Graph Powershell adding a user to PIM for a privileged security group
I have seen several articles online, but I do not think it is for what I need. I am looking for a Graph cmdlet in Powershell to add a user to PIM for a privileged security group, like what is done in Entra below. This is from the security group's page in Entra:
I found this documentation of possible cmdlets, but the naming of them is pretty confusing. Does anybody know which cmdlet is the one I need?
Thanks!
Solution
To add user to PIM for privileged security group via Microsoft Graph PowerShell, you can make use of below sample script:
Connect-MgGraph -Scopes 'PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup'
Import-Module Microsoft.Graph.Identity.Governance
$currentUtcStartTime = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$expirationDateTime = (Get-Date).AddHours(2).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$params = @{
accessId = "member" # Set to 'member' for regular membership; use 'owner' for admin privileges
principalId = "userId" # User's Object ID
groupId = "groupId" # Replace with the Security Group's Object ID
action = "AdminAssign"
scheduleInfo = @{
startDateTime = [System.DateTime]::Parse($currentUtcStartTime) # Set to current UTC date and time
expiration = @{
type = "AfterDateTime" # Specify the expiration type
endDateTime = [System.DateTime]::Parse($expirationDateTime) # Set expiration to 2 hours from now
}
}
justification = "Assign eligible request." # Provide a justification for the assignment
}
New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $params
Response:
To confirm that, I checked the same in Portal where user is assigned to member role for PIM security group:
Reference:
- How to resolve paging when retrieving data from REST API in R
- SearchService deployment fails if the resource exists
- Azure Bicep - Referencing a variable that cannot be calculated at the start
- Local development with Azure SignalR Service and Azure Functions
- Azure Functions & Application Insights requests "Operation Link" empty
- Disabling allow public blob access using terraform
- how to retrieve all resources under given subnet using Azure Resource Graph Explorer query
- I'm using SSIS in ADF to move .csv from a blob container to another and then ingest into a Azure SQL database. I get an assembly error
- How to build expression in ADF from json using parameterized variable?
- Reference a variable azure pipeline not working
- Graph Powershell adding a user to PIM for a privileged security group
- Indexing static HTML blob storage content with Azure Cognitive Search is not working as expected
- Azure python webapp deploy shows as running even though it is successful
- Azure pipeline get Pull request source and target branch name
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Azure Function App Fails to Delete Blob Image After Deployment
- Use Azure AD authentication but manage roles in database in .NET 6
- Microsoft Azure VMs IaaS or PaaS?
- Can an application property be updated/deleted from a ServiceBusReceivedMessage?
- Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
- RPC failed: curl 56 failure when receiving data from the peer
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Reading Excel file returns 'Invalid Request' error
- Is it possible to clone an Azure Container App?
- Unable to Enable Encryption at host for Azure VM
- Application Insights does not capture information level logging
- How to look up logical partition count and size in Cosmos DB
- AzureRmWebAppDeployment@4 tries to deploy to a wrong URL to Linux app plan
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Why I can't create azurerm_app_service connection?