New-AzManagedServicesDefinition
Creates or updates a registration definition.
Syntax
New-AzManagedServicesDefinition
-Name <String>
[-Scope <String>]
[-Authorization <IAuthorization[]>]
[-Description <String>]
[-EligibleAuthorization <IEligibleAuthorization[]>]
[-ManagedByTenantId <String>]
[-PlanName <String>]
[-PlanProduct <String>]
[-PlanPublisher <String>]
[-PlanVersion <String>]
[-RegistrationDefinitionName <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] Description
Creates or updates a registration definition.
Examples
Example 1: Create new Azure Lighthouse registration definition object with permanent authorization
$permantAuth = New-AzManagedServicesAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -DelegatedRoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
New-AzManagedServicesDefinition -Name xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -RegistrationDefinitionName "Test definition" -ManagedByTenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Authorization $permantAuth -Description "Test definition desc" -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Name Type
---- ----
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Microsoft.ManagedServices/registrationDefinitionsCreates new Azure Lighthouse registration definition object with permanent authorization.
Example 2: Create new Azure Lighthouse registration definition object with both permanent and eligible authorizations
$approver = New-AzManagedServicesEligibleApproverObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Approver group"
$eligibleAuth = New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -JustInTimeAccessPolicyManagedByTenantApprover $approver -JustInTimeAccessPolicyMultiFactorAuthProvider Azure -JustInTimeAccessPolicyMaximumActivationDuration 0:30
New-AzManagedServicesDefinition -Name "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -RegistrationDefinitionName "Test definition" -ManagedByTenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -Authorization $permantAuth -EligibleAuthorization $eligibleAuth -Description "Test definition desc" -Scope "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Name Type
---- ----
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxMicrosoft.ManagedServices/registrationDefinitionsCreates new Azure Lighthouse registration definition object with both permanent and eligible authorizations.
Parameters
-AsJob
Run the command as a job
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Authorization
The collection of authorization objects describing the access Microsoft Entra principals in the managedBy tenant will receive on the delegated resource in the managed tenant. To construct, see NOTES section for AUTHORIZATION properties and create a hash table.
| Type: | IAuthorization[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
The description of the registration definition.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EligibleAuthorization
The collection of eligible authorization objects describing the just-in-time access Microsoft Entra principals in the managedBy tenant will receive on the delegated resource in the managed tenant. To construct, see NOTES section for ELIGIBLEAUTHORIZATION properties and create a hash table.
| Type: | IEligibleAuthorization[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ManagedByTenantId
The identifier of the managedBy tenant.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
The GUID of the registration definition.
| Type: | String |
| Aliases: | RegistrationDefinitionId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NoWait
Run the command asynchronously
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PlanName
Azure Marketplace plan name.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PlanProduct
Azure Marketplace product code.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PlanPublisher
Azure Marketplace publisher ID.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PlanVersion
Azure Marketplace plan's version.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RegistrationDefinitionName
The name of the registration definition.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Scope
The scope of the resource.
| Type: | String |
| Position: | Named |
| Default value: | "subscriptions/" + (Get-AzContext).Subscription.Id |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
AUTHORIZATION <IAuthorization[]>: The collection of authorization objects describing the access Microsoft Entra principals in the managedBy tenant will receive on the delegated resource in the managed tenant.
PrincipalId <String>: The identifier of the Microsoft Entra principal.RoleDefinitionId <String>: The identifier of the Azure built-in role that defines the permissions that the Microsoft Entra principal will have on the projected scope.[DelegatedRoleDefinitionId <String[]>]: The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other principals.[PrincipalIdDisplayName <String>]: The display name of the Microsoft Entra principal.
ELIGIBLEAUTHORIZATION <IEligibleAuthorization[]>: The collection of eligible authorization objects describing the just-in-time access Microsoft Entra principals in the managedBy tenant will receive on the delegated resource in the managed tenant.
PrincipalId <String>: The identifier of the Microsoft Entra principal.RoleDefinitionId <String>: The identifier of the Azure built-in role that defines the permissions that the Microsoft Entra principal will have on the projected scope.[JustInTimeAccessPolicyManagedByTenantApprover <IEligibleApprover[]>]: The list of managedByTenant approvers for the eligible authorization.PrincipalId <String>: The identifier of the Microsoft Entra principal.[PrincipalIdDisplayName <String>]: The display name of the Microsoft Entra principal.
[JustInTimeAccessPolicyMaximumActivationDuration <TimeSpan?>]: The maximum access duration in ISO 8601 format for just-in-time access requests.[JustInTimeAccessPolicyMultiFactorAuthProvider <MultiFactorAuthProvider?>]: The multi-factor authorization provider to be used for just-in-time access requests.[PrincipalIdDisplayName <String>]: The display name of the Microsoft Entra principal.