Update-MgBetaDeviceManagementRoleAssignment

Module:

Microsoft.Graph.Beta.DeviceManagement.Administration Module

Update the navigation property roleAssignments in deviceManagement

Note

To view the v1.0 release of this cmdlet, view Update-MgDeviceManagementRoleAssignment

Syntax

UpdateExpanded (Default)

Update-MgBetaDeviceManagementRoleAssignment
    -DeviceAndAppManagementRoleAssignmentId <string>
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Description <string>]
    [-DisplayName <string>]
    [-Id <string>]
    [-Members <string[]>]
    [-ResourceScopes <string[]>]
    [-RoleDefinition <IMicrosoftGraphRoleDefinition>]
    [-RoleScopeTags <IMicrosoftGraphRoleScopeTag[]>]
    [-ScopeMembers <string[]>]
    [-ScopeType <RoleAssignmentScopeType>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update

Update-MgBetaDeviceManagementRoleAssignment
    -DeviceAndAppManagementRoleAssignmentId <string>
    -BodyParameter <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UpdateViaIdentityExpanded

Update-MgBetaDeviceManagementRoleAssignment
    -InputObject <IDeviceManagementAdministrationIdentity>
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Description <string>]
    [-DisplayName <string>]
    [-Id <string>]
    [-Members <string[]>]
    [-ResourceScopes <string[]>]
    [-RoleDefinition <IMicrosoftGraphRoleDefinition>]
    [-RoleScopeTags <IMicrosoftGraphRoleScopeTag[]>]
    [-ScopeMembers <string[]>]
    [-ScopeType <RoleAssignmentScopeType>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UpdateViaIdentity

Update-MgBetaDeviceManagementRoleAssignment
    -InputObject <IDeviceManagementAdministrationIdentity>
    -BodyParameter <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Parameters

-AdditionalProperties

Additional Parameters

Parameter properties

Type:	System.Collections.Hashtable
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-BodyParameter

The Role Assignment resource. Role assignments tie together a role definition with members and scopes. There can be one or more role assignments per role. This applies to custom and built-in roles. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceAndAppManagementRoleAssignment
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

Update

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Break

Wait for .NET debugger to attach

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Description

Description of the Role Assignment.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DeviceAndAppManagementRoleAssignmentId

The unique identifier of deviceAndAppManagementRoleAssignment

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Update

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DisplayName

The display or friendly name of the role Assignment.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:	System.Collections.IDictionary
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-HttpPipelineAppend

SendAsync Pipeline Steps to be appended to the front of the pipeline

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-HttpPipelinePrepend

SendAsync Pipeline Steps to be prepended to the front of the pipeline

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Id

The unique identifier for an entity. Read-only.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Members

The list of ids of role member security groups. These are IDs from Azure Active Directory.

Parameter properties

Type:	System.String[]
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Proxy

The URI for the proxy server to use

Parameter properties

Type:	System.Uri
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ProxyCredential

Credentials for a proxy server to use for the remote call

Parameter properties

Type:	System.Management.Automation.PSCredential
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ProxyUseDefaultCredentials

Use the default credentials for the proxy

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceScopes

List of ids of role scope member security groups. These are IDs from Azure Active Directory.

Parameter properties

Type:	System.String[]
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False
Aliases:	RHV

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RoleDefinition

The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role. To construct, see NOTES section for ROLEDEFINITION properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphRoleDefinition
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RoleScopeTags

The set of Role Scope Tags defined on the Role Assignment. To construct, see NOTES section for ROLESCOPETAGS properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphRoleScopeTag[]
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ScopeMembers

List of ids of role scope member security groups. These are IDs from Azure Active Directory.

Parameter properties

Type:	System.String[]
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ScopeType

Specifies the type of scope for a Role Assignment.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Support.RoleAssignmentScopeType
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateViaIdentityExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Runs the command in a mode that only reports what would happen without performing the actions.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementAdministrationIdentity

{{ Fill in the Description }}

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceAndAppManagementRoleAssignment

{{ Fill in the Description }}

System.Collections.IDictionary

{{ Fill in the Description }}

Outputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceAndAppManagementRoleAssignment

{{ Fill in the Description }}

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>: The Role Assignment resource. Role assignments tie together a role definition with members and scopes. There can be one or more role assignments per role. This applies to custom and built-in roles. [(Any) <Object>]: This indicates any property can be added to this object. [Description <String>]: Description of the Role Assignment. [DisplayName <String>]: The display or friendly name of the role Assignment. [ResourceScopes <String[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory. [RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: Description of the Role definition. [DisplayName <String>]: Display Name of the Role definition. [IsBuiltIn <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. [IsBuiltInRoleDefinition <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. [Permissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. [Actions <String[]>]: Allowed Actions - Deprecated [ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions. [AllowedResourceActions <String[]>]: Allowed Actions [NotAllowedResourceActions <String[]>]: Not Allowed Actions. [RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: Description of the Role Assignment. [DisplayName <String>]: The display or friendly name of the role Assignment. [ResourceScopes <String[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory. [RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role. [ScopeMembers <String[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory. [ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment. [RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. [RoleScopeTagIds <String[]>]: List of Scope Tags for this Entity instance. [ScopeMembers <String[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory. [ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment. [Id <String>]: The unique identifier for an entity. Read-only. [Members <String[]>]: The list of ids of role member security groups. These are IDs from Azure Active Directory. [RoleScopeTags <IMicrosoftGraphRoleScopeTag[]>]: The set of Role Scope Tags defined on the Role Assignment. [Id <String>]: The unique identifier for an entity. Read-only. [Assignments <IMicrosoftGraphRoleScopeTagAutoAssignment[]>]: The list of assignments for this Role Scope Tag. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [DeviceAndAppManagementAssignmentFilterId <String>]: The Id of the filter for the target assignment. [DeviceAndAppManagementAssignmentFilterType <DeviceAndAppManagementAssignmentFilterType?>]: Represents type of the assignment filter. [Description <String>]: Description of the Role Scope Tag. [DisplayName <String>]: The display or friendly name of the Role Scope Tag.

INPUTOBJECT <IDeviceManagementAdministrationIdentity>: Identity Parameter [AuditEventId <String>]: The unique identifier of auditEvent [CartToClassAssociationId <String>]: The unique identifier of cartToClassAssociation [CloudPcAuditEventId <String>]: The unique identifier of cloudPcAuditEvent [CloudPcBulkActionId <String>]: The unique identifier of cloudPcBulkAction [CloudPcDeviceImageId <String>]: The unique identifier of cloudPcDeviceImage [CloudPcExportJobId <String>]: The unique identifier of cloudPcExportJob [CloudPcExternalPartnerSettingId <String>]: The unique identifier of cloudPcExternalPartnerSetting [CloudPcFrontLineServicePlanId <String>]: The unique identifier of cloudPcFrontLineServicePlan [CloudPcGalleryImageId <String>]: The unique identifier of cloudPcGalleryImage [CloudPcId <String>]: The unique identifier of cloudPC [CloudPcOnPremisesConnectionId <String>]: The unique identifier of cloudPcOnPremisesConnection [CloudPcProvisioningPolicyAssignmentId <String>]: The unique identifier of cloudPcProvisioningPolicyAssignment [CloudPcProvisioningPolicyId <String>]: The unique identifier of cloudPcProvisioningPolicy [CloudPcServicePlanId <String>]: The unique identifier of cloudPcServicePlan [CloudPcSnapshotId <String>]: The unique identifier of cloudPcSnapshot [CloudPcSupportedRegionId <String>]: The unique identifier of cloudPcSupportedRegion [CloudPcUserSettingAssignmentId <String>]: The unique identifier of cloudPcUserSettingAssignment [CloudPcUserSettingId <String>]: The unique identifier of cloudPcUserSetting [ComanagementEligibleDeviceId <String>]: The unique identifier of comanagementEligibleDevice [ComplianceManagementPartnerId <String>]: The unique identifier of complianceManagementPartner [DeviceAndAppManagementRoleAssignmentId <String>]: The unique identifier of deviceAndAppManagementRoleAssignment [DeviceManagementDomainJoinConnectorId <String>]: The unique identifier of deviceManagementDomainJoinConnector [DeviceManagementExchangeConnectorId <String>]: The unique identifier of deviceManagementExchangeConnector [DeviceManagementExchangeOnPremisesPolicyId <String>]: The unique identifier of deviceManagementExchangeOnPremisesPolicy [DeviceManagementPartnerId <String>]: The unique identifier of deviceManagementPartner [GroupPolicyCategoryId <String>]: The unique identifier of groupPolicyCategory [GroupPolicyCategoryId1 <String>]: The unique identifier of groupPolicyCategory [GroupPolicyDefinitionFileId <String>]: The unique identifier of groupPolicyDefinitionFile [GroupPolicyDefinitionId <String>]: The unique identifier of groupPolicyDefinition [GroupPolicyMigrationReportId <String>]: The unique identifier of groupPolicyMigrationReport [GroupPolicyObjectFileId <String>]: The unique identifier of groupPolicyObjectFile [GroupPolicyOperationId <String>]: The unique identifier of groupPolicyOperation [GroupPolicyPresentationId <String>]: The unique identifier of groupPolicyPresentation [GroupPolicySettingMappingId <String>]: The unique identifier of groupPolicySettingMapping [GroupPolicyUploadedDefinitionFileId <String>]: The unique identifier of groupPolicyUploadedDefinitionFile [IntuneBrandingProfileAssignmentId <String>]: The unique identifier of intuneBrandingProfileAssignment [IntuneBrandingProfileId <String>]: The unique identifier of intuneBrandingProfile [IosUpdateDeviceStatusId <String>]: The unique identifier of iosUpdateDeviceStatus [ManagedAllDeviceCertificateStateId <String>]: The unique identifier of managedAllDeviceCertificateState [MobileThreatDefenseConnectorId <String>]: The unique identifier of mobileThreatDefenseConnector [NdesConnectorId <String>]: The unique identifier of ndesConnector [RemoteAssistancePartnerId <String>]: The unique identifier of remoteAssistancePartner [ResourceOperationId <String>]: The unique identifier of resourceOperation [RestrictedAppsViolationId <String>]: The unique identifier of restrictedAppsViolation [RoleAssignmentId <String>]: The unique identifier of roleAssignment [RoleDefinitionId <String>]: The unique identifier of roleDefinition [RoleScopeTagAutoAssignmentId <String>]: The unique identifier of roleScopeTagAutoAssignment [RoleScopeTagId <String>]: The unique identifier of roleScopeTag [TelecomExpenseManagementPartnerId <String>]: The unique identifier of telecomExpenseManagementPartner [TermsAndConditionsAcceptanceStatusId <String>]: The unique identifier of termsAndConditionsAcceptanceStatus [TermsAndConditionsAssignmentId <String>]: The unique identifier of termsAndConditionsAssignment [TermsAndConditionsGroupAssignmentId <String>]: The unique identifier of termsAndConditionsGroupAssignment [TermsAndConditionsId <String>]: The unique identifier of termsAndConditions [UnsupportedGroupPolicyExtensionId <String>]: The unique identifier of unsupportedGroupPolicyExtension [UserId <String>]: The unique identifier of user [UserPfxCertificateId <String>]: The unique identifier of userPFXCertificate

ROLEDEFINITION <IMicrosoftGraphRoleDefinition>: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role. [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: Description of the Role definition. [DisplayName <String>]: Display Name of the Role definition. [IsBuiltIn <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. [IsBuiltInRoleDefinition <Boolean?>]: Type of Role. Set to True if it is built-in, or set to False if it is a custom role definition. [Permissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. [Actions <String[]>]: Allowed Actions - Deprecated [ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions. [AllowedResourceActions <String[]>]: Allowed Actions [NotAllowedResourceActions <String[]>]: Not Allowed Actions. [RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition. [Id <String>]: The unique identifier for an entity. Read-only. [Description <String>]: Description of the Role Assignment. [DisplayName <String>]: The display or friendly name of the role Assignment. [ResourceScopes <String[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory. [RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource. The role definition is the foundation of role based access in Intune. The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource. There are two types of roles, built-in and custom. Built-in roles cannot be modified. Both built-in roles and custom roles must have assignments to be enforced. Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role. [ScopeMembers <String[]>]: List of ids of role scope member security groups. These are IDs from Azure Active Directory. [ScopeType <RoleAssignmentScopeType?>]: Specifies the type of scope for a Role Assignment. [RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform. These must match the actionName that is defined as part of the rolePermission. [RoleScopeTagIds <String[]>]: List of Scope Tags for this Entity instance.

ROLESCOPETAGS <IMicrosoftGraphRoleScopeTag[]>: The set of Role Scope Tags defined on the Role Assignment. [Id <String>]: The unique identifier for an entity. Read-only. [Assignments <IMicrosoftGraphRoleScopeTagAutoAssignment[]>]: The list of assignments for this Role Scope Tag. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphDeviceAndAppManagementAssignmentTarget>]: Base type for assignment targets. [(Any) <Object>]: This indicates any property can be added to this object. [DeviceAndAppManagementAssignmentFilterId <String>]: The Id of the filter for the target assignment. [DeviceAndAppManagementAssignmentFilterType <DeviceAndAppManagementAssignmentFilterType?>]: Represents type of the assignment filter. [Description <String>]: Description of the Role Scope Tag. [DisplayName <String>]: The display or friendly name of the Role Scope Tag.

Related Links

• Update-MgBetaDeviceManagementRoleAssignment