This example shows how to use the New-MgDeviceManagementRoleAssignment Cmdlet.
Parameters
-AdditionalProperties
Additional Parameters
Parameter properties
Type:
System.Collections.Hashtable
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-BodyParameter
The Role Assignment resource.
Role assignments tie together a role definition with members and scopes.
There can be one or more role assignments per role.
This applies to custom and built-in roles.
To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Supports wildcards:
False
DontShow:
False
Aliases:
cf
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Description
Indicates the description of the role assignment.
For example: 'All administrators, employees and scope tags associated with the Houston office.' Max length is 1024 characters.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DisplayName
Indicates the display name of the role assignment.
For example: 'Houston administrators and users'.
Max length is 128 characters.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Headers
Optional headers that will be added to the request.
Parameter properties
Type:
System.Collections.IDictionary
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Indicates the list of role member security group Entra IDs.
For example: {dec942f4-6777-4998-96b4-522e383b08e2}.
Parameter properties
Type:
System.String[]
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Proxy
The URI for the proxy server to use
Parameter properties
Type:
System.Uri
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
Type:
System.Management.Automation.PSCredential
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ResourceScopes
Indicates the list of resource scope security group Entra IDs.
For example: {dec942f4-6777-4998-96b4-522e383b08e2}.
Parameter properties
Type:
System.String[]
Supports wildcards:
False
DontShow:
False
Parameter sets
CreateExpanded
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
Type:
System.String
Supports wildcards:
False
DontShow:
False
Aliases:
RHV
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RoleDefinition
The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
To construct, see NOTES section for ROLEDEFINITION properties and create a hash table.
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
Type:
System.Management.Automation.SwitchParameter
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.
To create the parameters described below, construct a hash table containing the appropriate properties.
For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphDeviceAndAppManagementRoleAssignment>: The Role Assignment resource.
Role assignments tie together a role definition with members and scopes.
There can be one or more role assignments per role.
This applies to custom and built-in roles.
[(Any) <Object>]: This indicates any property can be added to this object.
[Description <String>]: Indicates the description of the role assignment.
For example: 'All administrators, employees and scope tags associated with the Houston office.' Max length is 1024 characters.
[DisplayName <String>]: Indicates the display name of the role assignment.
For example: 'Houston administrators and users'.
Max length is 128 characters.
[ResourceScopes <String[]>]: Indicates the list of resource scope security group Entra IDs.
For example: {dec942f4-6777-4998-96b4-522e383b08e2}.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role definition.
[DisplayName <String>]: Display Name of the Role definition.
[IsBuiltIn <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Indicates the description of the role assignment.
For example: 'All administrators, employees and scope tags associated with the Houston office.' Max length is 1024 characters.
[DisplayName <String>]: Indicates the display name of the role assignment.
For example: 'Houston administrators and users'.
Max length is 128 characters.
[ResourceScopes <String[]>]: Indicates the list of resource scope security group Entra IDs.
For example: {dec942f4-6777-4998-96b4-522e383b08e2}.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Members <String[]>]: Indicates the list of role member security group Entra IDs.
For example: {dec942f4-6777-4998-96b4-522e383b08e2}.
ROLEDEFINITION <IMicrosoftGraphRoleDefinition>: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[(Any) <Object>]: This indicates any property can be added to this object.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Description of the Role definition.
[DisplayName <String>]: Display Name of the Role definition.
[IsBuiltIn <Boolean?>]: Type of Role.
Set to True if it is built-in, or set to False if it is a custom role definition.
[RoleAssignments <IMicrosoftGraphRoleAssignment[]>]: List of Role assignments for this role definition.
[Id <String>]: The unique identifier for an entity.
Read-only.
[Description <String>]: Indicates the description of the role assignment.
For example: 'All administrators, employees and scope tags associated with the Houston office.' Max length is 1024 characters.
[DisplayName <String>]: Indicates the display name of the role assignment.
For example: 'Houston administrators and users'.
Max length is 128 characters.
[ResourceScopes <String[]>]: Indicates the list of resource scope security group Entra IDs.
For example: {dec942f4-6777-4998-96b4-522e383b08e2}.
[RoleDefinition <IMicrosoftGraphRoleDefinition>]: The Role Definition resource.
The role definition is the foundation of role based access in Intune.
The role combines an Intune resource such as a Mobile App and associated role permissions such as Create or Read for the resource.
There are two types of roles, built-in and custom.
Built-in roles cannot be modified.
Both built-in roles and custom roles must have assignments to be enforced.
Create custom roles if you want to define a role that allows any of the available resources and role permissions to be combined into a single role.
[RolePermissions <IMicrosoftGraphRolePermission[]>]: List of Role Permissions this role is allowed to perform.
These must match the actionName that is defined as part of the rolePermission.
[ResourceActions <IMicrosoftGraphResourceAction[]>]: Resource Actions each containing a set of allowed and not allowed permissions.
[AllowedResourceActions <String[]>]: Allowed Actions
[NotAllowedResourceActions <String[]>]: Not Allowed Actions.