Get-MgBetaRoleManagementExchangeRoleDefinition
Get the properties and relationships of a unifiedRoleDefinition object of an RBAC provider. The following RBAC providers are currently supported:- Cloud PC - device management (Intune)- directory (Microsoft Entra directory roles)- entitlement management (Microsoft Entra entitlement management)- Exchange Online
Syntax
Get-MgBetaRoleManagementExchangeRoleDefinition
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Get-MgBetaRoleManagementExchangeRoleDefinition
-UnifiedRoleDefinitionId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Get-MgBetaRoleManagementExchangeRoleDefinition
-InputObject <IDeviceManagementEnrollmentIdentity>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>] Description
Get the properties and relationships of a unifiedRoleDefinition object of an RBAC provider. The following RBAC providers are currently supported:- Cloud PC - device management (Intune)- directory (Microsoft Entra directory roles)- entitlement management (Microsoft Entra entitlement management)- Exchange Online
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | DeviceManagementRBAC.Read.All | DeviceManagementRBAC.ReadWrite.All, CloudPC.Read.All, CloudPC.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All, RoleManagement.Read.All, RoleManagement.Read.CloudPC, RoleManagement.Read.Directory, RoleManagement.Read.Exchange, RoleManagement.ReadWrite.CloudPC, RoleManagement.ReadWrite.Directory, RoleManagement.ReadWrite.Exchange |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | DeviceManagementRBAC.Read.All | DeviceManagementRBAC.ReadWrite.All, CloudPC.Read.All, CloudPC.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All, RoleManagement.Read.All, RoleManagement.Read.CloudPC, RoleManagement.Read.Directory, RoleManagement.ReadWrite.CloudPC, RoleManagement.ReadWrite.Directory |
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | DeviceManagementRBAC.Read.All | DeviceManagementRBAC.ReadWrite.All, CloudPC.Read.All, CloudPC.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All, RoleManagement.Read.All, RoleManagement.Read.CloudPC, RoleManagement.Read.Directory, RoleManagement.Read.Exchange, RoleManagement.ReadWrite.CloudPC, RoleManagement.ReadWrite.Directory, RoleManagement.ReadWrite.Exchange |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | DeviceManagementRBAC.Read.All | DeviceManagementRBAC.ReadWrite.All, CloudPC.Read.All, CloudPC.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All, RoleManagement.Read.All, RoleManagement.Read.CloudPC, RoleManagement.Read.Directory, RoleManagement.ReadWrite.CloudPC, RoleManagement.ReadWrite.Directory |
Examples
Example 1: Get the definition of a built-in role for the Exchange Online provider
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementExchangeRoleDefinition -UnifiedRoleDefinitionId $unifiedRoleDefinitionIdThis example will get the definition of a built-in role for the exchange online provider
Parameters
-All
List all pages.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
| Type: | String |
| Aliases: | CV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ExpandProperty
Expand related entities
| Type: | String[] |
| Aliases: | Expand |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Filter
Filter items by property values
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IDeviceManagementEnrollmentIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-PageSize
Sets the page size of results.
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Property
Select properties to be returned
| Type: | String[] |
| Aliases: | Select |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Search
Search items by search phrases
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Skip
Skip the first n items
| Type: | Int32 |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Sort
Order items by property values
| Type: | String[] |
| Aliases: | OrderBy |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Top
Show only the first n items
| Type: | Int32 |
| Aliases: | Limit |
| Position: | Named |
| Default value: | 0 |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UnifiedRoleDefinitionId
The unique identifier of unifiedRoleDefinition
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IDeviceManagementEnrollmentIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphUnifiedRoleDefinition
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IDeviceManagementEnrollmentIdentity>: Identity Parameter
[AndroidDeviceOwnerEnrollmentProfileId <String>]: The unique identifier of androidDeviceOwnerEnrollmentProfile[AndroidForWorkEnrollmentProfileId <String>]: The unique identifier of androidForWorkEnrollmentProfile[AppScopeId <String>]: The unique identifier of appScope[AppleEnrollmentProfileAssignmentId <String>]: The unique identifier of appleEnrollmentProfileAssignment[AppleUserInitiatedEnrollmentProfileId <String>]: The unique identifier of appleUserInitiatedEnrollmentProfile[CustomAppScopeId <String>]: The unique identifier of customAppScope[DepOnboardingSettingId <String>]: The unique identifier of depOnboardingSetting[DeviceEnrollmentConfigurationId <String>]: The unique identifier of deviceEnrollmentConfiguration[DeviceManagementAutopilotEventId <String>]: The unique identifier of deviceManagementAutopilotEvent[DeviceManagementAutopilotPolicyStatusDetailId <String>]: The unique identifier of deviceManagementAutopilotPolicyStatusDetail[DirectoryObjectId <String>]: The unique identifier of directoryObject[EnrollmentConfigurationAssignmentId <String>]: The unique identifier of enrollmentConfigurationAssignment[EnrollmentProfileId <String>]: The unique identifier of enrollmentProfile[ImportedAppleDeviceIdentityId <String>]: The unique identifier of importedAppleDeviceIdentity[ImportedDeviceIdentityId <String>]: The unique identifier of importedDeviceIdentity[ImportedWindowsAutopilotDeviceIdentityId <String>]: The unique identifier of importedWindowsAutopilotDeviceIdentity[UnifiedRbacResourceActionId <String>]: The unique identifier of unifiedRbacResourceAction[UnifiedRbacResourceNamespaceId <String>]: The unique identifier of unifiedRbacResourceNamespace[UnifiedRoleAssignmentId <String>]: The unique identifier of unifiedRoleAssignment[UnifiedRoleAssignmentMultipleId <String>]: The unique identifier of unifiedRoleAssignmentMultiple[UnifiedRoleDefinitionId <String>]: The unique identifier of unifiedRoleDefinition[UnifiedRoleDefinitionId1 <String>]: The unique identifier of unifiedRoleDefinition[WindowsAutopilotDeploymentProfileAssignmentId <String>]: The unique identifier of windowsAutopilotDeploymentProfileAssignment[WindowsAutopilotDeploymentProfileId <String>]: The unique identifier of windowsAutopilotDeploymentProfile[WindowsAutopilotDeviceIdentityId <String>]: The unique identifier of windowsAutopilotDeviceIdentity[WindowsFeatureUpdateProfileAssignmentId <String>]: The unique identifier of windowsFeatureUpdateProfileAssignment[WindowsFeatureUpdateProfileId <String>]: The unique identifier of windowsFeatureUpdateProfile
Related Links
- https://video2.skills-academy.com/powershell/module/microsoft.graph.beta.devicemanagement.enrollment/get-mgbetarolemanagementexchangeroledefinition
- https://video2.skills-academy.com/graph/api/unifiedroledefinition-get?view=graph-rest-beta
- https://video2.skills-academy.com/graph/api/rbacapplication-list-roledefinitions?view=graph-rest-beta