Update-MgBetaRoleManagementDefenderRoleDefinitionInheritPermissionFrom

Update the navigation property inheritsPermissionsFrom in roleManagement

Syntax

Update-MgBetaRoleManagementDefenderRoleDefinitionInheritPermissionFrom
      -UnifiedRoleDefinitionId <String>
      -UnifiedRoleDefinitionId1 <String>
      [-ResponseHeadersVariable <String>]
      [-AdditionalProperties <Hashtable>]
      [-AllowedPrincipalTypes <String>]
      [-Description <String>]
      [-DisplayName <String>]
      [-Id <String>]
      [-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
      [-IsBuiltIn]
      [-IsEnabled]
      [-IsPrivileged]
      [-ResourceScopes <String[]>]
      [-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
      [-TemplateId <String>]
      [-Version <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgBetaRoleManagementDefenderRoleDefinitionInheritPermissionFrom
      -UnifiedRoleDefinitionId <String>
      -UnifiedRoleDefinitionId1 <String>
      -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgBetaRoleManagementDefenderRoleDefinitionInheritPermissionFrom
      -InputObject <IDeviceManagementEnrollmentIdentity>
      [-ResponseHeadersVariable <String>]
      [-AdditionalProperties <Hashtable>]
      [-AllowedPrincipalTypes <String>]
      [-Description <String>]
      [-DisplayName <String>]
      [-Id <String>]
      [-InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition[]>]
      [-IsBuiltIn]
      [-IsEnabled]
      [-IsPrivileged]
      [-ResourceScopes <String[]>]
      [-RolePermissions <IMicrosoftGraphUnifiedRolePermission[]>]
      [-TemplateId <String>]
      [-Version <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]
Update-MgBetaRoleManagementDefenderRoleDefinitionInheritPermissionFrom
      -InputObject <IDeviceManagementEnrollmentIdentity>
      -BodyParameter <IMicrosoftGraphUnifiedRoleDefinition>
      [-ResponseHeadersVariable <String>]
      [-Headers <IDictionary>]
      [-ProgressAction <ActionPreference>]
      [-WhatIf]
      [-Confirm]
      [<CommonParameters>]

Description

Update the navigation property inheritsPermissionsFrom in roleManagement

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedPrincipalTypes

allowedRolePrincipalTypes

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

unifiedRoleDefinition To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IMicrosoftGraphUnifiedRoleDefinition
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Id

The unique identifier for an entity. Read-only.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InheritsPermissionsFrom

Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute. To construct, see NOTES section for INHERITSPERMISSIONSFROM properties and create a hash table.

Type:IMicrosoftGraphUnifiedRoleDefinition[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:IDeviceManagementEnrollmentIdentity
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-IsBuiltIn

Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsEnabled

Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IsPrivileged

Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceScopes

List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RolePermissions

List of permissions included in the role. Read-only when isBuiltIn is true. Required. To construct, see NOTES section for ROLEPERMISSIONS properties and create a hash table.

Type:IMicrosoftGraphUnifiedRolePermission[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TemplateId

Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UnifiedRoleDefinitionId

The unique identifier of unifiedRoleDefinition

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-UnifiedRoleDefinitionId1

The unique identifier of unifiedRoleDefinition

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Version

Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementEnrollmentIdentity

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition

System.Collections.IDictionary

Outputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphUnifiedRoleDefinition>: unifiedRoleDefinition

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AllowedPrincipalTypes <String>]: allowedRolePrincipalTypes
  • [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
  • [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).
  • [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition- []>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.
  • [IsBuiltIn <Boolean?>]: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).
  • [IsEnabled <Boolean?>]: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
  • [IsPrivileged <Boolean?>]: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).
  • [ResourceScopes <String- []>]: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
  • [RolePermissions <IMicrosoftGraphUnifiedRolePermission- []>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required.
    • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource.
    • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
    • [ExcludedResourceActions <String- []>]:
  • [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.
  • [Version <String>]: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.

INHERITSPERMISSIONSFROM <IMicrosoftGraphUnifiedRoleDefinition- []>: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.

  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [AllowedPrincipalTypes <String>]: allowedRolePrincipalTypes
  • [Description <String>]: The description for the unifiedRoleDefinition. Read-only when isBuiltIn is true.
  • [DisplayName <String>]: The display name for the unifiedRoleDefinition. Read-only when isBuiltIn is true. Required. Supports $filter (eq and startsWith).
  • [InheritsPermissionsFrom <IMicrosoftGraphUnifiedRoleDefinition- []>]: Read-only collection of role definitions that the given role definition inherits from. Only Microsoft Entra built-in roles support this attribute.
  • [IsBuiltIn <Boolean?>]: Flag indicating if the unifiedRoleDefinition is part of the default set included with the product or custom. Read-only. Supports $filter (eq).
  • [IsEnabled <Boolean?>]: Flag indicating if the role is enabled for assignment. If false the role is not available for assignment. Read-only when isBuiltIn is true.
  • [IsPrivileged <Boolean?>]: Flag indicating if the role is privileged. Microsoft Entra ID defines a role as privileged if it contains at least one sensitive resource action in the rolePermissions and allowedResourceActions objects. Applies only for actions in the microsoft.directory resource namespace. Read-only. Supports $filter (eq).
  • [ResourceScopes <String- []>]: List of scopes permissions granted by the role definition apply to. Currently only / is supported. Read-only when isBuiltIn is true. DO NOT USE. This will be deprecated soon. Attach scope to role assignment.
  • [RolePermissions <IMicrosoftGraphUnifiedRolePermission- []>]: List of permissions included in the role. Read-only when isBuiltIn is true. Required.
    • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource.
    • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
    • [ExcludedResourceActions <String- []>]:
  • [TemplateId <String>]: Custom template identifier that can be set when isBuiltIn is false. This identifier is typically used if one needs an identifier to be the same across different directories. Read-only when isBuiltIn is true.
  • [Version <String>]: Indicates the version of the unifiedRoleDefinition object. Read-only when isBuiltIn is true.

INPUTOBJECT <IDeviceManagementEnrollmentIdentity>: Identity Parameter

  • [AndroidDeviceOwnerEnrollmentProfileId <String>]: The unique identifier of androidDeviceOwnerEnrollmentProfile
  • [AndroidForWorkEnrollmentProfileId <String>]: The unique identifier of androidForWorkEnrollmentProfile
  • [AppScopeId <String>]: The unique identifier of appScope
  • [AppleEnrollmentProfileAssignmentId <String>]: The unique identifier of appleEnrollmentProfileAssignment
  • [AppleUserInitiatedEnrollmentProfileId <String>]: The unique identifier of appleUserInitiatedEnrollmentProfile
  • [CustomAppScopeId <String>]: The unique identifier of customAppScope
  • [DepOnboardingSettingId <String>]: The unique identifier of depOnboardingSetting
  • [DeviceEnrollmentConfigurationId <String>]: The unique identifier of deviceEnrollmentConfiguration
  • [DeviceManagementAutopilotEventId <String>]: The unique identifier of deviceManagementAutopilotEvent
  • [DeviceManagementAutopilotPolicyStatusDetailId <String>]: The unique identifier of deviceManagementAutopilotPolicyStatusDetail
  • [DirectoryObjectId <String>]: The unique identifier of directoryObject
  • [EnrollmentConfigurationAssignmentId <String>]: The unique identifier of enrollmentConfigurationAssignment
  • [EnrollmentProfileId <String>]: The unique identifier of enrollmentProfile
  • [ImportedAppleDeviceIdentityId <String>]: The unique identifier of importedAppleDeviceIdentity
  • [ImportedDeviceIdentityId <String>]: The unique identifier of importedDeviceIdentity
  • [ImportedWindowsAutopilotDeviceIdentityId <String>]: The unique identifier of importedWindowsAutopilotDeviceIdentity
  • [UnifiedRbacResourceActionId <String>]: The unique identifier of unifiedRbacResourceAction
  • [UnifiedRbacResourceNamespaceId <String>]: The unique identifier of unifiedRbacResourceNamespace
  • [UnifiedRoleAssignmentId <String>]: The unique identifier of unifiedRoleAssignment
  • [UnifiedRoleAssignmentMultipleId <String>]: The unique identifier of unifiedRoleAssignmentMultiple
  • [UnifiedRoleDefinitionId <String>]: The unique identifier of unifiedRoleDefinition
  • [UnifiedRoleDefinitionId1 <String>]: The unique identifier of unifiedRoleDefinition
  • [WindowsAutopilotDeploymentProfileAssignmentId <String>]: The unique identifier of windowsAutopilotDeploymentProfileAssignment
  • [WindowsAutopilotDeploymentProfileId <String>]: The unique identifier of windowsAutopilotDeploymentProfile
  • [WindowsAutopilotDeviceIdentityId <String>]: The unique identifier of windowsAutopilotDeviceIdentity
  • [WindowsFeatureUpdateProfileAssignmentId <String>]: The unique identifier of windowsFeatureUpdateProfileAssignment
  • [WindowsFeatureUpdateProfileId <String>]: The unique identifier of windowsFeatureUpdateProfile

ROLEPERMISSIONS <IMicrosoftGraphUnifiedRolePermission- []>: List of permissions included in the role. Read-only when isBuiltIn is true. Required.

  • [AllowedResourceActions <String- []>]: Set of tasks that can be performed on a resource.
  • [Condition <String>]: Optional constraints that must be met for the permission to be effective. Not supported for custom roles.
  • [ExcludedResourceActions <String- []>]: