.[Operations <String-[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew.[TargetObjects <IMicrosoftGraphDirectoryObject-[]>]:[Id <String>]: The unique identifier for an entity. Read-only.[DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
[IsOrganizationDefault <Boolean?>]: This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory. Supports $filter (eq, ne).[LastModifiedBy <IMicrosoftGraphIdentity>]: identity[(Any) <Object>]: This indicates any property can be added to this object.[DisplayName <String>]: The display name of the identity. The display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta.[Id <String>]: Unique identifier for the identity. When the unique identifier is unavailable, the displayName property is provided for the identity, but the id property isn't included in the response.
[LastModifiedDateTime <DateTime?>]: The time when the role setting was last modified.[Rules <IMicrosoftGraphUnifiedRoleManagementPolicyRule-[]>]: The collection of rules like approval rules and expiration rules. Supports $expand.[ScopeId <String>]: The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required.[ScopeType <String>]: The type of the scope where the policy is created. One of Directory, DirectoryRole, Group. Required.
EFFECTIVERULES <IMicrosoftGraphUnifiedRoleManagementPolicyRule- []>: The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules.
For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval.
Supports $expand.
[Id <String>]: The unique identifier for an entity. Read-only.[Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]: unifiedRoleManagementPolicyRuleTarget[(Any) <Object>]: This indicates any property can be added to this object.[Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser.[EnforcedSettings <String-[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings.[InheritableSettings <String-[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings.[Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment.[Operations <String-[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew.[TargetObjects <IMicrosoftGraphDirectoryObject-[]>]:[Id <String>]: The unique identifier for an entity. Read-only.[DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
LASTMODIFIEDBY <IMicrosoftGraphIdentity>: identity
[(Any) <Object>]: This indicates any property can be added to this object.[DisplayName <String>]: The display name of the identity. The display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta.[Id <String>]: Unique identifier for the identity. When the unique identifier is unavailable, the displayName property is provided for the identity, but the id property isn't included in the response.
RULES <IMicrosoftGraphUnifiedRoleManagementPolicyRule- []>: The collection of rules like approval rules and expiration rules.
Supports $expand.
[Id <String>]: The unique identifier for an entity. Read-only.[Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]: unifiedRoleManagementPolicyRuleTarget[(Any) <Object>]: This indicates any property can be added to this object.[Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser.[EnforcedSettings <String-[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings.[InheritableSettings <String-[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings.[Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment.[Operations <String-[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew.[TargetObjects <IMicrosoftGraphDirectoryObject-[]>]:[Id <String>]: The unique identifier for an entity. Read-only.[DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.