Update-MgPolicyRoleManagementPolicyRule

Update-MgPolicyRoleManagementPolicyRule
    -UnifiedRoleManagementPolicyId <string>
    -UnifiedRoleManagementPolicyRuleId <string>
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Id <string>]
    [-Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update-MgPolicyRoleManagementPolicyRule
    -UnifiedRoleManagementPolicyId <string>
    -UnifiedRoleManagementPolicyRuleId <string>
    -BodyParameter <IMicrosoftGraphUnifiedRoleManagementPolicyRule>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update-MgPolicyRoleManagementPolicyRule
    -InputObject <IIdentitySignInsIdentity>
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-Id <string>]
    [-Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update-MgPolicyRoleManagementPolicyRule
    -InputObject <IIdentitySignInsIdentity>
    -BodyParameter <IMicrosoftGraphUnifiedRoleManagementPolicyRule>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update a rule defined for a role management policy. The rule can be one of the following types that are derived from the unifiedRoleManagementPolicyRule object: For more information about rules for Microsoft Entra roles and examples of updating rules, see the following articles:

Permissions

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
	id = "Expiration_EndUser_Assignment"
	isExpirationRequired = $true
	maximumDuration = "PT1H45M"
	target = @{
		"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
		caller = "EndUser"
		operations = @(
		"All"
	)
	level = "Assignment"
	inheritableSettings = @(
	)
	enforcedSettings = @(
	)
}
}

Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params

This example will update a rule defined for a policy in pim for microsoft entra roles

Import-Module Microsoft.Graph.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
	id = "Expiration_EndUser_Assignment"
	isExpirationRequired = $true
	maximumDuration = "PT1H45M"
	target = @{
		caller = "EndUser"
		operations = @(
		"All"
	)
	level = "Assignment"
	inheritableSettings = @(
	)
	enforcedSettings = @(
	)
}
}

Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params

This example will update a rule defined for a policy in pim for groups

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphUnifiedRoleManagementPolicyRule>: unifiedRoleManagementPolicyRule [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [Target <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>]: unifiedRoleManagementPolicyRuleTarget [(Any) <Object>]: This indicates any property can be added to this object. [Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser. [EnforcedSettings <String[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings. [InheritableSettings <String[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings. [Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment. [Operations <String[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew. [TargetObjects <IMicrosoftGraphDirectoryObject[]>]: [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.

INPUTOBJECT <IIdentitySignInsIdentity>: Identity Parameter [ActivityBasedTimeoutPolicyId <String>]: The unique identifier of activityBasedTimeoutPolicy [AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy [AuthenticationCombinationConfigurationId <String>]: The unique identifier of authenticationCombinationConfiguration [AuthenticationConditionApplicationAppId <String>]: The unique identifier of authenticationConditionApplication [AuthenticationContextClassReferenceId <String>]: The unique identifier of authenticationContextClassReference [AuthenticationEventListenerId <String>]: The unique identifier of authenticationEventListener [AuthenticationEventsFlowId <String>]: The unique identifier of authenticationEventsFlow [AuthenticationMethodConfigurationId <String>]: The unique identifier of authenticationMethodConfiguration [AuthenticationMethodId <String>]: The unique identifier of authenticationMethod [AuthenticationMethodModeDetailId <String>]: The unique identifier of authenticationMethodModeDetail [AuthenticationStrengthPolicyId <String>]: The unique identifier of authenticationStrengthPolicy [B2XIdentityUserFlowId <String>]: The unique identifier of b2xIdentityUserFlow [BitlockerRecoveryKeyId <String>]: The unique identifier of bitlockerRecoveryKey [CertificateBasedAuthConfigurationId <String>]: The unique identifier of certificateBasedAuthConfiguration [ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy [ConditionalAccessPolicyId <String>]: The unique identifier of conditionalAccessPolicy [ConditionalAccessTemplateId <String>]: The unique identifier of conditionalAccessTemplate [CrossTenantAccessPolicyConfigurationPartnerTenantId <String>]: The unique identifier of crossTenantAccessPolicyConfigurationPartner [CustomAuthenticationExtensionId <String>]: The unique identifier of customAuthenticationExtension [DataPolicyOperationId <String>]: The unique identifier of dataPolicyOperation [DirectoryObjectId <String>]: The unique identifier of directoryObject [EmailAuthenticationMethodId <String>]: The unique identifier of emailAuthenticationMethod [FeatureRolloutPolicyId <String>]: The unique identifier of featureRolloutPolicy [Fido2AuthenticationMethodId <String>]: The unique identifier of fido2AuthenticationMethod [HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy [IdentityApiConnectorId <String>]: The unique identifier of identityApiConnector [IdentityProviderBaseId <String>]: The unique identifier of identityProviderBase [IdentityProviderId <String>]: The unique identifier of identityProvider [IdentityUserFlowAttributeAssignmentId <String>]: The unique identifier of identityUserFlowAttributeAssignment [IdentityUserFlowAttributeId <String>]: The unique identifier of identityUserFlowAttribute [LongRunningOperationId <String>]: The unique identifier of longRunningOperation [MicrosoftAuthenticatorAuthenticationMethodId <String>]: The unique identifier of microsoftAuthenticatorAuthenticationMethod [MultiTenantOrganizationMemberId <String>]: The unique identifier of multiTenantOrganizationMember [NamedLocationId <String>]: The unique identifier of namedLocation [OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant [OrganizationId <String>]: The unique identifier of organization [PasswordAuthenticationMethodId <String>]: The unique identifier of passwordAuthenticationMethod [PermissionGrantConditionSetId <String>]: The unique identifier of permissionGrantConditionSet [PermissionGrantPolicyId <String>]: The unique identifier of permissionGrantPolicy [PhoneAuthenticationMethodId <String>]: The unique identifier of phoneAuthenticationMethod [PlatformCredentialAuthenticationMethodId <String>]: The unique identifier of platformCredentialAuthenticationMethod [RiskDetectionId <String>]: The unique identifier of riskDetection [RiskyServicePrincipalHistoryItemId <String>]: The unique identifier of riskyServicePrincipalHistoryItem [RiskyServicePrincipalId <String>]: The unique identifier of riskyServicePrincipal [RiskyUserHistoryItemId <String>]: The unique identifier of riskyUserHistoryItem [RiskyUserId <String>]: The unique identifier of riskyUser [ServicePrincipalRiskDetectionId <String>]: The unique identifier of servicePrincipalRiskDetection [SoftwareOathAuthenticationMethodId <String>]: The unique identifier of softwareOathAuthenticationMethod [TemporaryAccessPassAuthenticationMethodId <String>]: The unique identifier of temporaryAccessPassAuthenticationMethod [ThreatAssessmentRequestId <String>]: The unique identifier of threatAssessmentRequest [ThreatAssessmentResultId <String>]: The unique identifier of threatAssessmentResult [TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy [TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy [UnifiedRoleManagementPolicyAssignmentId <String>]: The unique identifier of unifiedRoleManagementPolicyAssignment [UnifiedRoleManagementPolicyId <String>]: The unique identifier of unifiedRoleManagementPolicy [UnifiedRoleManagementPolicyRuleId <String>]: The unique identifier of unifiedRoleManagementPolicyRule [UserFlowLanguageConfigurationId <String>]: The unique identifier of userFlowLanguageConfiguration [UserFlowLanguagePageId <String>]: The unique identifier of userFlowLanguagePage [UserId <String>]: The unique identifier of user [WindowsHelloForBusinessAuthenticationMethodId <String>]: The unique identifier of windowsHelloForBusinessAuthenticationMethod

TARGET <IMicrosoftGraphUnifiedRoleManagementPolicyRuleTarget>: unifiedRoleManagementPolicyRuleTarget [(Any) <Object>]: This indicates any property can be added to this object. [Caller <String>]: The type of caller that's the target of the policy rule. Allowed values are: None, Admin, EndUser. [EnforcedSettings <String[]>]: The list of role settings that are enforced and cannot be overridden by child scopes. Use All for all settings. [InheritableSettings <String[]>]: The list of role settings that can be inherited by child scopes. Use All for all settings. [Level <String>]: The role assignment type that's the target of policy rule. Allowed values are: Eligibility, Assignment. [Operations <String[]>]: The role management operations that are the target of the policy rule. Allowed values are: All, Activate, Deactivate, Assign, Update, Remove, Extend, Renew. [TargetObjects <IMicrosoftGraphDirectoryObject[]>]: [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.