Set-EntraPermissionGrantConditionSet

Reference

Module:: Microsoft.Graph.Entra

Update an existing Microsoft Entra ID permission grant condition set.

Syntax

Set-EntraPermissionGrantConditionSet
    -ConditionSetType <String>
   -Id <String>
   -PolicyId <String>
   [-Permissions <System.Collections.Generic.List`1[System.String]>]
   [-ClientApplicationTenantIds <System.Collections.Generic.List`1[System.String]>]
    [-ClientApplicationIds <System.Collections.Generic.List`1[System.String]>]
    [-ResourceApplication <String>]
    [-PermissionType <String>]
    [-PermissionClassification <String>]
   [-ClientApplicationsFromVerifiedPublisherOnly <Boolean>]
   [-ClientApplicationPublisherIds <System.Collections.Generic.List`1[System.String]>] 
   [<CommonParameters>]

Description

Updates a Microsoft Entra ID permission grant condition set object identified by id.

Examples

Example 1: Update a permission grant condition set to includes permissions that is classified as low.

PS C:\> Set-EntraPermissionGrantConditionSet -PolicyId "policy1" -ConditionSetType "includes" -Id "665a9903-0398-48ab-b4e9-7a570d468b66" -PermissionClassification "Low"

This command updates sets the specified permission grant set to classify as low.

Example 2: Update a permission grant condition set

PS C:\> Set-EntraPermissionGrantConditionSet -PolicyId "policy1" -ConditionSetType "includes" -Id "665a9903-0398-48ab-b4e9-7a570d468b66" -PermissionType "Delegated" -PermissionClassification "Low" -ResourceApplication "d9d40050-c784-4b56-a06d-477542a1cafc" -Permissions @("29bf4ca5-913e-427d-8a68-5890af945109") -ClientApplicationIds @("All") -ClientApplicationTenantIds @("All") -ClientApplicationPublisherIds @("All") -ClientApplicationsFromVerifiedPublisherOnly $true

This command updates sets the specified permission grant set.

Parameters

-ClientApplicationIds

The set of client application ids to scope consent operation down to. It could be @("All") or a list of client application Ids.

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ClientApplicationPublisherIds

The set of client applications publisher ids to scope consent operation down to. It could be @("All") or a list of client application publisher ids.

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ClientApplicationsFromVerifiedPublisherOnly

A value indicates whether to only includes client applications from verified publishers.

Type:	Boolean
Position:	Named
Default value:	False
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ClientApplicationTenantIds

The set of client application tenant ids to scope consent operation down to. It could be @("All") or a list of client application tenant ids.

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-ConditionSetType

The value indicates whether the condition sets are included in the policy or excluded.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Id

The unique identifier of a Microsoft Entra ID permission grant condition set object.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-PermissionClassification

Specific classification (all, low, medium, high) to scope consent operation down to.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Permissions

The identifier of the resource application to scope consent operation down to. It could be @("All") or a list of permission ids.

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-PermissionType

Specific type of permissions (application, delegated) to scope consent operation down to.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-PolicyId

The unique identifier of a Microsoft Entra ID permission grant policy object.

Type:	String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-ResourceApplication

The identifier of the resource application to scope consent operation down to. It could be "Any" or a specific resource application id.

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

String

Share via

Set-EntraPermissionGrantConditionSet

Syntax

Description

Examples

Example 1: Update a permission grant condition set to includes permissions that is classified as low.

Example 2: Update a permission grant condition set

Parameters

-ClientApplicationIds

-ClientApplicationPublisherIds

-ClientApplicationsFromVerifiedPublisherOnly

-ClientApplicationTenantIds

-ConditionSetType

-Id

-PermissionClassification

-Permissions

-PermissionType

-PolicyId

-ResourceApplication

Inputs

Feedback

Feedback

Additional resources

Share via

Set-EntraPermissionGrantConditionSet

Syntax

Description

Examples

Example 1: Update a permission grant condition set to includes permissions that is classified as low.

Example 2: Update a permission grant condition set

Parameters

-ClientApplicationIds

-ClientApplicationPublisherIds

-ClientApplicationsFromVerifiedPublisherOnly

-ClientApplicationTenantIds

-ConditionSetType

-Id

-PermissionClassification

-Permissions

-PermissionType

-PolicyId

-ResourceApplication

Inputs

Related Links

Feedback

Feedback

Additional resources